daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Auto Generated cves.json [Wed Jun 5 08:12:44 UTC 2024] 🤖

patch-4
GitHub Action 2024-06-05 08:12:44 +00:00
parent fb8d4d32f3
commit ec057054d9
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cves.json
View File

@ -2364,6 +2364,7 @@
{"ID":"CVE-2024-1209","Info":{"Name":"LearnDash LMS \u003c 4.10.2 - Sensitive Information Exposure via assignments","Severity":"medium","Description":"The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via direct file access due to insufficient protection of uploaded assignments. This makes it possible for unauthenticated attackers to obtain those uploads.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-1209.yaml"}
{"ID":"CVE-2024-1210","Info":{"Name":"LearnDash LMS \u003c 4.10.2 - Sensitive Information Exposure","Severity":"medium","Description":"The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via API. This makes it possible for unauthenticated attackers to obtain access to quizzes.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-1210.yaml"}
{"ID":"CVE-2024-1212","Info":{"Name":"Progress Kemp LoadMaster - Command Injection","Severity":"critical","Description":"Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-1212.yaml"}
{"ID":"CVE-2024-1380","Info":{"Name":"Relevanssi (A Better Search) \u003c= 4.22.0 - Query Log Export","Severity":"medium","Description":"The Relevanssi Search plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in all versions up to, and including, 4.22.0. This makes it possible for unauthenticated attackers to export the query log data.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-1380.yaml"}
{"ID":"CVE-2024-1561","Info":{"Name":"Gradio Applications - Local File Read","Severity":"high","Description":"Local file read by calling arbitrary methods of Components class\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-1561.yaml"}
{"ID":"CVE-2024-1698","Info":{"Name":"NotificationX \u003c= 2.8.2 - SQL Injection","Severity":"critical","Description":"The NotificationX - Best FOMO, Social Proof, WooCommerce Sales Popup \u0026 Notification Bar Plugin With Elementor plugin for WordPress is vulnerable to SQL Injection via the 'type' parameter in all versions up to, and including, 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-1698.yaml"}
{"ID":"CVE-2024-1709","Info":{"Name":"ConnectWise ScreenConnect 23.9.7 - Authentication Bypass","Severity":"critical","Description":"ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-1709.yaml"}

2
cves.json-checksum.txt
View File

@ -1 +1 @@
7bfe54c4491f1002937ca044e92d59d7
b850ce0a43b8e25fcc5d4b47a2edd438