diff --git a/cves/2020/CVE-2020-11991.yaml b/cves/2020/CVE-2020-11991.yaml
index 87f11c5733..14b28fbee8 100644
--- a/cves/2020/CVE-2020-11991.yaml
+++ b/cves/2020/CVE-2020-11991.yaml
@@ -4,7 +4,9 @@ info:
   name: Apache Cocoon 2.1.12 XML Injection
   author: pikpikcu
   severity: high
-  reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11991
+  description: |
+    When using the StreamGenerator, the code parse a user-provided XML. A specially crafted XML, including external system entities, could be used to access any file on the server system.
+  reference: https://lists.apache.org/thread.html/r77add973ea521185e1a90aca00ba9dae7caa8d8b944d92421702bb54%40%3Cusers.cocoon.apache.org%3E
 
 requests:
   - method: POST
diff --git a/cves/2020/CVE-2020-1943.yaml b/cves/2020/CVE-2020-1943.yaml
index ea8fd33790..37bdd57da3 100644
--- a/cves/2020/CVE-2020-1943.yaml
+++ b/cves/2020/CVE-2020-1943.yaml
@@ -6,6 +6,8 @@ info:
   description: Data sent with contentId to /control/stream is not sanitized, allowing XSS attacks in Apache OFBiz 16.11.01 to 16.11.07.
   severity: medium
   tags: cve,cve2020,apache,xss
+  reference:
+    - https://lists.apache.org/thread.html/rf867d9a25fa656b279b16e27b8ff6fcda689cfa4275a26655c685702%40%3Cdev.ofbiz.apache.org%3E
 
 requests:
   - method: GET
diff --git a/cves/2020/CVE-2020-26073.yaml b/cves/2020/CVE-2020-26073.yaml
index 517b9a4891..10d7aac230 100644
--- a/cves/2020/CVE-2020-26073.yaml
+++ b/cves/2020/CVE-2020-26073.yaml
@@ -3,7 +3,10 @@ info:
   name: Cisco SD-WAN vManage Software Directory Traversal
   author: madrobot
   severity: high
-  reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26073
+  description: |
+    A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to gain access to sensitive information.
+  reference:
+    - https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-vman-traversal-hQh24tmk.html
   tags: cve,cve2020,cisco,lfi
 
 requests:
diff --git a/cves/2020/CVE-2020-26214.yaml b/cves/2020/CVE-2020-26214.yaml
index 25d01b8f89..cef79f36fe 100644
--- a/cves/2020/CVE-2020-26214.yaml
+++ b/cves/2020/CVE-2020-26214.yaml
@@ -23,13 +23,11 @@ requests:
           - 200
       - type: regex
         regex:
-          - 'name":"Alerta ([0-7]\.[0-9]\.[0-9]|8\.0.[0-9])"'
-          - 'name": "Alerta ([0-7]\.[0-9]\.[0-9]|8\.0.[0-9])"'
+          - 'name":\s*"Alerta ([0-7]\.[0-9]\.[0-9]|8\.0.[0-9])"'
         condition: or
       - type: regex
         regex:
-          - 'provider":"ldap"'
-          - 'provider": "ldap"'
+          - 'provider":\s*"ldap"'
         condition: or
     extractors:
       - type: regex
@@ -37,5 +35,4 @@ requests:
         name: alerta-version
         group: 1
         regex:
-          - 'name":"Alerta ([0-7]\.[0-9]\.[0-9]|8\.0.[0-9])"'
-          - 'name": "Alerta ([0-7]\.[0-9]\.[0-9]|8\.0.[0-9])"'
+          - 'name":\s*"Alerta ([0-7]\.[0-9]\.[0-9]|8\.0.[0-9])"'
diff --git a/cves/2020/CVE-2020-8194.yaml b/cves/2020/CVE-2020-8194.yaml
index e712d2c4c9..874d9e5856 100644
--- a/cves/2020/CVE-2020-8194.yaml
+++ b/cves/2020/CVE-2020-8194.yaml
@@ -5,6 +5,10 @@ info:
   author: dwisiswant0
   severity: high
   tags: cve,cve2020,citrix
+  description: |
+    Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows the modification of a file download.
+  reference:
+    - https://support.citrix.com/article/CTX276688
 
 requests:
   - raw:
diff --git a/cves/2020/CVE-2020-9484.yaml b/cves/2020/CVE-2020-9484.yaml
index 4b613fda55..e1dd17dd74 100644
--- a/cves/2020/CVE-2020-9484.yaml
+++ b/cves/2020/CVE-2020-9484.yaml
@@ -6,6 +6,8 @@ info:
   severity: high
   description: Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server
   tags: cve,cve2020,apache
+  reference:
+    - http://packetstormsecurity.com/files/157924/Apache-Tomcat-CVE-2020-9484-Proof-Of-Concept.html
 
 requests:
   - method: GET
diff --git a/cves/2020/CVE-2020-9496.yaml b/cves/2020/CVE-2020-9496.yaml
index f8ae6b62ba..bf637b1ef7 100644
--- a/cves/2020/CVE-2020-9496.yaml
+++ b/cves/2020/CVE-2020-9496.yaml
@@ -6,6 +6,9 @@ info:
   severity: medium
   description: XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03
   tags: cve,cve2020,apache
+  reference:
+    - http://packetstormsecurity.com/files/158887/Apache-OFBiz-XML-RPC-Java-Deserialization.html
+    - http://packetstormsecurity.com/files/161769/Apache-OFBiz-XML-RPC-Java-Deserialization.html
 
 
   # This template detects a Java deserialization vulnerability in Apache