-
Notifications
You must be signed in to change notification settings - Fork 39
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
79b47fe
commit aa040d9
Showing
77 changed files
with
1,748 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
22 changes: 22 additions & 0 deletions
22
objects/vulnerability/vulnerability--063d085c-6d94-444b-a094-d028d57b6e3e.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
{ | ||
"type": "bundle", | ||
"id": "bundle--95fdbc67-2917-4d16-b576-840bc69e2b80", | ||
"objects": [ | ||
{ | ||
"type": "vulnerability", | ||
"spec_version": "2.1", | ||
"id": "vulnerability--063d085c-6d94-444b-a094-d028d57b6e3e", | ||
"created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", | ||
"created": "2024-11-29T00:22:07.582895Z", | ||
"modified": "2024-11-29T00:22:07.582895Z", | ||
"name": "CVE-2024-8308", | ||
"description": "A low privileged remote attacker can insert a SQL injection in the web application due to improper handling of HTTP request input data which allows to exfiltrate all data.", | ||
"external_references": [ | ||
{ | ||
"source_name": "cve", | ||
"external_id": "CVE-2024-8308" | ||
} | ||
] | ||
} | ||
] | ||
} |
22 changes: 22 additions & 0 deletions
22
objects/vulnerability/vulnerability--07e94ff5-72e1-486d-ac45-a42037500e1f.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
{ | ||
"type": "bundle", | ||
"id": "bundle--fdc6e5c0-93b8-4777-8ed6-2dc0c833e6e2", | ||
"objects": [ | ||
{ | ||
"type": "vulnerability", | ||
"spec_version": "2.1", | ||
"id": "vulnerability--07e94ff5-72e1-486d-ac45-a42037500e1f", | ||
"created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", | ||
"created": "2024-11-29T00:22:07.244764Z", | ||
"modified": "2024-11-29T00:22:07.244764Z", | ||
"name": "CVE-2024-11968", | ||
"description": "A vulnerability was found in code-projects Farmacia up to 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file pagamento.php. The manipulation of the argument notaFiscal leads to sql injection. The attack can be launched remotely.", | ||
"external_references": [ | ||
{ | ||
"source_name": "cve", | ||
"external_id": "CVE-2024-11968" | ||
} | ||
] | ||
} | ||
] | ||
} |
22 changes: 22 additions & 0 deletions
22
objects/vulnerability/vulnerability--09090f66-a1dc-40dd-84a9-508dc32e86a2.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
{ | ||
"type": "bundle", | ||
"id": "bundle--16634ca4-8167-41f5-b926-2b5f814f41ca", | ||
"objects": [ | ||
{ | ||
"type": "vulnerability", | ||
"spec_version": "2.1", | ||
"id": "vulnerability--09090f66-a1dc-40dd-84a9-508dc32e86a2", | ||
"created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", | ||
"created": "2024-11-29T00:22:07.199163Z", | ||
"modified": "2024-11-29T00:22:07.199163Z", | ||
"name": "CVE-2024-11918", | ||
"description": "The Image Alt Text plugin for WordPress is vulnerable to unauthorized modification of data| due to a missing capability check on the iat_add_alt_txt_action and iat_update_alt_txt_action AJAX actions in all versions up to, and including, 2.0.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the alt text on arbitrary images.", | ||
"external_references": [ | ||
{ | ||
"source_name": "cve", | ||
"external_id": "CVE-2024-11918" | ||
} | ||
] | ||
} | ||
] | ||
} |
22 changes: 22 additions & 0 deletions
22
objects/vulnerability/vulnerability--0e0ecc1b-5eb5-4f5d-ad5d-43aaa68da64b.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
{ | ||
"type": "bundle", | ||
"id": "bundle--d1b973a8-f282-4f1e-888d-5dd7a50b51c0", | ||
"objects": [ | ||
{ | ||
"type": "vulnerability", | ||
"spec_version": "2.1", | ||
"id": "vulnerability--0e0ecc1b-5eb5-4f5d-ad5d-43aaa68da64b", | ||
"created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", | ||
"created": "2024-11-29T00:22:07.246472Z", | ||
"modified": "2024-11-29T00:22:07.246472Z", | ||
"name": "CVE-2024-11082", | ||
"description": "The Tumult Hype Animations plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the hypeanimations_panel() function in all versions up to, and including, 1.9.15. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.", | ||
"external_references": [ | ||
{ | ||
"source_name": "cve", | ||
"external_id": "CVE-2024-11082" | ||
} | ||
] | ||
} | ||
] | ||
} |
22 changes: 22 additions & 0 deletions
22
objects/vulnerability/vulnerability--11b2216a-2d95-4a33-9e77-a48fcddf8276.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
{ | ||
"type": "bundle", | ||
"id": "bundle--a5356dbe-5ae8-4d28-934f-8441b011ac08", | ||
"objects": [ | ||
{ | ||
"type": "vulnerability", | ||
"spec_version": "2.1", | ||
"id": "vulnerability--11b2216a-2d95-4a33-9e77-a48fcddf8276", | ||
"created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", | ||
"created": "2024-11-29T00:22:07.625196Z", | ||
"modified": "2024-11-29T00:22:07.625196Z", | ||
"name": "CVE-2024-38309", | ||
"description": "There are multiple stack-based buffer overflow vulnerabilities in V-SFT (v6.2.2.0 and earlier), TELLUS (v4.0.19.0 and earlier), and TELLUS Lite (v4.0.19.0 and earlier).\r\nIf a user opens a specially crafted file, information may be disclosed and/or arbitrary code may be executed.", | ||
"external_references": [ | ||
{ | ||
"source_name": "cve", | ||
"external_id": "CVE-2024-38309" | ||
} | ||
] | ||
} | ||
] | ||
} |
22 changes: 22 additions & 0 deletions
22
objects/vulnerability/vulnerability--11bf09b5-418c-4b2c-b236-effcc7a0d076.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
{ | ||
"type": "bundle", | ||
"id": "bundle--487a2838-87a9-4468-a7eb-85e4794b2955", | ||
"objects": [ | ||
{ | ||
"type": "vulnerability", | ||
"spec_version": "2.1", | ||
"id": "vulnerability--11bf09b5-418c-4b2c-b236-effcc7a0d076", | ||
"created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", | ||
"created": "2024-11-29T00:22:07.518277Z", | ||
"modified": "2024-11-29T00:22:07.518277Z", | ||
"name": "CVE-2024-53733", | ||
"description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rohit Harsh Fence URL allows Stored XSS.This issue affects Fence URL: from n/a through 2.0.0.", | ||
"external_references": [ | ||
{ | ||
"source_name": "cve", | ||
"external_id": "CVE-2024-53733" | ||
} | ||
] | ||
} | ||
] | ||
} |
22 changes: 22 additions & 0 deletions
22
objects/vulnerability/vulnerability--131b987a-d355-40f5-850d-92a84f4269a3.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
{ | ||
"type": "bundle", | ||
"id": "bundle--4b439ba2-16dc-46b6-9895-e5d6bdd03a66", | ||
"objects": [ | ||
{ | ||
"type": "vulnerability", | ||
"spec_version": "2.1", | ||
"id": "vulnerability--131b987a-d355-40f5-850d-92a84f4269a3", | ||
"created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", | ||
"created": "2024-11-29T00:22:07.231142Z", | ||
"modified": "2024-11-29T00:22:07.231142Z", | ||
"name": "CVE-2024-11965", | ||
"description": "A vulnerability has been found in PHPGurukul Complaint Management system 1.0 and classified as critical. This vulnerability affects unknown code of the file /user/reset-password.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.", | ||
"external_references": [ | ||
{ | ||
"source_name": "cve", | ||
"external_id": "CVE-2024-11965" | ||
} | ||
] | ||
} | ||
] | ||
} |
22 changes: 22 additions & 0 deletions
22
objects/vulnerability/vulnerability--1e892bdf-303c-4a75-81d5-d8a6147e9cd3.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
{ | ||
"type": "bundle", | ||
"id": "bundle--0a6f57ee-b955-4e39-89d5-98255bc1caee", | ||
"objects": [ | ||
{ | ||
"type": "vulnerability", | ||
"spec_version": "2.1", | ||
"id": "vulnerability--1e892bdf-303c-4a75-81d5-d8a6147e9cd3", | ||
"created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", | ||
"created": "2024-11-29T00:22:07.513762Z", | ||
"modified": "2024-11-29T00:22:07.513762Z", | ||
"name": "CVE-2024-53008", | ||
"description": "Inconsistent interpretation of HTTP requests ('HTTP Request/Response Smuggling') issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL (Access Control List) set on the product. As a result, the attacker may obtain sensitive information.", | ||
"external_references": [ | ||
{ | ||
"source_name": "cve", | ||
"external_id": "CVE-2024-53008" | ||
} | ||
] | ||
} | ||
] | ||
} |
22 changes: 22 additions & 0 deletions
22
objects/vulnerability/vulnerability--205135ba-c5d8-4b47-ad09-2f41b1784776.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
{ | ||
"type": "bundle", | ||
"id": "bundle--fc00a497-05fb-4928-83c8-d12b0ed4ef7e", | ||
"objects": [ | ||
{ | ||
"type": "vulnerability", | ||
"spec_version": "2.1", | ||
"id": "vulnerability--205135ba-c5d8-4b47-ad09-2f41b1784776", | ||
"created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", | ||
"created": "2024-11-29T00:22:08.13473Z", | ||
"modified": "2024-11-29T00:22:08.13473Z", | ||
"name": "CVE-2024-49502", | ||
"description": "A Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in the Setup Wizard, HTTP Proxy credentials pane in spacewalk-web allows attackers to attack users by providing specially crafted URLs to click.\nThis issue affects Container suse/manager/5.0/x86_64/server:5.0.2.7.8.1: before 5.0.15-150600.3.10.2; SUSE Manager Server Module 4.3: before 4.3.42-150400.3.52.1.", | ||
"external_references": [ | ||
{ | ||
"source_name": "cve", | ||
"external_id": "CVE-2024-49502" | ||
} | ||
] | ||
} | ||
] | ||
} |
22 changes: 22 additions & 0 deletions
22
objects/vulnerability/vulnerability--21e8a263-ff93-4394-b3cb-6371f4f1e1c9.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
{ | ||
"type": "bundle", | ||
"id": "bundle--22cc429f-f7a9-43f5-9af8-76e88a734575", | ||
"objects": [ | ||
{ | ||
"type": "vulnerability", | ||
"spec_version": "2.1", | ||
"id": "vulnerability--21e8a263-ff93-4394-b3cb-6371f4f1e1c9", | ||
"created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", | ||
"created": "2024-11-29T00:22:06.714442Z", | ||
"modified": "2024-11-29T00:22:06.714442Z", | ||
"name": "CVE-2024-10896", | ||
"description": "The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo and Slider settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting", | ||
"external_references": [ | ||
{ | ||
"source_name": "cve", | ||
"external_id": "CVE-2024-10896" | ||
} | ||
] | ||
} | ||
] | ||
} |
22 changes: 22 additions & 0 deletions
22
objects/vulnerability/vulnerability--22f0e590-e19f-41ec-a9cb-a06a7c3f4c52.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
{ | ||
"type": "bundle", | ||
"id": "bundle--862081a3-082f-47fa-a1a1-48acb8b79cea", | ||
"objects": [ | ||
{ | ||
"type": "vulnerability", | ||
"spec_version": "2.1", | ||
"id": "vulnerability--22f0e590-e19f-41ec-a9cb-a06a7c3f4c52", | ||
"created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", | ||
"created": "2024-11-29T00:22:07.251769Z", | ||
"modified": "2024-11-29T00:22:07.251769Z", | ||
"name": "CVE-2024-11685", | ||
"description": "The `Kudos Donations – Easy donations and payments with Mollie` plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of `add_query_arg` without appropriate escaping on the URL in all versions up to, and including, 3.2.9. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute if they can successfully trick a user into performing an action, such as clicking on a specially crafted link.", | ||
"external_references": [ | ||
{ | ||
"source_name": "cve", | ||
"external_id": "CVE-2024-11685" | ||
} | ||
] | ||
} | ||
] | ||
} |
22 changes: 22 additions & 0 deletions
22
objects/vulnerability/vulnerability--256ecec1-731f-4e35-9cdc-336eca4eeb4f.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
{ | ||
"type": "bundle", | ||
"id": "bundle--f2d862b9-78a0-4fb6-a810-5cefafacc322", | ||
"objects": [ | ||
{ | ||
"type": "vulnerability", | ||
"spec_version": "2.1", | ||
"id": "vulnerability--256ecec1-731f-4e35-9cdc-336eca4eeb4f", | ||
"created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", | ||
"created": "2024-11-29T00:22:07.185498Z", | ||
"modified": "2024-11-29T00:22:07.185498Z", | ||
"name": "CVE-2024-11366", | ||
"description": "The SEO Landing Page Generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.66.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", | ||
"external_references": [ | ||
{ | ||
"source_name": "cve", | ||
"external_id": "CVE-2024-11366" | ||
} | ||
] | ||
} | ||
] | ||
} |
Oops, something went wrong.