From 71418d1ba3f1c0db0d9392f10458c983566b8038 Mon Sep 17 00:00:00 2001
From: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
Date: Wed, 15 May 2024 12:30:30 +0000
Subject: [PATCH] Commit from GitHub Actions (Update List)

---
 data/data.csv  | 196 ++++++++++++++++++++++++++-----------------------
 secpatch.ipynb |  58 +++++++--------
 2 files changed, 132 insertions(+), 122 deletions(-)

diff --git a/data/data.csv b/data/data.csv
index facb01b..f99fb21 100644
--- a/data/data.csv
+++ b/data/data.csv
@@ -538,7 +538,7 @@ CVE-2007-2987,0.0,0.86878,"Multiple buffer overflows in certain ActiveX controls
 CVE-2007-3010,0.0,0.97313,masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action.,2007-09-18 21:17:00.000,EPSS/CISA/Metasploit/Nuclei
 CVE-2007-3033,0.0,0.95685,"Cross-site scripting (XSS) vulnerability in Windows Vista Feed Headlines Gadget (aka Sidebar RSS Feeds Gadget) in Windows Vista allows user-assisted remote attackers to execute arbitrary code via an RSS feed with crafted HTML attributes, which are not properly removed and are rendered in the local zone.",2007-08-14 22:17:00.000,EPSS
 CVE-2007-3034,0.0,0.95642,"Integer overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length value, which triggers a heap-based buffer overflow.",2007-08-14 21:17:00.000,EPSS
-CVE-2007-3039,0.0,0.97387,"Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103.  NOTE: this is remotely exploitable on Windows 2000 Server.",2007-12-12 00:46:00.000,EPSS/Metasploit
+CVE-2007-3039,0.0,0.97373,"Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103.  NOTE: this is remotely exploitable on Windows 2000 Server.",2007-12-12 00:46:00.000,EPSS/Metasploit
 CVE-2007-3068,0.0,0.91817,Stack-based buffer overflow in DVD X Player 4.1 Professional allows remote attackers to execute arbitrary code via a PLF playlist containing a long filename.,2007-06-06 01:30:00.000,Metasploit
 CVE-2007-3091,0.0,0.95651,"Race condition in Microsoft Internet Explorer 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code or perform other actions upon a page transition, with the permissions of the old page and the content of the new page, as demonstrated by setInterval functions that set location.href within a try/catch expression, aka the ""bait & switch vulnerability"" or ""Race Condition Cross-Domain Information Disclosure Vulnerability.""",2007-06-06 21:30:00.000,EPSS
 CVE-2007-3147,0.0,0.93756,Buffer overflow in the Yahoo! Webcam Upload ActiveX control in ywcupl.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the send method.  NOTE: some of these details are obtained from third party information.,2007-06-11 18:30:00.000,Metasploit
@@ -559,7 +559,7 @@ CVE-2007-3872,0.0,0.92489,"Multiple stack-based buffer overflows in the Shared T
 CVE-2007-3896,0.0,0.96066,"The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid ""%"" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers.",2007-10-11 00:17:00.000,EPSS
 CVE-2007-3897,0.0,0.95823,"Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption.",2007-10-09 22:17:00.000,EPSS
 CVE-2007-3898,0.0,0.96232,"The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors.",2007-11-14 01:46:00.000,EPSS
-CVE-2007-3901,0.0,0.96361,Stack-based buffer overflow in the DirectShow Synchronized Accessible Media Interchange (SAMI) parser in quartz.dll for Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted SAMI file.,2007-12-12 00:46:00.000,EPSS/Metasploit
+CVE-2007-3901,0.0,0.96202,Stack-based buffer overflow in the DirectShow Synchronized Accessible Media Interchange (SAMI) parser in quartz.dll for Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted SAMI file.,2007-12-12 00:46:00.000,EPSS/Metasploit
 CVE-2007-3925,0.0,0.97418,Multiple buffer overflows in the IMAP service (imapd32.exe) in Ipswitch IMail Server 2006 before 2006.21 allow remote authenticated users to execute arbitrary code via the (1) Search or (2) Search Charset command.,2007-07-21 00:30:00.000,EPSS/Metasploit
 CVE-2007-3999,0.0,0.96921,"Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and some third-party applications that use krb5, allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long string in an RPC message.",2007-09-05 10:17:00.000,EPSS
 CVE-2007-4006,0.0,0.86951,"Buffer overflow in Mike Dubman Windows RSH daemon (rshd) 1.7 has unknown impact and remote attack vectors, aka ZD-00000034.  NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.",2007-07-26 00:30:00.000,Metasploit
@@ -587,7 +587,7 @@ CVE-2007-4991,0.0,0.96157,The SOCKS4 Proxy in Microsoft Internet Security and Ac
 CVE-2007-5003,0.0,0.94387,"Multiple stack-based buffer overflows in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allow remote attackers to execute arbitrary code via a long (1) username or (2) password to the rxrLogin command in rxRPC.dll, or a long (3) username argument to the GetUserInfo function.",2007-10-01 20:17:00.000,Metasploit
 CVE-2007-5067,0.0,0.95303,Multiple buffer overflows in iMatix Xitami Web Server 2.5c2 allow remote attackers to execute arbitrary code via a long If-Modified-Since header to (1) xigui32.exe or (2) xitami.exe.,2007-09-24 23:17:00.000,EPSS/Metasploit
 CVE-2007-5082,0.0,0.80954,"Multiple stack-based buffer overflows in Computer Associates (CA) BrightStor Hierarchical Storage Manager (HSM) before r11.6 allow remote attackers to execute arbitrary code via unspecified CsAgent service commands with certain opcodes, related to missing validation of a length parameter.",2007-10-01 20:17:00.000,Metasploit
-CVE-2007-5107,0.0,0.85928,"Stack-based buffer overflow in the AskJeevesToolBar.SettingsPlugin.1 ActiveX control in askBar.dll in IAC Search & Media ask.com Ask Toolbar 4.0.2.53 and earlier allows remote attackers to execute arbitrary code via a long ShortFormat property value.  NOTE: some of these details are obtained from third party information.  NOTE: the researcher claims that this is the same as CVE-2007-5108, but there is insufficient detail for CVE-2007-5108 to be certain.",2007-09-26 23:17:00.000,Metasploit
+CVE-2007-5107,0.0,0.88034,"Stack-based buffer overflow in the AskJeevesToolBar.SettingsPlugin.1 ActiveX control in askBar.dll in IAC Search & Media ask.com Ask Toolbar 4.0.2.53 and earlier allows remote attackers to execute arbitrary code via a long ShortFormat property value.  NOTE: some of these details are obtained from third party information.  NOTE: the researcher claims that this is the same as CVE-2007-5108, but there is insufficient detail for CVE-2007-5108 to be certain.",2007-09-26 23:17:00.000,Metasploit
 CVE-2007-5208,0.0,0.22319,"hpssd in Hewlett-Packard Linux Imaging and Printing Project (hplip) 1.x and 2.x before 2.7.10 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a from address, which is not properly handled when invoking sendmail.",2007-10-13 00:17:00.000,Metasploit
 CVE-2007-5217,0.0,0.6822,"Stack-based buffer overflow in the ADM4 ActiveX control in adm4.dll in Altnet Download Manager 4.0.0.6, as used in (1) Kazaa 3.2.7 and (2) Grokster, allows remote attackers to execute arbitrary code via a long argument to the Install method.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.",2007-10-05 00:17:00.000,Metasploit
 CVE-2007-5244,0.0,0.63253,"Stack-based buffer overflow in Borland InterBase LI 8.0.0.53 through 8.1.0.253 on Linux, and possibly unspecified versions on Solaris, allows remote attackers to execute arbitrary code via a long attach request on TCP port 3050 to the open_marker_file function.",2007-10-06 17:17:00.000,Metasploit
@@ -688,7 +688,7 @@ CVE-2008-2789,0.0,0.01202,SQL injection vulnerability in pages/index.php in BASI
 CVE-2008-2905,0.0,0.28525,"PHP remote file inclusion vulnerability in includes/Cache/Lite/Output.php in the Cache_Lite package in Mambo 4.6.4 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.",2008-06-30 18:24:00.000,Metasploit
 CVE-2008-2908,0.0,0.41034,"Multiple stack-based buffer overflows in a certain ActiveX control in ienipp.ocx in Novell iPrint Client for Windows before 4.36 allow remote attackers to execute arbitrary code via a long value of the (1) operation, (2) printer-url, or (3) target-frame parameter.  NOTE: some of these details are obtained from third party information.",2008-06-30 18:24:00.000,Metasploit
 CVE-2008-2938,0.0,0.97094,"Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370.  NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.",2008-08-13 00:41:00.000,EPSS
-CVE-2008-2992,0.0,0.97225,"Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104.",2008-11-04 18:29:47.667,EPSS/CISA
+CVE-2008-2992,0.0,0.97176,"Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104.",2008-11-04 18:29:47.667,EPSS/CISA
 CVE-2008-3004,0.0,0.95806,"Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3; Office Excel Viewer 2003; and Office 2004 and 2008 for Mac do not properly validate index values for AxesSet records when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the ""Excel Indexing Validation Vulnerability.""",2008-08-12 23:41:00.000,EPSS
 CVE-2008-3008,0.0,0.96104,"Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to the GetDetailsString method, aka ""Windows Media Encoder Buffer Overrun Vulnerability.""",2008-09-11 01:11:47.057,EPSS/Metasploit
 CVE-2008-3066,0.0,0.96024,"Stack-based buffer overflow in a certain ActiveX control in rjbdll.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, and RealPlayer 10.5 before build 6.0.12.1675 allows remote attackers to execute arbitrary code by importing a file into a media library and then deleting this file.",2008-07-28 17:41:00.000,EPSS
@@ -719,11 +719,11 @@ CVE-2008-4114,0.0,0.11136,"srv.sys in the Server service in Microsoft Windows 20
 CVE-2008-4193,0.0,0.84127,Stack-based buffer overflow in SecurityGateway.dll in Alt-N Technologies SecurityGateway 1.0.1 allows remote attackers to execute arbitrary code via a long username parameter.,2008-09-24 11:42:25.297,Metasploit
 CVE-2008-4250,0.0,0.97476,"The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka ""Server Service Vulnerability.""",2008-10-23 22:00:01.357,EPSS/Metasploit
 CVE-2008-4254,0.0,0.96837,"Multiple integer overflows in the Hierarchical FlexGrid ActiveX control (mshflxgd.ocx) in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allow remote attackers to execute arbitrary code via crafted (1) Rows and (2) Cols properties to the (a) ExpandAll and (b) CollapseAll methods, related to access of incorrectly initialized objects and corruption of the ""system state,"" aka ""Hierarchical FlexGrid Control Memory Corruption Vulnerability.""",2008-12-10 14:00:00.957,EPSS
-CVE-2008-4255,0.0,0.96783,"Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an ""allocation error"" and memory corruption, aka ""Windows Common AVI Parsing Overflow Vulnerability.""",2008-12-10 14:00:00.970,EPSS
-CVE-2008-4258,0.0,0.95769,"Microsoft Internet Explorer 5.01 SP4 and 6 SP1 does not properly validate parameters during calls to navigation methods, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka ""Parameter Validation Memory Corruption Vulnerability.""",2008-12-10 14:00:01.017,EPSS
-CVE-2008-4259,0.0,0.96483,"Microsoft Internet Explorer 7 sometimes attempts to access uninitialized memory locations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, related to a WebDAV request for a file with a long name, aka ""HTML Objects Memory Corruption Vulnerability.""",2008-12-10 14:00:01.033,EPSS
-CVE-2008-4264,0.0,0.95572,"Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed formula, which triggers ""pointer corruption"" during the loading of formulas from this spreadsheet, aka ""File Format Parsing Vulnerability.""",2008-12-10 14:00:01.080,EPSS
-CVE-2008-4265,0.0,0.95829,"Microsoft Office Excel 2000 SP3 allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed object, which triggers memory corruption during the loading of records from this spreadsheet, aka ""File Format Parsing Vulnerability.""",2008-12-10 14:00:01.097,EPSS
+CVE-2008-4255,0.0,0.96751,"Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an ""allocation error"" and memory corruption, aka ""Windows Common AVI Parsing Overflow Vulnerability.""",2008-12-10 14:00:00.970,EPSS
+CVE-2008-4258,0.0,0.96051,"Microsoft Internet Explorer 5.01 SP4 and 6 SP1 does not properly validate parameters during calls to navigation methods, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka ""Parameter Validation Memory Corruption Vulnerability.""",2008-12-10 14:00:01.017,EPSS
+CVE-2008-4259,0.0,0.96328,"Microsoft Internet Explorer 7 sometimes attempts to access uninitialized memory locations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, related to a WebDAV request for a file with a long name, aka ""HTML Objects Memory Corruption Vulnerability.""",2008-12-10 14:00:01.033,EPSS
+CVE-2008-4264,0.0,0.95059,"Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed formula, which triggers ""pointer corruption"" during the loading of formulas from this spreadsheet, aka ""File Format Parsing Vulnerability.""",2008-12-10 14:00:01.080,EPSS
+CVE-2008-4265,0.0,0.95733,"Microsoft Office Excel 2000 SP3 allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed object, which triggers memory corruption during the loading of records from this spreadsheet, aka ""File Format Parsing Vulnerability.""",2008-12-10 14:00:01.097,EPSS
 CVE-2008-4322,0.0,0.3027,"Stack-based buffer overflow in RealFlex Technologies Ltd. RealWin Server 2.0, as distributed by DATAC, allows remote attackers to execute arbitrary code via a crafted FC_INFOTAG/SET_CONTROL packet.",2008-09-29 19:25:59.353,Metasploit
 CVE-2008-4384,0.0,0.66913,"Multiple stack-based buffer overflows in MGI Software LPViewer ActiveX control (LPControl.dll), as acquired by Roxio and iseemedia, allow remote attackers to execute arbitrary code via the (1) url, (2) toolbar, and (3) enableZoomPastMax methods.",2008-10-07 20:00:17.280,Metasploit
 CVE-2008-4385,0.0,0.7029,"Husdawg, LLC Systems Requirements Lab 3, as used by Instant Expert Analysis, allows remote attackers to force the download and execution of arbitrary programs via by specifiying a malicious website argument to the Init method in (1) a certain ActiveX control (sysreqlab2.cab, sysreqlab.dll, sysreqlabsli.dll, or sysreqlab2.dll) and (2) a certain Java applet in RLApplet.class in sysreqlab2.jar or sysreqlab.jar.",2008-10-14 21:10:35.643,Metasploit
@@ -818,7 +818,7 @@ CVE-2009-1028,0.0,0.73195,Stack-based buffer overflow in ediSys eZip Wizard 3.0
 CVE-2009-1072,0.0,0.9681,"nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option.",2009-03-25 01:30:00.610,EPSS
 CVE-2009-1123,0.0,0.00042,"The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka ""Windows Kernel Desktop Vulnerability.""",2009-06-10 18:30:00.327,CISA
 CVE-2009-1136,0.0,0.9691,"The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 Gold and SP1, and Office Small Business Accounting 2006, when used in Internet Explorer, allows remote attackers to execute arbitrary code via a crafted call to the msDataSourceObject method, as exploited in the wild in July and August 2009, aka ""Office Web Components HTML Script Vulnerability.""",2009-07-15 15:30:01.360,EPSS/Metasploit
-CVE-2009-1151,0.0,0.80586,Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.,2009-03-26 14:30:00.267,CISA/Metasploit/Nuclei
+CVE-2009-1151,0.0,0.79939,Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.,2009-03-26 14:30:00.267,CISA/Metasploit/Nuclei
 CVE-2009-1169,0.0,0.95984,The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3.0.8 and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XML file with a crafted XSLT transform.,2009-03-27 00:30:00.280,EPSS
 CVE-2009-1185,0.0,0.00046,"udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space.",2009-04-17 14:30:00.563,Metasploit
 CVE-2009-1217,0.0,0.96499,"Off-by-one error in the GpFont::SetData function in gdiplus.dll in Microsoft GDI+ on Windows XP allows remote attackers to cause a denial of service (stack corruption and application termination) via a crafted EMF file that triggers an integer overflow, as demonstrated by voltage-exploit.emf, aka the ""Microsoft GdiPlus EMF GpFont.SetData integer overflow.""",2009-04-01 18:00:00.250,EPSS
@@ -1049,10 +1049,10 @@ CVE-2010-1534,0.0,0.01385,Directory traversal vulnerability in the Shoutbox Pro
 CVE-2010-1535,0.0,0.00706,Directory traversal vulnerability in the TRAVELbook (com_travelbook) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.,2010-04-26 18:30:00.753,Nuclei
 CVE-2010-1540,0.0,0.0045,Directory traversal vulnerability in index.php in the MyBlog (com_myblog) component 3.0.329 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the task parameter.  NOTE: some of these details are obtained from third party information.,2010-04-26 19:30:00.660,Nuclei
 CVE-2010-1549,0.0,0.94451,Unspecified vulnerability in the Agent in HP LoadRunner before 9.50 and HP Performance Center before 9.50 allows remote attackers to execute arbitrary code via unknown vectors.,2010-05-07 18:24:15.953,Metasploit
-CVE-2010-1552,0.0,0.966,"Stack-based buffer overflow in the doLoad function in snmpviewer.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via the act and app parameters.",2010-05-13 17:30:02.343,EPSS/Metasploit
-CVE-2010-1553,0.0,0.966,"Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid MaxAge parameter.",2010-05-13 17:30:02.377,EPSS/Metasploit
-CVE-2010-1554,0.0,0.96645,"Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid iCount parameter.",2010-05-13 17:30:02.407,EPSS/Metasploit
-CVE-2010-1555,0.0,0.966,"Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid Hostname parameter.",2010-05-13 17:30:02.437,EPSS/Metasploit
+CVE-2010-1552,0.0,0.96709,"Stack-based buffer overflow in the doLoad function in snmpviewer.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via the act and app parameters.",2010-05-13 17:30:02.343,EPSS/Metasploit
+CVE-2010-1553,0.0,0.96709,"Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid MaxAge parameter.",2010-05-13 17:30:02.377,EPSS/Metasploit
+CVE-2010-1554,0.0,0.96749,"Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid iCount parameter.",2010-05-13 17:30:02.407,EPSS/Metasploit
+CVE-2010-1555,0.0,0.96709,"Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid Hostname parameter.",2010-05-13 17:30:02.437,EPSS/Metasploit
 CVE-2010-1586,0.0,0.00917,Open redirect vulnerability in red2301.html in HP System Management Homepage (SMH) 2.x.x.x allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the RedirectUrl parameter.,2010-04-28 22:30:00.917,Nuclei
 CVE-2010-1587,0.0,0.5908,"The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.",2010-04-28 22:30:00.947,Metasploit
 CVE-2010-1601,0.0,0.01299,Directory traversal vulnerability in the JA Comment (com_jacomment) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.,2010-04-29 17:30:00.590,Nuclei
@@ -1165,7 +1165,7 @@ CVE-2010-3324,0.0,0.96144,"The toStaticHTML function in Microsoft Internet Explo
 CVE-2010-3326,0.0,0.95844,"Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka ""Uninitialized Memory Corruption Vulnerability.""",2010-10-13 19:00:46.227,EPSS
 CVE-2010-3329,0.0,0.96262,"mshtmled.dll in Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code via a crafted Microsoft Office document that causes the HtmlDlgHelper class destructor to access uninitialized memory, aka ""Uninitialized Memory Corruption Vulnerability.""",2010-10-13 19:00:46.353,EPSS
 CVE-2010-3331,0.0,0.95844,"Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory in certain circumstances involving use of Microsoft Word to read Word documents, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka ""Uninitialized Memory Corruption Vulnerability.""",2010-10-13 19:00:46.430,EPSS
-CVE-2010-3332,0.0,0.96929,"Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka ""ASP.NET Padding Oracle Vulnerability.""",2010-09-22 19:00:06.213,EPSS
+CVE-2010-3332,0.0,0.96931,"Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka ""ASP.NET Padding Oracle Vulnerability.""",2010-09-22 19:00:06.213,EPSS
 CVE-2010-3333,0.0,0.97312,"Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka ""RTF Stack Buffer Overflow Vulnerability.""",2010-11-10 03:00:02.087,EPSS/CISA/Metasploit
 CVE-2010-3334,0.0,0.95365,"Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp records and unspecified flags, which triggers memory corruption, aka ""Office Art Drawing Records Vulnerability.""",2010-11-10 03:00:02.133,EPSS
 CVE-2010-3337,0.0,0.95526,"Untrusted search path vulnerability in Microsoft Office 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka ""Insecure Library Loading Vulnerability."" NOTE: this might overlap CVE-2010-3141 and CVE-2010-3142.",2010-11-10 03:00:02.257,EPSS
@@ -1278,7 +1278,7 @@ CVE-2011-1276,0.0,0.96351,"Buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3
 CVE-2011-1485,0.0,0.00079,"Race condition in the pkexec utility and polkitd daemon in PolicyKit (aka polkit) 0.96 allows local users to gain privileges by executing a setuid program from pkexec, related to the use of the effective user ID instead of the real user ID.",2011-05-31 20:55:02.313,Metasploit
 CVE-2011-1565,0.0,0.43442,Directory traversal vulnerability in IGSSdataServer.exe 9.00.00.11063 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to (1) read (opcode 0x3) or (2) create or write (opcode 0x2) arbitrary files via ..\ (dot dot backslash) sequences to TCP port 12401.,2011-04-05 15:19:35.993,Metasploit
 CVE-2011-1574,0.0,0.31184,Stack-based buffer overflow in the ReadS3M method in load_s3m.cpp in libmodplug before 0.8.8.2 allows remote attackers to execute arbitrary code via a crafted S3M file.,2011-05-09 22:55:01.990,Metasploit
-CVE-2011-1591,0.0,0.96381,Stack-based buffer overflow in the DECT dissector in epan/dissectors/packet-dect.c in Wireshark 1.4.x before 1.4.5 allows remote attackers to execute arbitrary code via a crafted .pcap file.,2011-04-29 22:55:02.653,EPSS
+CVE-2011-1591,0.0,0.95077,Stack-based buffer overflow in the DECT dissector in epan/dissectors/packet-dect.c in Wireshark 1.4.x before 1.4.5 allows remote attackers to execute arbitrary code via a crafted .pcap file.,2011-04-29 22:55:02.653,EPSS
 CVE-2011-1653,0.0,0.97185,"Multiple SQL injection vulnerabilities in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 allow remote attackers to execute arbitrary SQL commands via vectors involving the (1) UnAssignFunctionalRoles, (2) UnassignAdminRoles, (3) DeleteFilter, (4) NonAssignedUserList, (5) DeleteReportLayout, (6) DeleteReports, and (7) RegenerateReport stored procedures.",2011-04-18 15:00:43.327,EPSS/Metasploit
 CVE-2011-1655,0.0,0.9634,"The management.asmx module in the Management Web Service in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 sends a cleartext response to unspecified getDBConfigSettings requests, which makes it easier for remote attackers to obtain database credentials, and subsequently execute arbitrary code, by sniffing the network, related to the UNCWS Web Service.",2011-04-18 15:00:43.437,EPSS
 CVE-2011-1669,0.0,0.02966,Directory traversal vulnerability in wp-download.php in the WP Custom Pages module 0.5.0.1 for WordPress allows remote attackers to read arbitrary files via ..%2F (encoded dot dot) sequences in the url parameter.,2011-04-10 02:51:20.167,Nuclei
@@ -1422,7 +1422,7 @@ CVE-2012-0155,0.0,0.96271,"Microsoft Internet Explorer 9 does not properly handl
 CVE-2012-0158,0.0,0.97299,"The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2003 Web Components SP3; SQL Server 2000 SP4, 2005 SP4, and 2008 SP2, SP3, and R2; BizTalk Server 2002 SP1; Commerce Server 2002 SP4, 2007 SP2, and 2009 Gold and R2; Visual FoxPro 8.0 SP1 and 9.0 SP2; and Visual Basic 6.0 Runtime allow remote attackers to execute arbitrary code via a crafted (a) web site, (b) Office document, or (c) .rtf file that triggers ""system state"" corruption, as exploited in the wild in April 2012, aka ""MSCOMCTL.OCX RCE Vulnerability.""",2012-04-10 21:55:01.687,EPSS/CISA/Metasploit
 CVE-2012-0171,0.0,0.96041,"Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka ""SelectAll Remote Code Execution Vulnerability.""",2012-04-10 21:55:01.970,EPSS
 CVE-2012-0198,0.0,0.95877,Stack-based buffer overflow in the RunAndUploadFile method in the Isig.isigCtl.1 ActiveX control in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 allows remote attackers to execute arbitrary code via vectors related to an Asset Information file.,2012-03-06 04:18:03.063,EPSS/Metasploit
-CVE-2012-0201,0.0,0.91211,Stack-based buffer overflow in pcspref.dll in pcsws.exe in IBM Personal Communications 5.9.x before 5.9.8 and 6.0.x before 6.0.4 might allow remote attackers to execute arbitrary code via a long profile string in a WorkStation (aka .ws) file.,2012-03-02 11:55:00.853,Metasploit
+CVE-2012-0201,0.0,0.93023,Stack-based buffer overflow in pcspref.dll in pcsws.exe in IBM Personal Communications 5.9.x before 5.9.8 and 6.0.x before 6.0.4 might allow remote attackers to execute arbitrary code via a long profile string in a WorkStation (aka .ws) file.,2012-03-02 11:55:00.853,Metasploit
 CVE-2012-0202,0.0,0.96841,Multiple stack-based buffer overflows in tm1admsd.exe in the Admin Server in IBM Cognos TM1 9.4.x and 9.5.x before 9.5.2 FP2 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted data.,2012-05-04 16:55:01.137,EPSS/Metasploit
 CVE-2012-0209,0.0,0.89324,"Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP between November 2011 and February 2012, contains an externally introduced modification (Trojan Horse) in templates/javascript/open_calendar.js, which allows remote attackers to execute arbitrary PHP code.",2012-09-25 22:55:00.753,Metasploit
 CVE-2012-0217,0.0,0.00055,"The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application.  NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier.",2012-06-12 22:55:01.343,Metasploit
@@ -2098,13 +2098,13 @@ CVE-2015-0002,0.0,0.00043,"The AhcVerifyAdminContext function in ahcache.sys in
 CVE-2015-0016,0.0,0.26597,"Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) component in Microsoft Windows Vista SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted pathname in an executable file, as demonstrated by a transition from Low Integrity to Medium Integrity, aka ""Directory Traversal Elevation of Privilege Vulnerability.""",2015-01-13 22:59:07.190,CISA/Metasploit
 CVE-2015-0064,0.0,0.95604,"Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Automation Services in SharePoint Server 2010, Web Applications 2010 SP2, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka ""Office Remote Code Execution Vulnerability.""",2015-02-11 03:01:07.200,EPSS
 CVE-2015-0065,0.0,0.95468,"Microsoft Word 2007 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka ""OneTableDocumentStream Remote Code Execution Vulnerability.""",2015-02-11 03:01:07.967,EPSS
-CVE-2015-0071,0.0,0.20448,"Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka ""Internet Explorer ASLR Bypass Vulnerability.""",2015-02-11 03:01:12.497,CISA
+CVE-2015-0071,0.0,0.46202,"Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka ""Internet Explorer ASLR Bypass Vulnerability.""",2015-02-11 03:01:12.497,CISA
 CVE-2015-0072,0.0,0.9725,"Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy and inject arbitrary web script or HTML via vectors involving an IFRAME element that triggers a redirect, a second IFRAME element that does not trigger a redirect, and an eval of a WindowProxy object, aka ""Universal XSS (UXSS).""",2015-02-07 19:59:07.723,EPSS/Metasploit
 CVE-2015-0096,0.0,0.97321,"Untrusted search path vulnerability in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, leading to DLL loading during Windows Explorer access to the icon of a crafted shortcut, aka ""DLL Planting Remote Code Execution Vulnerability.""",2015-03-11 10:59:22.760,EPSS
 CVE-2015-0235,0.0,0.97523,"Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka ""GHOST.""",2015-01-28 19:59:00.063,EPSS
 CVE-2015-0240,0.0,0.97426,"The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c.",2015-02-24 01:59:00.050,EPSS/Metasploit
 CVE-2015-0273,0.0,0.95481,"Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier in (a) DateTimeZone data handled by the php_date_timezone_initialize_from_hash function or (b) DateTime data handled by the php_date_initialize_from_hash function.",2015-03-30 10:59:06.507,EPSS
-CVE-2015-0310,0.0,0.95994,"Adobe Flash Player before 13.0.0.262 and 14.x through 16.x before 16.0.0.287 on Windows and OS X and before 11.2.202.438 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism on Windows, and have an unspecified impact on other platforms, via unknown vectors, as exploited in the wild in January 2015.",2015-01-23 21:59:00.050,EPSS/CISA
+CVE-2015-0310,0.0,0.91946,"Adobe Flash Player before 13.0.0.262 and 14.x through 16.x before 16.0.0.287 on Windows and OS X and before 11.2.202.438 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism on Windows, and have an unspecified impact on other platforms, via unknown vectors, as exploited in the wild in January 2015.",2015-01-23 21:59:00.050,CISA
 CVE-2015-0311,0.0,0.97275,"Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015.",2015-01-23 21:59:04.897,EPSS/CISA/Metasploit
 CVE-2015-0313,0.0,0.9729,"Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2015, a different vulnerability than CVE-2015-0315, CVE-2015-0320, and CVE-2015-0322.",2015-02-02 19:59:00.053,EPSS/CISA/Metasploit
 CVE-2015-0318,0.0,0.9752,"Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0314, CVE-2015-0316, CVE-2015-0321, CVE-2015-0329, and CVE-2015-0330.",2015-02-06 00:59:03.950,EPSS/Metasploit
@@ -2114,7 +2114,7 @@ CVE-2015-0554,0.0,0.0139,"The ADB (formerly Pirelli Broadband Solutions) P.DGA40
 CVE-2015-0666,0.0,0.97385,"Directory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager (DCNM) before 7.1(1) allows remote attackers to read arbitrary files via a crafted pathname, aka Bug ID CSCus00241.",2015-04-03 10:59:04.290,EPSS/CISA
 CVE-2015-0779,0.0,0.94608,"Directory traversal vulnerability in UploadServlet in Novell ZENworks Configuration Management (ZCM) 10 and 11 before 11.3.2 allows remote attackers to execute arbitrary code via a crafted directory name in the uid parameter, in conjunction with a WAR filename in the filename parameter and WAR content in the POST data, a different vulnerability than CVE-2010-5323 and CVE-2010-5324.",2015-06-07 23:59:04.487,Metasploit
 CVE-2015-0816,0.0,0.961,"Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as demonstrated by the resource: URL associated with PDF.js.",2015-04-01 10:59:14.910,EPSS/Metasploit
-CVE-2015-0921,0.0,0.02653,XML external entity (XXE) vulnerability in the Server Task Log in McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 allows remote authenticated users to read arbitrary files via the conditionXML parameter to the taskLogTable to orionUpdateTableFilter.do.,2015-01-09 18:59:10.600,Metasploit
+CVE-2015-0921,0.0,0.02513,XML external entity (XXE) vulnerability in the Server Task Log in McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 allows remote authenticated users to read arbitrary files via the conditionXML parameter to the taskLogTable to orionUpdateTableFilter.do.,2015-01-09 18:59:10.600,Metasploit
 CVE-2015-0922,0.0,0.00808,"McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 uses the same secret key across different customers' installations, which allows attackers to obtain the administrator password by leveraging knowledge of the encrypted password.",2015-01-09 18:59:11.540,Metasploit
 CVE-2015-0923,0.0,0.77439,"The ContentBlockEx method in Workarea/ServerControlWS.asmx in Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference within an XML document named in the xslt parameter, related to an XML External Entity (XXE) issue.",2015-02-14 03:01:17.927,Metasploit
 CVE-2015-0936,9.8,0.26604,"Ceragon FibeAir IP-10 have a default SSH public key in the authorized_keys file for the mateidu user, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key.",2017-06-01 16:29:00.200,Metasploit
@@ -2144,11 +2144,11 @@ CVE-2015-1592,0.0,0.85547,"Movable Type Pro, Open Source, and Advanced before 5.
 CVE-2015-1605,0.0,0.95999,Multiple SQL injection vulnerabilities in Dell ScriptLogic Asset Manager (aka Quest Workspace Asset Manager) before 9.5 allow remote attackers to execute arbitrary SQL commands via unspecified vectors to (1) GetClientPackage.aspx or (2) GetProcessedPackage.aspx.,2015-02-24 15:59:07.613,EPSS
 CVE-2015-1635,0.0,0.9754,"HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka ""HTTP.sys Remote Code Execution Vulnerability.""",2015-04-14 20:59:01.263,EPSS/CISA/Nuclei
 CVE-2015-1637,0.0,0.96341,"Schannel (aka Secure Channel) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the ""FREAK"" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1067.",2015-03-06 17:59:00.070,EPSS
-CVE-2015-1641,0.0,0.94265,"Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allow remote attackers to execute arbitrary code via a crafted RTF document, aka ""Microsoft Office Memory Corruption Vulnerability.""",2015-04-14 20:59:05.250,CISA
-CVE-2015-1642,0.0,0.91078,"Microsoft Office 2007 SP3, 2010 SP2, and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted document, aka ""Microsoft Office Memory Corruption Vulnerability.""",2015-08-15 00:59:00.110,CISA
+CVE-2015-1641,0.0,0.95977,"Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allow remote attackers to execute arbitrary code via a crafted RTF document, aka ""Microsoft Office Memory Corruption Vulnerability.""",2015-04-14 20:59:05.250,EPSS/CISA
+CVE-2015-1642,0.0,0.95149,"Microsoft Office 2007 SP3, 2010 SP2, and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted document, aka ""Microsoft Office Memory Corruption Vulnerability.""",2015-08-15 00:59:00.110,EPSS/CISA
 CVE-2015-1671,0.0,0.40207,"The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2; Office 2007 SP3 and 2010 SP2; Live Meeting 2007 Console; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; Lync Basic 2013 SP1; Silverlight 5 before 5.1.40416.00; and Silverlight 5 Developer Runtime before 5.1.40416.00, allows remote attackers to execute arbitrary code via a crafted TrueType font, aka ""TrueType Font Parsing Vulnerability.""",2015-05-13 10:59:03.910,CISA
-CVE-2015-1701,0.0,0.00044,"Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in April 2015, aka ""Win32k Elevation of Privilege Vulnerability.""",2015-04-21 10:59:00.073,CISA/Metasploit
-CVE-2015-1769,0.0,0.00205,"Mount Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 mishandles symlinks, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka ""Mount Manager Elevation of Privilege Vulnerability.""",2015-08-15 00:59:01.467,CISA
+CVE-2015-1701,0.0,0.00533,"Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in April 2015, aka ""Win32k Elevation of Privilege Vulnerability.""",2015-04-21 10:59:00.073,CISA/Metasploit
+CVE-2015-1769,0.0,0.00173,"Mount Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 mishandles symlinks, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka ""Mount Manager Elevation of Privilege Vulnerability.""",2015-08-15 00:59:01.467,CISA
 CVE-2015-1770,0.0,0.4594,"Microsoft Office 2013 SP1 and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka ""Microsoft Office Uninitialized Memory Use Vulnerability.""",2015-06-10 01:59:36.483,CISA
 CVE-2015-1793,0.0,0.14147,"The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate.",2015-07-09 19:17:00.093,Metasploit
 CVE-2015-1830,0.0,0.033,Directory traversal vulnerability in the fileserver upload/download functionality for blob messages in Apache ActiveMQ 5.x before 5.11.2 for Windows allows remote attackers to create JSP files in arbitrary directories via unspecified vectors.,2015-08-19 15:59:00.133,Metasploit
@@ -2170,20 +2170,20 @@ CVE-2015-2284,0.0,0.97404,"userlogin.jsp in SolarWinds Firewall Security Manager
 CVE-2015-2291,0.0,0.00105,"(1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys before 1.3.1.0 in the Intel Ethernet diagnostics driver for Windows allows local users to cause a denial of service or possibly execute arbitrary code with kernel privileges via a crafted (a) 0x80862013, (b) 0x8086200B, (c) 0x8086200F, or (d) 0x80862007 IOCTL call.",2017-08-09 18:29:00.933,CISA
 CVE-2015-2331,0.0,0.95332,"Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow.",2015-03-30 10:59:12.727,EPSS
 CVE-2015-2342,0.0,0.97138,"The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol.",2015-10-12 10:59:01.633,EPSS
-CVE-2015-2360,0.0,0.0006,"win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka ""Win32k Elevation of Privilege Vulnerability.""",2015-06-10 01:59:38.890,CISA
-CVE-2015-2387,0.0,0.00045,"ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka ""ATMFD.DLL Memory Corruption Vulnerability.""",2015-07-14 22:59:08.103,CISA
+CVE-2015-2360,0.0,0.00084,"win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka ""Win32k Elevation of Privilege Vulnerability.""",2015-06-10 01:59:38.890,CISA
+CVE-2015-2387,0.0,0.00043,"ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka ""ATMFD.DLL Memory Corruption Vulnerability.""",2015-07-14 22:59:08.103,CISA
 CVE-2015-2419,0.0,0.97215,"JScript 9 in Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""JScript9 Memory Corruption Vulnerability.""",2015-07-14 21:59:33.283,EPSS/CISA
-CVE-2015-2424,0.0,0.36036,"Microsoft PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, Word 2010 SP2, PowerPoint 2013 SP1, Word 2013 SP1, and PowerPoint 2013 RT SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka ""Microsoft Office Memory Corruption Vulnerability.""",2015-07-14 21:59:35.987,CISA
-CVE-2015-2425,0.0,0.94585,"Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Internet Explorer Memory Corruption Vulnerability,"" a different vulnerability than CVE-2015-2383 and CVE-2015-2384.",2015-07-14 21:59:36.813,CISA
+CVE-2015-2424,0.0,0.4249,"Microsoft PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, Word 2010 SP2, PowerPoint 2013 SP1, Word 2013 SP1, and PowerPoint 2013 RT SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka ""Microsoft Office Memory Corruption Vulnerability.""",2015-07-14 21:59:35.987,CISA
+CVE-2015-2425,0.0,0.96121,"Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Internet Explorer Memory Corruption Vulnerability,"" a different vulnerability than CVE-2015-2383 and CVE-2015-2384.",2015-07-14 21:59:36.813,EPSS/CISA
 CVE-2015-2426,0.0,0.97379,"Buffer underflow in atmfd.dll in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka ""OpenType Font Driver Vulnerability.""",2015-07-20 18:59:01.210,EPSS/CISA/Metasploit
 CVE-2015-2433,0.0,0.00061,"The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to bypass the ASLR protection mechanism via a crafted application, aka ""Kernel ASLR Bypass Vulnerability.""",2015-08-15 00:59:09.703,Metasploit
-CVE-2015-2502,0.0,0.61534,"Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Memory Corruption Vulnerability,"" as exploited in the wild in August 2015.",2015-08-19 10:59:00.090,CISA
+CVE-2015-2502,0.0,0.37481,"Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Memory Corruption Vulnerability,"" as exploited in the wild in August 2015.",2015-08-19 10:59:00.090,CISA
 CVE-2015-2509,0.0,0.97353,"Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted Media Center link (mcl) file, aka ""Windows Media Center RCE Vulnerability.""",2015-09-09 00:59:22.490,EPSS/Metasploit
 CVE-2015-2520,0.0,0.95691,"Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011 and 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka ""Microsoft Office Memory Corruption Vulnerability.""",2015-09-09 00:59:32.363,EPSS
 CVE-2015-2521,0.0,0.96056,"Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka ""Microsoft Office Memory Corruption Vulnerability.""",2015-09-09 00:59:33.300,EPSS
 CVE-2015-2523,0.0,0.95691,"Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel for Mac 2011 and 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka ""Microsoft Office Memory Corruption Vulnerability.""",2015-09-09 00:59:35.270,EPSS
-CVE-2015-2545,0.0,0.95015,"Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted EPS image, aka ""Microsoft Office Malformed EPS File Vulnerability.""",2015-09-09 00:59:52.190,EPSS/CISA
-CVE-2015-2546,0.0,0.00375,"The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka ""Win32k Memory Corruption Elevation of Privilege Vulnerability,"" a different vulnerability than CVE-2015-2511, CVE-2015-2517, and CVE-2015-2518.",2015-09-09 00:59:53.207,CISA
+CVE-2015-2545,0.0,0.9701,"Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted EPS image, aka ""Microsoft Office Malformed EPS File Vulnerability.""",2015-09-09 00:59:52.190,EPSS/CISA
+CVE-2015-2546,0.0,0.00129,"The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka ""Win32k Memory Corruption Elevation of Privilege Vulnerability,"" a different vulnerability than CVE-2015-2511, CVE-2015-2517, and CVE-2015-2518.",2015-09-09 00:59:53.207,CISA
 CVE-2015-2562,0.0,0.03063,"Multiple SQL injection vulnerabilities in the Web-Dorado ECommerce WD (com_ecommercewd) component 1.2.5 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) search_category_id, (2) sort_order, or (3) filter_manufacturer_ids in a displayproducts action to index.php.",2015-03-20 14:59:04.327,Metasploit
 CVE-2015-2590,0.0,0.0238,"Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732.",2015-07-16 10:59:17.050,CISA
 CVE-2015-2673,0.0,0.00777,The ec_ajax_update_option and ec_ajax_clear_all_taxrates functions in inc/admin/admin_ajax_functions.php in the WP EasyCart plugin 1.1.30 through 3.0.20 for WordPress allow remote attackers to gain administrator privileges and execute arbitrary code via the option_name and option_value parameters.,2017-10-06 22:29:00.633,Metasploit
@@ -2197,16 +2197,16 @@ CVE-2015-2856,0.0,0.97065,Directory traversal vulnerability in the template func
 CVE-2015-2857,9.8,0.95999,Accellion File Transfer Appliance before FTA_9_11_210 allows remote attackers to execute arbitrary code via shell metacharacters in the oauth_token parameter.,2017-08-22 15:29:00.210,EPSS/Metasploit
 CVE-2015-2863,0.0,0.00626,"Open redirect vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.",2015-07-20 23:59:01.940,Nuclei
 CVE-2015-2993,0.0,0.81666,"SysAid Help Desk before 15.2 does not properly restrict access to certain functionality, which allows remote attackers to (1) create administrator accounts via a crafted request to /createnewaccount or (2) write to arbitrary files via the fileName parameter to /userentry.",2015-06-08 14:59:01.320,Metasploit
-CVE-2015-2994,0.0,0.88515,"Unrestricted file upload vulnerability in ChangePhoto.jsp in SysAid Help Desk before 15.2 allows remote administrators to execute arbitrary code by uploading a file with a .jsp extension, then accessing it via a direct request to the file in icons/user_photo/.",2015-06-08 14:59:02.587,Metasploit
-CVE-2015-2995,0.0,0.93389,"The RdsLogsEntry servlet in SysAid Help Desk before 15.2 does not properly check file extensions, which allows remote attackers to upload and execute arbitrary files via a NULL byte after the extension, as demonstrated by a .war%00 file.",2015-06-08 14:59:03.603,Metasploit
-CVE-2015-2996,0.0,0.72724,Multiple directory traversal vulnerabilities in SysAid Help Desk before 15.2 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the fileName parameter to getGfiUpgradeFile or (2) cause a denial of service (CPU and memory consumption) via a .. (dot dot) in the fileName parameter to calculateRdsFileChecksum.,2015-06-08 14:59:04.633,Nuclei
+CVE-2015-2994,0.0,0.87527,"Unrestricted file upload vulnerability in ChangePhoto.jsp in SysAid Help Desk before 15.2 allows remote administrators to execute arbitrary code by uploading a file with a .jsp extension, then accessing it via a direct request to the file in icons/user_photo/.",2015-06-08 14:59:02.587,Metasploit
+CVE-2015-2995,0.0,0.91193,"The RdsLogsEntry servlet in SysAid Help Desk before 15.2 does not properly check file extensions, which allows remote attackers to upload and execute arbitrary files via a NULL byte after the extension, as demonstrated by a .war%00 file.",2015-06-08 14:59:03.603,Metasploit
+CVE-2015-2996,0.0,0.44945,Multiple directory traversal vulnerabilities in SysAid Help Desk before 15.2 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the fileName parameter to getGfiUpgradeFile or (2) cause a denial of service (CPU and memory consumption) via a .. (dot dot) in the fileName parameter to calculateRdsFileChecksum.,2015-06-08 14:59:04.633,Nuclei
 CVE-2015-2997,0.0,0.00658,"SysAid Help Desk before 15.2 allows remote attackers to obtain sensitive information via an invalid value in the accountid parameter to getAgentLogFile, as demonstrated by a large directory traversal sequence, which reveals the installation path in an error message.",2015-06-08 14:59:05.650,Metasploit
 CVE-2015-2998,0.0,0.00552,"SysAid Help Desk before 15.2 uses a hardcoded encryption key, which makes it easier for remote attackers to obtain sensitive information, as demonstrated by decrypting the database password in WEB-INF/conf/serverConf.xml.",2015-06-08 14:59:06.650,Metasploit
 CVE-2015-3035,0.0,0.58993,"Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310 allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/.",2015-04-22 01:59:02.553,CISA/Metasploit/Nuclei
-CVE-2015-3043,0.0,0.02796,"Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in April 2015, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, and CVE-2015-3042.",2015-04-14 22:59:21.323,CISA/Metasploit
+CVE-2015-3043,0.0,0.02529,"Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in April 2015, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, and CVE-2015-3042.",2015-04-14 22:59:21.323,CISA/Metasploit
 CVE-2015-3090,0.0,0.97378,"Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3078, CVE-2015-3089, and CVE-2015-3093.",2015-05-13 11:00:21.097,EPSS/Metasploit
 CVE-2015-3105,0.0,0.97377,"Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.",2015-06-10 01:59:47.097,EPSS/Metasploit
-CVE-2015-3113,0.0,0.94663,"Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015.",2015-06-23 21:59:01.960,CISA/Metasploit
+CVE-2015-3113,0.0,0.96095,"Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015.",2015-06-23 21:59:01.960,EPSS/CISA/Metasploit
 CVE-2015-3224,0.0,0.92904,"request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted request.",2015-07-26 22:59:03.023,Metasploit/Nuclei
 CVE-2015-3245,0.0,0.00042,"Incomplete blacklist vulnerability in the chfn function in libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, allows local users to cause a denial of service (/etc/passwd corruption) via a newline character in the GECOS field.",2015-08-11 14:59:05.570,Metasploit
 CVE-2015-3246,0.0,0.00042,"libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service (inconsistent file state) by causing an error during the modification. NOTE: this issue can be combined with CVE-2015-3245 to gain privileges.",2015-08-11 14:59:07.040,Metasploit
@@ -2239,8 +2239,8 @@ CVE-2015-4852,9.8,0.96878,"The WLS Security component in Oracle WebLogic Server
 CVE-2015-4902,0.0,0.00861,"Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 allows remote attackers to affect integrity via unknown vectors related to Deployment.",2015-10-22 00:00:03.093,CISA
 CVE-2015-5082,0.0,0.96346,Endian Firewall before 3.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) NEW_PASSWORD_1 or (2) NEW_PASSWORD_2 parameter to cgi-bin/chpasswd.cgi.,2015-09-28 15:59:00.097,EPSS/Metasploit
 CVE-2015-5119,0.0,0.97436,"Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.",2015-07-08 14:59:05.677,EPSS/CISA/Metasploit
-CVE-2015-5122,0.0,0.97304,"Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property, as exploited in the wild in July 2015.",2015-07-14 10:59:00.213,EPSS/CISA/Metasploit
-CVE-2015-5123,0.0,0.26317,"Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.",2015-07-14 10:59:01.337,CISA
+CVE-2015-5122,0.0,0.97314,"Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property, as exploited in the wild in July 2015.",2015-07-14 10:59:00.213,EPSS/CISA/Metasploit
+CVE-2015-5123,0.0,0.27389,"Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.",2015-07-14 10:59:01.337,CISA
 CVE-2015-5287,0.0,0.0009,"The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable name, as demonstrated by /var/tmp/abrt/abrt-hax-coredump or /var/spool/abrt/abrt-hax-coredump.",2015-12-07 18:59:02.230,Metasploit
 CVE-2015-5317,0.0,0.04876,The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name information via a direct request.,2015-11-25 20:59:07.680,CISA
 CVE-2015-5354,0.0,0.00166,Open redirect vulnerability in Novius OS 5.0.1 (Elche) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to admin/nos/login.,2015-07-01 16:59:01.130,Nuclei
@@ -2264,7 +2264,7 @@ CVE-2015-6128,0.0,0.75868,"Microsoft Windows Vista SP2, Windows Server 2008 SP2
 CVE-2015-6132,0.0,0.96253,"Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle library loading, which allows local users to gain privileges via a crafted application, aka ""Windows Library Loading Remote Code Execution Vulnerability.""",2015-12-09 11:59:16.897,EPSS/Metasploit
 CVE-2015-6133,0.0,0.78695,"Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle library loading, which allows local users to gain privileges via a crafted application, aka ""Windows Library Loading Remote Code Execution Vulnerability.""",2015-12-09 11:59:17.867,Metasploit
 CVE-2015-6136,0.0,0.96073,"The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code via a crafted web site, aka ""Scripting Engine Memory Corruption Vulnerability.""",2015-12-09 11:59:20.683,EPSS
-CVE-2015-6175,0.0,0.00072,"The kernel in Microsoft Windows 10 Gold allows local users to gain privileges via a crafted application, aka ""Windows Kernel Memory Elevation of Privilege Vulnerability.""",2015-12-09 11:59:56.580,CISA
+CVE-2015-6175,0.0,0.00043,"The kernel in Microsoft Windows 10 Gold allows local users to gain privileges via a crafted application, aka ""Windows Kernel Memory Elevation of Privilege Vulnerability.""",2015-12-09 11:59:56.580,CISA
 CVE-2015-6477,0.0,0.00277,Multiple cross-site scripting (XSS) vulnerabilities in the Wind Farm Portal application in Nordex Control 2 (NC2) SCADA 16 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.,2015-10-18 19:59:01.400,Nuclei
 CVE-2015-6522,0.0,0.97057,SQL injection vulnerability in the WP Symposium plugin before 15.8 for WordPress allows remote attackers to execute arbitrary SQL commands via the size parameter to get_album_item.php.,2015-08-19 15:59:11.947,EPSS/Metasploit
 CVE-2015-6544,0.0,0.00284,Cross-site scripting (XSS) vulnerability in application/dashboard.class.inc.php in Combodo iTop before 2.2.0-2459 allows remote attackers to inject arbitrary web script or HTML via a dashboard title.,2018-02-20 20:29:00.193,Nuclei
@@ -2285,7 +2285,7 @@ CVE-2015-7601,0.0,0.65277,Directory traversal vulnerability in PCMan's FTP Serve
 CVE-2015-7602,0.0,0.50304,Directory traversal vulnerability in BisonWare BisonFTP 3.5 allows remote attackers to read arbitrary files via a ../ (dot dot slash) in a RETR command.,2015-09-29 19:59:10.810,Metasploit
 CVE-2015-7603,0.0,0.55181,Directory traversal vulnerability in Konica Minolta FTP Utility 1.0 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in a RETR command.,2015-09-29 19:59:11.733,Metasploit
 CVE-2015-7611,0.0,0.77433,"Apache James Server 2.3.2, when configured with file-based user repositories, allows attackers to execute arbitrary system commands via unspecified vectors.",2016-06-07 14:06:09.777,Metasploit
-CVE-2015-7645,0.0,0.97304,"Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux allows remote attackers to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015.",2015-10-15 10:59:10.530,EPSS/CISA
+CVE-2015-7645,0.0,0.97407,"Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux allows remote attackers to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015.",2015-10-15 10:59:10.530,EPSS/CISA
 CVE-2015-7709,0.0,0.81923,The arkeiad daemon in the Arkeia Backup Agent in Western Digital Arkeia 11.0.12 and earlier allows remote attackers to bypass authentication and execute arbitrary commands via a series of crafted requests involving the ARKFS_EXEC_CMD operation.,2015-10-05 15:59:06.207,Metasploit
 CVE-2015-7755,0.0,0.97054,"Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b, and 6.3.0r20 before 6.3.0r21 allows remote attackers to obtain administrative access by entering an unspecified password during a (1) SSH or (2) TELNET session.",2015-12-19 14:59:01.453,EPSS/Metasploit
 CVE-2015-7765,0.0,0.76285,"ZOHO ManageEngine OpManager 11.5 build 11600 and earlier uses a hardcoded password of ""plugin"" for the IntegrationUser account, which allows remote authenticated users to obtain administrator access by leveraging knowledge of this password.",2015-10-09 14:59:06.670,Metasploit
@@ -2304,7 +2304,7 @@ CVE-2015-8349,0.0,0.0013,Cross-site scripting (XSS) vulnerability in SourceBans
 CVE-2015-8399,0.0,0.9655,Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action.,2016-04-11 21:59:11.320,EPSS/Nuclei
 CVE-2015-8562,0.0,0.97311,"Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015.",2015-12-16 21:59:06.390,EPSS/Metasploit
 CVE-2015-8612,0.0,0.00514,The EnableNetwork method in the Network class in plugins/mechanism/Network.py in Blueman before 2.0.3 allows local users to gain privileges via the dhcp_handler argument.,2016-01-08 19:59:16.350,Metasploit
-CVE-2015-8651,0.0,0.64946,"Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors.",2015-12-28 23:59:19.050,CISA
+CVE-2015-8651,0.0,0.17948,"Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors.",2015-12-28 23:59:19.050,CISA
 CVE-2015-8660,6.7,0.00115,"The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application.",2015-12-28 11:59:08.093,Metasploit
 CVE-2015-8704,0.0,0.95805,"apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed Address Prefix List (APL) record.",2016-01-20 15:59:00.330,EPSS
 CVE-2015-8813,0.0,0.00511,The Page_Load function in Umbraco.Web/umbraco.presentation/umbraco/dashboard/FeedProxy.aspx.cs in Umbraco before 7.4.0 allows remote attackers to conduct server-side request forgery (SSRF) attacks via the url parameter.,2017-03-03 16:59:00.153,Nuclei
@@ -2449,8 +2449,8 @@ CVE-2016-4437,0.0,0.9749,"Apache Shiro before 1.2.5, when a cipher key has not b
 CVE-2016-4465,0.0,0.959,The URLValidator class in Apache Struts 2 2.3.20 through 2.3.28.1 and 2.5.x before 2.5.1 allows remote attackers to cause a denial of service via a null value for a URL field.,2016-07-04 22:59:10.117,EPSS
 CVE-2016-4523,0.0,0.25447,The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via unspecified vectors.,2016-06-09 10:59:04.073,CISA
 CVE-2016-4557,7.8,0.00088,"The replace_map_fd_with_map_ptr function in kernel/bpf/verifier.c in the Linux kernel before 4.5.5 does not properly maintain an fd data structure, which allows local users to gain privileges or cause a denial of service (use-after-free) via crafted BPF instructions that reference an incorrect file descriptor.",2016-05-23 10:59:03.707,Metasploit
-CVE-2016-4655,0.0,0.88051,The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory via a crafted app.,2016-08-25 21:59:00.133,CISA/Metasploit
-CVE-2016-4656,0.0,0.00586,The kernel in Apple iOS before 9.3.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.,2016-08-25 21:59:01.087,CISA/Metasploit
+CVE-2016-4655,0.0,0.86291,The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory via a crafted app.,2016-08-25 21:59:00.133,CISA/Metasploit
+CVE-2016-4656,0.0,0.00643,The kernel in Apple iOS before 9.3.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.,2016-08-25 21:59:01.087,CISA/Metasploit
 CVE-2016-4657,0.0,0.87543,WebKit in Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.,2016-08-25 21:59:02.150,CISA/Metasploit
 CVE-2016-4669,0.0,0.00042,"An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the ""Kernel"" component. It allows local users to execute arbitrary code in a privileged context or cause a denial of service (MIG code mishandling and system crash) via unspecified vectors.",2017-02-20 08:59:00.510,Metasploit
 CVE-2016-4971,8.8,0.9534,GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource.,2016-06-30 17:59:07.893,EPSS
@@ -3136,7 +3136,7 @@ CVE-2018-7662,0.0,0.00225,Couch through 2.0 allows remote attackers to discover
 CVE-2018-7665,0.0,0.96314,"An issue was discovered in ClipBucket before 4.0.0 Release 4902. A malicious file can be uploaded via the name parameter to actions/beats_uploader.php or actions/photo_uploader.php, or the coverPhoto parameter to edit_account.php.",2018-03-05 07:29:00.383,EPSS/Metasploit
 CVE-2018-7700,0.0,0.50599,"DedeCMS 5.7 has CSRF with an impact of arbitrary code execution, because the partcode parameter in a tag_test_action.php request can specify a runphp field in conjunction with PHP code.",2018-03-27 18:29:00.243,Nuclei
 CVE-2018-7719,0.0,0.09221,Acrolinx Server before 5.2.5 on Windows allows Directory Traversal.,2018-03-25 16:29:00.203,Nuclei
-CVE-2018-7841,0.0,0.01445,A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unwanted code execution when an improper set of characters is entered.,2019-05-22 20:29:01.480,CISA
+CVE-2018-7841,0.0,0.01227,A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unwanted code execution when an improper set of characters is entered.,2019-05-22 20:29:01.480,CISA
 CVE-2018-7890,0.0,0.97192,"A remote code execution issue was discovered in Zoho ManageEngine Applications Manager before 13.6 (build 13640). The publicly accessible testCredential.do endpoint takes multiple user inputs and validates supplied credentials by accessing a specified system. This endpoint calls several internal classes, and then executes a PowerShell script. If the specified system is OfficeSharePointServer, then the username and password parameters to this script are not validated, leading to Command Injection.",2018-03-08 22:29:00.233,EPSS/Metasploit
 CVE-2018-8006,6.1,0.34776,An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cause of this issue is improper data filtering of the QueueFilter parameter.,2018-10-10 14:29:00.497,Nuclei
 CVE-2018-8021,0.0,0.95795,Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation.,2018-11-07 14:29:00.947,EPSS
@@ -3233,7 +3233,7 @@ CVE-2019-1010290,0.0,0.00215,"Babel: Multilingual site Babel All is affected by:
 CVE-2019-10123,0.0,0.32718,SQL Injection in Advanced InfoData Systems (AIS) ESEL-Server 67 (which is the backend for the AIS logistics mobile app) allows an anonymous attacker to execute arbitrary code in the context of the user of the MSSQL database. The default user for the database is the 'sa' user.,2019-05-31 22:29:01.223,Metasploit
 CVE-2019-10149,9.8,0.97355,A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.,2019-06-05 14:29:11.293,EPSS/CISA/Metasploit
 CVE-2019-10232,0.0,0.12149,"Teclib GLPI through 9.3.3 has SQL injection via the ""cycle"" parameter in /scripts/unlock_tasks.php.",2019-03-27 17:29:02.370,Nuclei
-CVE-2019-10267,0.0,0.69192,"An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.1.0.50. It is possible to upload a file into any directory of the server. One can insert a JSP shell into the web server's directory and execute it. This leads to full access to the system, as the configured user (e.g., Administrator).",2019-07-26 21:15:11.640,Metasploit
+CVE-2019-10267,0.0,0.73353,"An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.1.0.50. It is possible to upload a file into any directory of the server. One can insert a JSP shell into the web server's directory and execute it. This leads to full access to the system, as the configured user (e.g., Administrator).",2019-07-26 21:15:11.640,Metasploit
 CVE-2019-10405,5.4,0.00572,"Jenkins 2.196 and earlier, LTS 2.176.3 and earlier printed the value of the ""Cookie"" HTTP request header on the /whoAmI/ URL, allowing attackers exploiting another XSS vulnerability to obtain the HTTP session cookie despite it being marked HttpOnly.",2019-09-25 16:15:10.697,Nuclei
 CVE-2019-10475,6.1,0.97301,A reflected cross-site scripting vulnerability in Jenkins build-metrics Plugin allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin.,2019-10-23 13:15:11.487,EPSS/Nuclei
 CVE-2019-1064,0.0,0.87735,"An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'.",2019-06-12 14:29:04.273,CISA
@@ -3259,7 +3259,7 @@ CVE-2019-11479,7.5,0.97383,"Jonathan Looney discovered that the Linux kernel def
 CVE-2019-11510,10.0,0.9736,"In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .",2019-05-08 17:29:00.630,EPSS/CISA/Metasploit/Nuclei
 CVE-2019-11539,7.2,0.97169,"In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin web interface allows an authenticated attacker to inject and execute commands.",2019-04-26 02:29:00.300,EPSS/CISA/Metasploit
 CVE-2019-11580,9.8,0.97441,"Atlassian Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits remote code execution on systems running a vulnerable version of Crowd or Crowd Data Center. All versions of Crowd from version 2.1.0 before 3.0.5 (the fixed version for 3.0.x), from version 3.1.0 before 3.1.6 (the fixed version for 3.1.x), from version 3.2.0 before 3.2.8 (the fixed version for 3.2.x), from version 3.3.0 before 3.3.5 (the fixed version for 3.3.x), and from version 3.4.0 before 3.4.4 (the fixed version for 3.4.x) are affected by this vulnerability.",2019-06-03 14:29:00.217,EPSS/CISA/Metasploit/Nuclei
-CVE-2019-11581,0.0,0.97288,"There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of Jira Server and Data Center from 4.4.0 before 7.6.14, from 7.7.0 before 7.13.5, from 8.0.0 before 8.0.3, from 8.1.0 before 8.1.2, and from 8.2.0 before 8.2.3 are affected by this vulnerability.",2019-08-09 20:15:11.270,EPSS/CISA/Nuclei
+CVE-2019-11581,0.0,0.9725,"There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of Jira Server and Data Center from 4.4.0 before 7.6.14, from 7.7.0 before 7.13.5, from 8.0.0 before 8.0.3, from 8.1.0 before 8.1.2, and from 8.2.0 before 8.2.3 are affected by this vulnerability.",2019-08-09 20:15:11.270,EPSS/CISA/Nuclei
 CVE-2019-11600,0.0,0.96201,A SQL injection vulnerability in the activities API in OpenProject before 8.3.2 allows a remote attacker to execute arbitrary SQL commands via the id parameter. The attack can be performed unauthenticated if OpenProject is configured not to require authentication for API access.,2019-05-13 20:29:02.697,EPSS
 CVE-2019-11631,0.0,0.6287,Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none,2019-05-01 03:29:00.310,Metasploit
 CVE-2019-11634,0.0,0.02353,Citrix Workspace App before 1904 for Windows has Incorrect Access Control.,2019-05-22 17:29:00.227,CISA
@@ -3302,7 +3302,7 @@ CVE-2019-13344,0.0,0.95025,"An authentication bypass vulnerability in the CRUDLa
 CVE-2019-13372,9.8,0.96498,"/web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username field allows eval injection, and an empty password bypasses authentication.",2019-07-06 23:15:10.310,EPSS/Metasploit
 CVE-2019-13373,0.0,0.55265,An issue was discovered in the D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6. Input does not get validated and arbitrary SQL statements can be executed in the database via the /web/Public/Conn.php parameter dbSQL.,2019-07-06 23:15:10.373,Metasploit
 CVE-2019-13392,6.1,0.00127,"A reflected Cross-Site Scripting (XSS) vulnerability in MindPalette NateMail 3.0.15 allows an attacker to execute remote JavaScript in a victim's browser via a specially crafted POST request. The application will reflect the recipient value if it is not in the NateMail recipient array. Note that this array is keyed via integers by default, so any string input will be invalid.",2019-10-16 00:15:10.587,Nuclei
-CVE-2019-13396,0.0,0.03052,FlightPath 4.x and 5.0-x allows directory traversal and Local File Inclusion through the form_include parameter in an index.php?q=system-handle-form-submit POST request because of an include_once in system_handle_form_submit in modules/system/system.module.,2019-07-10 14:15:11.887,Nuclei
+CVE-2019-13396,0.0,0.0288,FlightPath 4.x and 5.0-x allows directory traversal and Local File Inclusion through the form_include parameter in an index.php?q=system-handle-form-submit POST request because of an include_once in system_handle_form_submit in modules/system/system.module.,2019-07-10 14:15:11.887,Nuclei
 CVE-2019-13462,0.0,0.35333,Lansweeper before 7.1.117.4 allows unauthenticated SQL injection.,2019-08-12 17:15:11.047,Nuclei
 CVE-2019-13608,0.0,0.00625,"Citrix StoreFront Server before 1903, 7.15 LTSR before CU4 (3.12.4000), and 7.6 LTSR before CU8 (3.0.8000) allows XXE attacks.",2019-08-29 19:15:13.227,CISA
 CVE-2019-1367,7.5,0.87214,"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1221.",2019-09-23 20:15:13.447,CISA
@@ -3339,7 +3339,7 @@ CVE-2019-15859,9.8,0.12379,Password disclosure in the web interface on socomec D
 CVE-2019-15889,0.0,0.03259,"The download-manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter.",2019-09-03 18:15:12.670,Nuclei
 CVE-2019-15949,8.8,0.41124,"Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as the admin user via the web interface. The getprofile.sh script, invoked by downloading a system profile (profile.php?cmd=download), is executed as root via a passwordless sudo entry; the script executes check_plugin, which is owned by the nagios user. A user logged into Nagios XI with permissions to modify plugins, or the nagios user on the server, can modify the check_plugin executable and insert malicious commands to execute as root.",2019-09-05 17:15:12.327,CISA
 CVE-2019-15954,9.9,0.35425,"An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote Command Execution (RCE) on the remote server by creating a malicious widget with a special tag containing JavaScript code that will be evaluated server side. In the process of evaluating the tag by the back-end, it is possible to escape the sandbox object by using the following payload: <script total>global.process.mainModule.require(child_process).exec(RCE);</script>",2019-09-05 19:16:32.037,Metasploit
-CVE-2019-15975,9.8,0.53504,"Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",2020-01-06 08:15:10.723,Metasploit
+CVE-2019-15975,9.8,0.55688,"Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",2020-01-06 08:15:10.723,Metasploit
 CVE-2019-15976,9.8,0.96661,"Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",2020-01-06 08:15:10.800,EPSS
 CVE-2019-15977,7.5,0.96652,"Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",2020-01-06 08:15:10.893,EPSS
 CVE-2019-16057,9.8,0.9752,The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection.,2019-09-16 12:15:10.910,EPSS/CISA/Nuclei
@@ -3368,8 +3368,8 @@ CVE-2019-16920,9.8,0.96307,"Unauthenticated remote code execution occurs in D-Li
 CVE-2019-16928,9.8,0.91466,"Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command.",2019-09-27 21:15:10.017,CISA
 CVE-2019-16931,6.1,0.0016,"A stored XSS vulnerability in the Visualizer plugin 3.3.0 for WordPress allows an unauthenticated attacker to execute arbitrary JavaScript when an admin or other privileged user edits the chart via the admin dashboard. This occurs because classes/Visualizer/Gutenberg/Block.php registers wp-json/visualizer/v1/update-chart with no access control, and classes/Visualizer/Render/Page/Data.php lacks output sanitization.",2019-10-03 19:15:09.770,Nuclei
 CVE-2019-16932,10.0,0.37504,A blind SSRF vulnerability exists in the Visualizer plugin before 3.3.1 for WordPress via wp-json/visualizer/v1/upload-data.,2019-09-30 16:15:11.290,Nuclei
-CVE-2019-16996,7.2,0.33595,"In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/product/admin/product_admin.class.php via the admin/?n=product&c=product_admin&a=dopara&app_type=shop id parameter.",2019-09-30 13:15:11.167,Nuclei
-CVE-2019-16997,7.2,0.33595,"In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/language/admin/language_general.class.php via the admin/?n=language&c=language_general&a=doExportPack appno parameter.",2019-09-30 13:15:11.230,Nuclei
+CVE-2019-16996,7.2,0.21998,"In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/product/admin/product_admin.class.php via the admin/?n=product&c=product_admin&a=dopara&app_type=shop id parameter.",2019-09-30 13:15:11.167,Nuclei
+CVE-2019-16997,7.2,0.21998,"In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/language/admin/language_general.class.php via the admin/?n=language&c=language_general&a=doExportPack appno parameter.",2019-09-30 13:15:11.230,Nuclei
 CVE-2019-17026,8.8,0.53359,"Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1.",2020-03-02 05:15:12.010,CISA
 CVE-2019-17270,9.8,0.93892,"Yachtcontrol through 2019-10-06: It's possible to perform direct Operating System commands as an unauthenticated user via the ""/pages/systemcall.php?command={COMMAND}"" page and parameter, where {COMMAND} will be executed and returning the results to the client. Affects Yachtcontrol webservers disclosed via Dutch GPRS/4G mobile IP-ranges. IP addresses vary due to DHCP client leasing of telco's.",2019-12-10 21:15:15.597,Nuclei
 CVE-2019-17382,9.1,0.3552,"An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users and by an admin.",2019-10-09 14:15:12.817,Nuclei
@@ -3431,12 +3431,12 @@ CVE-2019-2729,9.8,0.97069,"Vulnerability in the Oracle WebLogic Server component
 CVE-2019-2767,0.0,0.14972,"Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). The supported version that is affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher (formerly XML Publisher). While the vulnerability is in BI Publisher (formerly XML Publisher), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of BI Publisher (formerly XML Publisher) accessible data as well as unauthorized read access to a subset of BI Publisher (formerly XML Publisher) accessible data. CVSS 3.0 Base Score 7.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N).",2019-07-23 23:15:40.163,Nuclei
 CVE-2019-3010,8.8,0.00336,"Vulnerability in the Oracle Solaris product of Oracle Systems (component: XScreenSaver). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).",2019-10-16 18:15:34.293,CISA/Metasploit
 CVE-2019-3396,9.8,0.97464,"The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection.",2019-03-25 19:29:01.647,EPSS/CISA/Metasploit/Nuclei
-CVE-2019-3398,8.8,0.96989,"Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has 'Admin' permissions for a space can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code execution on systems that run a vulnerable version of Confluence Server or Data Center. All versions of Confluence Server from 2.0.0 before 6.6.13 (the fixed version for 6.6.x), from 6.7.0 before 6.12.4 (the fixed version for 6.12.x), from 6.13.0 before 6.13.4 (the fixed version for 6.13.x), from 6.14.0 before 6.14.3 (the fixed version for 6.14.x), and from 6.15.0 before 6.15.2 are affected by this vulnerability.",2019-04-18 18:29:00.970,EPSS/CISA/Nuclei
+CVE-2019-3398,8.8,0.97045,"Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has 'Admin' permissions for a space can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code execution on systems that run a vulnerable version of Confluence Server or Data Center. All versions of Confluence Server from 2.0.0 before 6.6.13 (the fixed version for 6.6.x), from 6.7.0 before 6.12.4 (the fixed version for 6.12.x), from 6.13.0 before 6.13.4 (the fixed version for 6.13.x), from 6.14.0 before 6.14.3 (the fixed version for 6.14.x), and from 6.15.0 before 6.15.2 are affected by this vulnerability.",2019-04-18 18:29:00.970,EPSS/CISA/Nuclei
 CVE-2019-3401,5.3,0.0055,The ManageFilters.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.,2019-05-22 18:29:00.740,Nuclei
 CVE-2019-3402,0.0,0.00238,The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter.,2019-05-22 18:29:00.787,Nuclei
 CVE-2019-3403,5.3,0.00379,"The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.",2019-05-22 18:29:00.833,Nuclei
 CVE-2019-3568,0.0,0.02572,"A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.",2019-05-14 20:29:03.187,CISA
-CVE-2019-3799,6.5,0.01705,"Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack.",2019-05-06 16:29:01.567,Metasploit/Nuclei
+CVE-2019-3799,6.5,0.02947,"Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack.",2019-05-06 16:29:01.567,Metasploit/Nuclei
 CVE-2019-3911,6.1,0.00195,Reflected cross-site scripting (XSS) vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 allows an unauthenticated remote attacker to inject arbitrary javascript via the onerror parameter in the /__r2/query endpoints.,2019-01-30 20:29:00.367,Nuclei
 CVE-2019-3912,6.1,0.0016,An open redirect vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 via the /__r1/ returnURL parameter allows an unauthenticated remote attacker to redirect users to arbitrary web sites.,2019-01-30 20:29:00.400,Nuclei
 CVE-2019-3929,9.8,0.97363,"The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.",2019-04-30 21:29:00.713,EPSS/CISA/Metasploit/Nuclei
@@ -3457,7 +3457,7 @@ CVE-2019-5786,6.5,0.97223,Object lifetime issue in Blink in Google Chrome prior
 CVE-2019-5825,6.5,0.6717,Out of bounds write in JavaScript in Google Chrome prior to 73.0.3683.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,2019-11-25 20:15:11.483,CISA/Metasploit
 CVE-2019-6112,6.1,0.00126,A Cross-site scripting (XSS) vulnerability in /inc/class-search.php in the Sell Media plugin v2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the keyword parameter (aka $search_term or the Search field).,2020-08-14 14:15:12.287,Nuclei
 CVE-2019-6223,0.0,0.00678,"A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved state management. This issue is fixed in iOS 12.1.4, macOS Mojave 10.14.3 Supplemental Update. The initiator of a Group FaceTime call may be able to cause the recipient to answer.",2019-03-05 16:29:02.060,CISA
-CVE-2019-6340,0.0,0.97416,"Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows PATCH or POST requests, or the site has another web services module enabled, like JSON:API in Drupal 8, or Services or RESTful Web Services in Drupal 7. (Note: The Drupal 7 Services module itself does not require an update at this time, but you should apply other contributed updates associated with this advisory if Services is in use.)",2019-02-21 21:29:00.343,EPSS/CISA/Metasploit/Nuclei
+CVE-2019-6340,0.0,0.97451,"Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows PATCH or POST requests, or the site has another web services module enabled, like JSON:API in Drupal 8, or Services or RESTful Web Services in Drupal 7. (Note: The Drupal 7 Services module itself does not require an update at this time, but you should apply other contributed updates associated with this advisory if Services is in use.)",2019-02-21 21:29:00.343,EPSS/CISA/Metasploit/Nuclei
 CVE-2019-6447,8.1,0.61143,"The ES File Explorer File Manager application through 4.1.9.7.4 for Android allows remote attackers to read arbitrary files or execute applications via TCP port 59777 requests on the local Wi-Fi network. This TCP port remains open after the ES application has been launched once, and responds to unauthenticated application/json data over HTTP.",2019-01-16 14:29:00.327,Metasploit
 CVE-2019-6715,7.5,0.3388,pub/sns.php in the W3 Total Cache plugin before 0.9.4 for WordPress allows remote attackers to read arbitrary files via the SubscribeURL field in SubscriptionConfirmation JSON data.,2019-04-01 20:29:00.847,Nuclei
 CVE-2019-6799,0.0,0.1829,"An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allow_local_infile PHP configuration, and the inadvertent ignoring of ""options(MYSQLI_OPT_LOCAL_INFILE"" calls.",2019-01-26 17:29:00.450,Nuclei
@@ -3514,7 +3514,7 @@ CVE-2019-9621,0.0,0.94668,"Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x
 CVE-2019-9624,0.0,0.54438,"Webmin 1.900 allows remote attackers to execute arbitrary code by leveraging the ""Java file manager"" and ""Upload and Download"" privileges to upload a crafted .cgi file via the /updown/upload.cgi URI.",2019-03-07 05:29:01.410,Metasploit
 CVE-2019-9632,0.0,0.04615,ESAFENET CDG V3 and V5 has an arbitrary file download vulnerability via the fileName parameter in download.jsp because the InstallationPack parameter is mishandled in a /CDGServer3/ClientAjax request.,2019-03-08 07:29:00.233,Nuclei
 CVE-2019-9670,0.0,0.97497,"mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability, as demonstrated by Autodiscover/Autodiscover.xml.",2019-05-29 22:29:01.507,EPSS/CISA/Metasploit/Nuclei
-CVE-2019-9692,0.0,0.62324,"class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG).",2019-03-11 18:29:00.257,Metasploit
+CVE-2019-9692,0.0,0.64403,"class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG).",2019-03-11 18:29:00.257,Metasploit
 CVE-2019-9701,0.0,0.95818,"DLP 15.5 MP1 and all prior versions may be susceptible to a cross-site scripting (XSS) vulnerability, a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.",2019-06-19 16:15:11.313,EPSS
 CVE-2019-9726,0.0,0.03616,Directory Traversal / Arbitrary File Read in eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to read arbitrary files of the device's filesystem. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.,2019-05-13 17:29:03.987,Nuclei
 CVE-2019-9733,0.0,0.85254,"An issue was discovered in JFrog Artifactory 6.7.3. By default, the access-admin account is used to reset the password of the admin account in case an administrator gets locked out from the Artifactory console. This is only allowable from a connection directly from localhost, but providing a X-Forwarded-For HTTP header to the request allows an unauthenticated user to login with the default credentials of the access-admin account while bypassing the whitelist of allowed IP addresses. The access-admin account can use Artifactory's API to request authentication tokens for all users including the admin account and, in turn, assume full control of all artifacts and repositories managed by Artifactory.",2019-04-11 19:29:01.440,Nuclei
@@ -3617,7 +3617,7 @@ CVE-2020-12447,7.5,0.02155,"A Local File Inclusion (LFI) issue on Onkyo TX-NR585
 CVE-2020-12478,7.5,0.01496,TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root. This may include backups or LDAP debug files.,2020-04-29 22:15:12.717,Nuclei
 CVE-2020-12641,9.8,0.12311,rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path.,2020-05-04 15:15:14.417,CISA
 CVE-2020-12720,9.8,0.88621,"vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control.",2020-05-08 00:15:12.080,Nuclei
-CVE-2020-12800,9.8,0.97429,The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Upload and remote code execution by setting supported_type to php% and uploading a .php% file.,2020-06-08 17:15:10.033,EPSS/Metasploit/Nuclei
+CVE-2020-12800,9.8,0.97453,The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Upload and remote code execution by setting supported_type to php% and uploading a .php% file.,2020-06-08 17:15:10.033,EPSS/Metasploit/Nuclei
 CVE-2020-12812,9.8,0.02923,"An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username.",2020-07-24 23:15:12.003,CISA
 CVE-2020-13117,9.8,0.09416,Wavlink WN575A4 and WN579X3 devices through 2020-05-15 allow unauthenticated remote users to inject commands via the key parameter in a login request.,2021-02-09 19:15:13.460,Nuclei
 CVE-2020-13121,6.1,0.00235,Submitty through 20.04.01 has an open redirect via authentication/login?old= during an invalid login attempt.,2020-05-16 20:15:12.000,Nuclei
@@ -3716,7 +3716,7 @@ CVE-2020-17144,8.4,0.20323,Microsoft Exchange Remote Code Execution Vulnerabilit
 CVE-2020-17362,6.1,0.00101,search.php in the Nova Lite theme before 1.3.9 for WordPress allows Reflected XSS.,2020-08-12 22:15:12.593,Nuclei
 CVE-2020-17453,6.1,0.00845,WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter.,2021-04-05 22:15:12.633,Nuclei
 CVE-2020-17456,9.8,0.96253,SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution via the ipAddr parameter to the system_log.cgi page.,2020-08-20 01:17:13.993,EPSS/Nuclei
-CVE-2020-17463,9.8,0.94399,"FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items.",2020-08-13 13:15:17.357,CISA/Nuclei
+CVE-2020-17463,9.8,0.93988,"FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items.",2020-08-13 13:15:17.357,CISA/Nuclei
 CVE-2020-17496,9.8,0.97461,vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759.,2020-08-12 14:15:13.017,EPSS/CISA/Metasploit/Nuclei
 CVE-2020-17505,8.8,0.95924,Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via service_cmds_peform.,2020-08-12 17:15:12.257,EPSS/Metasploit/Nuclei
 CVE-2020-17506,9.8,0.95077,Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php.,2020-08-12 17:15:12.383,EPSS/Metasploit/Nuclei
@@ -3801,17 +3801,17 @@ CVE-2020-27191,7.5,0.02108,"LionWiki before 3.2.12 allows an unauthenticated use
 CVE-2020-2733,9.8,0.19944,"Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",2020-04-15 14:15:22.843,Nuclei
 CVE-2020-27361,7.5,0.01806,An issue exists within Akkadian Provisioning Manager 4.50.02 which allows attackers to view sensitive information within the /pme subdirectories.,2021-07-01 16:15:08.560,Nuclei
 CVE-2020-27386,8.8,0.23595,"An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allows an authenticated remote attacker to upload and execute arbitrary files by using the FileManager to upload malicious code (e.g., ASP code) in the form of a safe file type (e.g., a TXT file), and then using the FileEditor (in v1.5.8 and prior) or the FileManager's rename function (in v1.5.7 and prior) to rename the file to an executable extension (e.g., ASP), and finally executing the file via an HTTP GET request to /<path_to_file>.",2020-11-12 19:15:15.207,Metasploit
-CVE-2020-27387,8.8,0.08043,"An unrestricted file upload issue in HorizontCMS through 1.0.0-beta allows an authenticated remote attacker (with access to the FileManager) to upload and execute arbitrary PHP code by uploading a PHP payload, and then using the FileManager's rename function to provide the payload (which will receive a random name on the server) with the PHP extension, and finally executing the PHP file via an HTTP GET request to /storage/<php_file_name>. NOTE: the vendor has patched this while leaving the version number at 1.0.0-beta.",2020-11-05 02:15:12.067,Metasploit
+CVE-2020-27387,8.8,0.08718,"An unrestricted file upload issue in HorizontCMS through 1.0.0-beta allows an authenticated remote attacker (with access to the FileManager) to upload and execute arbitrary PHP code by uploading a PHP payload, and then using the FileManager's rename function to provide the payload (which will receive a random name on the server) with the PHP extension, and finally executing the PHP file via an HTTP GET request to /storage/<php_file_name>. NOTE: the vendor has patched this while leaving the version number at 1.0.0-beta.",2020-11-05 02:15:12.067,Metasploit
 CVE-2020-27467,7.5,0.00856,A Directory Traversal vulnerability exits in Processwire CMS before 2.7.1 via the download parameter to index.php.,2022-02-24 15:15:21.430,Nuclei
 CVE-2020-27481,9.8,0.11692,"An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin <= 2.1.4 exists due to the usage of ""wp_ajax_nopriv"" call in WordPress, which allows any unauthenticated user to get access to the function ""gdlr_lms_cancel_booking"" where POST Parameter ""id"" was sent straight into SQL query without sanitization.",2020-11-12 14:15:23.080,Nuclei
 CVE-2020-27615,9.8,0.00612,"The Loginizer plugin before 1.6.4 for WordPress allows SQL injection (with resultant XSS), related to loginizer_login_failed and lz_valid_ip.",2020-10-21 21:15:13.113,Metasploit
 CVE-2020-27735,6.1,0.00228,"An XSS issue was discovered in Wing FTP 6.4.4. An arbitrary IFRAME element can be included in the help pages via a crafted link, leading to the execution of (sandboxed) arbitrary HTML and JavaScript in the user's browser.",2021-01-26 18:15:46.457,Nuclei
 CVE-2020-27838,6.5,0.08085,A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this vulnerability is to data confidentiality.,2021-03-08 22:15:13.423,Nuclei
-CVE-2020-27866,8.8,0.00363,"This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-11355.",2021-02-12 00:15:12.877,Nuclei
+CVE-2020-27866,8.8,0.0045,"This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-11355.",2021-02-12 00:15:12.877,Nuclei
 CVE-2020-27930,7.8,0.00192,"A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. Processing a maliciously crafted font may lead to arbitrary code execution.",2020-12-08 21:15:13.827,CISA
 CVE-2020-27932,7.8,0.00192,"A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. A malicious application may be able to execute arbitrary code with kernel privileges.",2020-12-08 21:15:13.903,CISA
 CVE-2020-27950,5.5,0.00778,"A memory initialization issue was addressed. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. A malicious application may be able to disclose kernel memory.",2020-12-08 21:15:13.967,CISA
-CVE-2020-27955,9.8,0.9488,Git LFS 2.12.0 allows Remote Code Execution.,2020-11-05 15:15:36.877,Metasploit
+CVE-2020-27955,9.8,0.94975,Git LFS 2.12.0 allows Remote Code Execution.,2020-11-05 15:15:36.877,Metasploit
 CVE-2020-27982,6.1,0.00252,IceWarp 11.4.5.0 allows XSS via the language parameter.,2020-11-02 21:15:29.960,Nuclei
 CVE-2020-27986,7.5,0.3688,"SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. NOTE: reportedly, the vendor's position for SMTP and SVN is ""it is the administrator's responsibility to configure it.",2020-10-28 23:15:12.410,Nuclei
 CVE-2020-28185,5.3,0.00465,User Enumeration vulnerability in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to identify valid users within the system via the username parameter to wizard/initialise.php.,2020-12-24 15:15:13.170,Nuclei
@@ -3929,9 +3929,9 @@ CVE-2020-7384,7.8,0.00589,Rapid7's Metasploit msfvenom framework handles APK fil
 CVE-2020-7387,5.3,0.00105,"Sage X3 Installation Pathname Disclosure. A specially crafted packet can elicit a response from the AdxDSrv.exe component that reveals the installation directory of the product. Note that this vulnerability can be combined with CVE-2020-7388 to achieve full RCE. This issue was fixed in AdxAdmin 93.2.53, which ships with updates for on-premises versions of Sage X3 Version 9 (components shipped with Syracuse 9.22.7.2 and later), Sage X3 HR & Payroll Version 9 (those components that ship with Syracuse 9.24.1.3), Version 11 (components shipped with Syracuse 11.25.2.6 and later), and Version 12 (components shipped with Syracuse 12.10.2.8 and later) of Sage X3. Other on-premises versions of Sage X3 are unsupported by the vendor.",2021-07-22 19:15:08.373,Metasploit
 CVE-2020-7388,9.8,0.19597,"Sage X3 Unauthenticated Remote Command Execution (RCE) as SYSTEM in AdxDSrv.exe component. By editing the client side authentication request, an attacker can bypass credential validation. While exploiting this does require knowledge of the installation path, that information can be learned by exploiting CVE-2020-7387. This issue was fixed in AdxAdmin 93.2.53, which ships with updates for on-premises versions of Sage X3 including Version 9 (components shipped with Syracuse 9.22.7.2 and later), Sage X3 HR & Payroll Version 9 (those components that ship with Syracuse 9.24.1.3), Version 11 (components shipped with Syracuse 11.25.2.6 and later), and Version 12 (components shipped with Syracuse 12.10.2.8 and later) of Sage X3. Other on-premises versions of Sage X3 are unsupported by the vendor.",2021-07-22 19:15:08.450,Metasploit
 CVE-2020-7457,8.1,0.34644,"In FreeBSD 12.1-STABLE before r359565, 12.1-RELEASE before p7, 11.4-STABLE before r362975, 11.4-RELEASE before p1, and 11.3-RELEASE before p11, missing synchronization in the IPV6_2292PKTOPTIONS socket option set handler contained a race condition allowing a malicious application to modify memory after being freed, possibly resulting in code execution.",2020-07-09 14:15:10.917,Metasploit
-CVE-2020-7796,9.8,0.70648,Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled.,2020-02-18 22:15:10.013,Nuclei
+CVE-2020-7796,9.8,0.71997,Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled.,2020-02-18 22:15:10.013,Nuclei
 CVE-2020-7943,7.5,0.06791,"Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types (which may contain sensitive information) as well as function names and class names. Previously, these endpoints were open to the local network. PE 2018.1.13 & 2019.5.0, Puppet Server 6.9.2 & 5.3.12, and PuppetDB 6.9.1 & 5.2.13 disable trapperkeeper-metrics /v1 metrics API and only allows /v2 access on localhost by default. This affects software versions: Puppet Enterprise 2018.1.x stream prior to 2018.1.13 Puppet Enterprise prior to 2019.5.0 Puppet Server prior to 6.9.2 Puppet Server prior to 5.3.12 PuppetDB prior to 6.9.1 PuppetDB prior to 5.2.13 Resolved in: Puppet Enterprise 2018.1.13 Puppet Enterprise 2019.5.0 Puppet Server 6.9.2 Puppet Server 5.3.12 PuppetDB 6.9.1 PuppetDB 5.2.13",2020-03-11 23:15:11.980,Nuclei
-CVE-2020-7961,9.8,0.9747,Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS).,2020-03-20 19:15:12.737,EPSS/CISA/Metasploit/Nuclei
+CVE-2020-7961,9.8,0.97467,Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS).,2020-03-20 19:15:12.737,EPSS/CISA/Metasploit/Nuclei
 CVE-2020-7980,9.8,0.96876,Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account might be needed.,2020-01-25 19:15:12.667,EPSS/Nuclei
 CVE-2020-8010,9.8,0.07135,"CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute commands, read from, or write to the target system.",2020-02-18 04:15:14.587,Metasploit
 CVE-2020-8012,9.8,0.54195,"CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a buffer overflow vulnerability in the robot (controller) component. A remote attacker can execute arbitrary code.",2020-02-18 04:15:14.710,Metasploit
@@ -4067,7 +4067,7 @@ CVE-2021-21801,6.1,0.82311,"This vulnerability is present in device_graph_page.p
 CVE-2021-21802,6.1,0.82311,"This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution.",2021-07-16 11:15:09.790,Nuclei
 CVE-2021-21803,6.1,0.82311,"This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution.",2021-07-16 11:15:09.833,Nuclei
 CVE-2021-21805,9.8,0.97126,An OS Command Injection vulnerability exists in the ping.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). A specially crafted HTTP request can lead to arbitrary OS command execution. An attacker can send a crafted HTTP request to trigger this vulnerability.,2021-08-05 21:15:10.683,EPSS/Nuclei
-CVE-2021-21809,9.1,0.02046,A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges to exploit this vulnerabilities.,2021-06-23 22:15:08.407,Metasploit
+CVE-2021-21809,9.1,0.02001,A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges to exploit this vulnerabilities.,2021-06-23 22:15:08.407,Metasploit
 CVE-2021-21816,4.3,0.00243,An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to the disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability.,2021-07-16 11:15:09.900,Nuclei
 CVE-2021-21881,9.9,0.97069,An OS command injection vulnerability exists in the Web Manager Wireless Network Scanner functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.,2021-12-22 19:15:09.040,EPSS/Nuclei
 CVE-2021-21972,9.8,0.97299,"The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).",2021-02-24 17:15:15.833,EPSS/CISA/Metasploit/Nuclei
@@ -4090,7 +4090,7 @@ CVE-2021-22502,9.8,0.96085,"Remote Code execution vulnerability in Micro Focus O
 CVE-2021-22506,7.5,0.00425,"Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0. The vulnerability could cause information leakage.",2021-03-26 14:15:11.967,CISA
 CVE-2021-22555,7.8,0.00256,A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space,2021-07-07 12:15:08.453,Metasploit
 CVE-2021-22600,7.0,0.00067,A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755,2022-01-26 14:15:08.123,CISA
-CVE-2021-22652,9.8,0.05678,"Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution.",2021-02-11 18:15:17.003,Metasploit
+CVE-2021-22652,9.8,0.06606,"Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution.",2021-02-11 18:15:17.003,Metasploit
 CVE-2021-22707,9.8,0.39995,"A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to issue unauthorized commands to the charging station web server with administrative privileges.",2021-07-21 15:15:14.200,Nuclei
 CVE-2021-22873,6.1,0.00922,"Revive Adserver before 5.1.0 is vulnerable to open redirects via the `dest`, `oadest`, and/or `ct0` parameters of the lg.php and ck.php delivery scripts. Such open redirects had previously been available by design to allow third party ad servers to track such metrics when delivering ads. However, third party click tracking via redirects is not a viable option anymore, leading to such open redirect functionality being removed and reclassified as a vulnerability.",2021-01-26 18:16:19.163,Nuclei
 CVE-2021-22893,10.0,0.96074,Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild.,2021-04-23 17:15:08.127,EPSS/CISA
@@ -4276,7 +4276,7 @@ CVE-2021-27876,8.1,0.73335,"An issue was discovered in Veritas Backup Exec befor
 CVE-2021-27877,9.8,0.73648,"An issue was discovered in Veritas Backup Exec before 21.2. It supports multiple authentication schemes: SHA authentication is one of these. This authentication scheme is no longer used in current versions of the product, but hadn't yet been disabled. An attacker could remotely exploit this scheme to gain unauthorized access to an Agent and execute privileged commands.",2021-03-01 22:15:14.460,CISA/Metasploit
 CVE-2021-27878,8.8,0.69839,"An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an attacker is able to gain unauthorized access and complete the authentication process. Subsequently, the client can execute data management protocol commands on the authenticated connection. The attacker could use one of these commands to execute an arbitrary command on the system using system privileges.",2021-03-01 22:15:14.537,CISA/Metasploit
 CVE-2021-27905,9.8,0.94767,"The ReplicationHandler (normally registered at ""/replication"" under a Solr core) in Apache Solr has a ""masterUrl"" (also ""leaderUrl"" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the ""shards"" parameter. Prior to this bug getting fixed, it did not. This problem affects essentially all Solr versions prior to it getting fixed in 8.8.2.",2021-04-13 07:15:12.137,Nuclei
-CVE-2021-27909,6.1,0.00095,"For Mautic versions prior to 3.3.4/4.0.0, there is an XSS vulnerability on Mautic's password reset page where a vulnerable parameter, ""bundle,"" in the URL could allow an attacker to execute Javascript code. The attacker would be required to convince or trick the target into clicking a password reset URL with the vulnerable parameter utilized.",2021-08-30 16:15:07.230,Nuclei
+CVE-2021-27909,6.1,0.00101,"For Mautic versions prior to 3.3.4/4.0.0, there is an XSS vulnerability on Mautic's password reset page where a vulnerable parameter, ""bundle,"" in the URL could allow an attacker to execute Javascript code. The attacker would be required to convince or trick the target into clicking a password reset URL with the vulnerable parameter utilized.",2021-08-30 16:15:07.230,Nuclei
 CVE-2021-27931,9.1,0.60102,LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE payload and achieve outcomes such as reading local server files or denial of service.,2021-03-03 20:15:12.357,Nuclei
 CVE-2021-28149,6.5,0.07581,"Hongdian H8922 3.0.5 devices allow Directory Traversal. The /log_download.cgi log export handler does not validate user input and allows a remote attacker with minimal privileges to download any file from the device by substituting ../ (e.g., ../../etc/passwd) This can be carried out with a web browser by changing the file name accordingly. Upon visiting log_download.cgi?type=../../etc/passwd and logging in, the web server will allow a download of the contents of the /etc/passwd file.",2021-05-06 16:15:07.330,Nuclei
 CVE-2021-28150,5.5,0.00253,Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read cli.conf (with the administrator password and other sensitive data) via /backup2.cgi.,2021-05-06 16:15:07.360,Nuclei
@@ -4383,7 +4383,7 @@ CVE-2021-3287,9.8,0.36618,Zoho ManageEngine OpManager before 12.5.329 allows una
 CVE-2021-3293,5.3,0.003,"emlog v5.3.1 has full path disclosure vulnerability in t/index.php, which allows an attacker to see the path to the webroot/file.",2021-02-08 15:15:12.457,Nuclei
 CVE-2021-3297,7.8,0.26301,"On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to 1 provides administrator access.",2021-01-26 18:16:29.770,Nuclei
 CVE-2021-33044,9.8,0.30359,The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.,2021-09-15 22:15:10.497,Nuclei
-CVE-2021-33221,9.8,0.19832,An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Unauthenticated API Endpoints.,2021-07-07 15:15:09.137,Nuclei
+CVE-2021-33221,9.8,0.20879,An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Unauthenticated API Endpoints.,2021-07-07 15:15:09.137,Nuclei
 CVE-2021-33357,9.8,0.96707,"A vulnerability exists in RaspAP 2.6 to 2.6.5 in the ""iface"" GET parameter in /ajax/networking/get_netcfg.php, when the ""iface"" parameter value contains special characters such as "";"" which enables an unauthenticated attacker to execute arbitrary OS commands.",2021-06-09 18:15:08.677,EPSS/Nuclei
 CVE-2021-33393,8.8,0.93739,"lfs/backup in IPFire 2.25-core155 does not ensure that /var/ipfire/backup/bin/backup.pl is owned by the root account. It might be owned by an unprivileged account, which could potentially be used to install a Trojan horse backup.pl script that is later executed by root. Similar problems with the ownership/permissions of other files may be present as well.",2021-06-09 22:15:08.647,Metasploit
 CVE-2021-33543,9.8,0.00169,"Multiple camera devices by UDP Technology, Geutebrück and other vendors allow unauthenticated remote access to sensitive files due to default user authentication settings. This can lead to manipulation of the device and denial of service.",2021-09-13 18:15:19.693,Metasploit
@@ -4472,7 +4472,7 @@ CVE-2021-37216,6.1,0.00115,QSAN Storage Manager header page parameters does not
 CVE-2021-37304,7.5,0.00703,An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface.,2023-02-03 18:15:11.770,Nuclei
 CVE-2021-37305,7.5,0.00416,An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: /sys/user/querySysUser?username=admin.,2023-02-03 18:15:11.890,Nuclei
 CVE-2021-37415,9.8,0.93503,Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication.,2021-09-01 06:15:06.530,CISA
-CVE-2021-37416,6.1,0.0014,Zoho ManageEngine ADSelfService Plus version 6103 and prior is vulnerable to reflected XSS on the loadframe page.,2021-08-30 19:15:08.967,Nuclei
+CVE-2021-37416,6.1,0.00149,Zoho ManageEngine ADSelfService Plus version 6103 and prior is vulnerable to reflected XSS on the loadframe page.,2021-08-30 19:15:08.967,Nuclei
 CVE-2021-37538,9.8,0.02364,"Multiple SQL injection vulnerabilities in SmartDataSoft SmartBlog for PrestaShop before 4.06 allow a remote unauthenticated attacker to execute arbitrary SQL commands via the day, month, or year parameter to the controllers/front/archive.php archive controller, or the id_category parameter to the controllers/front/category.php category controller.",2021-08-24 13:15:12.390,Nuclei
 CVE-2021-37573,6.1,0.00303,"A reflected cross-site scripting (XSS) vulnerability in the web server TTiny Java Web Server and Servlet Container (TJWS) <=1.115 allows an adversary to inject malicious code on the server's ""404 Page not Found"" error page",2021-08-09 13:15:07.480,Nuclei
 CVE-2021-37580,9.8,0.92774,A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0,2021-11-16 10:15:07.220,Nuclei
@@ -4508,7 +4508,7 @@ CVE-2021-39165,6.5,0.04209,"Cachet is an open source status page. With Cachet pr
 CVE-2021-39211,5.3,0.00126,"GLPI is a free Asset and IT management software package. Starting in version 9.2 and prior to version 9.5.6, the telemetry endpoint discloses GLPI and server information. This issue is fixed in version 9.5.6. As a workaround, remove the file `ajax/telemetry.php`, which is not needed for usual functions of GLPI.",2021-09-15 17:15:10.267,Nuclei
 CVE-2021-39226,7.3,0.97209,"Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot ""public_mode"" configuration setting is set to true (vs default of false), unauthenticated users are able to delete the snapshot with the lowest database key by accessing the literal path: /api/snapshots-delete/:deleteKey. Regardless of the snapshot ""public_mode"" setting, authenticated users are able to delete the snapshot with the lowest database key by accessing the literal paths: /api/snapshots/:key, or /api/snapshots-delete/:deleteKey. The combination of deletion and viewing enables a complete walk through all snapshot data while resulting in complete snapshot data loss. This issue has been resolved in versions 8.1.6 and 7.5.11. If for some reason you cannot upgrade you can use a reverse proxy or similar to block access to the literal paths: /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key, and /api/snapshots/:key. They have no normal function and can be disabled without side effects.",2021-10-05 18:15:07.947,EPSS/CISA/Nuclei
 CVE-2021-39312,7.5,0.16864,"The True Ranker plugin <= 2.2.2 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be accessed via the src parameter found in the ~/admin/vendor/datatables/examples/resources/examples.php file.",2021-12-14 16:15:08.597,Nuclei
-CVE-2021-39316,7.5,0.36054,"The Zoomsounds plugin <= 6.45 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the `dzsap_download` action using directory traversal in the `link` parameter.",2021-08-31 12:15:07.420,Nuclei
+CVE-2021-39316,7.5,0.37803,"The Zoomsounds plugin <= 6.45 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the `dzsap_download` action using directory traversal in the `link` parameter.",2021-08-31 12:15:07.420,Nuclei
 CVE-2021-39320,6.1,0.00214,"The underConstruction plugin <= 1.18 for WordPress echoes out the raw value of `$GLOBALS['PHP_SELF']` in the ucOptions.php file. On certain configurations including Apache+modPHP, this makes it possible to use it to perform a reflected Cross-Site Scripting attack by injecting malicious code in the request path.",2021-09-01 15:15:12.653,Nuclei
 CVE-2021-39322,6.1,0.00244,The Easy Social Icons plugin <= 3.0.8 for WordPress echoes out the raw value of `$_SERVER['PHP_SELF']` in its main file. On certain configurations including Apache+modPHP this makes it possible to use it to perform a reflected Cross-Site Scripting attack by injecting malicious code in the request path.,2021-09-02 17:15:09.837,Nuclei
 CVE-2021-39327,5.3,0.18349,"The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1.",2021-09-17 11:15:08.647,Metasploit/Nuclei
@@ -4761,12 +4761,12 @@ CVE-2022-1054,5.3,0.00292,"The RSVP and Event Management Plugin WordPress plugin
 CVE-2022-1057,9.8,0.03633,"The Pricing Deals for WooCommerce WordPress plugin through 2.0.2.02 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection",2022-07-11 13:15:08.307,Nuclei
 CVE-2022-1058,6.1,0.001,Open Redirect on login in GitHub repository go-gitea/gitea prior to 1.16.5.,2022-03-24 15:15:08.023,Nuclei
 CVE-2022-1096,8.8,0.01397,Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,2022-07-23 00:15:08.333,CISA
-CVE-2022-1119,7.5,0.42222,"The Simple File List WordPress plugin is vulnerable to Arbitrary File Download via the eeFile parameter found in the ~/includes/ee-downloader.php file due to missing controls which makes it possible unauthenticated attackers to supply a path to a file that will subsequently be downloaded, in versions up to and including 3.2.7.",2022-04-19 21:15:13.810,Nuclei
+CVE-2022-1119,7.5,0.41577,"The Simple File List WordPress plugin is vulnerable to Arbitrary File Download via the eeFile parameter found in the ~/includes/ee-downloader.php file due to missing controls which makes it possible unauthenticated attackers to supply a path to a file that will subsequently be downloaded, in versions up to and including 3.2.7.",2022-04-19 21:15:13.810,Nuclei
 CVE-2022-1162,9.8,0.24455,"A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts",2022-04-04 20:15:09.943,Nuclei
 CVE-2022-1168,6.1,0.001,There is a Cross-Site Scripting vulnerability in the JobSearch WP JobSearch WordPress plugin before 1.5.1.,2022-04-04 16:15:11.007,Nuclei
 CVE-2022-1170,6.1,0.001,In the Noo JobMonster WordPress theme before 4.5.2.9 JobMonster there is a XSS vulnerability as the input for the search form is provided through unsanitized GET requests.,2022-04-04 16:15:11.280,Nuclei
 CVE-2022-1221,6.1,0.00106,"The Gwyn's Imagemap Selector WordPress plugin through 0.3.3 does not sanitise and escape some parameters before outputting them back in attributes, leading to a Reflected Cross-Site Scripting.",2022-05-23 08:16:06.957,Nuclei
-CVE-2022-1329,8.8,0.96168,"The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the ~/core/app/modules/onboarding/module.php file that make it possible for attackers to modify site data in addition to uploading malicious files that can be used to obtain remote code execution, in versions 3.6.0 to 3.6.2.",2022-04-19 21:15:13.987,EPSS/Metasploit/Nuclei
+CVE-2022-1329,8.8,0.96342,"The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the ~/core/app/modules/onboarding/module.php file that make it possible for attackers to modify site data in addition to uploading malicious files that can be used to obtain remote code execution, in versions 3.6.0 to 3.6.2.",2022-04-19 21:15:13.987,EPSS/Metasploit/Nuclei
 CVE-2022-1364,8.8,0.02049,Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,2022-07-26 22:15:09.147,CISA
 CVE-2022-1386,9.8,0.26067,"The Fusion Builder WordPress plugin before 3.6.2, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. This could be used to interact with hosts on the server's local network bypassing firewalls and access control measures.",2022-05-16 15:15:09.310,Nuclei
 CVE-2022-1388,9.8,0.97479,"On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated",2022-05-05 17:15:10.570,EPSS/CISA/Metasploit/Nuclei
@@ -4821,7 +4821,7 @@ CVE-2022-2185,8.8,0.63436,"A critical issue has been discovered in GitLab affect
 CVE-2022-2187,6.1,0.00106,"The Contact Form 7 Captcha WordPress plugin before 0.1.2 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers",2022-07-17 11:15:09.403,Nuclei
 CVE-2022-21882,7.8,0.00113,Win32k Elevation of Privilege Vulnerability,2022-01-11 21:15:11.507,CISA/Metasploit
 CVE-2022-21919,7.0,0.00202,Windows User Profile Service Elevation of Privilege Vulnerability,2022-01-11 21:15:13.463,CISA
-CVE-2022-21971,7.8,0.38267,Windows Runtime Remote Code Execution Vulnerability,2022-02-09 17:15:08.640,CISA
+CVE-2022-21971,7.8,0.30777,Windows Runtime Remote Code Execution Vulnerability,2022-02-09 17:15:08.640,CISA
 CVE-2022-21999,7.8,0.00101,Windows Print Spooler Elevation of Privilege Vulnerability,2022-02-09 17:15:09.563,CISA/Metasploit
 CVE-2022-22047,7.8,0.00056,Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability,2022-07-12 23:15:10.343,CISA
 CVE-2022-22071,7.8,0.00114,"Possible use after free when process shell memory is freed using IOCTL munmap call and process initialization is in progress in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music",2022-06-14 10:15:19.003,CISA
@@ -4960,7 +4960,7 @@ CVE-2022-27849,7.5,0.00705,Sensitive Information Disclosure (sac-export.csv) in
 CVE-2022-27924,7.5,0.09665,"Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 allows an unauthenticated attacker to inject arbitrary memcache commands into a targeted instance. These memcache commands becomes unescaped, causing an overwrite of arbitrary cached entries.",2022-04-21 00:15:08.360,CISA
 CVE-2022-27925,7.2,0.94758,"Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated user with administrator rights has the ability to upload arbitrary files to the system, leading to directory traversal.",2022-04-21 00:15:08.407,CISA/Metasploit
 CVE-2022-27926,6.1,0.96153,A reflected cross-site scripting (XSS) vulnerability in the /public/launchNewWindow.jsp component of Zimbra Collaboration (aka ZCS) 9.0 allows unauthenticated attackers to execute arbitrary web script or HTML via request parameters.,2022-04-21 00:15:08.450,EPSS/CISA/Nuclei
-CVE-2022-27927,9.8,0.21155,A SQL injection vulnerability exists in Microfinance Management System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the vulnerable course_code and/or customer_number parameter.,2022-04-19 13:15:08.483,Nuclei
+CVE-2022-27927,9.8,0.33545,A SQL injection vulnerability exists in Microfinance Management System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the vulnerable course_code and/or customer_number parameter.,2022-04-19 13:15:08.483,Nuclei
 CVE-2022-27984,9.8,0.02079,CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via the menu_filter parameter at /administrator/templates/default/html/windows/right.php.,2022-04-26 14:15:41.557,Nuclei
 CVE-2022-27985,9.8,0.01859,CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via /administrator/alerts/alertLightbox.php.,2022-04-26 14:15:41.763,Nuclei
 CVE-2022-28022,9.8,0.0161,Purchase Order Management System v1.0 was discovered to contain a SQL injection vulnerability via /purchase_order/classes/Master.php?f=delete_item.,2022-04-21 20:15:09.697,Nuclei
@@ -4969,7 +4969,7 @@ CVE-2022-28032,9.8,0.0161,AtomCMS 2.0 is vulnerable to SQL Injection via Atom.CM
 CVE-2022-28079,8.8,0.68173,College Management System v1.0 was discovered to contain a SQL injection vulnerability via the course_code parameter.,2022-05-05 17:15:13.917,Nuclei
 CVE-2022-28080,8.8,0.01814,Royal Event Management System v1.0 was discovered to contain a SQL injection vulnerability via the todate parameter.,2022-05-05 17:15:13.960,Nuclei
 CVE-2022-28117,4.9,0.03405,A Server-Side Request Forgery (SSRF) in feed_parser class of Navigate CMS v2.9.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter.,2022-04-28 15:15:10.143,Nuclei
-CVE-2022-28219,9.8,0.97458,Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution.,2022-04-05 19:15:08.360,EPSS/Metasploit/Nuclei
+CVE-2022-28219,9.8,0.97453,Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution.,2022-04-05 19:15:08.360,EPSS/Metasploit/Nuclei
 CVE-2022-28290,6.1,0.00088,Reflective Cross-Site Scripting vulnerability in WordPress Country Selector Plugin Version 1.6.5. The XSS payload executes whenever the user tries to access the country selector page with the specified payload as a part of the HTTP request,2022-04-25 17:15:36.957,Nuclei
 CVE-2022-28363,6.1,0.00336,Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in the /goform/login_process username parameter via GET. No authentication is required.,2022-04-09 17:15:07.907,Nuclei
 CVE-2022-28365,5.3,0.03816,"Reprise License Manager 14.2 is affected by an Information Disclosure vulnerability via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, hostname(s), system architecture, and file/directory details.",2022-04-09 17:15:08.013,Nuclei
@@ -5042,7 +5042,7 @@ CVE-2022-31706,9.8,0.00728,"The vRealize Log Insight contains a Directory Traver
 CVE-2022-31711,5.3,0.00132,VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication.,2023-01-26 21:15:38.270,Metasploit
 CVE-2022-31793,7.5,0.30308,"do_request in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs because the code skips over the first character when serving files. Arris NVG443, NVG599, NVG589, and NVG510 devices and Arris-derived BGW210 and BGW320 devices are affected.",2022-08-04 22:15:08.017,Nuclei
 CVE-2022-31798,6.1,0.00126,Nortek Linear eMerge E3-Series 0.32-07p devices are vulnerable to /card_scan.php?CardFormatNo= XSS with session fixation (via PHPSESSID) when they are chained together. This would allow an attacker to take over an admin account or a user account.,2022-08-25 23:15:08.217,Nuclei
-CVE-2022-31814,9.8,0.96889,pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header. NOTE: 3.x is unaffected.,2022-09-05 16:15:08.500,EPSS/Metasploit/Nuclei
+CVE-2022-31814,9.8,0.97252,pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header. NOTE: 3.x is unaffected.,2022-09-05 16:15:08.500,EPSS/Metasploit/Nuclei
 CVE-2022-31845,7.5,0.00874,A vulnerability in live_check.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function.,2022-06-14 14:15:08.130,Nuclei
 CVE-2022-31846,7.5,0.00874,A vulnerability in live_mfg.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function.,2022-06-14 14:15:08.177,Nuclei
 CVE-2022-31847,7.5,0.01275,A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN579 X3 M79X3.V5030.180719 allows attackers to obtain sensitive router information via a crafted POST request.,2022-06-14 14:15:08.220,Nuclei
@@ -5168,7 +5168,7 @@ CVE-2022-3980,9.8,0.35251,An XML External Entity (XEE) vulnerability allows serv
 CVE-2022-3982,9.8,0.20211,"The Booking calendar, Appointment Booking System WordPress plugin before 3.2.2 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE",2022-12-12 18:15:12.487,Nuclei
 CVE-2022-39952,9.8,0.94825,"A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request.",2023-02-16 19:15:13.060,Metasploit/Nuclei
 CVE-2022-39960,5.3,0.19471,The Netic Group Export add-on before 1.0.3 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to export all groups from the Jira instance by making a groupexport_download=true request to a plugins/servlet/groupexportforjira/admin/ URI.,2022-09-17 18:15:09.423,Nuclei
-CVE-2022-39986,9.8,0.90068,A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php.,2023-08-01 14:15:09.877,Metasploit/Nuclei
+CVE-2022-39986,9.8,0.88069,A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php.,2023-08-01 14:15:09.877,Metasploit/Nuclei
 CVE-2022-40022,9.8,0.81572,Microchip Technology (Microsemi) SyncServer S650 was discovered to contain a command injection vulnerability.,2023-02-13 15:15:15.440,Metasploit/Nuclei
 CVE-2022-40032,9.8,0.00392,"SQL Injection vulnerability in Simple Task Managing System version 1.0 in login.php in 'username' and 'password' parameters, allows attackers to execute arbitrary code and gain sensitive information.",2023-02-17 14:15:15.370,Nuclei
 CVE-2022-40047,5.4,0.00467,Flatpress v1.2.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the page parameter at /flatpress/admin.php.,2022-10-11 19:15:20.327,Nuclei
@@ -5314,7 +5314,7 @@ CVE-2022-46169,9.8,0.96631,"Cacti is an open source platform which provides a ro
 This command injection vulnerability allows an unauthenticated user to execute arbitrary commands if a `poller_item` with the `action` type `POLLER_ACTION_SCRIPT_PHP` (`2`) is configured. The authorization bypass should be prevented by not allowing an attacker to make `get_client_addr` (file `lib/functions.php`) return an arbitrary IP address. This could be done by not honoring the `HTTP_...` `$_SERVER` variables. If these should be kept for compatibility reasons it should at least be prevented to fake the IP address of the server running Cacti. This vulnerability has been addressed in both the 1.2.x and 1.3.x release branches with `1.2.23` being the first release containing the patch.",2022-12-05 21:15:10.527,EPSS/CISA/Metasploit/Nuclei
 CVE-2022-46381,6.1,0.00099,"Certain Linear eMerge E3-Series devices are vulnerable to XSS via the type parameter (e.g., to the badging/badge_template_v0.php component). This affects 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e.",2022-12-13 22:15:10.300,Nuclei
 CVE-2022-46443,8.8,0.05592,mesinkasir Bangresto 1.0 is vulnberable to SQL Injection via the itemqty%5B%5D parameter.,2022-12-14 18:15:23.920,Nuclei
-CVE-2022-46463,7.5,0.02074,"An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication. NOTE: the vendor's position is that this ""is clearly described in the documentation as a feature.""",2023-01-13 00:15:09.673,Nuclei
+CVE-2022-46463,7.5,0.02343,"An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication. NOTE: the vendor's position is that this ""is clearly described in the documentation as a feature.""",2023-01-13 00:15:09.673,Nuclei
 CVE-2022-46689,7.0,0.00698,"A race condition was addressed with additional validation. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges.",2022-12-15 19:15:26.033,Metasploit
 CVE-2022-46770,7.5,0.41089,qubes-mirage-firewall (aka Mirage firewall for QubesOS) 0.8.x through 0.8.3 allows guest OS users to cause a denial of service (CPU consumption and loss of forwarding) via a crafted multicast UDP packet (IP address range of 224.0.0.0 through 239.255.255.255).,2022-12-07 20:15:11.720,Metasploit
 CVE-2022-46888,6.1,0.00143,Multiple reflective cross-site scripting (XSS) vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to inject arbitrary web script or HTML via the secret parameter in /login.php; q parameter in /user-ban-log.php; query parameter in /log.php; text parameter in /moresmiles.php; q parameter in myhr.php; or id parameter in /viewrequests.php.,2023-01-19 19:15:10.950,Nuclei
@@ -5368,7 +5368,7 @@ CVE-2023-0872,8.0,0.00043,"The Horizon REST API includes a users endpoint in Ope
 
 OpenNMS thanks Erik Wynter for reporting this issue.",2023-08-14 18:15:10.730,Metasploit
 CVE-2023-0900,7.2,0.01291,"The Pricing Table Builder WordPress plugin through 1.1.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admins.",2023-06-05 14:15:09.793,Nuclei
-CVE-2023-0942,6.1,0.00513,"The Japanized For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in versions up to, and including, 2.5.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",2023-02-21 20:15:12.523,Nuclei
+CVE-2023-0942,6.1,0.00445,"The Japanized For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in versions up to, and including, 2.5.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",2023-02-21 20:15:12.523,Nuclei
 CVE-2023-0947,9.8,0.01201,Path Traversal in GitHub repository flatpressblog/flatpress prior to 1.3.,2023-02-22 01:15:11.930,Nuclei
 CVE-2023-0948,6.1,0.00085,"The Japanized For WooCommerce WordPress plugin before 2.5.8 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting",2023-05-08 14:15:12.277,Nuclei
 CVE-2023-0968,6.1,0.00262,"The Watu Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘dn’, 'email', 'points', and 'date' parameters in versions up to, and including, 3.3.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",2023-03-03 22:15:09.557,Nuclei
@@ -5437,7 +5437,7 @@ CVE-2023-22480,9.8,0.03214,"KubeOperator is an open source Kubernetes distributi
 CVE-2023-22515,9.8,0.97231,"Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. 
 
 Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. ",2023-10-04 14:15:10.440,EPSS/CISA/Nuclei
-CVE-2023-22518,9.8,0.96635,"All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authorization vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account. Using this account, an attacker can then perform all administrative actions that are available to Confluence instance administrator leading to - but not limited to - full loss of confidentiality, integrity and availability. 
+CVE-2023-22518,9.8,0.96267,"All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authorization vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account. Using this account, an attacker can then perform all administrative actions that are available to Confluence instance administrator leading to - but not limited to - full loss of confidentiality, integrity and availability. 
 
 Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.",2023-10-31 15:15:08.573,EPSS/CISA/Metasploit/Nuclei
 CVE-2023-2252,2.7,0.00129,The Directorist WordPress plugin before 7.5.4 is vulnerable to Local File Inclusion as it does not validate the file parameter when importing CSV files.,2024-01-16 16:15:10.773,Nuclei
@@ -5473,7 +5473,7 @@ CVE-2023-24735,6.1,0.0116,PMB v7.4.6 was discovered to contain an open redirect
 CVE-2023-24737,6.1,0.00099,PMB v7.4.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the query parameter at /admin/convert/export_z3950.php.,2023-03-06 21:15:11.290,Nuclei
 CVE-2023-2479,9.8,0.96532,OS Command Injection in GitHub repository appium/appium-desktop prior to v1.22.3-4.,2023-05-02 15:15:23.760,EPSS/Nuclei
 CVE-2023-24880,4.4,0.00385,Windows SmartScreen Security Feature Bypass Vulnerability,2023-03-14 17:15:17.683,CISA
-CVE-2023-24955,7.2,0.41297,Microsoft SharePoint Server Remote Code Execution Vulnerability,2023-05-09 18:15:13.317,CISA/Metasploit
+CVE-2023-24955,7.2,0.41842,Microsoft SharePoint Server Remote Code Execution Vulnerability,2023-05-09 18:15:13.317,CISA/Metasploit
 CVE-2023-25135,9.8,0.71557,"vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deserialization. This occurs because verify_serialized checks that a value is serialized by calling unserialize and then checking for errors. The fixed versions are 5.6.7 PL1, 5.6.8 PL1, and 5.6.9 PL1.",2023-02-03 05:15:10.737,Nuclei
 CVE-2023-25157,9.8,0.59299,"GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language (CQL) as part of the Web Feature Service (WFS) and Web Map Service (WMS) protocols.  CQL is also supported through the Web Coverage Service (WCS) protocol for ImageMosaic coverages. Users are advised to upgrade to either version 2.21.4, or version 2.22.2 to resolve this issue. Users unable to upgrade should disable the PostGIS Datastore *encode functions* setting to mitigate ``strEndsWith``, ``strStartsWith`` and ``PropertyIsLike `` misuse and enable the PostGIS DataStore *preparedStatements* setting to mitigate the ``FeatureId`` misuse.",2023-02-21 22:15:10.620,Nuclei
 CVE-2023-25194,8.8,0.96717,"A possible security vulnerability has been identified in Apache Kafka Connect API.
@@ -5512,7 +5512,7 @@ CVE-2023-26083,3.3,0.0615,"Memory leak vulnerability in Mali GPU Kernel Driver i
 CVE-2023-26255,7.5,0.11559,"An unauthenticated path traversal vulnerability affects the ""STAGIL Navigation for Jira - Menu & Themes"" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjCustomDesignConfig endpoint, it is possible to traverse and read the file system.",2023-02-28 16:15:09.447,Nuclei
 CVE-2023-26256,7.5,0.00809,"An unauthenticated path traversal vulnerability affects the ""STAGIL Navigation for Jira - Menu & Themes"" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjFooterNavigationConfig endpoint, it is possible to traverse and read the file system.",2023-02-28 16:15:09.500,Nuclei
 CVE-2023-26347,7.5,0.00415,Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An unauthenticated attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction.,2023-11-17 14:15:20.867,Nuclei
-CVE-2023-26359,9.8,0.72111,Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.,2023-03-23 20:15:15.167,CISA
+CVE-2023-26359,9.8,0.68505,Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.,2023-03-23 20:15:15.167,CISA
 CVE-2023-26360,8.6,0.96272,Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.,2023-03-23 20:15:15.263,EPSS/CISA/Nuclei
 CVE-2023-26369,7.8,0.02375,"Acrobat Reader versions 23.003.20284 (and earlier), 20.005.30516 (and earlier) and 20.005.30514 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",2023-09-13 09:15:13.007,CISA
 CVE-2023-26469,9.8,0.9424,"In Jorani 1.0.0, an attacker could leverage path traversal to access files and execute code on the server.",2023-08-17 19:15:12.143,Metasploit/Nuclei
@@ -5552,7 +5552,7 @@ CVE-2023-2796,5.3,0.034,"The EventON WordPress plugin before 2.1.2 lacks authent
 CVE-2023-27992,9.8,0.02367,"The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, NAS540 firmware versions prior to V5.21(AATB.11)C0, and NAS542 firmware versions prior to V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands remotely by sending a crafted HTTP request.",2023-06-19 12:15:09.433,CISA
 CVE-2023-27997,9.8,0.15076,"A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.",2023-06-13 09:15:16.613,CISA
 CVE-2023-28121,9.8,0.94133,"An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the plugin activated.",2023-04-12 21:15:28.057,Metasploit/Nuclei
-CVE-2023-28128,7.2,0.16604,An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution.,2023-05-09 22:15:09.920,Metasploit
+CVE-2023-28128,7.2,0.13034,An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution.,2023-05-09 22:15:09.920,Metasploit
 CVE-2023-2813,6.1,0.00127,"All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before 1.8.6, Brain Power WordPress theme through 1.2, BunnyPressLite WordPress theme before 2.1, Cafe Bistro WordPress theme before 1.1.4, College WordPress theme before 1.5.1, Connections Reloaded WordPress theme through 3.1, Counterpoint WordPress theme through 1.8.1, Digitally WordPress theme through 1.0.8, Directory WordPress theme before 3.0.2, Drop WordPress theme before 1.22, Everse WordPress theme before 1.2.4, Fashionable Store WordPress theme through 1.3.4, Fullbase WordPress theme before 1.2.1, Ilex WordPress theme before 1.4.2, Js O3 Lite WordPress theme through 1.5.8.2, Js Paper WordPress theme through 2.5.7, Kata WordPress theme before 1.2.9, Kata App WordPress theme through 1.0.5, Kata Business WordPress theme through 1.0.2, Looki Lite WordPress theme before 1.3.0, moseter WordPress theme through 1.3.1, Nokke WordPress theme before 1.2.4, Nothing Personal WordPress theme through 1.0.7, Offset Writing WordPress theme through 1.2, Opor Ayam WordPress theme through 18, Pinzolo WordPress theme before 1.2.10, Plato WordPress theme before 1.1.9, Polka Dots WordPress theme through 1.2, Purity Of Soul WordPress theme through 1.9, Restaurant PT WordPress theme before 1.1.3, Saul WordPress theme before 1.1.0, Sean Lite WordPress theme before 1.4.6, Tantyyellow WordPress theme through 1.0.0.5, TIJAJI WordPress theme through 1.43, Tiki Time WordPress theme through 1.3, Tuaug4 WordPress theme through 1.4, Tydskrif WordPress theme through 1.1.3, UltraLight WordPress theme through 1.2, Venice Lite WordPress theme before 1.5.5, Viala WordPress theme through 1.3.1, viburno WordPress theme before 1.3.2, Wedding Bride WordPress theme before 1.0.2, Wlow WordPress theme before 1.2.7 suffer from the same issue about the search box reflecting the results causing XSS which allows an unauthenticated attacker to exploit against users if they click a malicious link.",2023-09-04 12:15:08.997,Nuclei
 CVE-2023-28204,6.5,0.00147,"An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited.",2023-06-23 18:15:11.333,CISA
 CVE-2023-28205,8.8,0.00328,"A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.4.1, iOS 15.7.5 and iPadOS 15.7.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.",2023-04-10 19:15:07.237,CISA
@@ -5578,7 +5578,7 @@ CVE-2023-28771,9.8,0.91403,"Improper error message handling in Zyxel ZyWALL/USG
 CVE-2023-29084,7.2,0.37079,Zoho ManageEngine ADManager Plus before 7181 allows for authenticated users to exploit command injection via Proxy settings.,2023-04-13 19:15:11.680,Metasploit/Nuclei
 CVE-2023-29298,7.5,0.94803,"Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction.",2023-07-12 16:15:11.623,CISA/Nuclei
 CVE-2023-29300,9.8,0.9695,"Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.",2023-07-12 16:15:11.733,EPSS/CISA/Nuclei
-CVE-2023-29336,7.8,0.00128,Win32k Elevation of Privilege Vulnerability,2023-05-09 18:15:13.840,CISA
+CVE-2023-29336,7.8,0.00123,Win32k Elevation of Privilege Vulnerability,2023-05-09 18:15:13.840,CISA
 CVE-2023-29357,9.8,0.82086,Microsoft SharePoint Server Elevation of Privilege Vulnerability,2023-06-14 00:15:09.903,CISA/Metasploit/Nuclei
 CVE-2023-29360,8.4,0.00429,Microsoft Streaming Service Elevation of Privilege Vulnerability,2023-06-14 00:15:10.067,CISA
 CVE-2023-29439,6.1,0.00099,Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FooPlugins FooGallery plugin <= 2.2.35 versions.,2023-05-16 15:15:08.983,Nuclei
@@ -5590,6 +5590,7 @@ CVE-2023-29552,7.5,0.02295,"The Service Location Protocol (SLP, RFC 2608) allows
 CVE-2023-29622,9.8,0.03739,Purchase Order Management v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /purchase_order/admin/login.php.,2023-04-14 02:15:13.047,Nuclei
 CVE-2023-29623,6.1,0.00123,Purchase Order Management v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the password parameter at /purchase_order/classes/login.php.,2023-04-14 02:15:13.157,Nuclei
 CVE-2023-2982,9.8,0.01494,"The WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 7.6.4. This is due to insufficient encryption on the user being supplied during a login validated through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they know the email address associated with that user. This was partially patched in version 7.6.4 and fully patched in version 7.6.5.",2023-06-29 02:15:16.103,Nuclei
+CVE-2023-29827,9.8,0.09885,"ejs v3.1.9 is vulnerable to server-side template injection. If the ejs file is controllable, template injection can be implemented through the configuration settings of the closeDelimiter parameter. NOTE: this is disputed by the vendor because the render function is not intended to be used with untrusted input.",2023-05-04 14:15:11.363,Nuclei
 CVE-2023-29887,7.5,0.00456,A Local File inclusion vulnerability in test.php in spreadsheet-reader 0.5.11 allows remote attackers to include arbitrary files via the File parameter.,2023-04-18 20:15:19.917,Nuclei
 CVE-2023-29919,9.1,0.54171,SolarView Compact <= 6.0 is vulnerable to Insecure Permissions. Any file on the server can be read or modified because texteditor.php is not restricted.,2023-05-23 01:15:09.820,Nuclei
 CVE-2023-29922,5.3,0.00845,PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create user/save interface.,2023-04-19 19:15:07.373,Nuclei
@@ -5597,8 +5598,8 @@ CVE-2023-29923,5.3,0.01616,PowerJob V4.3.1 is vulnerable to Insecure Permissions
 CVE-2023-30013,9.8,0.96305,"TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the ""command"" parameter.",2023-05-05 14:15:09.147,EPSS/Metasploit/Nuclei
 CVE-2023-30019,5.3,0.0016,imgproxy <=3.14.0 is vulnerable to Server-Side Request Forgery (SSRF) due to a lack of sanitization of the imageURL parameter.,2023-05-08 15:15:11.087,Nuclei
 CVE-2023-30150,9.8,0.04505,PrestaShop leocustomajax 1.0 and 1.0.0 are vulnerable to SQL Injection via modules/leocustomajax/leoajax.php.,2023-06-14 21:15:09.557,Nuclei
-CVE-2023-30210,6.1,0.0011,OURPHP <= 7.2.0 is vulnerable to Cross Site Scripting (XSS) via ourphp_tz.php.,2023-04-26 16:15:10.023,Nuclei
-CVE-2023-30212,6.1,0.02928,OURPHP <= 7.2.0 is vulnerale to Cross Site Scripting (XSS) via /client/manage/ourphp_out.php.,2023-04-26 17:15:11.297,Nuclei
+CVE-2023-30210,6.1,0.00113,OURPHP <= 7.2.0 is vulnerable to Cross Site Scripting (XSS) via ourphp_tz.php.,2023-04-26 16:15:10.023,Nuclei
+CVE-2023-30212,6.1,0.03007,OURPHP <= 7.2.0 is vulnerale to Cross Site Scripting (XSS) via /client/manage/ourphp_out.php.,2023-04-26 17:15:11.297,Nuclei
 CVE-2023-30256,6.1,0.01447,Cross Site Scripting vulnerability found in Webkil QloApps v.1.5.2 allows a remote attacker to obtain sensitive information via the back and email_create parameters in the AuthController.php file.,2023-05-11 11:15:09.047,Nuclei
 CVE-2023-30258,9.8,0.23885,Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request.,2023-06-23 12:15:09.473,Metasploit/Nuclei
 CVE-2023-30534,4.3,0.09326,"Cacti is an open source operational monitoring and fault management framework. There are two instances of insecure deserialization in Cacti version 1.2.24. While a viable gadget chain exists in Cacti’s vendor directory (phpseclib), the necessary gadgets are not included, making them inaccessible and the insecure deserializations not exploitable. Each instance of insecure deserialization is due to using the unserialize function without sanitizing the user input. Cacti has a “safe” deserialization that attempts to sanitize the content and check for specific values before calling unserialize, but it isn’t used in these instances. The vulnerable code lies in graphs_new.php, specifically within the host_new_graphs_save function. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.
@@ -5703,11 +5704,12 @@ CVE-2023-34755,9.8,0.0257,bloofox v0.5.2.1 was discovered to contain a SQL injec
 CVE-2023-34756,9.8,0.0257,bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=charset&action=edit.,2023-06-14 14:15:10.707,Nuclei
 CVE-2023-3479,6.1,0.0007,Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8.,2023-06-30 10:15:09.567,Nuclei
 CVE-2023-34843,7.5,0.00357,Traggo Server 0.3.0 is vulnerable to directory traversal via a crafted GET request.,2023-06-29 00:15:09.670,Nuclei
-CVE-2023-34960,9.8,0.93404,A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.,2023-08-01 02:15:10.307,Metasploit/Nuclei
+CVE-2023-34960,9.8,0.93314,A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.,2023-08-01 02:15:10.307,Metasploit/Nuclei
 CVE-2023-34993,9.8,0.96622,A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters.,2023-10-10 17:15:11.670,EPSS/Nuclei
 CVE-2023-35078,9.8,0.96816,An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication.,2023-07-25 07:15:10.897,EPSS/CISA/Nuclei
 CVE-2023-35081,7.2,0.67227,"A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3,  11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an authenticated administrator to write arbitrary files onto the appliance.",2023-08-03 18:15:11.303,CISA
 CVE-2023-35082,9.8,0.95978,"An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication. This vulnerability is unique to CVE-2023-35078 announced earlier.",2023-08-15 16:15:11.633,EPSS/CISA/Nuclei
+CVE-2023-35158,6.1,0.68057,"XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the restore template to perform a XSS, e.g. by using URL such as: > /xwiki/bin/view/XWiki/Main?xpage=restore&showBatch=true&xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 9.4-rc-1. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1. ",2023-06-23 19:15:09.420,Nuclei
 CVE-2023-3519,9.8,0.91186,"Unauthenticated remote code execution
 ",2023-07-19 18:15:11.513,CISA/Metasploit
 CVE-2023-35311,8.8,0.00968,Microsoft Outlook Security Feature Bypass Vulnerability,2023-07-11 18:15:17.177,CISA
@@ -5724,6 +5726,7 @@ CVE-2023-36287,6.1,0.00083,An unauthenticated Cross-Site Scripting (XSS) vulnera
 CVE-2023-36289,6.1,0.00083,An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST email_create and back parameter.,2023-06-23 15:15:10.537,Nuclei
 CVE-2023-36306,6.1,0.00385,"A Cross Site Scripting (XSS) vulnerability in Adiscon Aiscon LogAnalyzer through 4.1.13 allows a remote attacker to execute arbitrary code via the asktheoracle.php, details.php, index.php, search.php, export.php, reports.php, and statistics.php components.",2023-08-08 15:15:10.400,Nuclei
 CVE-2023-36346,6.1,0.00096,POS Codekop v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the nm_member parameter at print.php.,2023-06-23 20:15:09.473,Nuclei
+CVE-2023-36347,7.5,0.01502,A broken authentication mechanism in the endpoint excel.php of POS Codekop v2.0 allows unauthenticated attackers to download selling data.,2023-06-30 02:15:09.347,Nuclei
 CVE-2023-36563,6.5,0.00187,Microsoft WordPad Information Disclosure Vulnerability,2023-10-10 18:15:13.003,CISA
 CVE-2023-36584,5.4,0.00104,Windows Mark of the Web Security Feature Bypass Vulnerability,2023-10-10 18:15:14.280,CISA
 CVE-2023-36661,7.5,0.00044,"Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. (This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows.)",2023-06-25 22:15:21.403,Metasploit
@@ -6026,7 +6029,7 @@ CVE-2023-38098,0.0,0.00046,"NETGEAR ProSAFE Network Management System UpLoadServ
 The specific flaw exists within the UpLoadServlet class. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-19720.",2024-05-03 02:15:52.453,Metasploit
 CVE-2023-38146,8.8,0.8637,Windows Themes Remote Code Execution Vulnerability,2023-09-12 17:15:17.807,Metasploit
 CVE-2023-38180,7.5,0.00512,.NET and Visual Studio Denial of Service Vulnerability,2023-08-08 19:15:10.367,CISA
-CVE-2023-38203,9.8,0.97117,"Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.",2023-07-20 16:15:12.180,EPSS/CISA/Nuclei
+CVE-2023-38203,9.8,0.97037,"Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.",2023-07-20 16:15:12.180,EPSS/CISA/Nuclei
 CVE-2023-38205,7.5,0.922,"Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction.",2023-09-14 08:15:07.767,CISA/Nuclei
 CVE-2023-3836,9.8,0.02637,A vulnerability classified as critical was found in Dahua Smart Park Management up to 20230713. This vulnerability affects unknown code of the file /emap/devicePoint_addImgIco?hasSubsystem=true. The manipulation of the argument upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-235162 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.,2023-07-22 18:15:10.887,Nuclei
 CVE-2023-3843,6.1,0.00235,A vulnerability was found in mooSocial mooDating 1.2. It has been classified as problematic. Affected is an unknown function of the file /matchmakings/question of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-235194 is the identifier assigned to this vulnerability. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.,2023-07-23 05:15:08.837,Nuclei
@@ -6059,7 +6062,7 @@ CVE-2023-39676,6.1,0.00167,FieldPopupNewsletter Prestashop Module v1.0.0 was dis
 CVE-2023-39677,7.5,0.00761,MyPrestaModules Prestashop Module v6.2.9 and UpdateProducts Prestashop Module v3.6.9 were discovered to contain a PHPInfo information disclosure vulnerability via send.php.,2023-09-20 21:15:11.627,Nuclei
 CVE-2023-39700,6.1,0.00103,IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the color parameter.,2023-08-25 00:15:09.693,Nuclei
 CVE-2023-39796,9.8,0.05383,SQL injection vulnerability in the miniform module in WBCE CMS v.1.6.0 allows remote unauthenticated attacker to execute arbitrary code via the DB_RECORD_TABLE parameter.,2023-11-10 06:15:30.410,Nuclei
-CVE-2023-40044,8.8,0.85984,"
+CVE-2023-40044,8.8,0.86525,"
 In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system.  
 
 ",2023-09-27 15:18:57.307,CISA/Metasploit
@@ -6123,6 +6126,7 @@ CVE-2023-44353,9.8,0.00548,Adobe ColdFusion versions 2023.5 (and earlier) and 20
 CVE-2023-44487,7.5,0.72011,"The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.",2023-10-10 14:15:10.883,CISA
 CVE-2023-4451,6.1,0.00157,Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4.,2023-08-20 15:15:29.760,Nuclei
 CVE-2023-44812,6.1,0.01077,Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the admin_redirect_url parameter of the user login function.,2023-10-09 21:15:10.227,Nuclei
+CVE-2023-44813,6.1,0.01077,Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the mode parameter of the invite friend login function.,2023-10-09 21:15:10.273,Nuclei
 CVE-2023-4521,9.8,0.03162,"The Import XML and RSS Feeds WordPress plugin before 2.1.5 contains a web shell, allowing unauthenticated attackers to perform RCE. The plugin/vendor was not compromised and the files are the result of running a PoC for a previously reported issue (https://wpscan.com/vulnerability/d4220025-2272-4d5f-9703-4b2ac4a51c42) and not deleting the created files when releasing the new version.",2023-09-25 16:15:15.297,Nuclei
 CVE-2023-45375,8.8,0.01204,"In the module ""PireosPay"" (pireospay) before version 1.7.10 from 01generator.com for PrestaShop, a guest can perform SQL injection via `PireosPayValidationModuleFrontController::postProcess().`",2023-10-17 05:15:50.733,Nuclei
 CVE-2023-4547,6.1,0.0025,A vulnerability was found in SPA-Cart eCommerce CMS 1.9.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /search. The manipulation of the argument filter[brandid]/filter[price] leads to cross site scripting. The attack may be launched remotely. VDB-238058 is the identifier assigned to this vulnerability.,2023-08-26 09:15:09.057,Nuclei
@@ -6132,13 +6136,14 @@ CVE-2023-45542,6.1,0.00082,Cross Site Scripting vulnerability in mooSocial 3.1.8
 CVE-2023-45671,4.7,0.00924,"Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, there is a reflected cross-site scripting vulnerability in any API endpoints reliant on the `/<camera_name>` base path as values provided for the path are not sanitized. Exploiting this vulnerability requires the attacker to both know very specific information about a user's Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user's Frigate instance; attacker crafts a specialized page which links to the user's Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. As the reflected values included in the URL are not sanitized or escaped, this permits execution arbitrary Javascript payloads. Version 0.13.0 Beta 3 contains a patch for this issue.",2023-10-30 23:15:08.620,Nuclei
 CVE-2023-4568,6.5,0.02217,"PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch.",2023-09-13 21:15:07.807,Nuclei
 CVE-2023-45852,9.8,0.10586,"In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method.",2023-10-14 02:15:09.270,Nuclei
+CVE-2023-45855,7.5,0.00318,qdPM 9.2 allows Directory Traversal to list files and directories by navigating to the /uploads URI.,2023-10-14 05:15:55.313,Nuclei
 CVE-2023-4596,9.8,0.06103,"The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the upload_post_image() function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.",2023-08-30 02:15:09.353,Nuclei
 CVE-2023-46214,8.8,0.38294,"In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. This means that an attacker can upload malicious XSLT which can result in remote code execution on the Splunk Enterprise instance.",2023-11-16 21:15:08.630,Metasploit
 CVE-2023-4634,9.8,0.02012,"The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote Code Execution in versions up to, and including, 3.09. This is due to insufficient controls on file paths being supplied to the 'mla_stream_file' parameter from the ~/includes/mla-stream-image.php file, where images are processed via Imagick(). This makes it possible for unauthenticated attackers to supply files via FTP that will make directory lists, local file inclusion, and remote code execution possible.",2023-09-06 09:15:08.873,Nuclei
 CVE-2023-46347,9.8,0.04018,"In the module ""Step by Step products Pack"" (ndk_steppingpack) version 1.5.6 and before from NDK Design for PrestaShop, a guest can perform SQL injection. The method `NdkSpack::getPacks()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.",2023-10-25 18:17:37.697,Nuclei
 CVE-2023-46359,9.8,0.1382,"An OS command injection vulnerability in Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier, may allow an unauthenticated remote attacker to execute arbitrary commands on the system via a specifically crafted arguments passed to the connectivity check feature.",2024-02-06 01:15:07.877,Nuclei
 CVE-2023-46574,9.8,0.07038,An issue in TOTOLINK A3700R v.9.1.2u.6165_20211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the UploadFirmwareFile function.,2023-10-25 18:17:39.780,Nuclei
-CVE-2023-46604,9.8,0.97273,"The Java OpenWire protocol marshaller is vulnerable to Remote Code 
+CVE-2023-46604,9.8,0.92279,"The Java OpenWire protocol marshaller is vulnerable to Remote Code 
 Execution. This vulnerability may allow a remote attacker with network 
 access to either a Java-based OpenWire broker or client to run arbitrary
  shell commands by manipulating serialized class types in the OpenWire 
@@ -6149,7 +6154,7 @@ Users are recommended to upgrade
  both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 
 which fixes this issue.
 
-",2023-10-27 15:15:14.017,EPSS/CISA/Metasploit
+",2023-10-27 15:15:14.017,CISA/Metasploit
 CVE-2023-46747,9.8,0.97041,"
 
 
@@ -6258,7 +6263,7 @@ CVE-2023-52085,5.4,0.00256,"Winter is a free, open-source content management sys
 CVE-2023-5217,8.8,0.2961,Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High),2023-09-28 16:15:10.980,CISA
 CVE-2023-52251,8.8,0.03218,An issue discovered in provectus kafka-ui 0.4.0 through 0.7.1 allows remote attackers to execute arbitrary code via the q parameter of /api/clusters/local/topics/{topic}/messages.,2024-01-25 21:15:08.787,Metasploit
 CVE-2023-5244,6.1,0.00159,Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 2.0.,2023-09-28 01:15:09.060,Nuclei
-CVE-2023-5360,9.8,0.96723,"The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE.",2023-10-31 14:15:12.773,EPSS/Metasploit/Nuclei
+CVE-2023-5360,9.8,0.96512,"The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE.",2023-10-31 14:15:12.773,EPSS/Metasploit/Nuclei
 CVE-2023-5375,6.1,0.00083,Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2.,2023-10-04 09:15:31.980,Nuclei
 CVE-2023-5556,6.1,0.00064,Cross-site Scripting (XSS) - Reflected in GitHub repository structurizr/onpremises prior to 3194.,2023-10-12 11:15:23.873,Nuclei
 CVE-2023-5612,5.3,0.00463,"An issue has been discovered in GitLab affecting all versions before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. It was possible to read the user email address via tags feed although the visibility in the user profile has been disabled.",2024-01-26 02:15:07.357,Metasploit
@@ -6276,6 +6281,7 @@ to load arbitrary JavaScript code.
 ",2023-10-18 15:15:08.727,CISA
 CVE-2023-5830,9.8,0.00427,A vulnerability classified as critical has been found in ColumbiaSoft Document Locator. This affects an unknown part of the file /api/authentication/login of the component WebTools. The manipulation of the argument Server leads to improper authentication. It is possible to initiate the attack remotely. Upgrading to version 7.2 SP4 and 2021.1 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-243729 was assigned to this vulnerability.,2023-10-27 21:15:10.003,Nuclei
 CVE-2023-5914,6.1,0.00095,  Cross-site scripting (XSS),2024-01-17 21:15:11.413,Nuclei
+CVE-2023-5991,9.8,0.17487,"The Hotel Booking Lite WordPress plugin before 4.8.5 does not validate file paths provided via user input, as well as does not have proper CSRF and authorisation checks, allowing unauthenticated users to download and delete arbitrary files on the server",2023-12-26 19:15:08.213,Nuclei
 CVE-2023-6018,9.8,0.86232,An attacker can overwrite any file on the server hosting MLflow without any authentication.,2023-11-16 16:15:34.880,Nuclei
 CVE-2023-6020,7.5,0.06351,LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication.,2023-11-16 21:15:09.443,Nuclei
 CVE-2023-6021,7.5,0.0038,LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here: https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-2023-48022-cve-2023-48023,2023-11-16 17:15:09.020,Nuclei
@@ -6294,7 +6300,7 @@ CVE-2023-6548,8.8,0.01568,"Improper Control of Generation of Code ('Code Injecti
 CVE-2023-6549,7.5,0.00597,"Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and Out-Of-Bounds Memory Read
 ",2024-01-17 21:15:11.690,CISA
 CVE-2023-6553,9.8,0.92286,"The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated attackers to easily execute code on the server.",2023-12-15 11:15:47.837,Metasploit/Nuclei
-CVE-2023-6567,7.5,0.19544,"The LearnPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order_by’ parameter in all versions up to, and including, 4.2.5.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.",2024-01-11 09:15:49.407,Nuclei
+CVE-2023-6567,7.5,0.14325,"The LearnPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order_by’ parameter in all versions up to, and including, 4.2.5.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.",2024-01-11 09:15:49.407,Nuclei
 CVE-2023-6623,9.8,0.09254,"The Essential Blocks WordPress plugin before 4.4.3 does not prevent unauthenticated attackers from overwriting local variables when rendering templates over the REST API, which may lead to Local File Inclusion attacks.",2024-01-15 16:15:12.573,Nuclei
 CVE-2023-6634,9.8,0.2028,"The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the get_content function. This is due to the plugin making use of the call_user_func function with user input. This makes it possible for unauthenticated attackers to execute any public function with one parameter, which could result in remote code execution.",2024-01-11 09:15:50.437,Nuclei
 CVE-2023-6831,8.1,0.00246,Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.,2023-12-15 01:15:08.140,Nuclei
@@ -6318,7 +6324,7 @@ CVE-2024-0352,9.8,0.0086,A vulnerability classified as critical was found in Lik
 CVE-2024-0519,8.8,0.00179,Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High),2024-01-16 22:15:37.753,CISA
 CVE-2024-0713,0.0,0.00872,Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-28871. Reason: This candidate is a reservation duplicate of CVE-2020-28871. Notes: All CVE users should reference CVE-2020-28871 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.,2024-01-19 14:15:13.277,Nuclei
 CVE-2024-0881,0.0,0.00053,"The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel  WordPress plugin before 2.2.76 does not prevent password protected posts from being displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to read such posts",2024-04-11 16:15:24.800,Nuclei
-CVE-2024-1021,9.8,0.00823,"A vulnerability, which was classified as critical, has been found in Rebuild up to 3.5.5. Affected by this issue is the function readRawText of the component HTTP Request Handler. The manipulation of the argument url leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252290 is the identifier assigned to this vulnerability.",2024-01-29 22:15:08.553,Nuclei
+CVE-2024-1021,9.8,0.00973,"A vulnerability, which was classified as critical, has been found in Rebuild up to 3.5.5. Affected by this issue is the function readRawText of the component HTTP Request Handler. The manipulation of the argument url leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252290 is the identifier assigned to this vulnerability.",2024-01-29 22:15:08.553,Nuclei
 CVE-2024-1061,9.8,0.0069,"The 'HTML5 Video Player' WordPress Plugin, version < 2.5.25 is affected by an unauthenticated SQL injection vulnerability in the 'id' parameter in the  'get_view' function.
 ",2024-01-30 09:15:48.367,Nuclei
 CVE-2024-1071,9.8,0.00063,"The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'sorting' parameter in versions 2.1.3 to 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.",2024-03-13 16:15:16.293,Nuclei
@@ -6330,6 +6336,7 @@ CVE-2024-1212,10.0,0.00213,"Unauthenticated remote attackers can access the syst
 
 
 ",2024-02-21 18:15:50.417,Metasploit/Nuclei
+CVE-2024-1561,0.0,0.00087,"An issue was discovered in gradio-app/gradio, where the `/component_server` endpoint improperly allows the invocation of any method on a `Component` class with attacker-controlled arguments. Specifically, by exploiting the `move_resource_to_block_cache()` method of the `Block` class, an attacker can copy any file on the filesystem to a temporary directory and subsequently retrieve it. This vulnerability enables unauthorized local file read access, posing a significant risk especially when the application is exposed to the internet via `launch(share=True)`, thereby allowing remote attackers to read files on the host machine. Furthermore, gradio apps hosted on `huggingface.co` are also affected, potentially leading to the exposure of sensitive information such as API keys and credentials stored in environment variables.",2024-04-16 00:15:08.887,Nuclei
 CVE-2024-1698,9.8,0.00087,"The NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor plugin for WordPress is vulnerable to SQL Injection via the 'type' parameter in all versions up to, and including, 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.",2024-02-27 06:15:46.140,Nuclei
 CVE-2024-1708,8.4,0.00049,"ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker 
 
@@ -6345,7 +6352,7 @@ critical systems.
 ",2024-02-21 16:15:50.420,CISA/Metasploit/Nuclei
 CVE-2024-20353,8.6,0.00354,"A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.
 
 This vulnerability is due to incomplete error checking when parsing an HTTP header. An attacker could exploit this vulnerability by sending a crafted HTTP request to a targeted web server on a device. A successful exploit could allow the attacker to cause a DoS condition when the device reloads.",2024-04-24 19:15:46.723,CISA
-CVE-2024-20359,6.0,0.00324,"A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level privileges are required to exploit this vulnerability.
+CVE-2024-20359,6.0,0.00128,"A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level privileges are required to exploit this vulnerability.
 
 This vulnerability is due to improper validation of a file when it is read from system flash memory. An attacker could exploit this vulnerability by copying a crafted file to the disk0: file system of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the affected device after the next reload of the device, which could alter system behavior. Because the injected code could persist across device reboots, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High.",2024-04-24 19:15:46.943,CISA
 CVE-2024-2044,9.9,0.00163,"pgAdmin <= 8.3 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. If the server is running on Windows, an unauthenticated attacker can load and deserialize remote pickle objects and gain code execution. If the server is running on POSIX/Linux, an authenticated attacker can upload pickle objects, deserialize them, and gain code execution.
 ",2024-03-07 21:15:08.767,Metasploit
@@ -6383,7 +6390,7 @@ CVE-2024-2389,10.0,0.00439,"In Flowmon versions prior to 11.1.14 and 12.3.5, an
 
 ",2024-04-02 13:15:51.693,Nuclei
 CVE-2024-23897,9.8,0.95779,"Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.",2024-01-24 18:15:09.370,EPSS/Metasploit
-CVE-2024-23917,9.8,0.04469,In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible,2024-02-06 10:15:09.280,Nuclei
+CVE-2024-23917,9.8,0.05232,In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible,2024-02-06 10:15:09.280,Nuclei
 CVE-2024-24131,6.1,0.00076,SuperWebMailer v9.31.0.01799 was discovered to contain a reflected cross-site scripting (XSS) vulenrability via the component api.php.,2024-02-07 14:15:52.770,Nuclei
 CVE-2024-24725,0.0,0.13312,Gibbon through 26.0.00 allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the modules/System%20Admin/import_run.php&type=externalAssessment&step=4 URI.,2024-03-23 23:15:07.193,Metasploit
 CVE-2024-25735,0.0,0.00381,An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext passwords via a SoftAP /device/config GET request.,2024-03-27 03:15:12.150,Nuclei
@@ -6404,6 +6411,9 @@ CVE-2024-29269,0.0,0.00054,An issue discovered in Telesquare TLR-2005Ksh 1.0.0 a
 CVE-2024-29745,5.5,0.00425,there is a possible Information Disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.,2024-04-05 20:15:08.253,CISA
 CVE-2024-29748,7.8,0.00149,there is a possible way to bypass  due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.,2024-04-05 20:15:08.407,CISA
 CVE-2024-29988,8.8,0.00363,SmartScreen Prompt Security Feature Bypass Vulnerability,2024-04-09 17:16:01.830,CISA
+CVE-2024-30040,8.8,0.00806,Windows MSHTML Platform Security Feature Bypass Vulnerability,2024-05-14 17:17:12.410,CISA
+CVE-2024-30051,7.8,0.00144,Windows DWM Core Library Elevation of Privilege Vulnerability,2024-05-14 17:17:21.763,CISA
+CVE-2024-3097,5.3,0.04672,"The WordPress Gallery Plugin – NextGEN Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_item function in versions up to, and including, 3.59. This makes it possible for unauthenticated attackers to extract sensitive data including EXIF and other metadata of any image uploaded through the plugin.",2024-04-09 19:15:39.553,Nuclei
 CVE-2024-3136,9.8,0.00065,"The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.",2024-04-09 19:15:39.720,Nuclei
 CVE-2024-31621,0.0,0.00381,An issue in FlowiseAI Inc Flowise v.1.6.2 and before allows a remote attacker to execute arbitrary code via a crafted script to the api/v1 component.,2024-04-29 17:15:19.057,Nuclei
 CVE-2024-31848,9.8,0.00054,"A path traversal vulnerability exists in the Java version of CData API Server < 23.4.8844 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application.",2024-04-05 18:15:09.360,Nuclei
diff --git a/secpatch.ipynb b/secpatch.ipynb
index 64af7a6..c36d068 100644
--- a/secpatch.ipynb
+++ b/secpatch.ipynb
@@ -5,10 +5,10 @@
    "execution_count": 1,
    "metadata": {
     "execution": {
-     "iopub.execute_input": "2024-05-15T06:20:24.714000Z",
-     "iopub.status.busy": "2024-05-15T06:20:24.713834Z",
-     "iopub.status.idle": "2024-05-15T06:20:26.895022Z",
-     "shell.execute_reply": "2024-05-15T06:20:26.894403Z"
+     "iopub.execute_input": "2024-05-15T12:30:07.193025Z",
+     "iopub.status.busy": "2024-05-15T12:30:07.192856Z",
+     "iopub.status.idle": "2024-05-15T12:30:07.955451Z",
+     "shell.execute_reply": "2024-05-15T12:30:07.954914Z"
     }
    },
    "outputs": [],
@@ -33,10 +33,10 @@
    "execution_count": 2,
    "metadata": {
     "execution": {
-     "iopub.execute_input": "2024-05-15T06:20:26.897795Z",
-     "iopub.status.busy": "2024-05-15T06:20:26.897533Z",
-     "iopub.status.idle": "2024-05-15T06:20:26.908226Z",
-     "shell.execute_reply": "2024-05-15T06:20:26.907638Z"
+     "iopub.execute_input": "2024-05-15T12:30:07.958160Z",
+     "iopub.status.busy": "2024-05-15T12:30:07.957691Z",
+     "iopub.status.idle": "2024-05-15T12:30:07.967852Z",
+     "shell.execute_reply": "2024-05-15T12:30:07.967322Z"
     }
    },
    "outputs": [],
@@ -57,10 +57,10 @@
    "execution_count": 3,
    "metadata": {
     "execution": {
-     "iopub.execute_input": "2024-05-15T06:20:26.910466Z",
-     "iopub.status.busy": "2024-05-15T06:20:26.910170Z",
-     "iopub.status.idle": "2024-05-15T06:20:26.920882Z",
-     "shell.execute_reply": "2024-05-15T06:20:26.920317Z"
+     "iopub.execute_input": "2024-05-15T12:30:07.970057Z",
+     "iopub.status.busy": "2024-05-15T12:30:07.969675Z",
+     "iopub.status.idle": "2024-05-15T12:30:07.980313Z",
+     "shell.execute_reply": "2024-05-15T12:30:07.979766Z"
     }
    },
    "outputs": [],
@@ -76,10 +76,10 @@
    "execution_count": 4,
    "metadata": {
     "execution": {
-     "iopub.execute_input": "2024-05-15T06:20:26.923128Z",
-     "iopub.status.busy": "2024-05-15T06:20:26.922910Z",
-     "iopub.status.idle": "2024-05-15T06:20:27.021056Z",
-     "shell.execute_reply": "2024-05-15T06:20:27.020464Z"
+     "iopub.execute_input": "2024-05-15T12:30:07.982509Z",
+     "iopub.status.busy": "2024-05-15T12:30:07.982226Z",
+     "iopub.status.idle": "2024-05-15T12:30:08.078984Z",
+     "shell.execute_reply": "2024-05-15T12:30:08.078413Z"
     }
    },
    "outputs": [
@@ -87,7 +87,7 @@
      "name": "stderr",
      "output_type": "stream",
      "text": [
-      "/tmp/ipykernel_3271/298683809.py:5: SettingWithCopyWarning: \n",
+      "/tmp/ipykernel_3281/298683809.py:5: SettingWithCopyWarning: \n",
       "A value is trying to be set on a copy of a slice from a DataFrame.\n",
       "Try using .loc[row_indexer,col_indexer] = value instead\n",
       "\n",
@@ -110,10 +110,10 @@
    "execution_count": 5,
    "metadata": {
     "execution": {
-     "iopub.execute_input": "2024-05-15T06:20:27.052882Z",
-     "iopub.status.busy": "2024-05-15T06:20:27.052605Z",
-     "iopub.status.idle": "2024-05-15T06:20:27.124655Z",
-     "shell.execute_reply": "2024-05-15T06:20:27.124179Z"
+     "iopub.execute_input": "2024-05-15T12:30:08.110584Z",
+     "iopub.status.busy": "2024-05-15T12:30:08.110246Z",
+     "iopub.status.idle": "2024-05-15T12:30:08.178677Z",
+     "shell.execute_reply": "2024-05-15T12:30:08.178111Z"
     }
    },
    "outputs": [],
@@ -127,10 +127,10 @@
    "execution_count": 6,
    "metadata": {
     "execution": {
-     "iopub.execute_input": "2024-05-15T06:20:27.127002Z",
-     "iopub.status.busy": "2024-05-15T06:20:27.126777Z",
-     "iopub.status.idle": "2024-05-15T06:20:45.134620Z",
-     "shell.execute_reply": "2024-05-15T06:20:45.134038Z"
+     "iopub.execute_input": "2024-05-15T12:30:08.180869Z",
+     "iopub.status.busy": "2024-05-15T12:30:08.180689Z",
+     "iopub.status.idle": "2024-05-15T12:30:25.865773Z",
+     "shell.execute_reply": "2024-05-15T12:30:25.865125Z"
     }
    },
    "outputs": [],
@@ -225,10 +225,10 @@
    "execution_count": 7,
    "metadata": {
     "execution": {
-     "iopub.execute_input": "2024-05-15T06:20:45.137447Z",
-     "iopub.status.busy": "2024-05-15T06:20:45.137037Z",
-     "iopub.status.idle": "2024-05-15T06:20:45.307260Z",
-     "shell.execute_reply": "2024-05-15T06:20:45.306798Z"
+     "iopub.execute_input": "2024-05-15T12:30:25.868206Z",
+     "iopub.status.busy": "2024-05-15T12:30:25.868007Z",
+     "iopub.status.idle": "2024-05-15T12:30:26.031991Z",
+     "shell.execute_reply": "2024-05-15T12:30:26.031402Z"
     }
    },
    "outputs": [],