From 86aa51beb9015cbaa55b5c9d30b732e1bfb23e14 Mon Sep 17 00:00:00 2001
From: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
Date: Sun, 15 Sep 2024 12:32:11 +0000
Subject: [PATCH] Commit from GitHub Actions (Update List)

---
 data/data.csv  | 202 ++++++++++++++++++++++++-------------------------
 secpatch.ipynb |  58 +++++++-------
 2 files changed, 130 insertions(+), 130 deletions(-)

diff --git a/data/data.csv b/data/data.csv
index 754489d..90a9eb8 100644
--- a/data/data.csv
+++ b/data/data.csv
@@ -96,7 +96,7 @@ CVE-2003-0201,0.0,0.9705,"Buffer overflow in the call_trans2open function in tra
 CVE-2003-0213,0.0,0.41623,"ctrlpacket.c in PoPToP PPTP server before 1.1.4-b3 allows remote attackers to cause a denial of service via a length field of 0 or 1, which causes a negative value to be fed into a read operation, leading to a buffer overflow.",2003-05-12 04:00:00.000,Metasploit
 CVE-2003-0220,0.0,0.52614,Buffer overflow in the administrator authentication process for Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute arbitrary code via a handshake packet.,2003-05-12 04:00:00.000,Metasploit
 CVE-2003-0227,0.0,0.95933,"The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request.",2003-06-09 04:00:00.000,EPSS
-CVE-2003-0228,0.0,0.95343,Directory traversal vulnerability in Microsoft Windows Media Player 7.1 and Windows Media Player for Windows XP allows remote attackers to execute arbitrary code via a skins file with a URL containing hex-encoded backslash characters (%5C) that causes an executable to be placed in an arbitrary location.,2003-05-27 04:00:00.000,EPSS
+CVE-2003-0228,0.0,0.95034,Directory traversal vulnerability in Microsoft Windows Media Player 7.1 and Windows Media Player for Windows XP allows remote attackers to execute arbitrary code via a skins file with a URL containing hex-encoded backslash characters (%5C) that causes an executable to be placed in an arbitrary location.,2003-05-27 04:00:00.000,EPSS
 CVE-2003-0245,0.0,0.96634,"Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.",2003-06-09 04:00:00.000,EPSS
 CVE-2003-0264,0.0,0.2422,"Multiple buffer overflows in SLMail 5.1.0.4420 allows remote attackers to execute arbitrary code via (1) a long EHLO argument to slmail.exe, (2) a long XTRN argument to slmail.exe, (3) a long string to POPPASSWD, or (4) a long password to the POP3 server.",2003-05-27 04:00:00.000,Metasploit
 CVE-2003-0270,0.0,0.02846,"The administration capability for Apple AirPort 802.11 wireless access point devices uses weak encryption (XOR with a fixed key) for protecting authentication credentials, which could allow remote attackers to obtain administrative access via sniffing when the capability is available via Ethernet or non-WEP connections.",2003-06-16 04:00:00.000,Metasploit
@@ -115,9 +115,9 @@ CVE-2003-0717,0.0,0.97105,"The Messenger Service for Windows NT through Server 2
 CVE-2003-0719,0.0,0.95755,"Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets.",2004-06-01 04:00:00.000,EPSS/Metasploit
 CVE-2003-0722,0.0,0.96925,"The default installation of sadmind on Solaris uses weak authentication (AUTH_SYS), which allows local and remote attackers to spoof Solstice AdminSuite clients and gain root privileges via a certain sequence of RPC packets.",2003-09-22 04:00:00.000,EPSS/Metasploit
 CVE-2003-0772,0.0,0.95697,Multiple buffer overflows in WS_FTP 3 and 4 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via long (1) APPE (append) or (2) STAT (status) arguments.,2003-09-22 04:00:00.000,EPSS
-CVE-2003-0812,0.0,0.96901,"Stack-based buffer overflow in a logging function for Windows Workstation Service (WKSSVC.DLL) allows remote attackers to execute arbitrary code via RPC calls that cause long entries to be written to a debug log file (""NetSetup.LOG""), as demonstrated using the NetAddAlternateComputerName API.",2003-12-15 05:00:00.000,EPSS/Metasploit
+CVE-2003-0812,0.0,0.96862,"Stack-based buffer overflow in a logging function for Windows Workstation Service (WKSSVC.DLL) allows remote attackers to execute arbitrary code via RPC calls that cause long entries to be written to a debug log file (""NetSetup.LOG""), as demonstrated using the NetAddAlternateComputerName API.",2003-12-15 05:00:00.000,EPSS/Metasploit
 CVE-2003-0818,0.0,0.97363,"Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings.",2004-03-03 05:00:00.000,EPSS/Metasploit
-CVE-2003-0822,0.0,0.97104,Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request.,2003-12-15 05:00:00.000,EPSS/Metasploit
+CVE-2003-0822,0.0,0.96995,Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request.,2003-12-15 05:00:00.000,EPSS/Metasploit
 CVE-2003-0825,0.0,0.96665,"The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code.",2004-03-03 05:00:00.000,EPSS
 CVE-2003-0838,0.0,0.95041,"Internet Explorer allows remote attackers to bypass zone restrictions to inject and execute arbitrary programs by creating a popup window and inserting ActiveX object code with a ""data"" tag pointing to the malicious code, which Internet Explorer treats as HTML or Javascript, but later executes as an HTA application, a different vulnerability than CVE-2003-0532, and as exploited using the QHosts Trojan horse (aka Trojan.Qhosts, QHosts-1, VBS.QHOSTS, or aolfix.exe).",2003-11-17 05:00:00.000,EPSS
 CVE-2003-0990,0.0,0.70166,"The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 allows remote attackers to execute commands via shell metacharacters in the ""To:"" field.",2004-01-20 05:00:00.000,Metasploit
@@ -142,7 +142,7 @@ CVE-2004-0330,0.0,0.93302,Buffer overflow in Serv-U ftp before 5.0.0.4 allows re
 CVE-2004-0331,0.0,0.95235,Heap-based buffer overflow in Dell OpenManage Web Server 3.4.0 allows remote attackers to cause a denial of service (crash) via a HTTP POST with a long application variable.,2004-11-23 05:00:00.000,EPSS/Metasploit
 CVE-2004-0362,0.0,0.96014,"Multiple stack-based buffer overflows in the ICQ parsing routines of the ISS Protocol Analysis Module (PAM) component, as used in various RealSecure, Proventia, and BlackICE products, allow remote attackers to execute arbitrary code via a SRV_MULTI response containing a SRV_USER_ONLINE response packet and a SRV_META_USER response packet with long (1) nickname, (2) firstname, (3) lastname, or (4) email address fields, as exploited by the Witty worm.",2004-04-15 04:00:00.000,EPSS/Metasploit
 CVE-2004-0363,0.0,0.9319,"Stack-based buffer overflow in the SymSpamHelper ActiveX component (symspam.dll) in Norton AntiSpam 2004, as used in Norton Internet Security 2004, allows remote attackers to execute arbitrary code via a long parameter to the LaunchCustomRuleWizard method.",2004-04-15 04:00:00.000,Metasploit
-CVE-2004-0380,0.0,0.96759,"The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the ""MHTML URL Processing Vulnerability.""",2004-05-04 04:00:00.000,EPSS
+CVE-2004-0380,0.0,0.96707,"The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the ""MHTML URL Processing Vulnerability.""",2004-05-04 04:00:00.000,EPSS
 CVE-2004-0396,0.0,0.96945,"Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up to 1.12.7, when using the pserver mechanism allows remote attackers to execute arbitrary code via Entry lines.",2004-06-14 04:00:00.000,EPSS
 CVE-2004-0397,0.0,0.96278,Stack-based buffer overflow during the apr_time_t data conversion in Subversion 1.0.2 and earlier allows remote attackers to execute arbitrary code via a (1) DAV2 REPORT query or (2) get-dated-rev svn-protocol command.,2004-07-07 04:00:00.000,EPSS/Metasploit
 CVE-2004-0420,0.0,0.96765,"The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP.",2004-07-07 04:00:00.000,EPSS
@@ -365,7 +365,7 @@ CVE-2006-2372,0.0,0.96315,"Buffer overflow in the DHCP Client service for Micros
 CVE-2006-2447,0.0,0.94666,"SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.",2006-06-06 21:06:00.000,Metasploit
 CVE-2006-2492,8.8,0.75579,"Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack.",2006-05-20 00:02:00.000,CISA
 CVE-2006-2502,0.0,0.8901,"Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.",2006-05-22 16:06:00.000,Metasploit
-CVE-2006-2630,0.0,0.97106,Stack-based buffer overflow in Symantec Antivirus 10.1 and Client Security 3.1 allows remote attackers to execute arbitrary code via unknown attack vectors.,2006-05-27 21:02:00.000,EPSS/Metasploit
+CVE-2006-2630,0.0,0.97077,Stack-based buffer overflow in Symantec Antivirus 10.1 and Client Security 3.1 allows remote attackers to execute arbitrary code via unknown attack vectors.,2006-05-27 21:02:00.000,EPSS/Metasploit
 CVE-2006-2685,0.0,0.95265,"PHP remote file inclusion vulnerability in Basic Analysis and Security Engine (BASE) 1.2.4 and earlier, with register_globals enabled, allows remote attackers to execute arbitrary PHP code via a URL in the BASE_path parameter to (1) base_qry_common.php, (2) base_stat_common.php, and (3) includes/base_include.inc.php.",2006-05-31 10:06:00.000,EPSS/Metasploit
 CVE-2006-2766,0.0,0.95721,"Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via a long mhtml URI in the URL value in a URL file.",2006-06-02 10:18:00.000,EPSS
 CVE-2006-2779,0.0,0.9722,"Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested <option> tags in a select tag, (2) a DOMNodeRemoved mutation event, (3) ""Content-implemented tree views,"" (4) BoxObjects, (5) the XBL implementation, (6) an iframe that attempts to remove itself, which leads to memory corruption.",2006-06-02 19:02:00.000,EPSS
@@ -484,7 +484,7 @@ CVE-2007-1036,0.0,0.96763,"The default configuration of JBoss does not restrict
 CVE-2007-1070,0.0,0.95448,"Multiple stack-based buffer overflows in Trend Micro ServerProtect for Windows and EMC 5.58, and for Network Appliance Filer 5.61 and 5.62, allow remote attackers to execute arbitrary code via crafted RPC requests to TmRpcSrv.dll that trigger overflows when calling the (1) CMON_NetTestConnection, (2) CMON_ActiveUpdate, and (3) CMON_ActiveRollback functions in (a) StCommon.dll, and (4) ENG_SetRealTimeScanConfigInfo and (5) ENG_SendEMail functions in (b) eng50.dll.",2007-02-21 11:28:00.000,EPSS/Metasploit
 CVE-2007-1092,0.0,0.96733,"Mozilla Firefox 1.5.0.9 and 2.0.0.1, and SeaMonkey before 1.0.8 allow remote attackers to execute arbitrary code via JavaScript onUnload handlers that modify the structure of a document, wich triggers memory corruption due to the lack of a finalize hook on DOM window objects.",2007-02-26 17:28:00.000,EPSS
 CVE-2007-1277,0.0,0.96168,"WordPress 2.1.1, as downloaded from some official distribution sites during February and March 2007, contains an externally introduced backdoor that allows remote attackers to execute arbitrary commands via (1) an eval injection vulnerability in the ix parameter to wp-includes/feed.php, and (2) an untrusted passthru call in the iz parameter to wp-includes/theme.php.",2007-03-05 20:19:00.000,EPSS
-CVE-2007-1286,0.0,0.2626,"Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter.",2007-03-06 20:19:00.000,Metasploit
+CVE-2007-1286,0.0,0.16052,"Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter.",2007-03-06 20:19:00.000,Metasploit
 CVE-2007-1306,0.0,0.95119,"Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote attackers to cause a denial of service (crash) by sending a Session Initiation Protocol (SIP) packet without a URI and SIP-version header, which results in a NULL pointer dereference.",2007-03-07 00:19:00.000,EPSS
 CVE-2007-1308,0.0,0.95593,"ecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror in KDE 3.5.5, allows remote attackers to cause a denial of service (crash) by accessing the content of an iframe with an ftp:// URI in the src attribute, probably due to a NULL pointer dereference.",2007-03-07 00:19:00.000,EPSS
 CVE-2007-1373,0.0,0.84022,Stack-based buffer overflow in Mercury/32 (aka Mercury Mail Transport System) 4.01b and earlier allows remote attackers to execute arbitrary code via a long LOGIN command.  NOTE: this might be the same issue as CVE-2006-5961.,2007-03-10 00:19:00.000,Metasploit
@@ -504,7 +504,8 @@ CVE-2007-2139,0.0,0.94064,"Multiple stack-based buffer overflows in the SUN RPC
 CVE-2007-2175,0.0,0.95212,"Apple QuickTime Java extensions (QTJava.dll), as used in Safari and other browsers, and when Java is enabled, allows remote attackers to execute arbitrary code via parameters to the toQTPointer method in quicktime.util.QTHandleRef, which can be used to modify arbitrary memory when creating QTPointerRef objects, as demonstrated during the ""PWN 2 0WN"" contest at CanSecWest 2007.",2007-04-24 16:19:00.000,EPSS/Metasploit
 CVE-2007-2193,0.0,0.9453,"Stack-based buffer overflow in the ID_X.apl plugin in ACDSee 9.0 Build 108, Pro 8.1 Build 99, and Photo Editor 4.0 Build 195 allows user-assisted remote attackers to execute arbitrary code via a crafted XPM file with a long section string.  NOTE: some of these details are obtained from third party information.",2007-04-24 17:19:00.000,Metasploit
 CVE-2007-2217,0.0,0.96384,"Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file.",2007-10-09 22:17:00.000,EPSS
-CVE-2007-2222,0.0,0.96194,"Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS.",2007-06-12 19:30:00.000,EPSS
+CVE-2007-2218,0.0,0.9501,"Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that are processed during an SSL handshake.",2007-06-12 19:30:00.000,EPSS
+CVE-2007-2222,0.0,0.96365,"Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS.",2007-06-12 19:30:00.000,EPSS
 CVE-2007-2238,0.0,0.95787,"Multiple stack-based buffer overflows in the Whale Client Components ActiveX control (WhlMgr.dll), as used in Microsoft Intelligent Application Gateway (IAG) before 3.7 SP2, allow remote attackers to execute arbitrary code via long arguments to the (1) CheckForUpdates or (2) UpdateComponents methods.",2009-04-16 15:12:57.280,EPSS/Metasploit
 CVE-2007-2263,0.0,0.95366,"Heap-based buffer overflow in RealNetworks RealPlayer 10.0, 10.1, and possibly 10.5, RealOne Player, and RealPlayer Enterprise allows remote attackers to execute arbitrary code via an SWF (Flash) file with malformed record headers.",2007-10-31 17:46:00.000,EPSS
 CVE-2007-2264,0.0,0.9542,"Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and possibly 10.5; RealOne Player 1 and 2; and RealPlayer Enterprise allows remote attackers to execute arbitrary code via a RAM (.ra or .ram) file with a large size value in the RA header.",2007-10-31 17:46:00.000,EPSS
@@ -553,7 +554,7 @@ CVE-2007-3872,0.0,0.92409,"Multiple stack-based buffer overflows in the Shared T
 CVE-2007-3897,0.0,0.95888,"Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption.",2007-10-09 22:17:00.000,EPSS
 CVE-2007-3898,0.0,0.95971,"The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors.",2007-11-14 01:46:00.000,EPSS
 CVE-2007-3901,0.0,0.95366,Stack-based buffer overflow in the DirectShow Synchronized Accessible Media Interchange (SAMI) parser in quartz.dll for Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted SAMI file.,2007-12-12 00:46:00.000,EPSS/Metasploit
-CVE-2007-3925,0.0,0.97368,Multiple buffer overflows in the IMAP service (imapd32.exe) in Ipswitch IMail Server 2006 before 2006.21 allow remote authenticated users to execute arbitrary code via the (1) Search or (2) Search Charset command.,2007-07-21 00:30:00.000,EPSS/Metasploit
+CVE-2007-3925,0.0,0.97321,Multiple buffer overflows in the IMAP service (imapd32.exe) in Ipswitch IMail Server 2006 before 2006.21 allow remote authenticated users to execute arbitrary code via the (1) Search or (2) Search Charset command.,2007-07-21 00:30:00.000,EPSS/Metasploit
 CVE-2007-3999,0.0,0.96876,"Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and some third-party applications that use krb5, allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long string in an RPC message.",2007-09-05 10:17:00.000,EPSS
 CVE-2007-4006,0.0,0.77003,"Buffer overflow in Mike Dubman Windows RSH daemon (rshd) 1.7 has unknown impact and remote attack vectors, aka ZD-00000034.  NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.",2007-07-26 00:30:00.000,Metasploit
 CVE-2007-4218,0.0,0.9682,"Multiple buffer overflows in the ServerProtect service (SpntSvc.exe) in Trend Micro ServerProtect for Windows before 5.58 Security Patch 4 allow remote attackers to execute arbitrary code via certain RPC requests to certain TCP ports that are processed by the (1) RPCFN_ENG_NewManualScan, (2) RPCFN_ENG_TimedNewManualScan, and (3) RPCFN_SetComputerName functions in (a) StRpcSrv.dll; the (4) RPCFN_CMON_SetSvcImpersonateUser and (5) RPCFN_OldCMON_SetSvcImpersonateUser functions in (b) Stcommon.dll; the (6) RPCFN_ENG_TakeActionOnAFile and (7) RPCFN_ENG_AddTaskExportLogItem functions in (c) Eng50.dll; the (8) NTF_SetPagerNotifyConfig function in (d) Notification.dll; or the (9) RPCFN_CopyAUSrc function in the (e) ServerProtect Agent service.",2007-08-22 23:17:00.000,EPSS
@@ -566,7 +567,7 @@ CVE-2007-4475,0.0,0.95173,Stack-based buffer overflow in EAI WebViewer3D ActiveX
 CVE-2007-4504,0.0,0.02171,Directory traversal vulnerability in index.php in the RSfiles component (com_rsfiles) 1.0.2 and earlier for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter in a files.display action.,2007-08-23 19:17:00.000,Nuclei
 CVE-2007-4515,0.0,0.85033,Buffer overflow in a certain ActiveX control in YVerInfo.dll before 2007.8.27.1 in the Yahoo! services suite for Yahoo! Messenger before 8.1.0.419 allows remote attackers to execute arbitrary code via unspecified vectors involving arguments to the (1) fvCom and (2) info methods.  NOTE: some of these details are obtained from third party information.,2007-08-31 22:17:00.000,Metasploit
 CVE-2007-4556,0.0,0.21361,"Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a ""%{"" sequence and ending with a ""}"" character.",2007-08-28 01:17:00.000,Nuclei
-CVE-2007-4560,0.0,0.96549,"clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the ""recipient field of sendmail.""",2007-08-28 01:17:00.000,EPSS/Metasploit
+CVE-2007-4560,0.0,0.9605,"clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the ""recipient field of sendmail.""",2007-08-28 01:17:00.000,EPSS/Metasploit
 CVE-2007-4599,0.0,0.95528,"Stack-based buffer overflow in RealNetworks RealPlayer 10 and possibly 10.5, and RealOne Player 1 and 2, for Windows allows remote attackers to execute arbitrary code via a crafted playlist (PLS) file.",2007-10-31 17:46:00.000,EPSS
 CVE-2007-4607,0.0,0.93712,"Buffer overflow in the EasyMailSMTPObj ActiveX control in emsmtp.dll 6.0.1 in the Quiksoft EasyMail SMTP Object, as used in Postcast Server Pro 3.0.61 and other products, allows remote attackers to execute arbitrary code via a long argument to the SubmitToExpress method, a different vulnerability than CVE-2007-1029. NOTE: this may have been fixed in version 6.0.3.15.",2007-08-31 00:17:00.000,Metasploit
 CVE-2007-4620,0.0,0.21199,"Multiple stack-based buffer overflows in Computer Associates (CA) Alert Notification Service (Alert.exe) 8.1.586.0, 8.0.450.0, and 7.1.758.0, as used in multiple CA products including Anti-Virus for the Enterprise 7.1 through r11.1 and Threat Manager for the Enterprise 8.1 and r8, allow remote authenticated users to execute arbitrary code via crafted RPC requests.",2008-04-07 18:44:00.000,Metasploit
@@ -600,9 +601,8 @@ CVE-2007-6165,0.0,0.11747,"Mail in Apple Mac OS X Leopard (10.5.1) allows user-a
 CVE-2007-6166,0.0,0.96642,"Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header.",2007-11-29 01:46:00.000,EPSS
 CVE-2007-6203,0.0,0.97199,"Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a ""413 Request Entity Too Large"" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.",2007-12-03 22:46:00.000,EPSS
 CVE-2007-6204,0.0,0.5182,"Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allow remote attackers to execute arbitrary code via unspecified long arguments to (1) ovlogin.exe, (2) OpenView5.exe, (3) snmpviewer.exe, and (4) webappmon.exe, as demonstrated via a long Action parameter to OpenView5.exe.",2007-12-13 21:46:00.000,Metasploit
-CVE-2007-6244,0.0,0.95915,Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0 allow remote attackers to inject arbitrary web script or HTML via (1) a SWF file that uses the asfunction: protocol or (2) the navigateToURL function when used with the Flash Player ActiveX Control in Internet Explorer.,2007-12-20 01:46:00.000,EPSS
 CVE-2007-6377,0.0,0.93067,Stack-based buffer overflow in the PassThru functionality in ext.dll in BadBlue 2.72b and earlier allows remote attackers to execute arbitrary code via a long query string.,2007-12-15 01:46:00.000,Metasploit
-CVE-2007-6507,0.0,0.97059,"SpntSvc.exe daemon in Trend Micro ServerProtect 5.58 for Windows, before Security Patch 4, exposes unspecified dangerous sub-functions from StRpcSrv.dll in the DCE/RPC interface, which allows remote attackers to obtain ""full file system access"" and execute arbitrary code.",2007-12-20 23:46:00.000,EPSS/Metasploit
+CVE-2007-6507,0.0,0.97151,"SpntSvc.exe daemon in Trend Micro ServerProtect 5.58 for Windows, before Security Patch 4, exposes unspecified dangerous sub-functions from StRpcSrv.dll in the DCE/RPC interface, which allows remote attackers to obtain ""full file system access"" and execute arbitrary code.",2007-12-20 23:46:00.000,EPSS/Metasploit
 CVE-2007-6509,0.0,0.79156,Unspecified vulnerability in Appian Enterprise Business Process Management (BPM) Suite 5.6 SP1 allows remote attackers to cause a denial of service via a crafted packet to port 5400/tcp.,2007-12-21 19:46:00.000,Metasploit
 CVE-2007-6530,0.0,0.91977,"Buffer overflow in the XUpload.ocx ActiveX control in Persits Software XUpload 2.1.0.1, and probably other versions before 3.0, as used by HP Mercury LoadRunner and Groove Virtual Office, allows remote attackers to execute arbitrary code via a long argument to the AddFolder function.",2007-12-27 22:46:00.000,Metasploit
 CVE-2007-6750,0.0,0.02293,"The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.",2011-12-27 18:55:00.970,Metasploit
@@ -663,7 +663,7 @@ CVE-2008-2247,0.0,0.96177,"Cross-site scripting (XSS) vulnerability in Outlook W
 CVE-2008-2248,0.0,0.96206,"Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified HTML, a different vulnerability than CVE-2008-2247.",2008-07-08 23:41:00.000,EPSS
 CVE-2008-2281,0.0,0.95822,"Cross-zone scripting vulnerability in the Print Table of Links feature in Internet Explorer 6.0, 7.0, and 8.0b allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via an HTML document with a link containing JavaScript sequences, which are evaluated by a resource script when a user prints this document.",2008-05-18 14:20:00.000,EPSS
 CVE-2008-2286,0.0,0.40176,SQL injection vulnerability in axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows remote attackers to execute arbitrary SQL commands via unspecified string fields in a notification packet.,2008-05-18 14:20:00.000,Metasploit
-CVE-2008-2398,0.0,0.00329,Cross-site scripting (XSS) vulnerability in index.php in AppServ Open Project 2.5.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the appservlang parameter.,2008-05-21 13:24:00.000,Nuclei
+CVE-2008-2398,0.0,0.00376,Cross-site scripting (XSS) vulnerability in index.php in AppServ Open Project 2.5.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the appservlang parameter.,2008-05-21 13:24:00.000,Nuclei
 CVE-2008-2439,0.0,0.0183,"Directory traversal vulnerability in the UpdateAgent function in TmListen.exe in the OfficeScanNT Listener service in the client in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1372, OfficeScan 8.0 SP1 before build 1222, OfficeScan 8.0 SP1 Patch 1 before build 3087, and Worry-Free Business Security 5.0 before build 1220 allows remote attackers to read arbitrary files via directory traversal sequences in an HTTP request.  NOTE: some of these details are obtained from third party information.",2008-10-03 15:07:10.633,Metasploit
 CVE-2008-2463,0.0,0.97123,"The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message, probably involving use of the SnapshotPath and CompressedPath properties and the PrintSnapshot method. NOTE: this can be leveraged for code execution by writing to a Startup folder.",2008-07-07 23:41:00.000,EPSS/Metasploit
 CVE-2008-2499,0.0,0.96914,"Stack-based buffer overflow in the Community Services Multiplexer (aka MUX or StMux.exe) in IBM Lotus Sametime 7.5.1 CF1 and earlier, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code via a crafted URL.",2008-05-29 16:32:00.000,EPSS/Metasploit
@@ -684,7 +684,7 @@ CVE-2008-3158,0.0,0.00084,"Unspecified vulnerability in NWFS.SYS in Novell Clien
 CVE-2008-3257,0.0,0.94038,"Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after ""POST /.jsp"" in an HTTP request.",2008-07-22 16:41:00.000,Metasploit
 CVE-2008-3263,0.0,0.9659,"The IAX2 protocol implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (call-number exhaustion and CPU consumption) by quickly sending a large number of IAX2 (IAX) POKE requests.",2008-07-22 23:41:00.000,EPSS
 CVE-2008-3431,8.8,0.00199,"The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to gain privileges by opening the \\.\VBoxDrv device and calling DeviceIoControl to send a crafted kernel address.",2008-08-05 19:41:00.000,CISA
-CVE-2008-3466,0.0,0.96856,"Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka ""HIS Command Execution Vulnerability.""",2008-10-15 00:12:15.740,EPSS/Metasploit
+CVE-2008-3466,0.0,0.96711,"Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka ""HIS Command Execution Vulnerability.""",2008-10-15 00:12:15.740,EPSS/Metasploit
 CVE-2008-3473,0.0,0.9509,"Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive information, via a crafted HTML document, aka ""Event Handling Cross-Domain Vulnerability.""",2008-10-15 00:12:15.803,EPSS
 CVE-2008-3475,8.8,0.96304,"Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka ""Uninitialized Memory Corruption Vulnerability.""",2008-10-15 00:12:15.833,EPSS
 CVE-2008-3558,0.0,0.92677,Stack-based buffer overflow in the WebexUCFObject ActiveX control in atucfobj.dll in Cisco WebEx Meeting Manager before 20.2008.2606.4919 allows remote attackers to execute arbitrary code via a long argument to the NewObject method.,2008-08-08 19:41:00.000,Metasploit
@@ -859,7 +859,7 @@ CVE-2009-2855,0.0,0.96495,The strListGetItem function in src/HttpHeaderTools.c i
 CVE-2009-2983,0.0,0.9532,"Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.",2009-10-19 22:30:00.313,EPSS
 CVE-2009-2990,0.0,0.97279,"Array index error in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow attackers to execute arbitrary code via unspecified vectors.",2009-10-19 22:30:00.483,EPSS/Metasploit
 CVE-2009-3023,0.0,0.97076,"Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption, aka ""IIS FTP Service RCE and DoS Vulnerability.""",2009-08-31 20:30:01.077,EPSS/Metasploit
-CVE-2009-3028,0.0,0.7268,"The Altiris eXpress NS SC Download ActiveX control in AeXNSPkgDLLib.dll, as used in Symantec Altiris Deployment Solution 6.9.x, Notification Server 6.0.x, and Symantec Management Platform 7.0.x exposes an unsafe method, which allows remote attackers to force the download of arbitrary files and possibly execute arbitrary code via the DownloadAndInstall method.",2011-03-07 21:00:01.110,Metasploit
+CVE-2009-3028,0.0,0.70535,"The Altiris eXpress NS SC Download ActiveX control in AeXNSPkgDLLib.dll, as used in Symantec Altiris Deployment Solution 6.9.x, Notification Server 6.0.x, and Symantec Management Platform 7.0.x exposes an unsafe method, which allows remote attackers to force the download of arbitrary files and possibly execute arbitrary code via the DownloadAndInstall method.",2011-03-07 21:00:01.110,Metasploit
 CVE-2009-3031,0.0,0.95977,"Stack-based buffer overflow in the BrowseAndSaveFile method in the Altiris eXpress NS ConsoleUtilities ActiveX control 6.0.0.1846 in AeXNSConsoleUtilities.dll in Symantec Altiris Notification Server (NS) 6.0 before R12, Deployment Server 6.8 and 6.9 in Symantec Altiris Deployment Solution 6.9 SP3, and Symantec Management Platform (SMP) 7.0 before SP3 allows remote attackers to execute arbitrary code via a long string in the second argument.",2009-11-03 16:30:10.077,EPSS/Metasploit
 CVE-2009-3033,0.0,0.95701,"Buffer overflow in the RunCmd method in the Altiris eXpress NS Console Utilities ActiveX control in AeXNSConsoleUtilities.dll in the web console in Symantec Altiris Deployment Solution 6.9.x, Altiris Notification Server 6.0.x, and Management Platform 7.0.x allows remote attackers to execute arbitrary code via a long string in the second argument.",2009-11-25 16:30:00.750,EPSS/Metasploit
 CVE-2009-3053,0.0,0.00509,"Directory traversal vulnerability in the Agora (com_agora) component 3.0.0b for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action parameter to the avatars page, reachable through index.php.",2009-09-03 17:30:10.187,Nuclei
@@ -924,7 +924,7 @@ CVE-2010-0072,0.0,0.96304,"Unspecified vulnerability in the Oracle Secure Backup
 CVE-2010-0094,0.0,0.9231,"Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.  NOTE: the previous information was obtained from the March 2010 CPU.  Oracle has not commented on claims from a reliable researcher that this is due to missing privilege checks during deserialization of RMIConnectionImpl objects, which allows remote attackers to call system-level Java functions via the ClassLoader of a constructor that is being deserialized.",2010-04-01 16:30:00.767,Metasploit
 CVE-2010-0110,0.0,0.95044,"Multiple stack-based buffer overflows in Intel Alert Management System (aka AMS or AMS2), as used in Symantec AntiVirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allow remote attackers to execute arbitrary code via (1) a long string to msgsys.exe, related to the AMSSendAlertAct function in AMSLIB.dll in the Intel Alert Handler service (aka Symantec Intel Handler service); a long (2) modem string or (3) PIN number to msgsys.exe, related to pagehndl.dll in the Intel Alert Handler service; or (4) a message to msgsys.exe, related to iao.exe in the Intel Alert Originator service.",2011-01-31 21:00:01.610,EPSS
 CVE-2010-0111,0.0,0.3662,"HDNLRSVC.EXE in the Intel Alert Handler service (aka Symantec Intel Handler service) in Intel Alert Management System (aka AMS or AMS2), as used in Symantec AntiVirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allows remote attackers to execute arbitrary programs by sending msgsys.exe a UNC share pathname, which is used directly in a CreateProcessA (aka CreateProcess) call.",2011-01-31 21:00:03.190,Metasploit
-CVE-2010-0112,0.0,0.96517,"Multiple SQL injection vulnerabilities in the Administrative Interface in the IIS extension in Symantec IM Manager before 8.4.16 allow remote attackers to execute arbitrary SQL commands via (1) the rdReport parameter to rdpageimlogic.aspx, related to the sGetDefinition function in rdServer.dll, and SQL statements contained within a certain report file; (2) unspecified parameters in a DetailReportGroup (aka DetailReportGroup.lgx) action to rdpageimlogic.aspx; the (3) selclause, (4) whereTrendTimeClause, (5) TrendTypeForReport, (6) whereProtocolClause, or (7) groupClause parameter in a SummaryReportGroup (aka SummaryReportGroup.lgx) action to rdpageimlogic.aspx; the (8) loginTimeStamp, (9) dbo, (10) dateDiffParam, or (11) whereClause parameter in a LoggedInUsers (aka LoggedInUSers.lgx) action to (a) rdpageimlogic.aspx or (b) rdPage.aspx; the (12) selclause, (13) whereTrendTimeClause, (14) TrendTypeForReport, (15) whereProtocolClause, or (16) groupClause parameter to rdpageimlogic.aspx; (17) the groupList parameter to IMAdminReportTrendFormRun.asp; or (18) the email parameter to IMAdminScheduleReport.asp.",2010-10-28 20:00:02.483,EPSS
+CVE-2010-0112,0.0,0.96512,"Multiple SQL injection vulnerabilities in the Administrative Interface in the IIS extension in Symantec IM Manager before 8.4.16 allow remote attackers to execute arbitrary SQL commands via (1) the rdReport parameter to rdpageimlogic.aspx, related to the sGetDefinition function in rdServer.dll, and SQL statements contained within a certain report file; (2) unspecified parameters in a DetailReportGroup (aka DetailReportGroup.lgx) action to rdpageimlogic.aspx; the (3) selclause, (4) whereTrendTimeClause, (5) TrendTypeForReport, (6) whereProtocolClause, or (7) groupClause parameter in a SummaryReportGroup (aka SummaryReportGroup.lgx) action to rdpageimlogic.aspx; the (8) loginTimeStamp, (9) dbo, (10) dateDiffParam, or (11) whereClause parameter in a LoggedInUsers (aka LoggedInUSers.lgx) action to (a) rdpageimlogic.aspx or (b) rdPage.aspx; the (12) selclause, (13) whereTrendTimeClause, (14) TrendTypeForReport, (15) whereProtocolClause, or (16) groupClause parameter to rdpageimlogic.aspx; (17) the groupList parameter to IMAdminReportTrendFormRun.asp; or (18) the email parameter to IMAdminScheduleReport.asp.",2010-10-28 20:00:02.483,EPSS
 CVE-2010-0157,0.0,0.278,Directory traversal vulnerability in the Bible Study (com_biblestudy) component 6.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter in a studieslist action to index.php.,2010-01-06 22:00:12.450,Nuclei
 CVE-2010-0188,7.8,0.16337,Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.,2010-02-22 13:00:02.127,CISA/Metasploit
 CVE-2010-0212,0.0,0.96508,"OpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schema_init.c, as demonstrated using the Codenomicon LDAPv3 test suite.",2010-07-28 12:48:51.683,EPSS
@@ -1024,9 +1024,9 @@ CVE-2010-1555,0.0,0.9611,"Stack-based buffer overflow in getnnmdata.exe in HP Op
 CVE-2010-1586,0.0,0.014,Open redirect vulnerability in red2301.html in HP System Management Homepage (SMH) 2.x.x.x allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the RedirectUrl parameter.,2010-04-28 22:30:00.917,Nuclei
 CVE-2010-1587,0.0,0.57013,"The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.",2010-04-28 22:30:00.947,Metasploit
 CVE-2010-1601,0.0,0.01299,Directory traversal vulnerability in the JA Comment (com_jacomment) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.,2010-04-29 17:30:00.590,Nuclei
-CVE-2010-1602,0.0,0.03451,Directory traversal vulnerability in the ZiMB Comment (com_zimbcomment) component 0.8.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.,2010-04-29 17:30:00.650,Nuclei
-CVE-2010-1603,0.0,0.03451,Directory traversal vulnerability in the ZiMB Core (aka ZiMBCore or com_zimbcore) component 0.1 in the ZiMB Manager collection for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.,2010-04-29 17:30:00.683,Nuclei
-CVE-2010-1607,0.0,0.01726,Directory traversal vulnerability in wmi.php in the Webmoney Web Merchant Interface (aka WMI or com_wmi) component 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.,2010-04-29 17:30:00.807,Nuclei
+CVE-2010-1602,0.0,0.03383,Directory traversal vulnerability in the ZiMB Comment (com_zimbcomment) component 0.8.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.,2010-04-29 17:30:00.650,Nuclei
+CVE-2010-1603,0.0,0.03383,Directory traversal vulnerability in the ZiMB Core (aka ZiMBCore or com_zimbcore) component 0.1 in the ZiMB Manager collection for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.,2010-04-29 17:30:00.683,Nuclei
+CVE-2010-1607,0.0,0.01383,Directory traversal vulnerability in wmi.php in the Webmoney Web Merchant Interface (aka WMI or com_wmi) component 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.,2010-04-29 17:30:00.807,Nuclei
 CVE-2010-1653,0.0,0.03527,Directory traversal vulnerability in graphics.php in the Graphics (com_graphics) component 1.0.6 and 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.  NOTE: some of these details are obtained from third party information.,2010-05-03 13:51:53.057,Nuclei
 CVE-2010-1657,0.0,0.01751,Directory traversal vulnerability in the SmartSite (com_smartsite) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.,2010-05-03 13:51:53.183,Nuclei
 CVE-2010-1658,0.0,0.01751,Directory traversal vulnerability in the Code-Garage NoticeBoard (com_noticeboard) component 1.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.,2010-05-03 13:51:53.247,Nuclei
@@ -1222,14 +1222,14 @@ CVE-2011-0647,0.0,0.96431,The irccd.exe service in EMC Replication Manager Clien
 CVE-2011-0654,0.0,0.95816,"Integer underflow in the BowserWriteErrorLogEntry function in the Common Internet File System (CIFS) browser service in Mrxsmb.sys or bowser.sys in Active Directory in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a malformed BROWSER ELECTION message, leading to a heap-based buffer overflow, aka ""Browser Pool Corruption Vulnerability."" NOTE: some of these details are obtained from third party information.",2011-02-16 01:00:02.617,EPSS/Metasploit
 CVE-2011-0657,0.0,0.82596,"DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process DNS queries, which allows remote attackers to execute arbitrary code via (1) a crafted LLMNR broadcast query or (2) a crafted application, aka ""DNS Query Vulnerability.""",2011-04-13 18:55:01.390,Metasploit
 CVE-2011-0762,0.0,0.18322,"The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632.",2011-03-02 20:00:01.770,Metasploit
-CVE-2011-0807,0.0,0.96304,"Unspecified vulnerability in Oracle Sun GlassFish Enterprise Server 2.1, 2.1.1, and 3.0.1, and Sun Java System Application Server 9.1, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Administration.",2011-04-20 03:14:06.583,EPSS
+CVE-2011-0807,0.0,0.96365,"Unspecified vulnerability in Oracle Sun GlassFish Enterprise Server 2.1, 2.1.1, and 3.0.1, and Sun Java System Application Server 9.1, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Administration.",2011-04-20 03:14:06.583,EPSS
 CVE-2011-0922,0.0,0.9648,The client in HP Data Protector allows remote attackers to execute arbitrary programs via an EXEC_SETUP command that references a UNC share pathname.,2011-02-09 01:00:09.667,EPSS/Metasploit
 CVE-2011-0923,0.0,0.97252,"The client in HP Data Protector does not properly validate EXEC_CMD arguments, which allows remote attackers to execute arbitrary Perl code via a crafted command, related to the ""local bin directory.""",2011-02-09 01:00:09.760,EPSS
 CVE-2011-0951,0.0,0.01466,"The web-based management interface in Cisco Secure Access Control System (ACS) 5.1 before 5.1.0.44.6 and 5.2 before 5.2.0.26.3 allows remote attackers to change arbitrary user passwords via unspecified vectors, aka Bug ID CSCtl77440.",2011-04-04 12:27:36.843,Metasploit
 CVE-2011-0976,0.0,0.95106,"Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and PowerPoint Viewer 2007 SP2 do not properly handle Office Art containers that have invalid records, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a PowerPoint document with a container that triggers certain access to an uninitialized object, aka ""OfficeArt Atom RCE Vulnerability.""",2011-02-10 19:00:01.753,EPSS
 CVE-2011-0997,0.0,0.9679,"dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script.",2011-04-08 15:17:27.387,EPSS
 CVE-2011-1140,0.0,0.02073,"Multiple stack consumption vulnerabilities in the dissect_ms_compressed_string and dissect_mscldap_string functions in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allow remote attackers to cause a denial of service (infinite recursion) via a crafted (1) SMB or (2) Connection-less LDAP (CLDAP) packet.",2011-03-03 01:00:01.457,Metasploit
-CVE-2011-1220,0.0,0.97378,"Stack-based buffer overflow in lcfd.exe in Tivoli Endpoint in IBM Tivoli Management Framework 3.7.1, 4.1, 4.1.1, and 4.3.1 allows remote authenticated users to execute arbitrary code via a long opts field.",2011-06-02 20:55:02.637,EPSS/Metasploit
+CVE-2011-1220,0.0,0.97153,"Stack-based buffer overflow in lcfd.exe in Tivoli Endpoint in IBM Tivoli Management Framework 3.7.1, 4.1, 4.1.1, and 4.3.1 allows remote authenticated users to execute arbitrary code via a long opts field.",2011-06-02 20:55:02.637,EPSS/Metasploit
 CVE-2011-1260,0.0,0.9733,"Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka ""Layout Memory Corruption Vulnerability.""",2011-06-16 20:55:01.853,EPSS/Metasploit
 CVE-2011-1276,0.0,0.95662,"Buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Excel spreadsheet, related to improper validation of record information, aka ""Excel Buffer Overrun Vulnerability.""",2011-06-16 20:55:02.213,EPSS
 CVE-2011-1485,0.0,0.0007,"Race condition in the pkexec utility and polkitd daemon in PolicyKit (aka polkit) 0.96 allows local users to gain privileges by executing a setuid program from pkexec, related to the use of the effective user ID instead of the real user ID.",2011-05-31 20:55:02.313,Metasploit
@@ -1255,7 +1255,7 @@ CVE-2011-1991,0.0,0.96616,"Multiple untrusted search path vulnerabilities in Mic
 CVE-2011-1996,0.0,0.93716,"Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka ""Option Element Remote Code Execution Vulnerability.""",2011-10-12 02:52:43.597,Metasploit
 CVE-2011-1999,0.0,0.95296,"Microsoft Internet Explorer 8 does not properly allocate and access memory, which allows remote attackers to execute arbitrary code via vectors involving a ""dereferenced memory address,"" aka ""Select Element Remote Code Execution Vulnerability.""",2011-10-12 02:52:43.737,EPSS
 CVE-2011-2005,7.8,0.04978,"afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka ""Ancillary Function Driver Elevation of Privilege Vulnerability.""",2011-10-12 02:52:43.910,CISA/Metasploit
-CVE-2011-2039,0.0,0.79809,"The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.185 on Windows, and on Windows Mobile, downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a certain ActiveX control in vpnweb.ocx, aka Bug ID CSCsy00904.",2011-06-02 19:55:04.373,Metasploit
+CVE-2011-2039,0.0,0.80718,"The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.185 on Windows, and on Windows Mobile, downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a certain ActiveX control in vpnweb.ocx, aka Bug ID CSCsy00904.",2011-06-02 19:55:04.373,Metasploit
 CVE-2011-2089,0.0,0.50753,Stack-based buffer overflow in the SetActiveXGUID method in the VersionInfo ActiveX control in GenVersion.dll 8.0.138.0 in the WebHMI subsystem in ICONICS BizViz 9.x before 9.22 and GENESIS32 9.x before 9.22 allows remote attackers to execute arbitrary code via a long string in the argument.  NOTE: some of these details are obtained from third party information.,2011-05-13 17:05:45.643,Metasploit
 CVE-2011-2110,0.0,0.97046,"Adobe Flash Player before 10.3.181.26 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.23 and earlier on Android, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in June 2011.",2011-06-16 23:55:02.120,EPSS/Metasploit
 CVE-2011-2140,0.0,0.94775,"Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2417, and CVE-2011-2425.",2011-08-10 22:55:00.890,Metasploit
@@ -1264,7 +1264,7 @@ CVE-2011-2261,0.0,0.95519,"Unspecified vulnerability in the Oracle Secure Backup
 CVE-2011-2371,0.0,0.95687,"Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Array object.",2011-06-30 16:55:05.333,EPSS/Metasploit
 CVE-2011-2386,0.0,0.91429,"VisiWaveReport.exe in AZO Technologies, Inc. VisiWave Site Survey before 2.1.9 allows user-assisted remote attackers to execute arbitrary code via a (1) vws and (2) vwr file with an invalid Type property, which triggers an untrusted pointer dereference.",2011-06-08 10:36:14.573,Metasploit
 CVE-2011-2404,0.0,0.81915,"A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-4786 and CVE-2011-4787.",2011-08-11 22:55:01.037,Metasploit
-CVE-2011-2462,9.8,0.96921,"Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.",2011-12-07 19:55:01.673,EPSS/CISA/Metasploit
+CVE-2011-2462,9.8,0.97039,"Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.",2011-12-07 19:55:01.673,EPSS/CISA/Metasploit
 CVE-2011-2474,0.0,0.02371,Directory traversal vulnerability in the HTTP Server in Sybase EAServer 6.3.1 Developer Edition allows remote attackers to read arbitrary files via a /.\../\../\ sequence in a path.,2011-06-09 21:55:01.557,Metasploit
 CVE-2011-2523,9.8,0.89184,vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.,2019-11-27 21:15:12.387,Nuclei
 CVE-2011-2595,0.0,0.90421,Multiple stack-based buffer overflows in ACDSee FotoSlate 4.0 Build 146 allow remote attackers to execute arbitrary code via a long id parameter in a (1) String or (2) Int tag in a FotoSlate Project (aka PLP) file.,2011-09-14 17:17:03.880,Metasploit
@@ -1320,7 +1320,7 @@ CVE-2011-4063,0.0,0.96549,"chan_sip.c in the SIP channel driver in Asterisk Open
 CVE-2011-4075,0.0,0.36379,"The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to execute arbitrary PHP code via the orderby parameter (aka sortby variable) in a query_engine action to cmd.php, as exploited in the wild in October 2011.",2011-11-02 17:55:01.387,Metasploit
 CVE-2011-4166,0.0,0.96212,Directory traversal vulnerability in the MPAUploader.Uploader.1.UploadFiles method in HP Managed Printing Administration before 2.6.4 allows remote attackers to create arbitrary files via crafted form data.,2011-12-27 04:01:39.670,EPSS/Metasploit
 CVE-2011-4336,6.1,0.00203,"Tiki Wiki CMS Groupware 7.0 has XSS via the GET ""ajax"" parameter to snarf_ajax.php.",2020-01-15 14:15:11.433,Nuclei
-CVE-2011-4350,6.5,0.18744,Yaws 1.91 has a directory traversal vulnerability in the way certain URLs are processed. A remote authenticated user could use this flaw to obtain content of arbitrary local files via specially-crafted URL request.,2019-11-26 05:15:14.537,Metasploit
+CVE-2011-4350,6.5,0.21054,Yaws 1.91 has a directory traversal vulnerability in the way certain URLs are processed. A remote authenticated user could use this flaw to obtain content of arbitrary local files via specially-crafted URL request.,2019-11-26 05:15:14.537,Metasploit
 CVE-2011-4404,0.0,0.96627,"The default configuration of the HTTP server in Jetty in vSphere Update Manager in VMware vCenter Update Manager 4.0 before Update 4 and 4.1 before Update 2 allows remote attackers to conduct directory traversal attacks and read arbitrary files via unspecified vectors, a related issue to CVE-2009-1523.",2011-11-19 03:58:55.760,EPSS/Metasploit
 CVE-2011-4451,0.0,0.01626,"libs/Wakka.class.php in WikkaWiki 1.3.1 and 1.3.2, when the spam_logging option is enabled, allows remote attackers to write arbitrary PHP code to the spamlog_path file via the User-Agent HTTP header in an addcomment request.  NOTE: the vendor disputes this issue because the rendering of the spamlog_path file never uses the PHP interpreter",2012-09-05 20:55:01.240,Metasploit
 CVE-2011-4453,0.0,0.90569,"The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP create_function function.",2011-12-22 15:29:20.357,Metasploit
@@ -1380,7 +1380,8 @@ CVE-2012-0151,7.8,0.88098,"The Authenticode Signature Verification function in M
 CVE-2012-0155,0.0,0.96504,"Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka ""VML Remote Code Execution Vulnerability.""",2012-02-14 22:55:02.113,EPSS
 CVE-2012-0158,8.8,0.97421,"The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2003 Web Components SP3; SQL Server 2000 SP4, 2005 SP4, and 2008 SP2, SP3, and R2; BizTalk Server 2002 SP1; Commerce Server 2002 SP4, 2007 SP2, and 2009 Gold and R2; Visual FoxPro 8.0 SP1 and 9.0 SP2; and Visual Basic 6.0 Runtime allow remote attackers to execute arbitrary code via a crafted (a) web site, (b) Office document, or (c) .rtf file that triggers ""system state"" corruption, as exploited in the wild in April 2012, aka ""MSCOMCTL.OCX RCE Vulnerability.""",2012-04-10 21:55:01.687,EPSS/CISA/Metasploit
 CVE-2012-0171,0.0,0.9581,"Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka ""SelectAll Remote Code Execution Vulnerability.""",2012-04-10 21:55:01.970,EPSS
-CVE-2012-0185,0.0,0.95171,"Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers incorrect handling of memory during opening, aka ""Excel MergeCells Record Heap Overflow Vulnerability.""",2012-05-09 00:55:01.943,EPSS
+CVE-2012-0183,0.0,0.9512,"Microsoft Word 2003 SP3 and 2007 SP2 and SP3, Office 2008 and 2011 for Mac, and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka ""RTF Mismatch Vulnerability.""",2012-05-09 00:55:01.867,EPSS
+CVE-2012-0185,0.0,0.95241,"Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers incorrect handling of memory during opening, aka ""Excel MergeCells Record Heap Overflow Vulnerability.""",2012-05-09 00:55:01.943,EPSS
 CVE-2012-0198,0.0,0.9657,Stack-based buffer overflow in the RunAndUploadFile method in the Isig.isigCtl.1 ActiveX control in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 allows remote attackers to execute arbitrary code via vectors related to an Asset Information file.,2012-03-06 04:18:03.063,EPSS/Metasploit
 CVE-2012-0201,0.0,0.91784,Stack-based buffer overflow in pcspref.dll in pcsws.exe in IBM Personal Communications 5.9.x before 5.9.8 and 6.0.x before 6.0.4 might allow remote attackers to execute arbitrary code via a long profile string in a WorkStation (aka .ws) file.,2012-03-02 11:55:00.853,Metasploit
 CVE-2012-0202,0.0,0.96972,Multiple stack-based buffer overflows in tm1admsd.exe in the Admin Server in IBM Cognos TM1 9.4.x and 9.5.x before 9.5.2 FP2 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted data.,2012-05-04 16:55:01.137,EPSS/Metasploit
@@ -1552,7 +1553,7 @@ CVE-2012-4889,0.0,0.02774,"Multiple cross-site scripting (XSS) vulnerabilities i
 CVE-2012-4914,0.0,0.81029,Stack-based buffer overflow in the reader in CoolPDF 3.0.2.256 allows remote attackers to execute arbitrary code via a PDF document with a crafted stream.,2013-01-26 23:55:01.103,Metasploit
 CVE-2012-4915,0.0,0.90192,Directory traversal vulnerability in the Google Doc Embedder plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to libs/pdf.php.,2014-05-29 14:19:06.487,Metasploit
 CVE-2012-4924,0.0,0.94215,Buffer overflow in the CxDbgPrint function in the ipswcom.dll ActiveX component 1.0.0.1 for ASUS Net4Switch 1.0.0020 allows remote attackers to execute arbitrary code via a long parameter to the Alert method.,2012-09-15 17:55:07.473,Metasploit
-CVE-2012-4933,0.0,0.97115,"The rtrlet web application in the Web Console in Novell ZENworks Asset Management (ZAM) 7.5 uses a hard-coded username of Ivanhoe and a hard-coded password of Scott for the (1) GetFile_Password and (2) GetConfigInfo_Password operations, which allows remote attackers to obtain sensitive information via a crafted rtrlet/rtr request for the HandleMaintenanceCalls function.",2012-10-20 18:55:01.303,EPSS
+CVE-2012-4933,0.0,0.96873,"The rtrlet web application in the Web Console in Novell ZENworks Asset Management (ZAM) 7.5 uses a hard-coded username of Ivanhoe and a hard-coded password of Scott for the (1) GetFile_Password and (2) GetConfigInfo_Password operations, which allows remote attackers to obtain sensitive information via a crafted rtrlet/rtr request for the HandleMaintenanceCalls function.",2012-10-20 18:55:01.303,EPSS
 CVE-2012-4940,0.0,0.17305,"Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. (dot dot) in (1) the fileName parameter in a download action to source/loggin/page_log_dwn_file.hsp, or the fileName parameter in (2) an edit action or (3) a delete action to the default URI.",2012-10-31 19:55:00.983,Metasploit/Nuclei
 CVE-2012-4956,0.0,0.10796,Heap-based buffer overflow in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to execute arbitrary code via a large number of VOL elements in an SRS record.,2012-11-18 19:55:01.337,Metasploit
 CVE-2012-4957,0.0,0.95431,Absolute path traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbitrary files via a /FSF/CMD request with a full pathname in a PATH element of an SRS record.,2012-11-18 19:55:01.417,EPSS/Metasploit
@@ -1999,7 +2000,7 @@ CVE-2014-7169,9.8,0.87505,"GNU Bash through 4.3 bash43-025 processes trailing st
 CVE-2014-7186,0.0,0.97467,"The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here documents, aka the ""redir_stack"" issue.",2014-09-28 19:55:06.223,EPSS
 CVE-2014-7187,0.0,0.97281,"Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the ""word_lineno"" issue.",2014-09-28 19:55:06.270,EPSS
 CVE-2014-7205,0.0,0.8953,Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for the hapi server framework for Node.js allows remote attackers to execute arbitrary Javascript code via unspecified vectors.,2014-10-08 17:55:05.217,Metasploit
-CVE-2014-7228,0.0,0.94685,"Akeeba Restore (restore.php), as used in Joomla! 2.5.4 through 2.5.25, 3.x through 3.2.5, and 3.3.0 through 3.3.4; Akeeba Backup for Joomla! Professional 3.0.0 through 4.0.2; Backup Professional for WordPress 1.0.b1 through 1.1.3; Solo 1.0.b1 through 1.1.2; Admin Tools Core and Professional 2.0.0 through 2.4.4; and CMS Update 1.0.a1 through 1.0.1, when performing a backup or update for an archive, does not delete parameters from $_GET and $_POST when it is cleansing $_REQUEST, but later accesses $_GET and $_POST using the getQueryParam function, which allows remote attackers to bypass encryption and execute arbitrary code via a command message that extracts a crafted archive.",2014-11-03 22:55:08.413,Metasploit
+CVE-2014-7228,0.0,0.95274,"Akeeba Restore (restore.php), as used in Joomla! 2.5.4 through 2.5.25, 3.x through 3.2.5, and 3.3.0 through 3.3.4; Akeeba Backup for Joomla! Professional 3.0.0 through 4.0.2; Backup Professional for WordPress 1.0.b1 through 1.1.3; Solo 1.0.b1 through 1.1.2; Admin Tools Core and Professional 2.0.0 through 2.4.4; and CMS Update 1.0.a1 through 1.0.1, when performing a backup or update for an archive, does not delete parameters from $_GET and $_POST when it is cleansing $_REQUEST, but later accesses $_GET and $_POST using the getQueryParam function, which allows remote attackers to bypass encryption and execute arbitrary code via a command message that extracts a crafted archive.",2014-11-03 22:55:08.413,EPSS/Metasploit
 CVE-2014-7236,9.1,0.93978,Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary Perl code via the debugenableplugins parameter to do/view/Main/WebHome.,2020-02-17 22:15:11.483,Metasploit
 CVE-2014-7285,0.0,0.47938,The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts.,2014-12-17 16:59:00.067,Metasploit
 CVE-2014-7816,0.0,0.04584,"Directory traversal vulnerability in JBoss Undertow 1.0.x before 1.0.17, 1.1.x before 1.1.0.CR5, and 1.2.x before 1.2.0.Beta3, when running on Windows, allows remote attackers to read arbitrary files via a .. (dot dot) in a resource URI.",2014-12-01 15:59:06.610,Metasploit
@@ -2048,7 +2049,7 @@ CVE-2014-9163,0.0,0.07166,"Stack-based buffer overflow in Adobe Flash Player bef
 CVE-2014-9180,0.0,0.00214,Open redirect vulnerability in go.php in Eleanor CMS allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the QUERY_STRING.,2014-12-02 16:59:17.087,Nuclei
 CVE-2014-9195,0.0,0.058,"Phoenix Contact ProConOs and MultiProg do not require authentication, which allows remote attackers to execute arbitrary commands via protocol-compliant traffic.",2015-01-17 02:59:05.630,Metasploit
 CVE-2014-9222,0.0,0.97186,"AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows remote attackers to gain privileges via a crafted cookie that triggers memory corruption, aka the ""Misfortune Cookie"" vulnerability.",2014-12-24 18:59:06.607,EPSS
-CVE-2014-9295,0.0,0.96624,"Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function.",2014-12-20 02:59:02.693,EPSS
+CVE-2014-9295,0.0,0.96449,"Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function.",2014-12-20 02:59:02.693,EPSS
 CVE-2014-9308,0.0,0.91447,"Unrestricted file upload vulnerability in inc/amfphp/administration/banneruploaderscript.php in the WP EasyCart (aka WordPress Shopping Cart) plugin before 3.0.9 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in products/banners/.",2015-01-15 15:59:17.450,Metasploit
 CVE-2014-9312,0.0,0.84822,Unrestricted File Upload vulnerability in Photo Gallery 1.2.5.,2017-08-28 15:29:00.640,Metasploit
 CVE-2014-9375,0.0,0.95978,Directory traversal vulnerability in the LibraryFileUploadServlet servlet in Lexmark Markvision Enterprise allows remote authenticated users to write to and execute arbitrary files via a .. (dot dot) in a file path in a ZIP archive.,2015-02-16 15:59:00.057,EPSS
@@ -2767,8 +2768,8 @@ CVE-2017-7924,0.0,0.00205,"An Improper Input Validation issue was discovered in
 CVE-2017-7925,0.0,0.31992,"A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The password in configuration file vulnerability was identified, which could lead to a malicious user assuming the identity of a privileged user and gaining access to sensitive information.",2017-05-06 00:29:00.427,Nuclei
 CVE-2017-8229,0.0,0.89427,"Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices allow an unauthenticated attacker to download the administrative credentials. If the firmware version V2.420.AC00.16.R 9/9/2016 is dissected using binwalk tool, one obtains a _user-x.squashfs.img.extracted archive which contains the filesystem set up on the device that many of the binaries in the /usr folder. The binary ""sonia"" is the one that has the vulnerable function that sets up the default credentials on the device. If one opens this binary in IDA-pro one will notice that this follows a ARM little endian format. The function sub_436D6 in IDA pro is identified to be setting up the configuration for the device. If one scrolls to the address 0x000437C2 then one can see that /current_config is being set as an ALIAS for /mnt/mtd/Config folder on the device. If one TELNETs into the device and navigates to /mnt/mtd/Config folder, one can observe that it contains various files such as Account1, Account2, SHAACcount1, etc. This means that if one navigates to http://[IPofcamera]/current_config/Sha1Account1 then one should be able to view the content of the files. The security researchers assumed that this was only possible only after authentication to the device. However, when unauthenticated access tests were performed for the same URL as provided above, it was observed that the device file could be downloaded without any authentication.",2019-07-03 20:15:10.633,Nuclei
 CVE-2017-8291,7.8,0.5219,"Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a ""/OutputFile (%pipe%"" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.",2017-04-27 01:59:02.057,CISA/Metasploit
-CVE-2017-8461,7.8,0.31969,"Windows RPC with Routing and Remote Access enabled in Windows XP and Windows Server 2003 allows an attacker to execute code on a targeted RPC server which has Routing and Remote Access enabled via a specially crafted application, aka ""Windows RPC Remote Code Execution Vulnerability.""",2017-06-15 20:29:00.237,Metasploit
-CVE-2017-8464,0.0,0.9747,"Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows local users or remote attackers to execute arbitrary code via a crafted .LNK file, which is not properly handled during icon display in Windows Explorer or any other application that parses the icon of the shortcut. aka ""LNK Remote Code Execution Vulnerability.""",2017-06-15 01:29:02.727,EPSS/CISA
+CVE-2017-8461,7.8,0.30047,"Windows RPC with Routing and Remote Access enabled in Windows XP and Windows Server 2003 allows an attacker to execute code on a targeted RPC server which has Routing and Remote Access enabled via a specially crafted application, aka ""Windows RPC Remote Code Execution Vulnerability.""",2017-06-15 20:29:00.237,Metasploit
+CVE-2017-8464,0.0,0.97423,"Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows local users or remote attackers to execute arbitrary code via a crafted .LNK file, which is not properly handled during icon display in Windows Explorer or any other application that parses the icon of the shortcut. aka ""LNK Remote Code Execution Vulnerability.""",2017-06-15 01:29:02.727,EPSS/CISA
 CVE-2017-8540,7.8,0.94557,"The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka ""Microsoft Malware Protection Engine Remote Code Execution Vulnerability"", a different vulnerability than CVE-2017-8538 and CVE-2017-8541.",2017-05-26 20:29:00.427,CISA
 CVE-2017-8543,0.0,0.45986,"Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to take control of the affected system when Windows Search fails to handle objects in memory, aka ""Windows Search Remote Code Execution Vulnerability"".",2017-06-15 01:29:04.490,CISA
 CVE-2017-8570,0.0,0.97276,"Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka ""Microsoft Office Remote Code Execution Vulnerability"". This CVE ID is unique from CVE-2017-0243.",2017-07-11 21:29:01.267,EPSS/CISA
@@ -2789,7 +2790,7 @@ CVE-2017-9288,0.0,0.00168,The Raygun4WP plugin 1.8.0 for WordPress is vulnerable
 CVE-2017-9416,0.0,0.01187,"Directory traversal vulnerability in tools.file_open in Odoo 8.0, 9.0, and 10.0 allows remote authenticated users to read arbitrary local files readable by the Odoo service.",2017-06-04 21:29:00.420,Nuclei
 CVE-2017-9462,8.8,0.02037,"In Mercurial before 4.1.3, ""hg serve --stdio"" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name.",2017-06-06 21:29:00.393,Metasploit
 CVE-2017-9506,0.0,0.00575,The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).,2017-08-23 19:29:00.197,Nuclei
-CVE-2017-9554,0.0,0.02945,An information exposure vulnerability in forget_passwd.cgi in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to enumerate valid usernames via unspecified vectors.,2017-07-24 20:29:00.263,Metasploit
+CVE-2017-9554,0.0,0.02973,An information exposure vulnerability in forget_passwd.cgi in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to enumerate valid usernames via unspecified vectors.,2017-07-24 20:29:00.263,Metasploit
 CVE-2017-9757,0.0,0.79357,"IPFire 2.19 has a Remote Command Injection vulnerability in ids.cgi via the OINKCODE parameter, which is mishandled by a shell. This can be exploited directly by authenticated users, or through CSRF.",2017-06-19 13:29:00.193,Metasploit
 CVE-2017-9769,9.8,0.2321,A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse 2.20.15.1104 that is forwarded to ZwOpenProcess allowing a handle to be opened to an arbitrary process.,2017-08-02 19:29:01.100,Metasploit
 CVE-2017-9791,9.8,0.97453,The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.,2017-07-10 16:29:00.277,EPSS/CISA/Metasploit/Nuclei
@@ -2819,14 +2820,13 @@ CVE-2018-0180,5.9,0.00139,"Multiple vulnerabilities in the Login Enhancements (L
 CVE-2018-0296,7.5,0.97435,"A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software releases that the ASA will not reload, but an attacker could view sensitive system information without authentication by using directory traversal techniques. The vulnerability is due to lack of proper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to cause a DoS condition or unauthenticated disclosure of information. This vulnerability applies to IPv4 and IPv6 HTTP traffic. This vulnerability affects Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software that is running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 1000V Cloud Firewall, ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module, FTD Virtual (FTDv). Cisco Bug IDs: CSCvi16029.",2018-06-07 12:29:00.403,EPSS/CISA/Metasploit/Nuclei
 CVE-2018-0706,0.0,0.01413,Exposure of Private Information in QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to access sensitive information.,2018-07-17 01:29:02.983,Metasploit
 CVE-2018-0707,0.0,0.04822,Command injection vulnerability in change password of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.,2018-07-17 01:29:03.060,Metasploit
-CVE-2018-0767,0.0,0.95681,"Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2018-0780 and CVE-2018-0800.",2018-01-04 14:29:00.893,EPSS
-CVE-2018-0769,0.0,0.9514,"Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.",2018-01-04 14:29:00.973,EPSS
-CVE-2018-0770,0.0,0.9514,"Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.",2018-01-04 14:29:01.003,EPSS
-CVE-2018-0774,0.0,0.9514,"Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.",2018-01-04 14:29:01.127,EPSS
-CVE-2018-0775,0.0,0.9514,"Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.",2018-01-04 14:29:01.177,EPSS
-CVE-2018-0776,0.0,0.9514,"Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.",2018-01-04 14:29:01.207,EPSS
-CVE-2018-0777,0.0,0.9514,"Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0778, and CVE-2018-0781.",2018-01-04 14:29:01.253,EPSS
-CVE-2018-0780,0.0,0.95236,"Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2018-0767 and CVE-2018-0800.",2018-01-04 14:29:01.330,EPSS
+CVE-2018-0767,0.0,0.95555,"Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2018-0780 and CVE-2018-0800.",2018-01-04 14:29:00.893,EPSS
+CVE-2018-0769,0.0,0.95355,"Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.",2018-01-04 14:29:00.973,EPSS
+CVE-2018-0770,0.0,0.95355,"Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.",2018-01-04 14:29:01.003,EPSS
+CVE-2018-0774,0.0,0.95355,"Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.",2018-01-04 14:29:01.127,EPSS
+CVE-2018-0775,0.0,0.95355,"Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.",2018-01-04 14:29:01.177,EPSS
+CVE-2018-0776,0.0,0.95355,"Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.",2018-01-04 14:29:01.207,EPSS
+CVE-2018-0777,0.0,0.95355,"Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0778, and CVE-2018-0781.",2018-01-04 14:29:01.253,EPSS
 CVE-2018-0798,0.0,0.88308,"Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka ""Microsoft Office Memory Corruption Vulnerability"".",2018-01-10 01:29:00.713,CISA
 CVE-2018-0802,7.8,0.96498,"Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka ""Microsoft Office Memory Corruption Vulnerability"". This CVE is unique from CVE-2018-0797 and CVE-2018-0812.",2018-01-10 01:29:00.820,EPSS/CISA
 CVE-2018-0824,8.8,0.97001,"A remote code execution vulnerability exists in ""Microsoft COM for Windows"" when it fails to properly handle serialized objects, aka ""Microsoft COM for Windows Remote Code Execution Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.",2018-05-09 19:29:00.370,EPSS/CISA/Metasploit
@@ -2856,7 +2856,7 @@ CVE-2018-10230,0.0,0.00106,"Zend Debugger in Zend Server before 9.1.3 has XSS, a
 CVE-2018-1038,0.0,0.97081,"The Windows kernel in Windows 7 SP1 and Windows Server 2008 R2 SP1 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka ""Windows Kernel Elevation of Privilege Vulnerability.""",2018-04-02 13:29:00.217,EPSS
 CVE-2018-10561,0.0,0.96971,"An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending ""?images"" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the device.",2018-05-04 03:29:00.227,EPSS/CISA
 CVE-2018-10562,0.0,0.97423,"An issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html, it's quite simple to execute commands and retrieve their output.",2018-05-04 03:29:00.287,EPSS/CISA/Nuclei
-CVE-2018-10583,0.0,0.29288,"An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document.",2018-05-01 16:29:00.383,Metasploit
+CVE-2018-10583,0.0,0.31011,"An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document.",2018-05-01 16:29:00.383,Metasploit
 CVE-2018-10594,0.0,0.6083,"Delta Industrial Automation COMMGR from Delta Electronics versions 1.08 and prior with accompanying PLC Simulators (DVPSimulator EH2, EH3, ES2, SE, SS2 and AHSIM_5x0, AHSIM_5x1) utilize a fixed-length stack buffer where an unverified length value can be read from the network packets via a specific network port, causing the buffer to be overwritten. This may allow remote code execution, cause the application to crash, or result in a denial-of-service condition in the application server.",2018-06-26 20:29:00.227,Metasploit
 CVE-2018-10660,0.0,0.09171,An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection.,2018-06-26 18:29:00.340,Metasploit
 CVE-2018-10661,0.0,0.1054,An issue was discovered in multiple models of Axis IP Cameras. There is a bypass of access control.,2018-06-26 18:29:00.387,Metasploit
@@ -2920,7 +2920,7 @@ CVE-2018-1418,0.0,0.0742,IBM Security QRadar SIEM 7.2 and 7.3 could allow a user
 CVE-2018-14474,0.0,0.00063,views/auth.go in Orange Forum 1.4.0 allows Open Redirection via the next parameter to /login or /signup.,2018-07-20 18:29:00.277,Nuclei
 CVE-2018-14558,0.0,0.93619,"An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted goform/setUsbUnload request. This occurs because the ""formsetUsbUnload"" function executes a dosystemCmd function with untrusted input.",2018-10-30 18:29:00.580,CISA
 CVE-2018-14574,0.0,0.00628,django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect.,2018-08-03 17:29:00.250,Nuclei
-CVE-2018-14667,9.8,0.79976,"The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData.",2018-11-06 22:29:00.193,CISA
+CVE-2018-14667,9.8,0.7977,"The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData.",2018-11-06 22:29:00.193,CISA
 CVE-2018-14699,0.0,0.95067,"System command injection in the /DroboAccess/enable_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the ""username"" URL parameter.",2018-12-03 22:29:00.387,EPSS
 CVE-2018-14701,0.0,0.9525,"System command injection in the /DroboAccess/delete_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the ""username"" URL parameter.",2018-12-03 22:29:00.467,EPSS
 CVE-2018-14706,0.0,0.95067,System command injection in the /DroboPix/api/drobopix/demo endpoint on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the payload in a POST request.,2018-12-03 22:29:00.637,EPSS
@@ -2976,7 +2976,7 @@ CVE-2018-17254,9.8,0.79634,The JCK Editor component 6.4.4 for Joomla! allows SQL
 CVE-2018-17408,0.0,0.58849,Stack-based buffer overflows in Zahir Accounting Enterprise Plus 6 through build 10b allow remote attackers to execute arbitrary code via a crafted CSV file that is accessed through the Import CSV File menu.,2018-10-03 20:29:07.957,Metasploit
 CVE-2018-17422,0.0,0.00118,dotCMS before 5.0.2 has open redirects via the html/common/forward_js.jsp FORWARD_URL parameter or the html/portlet/ext/common/page_preview_popup.jsp hostname parameter.,2019-03-07 23:29:01.000,Nuclei
 CVE-2018-17431,9.8,0.13246,Web Console in Comodo UTM Firewall before 2.7.0 allows remote attackers to execute arbitrary code without authentication via a crafted URL.,2019-01-30 15:29:04.490,Nuclei
-CVE-2018-17456,0.0,0.27604,"Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive ""git clone"" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.",2018-10-06 14:29:00.300,Metasploit
+CVE-2018-17456,0.0,0.31307,"Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive ""git clone"" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.",2018-10-06 14:29:00.300,Metasploit
 CVE-2018-17463,8.8,0.97046,Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.,2018-11-14 15:29:00.297,EPSS/CISA/Metasploit
 CVE-2018-17480,8.8,0.8674,Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.,2018-12-11 16:29:00.623,CISA
 CVE-2018-17552,0.0,0.07792,SQL Injection in login.php in Naviwebs Navigate CMS 2.8 allows remote attackers to bypass authentication via the navigate-user cookie.,2018-10-03 20:29:13.507,Metasploit
@@ -3202,7 +3202,7 @@ CVE-2019-1069,0.0,0.00434,"An elevation of privilege vulnerability exists in the
 CVE-2019-10692,9.8,0.97058,"In the wp-google-maps plugin before 7.11.18 for WordPress, includes/class.rest-api.php in the REST API does not sanitize field names before a SELECT statement.",2019-04-02 18:30:20.927,EPSS/Metasploit/Nuclei
 CVE-2019-10717,0.0,0.0048,BlogEngine.NET 3.3.7.0 allows /api/filemanager Directory Traversal via the path parameter.,2019-07-03 16:15:10.770,Nuclei
 CVE-2019-10758,9.9,0.97448,mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method. A misuse of the `vm` dependency to perform `exec` commands in a non-safe environment.,2019-12-24 22:15:11.183,EPSS/CISA/Nuclei
-CVE-2019-10867,0.0,0.86642,"An issue was discovered in Pimcore before 5.7.1. An attacker with classes permission can send a POST request to /admin/class/bulk-commit, which will make it possible to exploit the unserialize function when passing untrusted values in the data parameter to bundles/AdminBundle/Controller/Admin/DataObject/ClassController.php.",2019-04-04 18:29:00.713,Metasploit
+CVE-2019-10867,0.0,0.86043,"An issue was discovered in Pimcore before 5.7.1. An attacker with classes permission can send a POST request to /admin/class/bulk-commit, which will make it possible to exploit the unserialize function when passing untrusted values in the data parameter to bundles/AdminBundle/Controller/Admin/DataObject/ClassController.php.",2019-04-04 18:29:00.713,Metasploit
 CVE-2019-11013,0.0,0.04187,Nimble Streamer 3.0.2-2 through 3.5.4-9 has a ../ directory traversal vulnerability. Successful exploitation could allow an attacker to traverse the file system to access files or directories that are outside of the restricted directory on the remote server.,2019-08-22 15:15:12.093,Nuclei
 CVE-2019-11043,9.8,0.97217,"In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.",2019-10-28 15:15:13.863,EPSS/CISA/Metasploit
 CVE-2019-11231,0.0,0.52547,"An issue was discovered in GetSimple CMS through 3.3.15. insufficient input sanitation in the theme-edit.php file allows upload of files with arbitrary content (PHP code, for example). This vulnerability is triggered by an authenticated user; however, authentication can be bypassed. According to the official documentation for installation step 10, an admin is required to upload all the files, including the .htaccess files, and run a health check. However, what is overlooked is that the Apache HTTP Server by default no longer enables the AllowOverride directive, leading to data/users/admin.xml password exposure. The passwords are hashed but this can be bypassed by starting with the data/other/authorization.xml API key. This allows one to target the session state, since they decided to roll their own implementation. The cookie_name is crafted information that can be leaked from the frontend (site name and version). If a someone leaks the API key and the admin username, then they can bypass authentication. To do so, they need to supply a cookie based on an SHA-1 computation of this known information. The vulnerability exists in the admin/theme-edit.php file. This file checks for forms submissions via POST requests, and for the csrf nonce. If the nonce sent is correct, then the file provided by the user is uploaded. There is a path traversal allowing write access outside the jailed themes directory root. Exploiting the traversal is not necessary because the .htaccess file is ignored. A contributing factor is that there isn't another check on the extension before saving the file, with the assumption that the parameter content is safe. This allows the creation of web accessible and executable files with arbitrary content.",2019-05-22 18:29:00.490,Metasploit
@@ -3234,7 +3234,7 @@ CVE-2019-12258,7.5,0.08856,Wind River VxWorks 6.6 through vx7 has Session Fixati
 CVE-2019-12276,0.0,0.95034,"A Path Traversal vulnerability in Controllers/LetsEncryptController.cs in LetsEncryptController in GrandNode 4.40 allows remote, unauthenticated attackers to retrieve arbitrary files on the web server via specially crafted LetsEncrypt/Index?fileName= HTTP requests. A patch for this issue was made on 2019-05-30 in GrandNode 4.40.",2019-06-05 18:29:01.090,EPSS/Nuclei
 CVE-2019-12314,0.0,0.08868,"Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.W_MCS/ PATH_INFO, as demonstrated by a cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS/etc/passwd URI.",2019-05-24 14:29:00.387,Nuclei
 CVE-2019-12461,0.0,0.0035,Web Port 1.19.1 allows XSS via the /log type parameter.,2019-05-30 14:29:02.297,Nuclei
-CVE-2019-12477,0.0,0.87532,"Supra Smart Cloud TV allows remote file inclusion in the openLiveURL function, which allows a local attacker to broadcast fake video without any authentication via a /remote/media_control?action=setUri&uri= URI.",2019-06-07 15:29:01.480,Metasploit
+CVE-2019-12477,0.0,0.90731,"Supra Smart Cloud TV allows remote file inclusion in the openLiveURL function, which allows a local attacker to broadcast fake video without any authentication via a /remote/media_control?action=setUri&uri= URI.",2019-06-07 15:29:01.480,Metasploit
 CVE-2019-12518,9.8,0.735,Anviz CrossChex access control management software 4.3.8.0 and 4.3.12 is vulnerable to a buffer overflow vulnerability.,2019-12-02 17:15:12.203,Metasploit
 CVE-2019-1253,7.8,0.00071,"An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1215, CVE-2019-1278, CVE-2019-1303.",2019-09-11 22:15:16.337,CISA
 CVE-2019-12581,0.0,0.0035,"A reflective Cross-site scripting (XSS) vulnerability in the free_time_failed.cgi CGI program in selected Zyxel ZyWall, USG, and UAG devices allows remote attackers to inject arbitrary web script or HTML via the err_msg parameter.",2019-06-27 15:15:09.170,Nuclei
@@ -3273,7 +3273,7 @@ CVE-2019-14251,7.5,0.01887,"An issue was discovered in T24 in TEMENOS Channels R
 CVE-2019-1429,7.5,0.96876,"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1427, CVE-2019-1428.",2019-11-12 19:15:14.770,EPSS/CISA
 CVE-2019-14312,0.0,0.02273,Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulnerability in the wikilite source code viewer. This vulnerability allows a remote attacker to read internal files on the server via a tools/sourceViewer/index.html?filename=../ URI.,2019-08-09 13:15:11.870,Nuclei
 CVE-2019-14322,7.5,0.75339,"In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames.",2019-07-28 13:15:10.597,Nuclei
-CVE-2019-14470,0.0,0.73098,"cosenary Instagram-PHP-API (aka Instagram PHP API V2), as used in the UserPro plugin through 4.9.32 for WordPress, has XSS via the example/success.php error_description parameter.",2019-09-04 20:15:10.763,Nuclei
+CVE-2019-14470,0.0,0.53085,"cosenary Instagram-PHP-API (aka Instagram PHP API V2), as used in the UserPro plugin through 4.9.32 for WordPress, has XSS via the example/success.php error_description parameter.",2019-09-04 20:15:10.763,Nuclei
 CVE-2019-14530,8.8,0.45261,"An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName parameter. An attacker can download any file (that is readable by the user www-data) from server storage. If the requested file is writable for the www-data user and the directory /var/www/openemr/sites/default/documents/cqm_qrda/ exists, it will be deleted from server.",2019-08-13 14:15:12.850,Nuclei
 CVE-2019-1458,7.8,0.97121,"An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.",2019-12-10 22:15:16.103,EPSS/CISA/Metasploit
 CVE-2019-14696,0.0,0.00566,"Open-School 3.0, and Community Edition 2.3, allows XSS via the osv/index.php?r=students/guardians/create id parameter.",2019-08-06 16:15:11.640,Nuclei
@@ -3335,7 +3335,7 @@ CVE-2019-17444,9.8,0.05344,"Jfrog Artifactory uses default passwords (such as ""
 CVE-2019-17503,5.3,0.00442,"An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. An unauthenticated user can access /osm/REGISTER.cmd (aka /osm_tiles/REGISTER.cmd) directly: it contains sensitive information about the database through the SQL queries within this batch file. This file exposes SQL database information such as database version, table name, column name, etc.",2019-10-11 17:15:09.977,Nuclei
 CVE-2019-17506,9.8,0.87148,There are some web interfaces without authentication requirements on D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers. An attacker can get the router's username and password (and other information) via a DEVICE.ACCOUNT value for SERVICES in conjunction with AUTHORIZED_GROUP=1%0a to getcfg.php. This could be used to control the router remotely.,2019-10-11 20:15:17.003,Nuclei
 CVE-2019-17538,7.5,0.00772,Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for file reading via the web/polygon/problem/viewfile?id=1&name=../ substring.,2019-10-13 19:15:09.683,Nuclei
-CVE-2019-17558,7.5,0.97511,"Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/` directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting `params.resource.loader.enabled` by defining a response writer with that setting set to `true`. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is `trusted` (has been uploaded by an authenticated user).",2019-12-30 17:15:19.780,EPSS/CISA/Metasploit/Nuclei
+CVE-2019-17558,7.5,0.97526,"Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/` directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting `params.resource.loader.enabled` by defining a response writer with that setting set to `true`. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is `trusted` (has been uploaded by an authenticated user).",2019-12-30 17:15:19.780,EPSS/CISA/Metasploit/Nuclei
 CVE-2019-17574,9.1,0.05542,"An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the do_action function to invoke certain popmake_ or pum_ methods, as demonstrated by controlling content and delivery of popmake-system-info.txt (aka the ""support debug text file"").",2019-10-14 14:15:10.197,Nuclei
 CVE-2019-17621,9.8,0.96946,"The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.",2019-12-30 17:15:19.857,EPSS/CISA/Metasploit
 CVE-2019-17662,9.8,0.7296,"ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exists even when authentication is turned on during the deployment of the VNC server. The password for authentication is stored in cleartext in a file that can be read via a ../../ThinVnc.ini directory traversal attack vector.",2019-10-16 18:15:25.513,Metasploit/Nuclei
@@ -3368,7 +3368,7 @@ CVE-2019-19824,8.8,0.91839,"On certain TOTOLINK Realtek SDK based routers, an au
 CVE-2019-19833,6.5,0.97119,"In Tautulli 2.1.9, CSRF in the /shutdown URI allows an attacker to shut down the remote media server. (Also, anonymous access can be achieved in applications that do not have a user login area).",2019-12-18 18:15:20.147,EPSS/Metasploit
 CVE-2019-19908,6.1,0.0053,"phpMyChat-Plus 1.98 is vulnerable to reflected XSS via JavaScript injection into the password reset URL. In the URL, the pmc_username parameter to pass_reset.php is vulnerable.",2019-12-20 13:15:11.957,Nuclei
 CVE-2019-19985,5.3,0.74366,"The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed unauthenticated file download with user information disclosure.",2019-12-26 03:15:11.783,Nuclei
-CVE-2019-20085,7.5,0.67056,TVT NVMS-1000 devices allow GET /.. Directory Traversal,2019-12-30 03:15:10.663,CISA/Metasploit/Nuclei
+CVE-2019-20085,7.5,0.64285,TVT NVMS-1000 devices allow GET /.. Directory Traversal,2019-12-30 03:15:10.663,CISA/Metasploit/Nuclei
 CVE-2019-20141,6.1,0.00125,An XSS issue was discovered in the Laborator Neon theme 2.0 for WordPress via the data/autosuggest-remote.php q parameter.,2019-12-30 18:15:16.857,Nuclei
 CVE-2019-20183,7.2,0.10397,uploadimage.php in Employee Records System 1.0 allows upload and execution of arbitrary PHP code because file-extension validation is only on the client side. The attacker can modify global.js to allow the .php extension.,2020-01-09 22:15:13.223,Nuclei
 CVE-2019-20210,6.1,0.00938,"The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Reflected XSS via a search query.",2020-01-13 18:15:14.140,Nuclei
@@ -3401,7 +3401,7 @@ CVE-2019-3999,7.8,0.00164,"Improper neutralization of special elements used in a
 CVE-2019-4061,5.3,0.00491,IBM BigFix Platform 9.2 and 9.5 could allow an attacker to query the relay remotely and gather information about the updates and fixlets deployed to the associated sites due to not enabling authenticated access. IBM X-Force ID: 156869.,2019-02-27 22:29:01.443,Metasploit
 CVE-2019-4279,9.8,0.17605,IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 160445.,2019-05-17 16:29:03.470,Metasploit
 CVE-2019-4716,9.8,0.12437,"IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated user to login as ""admin"", and then execute code as root or SYSTEM via TM1 scripting. IBM X-Force ID: 172094.",2019-12-18 17:16:43.863,CISA/Metasploit
-CVE-2019-5127,9.8,0.97376,A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in /objects/getImage.php is vulnerable to a command injection attack.,2019-10-25 18:15:11.740,EPSS/Nuclei
+CVE-2019-5127,9.8,0.97339,A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in /objects/getImage.php is vulnerable to a command injection attack.,2019-10-25 18:15:11.740,EPSS/Nuclei
 CVE-2019-5418,7.5,0.97469,"There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.",2019-03-27 14:29:01.533,EPSS/Metasploit/Nuclei
 CVE-2019-5420,9.8,0.96432,"A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit.",2019-03-27 14:29:01.720,EPSS/Metasploit
 CVE-2019-5434,0.0,0.28148,"An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize() call on the ""what"" parameter in the ""openads.spc"" RPC method. Such vulnerability could be used to perform various types of attacks, e.g. exploit serialize-related PHP vulnerabilities or PHP object injection. It is possible, although unconfirmed, that the vulnerability has been used by some attackers in order to gain access to some Revive Adserver instances and deliver malware through them to third party websites. This vulnerability was addressed in version 4.2.0.",2019-05-06 17:29:00.730,Nuclei
@@ -3440,7 +3440,7 @@ CVE-2019-7481,7.5,0.91058,Vulnerability in SonicWall SMA100 allow unauthenticate
 CVE-2019-7483,7.5,0.00999,"In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server.",2019-12-19 01:15:10.803,CISA
 CVE-2019-7543,0.0,0.00102,"In KindEditor 4.1.11, the php/demo.php content1 parameter has a reflected Cross-site Scripting (XSS) vulnerability.",2019-02-06 21:29:00.847,Nuclei
 CVE-2019-7609,10.0,0.97271,Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.,2019-03-25 19:29:02.147,EPSS/CISA/Metasploit/Nuclei
-CVE-2019-8086,7.5,0.10314,"Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Successful exploitation could lead to sensitive information disclosure.",2019-10-25 16:15:11.193,Nuclei
+CVE-2019-8086,7.5,0.11648,"Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Successful exploitation could lead to sensitive information disclosure.",2019-10-25 16:15:11.193,Nuclei
 CVE-2019-8390,0.0,0.01911,qdPM 9.1 suffers from Cross-site Scripting (XSS) in the search[keywords] parameter.,2019-05-14 15:29:00.727,Nuclei
 CVE-2019-8394,0.0,0.96752,Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization.,2019-02-17 04:29:00.330,EPSS/CISA
 CVE-2019-8442,7.5,0.97131,"The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to access files in the Jira webroot under the META-INF directory via a lax path access check.",2019-05-22 18:29:02.067,EPSS/Nuclei
@@ -3457,8 +3457,8 @@ CVE-2019-8689,8.8,0.95918,"Multiple memory corruption issues were addressed with
 CVE-2019-8720,8.8,0.0068,A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues.,2023-03-06 23:15:10.287,CISA
 CVE-2019-8903,0.0,0.0143,index.js in Total.js Platform before 3.2.3 allows path traversal.,2019-02-18 16:29:00.870,Metasploit/Nuclei
 CVE-2019-8937,0.0,0.00477,"HotelDruid 2.3.0 has XSS affecting the nsextt, cambia1, mese_fine, origine, and anno parameters in creaprezzi.php, tabella3.php, personalizza.php, and visualizza_tabelle.php.",2019-05-17 15:29:00.710,Nuclei
-CVE-2019-8942,0.0,0.94904,"WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image containing PHP code in the Exif metadata. Exploitation can leverage CVE-2019-8943.",2019-02-20 03:29:00.250,Metasploit
-CVE-2019-8943,6.5,0.9378,"WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring.",2019-02-20 03:29:00.297,Metasploit
+CVE-2019-8942,0.0,0.94334,"WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image containing PHP code in the Exif metadata. Exploitation can leverage CVE-2019-8943.",2019-02-20 03:29:00.250,Metasploit
+CVE-2019-8943,6.5,0.92778,"WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring.",2019-02-20 03:29:00.297,Metasploit
 CVE-2019-8982,0.0,0.01714,"com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value, leading to disclosure of local files and SSRF.",2019-02-21 14:29:00.423,Nuclei
 CVE-2019-9041,0.0,0.02416,"An issue was discovered in ZZZCMS zzzphp V1.6.1. In the inc/zzz_template.php file, the parserIfLabel() function's filtering is not strict, resulting in PHP code execution, as demonstrated by the if:assert substring.",2019-02-23 18:29:00.300,Nuclei
 CVE-2019-9055,0.0,0.0175,"An issue was discovered in CMS Made Simple 2.2.8. In the module DesignManager (in the files action.admin_bulk_css.php and action.admin_bulk_template.php), with an unprivileged user with Designer permission, it is possible reach an unserialize call with a crafted value in the m1_allparms parameter, and achieve object injection.",2019-03-26 17:29:01.467,Metasploit
@@ -3549,8 +3549,8 @@ CVE-2020-11738,7.5,0.97426,The Snap Creek Duplicator plugin before 1.3.28 for Wo
 CVE-2020-11798,5.3,0.80666,"A Directory Traversal vulnerability in the web conference component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an attacker to access arbitrary files from restricted directories of the server via a crafted URL, due to insufficient access validation. A successful exploit could allow an attacker to access sensitive information from the restricted directories.",2020-06-10 18:15:10.610,Nuclei
 CVE-2020-11853,8.8,0.79991,"Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40 with uCMDB 10.33 CUP 3 3.) Data Center Automation affected version 2019.11 4.) Operations Bridge (containerized) affecting versions: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11 5.) Universal CMDB affecting version: 2020.05, 2019.11, 2019.05, 2019.02, 2018.11, 2018.08, 2018.05, 11, 10.33, 10.32, 10.31, 10.30 6.) Hybrid Cloud Management affecting version 2020.05 7.) Service Management Automation affecting version 2020.5 and 2020.02. The vulnerability could allow to execute arbitrary code.",2020-10-22 21:15:12.747,Nuclei
 CVE-2020-11854,9.8,0.23821,"Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) vulnerability in Micro Focus products products Operation Bridge Manager, Operation Bridge (containerized) and Application Performance Management. The vulneravility affects: 1.) Operation Bridge Manager versions 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions. 2.) Operations Bridge (containerized) 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05. 2018.02 and 2017.11. 3.) Application Performance Management versions 9,51, 9.50 and 9.40 with uCMDB 10.33 CUP 3. The vulnerability could allow Arbitrary code execution.",2020-10-27 17:15:12.130,Metasploit/Nuclei
-CVE-2020-11855,7.8,0.00045,"An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow local attackers on the OBR host to execute code with escalated privileges.",2020-09-22 14:15:12.097,Metasploit
-CVE-2020-11857,9.8,0.03487,"An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to access the OBR host as a non-admin user",2020-09-22 14:15:12.157,Metasploit
+CVE-2020-11855,7.8,0.00065,"An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow local attackers on the OBR host to execute code with escalated privileges.",2020-09-22 14:15:12.097,Metasploit
+CVE-2020-11857,9.8,0.04858,"An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to access the OBR host as a non-admin user",2020-09-22 14:15:12.157,Metasploit
 CVE-2020-11858,7.8,0.00352,"Code execution with escalated privileges vulnerability in Micro Focus products Operation Bridge Manager and Operation Bridge (containerized). The vulneravility affects: 1.) Operation Bridge Manager versions: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions. 2.) Operations Bridge (containerized) versions: 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05. 2018.02 and 2017.11. The vulnerability could allow local attackers to execute code with escalated privileges.",2020-10-27 17:15:12.273,Metasploit
 CVE-2020-11899,5.4,0.00396,The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.,2020-06-17 11:15:10.210,CISA
 CVE-2020-11930,6.1,0.00303,The GTranslate plugin before 2.8.52 for WordPress has Reflected XSS via a crafted link. This requires use of the hreflang tags feature within a sub-domain or sub-directory paid option.,2020-04-20 01:15:11.107,Nuclei
@@ -3562,7 +3562,7 @@ CVE-2020-12027,4.3,0.05668,"All versions of FactoryTalk View SE disclose the hos
 CVE-2020-12028,8.1,0.03499,"In all versions of FactoryTalk View SEA remote, an authenticated attacker may be able to utilize certain handlers to interact with the data on the remote endpoint since those handlers do not enforce appropriate permissions. Rockwell Automation recommends enabling built in security features found within FactoryTalk View SE. Users should follow guidance found in knowledge base articles 109056 and 1126943 to set up IPSec and/or HTTPs.",2020-07-20 16:15:12.163,Metasploit
 CVE-2020-12029,7.8,0.04499,"All versions of FactoryTalk View SE do not properly validate input of filenames within a project directory. A remote, unauthenticated attacker may be able to execute a crafted file on a remote endpoint that may result in remote code execution (RCE). Rockwell Automation recommends applying patch 1126289. Before installing this patch, the patch rollup dated 06 Apr 2020 or later MUST be applied. 1066644 – Patch Roll-up for CPR9 SRx.",2020-07-20 15:15:11.477,Metasploit
 CVE-2020-12054,6.1,0.00129,"The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflected XSS via the s parameter (a search query). Also affected are 16 themes (if the plugin is enabled) by the same author: Alchemist and Alchemist PRO, Izabel and Izabel PRO, Chique and Chique PRO, Clean Enterprise and Clean Enterprise PRO, Bold Photography PRO, Intuitive PRO, Devotepress PRO, Clean Blocks PRO, Foodoholic PRO, Catch Mag PRO, Catch Wedding PRO, and Higher Education PRO.",2020-04-23 15:15:14.280,Nuclei
-CVE-2020-12109,8.8,0.97248,"Certain TP-Link devices allow Command Injection. This affects NC200 2.1.9 build 200225, NC210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304.",2020-05-04 16:15:12.087,EPSS/Metasploit
+CVE-2020-12109,8.8,0.9722,"Certain TP-Link devices allow Command Injection. This affects NC200 2.1.9 build 200225, NC210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304.",2020-05-04 16:15:12.087,EPSS/Metasploit
 CVE-2020-12116,7.5,0.97298,Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a crafted request.,2020-05-07 20:15:12.297,EPSS/Nuclei
 CVE-2020-12124,9.8,0.95137,A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication.,2020-10-02 09:15:13.087,EPSS/Nuclei
 CVE-2020-12127,7.5,0.05251,"An information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to leak router settings, including cleartext login details, DNS settings, and other sensitive information without authentication.",2020-10-02 09:15:13.257,Nuclei
@@ -3571,7 +3571,7 @@ CVE-2020-12259,5.4,0.16256,rConfig 3.9.4 is vulnerable to reflected XSS. The con
 CVE-2020-12271,9.8,0.01204,"A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in April 2020. This affected devices configured with either the administration (HTTPS) service or the User Portal exposed on the WAN zone. A successful attack may have caused remote code execution that exfiltrated usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access (but not external Active Directory or LDAP passwords)",2020-04-27 04:15:10.553,CISA
 CVE-2020-12447,7.5,0.02897,"A Local File Inclusion (LFI) issue on Onkyo TX-NR585 1000-0000-000-0008-0000 devices allows remote unauthenticated users on the network to read sensitive files via %2e%2e%2f directory traversal, as demonstrated by reading /etc/shadow.",2020-04-29 03:15:17.207,Nuclei
 CVE-2020-12478,7.5,0.02313,TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root. This may include backups or LDAP debug files.,2020-04-29 22:15:12.717,Nuclei
-CVE-2020-12641,9.8,0.12311,rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path.,2020-05-04 15:15:14.417,CISA
+CVE-2020-12641,9.8,0.12696,rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path.,2020-05-04 15:15:14.417,CISA
 CVE-2020-12720,9.8,0.83304,"vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control.",2020-05-08 00:15:12.080,Nuclei
 CVE-2020-12800,9.8,0.9745,The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Upload and remote code execution by setting supported_type to php% and uploading a .php% file.,2020-06-08 17:15:10.033,EPSS/Metasploit/Nuclei
 CVE-2020-12812,9.8,0.02923,"An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username.",2020-07-24 23:15:12.003,CISA
@@ -3762,7 +3762,7 @@ CVE-2020-27467,7.5,0.00813,A Directory Traversal vulnerability exits in Processw
 CVE-2020-27481,9.8,0.06275,"An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin <= 2.1.4 exists due to the usage of ""wp_ajax_nopriv"" call in WordPress, which allows any unauthenticated user to get access to the function ""gdlr_lms_cancel_booking"" where POST Parameter ""id"" was sent straight into SQL query without sanitization.",2020-11-12 14:15:23.080,Nuclei
 CVE-2020-27615,9.8,0.00612,"The Loginizer plugin before 1.6.4 for WordPress allows SQL injection (with resultant XSS), related to loginizer_login_failed and lz_valid_ip.",2020-10-21 21:15:13.113,Metasploit
 CVE-2020-27735,6.1,0.00228,"An XSS issue was discovered in Wing FTP 6.4.4. An arbitrary IFRAME element can be included in the help pages via a crafted link, leading to the execution of (sandboxed) arbitrary HTML and JavaScript in the user's browser.",2021-01-26 18:15:46.457,Nuclei
-CVE-2020-27838,6.5,0.11359,A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this vulnerability is to data confidentiality.,2021-03-08 22:15:13.423,Nuclei
+CVE-2020-27838,6.5,0.11751,A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this vulnerability is to data confidentiality.,2021-03-08 22:15:13.423,Nuclei
 CVE-2020-27866,8.8,0.00494,"This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-11355.",2021-02-12 00:15:12.877,Nuclei
 CVE-2020-27930,7.8,0.00192,"A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. Processing a maliciously crafted font may lead to arbitrary code execution.",2020-12-08 21:15:13.827,CISA
 CVE-2020-27932,7.8,0.00192,"A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. A malicious application may be able to execute arbitrary code with kernel privileges.",2020-12-08 21:15:13.903,CISA
@@ -3800,7 +3800,7 @@ CVE-2020-3259,7.5,0.02709,"A vulnerability in the web services interface of Cisc
 CVE-2020-3433,7.8,0.00077,"A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system.",2020-08-17 18:15:12.947,CISA/Metasploit
 CVE-2020-3452,7.5,0.97459,"A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of URLs in HTTP requests processed by an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device. The web services file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability cannot be used to obtain access to ASA or FTD system files or underlying operating system (OS) files.",2020-07-22 20:15:11.970,EPSS/CISA/Nuclei
 CVE-2020-35234,7.5,0.36584,"The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrator account takeover, as exploited in the wild in December 2020. If an attacker can list the wp-content/plugins/easy-wp-smtp/ directory, then they can discover a log file (such as #############_debug_log.txt) that contains all password-reset links. The attacker can request a reset of the Administrator password and then use a link found there.",2020-12-14 03:15:13.247,Metasploit/Nuclei
-CVE-2020-35338,9.8,0.2493,"The Web Administrative Interface in Mobile Viewpoint Wireless Multiplex Terminal (WMT) Playout Server 20.2.8 and earlier has a default account with a password of ""pokon.""",2020-12-14 18:15:13.777,Nuclei
+CVE-2020-35338,9.8,0.19249,"The Web Administrative Interface in Mobile Viewpoint Wireless Multiplex Terminal (WMT) Playout Server 20.2.8 and earlier has a default account with a password of ""pokon.""",2020-12-14 18:15:13.777,Nuclei
 CVE-2020-35476,9.8,0.95351,A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. This file is then executed via the mygnuplot.sh shell script. (tsd/GraphHandler.java attempted to prevent command injections by blocking backticks but this is insufficient.),2020-12-16 08:15:13.560,EPSS/Metasploit/Nuclei
 CVE-2020-35489,10.0,0.81728,The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters.,2020-12-17 19:15:14.353,Nuclei
 CVE-2020-35580,7.5,0.0502,"A local file inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows remote, unauthenticated users to read arbitrary files from the operating system via a /searchblox/servlet/FileServlet?col=url= request. Additionally, this may be used to read the contents of the SearchBlox configuration file (e.g., searchblox/WEB-INF/config.xml), which contains both the Super Admin's API key and the base64 encoded SHA1 password hashes of other SearchBlox users.",2021-05-20 16:15:07.893,Nuclei
@@ -3813,7 +3813,7 @@ CVE-2020-35729,9.8,0.96827,KLog Server 2.4.1 allows OS command injection via she
 CVE-2020-35730,6.1,0.06913,"An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference element that is mishandled by linkref_addindex in rcube_string_replacer.php.",2020-12-28 20:15:13.150,CISA
 CVE-2020-35736,7.5,0.02454,GateOne 1.1 allows arbitrary file download without authentication via /downloads/.. directory traversal because os.path.join is misused.,2020-12-27 20:15:12.400,Nuclei
 CVE-2020-35749,7.7,0.12297,Directory traversal vulnerability in class-simple_job_board_resume_download_handler.php in the Simple Board Job plugin 2.9.3 and earlier for WordPress allows remote attackers to read arbitrary files via the sjb_file parameter to wp-admin/post.php.,2021-01-15 17:15:13.070,Nuclei
-CVE-2020-35774,5.4,0.9711,"server/handler/HistogramQueryHandler.scala in Twitter TwitterServer (aka twitter-server) before 20.12.0, in some configurations, allows XSS via the /histograms endpoint.",2020-12-29 18:15:13.057,EPSS/Nuclei
+CVE-2020-35774,5.4,0.9685,"server/handler/HistogramQueryHandler.scala in Twitter TwitterServer (aka twitter-server) before 20.12.0, in some configurations, allows XSS via the /histograms endpoint.",2020-12-29 18:15:13.057,EPSS/Nuclei
 CVE-2020-3580,6.1,0.97074,"Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information. Note: These vulnerabilities affect only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section.",2020-10-21 19:15:18.607,EPSS/CISA/Nuclei
 CVE-2020-35846,9.8,0.87803,Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function.,2020-12-30 01:15:12.497,Metasploit/Nuclei
 CVE-2020-35847,9.8,0.83622,Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function.,2020-12-30 01:15:12.543,Metasploit/Nuclei
@@ -3905,7 +3905,7 @@ CVE-2020-8260,7.2,0.03534,A vulnerability in the Pulse Connect Secure < 9.1R9 ad
 CVE-2020-8467,8.8,0.02721,A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability which could allow remote attackers to execute arbitrary code on affected installations (RCE). An attempted attack requires user authentication.,2020-03-18 01:15:11.927,CISA
 CVE-2020-8468,8.8,0.00452,"Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication.",2020-03-18 01:15:12.003,CISA
 CVE-2020-8497,5.3,0.00284,"In Artica Pandora FMS through 7.42, an unauthenticated attacker can read the chat history. The file is in JSON format and it contains user names, user IDs, private messages, and timestamps.",2020-03-23 15:15:14.830,Nuclei
-CVE-2020-8512,6.1,0.00979,"In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter.",2020-02-01 00:15:10.773,Nuclei
+CVE-2020-8512,6.1,0.0078,"In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter.",2020-02-01 00:15:10.773,Nuclei
 CVE-2020-8515,9.8,0.97276,"DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI. This issue has been fixed in Vigor3900/2960/300B v1.5.1.",2020-02-01 13:15:12.623,EPSS/CISA/Nuclei
 CVE-2020-8518,9.8,0.96488,"Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution.",2020-02-17 15:15:11.853,EPSS/Metasploit
 CVE-2020-8539,7.8,0.00122,"Kia Motors Head Unit with Software version: SOP.003.30.18.0703, SOP.005.7.181019, and SOP.007.1.191209 may allow an attacker to inject unauthorized commands, by executing the micomd executable deamon, to trigger unintended functionalities. In addition, this executable may be used by an attacker to inject commands to generate CAN frames that are sent into the M-CAN bus (Multimedia CAN bus) of the vehicle.",2020-12-01 18:15:12.323,Metasploit
@@ -3932,7 +3932,7 @@ CVE-2020-9015,9.8,0.05742,"Arista DCS-7050QX-32S-R 4.20.9M, DCS-7050CX3-32S-R 4.
 CVE-2020-9036,6.1,0.00113,Jeedom through 4.0.38 allows XSS.,2020-08-05 22:15:12.403,Nuclei
 CVE-2020-9043,8.8,0.041,The wpCentral plugin before 1.5.1 for WordPress allows disclosure of the connection key.,2020-02-17 17:15:15.030,Nuclei
 CVE-2020-9047,7.2,0.01335,A vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.06.3.0 and prior and exacqVision Enterprise Manager versions 20.06.4.0 and prior. An attacker with administrative privileges could potentially download and run a malicious executable that could allow OS command injection on the system.,2020-06-26 19:15:10.453,Nuclei
-CVE-2020-9054,9.8,0.96978,"Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. ZyXEL NAS devices achieve authentication by using the weblogin.cgi CGI executable. This program fails to properly sanitize the username parameter that is passed to it. If the username parameter contains certain characters, it can allow command injection with the privileges of the web server that runs on the ZyXEL device. Although the web server does not run as the root user, ZyXEL devices include a setuid utility that can be leveraged to run any command with root privileges. As such, it should be assumed that exploitation of this vulnerability can lead to remote code execution with root privileges. By sending a specially-crafted HTTP POST or GET request to a vulnerable ZyXEL device, a remote, unauthenticated attacker may be able to execute arbitrary code on the device. This may happen by directly connecting to a device if it is directly exposed to an attacker. However, there are ways to trigger such crafted requests even if an attacker does not have direct connectivity to a vulnerable devices. For example, simply visiting a website can result in the compromise of any ZyXEL device that is reachable from the client system. Affected products include: NAS326 before firmware V5.21(AAZF.7)C0 NAS520 before firmware V5.21(AASZ.3)C0 NAS540 before firmware V5.21(AATB.4)C0 NAS542 before firmware V5.21(ABAG.4)C0 ZyXEL has made firmware updates available for NAS326, NAS520, NAS540, and NAS542 devices. Affected models that are end-of-support: NSA210, NSA220, NSA220+, NSA221, NSA310, NSA310S, NSA320, NSA320S, NSA325 and NSA325v2",2020-03-04 20:15:10.750,EPSS/CISA/Nuclei
+CVE-2020-9054,9.8,0.96987,"Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. ZyXEL NAS devices achieve authentication by using the weblogin.cgi CGI executable. This program fails to properly sanitize the username parameter that is passed to it. If the username parameter contains certain characters, it can allow command injection with the privileges of the web server that runs on the ZyXEL device. Although the web server does not run as the root user, ZyXEL devices include a setuid utility that can be leveraged to run any command with root privileges. As such, it should be assumed that exploitation of this vulnerability can lead to remote code execution with root privileges. By sending a specially-crafted HTTP POST or GET request to a vulnerable ZyXEL device, a remote, unauthenticated attacker may be able to execute arbitrary code on the device. This may happen by directly connecting to a device if it is directly exposed to an attacker. However, there are ways to trigger such crafted requests even if an attacker does not have direct connectivity to a vulnerable devices. For example, simply visiting a website can result in the compromise of any ZyXEL device that is reachable from the client system. Affected products include: NAS326 before firmware V5.21(AAZF.7)C0 NAS520 before firmware V5.21(AASZ.3)C0 NAS540 before firmware V5.21(AATB.4)C0 NAS542 before firmware V5.21(ABAG.4)C0 ZyXEL has made firmware updates available for NAS326, NAS520, NAS540, and NAS542 devices. Affected models that are end-of-support: NSA210, NSA220, NSA220+, NSA221, NSA310, NSA310S, NSA320, NSA320S, NSA325 and NSA325v2",2020-03-04 20:15:10.750,EPSS/CISA/Nuclei
 CVE-2020-9294,9.8,0.02819,"An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and earlier and FortiVoiceEntreprise 6.0.0 and 6.0.1 may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface.",2020-04-27 17:15:13.593,Metasploit
 CVE-2020-9315,7.5,0.97279,"** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7.0.x has Incorrect Access Control for admingui/version URIs in the Administration console, as demonstrated by unauthenticated read access to encryption keys. NOTE: a related support policy can be found in the www.oracle.com references attached to this CVE.",2020-05-10 23:15:10.983,EPSS/Nuclei
 CVE-2020-9344,6.1,0.00205,Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at multiple locations.,2020-03-20 03:15:13.763,Nuclei
@@ -3944,7 +3944,7 @@ CVE-2020-9465,9.8,0.00164,"An issue was discovered in EyesOfNetwork eonweb 5.1 t
 CVE-2020-9483,7.5,0.05693,"**Resolved** When use H2/MySQL/TiDB as Apache SkyWalking storage, the metadata query through GraphQL protocol, there is a SQL injection vulnerability, which allows to access unpexcted data. Apache SkyWalking 6.0.0 to 6.6.0, 7.0.0 H2/MySQL/TiDB storage implementations don't use the appropriate way to set SQL parameters.",2020-06-30 15:15:10.320,Nuclei
 CVE-2020-9484,7.0,0.91412,"When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter=""null"" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed.",2020-05-20 19:15:09.257,Nuclei
 CVE-2020-9496,6.1,0.90517,XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03,2020-07-15 16:15:11.660,Metasploit/Nuclei
-CVE-2020-9757,9.8,0.95657,The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the metacontainers controller.,2020-03-04 17:15:12.157,EPSS/Nuclei
+CVE-2020-9757,9.8,0.94996,The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the metacontainers controller.,2020-03-04 17:15:12.157,Nuclei
 CVE-2020-9801,5.3,0.18009,A logic issue was addressed with improved restrictions. This issue is fixed in Safari 13.1.1. A malicious process may cause Safari to launch an application.,2020-06-09 17:15:12.097,Metasploit
 CVE-2020-9818,8.8,0.03937,"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, iOS 12.4.7, watchOS 6.2.5. Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination.",2020-06-09 17:15:13.317,CISA
 CVE-2020-9819,4.3,0.00585,"A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, iOS 12.4.7, watchOS 6.2.5, watchOS 5.3.7. Processing a maliciously crafted mail message may lead to heap corruption.",2020-06-09 17:15:13.377,CISA
@@ -4069,9 +4069,9 @@ CVE-2021-24169,6.1,0.0021,This Advanced Order Export For WooCommerce WordPress p
 CVE-2021-24176,5.4,0.00532,"The JH 404 Logger WordPress plugin through 1.1 doesn't sanitise the referer and path of 404 pages, when they are output in the dashboard, which leads to executing arbitrary JavaScript code in the WordPress dashboard.",2021-04-05 19:15:16.187,Nuclei
 CVE-2021-24210,6.1,0.00198,There is an open redirect in the PhastPress WordPress plugin before 1.111 that allows an attacker to malform a request to a page with the plugin and then redirect the victim to a malicious page. There is also a support comment from another user one year ago (https://wordpress.org/support/topic/phast-php-used-for-remote-fetch/) that says that the php involved in the request only go to whitelisted pages but it's possible to redirect the victim to any domain.,2021-04-05 19:15:17.467,Nuclei
 CVE-2021-24214,6.1,0.00337,"The OpenID Connect Generic Client WordPress plugin 3.8.0 and 3.8.1 did not sanitise the login error when output back in the login form, leading to a reflected Cross-Site Scripting issue. This issue does not require authentication and can be exploited with the default configuration.",2021-05-06 13:15:11.400,Nuclei
-CVE-2021-24215,9.8,0.30468,"An Improper Access Control vulnerability was discovered in the Controlled Admin Access WordPress plugin before 1.5.2. Uncontrolled access to the website customization functionality and global CMS settings, like /wp-admin/customization.php and /wp-admin/options.php, can lead to a complete compromise of the target resource.",2021-04-12 14:15:15.133,Nuclei
-CVE-2021-24226,7.5,0.03282,"In the AccessAlly WordPress plugin before 3.5.7, the file ""resource/frontend/product/product-shortcode.php"" responsible for the [accessally_order_form] shortcode is dumping serialize($_SERVER), which contains all environment variables. The leakage occurs on all public facing pages containing the [accessally_order_form] shortcode, no login or administrator role is required.",2021-04-12 14:15:15.913,Nuclei
-CVE-2021-24227,7.5,0.03156,"The Jetpack Scan team identified a Local File Disclosure vulnerability in the Patreon WordPress plugin before 1.7.0 that could be abused by anyone visiting the site. Using this attack vector, an attacker could leak important internal files like wp-config.php, which contains database credentials and cryptographic keys used in the generation of nonces and cookies.",2021-04-12 14:15:15.977,Nuclei
+CVE-2021-24215,9.8,0.2745,"An Improper Access Control vulnerability was discovered in the Controlled Admin Access WordPress plugin before 1.5.2. Uncontrolled access to the website customization functionality and global CMS settings, like /wp-admin/customization.php and /wp-admin/options.php, can lead to a complete compromise of the target resource.",2021-04-12 14:15:15.133,Nuclei
+CVE-2021-24226,7.5,0.03129,"In the AccessAlly WordPress plugin before 3.5.7, the file ""resource/frontend/product/product-shortcode.php"" responsible for the [accessally_order_form] shortcode is dumping serialize($_SERVER), which contains all environment variables. The leakage occurs on all public facing pages containing the [accessally_order_form] shortcode, no login or administrator role is required.",2021-04-12 14:15:15.913,Nuclei
+CVE-2021-24227,7.5,0.03008,"The Jetpack Scan team identified a Local File Disclosure vulnerability in the Patreon WordPress plugin before 1.7.0 that could be abused by anyone visiting the site. Using this attack vector, an attacker could leak important internal files like wp-config.php, which contains database credentials and cryptographic keys used in the generation of nonces and cookies.",2021-04-12 14:15:15.977,Nuclei
 CVE-2021-24235,6.1,0.00119,"The Goto WordPress theme before 2.0 does not sanitise the keywords and start_date GET parameter on its Tour List page, leading to an unauthenticated reflected Cross-Site Scripting issue.",2021-04-22 21:15:09.730,Nuclei
 CVE-2021-24236,9.8,0.20247,"The Imagements WordPress plugin through 1.2.5 allows images to be uploaded in comments, however only checks for the Content-Type in the request to forbid dangerous files. This allows unauthenticated attackers to upload arbitrary files by using a valid image Content-Type along with a PHP filename and code, leading to RCE.",2021-05-06 13:15:11.430,Nuclei
 CVE-2021-24237,6.1,0.00265,"The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, did not properly sanitise the keyword_search, search_radius. _bedrooms and _bathrooms GET parameters before outputting them in its properties page, leading to an unauthenticated reflected Cross-Site Scripting issue.",2021-04-22 21:15:09.763,Nuclei
@@ -4117,7 +4117,7 @@ CVE-2021-24510,6.1,0.00127,"The MF Gig Calendar WordPress plugin before 1.2 does
 CVE-2021-24554,7.2,0.28117,"The Paytm – Donation Plugin WordPress plugin through 1.3.2 does not sanitise, validate or escape the id GET parameter before using it in a SQL statement when deleting donations, leading to an authenticated SQL injection issue",2021-08-23 12:15:09.847,Nuclei
 CVE-2021-24627,7.2,0.29142,"The G Auto-Hyperlink WordPress plugin through 1.0.1 does not sanitise or escape an 'id' GET parameter before using it in a SQL statement, to select data to be displayed in the admin dashboard, leading to an authenticated SQL injection",2021-11-08 18:15:08.433,Nuclei
 CVE-2021-24647,8.1,0.15647,"The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.1.7.6 has a flaw in the social login implementation, allowing unauthenticated attacker to login as any user on the site by only knowing their user ID or username",2021-11-08 18:15:08.803,Nuclei
-CVE-2021-24666,9.8,0.30031,"The Podlove Podcast Publisher WordPress plugin before 3.5.6 contains a 'Social & Donations' module (not activated by default), which adds the rest route '/services/contributor/(?P<id>[\d]+), takes an 'id' and 'category' parameters as arguments. Both parameters can be used for the SQLi.",2021-09-27 16:15:09.107,Nuclei
+CVE-2021-24666,9.8,0.34482,"The Podlove Podcast Publisher WordPress plugin before 3.5.6 contains a 'Social & Donations' module (not activated by default), which adds the rest route '/services/contributor/(?P<id>[\d]+), takes an 'id' and 'category' parameters as arguments. Both parameters can be used for the SQLi.",2021-09-27 16:15:09.107,Nuclei
 CVE-2021-24731,9.8,0.20626,"The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.7.1.6 does not properly escape user data before using it in a SQL statement in the wp-json/pie/v1/login REST API endpoint, leading to an SQL injection.",2021-11-08 18:15:09.557,Nuclei
 CVE-2021-24746,6.1,0.00106,"The Social Sharing Plugin WordPress plugin before 3.3.40 does not escape the viewed post URL before outputting it back in onclick attributes when the ""Enable 'More' icon"" option is enabled (which is the default setting), leading to a Reflected Cross-Site Scripting issue.",2022-03-28 18:15:08.313,Nuclei
 CVE-2021-24750,8.8,0.02891,"The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection attacks",2021-12-21 09:15:06.987,Nuclei
@@ -4318,7 +4318,7 @@ CVE-2021-31802,8.8,0.01685,NETGEAR R7000 1.0.11.116 devices have a heap-based Bu
 CVE-2021-31805,9.8,0.18558,"The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation.",2022-04-12 16:15:08.133,Nuclei
 CVE-2021-31806,6.5,0.91623,"An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy) via HTTP Range request processing.",2021-05-27 13:15:08.270,Metasploit
 CVE-2021-31807,6.5,0.03208,An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent.,2021-06-08 20:15:09.057,Metasploit
-CVE-2021-31856,9.8,0.14842,A SQL Injection vulnerability in the REST API in Layer5 Meshery 0.5.2 allows an attacker to execute arbitrary SQL commands via the /experimental/patternfiles endpoint (order parameter in GetMesheryPatterns in models/meshery_pattern_persister.go).,2021-04-28 06:15:07.257,Nuclei
+CVE-2021-31856,9.8,0.26035,A SQL Injection vulnerability in the REST API in Layer5 Meshery 0.5.2 allows an attacker to execute arbitrary SQL commands via the /experimental/patternfiles endpoint (order parameter in GetMesheryPatterns in models/meshery_pattern_persister.go).,2021-04-28 06:15:07.257,Nuclei
 CVE-2021-31862,6.1,0.00182,SysAid 20.4.74 allows XSS via the KeepAlive.jsp stamp parameter without any authentication.,2021-10-29 11:15:08.477,Nuclei
 CVE-2021-31955,5.5,0.01042,Windows Kernel Information Disclosure Vulnerability,2021-06-08 23:15:08.817,CISA
 CVE-2021-31956,7.8,0.0014,Windows NTFS Elevation of Privilege Vulnerability,2021-06-08 23:15:08.847,CISA
@@ -4365,7 +4365,7 @@ CVE-2021-33807,7.5,0.02481,Cartadis Gespage through 8.2.1 allows Directory Trave
 CVE-2021-33851,5.4,0.00069,"A cross-site scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the ""Custom logo link"" executes whenever the user opens the Settings Page of the ""Customize Login Image"" Plugin.",2022-03-10 17:42:36.047,Nuclei
 CVE-2021-33904,6.1,0.00182,"In Accela Civic Platform through 21.1, the security/hostSignon.do parameter servProvCode is vulnerable to XSS. NOTE: The vendor states ""there are configurable security flags and we are unable to reproduce them with the available information.",2021-06-07 12:15:09.107,Nuclei
 CVE-2021-34370,6.1,0.0021,"Accela Civic Platform through 20.1 allows ssoAdapter/logoutAction.do successURL XSS. NOTE: the vendor states ""there are configurable security flags and we are unable to reproduce them with the available information.",2021-06-09 12:15:08.067,Nuclei
-CVE-2021-34429,5.3,0.43477,"For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.",2021-07-15 17:15:08.637,Metasploit/Nuclei
+CVE-2021-34429,5.3,0.47284,"For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.",2021-07-15 17:15:08.637,Metasploit/Nuclei
 CVE-2021-34448,6.8,0.95698,Scripting Engine Memory Corruption Vulnerability,2021-07-16 21:15:09.580,EPSS/CISA
 CVE-2021-34473,9.1,0.97296,Microsoft Exchange Server Remote Code Execution Vulnerability,2021-07-14 18:15:11.163,EPSS/CISA/Metasploit/Nuclei
 CVE-2021-34484,7.8,0.00051,Windows User Profile Service Elevation of Privilege Vulnerability,2021-08-12 18:15:09.117,CISA
@@ -4658,7 +4658,7 @@ CVE-2022-0424,5.3,0.01488,"The Popup by Supsystic WordPress plugin before 1.10.9
 CVE-2022-0432,6.1,0.00105,Prototype Pollution in GitHub repository mastodon/mastodon prior to 3.5.0.,2022-02-02 22:15:07.503,Nuclei
 CVE-2022-0434,9.8,0.04367,"The Page View Count WordPress plugin before 2.4.15 does not sanitise and escape the post_ids parameter before using it in a SQL statement via a REST endpoint, available to both unauthenticated and authenticated users. As a result, unauthenticated attackers could perform SQL injection attacks",2022-03-07 09:15:09.563,Nuclei
 CVE-2022-0437,6.1,0.00105,Cross-site Scripting (XSS) - DOM in NPM karma prior to 6.3.14.,2022-02-05 02:15:06.780,Nuclei
-CVE-2022-0441,9.8,0.18605,"The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin",2022-03-07 09:15:09.720,Metasploit/Nuclei
+CVE-2022-0441,9.8,0.20242,"The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin",2022-03-07 09:15:09.720,Metasploit/Nuclei
 CVE-2022-0482,9.1,0.24406,Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidis/easyappointments prior to 1.4.3.,2022-03-09 11:15:07.857,Nuclei
 CVE-2022-0492,7.8,0.09515,"A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.",2022-03-03 19:15:08.633,Metasploit
 CVE-2022-0533,6.1,0.001,The Ditty (formerly Ditty News Ticker) WordPress plugin before 3.0.15 is affected by a Reflected Cross-Site Scripting (XSS) vulnerability.,2022-03-07 09:15:09.933,Nuclei
@@ -4786,14 +4786,14 @@ CVE-2022-2185,8.8,0.45519,"A critical issue has been discovered in GitLab affect
 CVE-2022-2187,6.1,0.00106,"The Contact Form 7 Captcha WordPress plugin before 0.1.2 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers",2022-07-17 11:15:09.403,Nuclei
 CVE-2022-21882,7.8,0.0011,Win32k Elevation of Privilege Vulnerability,2022-01-11 21:15:11.507,CISA/Metasploit
 CVE-2022-21919,7.0,0.00383,Windows User Profile Service Elevation of Privilege Vulnerability,2022-01-11 21:15:13.463,CISA
-CVE-2022-21971,7.8,0.27578,Windows Runtime Remote Code Execution Vulnerability,2022-02-09 17:15:08.640,CISA
+CVE-2022-21971,7.8,0.20687,Windows Runtime Remote Code Execution Vulnerability,2022-02-09 17:15:08.640,CISA
 CVE-2022-21999,7.8,0.00286,Windows Print Spooler Elevation of Privilege Vulnerability,2022-02-09 17:15:09.563,CISA/Metasploit
 CVE-2022-22047,7.8,0.00068,Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability,2022-07-12 23:15:10.343,CISA
 CVE-2022-22071,7.8,0.00114,"Possible use after free when process shell memory is freed using IOCTL munmap call and process initialization is in progress in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music",2022-06-14 10:15:19.003,CISA
 CVE-2022-2219,7.2,0.00159,"The Unyson WordPress plugin before 2.7.27 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting",2022-07-25 13:15:08.460,Nuclei
 CVE-2022-22242,6.1,0.46496,"A Cross-site Scripting (XSS) vulnerability in the J-Web component of Juniper Networks Junos OS allows an unauthenticated attacker to run malicious scripts reflected off of J-Web to the victim's browser in the context of their session within J-Web. This issue affects Juniper Networks Junos OS all versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S7, 19.4R3-S8; 20.1 versions prior to 20.1R3-S5; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2; 22.1 versions prior to 22.1R2.",2022-10-18 03:15:11.033,Nuclei
 CVE-2022-22265,7.8,0.00069,An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution.,2022-01-10 14:12:35.837,CISA
-CVE-2022-22536,10.0,0.96257,"SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.
+CVE-2022-22536,10.0,0.96061,"SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.
 
 ",2022-02-09 23:15:18.620,EPSS/CISA/Nuclei
 CVE-2022-22587,9.8,0.00264,"A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, macOS Big Sur 11.6.3, macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..",2022-03-18 18:15:12.480,CISA
@@ -4861,7 +4861,7 @@ CVE-2022-24627,9.8,0.01652,An issue was discovered in AudioCodes Device Manager
 CVE-2022-24637,9.8,0.84852,"Open Web Analytics (OWA) before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '<?php (instead of the intended ""<?php sequence) aren't handled by the PHP interpreter.",2022-03-18 16:15:08.450,Metasploit
 CVE-2022-2467,9.8,0.03977,A vulnerability has been found in SourceCodester Garage Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument username with the input 1@a.com' AND (SELECT 6427 FROM (SELECT(SLEEP(5)))LwLu) AND 'hsvT'='hsvT leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.,2022-07-19 10:15:08.173,Nuclei
 CVE-2022-24681,6.1,0.00155,"Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screen.",2022-04-07 22:15:07.807,Nuclei
-CVE-2022-24682,6.1,0.01933,"An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document.",2022-02-09 04:15:07.400,CISA
+CVE-2022-24682,6.1,0.02326,"An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document.",2022-02-09 04:15:07.400,CISA
 CVE-2022-24706,9.8,0.97488,"In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations.",2022-04-26 10:15:35.083,EPSS/CISA/Metasploit/Nuclei
 CVE-2022-24716,7.5,0.24846,"Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including `icingaweb2` configuration files with database credentials. This issue has been resolved in versions 2.9.6 and 2.10 of Icinga Web 2. Database credentials should be rotated.",2022-03-08 20:15:07.853,Metasploit/Nuclei
 CVE-2022-24734,7.2,0.25718,"MyBB is a free and open source forum software. In affected versions the Admin CP's Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type `php` with PHP code, executed on on _Change Settings_ pages. This results in a Remote Code Execution (RCE) vulnerability. The vulnerable module requires Admin CP access with the `Can manage settings?` permission. MyBB's Settings module, which allows administrators to add, edit, and delete non-default settings, stores setting data in an options code string ($options_code; mybb_settings.optionscode database column) that identifies the setting type and its options, separated by a new line character (\n). In MyBB 1.2.0, support for setting type php was added, for which the remaining part of the options code is PHP code executed on Change Settings pages (reserved for plugins and internal use). MyBB 1.8.30 resolves this issue. There are no known workarounds.",2022-03-09 22:15:09.363,Metasploit
@@ -4939,7 +4939,7 @@ CVE-2022-28219,9.8,0.97438,Cewolf in Zoho ManageEngine ADAudit Plus before 7060
 CVE-2022-28290,6.1,0.00088,Reflective Cross-Site Scripting vulnerability in WordPress Country Selector Plugin Version 1.6.5. The XSS payload executes whenever the user tries to access the country selector page with the specified payload as a part of the HTTP request,2022-04-25 17:15:36.957,Nuclei
 CVE-2022-28363,6.1,0.00336,Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in the /goform/login_process username parameter via GET. No authentication is required.,2022-04-09 17:15:07.907,Nuclei
 CVE-2022-28365,5.3,0.05306,"Reprise License Manager 14.2 is affected by an Information Disclosure vulnerability via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, hostname(s), system architecture, and file/directory details.",2022-04-09 17:15:08.013,Nuclei
-CVE-2022-28381,9.8,0.73206,"Mediaserver.exe in ALLMediaServer 1.6 has a stack-based buffer overflow that allows remote attackers to execute arbitrary code via a long string to TCP port 888, a related issue to CVE-2017-17932.",2022-04-03 19:15:07.947,Metasploit
+CVE-2022-28381,9.8,0.73752,"Mediaserver.exe in ALLMediaServer 1.6 has a stack-based buffer overflow that allows remote attackers to execute arbitrary code via a long string to TCP port 888, a related issue to CVE-2017-17932.",2022-04-03 19:15:07.947,Metasploit
 CVE-2022-2856,6.5,0.03744,Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page.,2022-09-26 16:15:11.207,CISA
 CVE-2022-2863,4.9,0.35211,"The Migration, Backup, Staging WordPress plugin before 0.9.76 does not sanitise and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server via a Traversal attack",2022-09-16 09:15:11.077,Nuclei
 CVE-2022-28810,6.8,0.91299,"Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as SYSTEM via the policy custom script feature. Due to the use of a default administrator password, attackers may be able to abuse this functionality with minimal effort. Additionally, a remote and partially authenticated attacker may be able to inject arbitrary commands into the custom script due to an unsanitized password field.",2022-04-18 13:15:08.233,CISA/Metasploit
@@ -5084,7 +5084,7 @@ CVE-2022-36534,8.8,0.32328,Super Flexible Software GmbH & Co. KG Syncovery 9 for
 CVE-2022-36536,9.8,0.03665,An issue in the component post_applogin.php of Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below allows attackers to escalate privileges via creating crafted session tokens.,2022-09-16 03:15:09.633,Metasploit
 CVE-2022-36537,7.5,0.9262,"ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader.",2022-08-26 20:15:08.303,CISA/Nuclei
 CVE-2022-36553,9.8,0.34301,Hytec Inter HWL-2511-SS v1.05 and below was discovered to contain a command injection vulnerability via the component /www/cgi-bin/popen.cgi.,2022-08-29 23:15:08.340,Nuclei
-CVE-2022-36642,9.8,0.74887,A local file disclosure vulnerability in /appConfig/userDB.json of Telos Alliance Omnia MPX Node through 1.0.0-1.4.9 allows attackers to access users credentials which makes him able to gain initial access to the control panel with high privilege because the cleartext storage of sensitive information which can be unlatched by exploiting the LFD vulnerability.,2022-09-02 22:15:08.477,Nuclei
+CVE-2022-36642,9.8,0.77465,A local file disclosure vulnerability in /appConfig/userDB.json of Telos Alliance Omnia MPX Node through 1.0.0-1.4.9 allows attackers to access users credentials which makes him able to gain initial access to the control panel with high privilege because the cleartext storage of sensitive information which can be unlatched by exploiting the LFD vulnerability.,2022-09-02 22:15:08.477,Nuclei
 CVE-2022-36804,8.8,0.97346,"Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1 allows remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request. This vulnerability was reported via our Bug Bounty Program by TheGrandPew.",2022-08-25 06:15:09.077,EPSS/CISA/Metasploit/Nuclei
 CVE-2022-36883,7.5,0.01156,A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit.,2022-07-27 15:15:08.880,Nuclei
 CVE-2022-3699,7.8,0.00136,"
@@ -5349,21 +5349,21 @@ CVE-2023-1389,8.8,0.05944,"TP-Link Archer AX21 (AX1800) firmware versions before
 CVE-2023-1408,7.2,0.01061,"The Video List Manager WordPress plugin through 1.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin",2023-05-08 14:15:12.577,Nuclei
 CVE-2023-1454,9.8,0.19589,A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qurestSql. The manipulation of the argument apiSelectId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223299.,2023-03-17 07:15:13.573,Nuclei
 CVE-2023-1496,5.4,0.00091,Cross-site Scripting (XSS) - Reflected in GitHub repository imgproxy/imgproxy prior to 3.14.0.,2023-03-19 17:15:11.173,Nuclei
-CVE-2023-1546,6.1,0.00117,"The MyCryptoCheckout WordPress plugin before 2.124 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting",2023-05-02 08:15:09.957,Nuclei
+CVE-2023-1546,6.1,0.00104,"The MyCryptoCheckout WordPress plugin before 2.124 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting",2023-05-02 08:15:09.957,Nuclei
 CVE-2023-1671,9.8,0.96222,A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.,2023-04-04 10:15:07.197,EPSS/CISA/Nuclei
 CVE-2023-1698,9.8,0.89651,"In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise.",2023-05-15 09:15:09.510,Nuclei
 CVE-2023-1719,9.8,0.02137,"Global variable extraction in bitrix/modules/main/tools.php in Bitrix24 22.0.300 allows unauthenticated remote attackers to (1) enumerate attachments on the server and (2) execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via overwriting uninitialised variables.",2023-11-01 10:15:09.373,Nuclei
 CVE-2023-1730,9.8,0.04678,"The SupportCandy WordPress plugin before 3.1.5 does not validate and escape user input before using it in an SQL statement, which could allow unauthenticated attackers to perform SQL injection attacks",2023-05-02 08:15:10.267,Nuclei
 CVE-2023-1780,6.1,0.00098,"The Companion Sitemap Generator WordPress plugin before 4.5.3 does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.",2023-07-10 16:15:48.950,Nuclei
-CVE-2023-1835,6.1,0.00135,"The Ninja Forms Contact Form WordPress plugin before 3.6.22 does not properly escape user input before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin",2023-05-15 13:15:10.463,Nuclei
-CVE-2023-1880,6.1,0.00109,Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.12.,2023-04-05 17:15:07.133,Nuclei
-CVE-2023-1890,6.1,0.00281,"The Tablesome WordPress plugin before 1.0.9 does not escape various generated URLs, before outputting them in attributes when some notices are displayed, leading to Reflected Cross-Site Scripting",2023-05-15 13:15:10.593,Nuclei
-CVE-2023-1892,9.6,0.02807,Cross-site Scripting (XSS) - Reflected in GitHub repository sidekiq/sidekiq prior to 7.0.8.,2023-04-21 05:15:07.057,Nuclei
-CVE-2023-20073,9.8,0.28387,"A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement mechanisms in the context of file uploads. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to upload arbitrary files to the affected device.",2023-04-05 16:15:07.720,Nuclei
+CVE-2023-1835,6.1,0.00152,"The Ninja Forms Contact Form WordPress plugin before 3.6.22 does not properly escape user input before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin",2023-05-15 13:15:10.463,Nuclei
+CVE-2023-1880,6.1,0.00129,Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.12.,2023-04-05 17:15:07.133,Nuclei
+CVE-2023-1890,6.1,0.00316,"The Tablesome WordPress plugin before 1.0.9 does not escape various generated URLs, before outputting them in attributes when some notices are displayed, leading to Reflected Cross-Site Scripting",2023-05-15 13:15:10.593,Nuclei
+CVE-2023-1892,9.6,0.02464,Cross-site Scripting (XSS) - Reflected in GitHub repository sidekiq/sidekiq prior to 7.0.8.,2023-04-21 05:15:07.057,Nuclei
+CVE-2023-20073,9.8,0.23496,"A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement mechanisms in the context of file uploads. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to upload arbitrary files to the affected device.",2023-04-05 16:15:07.720,Nuclei
 CVE-2023-2009,4.8,0.00099,"Plugin does not sanitize and escape the URL field in the Pretty Url WordPress plugin through 1.5.4 settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).",2023-05-15 13:15:10.817,Nuclei
 CVE-2023-20109,6.6,0.00761,"A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute arbitrary code on an affected device or cause the device to crash.
 
 This vulnerability is due to insufficient validation of attributes in the Group Domain of Interpretation (GDOI) and G-IKEv2 protocols of the GET VPN feature. An attacker could exploit this vulnerability by either compromising an installed key server or modifying the configuration of a group member to point to a key server that is controlled by the attacker. A successful exploit could allow the attacker to execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a denial of service (DoS) condition. For more information, see the Details [""#details""] section of this advisory.",2023-09-27 18:15:10.860,CISA
-CVE-2023-20198,10.0,0.85066,"Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of fixed releases and adding the Software Checker. Our investigation has determined that the actors exploited two previously unknown issues. The attacker first exploited CVE-2023-20198 to gain initial access and issued a privilege 15 command to create a local user and password combination. This allowed the user to log in with normal user access. The attacker then exploited another component of the web UI feature, leveraging the new local user to elevate privilege to root and write the implant to the file system. Cisco has assigned CVE-2023-20273 to this issue. CVE-2023-20198 has been assigned a CVSS Score of 10.0. CVE-2023-20273 has been assigned a CVSS Score of 7.2. Both of these CVEs are being tracked by CSCwh87343.",2023-10-16 16:15:10.023,CISA/Nuclei
+CVE-2023-20198,10.0,0.8659,"Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of fixed releases and adding the Software Checker. Our investigation has determined that the actors exploited two previously unknown issues. The attacker first exploited CVE-2023-20198 to gain initial access and issued a privilege 15 command to create a local user and password combination. This allowed the user to log in with normal user access. The attacker then exploited another component of the web UI feature, leveraging the new local user to elevate privilege to root and write the implant to the file system. Cisco has assigned CVE-2023-20273 to this issue. CVE-2023-20198 has been assigned a CVSS Score of 10.0. CVE-2023-20273 has been assigned a CVSS Score of 7.2. Both of these CVEs are being tracked by CSCwh87343.",2023-10-16 16:15:10.023,CISA/Nuclei
 CVE-2023-2023,6.1,0.00661,"The Custom 404 Pro WordPress plugin before 3.7.3 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting.",2023-05-30 08:15:09.787,Nuclei
 CVE-2023-20269,9.1,0.03378,"A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations or an authenticated, remote attacker to establish a clientless SSL VPN session with an unauthorized user.
 
 This vulnerability is due to improper separation of authentication, authorization, and accounting (AAA) between the remote access VPN feature and the HTTPS management and site-to-site VPN features. An attacker could exploit this vulnerability by specifying a default connection profile/tunnel group while conducting a brute force attack or while establishing a clientless SSL VPN session using valid credentials. A successful exploit could allow the attacker to achieve one or both of the following:
@@ -5400,7 +5400,7 @@ CVE-2023-22463,9.8,0.06169,"KubePi is a k8s panel. The jwt authentication functi
 CVE-2023-22478,7.5,0.13723,KubePi is a modern Kubernetes panel. The API interfaces with unauthorized entities and may leak sensitive information. This issue has been patched in version 1.6.4. There are currently no known workarounds.,2023-01-14 01:15:14.637,Nuclei
 CVE-2023-22480,9.8,0.26811,"KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, deploy and operate production-level K8s clusters. In KubeOperator versions 3.16.3 and below, API interfaces with unauthorized entities and can leak sensitive information. This vulnerability could be used to take over the cluster under certain conditions. This issue has been patched in version 3.16.4.
 ",2023-01-14 01:15:15.207,Nuclei
-CVE-2023-22515,9.8,0.97259,"Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. 
+CVE-2023-22515,9.8,0.97316,"Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. 
 
 Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. ",2023-10-04 14:15:10.440,EPSS/CISA/Nuclei
 CVE-2023-22518,9.8,0.9618,"All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authorization vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account. Using this account, an attacker can then perform all administrative actions that are available to Confluence instance administrator leading to - but not limited to - full loss of confidentiality, integrity and availability. 
@@ -5436,11 +5436,11 @@ CVE-2023-24322,6.1,0.00165,A reflected cross-site scripting (XSS) vulnerability
 CVE-2023-24488,6.1,0.05969,Cross site scripting vulnerability in Citrix ADC and Citrix Gateway  in allows and attacker to perform cross site scripting,2023-07-10 21:15:10.707,Nuclei
 CVE-2023-24489,9.8,0.97382,"
 A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller.",2023-07-10 22:15:09.197,EPSS/CISA/Nuclei
-CVE-2023-24657,6.1,0.03476,phpipam v1.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the closeClass parameter at /subnet-masks/popup.php.,2023-03-08 06:15:44.490,Nuclei
+CVE-2023-24657,6.1,0.02542,phpipam v1.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the closeClass parameter at /subnet-masks/popup.php.,2023-03-08 06:15:44.490,Nuclei
 CVE-2023-24733,6.1,0.00101,PMB v7.4.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the query parameter at /admin/convert/export_z3950_new.php.,2023-03-06 21:15:11.080,Nuclei
 CVE-2023-24735,6.1,0.00488,PMB v7.4.6 was discovered to contain an open redirect vulnerability via the component /opac_css/pmb.php. This vulnerability allows attackers to redirect victim users to an external domain via a crafted URL.,2023-03-06 21:15:11.183,Nuclei
 CVE-2023-24737,6.1,0.00101,PMB v7.4.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the query parameter at /admin/convert/export_z3950.php.,2023-03-06 21:15:11.290,Nuclei
-CVE-2023-2479,9.8,0.96396,OS Command Injection in GitHub repository appium/appium-desktop prior to v1.22.3-4.,2023-05-02 15:15:23.760,EPSS/Nuclei
+CVE-2023-2479,9.8,0.96323,OS Command Injection in GitHub repository appium/appium-desktop prior to v1.22.3-4.,2023-05-02 15:15:23.760,EPSS/Nuclei
 CVE-2023-24880,4.4,0.00954,Windows SmartScreen Security Feature Bypass Vulnerability,2023-03-14 17:15:17.683,CISA
 CVE-2023-24955,7.2,0.21819,Microsoft SharePoint Server Remote Code Execution Vulnerability,2023-05-09 18:15:13.317,CISA/Metasploit
 CVE-2023-25135,9.8,0.71829,"vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deserialization. This occurs because verify_serialized checks that a value is serialized by calling unserialize and then checking for errors. The fixed versions are 5.6.7 PL1, 5.6.8 PL1, and 5.6.9 PL1.",2023-02-03 05:15:10.737,Nuclei
@@ -5492,7 +5492,7 @@ CVE-2023-26843,5.4,0.00264,A stored Cross-site scripting (XSS) vulnerability in
 CVE-2023-26876,8.8,0.02326,SQL injection vulnerability found in Piwigo v.13.5.0 and before allows a remote attacker to execute arbitrary code via the filter_user_id parameter to the admin.php?page=history&filter_image_id=&filter_user_id endpoint.,2023-04-21 15:15:07.160,Metasploit
 CVE-2023-27008,6.1,0.00157,A Cross-site scripting (XSS) vulnerability in the function encrypt_password() in login.tmpl.php in ATutor 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter.,2023-03-28 15:15:06.973,Nuclei
 CVE-2023-27032,9.8,0.02022,Prestashop advancedpopupcreator v1.1.21 to v1.1.24 was discovered to contain a SQL injection vulnerability via the component AdvancedPopup::getPopups().,2023-04-12 14:15:07.757,Nuclei
-CVE-2023-27034,9.8,0.01238,PrestaShop jmsblog 2.5.5 was discovered to contain a SQL injection vulnerability.,2023-03-23 22:15:13.053,Nuclei
+CVE-2023-27034,9.8,0.01353,PrestaShop jmsblog 2.5.5 was discovered to contain a SQL injection vulnerability.,2023-03-23 22:15:13.053,Nuclei
 CVE-2023-27159,7.5,0.00869,Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /v1/avatars/favicon. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request.,2023-03-31 19:15:07.273,Nuclei
 CVE-2023-27179,7.5,0.0282,GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename parameter at /_admin/imgdownload.php.,2023-04-11 12:15:07.700,Nuclei
 CVE-2023-27253,8.8,0.4997,A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows authenticated attackers to execute arbitrary commands via manipulating the contents of an XML file supplied to the component config.xml.,2023-03-17 22:15:11.227,Metasploit
@@ -5500,7 +5500,7 @@ CVE-2023-27292,5.4,0.00079,An open redirect vulnerability exposes OpenCATS to te
 CVE-2023-2732,9.8,0.11583,"The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.2. This is due to insufficient verification on the user being supplied during the add listing REST API request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id.",2023-05-25 03:15:08.630,Nuclei
 CVE-2023-27350,9.8,0.96848,This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987.,2023-04-20 16:15:07.653,EPSS/CISA/Metasploit/Nuclei
 CVE-2023-27372,9.8,0.97393,"SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.",2023-02-28 20:15:10.243,EPSS/Metasploit/Nuclei
-CVE-2023-27482,10.0,0.0644,"homeassistant is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered. This impacts all Home Assistant installation types that use the Supervisor 2023.01.1 or older. Installation types, like Home Assistant Container (for example Docker), or Home Assistant Core manually in a Python environment, are not affected. The issue has been mitigated and closed in Supervisor version 2023.03.1, which has been rolled out to all affected installations via the auto-update feature of the Supervisor. This rollout has been completed at the time of publication of this advisory. Home Assistant Core 2023.3.0 included mitigation for this vulnerability. Upgrading to at least that version is thus advised. In case one is not able to upgrade the Home Assistant Supervisor or the Home Assistant Core application at this time, it is advised to not expose your Home Assistant instance to the internet.",2023-03-08 18:15:11.783,Nuclei
+CVE-2023-27482,10.0,0.07342,"homeassistant is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered. This impacts all Home Assistant installation types that use the Supervisor 2023.01.1 or older. Installation types, like Home Assistant Container (for example Docker), or Home Assistant Core manually in a Python environment, are not affected. The issue has been mitigated and closed in Supervisor version 2023.03.1, which has been rolled out to all affected installations via the auto-update feature of the Supervisor. This rollout has been completed at the time of publication of this advisory. Home Assistant Core 2023.3.0 included mitigation for this vulnerability. Upgrading to at least that version is thus advised. In case one is not able to upgrade the Home Assistant Supervisor or the Home Assistant Core application at this time, it is advised to not expose your Home Assistant instance to the internet.",2023-03-08 18:15:11.783,Nuclei
 CVE-2023-27524,9.8,0.9706,"Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config.
 
 All superset installations should always set a unique secure random SECRET_KEY. Your SECRET_KEY is used to securely sign all session cookies and encrypting sensitive information on the database.
@@ -6140,7 +6140,7 @@ CVE-2023-4542,9.8,0.94859,A vulnerability was found in D-Link DAR-8000-10 up to
 CVE-2023-4547,6.1,0.00458,A vulnerability was found in SPA-Cart eCommerce CMS 1.9.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /search. The manipulation of the argument filter[brandid]/filter[price] leads to cross site scripting. The attack may be launched remotely. VDB-238058 is the identifier assigned to this vulnerability.,2023-08-26 09:15:09.057,Nuclei
 CVE-2023-45498,9.8,0.00297,"VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain a command injection vulnerability.",2023-10-27 04:15:10.487,Metasploit
 CVE-2023-45499,9.8,0.00137,"VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain hardcoded credentials.",2023-10-27 04:15:10.617,Metasploit
-CVE-2023-45542,6.1,0.00109,Cross Site Scripting vulnerability in mooSocial 3.1.8 allows a remote attacker to obtain sensitive information via a crafted script to the q parameter in the Search function.,2023-10-16 21:15:11.517,Nuclei
+CVE-2023-45542,6.1,0.00121,Cross Site Scripting vulnerability in mooSocial 3.1.8 allows a remote attacker to obtain sensitive information via a crafted script to the q parameter in the Search function.,2023-10-16 21:15:11.517,Nuclei
 CVE-2023-45671,4.7,0.01035,"Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, there is a reflected cross-site scripting vulnerability in any API endpoints reliant on the `/<camera_name>` base path as values provided for the path are not sanitized. Exploiting this vulnerability requires the attacker to both know very specific information about a user's Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user's Frigate instance; attacker crafts a specialized page which links to the user's Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. As the reflected values included in the URL are not sanitized or escaped, this permits execution arbitrary Javascript payloads. Version 0.13.0 Beta 3 contains a patch for this issue.",2023-10-30 23:15:08.620,Nuclei
 CVE-2023-4568,6.5,0.01243,"PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch.",2023-09-13 21:15:07.807,Nuclei
 CVE-2023-45852,9.8,0.03797,"In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method.",2023-10-14 02:15:09.270,Nuclei
@@ -6151,7 +6151,7 @@ CVE-2023-4634,9.8,0.03195,"The Media Library Assistant plugin for WordPress is v
 CVE-2023-46347,9.8,0.06684,"In the module ""Step by Step products Pack"" (ndk_steppingpack) version 1.5.6 and before from NDK Design for PrestaShop, a guest can perform SQL injection. The method `NdkSpack::getPacks()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.",2023-10-25 18:17:37.697,Nuclei
 CVE-2023-46359,9.8,0.16997,"An OS command injection vulnerability in Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier, may allow an unauthenticated remote attacker to execute arbitrary commands on the system via a specifically crafted arguments passed to the connectivity check feature.",2024-02-06 01:15:07.877,Nuclei
 CVE-2023-46574,9.8,0.43348,An issue in TOTOLINK A3700R v.9.1.2u.6165_20211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the UploadFirmwareFile function.,2023-10-25 18:17:39.780,Nuclei
-CVE-2023-46604,9.8,0.9688,"The Java OpenWire protocol marshaller is vulnerable to Remote Code 
+CVE-2023-46604,9.8,0.96907,"The Java OpenWire protocol marshaller is vulnerable to Remote Code 
 Execution. This vulnerability may allow a remote attacker with network 
 access to either a Java-based OpenWire broker or client to run arbitrary
  shell commands by manipulating serialized class types in the OpenWire 
@@ -6176,7 +6176,7 @@ may allow an authenticated attacker with network access to the Configuration uti
 
  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated",2023-10-26 21:15:08.177,CISA
 CVE-2023-46805,8.2,0.95023,"An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.",2024-01-12 17:15:09.530,EPSS/CISA/Metasploit/Nuclei
-CVE-2023-46818,7.2,0.74461,An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if admin_allow_langedit is enabled.,2023-10-27 04:15:10.907,Nuclei
+CVE-2023-46818,7.2,0.68808,An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if admin_allow_langedit is enabled.,2023-10-27 04:15:10.907,Nuclei
 CVE-2023-46944,7.8,0.0022,An issue in GitKraken GitLens before v.14.0.0 allows an attacker to execute arbitrary code via a crafted file to the Visual Studio Codes workspace trust component.,2023-11-28 22:15:06.937,Metasploit
 CVE-2023-47115,5.4,0.02378,"Label Studio is an a popular open source data labeling tool. Versions prior to 1.9.2 have a cross-site scripting (XSS) vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website. Executing arbitrary JavaScript could result in an attacker performing malicious actions on Label Studio users if they visit the crafted avatar image. For an example, an attacker can craft a JavaScript payload that adds a new Django Super Administrator user if a Django administrator visits the image.
 
@@ -6207,7 +6207,7 @@ CVE-2023-47684,6.1,0.00071,Unauth. Reflected Cross-Site Scripting (XSS) vulnerab
 CVE-2023-48022,9.8,0.7166,"Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment",2023-11-28 08:15:06.910,Metasploit
 CVE-2023-48023,9.1,0.37477,"Anyscale Ray 2.6.3 and 2.8.0 allows /log_proxy SSRF. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment",2023-11-28 08:15:07.060,Nuclei
 CVE-2023-48084,9.8,0.08699,Nagios XI before version 5.11.3 was discovered to contain a SQL injection vulnerability via the bulk modification tool.,2023-12-14 07:15:08.890,Nuclei
-CVE-2023-48241,7.5,0.45584,"XWiki Platform is a generic wiki platform. Starting in version 6.3-milestone-2 and prior to versions 14.10.15, 15.5.1, and 15.6RC1, the Solr-based search suggestion provider that also duplicates as generic JavaScript API for search results in XWiki exposes the content of all documents of all wikis to anybody who has access to it, by default it is public. This exposes all information stored in the wiki (but not some protected information like password hashes). While there is a right check normally, the right check can be circumvented by explicitly requesting fields from Solr that don't include the data for the right check. This has been fixed in XWiki 15.6RC1, 15.5.1 and 14.10.15 by not listing documents whose rights cannot be checked. No known workarounds are available.",2023-11-20 18:15:07.440,Nuclei
+CVE-2023-48241,7.5,0.41173,"XWiki Platform is a generic wiki platform. Starting in version 6.3-milestone-2 and prior to versions 14.10.15, 15.5.1, and 15.6RC1, the Solr-based search suggestion provider that also duplicates as generic JavaScript API for search results in XWiki exposes the content of all documents of all wikis to anybody who has access to it, by default it is public. This exposes all information stored in the wiki (but not some protected information like password hashes). While there is a right check normally, the right check can be circumvented by explicitly requesting fields from Solr that don't include the data for the right check. This has been fixed in XWiki 15.6RC1, 15.5.1 and 14.10.15 by not listing documents whose rights cannot be checked. No known workarounds are available.",2023-11-20 18:15:07.440,Nuclei
 CVE-2023-4863,8.8,0.63638,Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical),2023-09-12 15:15:24.327,CISA
 CVE-2023-48728,6.1,0.00094,A cross-site scripting (xss) vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability.,2024-01-10 16:15:47.627,Nuclei
 CVE-2023-48777,9.9,0.00054,"Unrestricted Upload of File with Dangerous Type vulnerability in Elementor.Com Elementor Website Builder.This issue affects Elementor Website Builder: from 3.3.0 through 3.18.1.
@@ -6237,7 +6237,7 @@ CVE-2023-4974,9.8,0.03229,A vulnerability was found in Academy LMS 6.2. It has b
 CVE-2023-49785,9.1,0.00049,"NextChat, also known as ChatGPT-Next-Web, is a cross-platform chat user interface for use with ChatGPT. Versions 2.11.2 and prior are vulnerable to server-side request forgery and cross-site scripting. This vulnerability enables read access to internal HTTP endpoints but also write access using HTTP POST, PUT, and other methods. Attackers can also use this vulnerability to mask their source IP by forwarding malicious traffic intended for other Internet targets through these open proxies. As of time of publication, no patch is available, but other mitigation strategies are available. Users may avoid exposing the application to the public internet or, if exposing the application to the internet, ensure it is an isolated network with no access to any other internal resources.
 ",2024-03-12 00:15:26.383,Nuclei
 CVE-2023-49897,8.8,0.00976,"An OS command injection vulnerability exists in AE1021PE firmware version 2.0.9 and earlier and AE1021 firmware version 2.0.9 and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the product.",2023-12-06 07:15:41.883,CISA
-CVE-2023-5003,7.5,0.00474,"The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.10 stores sensitive LDAP logs in a buffer file when an administrator wants to export said logs. Unfortunately, this log file is never removed, and remains accessible to any users knowing the URL to do so.",2023-10-16 20:15:17.490,Nuclei
+CVE-2023-5003,7.5,0.00524,"The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.10 stores sensitive LDAP logs in a buffer file when an administrator wants to export said logs. Unfortunately, this log file is never removed, and remains accessible to any users knowing the URL to do so.",2023-10-16 20:15:17.490,Nuclei
 CVE-2023-50290,6.5,0.16843,"Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr.
 The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users are able to specify which environment variables to hide, however, the default list is designed to work for known secret Java system properties. Environment variables cannot be strictly defined in Solr, like Java system properties can be, and may be set for the entire host, unlike Java system properties which are set per-Java-proccess.
 
@@ -6268,16 +6268,16 @@ CVE-2023-50719,7.5,0.44513,"XWiki Platform is a generic wiki platform. Starting
 CVE-2023-50720,5.3,0.00939,"XWiki Platform is a generic wiki platform. Prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the email addresses of users even when obfuscation of email addresses is enabled. To demonstrate the vulnerability, search for `objcontent:email*` using XWiki's regular search interface. This has been fixed in XWiki 14.10.15, 15.5.2 and 15.7RC1 by not indexing email address properties when obfuscation is enabled. There are no known workarounds for this vulnerability.
 ",2023-12-15 19:15:09.463,Nuclei
 CVE-2023-5074,9.8,0.01802,Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28,2023-09-20 16:15:12.750,Nuclei
-CVE-2023-5089,5.3,0.00139,"The Defender Security WordPress plugin before 4.1.0 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the login page, even when the hide login page functionality of the plugin is enabled.",2023-10-16 20:15:17.737,Nuclei
+CVE-2023-5089,5.3,0.00155,"The Defender Security WordPress plugin before 4.1.0 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the login page, even when the hide login page functionality of the plugin is enabled.",2023-10-16 20:15:17.737,Nuclei
 CVE-2023-50917,9.8,0.77342,MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE: this is unrelated to the Majordomo mailing-list manager.,2023-12-15 17:15:12.840,Metasploit/Nuclei
 CVE-2023-50919,9.8,0.00106,"An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string pattern matching. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.",2024-01-12 08:15:43.533,Metasploit
-CVE-2023-50968,7.5,0.40872,"Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations.
+CVE-2023-50968,7.5,0.44881,"Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations.
 
 The same uri can be operated to realize a SSRF attack also  without  authorizations.
 
 Users are recommended to upgrade to version 18.12.11, which fixes this issue.",2023-12-26 12:15:07.287,Nuclei
 CVE-2023-51449,7.5,0.05375,"Gradio is an open-source Python package that allows you to quickly build a demo or web application for your machine learning model, API, or any arbitary Python function. Versions of `gradio` prior to 4.11.0 contained a vulnerability in the `/file` route which made them susceptible to file traversal attacks in which an attacker could access arbitrary files on a machine running a Gradio app with a public URL (e.g. if the demo was created with `share=True`, or on Hugging Face Spaces) if they knew the path of files to look for. This issue has been patched in version 4.11.0.",2023-12-22 21:15:09.000,Nuclei
-CVE-2023-51467,9.8,0.69021,"The vulnerability permits attackers to circumvent authentication processes, enabling them to remotely execute arbitrary code
+CVE-2023-51467,9.8,0.66771,"The vulnerability permits attackers to circumvent authentication processes, enabling them to remotely execute arbitrary code
 
 ",2023-12-26 15:15:08.853,Metasploit/Nuclei
 CVE-2023-52085,5.4,0.00237,"Winter is a free, open-source content management system. Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be included without further processing in the compilation of custom stylesheets via LESS. This had the potential to lead to a Local File Inclusion vulnerability. This issue has been patched in v1.2.4.",2023-12-29 00:15:50.300,Nuclei
@@ -6301,10 +6301,10 @@ to load arbitrary JavaScript code.
 
 
 ",2023-10-18 15:15:08.727,CISA
-CVE-2023-5830,9.8,0.00549,A vulnerability classified as critical has been found in ColumbiaSoft Document Locator. This affects an unknown part of the file /api/authentication/login of the component WebTools. The manipulation of the argument Server leads to improper authentication. It is possible to initiate the attack remotely. Upgrading to version 7.2 SP4 and 2021.1 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-243729 was assigned to this vulnerability.,2023-10-27 21:15:10.003,Nuclei
+CVE-2023-5830,9.8,0.00598,A vulnerability classified as critical has been found in ColumbiaSoft Document Locator. This affects an unknown part of the file /api/authentication/login of the component WebTools. The manipulation of the argument Server leads to improper authentication. It is possible to initiate the attack remotely. Upgrading to version 7.2 SP4 and 2021.1 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-243729 was assigned to this vulnerability.,2023-10-27 21:15:10.003,Nuclei
 CVE-2023-5863,6.1,0.0007,Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.2.,2023-10-31 01:15:07.757,Nuclei
 CVE-2023-5914,6.1,0.00105,  Cross-site scripting (XSS),2024-01-17 21:15:11.413,Nuclei
-CVE-2023-5991,9.8,0.29597,"The Hotel Booking Lite WordPress plugin before 4.8.5 does not validate file paths provided via user input, as well as does not have proper CSRF and authorisation checks, allowing unauthenticated users to download and delete arbitrary files on the server",2023-12-26 19:15:08.213,Nuclei
+CVE-2023-5991,9.8,0.22645,"The Hotel Booking Lite WordPress plugin before 4.8.5 does not validate file paths provided via user input, as well as does not have proper CSRF and authorisation checks, allowing unauthenticated users to download and delete arbitrary files on the server",2023-12-26 19:15:08.213,Nuclei
 CVE-2023-6018,9.8,0.89015,An attacker can overwrite any file on the server hosting MLflow without any authentication.,2023-11-16 16:15:34.880,Nuclei
 CVE-2023-6019,9.8,0.91871,A command injection existed in Ray's cpu_profile URL parameter allowing attackers to execute os commands on the system running the ray dashboard remotely without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here: https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-2023-48022-cve-2023-48023,2023-11-16 17:15:08.830,Metasploit
 CVE-2023-6020,7.5,0.40497,LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication.,2023-11-16 21:15:09.443,Metasploit/Nuclei
@@ -6318,7 +6318,7 @@ CVE-2023-6329,9.8,0.61326,"An authentication bypass vulnerability exists in Cont
 CVE-2023-6345,9.6,0.09932,Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High),2023-11-29 12:15:07.077,CISA
 CVE-2023-6360,9.8,0.007,"The 'My Calendar' WordPress Plugin, version < 3.4.22 is affected by an unauthenticated SQL injection vulnerability in the 'from' and 'to' parameters in the '/my-calendar/v1/events' rest route.",2023-11-30 16:15:11.820,Nuclei
 CVE-2023-6379,6.1,0.00143,"Cross-site scripting (XSS) vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to a victim and partially take control of their browsing session.",2023-12-13 11:15:07.100,Nuclei
-CVE-2023-6380,6.1,0.01002,Open redirect vulnerability has been found in the Open CMS product affecting versions 14 and 15 of the 'Mercury' template. An attacker could create a specially crafted URL and send it to a specific user to redirect them to a malicious site and compromise them. Exploitation of this vulnerability is possible due to the fact that there is no proper sanitization of the 'URI' parameter.,2023-12-13 11:15:07.630,Nuclei
+CVE-2023-6380,6.1,0.01555,Open redirect vulnerability has been found in the Open CMS product affecting versions 14 and 15 of the 'Mercury' template. An attacker could create a specially crafted URL and send it to a specific user to redirect them to a malicious site and compromise them. Exploitation of this vulnerability is possible due to the fact that there is no proper sanitization of the 'URI' parameter.,2023-12-13 11:15:07.630,Nuclei
 CVE-2023-6389,6.1,0.00188,"The WordPress Toolbar WordPress plugin through 2.2.6 redirects to any URL via the ""wptbto"" parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.",2024-01-29 15:15:09.410,Nuclei
 CVE-2023-6444,5.3,0.00054,The Seriously Simple Podcasting WordPress plugin before 3.0.0 discloses the Podcast owner's email address (which by default is the admin email address) via an unauthenticated crafted request.,2024-03-11 18:15:17.597,Nuclei
 CVE-2023-6448,9.8,0.03937,"Unitronics VisiLogic before version 9.9.00, used in Vision and Samba PLCs and HMIs, uses a default administrative password. An unauthenticated attacker with network access can take administrative control of a vulnerable system.
@@ -6451,7 +6451,7 @@ CVE-2024-23296,7.8,0.00207,A memory corruption issue was addressed with improved
 CVE-2024-2330,6.3,0.00065,A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. This affects an unknown part of the file /protocol/index.php. The manipulation of the argument IPAddr leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256281 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.,2024-03-09 09:15:05.977,Nuclei
 CVE-2024-23334,7.5,0.0846,"aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'follow_symlinks' can be used to determine whether to follow symbolic links outside the static root directory. When 'follow_symlinks' is set to True, there is no validation to check if reading a file is within the root directory. This can lead to directory traversal vulnerabilities, resulting in unauthorized access to arbitrary files on the system, even when symlinks are not present.  Disabling follow_symlinks and using a reverse proxy are encouraged mitigations.  Version 3.9.2 fixes this issue.",2024-01-29 23:15:08.563,Nuclei
 CVE-2024-2340,5.3,0.00053,"The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the '/wp-content/uploads/fusion-forms/' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via an Avada created form with a file upload mechanism.",2024-04-09 19:15:32.520,Nuclei
-CVE-2024-23692,9.8,0.95755,"Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported.",2024-05-31 10:15:09.330,EPSS/CISA/Metasploit/Nuclei
+CVE-2024-23692,9.8,0.95648,"Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported.",2024-05-31 10:15:09.330,EPSS/CISA/Metasploit/Nuclei
 CVE-2024-23759,9.8,0.37442,"Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via ""search"" parameter of the Parcelshopfinder/AddAddressBookEntry"" function.",2024-02-12 22:15:08.087,Metasploit
 CVE-2024-2389,10.0,0.00361,"In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified.  An unauthenticated user can gain entry to the system via the Flowmon management interface, allowing for the execution of arbitrary system commands.
 
@@ -6571,14 +6571,14 @@ CVE-2024-32709,9.3,0.00049,"Improper Neutralization of Special Elements used in
 
 ",2024-04-24 08:15:38.087,Nuclei
 CVE-2024-3272,9.8,0.05866,"** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. This issue affects some unknown processing of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument user with the input messagebus leads to hard-coded credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259283. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.",2024-04-04 01:15:50.123,CISA
-CVE-2024-3273,9.8,0.92501,"** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.",2024-04-04 01:15:50.387,CISA/Nuclei
+CVE-2024-3273,9.8,0.92872,"** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.",2024-04-04 01:15:50.387,CISA/Nuclei
 CVE-2024-3274,5.3,0.0009,"** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DNS-320L, DNS-320LW and DNS-327L up to 20240403 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/info.cgi of the component HTTP GET Request Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259285 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.",2024-04-04 02:15:07.627,Nuclei
 CVE-2024-32896,7.8,0.00083,there is a possible way to bypass  due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.,2024-06-13 21:15:54.080,CISA
 CVE-2024-33113,5.3,0.00053,D-LINK DIR-845L <=v1.01KRb03 is vulnerable to Information disclosurey via bsc_sms_inbox.php.,2024-05-06 15:15:23.703,Nuclei
 CVE-2024-33575,5.3,0.00053,"Exposure of Sensitive Information to an Unauthorized Actor vulnerability in User Meta user-meta.This issue affects User Meta: from n/a through 3.0.
 
 ",2024-04-29 08:15:06.987,Nuclei
-CVE-2024-3400,10.0,0.96299,"A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.
+CVE-2024-3400,10.0,0.96464,"A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.
 
 Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.",2024-04-12 08:15:06.230,EPSS/CISA/Metasploit/Nuclei
 CVE-2024-34061,4.3,0.00053,"changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. In affected versions Input in parameter notification_urls is not processed resulting in javascript execution in the application. A reflected XSS vulnerability happens when the user input from a URL or POST data is reflected on the page without being stored, thus allowing the attacker to inject malicious content. This issue has been addressed in version 0.45.22. Users are advised to upgrade. There are no known workarounds for this vulnerability.",2024-05-02 14:15:10.083,Nuclei
@@ -6638,10 +6638,10 @@ CVE-2024-38080,7.8,0.00043,Windows Hyper-V Elevation of Privilege Vulnerability,
 CVE-2024-38106,7.0,0.00043,Windows Kernel Elevation of Privilege Vulnerability,2024-08-13 18:15:10.713,CISA
 CVE-2024-38107,7.8,0.00043,Windows Power Dependency Coordinator Elevation of Privilege Vulnerability,2024-08-13 18:15:10.963,CISA
 CVE-2024-38112,7.5,0.64669,Windows MSHTML Platform Spoofing Vulnerability,2024-07-09 17:15:47.860,CISA
-CVE-2024-38178,7.5,0.02297,Scripting Engine Memory Corruption Vulnerability,2024-08-13 18:15:26.220,CISA
-CVE-2024-38189,8.8,0.01546,Microsoft Project Remote Code Execution Vulnerability,2024-08-13 18:15:27.733,CISA
+CVE-2024-38178,7.5,0.01646,Scripting Engine Memory Corruption Vulnerability,2024-08-13 18:15:26.220,CISA
+CVE-2024-38189,8.8,0.01237,Microsoft Project Remote Code Execution Vulnerability,2024-08-13 18:15:27.733,CISA
 CVE-2024-38193,7.8,0.00043,Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability,2024-08-13 18:15:28.230,CISA
-CVE-2024-38213,6.5,0.01422,Windows Mark of the Web Security Feature Bypass Vulnerability,2024-08-13 18:15:30.750,CISA
+CVE-2024-38213,6.5,0.01137,Windows Mark of the Web Security Feature Bypass Vulnerability,2024-08-13 18:15:30.750,CISA
 CVE-2024-38217,5.4,0.00268,Windows Mark of the Web Security Feature Bypass Vulnerability,2024-09-10 17:15:24.640,CISA
 CVE-2024-3822,0.0,0.00053,"The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin",2024-05-15 06:15:14.377,Nuclei
 CVE-2024-38226,7.3,0.00051,Microsoft Publisher Security Feature Bypass Vulnerability,2024-09-10 17:15:25.267,CISA
diff --git a/secpatch.ipynb b/secpatch.ipynb
index 02dd544..c26df1b 100644
--- a/secpatch.ipynb
+++ b/secpatch.ipynb
@@ -5,10 +5,10 @@
    "execution_count": 1,
    "metadata": {
     "execution": {
-     "iopub.execute_input": "2024-09-15T06:24:09.812121Z",
-     "iopub.status.busy": "2024-09-15T06:24:09.811938Z",
-     "iopub.status.idle": "2024-09-15T06:24:10.670630Z",
-     "shell.execute_reply": "2024-09-15T06:24:10.670061Z"
+     "iopub.execute_input": "2024-09-15T12:31:44.881530Z",
+     "iopub.status.busy": "2024-09-15T12:31:44.881107Z",
+     "iopub.status.idle": "2024-09-15T12:31:45.614354Z",
+     "shell.execute_reply": "2024-09-15T12:31:45.613808Z"
     }
    },
    "outputs": [],
@@ -33,10 +33,10 @@
    "execution_count": 2,
    "metadata": {
     "execution": {
-     "iopub.execute_input": "2024-09-15T06:24:10.673331Z",
-     "iopub.status.busy": "2024-09-15T06:24:10.672888Z",
-     "iopub.status.idle": "2024-09-15T06:24:10.683578Z",
-     "shell.execute_reply": "2024-09-15T06:24:10.683095Z"
+     "iopub.execute_input": "2024-09-15T12:31:45.617070Z",
+     "iopub.status.busy": "2024-09-15T12:31:45.616616Z",
+     "iopub.status.idle": "2024-09-15T12:31:45.627223Z",
+     "shell.execute_reply": "2024-09-15T12:31:45.626808Z"
     }
    },
    "outputs": [],
@@ -57,10 +57,10 @@
    "execution_count": 3,
    "metadata": {
     "execution": {
-     "iopub.execute_input": "2024-09-15T06:24:10.685815Z",
-     "iopub.status.busy": "2024-09-15T06:24:10.685495Z",
-     "iopub.status.idle": "2024-09-15T06:24:10.698562Z",
-     "shell.execute_reply": "2024-09-15T06:24:10.698106Z"
+     "iopub.execute_input": "2024-09-15T12:31:45.629370Z",
+     "iopub.status.busy": "2024-09-15T12:31:45.628953Z",
+     "iopub.status.idle": "2024-09-15T12:31:45.641822Z",
+     "shell.execute_reply": "2024-09-15T12:31:45.641379Z"
     }
    },
    "outputs": [],
@@ -76,10 +76,10 @@
    "execution_count": 4,
    "metadata": {
     "execution": {
-     "iopub.execute_input": "2024-09-15T06:24:10.701083Z",
-     "iopub.status.busy": "2024-09-15T06:24:10.700729Z",
-     "iopub.status.idle": "2024-09-15T06:24:10.820117Z",
-     "shell.execute_reply": "2024-09-15T06:24:10.819489Z"
+     "iopub.execute_input": "2024-09-15T12:31:45.644023Z",
+     "iopub.status.busy": "2024-09-15T12:31:45.643491Z",
+     "iopub.status.idle": "2024-09-15T12:31:45.756227Z",
+     "shell.execute_reply": "2024-09-15T12:31:45.755637Z"
     }
    },
    "outputs": [
@@ -87,7 +87,7 @@
      "name": "stderr",
      "output_type": "stream",
      "text": [
-      "/tmp/ipykernel_3651/298683809.py:5: SettingWithCopyWarning: \n",
+      "/tmp/ipykernel_3643/298683809.py:5: SettingWithCopyWarning: \n",
       "A value is trying to be set on a copy of a slice from a DataFrame.\n",
       "Try using .loc[row_indexer,col_indexer] = value instead\n",
       "\n",
@@ -110,10 +110,10 @@
    "execution_count": 5,
    "metadata": {
     "execution": {
-     "iopub.execute_input": "2024-09-15T06:24:10.855527Z",
-     "iopub.status.busy": "2024-09-15T06:24:10.855098Z",
-     "iopub.status.idle": "2024-09-15T06:24:10.928278Z",
-     "shell.execute_reply": "2024-09-15T06:24:10.927779Z"
+     "iopub.execute_input": "2024-09-15T12:31:45.790216Z",
+     "iopub.status.busy": "2024-09-15T12:31:45.789844Z",
+     "iopub.status.idle": "2024-09-15T12:31:45.859803Z",
+     "shell.execute_reply": "2024-09-15T12:31:45.859361Z"
     }
    },
    "outputs": [],
@@ -127,10 +127,10 @@
    "execution_count": 6,
    "metadata": {
     "execution": {
-     "iopub.execute_input": "2024-09-15T06:24:10.930881Z",
-     "iopub.status.busy": "2024-09-15T06:24:10.930513Z",
-     "iopub.status.idle": "2024-09-15T06:24:32.506484Z",
-     "shell.execute_reply": "2024-09-15T06:24:32.505850Z"
+     "iopub.execute_input": "2024-09-15T12:31:45.861823Z",
+     "iopub.status.busy": "2024-09-15T12:31:45.861631Z",
+     "iopub.status.idle": "2024-09-15T12:32:07.718455Z",
+     "shell.execute_reply": "2024-09-15T12:32:07.717776Z"
     }
    },
    "outputs": [],
@@ -225,10 +225,10 @@
    "execution_count": 7,
    "metadata": {
     "execution": {
-     "iopub.execute_input": "2024-09-15T06:24:32.509004Z",
-     "iopub.status.busy": "2024-09-15T06:24:32.508696Z",
-     "iopub.status.idle": "2024-09-15T06:24:32.719783Z",
-     "shell.execute_reply": "2024-09-15T06:24:32.719160Z"
+     "iopub.execute_input": "2024-09-15T12:32:07.721031Z",
+     "iopub.status.busy": "2024-09-15T12:32:07.720831Z",
+     "iopub.status.idle": "2024-09-15T12:32:07.900772Z",
+     "shell.execute_reply": "2024-09-15T12:32:07.900257Z"
     }
    },
    "outputs": [],