Commit from GitHub Actions (Update List)

data/data.csv

@@ -4873,7 +4873,7 @@ CVE-2022-24384,6.1,0.00084,Cross-site Scripting (XSS) vulnerability in SmarterTo
 CVE-2022-24521,7.8,0.00044,Windows Common Log File System Driver Elevation of Privilege Vulnerability,2022-04-15 19:15:11.107,CISA
 CVE-2022-2462,5.3,0.04904,"The Transposh WordPress Translation plugin for WordPress is vulnerable to sensitive information disclosure to unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient permissions checking on the 'tp_history' AJAX action and insufficient restriction on the data returned in the response. This makes it possible for unauthenticated users to exfiltrate usernames of individuals who have translated text.",2022-09-06 18:15:13.950,Nuclei
 CVE-2022-24627,9.8,0.01652,An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the process_login.php login form.,2023-05-29 21:15:09.423,Nuclei
-CVE-2022-24637,9.8,0.84852,"Open Web Analytics (OWA) before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '<?php (instead of the intended ""<?php sequence) aren't handled by the PHP interpreter.",2022-03-18 16:15:08.450,Metasploit
+CVE-2022-24637,9.8,0.84852,"Open Web Analytics (OWA) before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '<?php (instead of the intended ""<?php sequence) aren't handled by the PHP interpreter.",2022-03-18 16:15:08.450,Metasploit/Nuclei
 CVE-2022-2467,9.8,0.03977,A vulnerability has been found in SourceCodester Garage Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument username with the input 1@a.com' AND (SELECT 6427 FROM (SELECT(SLEEP(5)))LwLu) AND 'hsvT'='hsvT leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.,2022-07-19 10:15:08.173,Nuclei
 CVE-2022-24681,6.1,0.00155,"Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screen.",2022-04-07 22:15:07.807,Nuclei
 CVE-2022-24682,6.1,0.02326,"An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document.",2022-02-09 04:15:07.400,CISA
@@ -6137,7 +6137,7 @@ CVE-2023-43325,6.1,0.37632,A reflected cross-site scripting (XSS) vulnerability
 CVE-2023-43326,6.1,0.02034,A reflected cross-site scripting (XSS) vulnerability exisits in multiple url of mooSocial v3.1.8 allows attackers to steal user's session cookies and impersonate their account via a crafted URL.,2023-09-25 22:15:10.943,Nuclei
 CVE-2023-43374,9.8,0.00876,Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the id_utente_log parameter at /hoteldruid/personalizza.php.,2023-09-20 19:15:12.350,Nuclei
 CVE-2023-43472,7.5,0.01358,An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API.,2023-12-05 07:15:07.667,Nuclei
-CVE-2023-43654,9.8,0.00173,"TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to compromise the integrity of the system and sensitive data. This issue is present in versions 0.1.0 to 0.8.1. A user is able to load the model of their choice from any URL that they would like to use. The user of TorchServe is responsible for configuring both the allowed_urls and specifying the model URL to be used. A pull request to warn the user when the default value for allowed_urls is used has been merged in PR #2534. TorchServe release 0.8.2 includes this change. Users are advised to upgrade. There are no known workarounds for this issue.",2023-09-28 23:15:09.627,Metasploit
+CVE-2023-43654,9.8,0.00173,"TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to compromise the integrity of the system and sensitive data. This issue is present in versions 0.1.0 to 0.8.1. A user is able to load the model of their choice from any URL that they would like to use. The user of TorchServe is responsible for configuring both the allowed_urls and specifying the model URL to be used. A pull request to warn the user when the default value for allowed_urls is used has been merged in PR #2534. TorchServe release 0.8.2 includes this change. Users are advised to upgrade. There are no known workarounds for this issue.",2023-09-28 23:15:09.627,Metasploit/Nuclei
 CVE-2023-43662,8.6,0.03585,"ShokoServer is a media server which specializes in organizing anime. In affected versions the `/api/Image/WithPath` endpoint is accessible without authentication and is supposed to return default server images. The endpoint accepts the parameter `serverImagePath`, which is not sanitized in any way before being passed to `System.IO.File.OpenRead`, which results in an arbitrary file read. This issue may lead to an arbitrary file read which is exacerbated in the windows installer which installs the ShokoServer as administrator. Any unauthenticated attacker may be able to access sensitive information and read files stored on the server. The `/api/Image/WithPath` endpoint has been removed in commit `6c57ba0f0` which will be included in subsequent releases. Users should limit access to the `/api/Image/WithPath` endpoint or manually patch their installations until a patched release is made. This issue was discovered by the GitHub Security lab and is also indexed as GHSL-2023-191.",2023-09-28 22:15:10.270,Nuclei
 CVE-2023-43770,6.1,0.16561,"Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior.",2023-09-22 06:15:10.090,CISA
 CVE-2023-43795,9.8,0.28896,GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request Forgery. This vulnerability has been patched in version 2.22.5 and 2.23.2.,2023-10-25 18:17:32.180,Nuclei
@@ -6333,6 +6333,7 @@ CVE-2023-6038,7.5,0.07263,"A Local File Inclusion (LFI) vulnerability exists in
 CVE-2023-6063,7.5,0.12685,"The WP Fastest Cache WordPress plugin before 1.2.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users.",2023-12-04 22:15:08.337,Nuclei
 CVE-2023-6065,5.3,0.00108,"The Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 doesn't restrict access to detailed scan logs, which allows a malicious actor to discover local paths and portions of the site's code",2023-12-18 20:15:08.750,Nuclei
 CVE-2023-6114,7.5,0.01146,"The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the `backups-dup-lite/tmp` directory (or the `backups-dup-pro/tmp` directory in the Pro version), which temporarily stores files containing sensitive data. When directory listing is enabled in the web server, this allows unauthenticated attackers to discover and access these sensitive files, which include a full database dump and a zip archive of the site.",2023-12-26 19:15:08.260,Nuclei
+CVE-2023-6275,6.1,0.00075,"A vulnerability was found in TOTVS Fluig Platform 1.6.x/1.7.x/1.8.0/1.8.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /mobileredir/openApp.jsp of the component mobileredir. The manipulation of the argument redirectUrl/user with the input ""><script>alert(document.domain)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.7.1-231128, 1.8.0-231127 and 1.8.1-231127 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-246104.",2023-11-24 15:15:07.783,Nuclei
 CVE-2023-6329,9.8,0.61326,"An authentication bypass vulnerability exists in Control iD iDSecure v4.7.32.0. The login routine used by iDS-Core.dll contains a ""passwordCustom"" option that allows an unauthenticated attacker to compute valid credentials that can be used to bypass authentication and act as an administrative user.",2023-11-27 17:15:09.860,Metasploit/Nuclei
 CVE-2023-6345,9.6,0.09932,Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High),2023-11-29 12:15:07.077,CISA
 CVE-2023-6360,9.8,0.007,"The 'My Calendar' WordPress Plugin, version < 3.4.22 is affected by an unauthenticated SQL injection vulnerability in the 'from' and 'to' parameters in the '/my-calendar/v1/events' rest route.",2023-11-30 16:15:11.820,Nuclei
@@ -6513,6 +6514,7 @@ CVE-2024-27956,9.9,0.0005,"Improper Neutralization of Special Elements used in a
 ",2024-03-21 17:15:08.437,Nuclei
 CVE-2024-28254,8.8,0.00046,"OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The `‎AlertUtil::validateExpression` method evaluates an SpEL expression using `getValue` which by default uses the `StandardEvaluationContext`, allowing the expression to reach and interact with Java classes such as `java.lang.Runtime`, leading to Remote Code Execution. The `/api/v1/events/subscriptions/validation/condition/<expression>` endpoint passes user-controlled data `AlertUtil::validateExpession` allowing authenticated (non-admin) users to execute arbitrary system commands on the underlaying operating system. In addition, there is a missing authorization check since `Authorizer.authorize()` is never called in the affected path and, therefore, any authenticated non-admin user is able to trigger this endpoint and evaluate arbitrary SpEL expressions leading to arbitrary command execution. This vulnerability was discovered with the help of CodeQL's Expression language injection (Spring) query and is also tracked as `GHSL-2023-235`. This issue may lead to Remote Code Execution and has been addressed in version 1.2.4. Users are advised to upgrade. There are no known workarounds for this vulnerability.",2024-03-15 20:15:10.057,Metasploit
 CVE-2024-28255,9.8,0.00065,"OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The `JwtFilter` handles the API authentication by requiring and verifying JWT tokens. When a new request comes in, the request's path is checked against this list. When the request's path contains any of the excluded endpoints the filter returns without validating the JWT. Unfortunately, an attacker may use Path Parameters to make any path contain any arbitrary strings. For example, a request to `GET /api/v1;v1%2fusers%2flogin/events/subscriptions/validation/condition/111` will match the excluded endpoint condition and therefore will be processed with no JWT validation allowing an attacker to bypass the authentication mechanism and reach any arbitrary endpoint, including the ones listed above that lead to arbitrary SpEL expression injection. This bypass will not work when the endpoint uses the `SecurityContext.getUserPrincipal()` since it will return `null` and will throw an NPE. This issue may lead to authentication bypass and has been addressed in version 1.2.4. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as `GHSL-2023-237`.",2024-03-15 20:15:10.270,Metasploit/Nuclei
+CVE-2024-28397,5.3,0.00043,An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call.,2024-06-20 17:15:50.527,Nuclei
 CVE-2024-28734,6.1,0.00065,Cross Site Scripting vulnerability in Unit4 Financials by Coda prior to 2023Q4 allows a remote attacker to run arbitrary code via a crafted GET request using the cols parameter.,2024-03-19 14:15:07.687,Nuclei
 CVE-2024-28741,8.8,0.00163,Cross Site Scripting vulnerability in EginDemirbilek NorthStar C2 v1 allows a remote attacker to execute arbitrary code via the login.php component.,2024-04-06 19:15:07.247,Metasploit
 CVE-2024-2876,9.8,0.00888,"The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'run' function of the 'IG_ES_Subscribers_Query' class in all versions up to, and including, 5.7.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.",2024-05-02 17:15:20.463,Nuclei
@@ -6724,6 +6726,12 @@ Users are recommended to upgrade to version 18.12.16, which fixes the issue.",20
 CVE-2024-45241,7.5,0.00065,"A traversal vulnerability in GeneralDocs.aspx in CentralSquare CryWolf (False Alarm Management) through 2024-08-09 allows unauthenticated attackers to read files outside of the working web directory via the rpt parameter, leading to the disclosure of sensitive information.",2024-08-26 07:15:04.273,Nuclei
 CVE-2024-45388,7.5,0.00066,"Hoverfly is a lightweight service virtualization/ API simulation / API mocking tool for developers and testers. The `/api/v2/simulation` POST handler allows users to create new simulation views from the contents of a user-specified file. This feature can be abused by an attacker to read arbitrary files from the Hoverfly server. Note that, although the code prevents absolute paths from being specified, an attacker can escape out of the `hf.Cfg.ResponsesBodyFilesPath` base path by using `../` segments and reach any arbitrary files. This issue was found using the Uncontrolled data used in path expression CodeQL query for python. Users are advised to make sure the final path (`filepath.Join(hf.Cfg.ResponsesBodyFilesPath, filePath)`) is contained within the expected base path (`filepath.Join(hf.Cfg.ResponsesBodyFilesPath, ""/"")`). This issue is also tracked as GHSL-2023-274.",2024-09-02 18:15:38.063,Nuclei
 CVE-2024-4548,9.8,0.0029,"An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateHDMWYC' message, which is split into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field.",2024-05-06 14:15:08.533,Metasploit
+CVE-2024-45507,9.8,0.00514,"Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz.
+
+This issue affects Apache OFBiz: before 18.12.16.
+
+Users are recommended to upgrade to version 18.12.16, which fixes the issue.",2024-09-04 09:15:04.520,Nuclei
+CVE-2024-45622,9.8,0.00043,ASIS (aka Aplikasi Sistem Sekolah using CodeIgniter 3) 3.0.0 through 3.2.0 allows index.php username SQL injection for Authentication Bypass.,2024-09-02 19:15:13.170,Nuclei
 CVE-2024-4577,9.8,0.9632,"In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use ""Best-Fit"" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.",2024-06-09 20:15:09.550,EPSS/CISA/Metasploit/Nuclei
 CVE-2024-4610,7.8,0.15862,"Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r34p0 through r40p0; Valhall GPU Kernel Driver: from r34p0 through r40p0.",2024-06-07 12:15:09.077,CISA
 CVE-2024-4671,9.6,0.001,Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High),2024-05-14 15:44:15.573,CISA
@@ -6800,6 +6808,7 @@ CVE-2024-7965,8.8,0.00159,Inappropriate implementation in V8 in Google Chrome pr
 CVE-2024-7971,8.8,0.00159,Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. (Chromium security severity: High),2024-08-21 21:15:09.277,CISA
 CVE-2024-8181,8.1,0.00587,"An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an administrator and allow them to access restricted functionality.",2024-08-27 13:15:06.820,Nuclei
 CVE-2024-8190,7.2,0.15116,An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability.,2024-09-10 21:15:14.697,CISA
+CVE-2024-8503,9.8,0.00043,"An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial to enumerate database records. By default, VICIdial stores plaintext credentials within the database.",2024-09-10 20:15:05.283,Nuclei
 CVE-2024-8517,9.8,0.00157,"SPIP before 4.3.2, 4.2.16, and 
 4.1.18 is vulnerable to a command injection issue. A 
 remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request.",2024-09-06 16:15:03.793,Metasploit/Nuclei