Replies: 2 comments 1 reply
-
|
Hello @daffainfo, Thank you so much for creating this discussion. For many CVEs, we add the vulnerability details as soon as they're disclosed but the CVE IDs are often assigned later which is why the ones mentioned above were initially missed. We're now fixing all of them and we'll also review the other templates to ensure any assigned CVEs are included. Thank you again for bringing this to our attention. I'll share the PR here shortly with the updates. |
Beta Was this translation helpful? Give feedback.
-
|
@daffainfo We have moved the above templates to their updated directories #13485. Let me know if something is missed. thank you |
Beta Was this translation helpful? Give feedback.
-
|
There should still be a lot that isn’t covered because I only checked part of it, but it looks good to me. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
I found the
http/vulnerabilitydirectory to be very messy. I saw many templates that should have CVE IDs and be placed in thehttp/cves, but instead ended up in thehttp/vulnerabilityfolder. Here are some examples:mockoon-lfi to CVE-2025-59049
aquatronica-info-leak to CVE-2025-25037
titannit-web-rce to CVE-2024-9166
codimd-unauth-file-upload to CVE-2024-38353
dedecms-carbuyaction-fileinclude to CVE-2024-12183
mcms-list-sqli to CVE-2023-50578
aerocms-sqli to CVE-2022-38812
tekon-info-leak to CVE-2022-28223
kkfileview-ssrf to CVE-2022-42149
carel-bacnet-gateway-traversal to CVE-2022-37122
nextjs-redirect to CVE-2022-39239
gitlab-rce to CVE-2021-22205
dixell-xweb500-filewrite to CVE-2021-45420
confluence-ssrf-sharelinks to CVE-2021-26072
fatpipe-auth-bypass to CVE-2021-27858
fatpipe-backdoor to CVE-2021-27856
webp-server-go-lfi to CVE-2021-46104
moodle-xss to CVE-2021-32478
homeautomation-v3-openredirect to CVE-2020-21998
alumni-management-sqli to CVE-2020-29214
inspur-clusterengine-rce to CVE-2020-21224
thinkcmf-arbitrary-code-execution to CVE-2020-20601
zzzcms-ssrf to CVE-2019-10647
oscommerce-rce to CVE-2018-25114
jorani-benjamin-xss to CVE-2018-15917
videoxpert-lfi to CVE-2017-9965
php-xdebug-rce to CVE-2015-10141
infoblox-netmri-rails-cookie-rce to CVE-2013-0156
And some duplicate templates:
grafana-file-read with CVE-2021-43798
microweber-xss with CVE-2022-2130
I also found some templates that were misplaced like:
Some log4j templates are inconsistent too like:
And so on. The examples above are only a small sample....
Beta Was this translation helpful? Give feedback.
All reactions