v9.5.5
What's Changed
馃敟 Highlights of this release:
[CVE-2023-30777] Advanced Custom Fields < 6.1.6 - Cross-Site Scripting (@r3y3r53) [medium] 馃敟
[CVE-2023-28121] WooCommerce Payments - Unauthorized Admin Access (@dhiyaneshdk) [critical] 馃敟
[CVE-2023-2822] Ellucian Ethos Identity CAS - Cross-Site Scripting (@guax1) [medium] 馃敟
[CVE-2023-0297] PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE) (@MrHarshvardhan,@dhiyaneshdk) [critical] 馃敟
[CVE-2022-4295] Show all comments < 7.0.1 - Cross-Site Scripting (@r3y3r53) [medium] 馃敟
New Templates Added: 90
New CVEs Added: 41
- http/cves/2023/CVE-2023-36346.yaml by @r3Y3r53
- http/cves/2023/CVE-2023-36289.yaml by @theamanrawat
- http/cves/2023/CVE-2023-36287.yaml by @theamanrawat
- http/cves/2023/CVE-2023-33439.yaml by @harsh
- http/cves/2023/CVE-2023-30777.yaml by @r3Y3r53 馃敟
- http/cves/2023/CVE-2023-30256.yaml by @theamanrawat
- http/cves/2023/CVE-2023-2822.yaml by @Guax1 馃敟
- http/cves/2023/CVE-2023-28121.yaml by @dhiyaneshdk 馃敟
- http/cves/2023/CVE-2023-2272.yaml by @r3Y3r53
- http/cves/2023/CVE-2023-2252.yaml by @r3Y3r53
- http/cves/2023/CVE-2023-2023.yaml by @r3Y3r53
- http/cves/2023/CVE-2023-1890.yaml by @r3Y3r53
- http/cves/2023/CVE-2023-1835.yaml by @r3Y3r53
- http/cves/2023/CVE-2023-1730.yaml by @theamanrawat
- http/cves/2023/CVE-2023-0514.yaml by @r3Y3r53
- http/cves/2023/CVE-2023-0297.yaml by @MrHarshvardhan, @dhiyaneshdk 馃敟
- http/cves/2022/CVE-2022-44952.yaml by @r3Y3r53
- http/cves/2022/CVE-2022-44951.yaml by @r3Y3r53
- http/cves/2022/CVE-2022-44950.yaml by @r3Y3r53
- http/cves/2022/CVE-2022-44949.yaml by @r3Y3r53
- http/cves/2022/CVE-2022-44948.yaml by @r3Y3r53
- http/cves/2022/CVE-2022-44947.yaml by @r3Y3r53
- http/cves/2022/CVE-2022-44946.yaml by @r3Y3r53
- http/cves/2022/CVE-2022-44944.yaml by @r3Y3r53
- http/cves/2022/CVE-2022-43185.yaml by @r3Y3r53
- http/cves/2022/CVE-2022-43170.yaml by @r3Y3r53
- http/cves/2022/CVE-2022-43169.yaml by @r3Y3r53
- http/cves/2022/CVE-2022-43167.yaml by @r3Y3r53
- http/cves/2022/CVE-2022-43166.yaml by @r3Y3r53
- http/cves/2022/CVE-2022-43165.yaml by @r3Y3r53
- http/cves/2022/CVE-2022-43164.yaml by @r3Y3r53
- http/cves/2022/CVE-2022-4295.yaml by @r3Y3r53 馃敟
- http/cves/2020/CVE-2020-35987.yaml by @r3Y3r53
- http/cves/2020/CVE-2020-35986.yaml by @r3Y3r53
- http/cves/2020/CVE-2020-35985.yaml by @r3Y3r53
- http/cves/2020/CVE-2020-35984.yaml by @r3Y3r53
- http/cves/2020/CVE-2020-19515.yaml by @theamanrawat
- http/cves/2019/CVE-2019-8390.yaml by @theamanrawat
- http/cves/2019/CVE-2019-14789.yaml by @r3Y3r53
- http/cves/2018/CVE-2018-6530.yaml by @gy741
- http/cves/2012/CVE-2012-5321.yaml by @ctflearner
- http/cnvd/2022/CNVD-2022-86535.yaml by @arliya,@ritikchaddha
- http/vulnerabilities/other/sitemap-sql-injection.yaml by @aravind
- http/vulnerabilities/wordpress/contus-video-gallery-sqli.yaml by @theamanrawat
- http/vulnerabilities/wordpress/leaguemanager-sql-injection.yaml by @theamanrawat
- http/vulnerabilities/wordpress/notificationx-sqli.yaml by @theamanrawat
- http/vulnerabilities/wordpress/zero-spam-sql-injection.yaml by @theamanrawat
- http/default-logins/esafenet-cdg-default-login.yaml by @chesterblue
- http/default-logins/leostream/leostream-default-login.yaml by @bhutch
- http/default-logins/pyload/pyload-default-login.yaml by @dhiyaneshdk
- http/misconfiguration/proxy/open-proxy-external.yaml by @gtrrnr
- http/misconfiguration/unauth-temporal-web-ui.yaml by @ggranjus
- network/misconfig/apache-dubbo-unauth.yaml by @j4vaovo
- network/misconfig/apache-rocketmq-broker-unauth.yaml by @j4vaovo
- http/exposures/configs/collibra-properties.yaml by @0xpugazh
- http/exposures/files/pnpm-lock.yaml by @noraj
- http/exposures/tokens/adafruit/adafruit-api-key.yaml by @dhiyaneshdk
- http/exposures/tokens/adobe/adobe-client-id.yaml by @dhiyaneshdk
- http/exposures/tokens/airtable/airtable-api-key.yaml by @dhiyaneshdk
- http/exposures/tokens/algolia/algolia-api-key.yaml by @dhiyaneshdk
- http/exposures/tokens/alibaba/alibaba-accesskey-id.yaml by @dhiyaneshdk
- http/exposures/tokens/alibaba/alibaba-secretkey-id.yaml by @dhiyaneshdk
- http/exposures/tokens/asana/asana-client-id.yaml by @dhiyaneshdk
- http/exposures/tokens/asana/asana-client-secret.yaml by @dhiyaneshdk
- http/exposures/tokens/atlassian-token.yaml by @dhiyaneshdk
- http/exposed-panels/arangodb-web-Interface.yaml by @pussycat0x
- http/exposed-panels/arcserve-panel.yaml by @dhiyaneshdk
- http/exposed-panels/c2/hookbot-rat.yaml by @pussycat0x
- http/exposed-panels/c2/mystic-stealer.yaml by @pussycat0x
- http/exposed-panels/cloudpanel-login.yaml by @dhiyaneshdk
- http/exposed-panels/dell-idrac.yaml by @kazet
- http/exposed-panels/efak-login-panel.yaml by @irshad ahamed
- http/exposed-panels/pritunl-panel.yaml by @irshad ahamed
- http/exposed-panels/pyload-panel.yaml by @dhiyaneshdk
- http/exposed-panels/qdpm-login-panel.yaml by @theamanrawat
- http/exposed-panels/shell-box.yaml by @irshad ahamed
- http/exposed-panels/untangle-admin-login.yaml by @irshad ahamed
- http/exposed-panels/uptime-kuma-panel.yaml by @irshad ahamed
- file/keys/adafruit-key.yaml by @dhiyaneshdk
- file/keys/adobe/adobe-client.yaml by @dhiyaneshdk
- file/keys/airtable-key.yaml by @dhiyaneshdk
- file/keys/algolia-key.yaml by @dhiyaneshdk
- file/keys/alibaba/alibaba-key-id.yaml by @dhiyaneshdk
- file/keys/alibaba/alibaba-secret-id.yaml by @dhiyaneshdk
- file/keys/asana/asana-clientid.yaml by @dhiyaneshdk
- file/keys/asana/asana-clientsecret.yaml by @dhiyaneshdk
- file/keys/atlassian/atlassian-api-token.yaml by @dhiyaneshdk
- file/webshell/asp-webshell.yaml by @lu4nx
- file/webshell/jsp-webshell.yaml by @lu4nx
- file/webshell/php-webshell.yaml by @lu4nx
New Contributors
- @ghoeffner made their first contribution in #7603
- @mosesrenegade made their first contribution in #7604
- @ErikOwen made their first contribution in #7344
- @Marcuccio made their first contribution in #7614
- @Armandhe-China made their first contribution in #6405
- @aravindb26 made their first contribution in #7372
Full Changelog: v9.5.4...v9.5.5
Contributors
aravind, mosesrenegade, and 23 other contributors