Commit from GitHub Actions (Update List)

khulnasoft-lab · Feb 19, 2025 · cb0086a · cb0086a
1 parent 985f017
commit cb0086a
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 31 deletions.
diff --git a/data/data.csv b/data/data.csv
@@ -6211,11 +6211,12 @@ CVE-2024-1210,5.3,0.10519,"The LearnDash LMS plugin for WordPress is vulnerable
 CVE-2024-1212,10.0,0.93714,"Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.
 
 
-",2024-02-21 18:15:50.417,CISA/Metasploit/Nuclei
+",2024-02-21 18:15:50.417,CISA/Nuclei
 CVE-2024-12209,9.8,0.02909,"The WP Umbrella: Update Backup Restore & Monitoring plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.17.0 via the 'filename' parameter of the 'umbrella-restore' action. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.",2024-12-08 06:15:04.823,Nuclei
 CVE-2024-12356,9.8,0.01489,A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user.,2024-12-17 05:15:06.413,CISA/Metasploit
 CVE-2024-12686,6.6,0.0618,A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user.,2024-12-18 21:15:08.020,CISA
 CVE-2024-12849,7.5,0.00525,"The Error Log Viewer By WP Guru plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1.3 via the wp_ajax_nopriv_elvwp_log_download AJAX action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.",2025-01-07 06:15:17.607,Nuclei
+CVE-2024-13726,0.0,0.00043,"The  Coder  WordPress plugin through 1.3.4 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection",2025-02-17 06:15:12.170,Nuclei
 CVE-2024-1380,5.3,0.00082,"The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relevanssi_export_log_check() function in all versions up to, and including, 4.22.0. This makes it possible for unauthenticated attackers to export the query log data. The vendor has indicated that they may look into adding a capability check for proper authorization control, however, this vulnerability is theoretically patched as is.",2024-03-13 16:15:20.903,Nuclei
 CVE-2024-1483,7.5,0.00311,"A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, allowing attackers to access arbitrary files on the server. By crafting a series of HTTP POST requests with specially crafted 'artifact_location' and 'source' parameters, using a local URI with '#' instead of '?', an attacker can traverse the server's directory structure. The issue occurs due to insufficient validation of user-supplied input in the server's handlers.",2024-04-16 00:15:08.353,Nuclei
 CVE-2024-1512,9.8,0.00084,"The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to union based SQL Injection via the 'user' parameter of the /lms/stm-lms/order/items REST route in all versions up to, and including, 3.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.",2024-02-17 08:15:08.093,Nuclei
@@ -6727,7 +6728,7 @@ CVE-2024-5315,9.1,0.00059,"Vulnerabilities in Dolibarr ERP - CRM that affect ver
 
 viewstatut in /dolibarr/commande/list.php.",2024-05-24 10:15:11.197,Nuclei
 CVE-2024-5334,0.0,0.00059,"A local file read vulnerability exists in the stitionai/devika repository, affecting the latest version. The vulnerability is due to improper handling of the 'snapshot_path' parameter in the '/api/get-browser-snapshot' endpoint. An attacker can exploit this vulnerability by crafting a request with a malicious 'snapshot_path' parameter, leading to arbitrary file read from the system. This issue impacts the security of the application by allowing unauthorized access to sensitive files on the server.",2024-06-27 18:15:20.223,Nuclei
-CVE-2024-53704,0.0,0.00054,An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.,2025-01-09 07:15:27.203,CISA/Nuclei
+CVE-2024-53704,8.2,0.00054,An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.,2025-01-09 07:15:27.203,CISA/Nuclei
 CVE-2024-5420,0.0,0.00059,"Missing input validation in the SEH Computertechnik utnserver Pro, SEH Computertechnik utnserver ProMAX, SEH Computertechnik INU-100 web-interface allows stored Cross-Site Scripting (XSS)..This issue affects utnserver Pro, utnserver ProMAX, INU-100 version 20.1.22 and below.",2024-06-04 08:15:11.170,Nuclei
 CVE-2024-5421,0.0,0.0194,"Missing input validation and OS command integration of the input in the utnserver Pro, utnserver ProMAX, INU-100 web-interface allows authenticated command injection.This issue affects utnserver Pro, utnserver ProMAX, INU-100 version 20.1.22 and below.",2024-06-04 08:15:11.393,Nuclei
 CVE-2024-54330,7.2,0.00049,Server-Side Request Forgery (SSRF) vulnerability in Hep Hep Hurra (HHH) Hurrakify allows Server Side Request Forgery.This issue affects Hurrakify: from n/a through 2.4.,2024-12-13 15:15:40.243,Nuclei

diff --git a/secpatch.ipynb b/secpatch.ipynb
@@ -5,10 +5,10 @@
    "execution_count": 1,
    "metadata": {
     "execution": {
-     "iopub.execute_input": "2025-02-19T01:21:22.883880Z",
-     "iopub.status.busy": "2025-02-19T01:21:22.883711Z",
-     "iopub.status.idle": "2025-02-19T01:21:24.513838Z",
-     "shell.execute_reply": "2025-02-19T01:21:24.513256Z"
+     "iopub.execute_input": "2025-02-19T06:26:21.324378Z",
+     "iopub.status.busy": "2025-02-19T06:26:21.324207Z",
+     "iopub.status.idle": "2025-02-19T06:26:22.100424Z",
+     "shell.execute_reply": "2025-02-19T06:26:22.099872Z"
     }
    },
    "outputs": [],
@@ -33,10 +33,10 @@
    "execution_count": 2,
    "metadata": {
     "execution": {
-     "iopub.execute_input": "2025-02-19T01:21:24.516177Z",
-     "iopub.status.busy": "2025-02-19T01:21:24.515738Z",
-     "iopub.status.idle": "2025-02-19T01:21:24.526558Z",
-     "shell.execute_reply": "2025-02-19T01:21:24.525980Z"
+     "iopub.execute_input": "2025-02-19T06:26:22.102719Z",
+     "iopub.status.busy": "2025-02-19T06:26:22.102281Z",
+     "iopub.status.idle": "2025-02-19T06:26:22.112996Z",
+     "shell.execute_reply": "2025-02-19T06:26:22.112540Z"
     }
    },
    "outputs": [],
@@ -57,10 +57,10 @@
    "execution_count": 3,
    "metadata": {
     "execution": {
-     "iopub.execute_input": "2025-02-19T01:21:24.528539Z",
-     "iopub.status.busy": "2025-02-19T01:21:24.528208Z",
-     "iopub.status.idle": "2025-02-19T01:21:24.541521Z",
-     "shell.execute_reply": "2025-02-19T01:21:24.541092Z"
+     "iopub.execute_input": "2025-02-19T06:26:22.114876Z",
+     "iopub.status.busy": "2025-02-19T06:26:22.114533Z",
+     "iopub.status.idle": "2025-02-19T06:26:22.128045Z",
+     "shell.execute_reply": "2025-02-19T06:26:22.127463Z"
     }
    },
    "outputs": [],
@@ -76,18 +76,18 @@
    "execution_count": 4,
    "metadata": {
     "execution": {
-     "iopub.execute_input": "2025-02-19T01:21:24.543436Z",
-     "iopub.status.busy": "2025-02-19T01:21:24.543011Z",
-     "iopub.status.idle": "2025-02-19T01:21:24.659573Z",
-     "shell.execute_reply": "2025-02-19T01:21:24.658965Z"
+     "iopub.execute_input": "2025-02-19T06:26:22.129829Z",
+     "iopub.status.busy": "2025-02-19T06:26:22.129542Z",
+     "iopub.status.idle": "2025-02-19T06:26:22.245292Z",
+     "shell.execute_reply": "2025-02-19T06:26:22.244721Z"
     }
    },
    "outputs": [
     {
      "name": "stderr",
      "output_type": "stream",
      "text": [
-      "/tmp/ipykernel_4333/298683809.py:5: SettingWithCopyWarning: \n",
+      "/tmp/ipykernel_4277/298683809.py:5: SettingWithCopyWarning: \n",
       "A value is trying to be set on a copy of a slice from a DataFrame.\n",
       "Try using .loc[row_indexer,col_indexer] = value instead\n",
       "\n",
@@ -110,10 +110,10 @@
    "execution_count": 5,
    "metadata": {
     "execution": {
-     "iopub.execute_input": "2025-02-19T01:21:24.693371Z",
-     "iopub.status.busy": "2025-02-19T01:21:24.692966Z",
-     "iopub.status.idle": "2025-02-19T01:21:24.772906Z",
-     "shell.execute_reply": "2025-02-19T01:21:24.772370Z"
+     "iopub.execute_input": "2025-02-19T06:26:22.277909Z",
+     "iopub.status.busy": "2025-02-19T06:26:22.277482Z",
+     "iopub.status.idle": "2025-02-19T06:26:22.357999Z",
+     "shell.execute_reply": "2025-02-19T06:26:22.357437Z"
     }
    },
    "outputs": [],
@@ -127,10 +127,10 @@
    "execution_count": 6,
    "metadata": {
     "execution": {
-     "iopub.execute_input": "2025-02-19T01:21:24.775070Z",
-     "iopub.status.busy": "2025-02-19T01:21:24.774710Z",
-     "iopub.status.idle": "2025-02-19T01:21:48.982948Z",
-     "shell.execute_reply": "2025-02-19T01:21:48.982390Z"
+     "iopub.execute_input": "2025-02-19T06:26:22.360048Z",
+     "iopub.status.busy": "2025-02-19T06:26:22.359871Z",
+     "iopub.status.idle": "2025-02-19T06:26:45.368471Z",
+     "shell.execute_reply": "2025-02-19T06:26:45.367914Z"
     }
    },
    "outputs": [],
@@ -225,10 +225,10 @@
    "execution_count": 7,
    "metadata": {
     "execution": {
-     "iopub.execute_input": "2025-02-19T01:21:48.985233Z",
-     "iopub.status.busy": "2025-02-19T01:21:48.984857Z",
-     "iopub.status.idle": "2025-02-19T01:21:49.192425Z",
-     "shell.execute_reply": "2025-02-19T01:21:49.191837Z"
+     "iopub.execute_input": "2025-02-19T06:26:45.370804Z",
+     "iopub.status.busy": "2025-02-19T06:26:45.370343Z",
+     "iopub.status.idle": "2025-02-19T06:26:45.560499Z",
+     "shell.execute_reply": "2025-02-19T06:26:45.559889Z"
     }
    },
    "outputs": [],