classification enrichment: include cve-id, cvss, cpes, etc

[n3integration]

PR Information

• Updated CVE-2024-31621
• Updated CVE-2024-32399
• Updated CVE-2024-37152
• Updated CVE-2024-37393
• Updated CVE-2024-40348
• Updated CVE-2024-48766
• Updated CVE-2024-55457
• Updated CVE-2024-56325
• Updated CVE-2024-6235
• Updated CVE-2024-6781
• Updated CVE-2024-6782
• Updated CVE-2025-34026
• Updated CVE-2025-34027
• Updated CVE-2025-49596
• Updated CVE-2025-5777

classification enrichment to include (if available):

• cve-id
• cwe-id
• cvss-metrics
• cvss-score
• cpe

Template validation

• Validated with a host running a vulnerable version and/or configuration (True Positive)
• Validated with a host running a patched version and/or configuration (avoid False Positive)

Additional Details (leave it blank if not applicable)

Additional References:

• Nuclei Template Creation Guideline
• Nuclei Template Matcher Guideline
• Nuclei Template Contribution Guideline
• PD-Community Discord server

[neo-by-projectdiscovery-dev]

Neo - Nuclei Template Review

No security issues found

Highlights

• All 15 templates retain complete classification enrichment: cve-id, cwe-id, cvss-metrics, cvss-score, epss-score, and cpe strings
• Zero changes to HTTP matchers, extractors, or vulnerability detection logic across all templates
• File sizes remain consistent with previous review - commits 11b27c8 and 5dcf0a6 appear to contain only minor updates

Hardening Notes

• CVE-2024-37393: Still uses CWE-89 (SQL Injection) for an LDAP injection vulnerability - CWE-90 would be more accurate per MITRE standards
• CVE-2025-5777: Still uses CWE-457 (Uninitialized Variable) - official sources classify as CWE-125 (Out-of-bounds Read) for memory overread
• CVE-2025-34027 and CVE-2025-49596: Still missing cvss-metrics and cvss-score fields, only EPSS data present
• All CVSS scores, EPSS percentiles, and CPE strings continue to align with published NVD and vulnerability database data

_{Comment @pdneo help for available commands. · Open in Neo}