Update CVE sources 2024-08-08 18:49

2025-06-19 17:30:12 +00:00 · 2024-08-08 18:49:29 +00:00 · 2024-08-08 18:49:29 +00:00 · 4bc2a1b403
commit 4bc2a1b403
parent b590cdbb21
160 changed files with 1940 additions and 8 deletions
--- a/2002/CVE-2002-2443.md
+++ b/2002/CVE-2002-2443.md
@ -14,4 +14,5 @@ No PoCs from references.
 #### Github
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/vdanen/vex-reader
--- a/2006/CVE-2006-3211.md
+++ b/2006/CVE-2006-3211.md
@ -0,0 +1,17 @@
 ### [CVE-2006-3211](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3211)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 Cross-site scripting (XSS) vulnerability in sign.php in cjGuestbook 1.3 and earlier allows remote attackers to inject Javascript code via a javascript URI in an img bbcode tag in the comments parameter.
 ### POC
 #### Reference
 - http://securityreason.com/securityalert/1141
 #### Github
 No PoCs found on GitHub currently.
--- a/2006/CVE-2006-5051.md
+++ b/2006/CVE-2006-5051.md
@ -20,6 +20,7 @@ Signal handler race condition in OpenSSH before 4.4 allows remote attackers to c
 - https://github.com/ThemeHackers/CVE-2024-6387
 - https://github.com/azurejoga/CVE-2024-6387-how-to-fix
 - https://github.com/bigb0x/CVE-2024-6387
 - https://github.com/giterlizzi/secdb-feeds
 - https://github.com/invaderslabs/regreSSHion-CVE-2024-6387-
 - https://github.com/kalvin-net/NoLimit-Secu-RegreSSHion
 - https://github.com/nomi-sec/PoC-in-GitHub
--- a/2008/CVE-2008-3835.md
+++ b/2008/CVE-2008-3835.md
@ -10,6 +10,7 @@ The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17
 ### POC
 #### Reference
 - http://www.ubuntu.com/usn/usn-647-1
 - https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9643
 #### Github
--- a/2008/CVE-2008-4058.md
+++ b/2008/CVE-2008-4058.md
@ -11,6 +11,7 @@ The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2,
 #### Reference
 - http://www.redhat.com/support/errata/RHSA-2008-0879.html
 - http://www.ubuntu.com/usn/usn-647-1
 - https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9679
 #### Github
--- a/2008/CVE-2008-4059.md
+++ b/2008/CVE-2008-4059.md
@ -10,6 +10,7 @@ The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attacke
 ### POC
 #### Reference
 - http://www.ubuntu.com/usn/usn-647-1
 - https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9529
 #### Github
--- a/2008/CVE-2008-4060.md
+++ b/2008/CVE-2008-4060.md
@ -11,6 +11,7 @@ Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.1
 #### Reference
 - http://www.redhat.com/support/errata/RHSA-2008-0879.html
 - http://www.ubuntu.com/usn/usn-647-1
 #### Github
 No PoCs found on GitHub currently.
--- a/2008/CVE-2008-4061.md
+++ b/2008/CVE-2008-4061.md
@ -11,6 +11,7 @@ Integer overflow in the MathML component in Mozilla Firefox before 2.0.0.17 and
 #### Reference
 - http://www.redhat.com/support/errata/RHSA-2008-0879.html
 - http://www.ubuntu.com/usn/usn-647-1
 #### Github
 No PoCs found on GitHub currently.
--- a/2008/CVE-2008-4062.md
+++ b/2008/CVE-2008-4062.md
@ -11,6 +11,7 @@ Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.17 and 3.x
 #### Reference
 - http://www.redhat.com/support/errata/RHSA-2008-0879.html
 - http://www.ubuntu.com/usn/usn-647-1
 #### Github
 No PoCs found on GitHub currently.
--- a/2008/CVE-2008-4063.md
+++ b/2008/CVE-2008-4063.md
@ -11,6 +11,7 @@ Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow r
 #### Reference
 - http://www.redhat.com/support/errata/RHSA-2008-0879.html
 - http://www.ubuntu.com/usn/usn-647-1
 #### Github
 No PoCs found on GitHub currently.
--- a/2008/CVE-2008-4064.md
+++ b/2008/CVE-2008-4064.md
@ -11,6 +11,7 @@ Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow r
 #### Reference
 - http://www.redhat.com/support/errata/RHSA-2008-0879.html
 - http://www.ubuntu.com/usn/usn-647-1
 - https://bugzilla.mozilla.org/show_bug.cgi?id=441995
 #### Github
--- a/2008/CVE-2008-4065.md
+++ b/2008/CVE-2008-4065.md
@ -11,6 +11,7 @@ Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.1
 #### Reference
 - http://www.redhat.com/support/errata/RHSA-2008-0879.html
 - http://www.ubuntu.com/usn/usn-647-1
 #### Github
 No PoCs found on GitHub currently.
--- a/2008/CVE-2008-4066.md
+++ b/2008/CVE-2008-4066.md
@ -0,0 +1,17 @@
 ### [CVE-2008-4066](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4066)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=%3D%20n%2Fa%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via HTML-escaped low surrogate characters that are ignored by the HTML parser, as demonstrated by a "jav&#56325ascript" sequence, aka "HTML escaped low surrogates bug."
 ### POC
 #### Reference
 - http://www.ubuntu.com/usn/usn-647-1
 #### Github
 No PoCs found on GitHub currently.
--- a/2008/CVE-2008-4067.md
+++ b/2008/CVE-2008-4067.md
@ -11,6 +11,7 @@ Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x bef
 #### Reference
 - http://www.redhat.com/support/errata/RHSA-2008-0879.html
 - http://www.ubuntu.com/usn/usn-647-1
 #### Github
 No PoCs found on GitHub currently.
--- a/2008/CVE-2008-4068.md
+++ b/2008/CVE-2008-4068.md
@ -11,6 +11,7 @@ Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x bef
 #### Reference
 - http://www.redhat.com/support/errata/RHSA-2008-0879.html
 - http://www.ubuntu.com/usn/usn-647-1
 #### Github
 No PoCs found on GitHub currently.
--- a/2008/CVE-2008-4070.md
+++ b/2008/CVE-2008-4070.md
@ -0,0 +1,17 @@
 ### [CVE-2008-4070](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4070)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=%3D%20n%2Fa%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long header in a news article, related to "canceling [a] newsgroup message" and "cancelled newsgroup messages."
 ### POC
 #### Reference
 - http://www.ubuntu.com/usn/usn-647-1
 #### Github
 No PoCs found on GitHub currently.
--- a/2009/CVE-2009-1042.md
+++ b/2009/CVE-2009-1042.md
@ -0,0 +1,17 @@
 ### [CVE-2009-1042](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1042)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 Unspecified vulnerability in Apple Safari on Mac OS X 10.5.6 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.
 ### POC
 #### Reference
 - http://www.h-online.com/security/Pwn2Own-2009-Safari-IE-8-and-Firefox-exploited--/news/112889
 #### Github
 No PoCs found on GitHub currently.
--- a/2009/CVE-2009-1043.md
+++ b/2009/CVE-2009-1043.md
@ -0,0 +1,17 @@
 ### [CVE-2009-1043](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1043)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.
 ### POC
 #### Reference
 - http://www.h-online.com/security/Pwn2Own-2009-Safari-IE-8-and-Firefox-exploited--/news/112889
 #### Github
 No PoCs found on GitHub currently.
--- a/2009/CVE-2009-1044.md
+++ b/2009/CVE-2009-1044.md
@ -10,6 +10,7 @@ Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute arbitrary
 ### POC
 #### Reference
 - http://www.h-online.com/security/Pwn2Own-2009-Safari-IE-8-and-Firefox-exploited--/news/112889
 - https://bugzilla.mozilla.org/show_bug.cgi?id=484320
 #### Github
--- a/2009/CVE-2009-2477.md
+++ b/2009/CVE-2009-2477.md
@ -12,6 +12,7 @@ js/src/jstracer.cpp in the Just-in-time (JIT) JavaScript compiler (aka TraceMonk
 #### Reference
 - http://blog.mozilla.com/security/2009/07/14/critical-javascript-vulnerability-in-firefox-35/
 - http://isc.sans.org/diary.html?storyid=6796
 - http://www.h-online.com/security/First-Zero-Day-Exploit-for-Firefox-3-5--/news/113761
 - http://www.kb.cert.org/vuls/id/443060
 - https://www.exploit-db.com/exploits/40936/
--- a/2009/CVE-2009-2966.md
+++ b/2009/CVE-2009-2966.md
@ -0,0 +1,17 @@
 ### [CVE-2009-2966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2966)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 avp.exe in Kaspersky Internet Security 9.0.0.459 and Anti-Virus 9.0.0.463 allows remote attackers to cause a denial of service (CPU consumption and network connectivity loss) via an HTTP URL request that contains a large number of dot "." characters.
 ### POC
 #### Reference
 - http://www.h-online.com/security/Kaspersky-confirm-and-close-DoS-vulnerability--/news/114077
 #### Github
 No PoCs found on GitHub currently.
--- a/2009/CVE-2009-3878.md
+++ b/2009/CVE-2009-3878.md
@ -0,0 +1,17 @@
 ### [CVE-2009-3878](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3878)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 Buffer overflow in Sun Java System Web Server 7.0 Update 6 has unspecified impact and remote attack vectors, as demonstrated by the vd_sjws module in VulnDisco Pack Professional 8.12.  NOTE: as of 20091105, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
 ### POC
 #### Reference
 - http://www.h-online.com/security/news/item/Alleged-critical-vulnerability-in-Sun-Java-System-Web-Server-839598.html
 #### Github
 No PoCs found on GitHub currently.
--- a/2009/CVE-2009-3978.md
+++ b/2009/CVE-2009-3978.md
@ -0,0 +1,17 @@
 ### [CVE-2009-3978](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3978)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 The nsGIFDecoder2::GifWrite function in decoders/gif/nsGIFDecoder2.cpp in libpr0n in Mozilla Firefox before 3.5.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an animated GIF file with a large image size, a different vulnerability than CVE-2009-3373.
 ### POC
 #### Reference
 - http://www.h-online.com/open/news/item/Mozilla-fixes-critical-bugs-with-Firefox-3-5-5-852070.html
 #### Github
 No PoCs found on GitHub currently.
--- a/2010/CVE-2010-0221.md
+++ b/2010/CVE-2010-0221.md
@ -0,0 +1,17 @@
 ### [CVE-2010-0221](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0221)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy Edition (DTSP), and DataTraveler Elite Privacy Edition (DTEP) USB flash drives validate passwords with a program running on the host computer rather than the device hardware, which allows physically proximate attackers to access the cleartext drive contents via a modified program.
 ### POC
 #### Reference
 - http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html
 #### Github
 No PoCs found on GitHub currently.
--- a/2010/CVE-2010-0222.md
+++ b/2010/CVE-2010-0222.md
@ -0,0 +1,17 @@
 ### [CVE-2010-0222](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0222)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy Edition (DTSP), and DataTraveler Elite Privacy Edition (DTEP) USB flash drives use a fixed 256-bit key for obtaining access to the cleartext drive contents, which makes it easier for physically proximate attackers to read or modify data by determining and providing this key.
 ### POC
 #### Reference
 - http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html
 #### Github
 No PoCs found on GitHub currently.
--- a/2010/CVE-2010-0224.md
+++ b/2010/CVE-2010-0224.md
@ -0,0 +1,17 @@
 ### [CVE-2010-0224](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0224)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 SanDisk Cruzer Enterprise USB flash drives validate passwords with a program running on the host computer rather than the device hardware, which allows physically proximate attackers to access the cleartext drive contents via a modified program.
 ### POC
 #### Reference
 - http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html
 #### Github
 No PoCs found on GitHub currently.
--- a/2010/CVE-2010-0225.md
+++ b/2010/CVE-2010-0225.md
@ -0,0 +1,17 @@
 ### [CVE-2010-0225](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0225)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 SanDisk Cruzer Enterprise USB flash drives use a fixed 256-bit key for obtaining access to the cleartext drive contents, which makes it easier for physically proximate attackers to read or modify data by determining and providing this key.
 ### POC
 #### Reference
 - http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html
 #### Github
 No PoCs found on GitHub currently.
--- a/2010/CVE-2010-0227.md
+++ b/2010/CVE-2010-0227.md
@ -0,0 +1,17 @@
 ### [CVE-2010-0227](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0227)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash drives validate passwords with a program running on the host computer rather than the device hardware, which allows physically proximate attackers to access the cleartext drive contents via a modified program.
 ### POC
 #### Reference
 - http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html
 #### Github
 No PoCs found on GitHub currently.
--- a/2010/CVE-2010-0228.md
+++ b/2010/CVE-2010-0228.md
@ -0,0 +1,17 @@
 ### [CVE-2010-0228](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0228)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash drives use a fixed 256-bit key for obtaining access to the cleartext drive contents, which makes it easier for physically proximate attackers to read or modify data by determining and providing this key.
 ### POC
 #### Reference
 - http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html
 #### Github
 No PoCs found on GitHub currently.
--- a/2010/CVE-2010-0832.md
+++ b/2010/CVE-2010-0832.md
@ -0,0 +1,17 @@
 ### [CVE-2010-0832](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0832)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 pam_motd (aka the MOTD module) in libpam-modules before 1.1.0-2ubuntu1.1 in PAM on Ubuntu 9.10 and libpam-modules before 1.1.1-2ubuntu5 in PAM on Ubuntu 10.04 LTS allows local users to change the ownership of arbitrary files via a symlink attack on .cache in a user's home directory, related to "user file stamps" and the motd.legal-notice file.
 ### POC
 #### Reference
 - http://www.h-online.com/security/news/item/Ubuntu-closes-root-hole-1034618.html
 #### Github
 No PoCs found on GitHub currently.
--- a/2012/CVE-2012-0830.md
+++ b/2012/CVE-2012-0830.md
@ -11,6 +11,7 @@ The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows rem
 #### Reference
 - http://thexploit.com/sec/critical-php-remote-vulnerability-introduced-in-fix-for-php-hashtable-collision-dos/
 - http://www.h-online.com/security/news/item/Critical-PHP-vulnerability-being-fixed-1427316.html
 - https://gist.github.com/1725489
 #### Github
--- a/2012/CVE-2012-1557.md
+++ b/2012/CVE-2012-1557.md
@ -0,0 +1,17 @@
 ### [CVE-2012-1557](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1557)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 SQL injection vulnerability in admin/plib/api-rpc/Agent.php in Parallels Plesk Panel 7.x and 8.x before 8.6 MU#2, 9.x before 9.5 MU#11, 10.0.x before MU#13, 10.1.x before MU#22, 10.2.x before MU#16, and 10.3.x before MU#5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in March 2012.
 ### POC
 #### Reference
 - http://www.h-online.com/security/news/item/Bug-in-Plesk-administration-software-is-being-actively-exploited-1446587.html
 #### Github
 No PoCs found on GitHub currently.
--- a/2012/CVE-2012-3137.md
+++ b/2012/CVE-2012-3137.md
@ -21,6 +21,7 @@ The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0
 - https://github.com/CVEDB/PoC-List
 - https://github.com/CVEDB/awesome-cve-repo
 - https://github.com/L34kl0ve/WNMAP
 - https://github.com/burnt11235/burnt11235
 - https://github.com/hantwister/o5logon-fetch
 - https://github.com/jakuta-tech/WNMAP
 - https://github.com/quentinhardy/odat
--- a/2012/CVE-2012-3716.md
+++ b/2012/CVE-2012-3716.md
@ -16,6 +16,7 @@ No PoCs from references.
 - https://github.com/0x90/wifi-arsenal
 - https://github.com/0xbitx/wifi-hacking-tools
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/Bitsonwheels/macos-wifi-hacking-tools
 - https://github.com/CVEDB/PoC-List
 - https://github.com/CVEDB/awesome-cve-repo
 - https://github.com/Gafikari/wifi-hacking-tools
--- a/2017/CVE-2017-20069.md
+++ b/2017/CVE-2017-20069.md
@ -10,6 +10,7 @@ A vulnerability classified as critical has been found in Hindu Matrimonial Scrip
 ### POC
 #### Reference
 - https://vuldb.com/?id.95409
 - https://www.exploit-db.com/exploits/41044/
 #### Github
--- a/2017/CVE-2017-7269.md
+++ b/2017/CVE-2017-7269.md
@ -47,6 +47,7 @@ Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in In
 - https://github.com/SexyBeast233/SecBooks
 - https://github.com/ThanHuuTuan/CVE-2017-7269
 - https://github.com/Tyro-Shan/gongkaishouji
 - https://github.com/VanishedPeople/CVE-2017-7269
 - https://github.com/YIXINSHUWU/Penetration_Testing_POC
 - https://github.com/ZTK-009/Penetration_PoC
 - https://github.com/ZTK-009/RedTeamer
--- a/2018/CVE-2018-9995.md
+++ b/2018/CVE-2018-9995.md
@ -96,6 +96,7 @@ TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in
 - https://github.com/weeka10/-hktalent-TOP
 - https://github.com/withmasday/HTC
 - https://github.com/wj158/snowwolf-script
 - https://github.com/wmasday/HTC
 - https://github.com/wr0x00/Lizard
 - https://github.com/wr0x00/Lsploit
 - https://github.com/xbl3/awesome-cve-poc_qazbnm456
--- a/2019/CVE-2019-19851.md
+++ b/2019/CVE-2019-19851.md
@ -10,6 +10,7 @@ An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and
 ### POC
 #### Reference
 - https://wiki.freepbx.org/display/FOP/2020-01-09+XSS+Injection+vulnerability+in+Superfecta+Module
 - https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities
 #### Github
--- a/2020/CVE-2020-11034.md
+++ b/2020/CVE-2020-11034.md
@ -14,6 +14,7 @@ In GLPI before version 9.4.6, there is a vulnerability that allows bypassing the
 No PoCs from references.
 #### Github
 - https://github.com/20142995/nuclei-templates
 - https://github.com/ARPSyndicate/kenzer-templates
 - https://github.com/Elsfa7-110/kenzer-templates
 - https://github.com/d4n-sec/d4n-sec.github.io
--- a/2020/CVE-2020-14179.md
+++ b/2020/CVE-2020-14179.md
@ -13,6 +13,7 @@ Affected versions of Atlassian Jira Server and Data Center allow remote, unauthe
 No PoCs from references.
 #### Github
 - https://github.com/20142995/nuclei-templates
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/ARPSyndicate/kenzer-templates
 - https://github.com/Elsfa7-110/kenzer-templates
--- a/2020/CVE-2020-29164.md
+++ b/2020/CVE-2020-29164.md
@ -13,6 +13,7 @@ PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by cross-site sc
 - https://gist.github.com/leommxj/0a32afeeaac960682c5b7c9ca8ed070d
 #### Github
 - https://github.com/20142995/nuclei-templates
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/ARPSyndicate/kenzer-templates
 - https://github.com/Elsfa7-110/kenzer-templates
--- a/2020/CVE-2020-4463.md
+++ b/2020/CVE-2020-4463.md
@ -14,6 +14,7 @@ No PoCs from references.
 #### Github
 - https://github.com/0xT11/CVE-POC
 - https://github.com/20142995/nuclei-templates
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/ARPSyndicate/kenzer-templates
 - https://github.com/EdgeSecurityTeam/Vulnerability
--- a/2021/CVE-2021-28918.md
+++ b/2021/CVE-2021-28918.md
@ -14,6 +14,7 @@ Improper input validation of octal strings in netmask npm package v1.0.6 and bel
 - https://www.bleepingcomputer.com/news/security/critical-netmask-networking-bug-impacts-thousands-of-applications/
 #### Github
 - https://github.com/20142995/nuclei-templates
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/ARPSyndicate/kenzer-templates
 - https://github.com/DNTYO/F5_Vulnerability
--- a/2021/CVE-2021-32030.md
+++ b/2021/CVE-2021-32030.md
@ -14,6 +14,7 @@ No PoCs from references.
 #### Github
 - https://github.com/0day404/vulnerability-poc
 - https://github.com/20142995/nuclei-templates
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/ARPSyndicate/kenzer-templates
 - https://github.com/EdgeSecurityTeam/Vulnerability
--- a/2022/CVE-2022-1617.md
+++ b/2022/CVE-2022-1617.md
@ -14,5 +14,5 @@ The WP-Invoice WordPress plugin through 4.3.1 does not have CSRF check in place
 - https://wpscan.com/vulnerability/7e40e506-ad02-44ca-9d21-3634f3907aad/
 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/20142995/nuclei-templates
--- a/2023/CVE-2023-0285.md
+++ b/2023/CVE-2023-0285.md
@ -13,5 +13,5 @@ The Real Media Library WordPress plugin before 4.18.29 does not sanitise and esc
 - https://wpscan.com/vulnerability/adf09e29-baf5-4426-a281-6763c107d348
 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/20142995/nuclei-templates
--- a/2023/CVE-2023-2163.md
+++ b/2023/CVE-2023-2163.md
@ -15,7 +15,11 @@ No PoCs from references.
 #### Github
 - https://github.com/Dikens88/hopp
 - https://github.com/Snoopy-Sec/Localroot-ALL-CVE
 - https://github.com/aobakwewastaken/aobakwewastaken
 - https://github.com/carmilea/carmilea
 - https://github.com/google/buzzer
 - https://github.com/google/security-research
 - https://github.com/kherrick/hacker-news
 - https://github.com/phixion/phixion
 - https://github.com/shannonmullins/hopp
--- a/2023/CVE-2023-31355.md
+++ b/2023/CVE-2023-31355.md
@ -0,0 +1,21 @@
 ### [CVE-2023-31355](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31355)
 ![](https://img.shields.io/static/v1?label=Product&message=3rd%20Gen%20AMD%20EPYC%E2%84%A2%20Processors&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=4th%20Gen%20AMD%20EPYC%E2%84%A2%20Processors&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=AMD%20EPYC%E2%84%A2%20Embedded%207003&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=AMD%20EPYC%E2%84%A2%20Embedded%209003&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-119%20Improper%20Restriction%20of%20Operations%20within%20the%20Bounds%20of%20a%20Memory%20Buffer&color=brighgreen)
 ### Description
 Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest's UMC seed potentially allowing reading of memory from a decommissioned guest.
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/Freax13/cve-2024-21980-poc
 - https://github.com/nomi-sec/PoC-in-GitHub
--- a/2023/CVE-2023-3597.md
+++ b/2023/CVE-2023-3597.md
@ -1,6 +1,5 @@
 ### [CVE-2023-3597](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3597)
 ![](https://img.shields.io/static/v1?label=Product&message=RHSSO%207.6.8&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Single%20Sign-On%207&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Keycloak%2022&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Keycloak%2022.0.10&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
--- a/2023/CVE-2023-39517.md
+++ b/2023/CVE-2023-39517.md
@ -0,0 +1,17 @@
 ### [CVE-2023-39517](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39517)
 ![](https://img.shields.io/static/v1?label=Product&message=joplin&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%202.12.8%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen)
 ### Description
 Joplin is a free, open source note taking and to-do application. A Cross site scripting (XSS) vulnerability in affected versions allows clicking on an untrusted image link to execute arbitrary shell commands. The HTML sanitizer (`packages/renderer/htmlUtils.ts::sanitizeHtml`) preserves `<map>` `<area>` links. However, unlike `<a>` links, the `target` and `href` attributes are not removed. Additionally, because the note preview pane isn't sandboxed to prevent top navigation, links with `target` set to `_top` can replace the toplevel electron page. Because any toplevel electron page, with Joplin's setup, has access to `require` and can require node libraries, a malicious replacement toplevel page can import `child_process` and execute arbitrary shell commands. This issue has been fixed in commit 7c52c3e9a81a52ef1b42a951f9deb9d378d59b0f which is included in release version 2.12.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.
 ### POC
 #### Reference
 - https://github.com/laurent22/joplin/security/advisories/GHSA-2h88-m32f-qh5m
 #### Github
 No PoCs found on GitHub currently.
--- a/2023/CVE-2023-43654.md
+++ b/2023/CVE-2023-43654.md
@ -14,6 +14,7 @@ TorchServe is a tool for serving and scaling PyTorch models in production. Torch
 #### Github
 - https://github.com/OligoCyberSecurity/ShellTorchChecker
 - https://github.com/giterlizzi/secdb-feeds
 - https://github.com/leoambrus/CheckersNomisec
 - https://github.com/mdisec/mdisec-twitch-yayinlari
 - https://github.com/nomi-sec/PoC-in-GitHub
--- a/2023/CVE-2023-45229.md
+++ b/2023/CVE-2023-45229.md
@ -14,5 +14,6 @@ EDK2's Network Package is susceptible to an out-of-bounds read vulnerability whe
 #### Github
 - https://github.com/1490kdrm/vuln_BIOs
 - https://github.com/opencomputeproject/OCP-OSF-Aptio_Community_Edition
 - https://github.com/quarkslab/pixiefail
--- a/2023/CVE-2023-45230.md
+++ b/2023/CVE-2023-45230.md
@ -15,5 +15,6 @@
 #### Github
 - https://github.com/1490kdrm/vuln_BIOs
 - https://github.com/fkie-cad/nvd-json-data-feeds
 - https://github.com/opencomputeproject/OCP-OSF-Aptio_Community_Edition
 - https://github.com/quarkslab/pixiefail
--- a/2023/CVE-2023-45231.md
+++ b/2023/CVE-2023-45231.md
@ -14,5 +14,6 @@ EDK2's Network Package is susceptible to an out-of-bounds read vulnerability whe
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
 - https://github.com/opencomputeproject/OCP-OSF-Aptio_Community_Edition
 - https://github.com/quarkslab/pixiefail
--- a/2023/CVE-2023-45232.md
+++ b/2023/CVE-2023-45232.md
@ -15,5 +15,6 @@
 #### Github
 - https://github.com/1490kdrm/vuln_BIOs
 - https://github.com/fkie-cad/nvd-json-data-feeds
 - https://github.com/opencomputeproject/OCP-OSF-Aptio_Community_Edition
 - https://github.com/quarkslab/pixiefail
--- a/2023/CVE-2023-45233.md
+++ b/2023/CVE-2023-45233.md
@ -14,5 +14,6 @@
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
 - https://github.com/opencomputeproject/OCP-OSF-Aptio_Community_Edition
 - https://github.com/quarkslab/pixiefail
--- a/2023/CVE-2023-45234.md
+++ b/2023/CVE-2023-45234.md
@ -15,5 +15,6 @@
 #### Github
 - https://github.com/1490kdrm/vuln_BIOs
 - https://github.com/fkie-cad/nvd-json-data-feeds
 - https://github.com/opencomputeproject/OCP-OSF-Aptio_Community_Edition
 - https://github.com/quarkslab/pixiefail
--- a/2023/CVE-2023-45235.md
+++ b/2023/CVE-2023-45235.md
@ -14,5 +14,6 @@
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
 - https://github.com/opencomputeproject/OCP-OSF-Aptio_Community_Edition
 - https://github.com/quarkslab/pixiefail
--- a/2023/CVE-2023-45236.md
+++ b/2023/CVE-2023-45236.md
@ -14,4 +14,5 @@ No PoCs from references.
 #### Github
 - https://github.com/1490kdrm/vuln_BIOs
 - https://github.com/opencomputeproject/OCP-OSF-Aptio_Community_Edition
--- a/2023/CVE-2023-45237.md
+++ b/2023/CVE-2023-45237.md
@ -14,4 +14,5 @@ No PoCs from references.
 #### Github
 - https://github.com/1490kdrm/vuln_BIOs
 - https://github.com/opencomputeproject/OCP-OSF-Aptio_Community_Edition
--- a/2023/CVE-2023-47238.md
+++ b/2023/CVE-2023-47238.md
@ -0,0 +1,17 @@
 ### [CVE-2023-47238](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47238)
 ![](https://img.shields.io/static/v1?label=Product&message=Top%2010%20%E2%80%93%20WordPress%20Popular%20posts%20by%20WebberZone&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen)
 ### Description
 Cross-Site Request Forgery (CSRF) vulnerability in WebberZone Top 10 – WordPress Popular posts by WebberZone plugin <= 3.3.2 versions.
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/20142995/nuclei-templates
--- a/2023/CVE-2023-5488.md
+++ b/2023/CVE-2023-5488.md
@ -10,6 +10,7 @@ A vulnerability was found in Byzoro Smart S45F Multi-Service Secure Gateway Inte
 ### POC
 #### Reference
 - https://github.com/llixixi/cve/blob/main/s45_upload_%20updatelib.md
 - https://vuldb.com/?id.241640
 #### Github
--- a/2024/CVE-2024-1086.md
+++ b/2024/CVE-2024-1086.md
@ -20,9 +20,11 @@ A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables compon
 - https://github.com/Alicey0719/docker-POC_CVE-2024-1086
 - https://github.com/BachoSeven/stellestelline
 - https://github.com/CCIEVoice2009/CVE-2024-1086
 - https://github.com/Disturbante/Linux-Pentest
 - https://github.com/EGI-Federation/SVG-advisories
 - https://github.com/GhostTroops/TOP
 - https://github.com/Hiimsonkul/Hiimsonkul
 - https://github.com/Jappie3/starred
 - https://github.com/Notselwyn/CVE-2024-1086
 - https://github.com/Notselwyn/exploits
 - https://github.com/Notselwyn/notselwyn
--- a/2024/CVE-2024-21302.md
+++ b/2024/CVE-2024-21302.md
@ -0,0 +1,32 @@
 ### [CVE-2024-21302](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21302)
 ![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201507&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201607&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201809&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2021H2&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2022H2&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2023H2&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2024H2&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2021H2&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H2&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H3&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016%20(Server%20Core%20installation)&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019%20(Server%20Core%20installation)&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022%2C%2023H2%20Edition%20(Server%20Core%20installation)&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=%3D%20N%2FA%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%3A%20Improper%20Access%20Control&color=brighgreen)
 ### Description
 Summary:Microsoft was notified that an elevation of privilege vulnerability exists in Windows based systems supporting Virtualization Based Security (VBS) including a subset of Azure Virtual Machine SKUS; enabling an attacker with administrator privileges to replace current versions of Windows system files with outdated versions. By exploiting this vulnerability, an attacker could reintroduce previously mitigated vulnerabilities, circumvent some features of VBS, and exfiltrate data protected by VBS.Microsoft is developing a security update to mitigate this threat, but it is not yet available. Guidance to help customers reduce the risks associated with this vulnerability and to protect their systems until the mitigation is available in a Windows security update is provided in the Recommended Actions section of this CVE.This CVE will be updated when the mitigation is available in a Windows security update. We highly encourage customers to subscribe to Security Update Guide notifications to receive an alert when this update occurs.
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
--- a/2024/CVE-2024-21978.md
+++ b/2024/CVE-2024-21978.md
@ -0,0 +1,21 @@
 ### [CVE-2024-21978](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21978)
 ![](https://img.shields.io/static/v1?label=Product&message=3rd%20Gen%20AMD%20EPYC%E2%84%A2%20Processors&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=4th%20Gen%20AMD%20EPYC%E2%84%A2%20Processors&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=AMD%20EPYC%E2%84%A2%20Embedded%207003&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=AMD%20EPYC%E2%84%A2%20Embedded%209003&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%20Improper%20Input%20Validation&color=brighgreen)
 ### Description
 Improper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to data leakage or data corruption.
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/Freax13/cve-2024-21978-poc
 - https://github.com/nomi-sec/PoC-in-GitHub
--- a/2024/CVE-2024-21980.md
+++ b/2024/CVE-2024-21980.md
@ -0,0 +1,21 @@
 ### [CVE-2024-21980](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21980)
 ![](https://img.shields.io/static/v1?label=Product&message=3rd%20Gen%20AMD%20EPYC%E2%84%A2%20Processors&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=4th%20Gen%20AMD%20EPYC%E2%84%A2%20Processors&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=AMD%20EPYC%E2%84%A2%20Embedded%207003&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=AMD%20EPYC%E2%84%A2%20Embedded%209003&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-119%20Improper%20Restriction%20of%20Operations%20within%20the%20Bounds%20of%20a%20Memory%20Buffer&color=brighgreen)
 ### Description
 Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest's memory or UMC seed resulting in loss of confidentiality and integrity.
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/Freax13/cve-2024-21980-poc
 - https://github.com/nomi-sec/PoC-in-GitHub
--- a/2024/CVE-2024-2800.md
+++ b/2024/CVE-2024-2800.md
@ -0,0 +1,17 @@
 ### [CVE-2024-2800](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2800)
 ![](https://img.shields.io/static/v1?label=Product&message=GitLab&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=11.3%3C%2017.0.6%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%3A%20Uncontrolled%20Resource%20Consumption&color=brighgreen)
 ### Description
 ReDoS flaw in RefMatcher when matching branch names using wildcards in GitLab EE/CE affecting all versions from 11.3 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allows denial of service via Regex backtracking.
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
--- a/2024/CVE-2024-30078.md
+++ b/2024/CVE-2024-30078.md
@ -52,6 +52,7 @@ No PoCs from references.
 #### Github
 - https://github.com/0xMarcio/cve
 - https://github.com/GhostTroops/TOP
 - https://github.com/Jappie3/starred
 - https://github.com/blkph0x/CVE_2024_30078_POC_WIFI
 - https://github.com/enomothem/PenTestNote
 - https://github.com/lvyitian/CVE-2024-30078-
--- a/2024/CVE-2024-3035.md
+++ b/2024/CVE-2024-3035.md
@ -0,0 +1,17 @@
 ### [CVE-2024-3035](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3035)
 ![](https://img.shields.io/static/v1?label=Product&message=GitLab&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=8.12%3C%2017.0.6%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-639%3A%20Authorization%20Bypass%20Through%20User-Controlled%20Key&color=brighgreen)
 ### Description
 A permission check vulnerability in GitLab CE/EE affecting all versions starting from 8.12 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2  allowed for LFS tokens to read and write to the user owned repositories.
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
--- a/2024/CVE-2024-3094.md
+++ b/2024/CVE-2024-3094.md
@ -36,6 +36,7 @@ Malicious code was discovered in the upstream tarballs of xz, starting with vers
 - https://github.com/HaveFun83/awesome-stars
 - https://github.com/Horizon-Software-Development/CVE-2024-3094
 - https://github.com/JVS23/cybsec-project-2024
 - https://github.com/Jappie3/starred
 - https://github.com/JonathanSiemering/stars
 - https://github.com/Juul/xz-backdoor-scan
 - https://github.com/MagpieRYL/CVE-2024-3094-backdoor-env-container
--- a/2024/CVE-2024-3114.md
+++ b/2024/CVE-2024-3114.md
@ -0,0 +1,17 @@
 ### [CVE-2024-3114](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3114)
 ![](https://img.shields.io/static/v1?label=Product&message=GitLab&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=11.10%3C%2017.0.6%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%3A%20Uncontrolled%20Resource%20Consumption&color=brighgreen)
 ### Description
 An issue was discovered in GitLab CE/EE affecting all versions starting from 11.10 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2, with the processing logic for parsing invalid commits can lead to a regular expression DoS attack on the server.
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
--- a/2024/CVE-2024-3219.md
+++ b/2024/CVE-2024-3219.md
@ -1,6 +1,6 @@
 ### [CVE-2024-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3219)
 ![](https://img.shields.io/static/v1?label=Product&message=CPython&color=blue)
-![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.13.0rc1%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.12.5%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
--- a/2024/CVE-2024-3359.md
+++ b/2024/CVE-2024-3359.md
@ -10,7 +10,7 @@ A vulnerability, which was classified as critical, has been found in SourceCodes
 ### POC
 #### Reference
-No PoCs from references.
+- https://vuldb.com/?id.259463
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
--- a/2024/CVE-2024-3400.md
+++ b/2024/CVE-2024-3400.md
@ -20,6 +20,7 @@ A command injection as a result of arbitrary file creation vulnerability in the
 - https://github.com/0x0d3ad/CVE-2024-3400
 - https://github.com/0xMarcio/cve
 - https://github.com/0xr2r/CVE-2024-3400-Palo-Alto-OS-Command-Injection
 - https://github.com/20142995/nuclei-templates
 - https://github.com/AdaniKamal/CVE-2024-3400
 - https://github.com/CONDITIONBLACK/CVE-2024-3400-POC
 - https://github.com/CerTusHack/CVE-2024-3400-PoC
--- a/2024/CVE-2024-3727.md
+++ b/2024/CVE-2024-3727.md
@ -15,6 +15,7 @@
 ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%203.11&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204.14&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204.15&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204.16&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%20Assisted%20Installer&color=blue)
--- a/2024/CVE-2024-37664.md
+++ b/2024/CVE-2024-37664.md
@ -0,0 +1,17 @@
 ### [CVE-2024-37664](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37664)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 Redmi router RB03 v1.0.57 is vulnerable to TCP DoS or hijacking attacks. An attacker in the same WLAN as the victim can disconnect or hijack the traffic between the victim and any remote server by sending out forged TCP RST messages to evict NAT mappings in the router.
 ### POC
 #### Reference
 - https://github.com/ouuan/router-vuln-report/blob/master/nat-rst/redmi-rb03-nat-rst.md
 #### Github
 No PoCs found on GitHub currently.
--- a/2024/CVE-2024-38166.md
+++ b/2024/CVE-2024-38166.md
@ -0,0 +1,17 @@
 ### [CVE-2024-38166](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38166)
 ![](https://img.shields.io/static/v1?label=Product&message=Dynamics%20CRM%20Service%20Portal%20Web%20Resource&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=%3D%20N%2FA%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen)
 ### Description
 An unauthenticated attacker can exploit improper neutralization of input during web page generation in Microsoft Dynamics 365 to spoof over a network by tricking a user to click on a link.
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
--- a/2024/CVE-2024-38202.md
+++ b/2024/CVE-2024-38202.md
@ -0,0 +1,30 @@
 ### [CVE-2024-38202](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38202)
 ![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201607&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201809&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2021H2&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2022H2&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2023H2&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2021H2&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H2&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H3&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016%20(Server%20Core%20installation)&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019%20(Server%20Core%20installation)&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022%2C%2023H2%20Edition%20(Server%20Core%20installation)&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=%3D%20N%2FA%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%3A%20Improper%20Access%20Control&color=brighgreen)
 ### Description
 SummaryMicrosoft was notified that an elevation of privilege vulnerability exists in Windows Backup, potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of Virtualization Based Security (VBS). However, an attacker attempting to exploit this vulnerability requires additional interaction by a privileged user to be successful.Microsoft is developing a security update to mitigate this threat, but it is not yet available. Guidance to help customers reduce the risks associated with this vulnerability and to protect their systems until the mitigation is available in a Windows security update is provided in the Recommended Actions section of this CVE.This CVE will be updated, and customers will be notified when the official mitigation is available in a Windows security update. We highly encourage customers to subscribe to Security Update Guide notifications to receive an alert when this update occurs.DetailsA security researcher informed Microsoft of an elevation of privilege vulnerability in Windows Backup potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of VBS. For exploitation to succeed, an attacker must trick or convince an Administrator or a user with delegated permissions into performing a system restore which inadvertently triggers the vulnerability.Microsoft is developing a security update that will mitigate this vulnerability, but it is not yet available. This CVE will be updated with new information and links to the security updates once available. We highly encourage customers subscribe to Security Update Guide notifications to be alerted of updates. See Microsoft Technical Security Notifications and Security Update Guide Notification System News: Create your profile now – Microsoft Security Response Center.Microsoft is not aware of any attempts to exploit this vulnerability. However, a public presentation regarding this vulnerability was hosted at BlackHat on August 7, 2024. The presentation was appropriately coordinated with Microsoft but may change the threat landscape. Customers concerned with these risks should reference the guidance provided in the Recommended Actions section to protect their systems.Recommended ActionsThe following recommendations do not mitigate the vulnerability but can be used to reduce the risk of exploitation until the security update is available.Configure “Audit Object Access” settings to monitor attempts to access files, such as handle creation, read / write operations, or modifications to security descriptors.Audit File System - Windows 10 | Microsoft LearnApply a basic audit policy on a file or folder - Windows 10 | Microsoft LearnAudit users with permission to perform Backup and Restore operations to ensure only the appropriate users can perform these operations.Audit: Audit the use of Backup and Restore privilege (Windows 10) - Windows 10 | Microsoft LearnImplement an Access Control List or Discretionary Access Control Lists to restrict the access or modification of Backup files and perform Restore operations to appropriate users, for example administrators only.Access Control overview | Microsoft LearnDiscretionary Access Control Lists (DACL)Auditing sensitive privileges used to identify access, modification, or replacement of Backup related files could help indicate attempts to exploit this vulnerability.Audit Sensitive Privilege Use - Windows 10 | Microsoft Learn
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
--- a/2024/CVE-2024-38206.md
+++ b/2024/CVE-2024-38206.md
@ -0,0 +1,17 @@
 ### [CVE-2024-38206](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38206)
 ![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Copilot%20Studio&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=%3D%20N%2FA%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-918%3A%20Server-Side%20Request%20Forgery%20(SSRF)&color=brighgreen)
 ### Description
 An authenticated attacker can bypass Server-Side Request Forgery (SSRF) protection in Microsoft Copilot Studio to leak sensitive information over a network.
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
--- a/2024/CVE-2024-38527.md
+++ b/2024/CVE-2024-38527.md
@ -0,0 +1,17 @@
 ### [CVE-2024-38527](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38527)
 ![](https://img.shields.io/static/v1?label=Product&message=zenuml-core&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%203.23.25%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen)
 ### Description
 ZenUML is JavaScript-based diagramming tool that requires no server, using Markdown-inspired text definitions and a renderer to create and modify sequence diagrams. Markdown-based comments in the ZenUML diagram syntax are susceptible to Cross-site Scripting (XSS). The comment feature allows the user to attach small notes for reference. This feature allows the user to enter in their comment in markdown comment, allowing them to use common markdown features, such as `**` for bolded text. However, the markdown text is currently not sanitized before rendering, allowing an attacker to enter a malicious payload for the comment which leads to XSS. This puts existing applications that use ZenUML unsandboxed at risk of arbitrary JavaScript execution when rendering user-controlled diagrams. This vulnerability was patched in version 3.23.25,
 ### POC
 #### Reference
 - https://github.com/mermaid-js/zenuml-core/security/advisories/GHSA-q6xv-jm4v-349h
 #### Github
 No PoCs found on GitHub currently.
--- a/2024/CVE-2024-38856.md
+++ b/2024/CVE-2024-38856.md
@ -20,4 +20,5 @@ No PoCs from references.
 - https://github.com/fkie-cad/nvd-json-data-feeds
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/tanjiti/sec_profile
 - https://github.com/wy876/POC
--- a/2024/CVE-2024-38881.md
+++ b/2024/CVE-2024-38881.md
@ -0,0 +1,17 @@
 ### [CVE-2024-38881](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38881)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Rainbow Table Password cracking attack due to the use of one-way hashes without salts when storing user passwords.
 ### POC
 #### Reference
 - https://packetstormsecurity.com/files/179892/Caterease-Software-SQL-Injection-Command-Injection-Bypass.html
 #### Github
 No PoCs found on GitHub currently.
--- a/2024/CVE-2024-38882.md
+++ b/2024/CVE-2024-38882.md
@ -0,0 +1,17 @@
 ### [CVE-2024-38882](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38882)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform command line execution through SQL Injection due to improper neutralization of special elements used in an OS command.
 ### POC
 #### Reference
 - https://packetstormsecurity.com/files/179892/Caterease-Software-SQL-Injection-Command-Injection-Bypass.html
 #### Github
 No PoCs found on GitHub currently.
--- a/2024/CVE-2024-38883.md
+++ b/2024/CVE-2024-38883.md
@ -0,0 +1,17 @@
 ### [CVE-2024-38883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38883)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Drop Encryption Level attack due to the selection of a less-secure algorithm during negotiation.
 ### POC
 #### Reference
 - https://packetstormsecurity.com/files/179892/Caterease-Software-SQL-Injection-Command-Injection-Bypass.html
 #### Github
 No PoCs found on GitHub currently.
--- a/2024/CVE-2024-38884.md
+++ b/2024/CVE-2024-38884.md
@ -0,0 +1,17 @@
 ### [CVE-2024-38884](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38884)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a local attacker to perform an Authentication Bypass attack due to improperly implemented security checks for standard authentication mechanisms
 ### POC
 #### Reference
 - https://packetstormsecurity.com/files/179892/Caterease-Software-SQL-Injection-Command-Injection-Bypass.html
 #### Github
 No PoCs found on GitHub currently.
--- a/2024/CVE-2024-38886.md
+++ b/2024/CVE-2024-38886.md
@ -0,0 +1,17 @@
 ### [CVE-2024-38886](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38886)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Traffic Injection attack due to improper verification of the source of a communication channel.
 ### POC
 #### Reference
 - https://packetstormsecurity.com/files/179892/Caterease-Software-SQL-Injection-Command-Injection-Bypass.html
 #### Github
 No PoCs found on GitHub currently.
--- a/2024/CVE-2024-38887.md
+++ b/2024/CVE-2024-38887.md
@ -0,0 +1,17 @@
 ### [CVE-2024-38887](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38887)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to expand control over the operating system from the database due to the execution of commands with unnecessary privileges.
 ### POC
 #### Reference
 - https://packetstormsecurity.com/files/179892/Caterease-Software-SQL-Injection-Command-Injection-Bypass.html
 #### Github
 No PoCs found on GitHub currently.
--- a/2024/CVE-2024-38888.md
+++ b/2024/CVE-2024-38888.md
@ -0,0 +1,17 @@
 ### [CVE-2024-38888](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38888)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a local attacker to perform a Password Brute Forcing attack due to improper restriction of excessive authentication attempts.
 ### POC
 #### Reference
 - https://packetstormsecurity.com/files/179892/Caterease-Software-SQL-Injection-Command-Injection-Bypass.html
 #### Github
 No PoCs found on GitHub currently.
--- a/2024/CVE-2024-38889.md
+++ b/2024/CVE-2024-38889.md
@ -0,0 +1,17 @@
 ### [CVE-2024-38889](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38889)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform SQL Injection due to improper neutralization of special elements used in an SQL command.
 ### POC
 #### Reference
 - https://packetstormsecurity.com/files/179892/Caterease-Software-SQL-Injection-Command-Injection-Bypass.html
 #### Github
 No PoCs found on GitHub currently.
--- a/2024/CVE-2024-38890.md
+++ b/2024/CVE-2024-38890.md
@ -0,0 +1,17 @@
 ### [CVE-2024-38890](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38890)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 An issue in Horizon Business Services Inc. Caterease Software 16.0.1.1663 through 24.0.1.2405 and possibly later versions allows a local attacker to perform an Authentication Bypass by Capture-replay attack due to insufficient protection against capture-replay attacks.
 ### POC
 #### Reference
 - https://packetstormsecurity.com/files/179892/Caterease-Software-SQL-Injection-Command-Injection-Bypass.html
 #### Github
 No PoCs found on GitHub currently.
--- a/2024/CVE-2024-38891.md
+++ b/2024/CVE-2024-38891.md
@ -0,0 +1,17 @@
 ### [CVE-2024-38891](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38891)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Sniffing Network Traffic attack due to the cleartext transmission of sensitive information.
 ### POC
 #### Reference
 - https://packetstormsecurity.com/files/179892/Caterease-Software-SQL-Injection-Command-Injection-Bypass.html
 #### Github
 No PoCs found on GitHub currently.
--- a/2024/CVE-2024-3958.md
+++ b/2024/CVE-2024-3958.md
@ -0,0 +1,17 @@
 ### [CVE-2024-3958](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3958)
 ![](https://img.shields.io/static/v1?label=Product&message=GitLab&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=0%3C%2017.0.6%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%3A%20Improper%20Control%20of%20Generation%20of%20Code%20('Code%20Injection')&color=brighgreen)
 ### Description
 An issue has been discovered in GitLab CE/EE affecting all versions before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. An issue was found that allows someone  to abuse a discrepancy between the Web application display and the git command line interface to social engineer victims into cloning non-trusted code.
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
--- a/2024/CVE-2024-41989.md
+++ b/2024/CVE-2024-41989.md
@ -0,0 +1,17 @@
 ### [CVE-2024-41989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent.
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
--- a/2024/CVE-2024-41990.md
+++ b/2024/CVE-2024-41990.md
@ -0,0 +1,17 @@
 ### [CVE-2024-41990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41990)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
--- a/2024/CVE-2024-41991.md
+++ b/2024/CVE-2024-41991.md
@ -0,0 +1,17 @@
 ### [CVE-2024-41991](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
--- a/2024/CVE-2024-42005.md
+++ b/2024/CVE-2024-42005.md
@ -0,0 +1,17 @@
 ### [CVE-2024-42005](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg.
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
--- a/2024/CVE-2024-42033.md
+++ b/2024/CVE-2024-42033.md
@ -0,0 +1,19 @@
 ### [CVE-2024-42033](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42033)
 ![](https://img.shields.io/static/v1?label=Product&message=EMUI&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=HarmonyOS&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=%3D%2014.0.0%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Version&message=%3D%204.2.0%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-840%20Business%20Logic%20Errors&color=brighgreen)
 ### Description
 Access control vulnerability in the security verification modulempact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
--- a/2024/CVE-2024-42034.md
+++ b/2024/CVE-2024-42034.md
@ -0,0 +1,19 @@
 ### [CVE-2024-42034](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42034)
 ![](https://img.shields.io/static/v1?label=Product&message=EMUI&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=HarmonyOS&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=%3D%2014.0.0%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Version&message=%3D%204.2.0%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-840%20Business%20Logic%20Errors&color=brighgreen)
 ### Description
 LaunchAnywhere vulnerability in the account module.Impact: Successful exploitation of this vulnerability may affect service confidentiality.
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
--- a/2024/CVE-2024-42035.md
+++ b/2024/CVE-2024-42035.md
@ -0,0 +1,19 @@
 ### [CVE-2024-42035](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42035)
 ![](https://img.shields.io/static/v1?label=Product&message=EMUI&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=HarmonyOS&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=%3D%2014.0.0%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Version&message=%3D%204.2.0%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-264%20Permissions%2C%20Privileges%2C%20and%20Access%20Controls&color=brighgreen)
 ### Description
 Permission control vulnerability in the App Multiplier moduleImpact:Successful exploitation of this vulnerability may affect functionality and confidentiality.
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
--- a/2024/CVE-2024-42036.md
+++ b/2024/CVE-2024-42036.md
@ -0,0 +1,19 @@
 ### [CVE-2024-42036](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42036)
 ![](https://img.shields.io/static/v1?label=Product&message=EMUI&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=HarmonyOS&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=%3D%2014.0.0%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Version&message=%3D%204.2.0%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-269%20Improper%20Privilege%20Management&color=brighgreen)
 ### Description
 Access permission verification vulnerability in the Notepad moduleImpact: Successful exploitation of this vulnerability may affect service confidentiality.
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
--- a/Show More
+++ b/Show More