Update CVE sources 2024-08-30 20:52

2025-05-05 10:17:57 +00:00 · 2024-08-30 20:52:42 +00:00 · 2024-08-30 20:52:42 +00:00 · 6a17b5b11e
commit 6a17b5b11e
parent 77bef98094
293 changed files with 2968 additions and 59 deletions
--- a/2000/CVE-2000-0917.md
+++ b/2000/CVE-2000-0917.md
@ -15,4 +15,5 @@ No PoCs from references.
 #### Github
 - https://github.com/LEXUEYE/oinkmaster
 - https://github.com/davidliu88/oinkmaster
+- https://github.com/zer0duck/oinkmaster

--- a/2001/CVE-2001-0414.md
+++ b/2001/CVE-2001-0414.md
@ -13,5 +13,5 @@ Buffer overflow in ntpd ntp daemon 4.0.99k and earlier (aka xntpd and xntp3) all
 - http://marc.info/?l=bugtraq&m=98642418618512&w=2

 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/KeerthiYasasvi/Honeypot-Data-Analysis-using-T-pot

--- a/2002/CVE-2002-0012.md
+++ b/2002/CVE-2002-0012.md
@ -0,0 +1,17 @@
+### [CVE-2002-0012](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0012)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Vulnerabilities in a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via SNMPv1 trap handling, as demonstrated by the PROTOS c06-SNMPv1 test suite.  NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor.  This and other SNMP-related candidates will be updated when more accurate information is available.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/KeerthiYasasvi/Honeypot-Data-Analysis-using-T-pot
+
--- a/2002/CVE-2002-0013.md
+++ b/2002/CVE-2002-0013.md
@ -0,0 +1,17 @@
+### [CVE-2002-0013](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0013)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via (1) GetRequest, (2) GetNextRequest, and (3) SetRequest messages, as demonstrated by the PROTOS c06-SNMPv1 test suite.  NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor.  This and other SNMP-related candidates will be updated when more accurate information is available.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/KeerthiYasasvi/Honeypot-Data-Analysis-using-T-pot
+
--- a/2006/CVE-2006-3336.md
+++ b/2006/CVE-2006-3336.md
@ -0,0 +1,17 @@
+### [CVE-2006-3336](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3336)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+TWiki 01-Dec-2000 up to 4.0.3 allows remote attackers to bypass the upload filter and execute arbitrary code via filenames with double extensions such as ".php.en", ".php.1", and other allowed extensions that are not .txt.  NOTE: this is only a vulnerability when the server allows script execution in the pub directory.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/syedayman/Network-PenTest-Project
+
--- a/2009/CVE-2009-1389.md
+++ b/2009/CVE-2009-1389.md
@ -13,5 +13,5 @@ Buffer overflow in the RTL8169 NIC driver (drivers/net/r8169.c) in the Linux ker
 - http://www.vmware.com/security/advisories/VMSA-2009-0016.html

 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/lobo360/iptables-ubuntu

--- a/2011/CVE-2011-2523.md
+++ b/2011/CVE-2011-2523.md
@ -57,6 +57,7 @@ vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which
 - https://github.com/Wanderwille/13.01
 - https://github.com/XiangSi-Howard/CTF---CVE-2011-2523
 - https://github.com/Y2FuZXBh/exploits
+- https://github.com/YellowFederica/MTD-with-SDN
 - https://github.com/andaks1/ib01
 - https://github.com/castiel-aj/Cybertalents-Challenges-Writeups
 - https://github.com/cherrera0001/vsftpd_2.3.4_Exploit
--- a/2013/CVE-2013-2028.md
+++ b/2013/CVE-2013-2028.md
@ -15,6 +15,7 @@ The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 thro

 #### Github
 - https://github.com/ARPSyndicate/cvemon
+- https://github.com/BJ-PXD/Explotacion-de-Vulnerabiliddes-bee-box
 - https://github.com/CVEDB/PoC-List
 - https://github.com/CVEDB/awesome-cve-repo
 - https://github.com/JERRY123S/all-poc
--- a/2015/CVE-2015-10088.md
+++ b/2015/CVE-2015-10088.md
@ -0,0 +1,17 @@
+### [CVE-2015-10088](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-10088)
+![](https://img.shields.io/static/v1?label=Product&message=ayttm&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%200.5.0.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-134%20Format%20String&color=brighgreen)
+
+### Description
+
+A vulnerability, which was classified as critical, was found in ayttm up to 0.5.0.89. This affects the function http_connect in the library libproxy/proxy.c. The manipulation leads to format string. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The patch is named 40e04680018614a7d2b68566b261b061a0597046. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-222267.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/DiRaltvein/memory-corruption-examples
+
--- a/2015/CVE-2015-1328.md
+++ b/2015/CVE-2015-1328.md
@ -18,6 +18,7 @@ The overlayfs implementation in the linux (aka Linux kernel) package before 3.19
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/AfvanMoopen/tryhackme-
 - https://github.com/Al1ex/LinuxEelvation
+- https://github.com/BlackFrog-hub/cve-2015-1328
 - https://github.com/C0dak/linux-kernel-exploits
 - https://github.com/C0dak/local-root-exploit-
 - https://github.com/DarkenCode/PoC
@ -48,6 +49,7 @@ The overlayfs implementation in the linux (aka Linux kernel) package before 3.19
 - https://github.com/coffee727/linux-exp
 - https://github.com/copperfieldd/linux-kernel-exploits
 - https://github.com/distance-vector/linux-kernel-exploits
+- https://github.com/elit3pwner/CVE-2015-1328-GoldenEye
 - https://github.com/fei9747/LinuxEelvation
 - https://github.com/ferovap/Tools
 - https://github.com/freelancermijan/Linux-Privilege-Escalation-Tryhackme
--- a/2015/CVE-2015-2171.md
+++ b/2015/CVE-2015-2171.md
@ -14,5 +14,6 @@ No PoCs from references.

 #### Github
 - https://github.com/ARPSyndicate/cvemon
+- https://github.com/flouciel/Deserialize
 - https://github.com/tthseus/Deserialize

--- a/2015/CVE-2015-3864.md
+++ b/2015/CVE-2015-3864.md
@ -17,6 +17,7 @@ Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4Extractor.c
 #### Github
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/Bhathiya404/Exploiting-Stagefright-Vulnerability-CVE-2015-3864
+- https://github.com/Cmadhushanka/CVE-2015-3864-Exploitation
 - https://github.com/HenryVHuang/CVE-2015-3864
 - https://github.com/HighW4y2H3ll/libstagefrightExploit
 - https://github.com/eudemonics/scaredycat
--- a/2015/CVE-2015-6668.md
+++ b/2015/CVE-2015-6668.md
@ -22,6 +22,7 @@ The Job Manager plugin before 0.7.25 allows remote attackers to read arbitrary C
 - https://github.com/Sp3c73rSh4d0w/CVE-2015-6668
 - https://github.com/c0d3cr4f73r/CVE-2015-6668
 - https://github.com/crypticdante/CVE-2015-6668
+- https://github.com/jimdiroffii/CVE-2015-6668
 - https://github.com/k4u5h41/CVE-2015-6668
 - https://github.com/n3ov4n1sh/CVE-2015-6668

--- a/2015/CVE-2015-7808.md
+++ b/2015/CVE-2015-7808.md
@ -25,6 +25,7 @@ The vB_Api_Hook::decodeArguments method in vBulletin 5 Connect 5.1.2 through 5.1
 - https://github.com/Xcod3bughunt3r/ExploitsTools
 - https://github.com/XiphosResearch/exploits
 - https://github.com/dr4v/exploits
+- https://github.com/flouciel/Deserialize
 - https://github.com/jmedeng/suriya73-exploits
 - https://github.com/mukarramkhalid/vBulletin-5.1.x-PreAuth-RCE
 - https://github.com/shildenbrand/Exploits
--- a/2015/CVE-2015-8351.md
+++ b/2015/CVE-2015-8351.md
@ -16,6 +16,7 @@ PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.
 #### Github
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/G01d3nW01f/CVE-2015-8351
+- https://github.com/G4sp4rCS/exploit-CVE-2015-8351
 - https://github.com/Ki11i0n4ir3/CVE-2015-8351
 - https://github.com/igruntplay/exploit-CVE-2015-8351

--- a/2015/CVE-2015-8562.md
+++ b/2015/CVE-2015-8562.md
@ -32,6 +32,7 @@ Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP o
 - https://github.com/atcasanova/cve-2015-8562-exploit
 - https://github.com/bakery312/Vulhub-Reproduce
 - https://github.com/emtee40/google-explorer
+- https://github.com/flouciel/Deserialize
 - https://github.com/guanjivip/CVE-2015-8562
 - https://github.com/hktalent/bug-bounty
 - https://github.com/iGio90/hacking-stuff
--- a/2015/CVE-2015-9235.md
+++ b/2015/CVE-2015-9235.md
@ -18,6 +18,7 @@ No PoCs from references.
 - https://github.com/Nucleware/powershell-jwt
 - https://github.com/WinDyAlphA/CVE-2015-9235_JWT_key_confusion
 - https://github.com/aalex954/jwt-key-confusion-poc
+- https://github.com/armor-code/acsdk
 - https://github.com/capstone-cy-team-1/vuln-web-app
 - https://github.com/mxcezl/JWT-SecLabs
 - https://github.com/phramz/tc2022-jwt101
--- a/2016/CVE-2016-20012.md
+++ b/2016/CVE-2016-20012.md
@ -18,6 +18,7 @@
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/Totes5706/TotesHTB
 - https://github.com/accalina/crowflag
+- https://github.com/aztec-eagle/cve-2016-20012
 - https://github.com/firatesatoglu/iot-searchengine
 - https://github.com/firatesatoglu/shodanSearch
 - https://github.com/omerfsen/terraform-almalinux-libvirt
--- a/2016/CVE-2016-5195.md
+++ b/2016/CVE-2016-5195.md
@ -392,6 +392,7 @@ Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allo
 - https://github.com/sribaba/android-CVE-2016-5195
 - https://github.com/ssr-111/linux-kernel-exploitation
 - https://github.com/sv3nbeast/Attack-Notes
+- https://github.com/syedayman/Network-PenTest-Project
 - https://github.com/talent-x90c/cve_list
 - https://github.com/tangsilian/android-vuln
 - https://github.com/teamssix/container-escape-check
--- a/2017/CVE-2017-0143.md
+++ b/2017/CVE-2017-0143.md
@ -49,6 +49,7 @@ The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2
 - https://github.com/Lynk4/Windows-Server-2008-VAPT
 - https://github.com/Micr067/Pentest_Note
 - https://github.com/MinYoungLeeDev/Attack-Defense-Analysis-of-a-Vulnerable-Network
+- https://github.com/N3rdyN3xus/MS17-010_CVE-2017-0143
 - https://github.com/NatteeSetobol/Etern-blue-Windows-7-Checker
 - https://github.com/Nieuport/Active-Directory-Kill-Chain-Attack-Defense
 - https://github.com/Ostorlab/KEV
--- a/2017/CVE-2017-0144.md
+++ b/2017/CVE-2017-0144.md
@ -138,12 +138,14 @@ The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2
 - https://github.com/revanmalang/OSCP
 - https://github.com/rvsvishnuv/rvsvishnuv.github.io
 - https://github.com/shubhamg0sai/All_top_500_hacking_tool
+- https://github.com/shubhamg0sai/top_500_tool
 - https://github.com/skeeperloyaltie/network
 - https://github.com/skhjacksonheights/bestTermuxTools_skh
 - https://github.com/sponkmonk/Ladon_english_update
 - https://github.com/starlingvibes/TryHackMe
 - https://github.com/sunzu94/AD-Attack-Defense
 - https://github.com/sworatz/toolx500
+- https://github.com/syedayman/Network-PenTest-Project
 - https://github.com/tataev/Security
 - https://github.com/trhacknon/scan4all
 - https://github.com/txuswashere/OSCP
--- a/2017/CVE-2017-0145.md
+++ b/2017/CVE-2017-0145.md
@ -87,9 +87,11 @@ The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2
 - https://github.com/qazbnm456/awesome-cve-poc
 - https://github.com/retr0-13/AD-Attack-Defense
 - https://github.com/shubhamg0sai/All_top_500_hacking_tool
+- https://github.com/shubhamg0sai/top_500_tool
 - https://github.com/skhjacksonheights/bestTermuxTools_skh
 - https://github.com/sunzu94/AD-Attack-Defense
 - https://github.com/sworatz/toolx500
+- https://github.com/syedayman/Network-PenTest-Project
 - https://github.com/tataev/Security
 - https://github.com/trhacknon/scan4all
 - https://github.com/uroboros-security/SMB-CVE
--- a/2017/CVE-2017-1000112.md
+++ b/2017/CVE-2017-1000112.md
@ -78,6 +78,7 @@ Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. W
 - https://github.com/lnick2023/nicenice
 - https://github.com/m0mkris/linux-kernel-exploits
 - https://github.com/maririn312/Linux_menthor
+- https://github.com/milabs/kiddy
 - https://github.com/milabs/lkrg-bypass
 - https://github.com/mzet-/linux-exploit-suggester
 - https://github.com/n3t1nv4d3/kernel-exploits
--- a/2017/CVE-2017-15710.md
+++ b/2017/CVE-2017-15710.md
@ -26,6 +26,7 @@ No PoCs from references.
 - https://github.com/Xorlent/Red-Teaming-TTPs
 - https://github.com/austin-lai/External-Penetration-Testing-Holo-Corporate-Network-TryHackMe-Holo-Network
 - https://github.com/bioly230/THM_Skynet
+- https://github.com/fdool73/insightvm_slackbot
 - https://github.com/firatesatoglu/shodanSearch
 - https://github.com/rackerlabs/insightvm_slackbot
 - https://github.com/retr0-13/nrich
--- a/2017/CVE-2017-18816.md
+++ b/2017/CVE-2017-18816.md
@ -0,0 +1,17 @@
+### [CVE-2017-18816](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18816)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+NETGEAR ReadyNAS OS 6 devices, running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.
+
+### POC
+
+#### Reference
+- https://kb.netgear.com/000049049/Security-Advisory-for-Stored-Cross-Site-Scripting-Vulnerability-on-Some-ReadyNAS-devices-PSV-2017-0290
+
+#### Github
+No PoCs found on GitHub currently.
+
--- a/2017/CVE-2017-7269.md
+++ b/2017/CVE-2017-7269.md
@ -41,6 +41,7 @@ Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in In
 - https://github.com/HacTF/poc--exp
 - https://github.com/JERRY123S/all-poc
 - https://github.com/Mr-xn/Penetration_Testing_POC
+- https://github.com/N3rdyN3xus/CVE-2017-7269
 - https://github.com/NetW0rK1le3r/awesome-hacking-lists
 - https://github.com/Ostorlab/KEV
 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
--- a/2017/CVE-2017-7494.md
+++ b/2017/CVE-2017-7494.md
@ -33,6 +33,7 @@ Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to r
 - https://github.com/Astrogeorgeonethree/Starred
 - https://github.com/Astrogeorgeonethree/Starred2
 - https://github.com/Atem1988/Starred
+- https://github.com/BJ-PXD/Explotacion-de-Vulnerabiliddes-bee-box
 - https://github.com/C0dak/linux-kernel-exploits
 - https://github.com/C0dak/local-root-exploit-
 - https://github.com/CVEDB/PoC-List
--- a/2017/CVE-2017-8625.md
+++ b/2017/CVE-2017-8625.md
@ -23,6 +23,7 @@ Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/AdhamRammadan/CyberRoad
 - https://github.com/Ashadowkhan/PENTESTINGBIBLE
+- https://github.com/DefensiveThinking/list-infosec-encyclopedia
 - https://github.com/Digit4lBytes/RedTeam
 - https://github.com/DigitalQuinn/InfosecCompilation
 - https://github.com/Fa1c0n35/Awesome-Red-Teaming.
--- a/2017/CVE-2017-9814.md
+++ b/2017/CVE-2017-9814.md
@ -13,5 +13,5 @@ cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to c
 - https://bugs.freedesktop.org/show_bug.cgi?id=101547

 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/adegoodyer/kubernetes-admin-toolkit

--- a/2018/CVE-2018-0101.md
+++ b/2018/CVE-2018-0101.md
@ -21,6 +21,7 @@ A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco
 - https://github.com/Correia-jpv/fucking-awesome-honeypots
 - https://github.com/Cymmetria/ciscoasa_honeypot
 - https://github.com/Elsfa7-110/kenzer-templates
+- https://github.com/KeerthiYasasvi/Honeypot-Data-Analysis-using-T-pot
 - https://github.com/Mehedi-Babu/honeypots_cyber
 - https://github.com/Nieuport/-awesome-honeypots-
 - https://github.com/Ondrik8/-Security
--- a/2018/CVE-2018-10561.md
+++ b/2018/CVE-2018-10561.md
@ -15,6 +15,7 @@ An issue was discovered on Dasan GPON home routers. It is possible to bypass aut
 #### Github
 - https://github.com/0x0d3ad/Kn0ck
 - https://github.com/0xT11/CVE-POC
+- https://github.com/20142995/nuclei-templates
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/ATpiu/CVE-2018-10562
 - https://github.com/EvilAnne/Python_Learn
--- a/2018/CVE-2018-11776.md
+++ b/2018/CVE-2018-11776.md
@ -59,6 +59,7 @@ Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remo
 - https://github.com/IkerSaint/VULNAPP-vulnerable-app
 - https://github.com/Ivan1ee/struts2-057-exp
 - https://github.com/JERRY123S/all-poc
+- https://github.com/KeerthiYasasvi/Honeypot-Data-Analysis-using-T-pot
 - https://github.com/LightC0der/Apache-Struts-0Day-Exploit
 - https://github.com/Maarckz/PayloadParaTudo
 - https://github.com/Muhammd/Awesome-Payloads
--- a/2018/CVE-2018-20148.md
+++ b/2018/CVE-2018-20148.md
@ -17,6 +17,7 @@ In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could conduct PHP o
 - https://github.com/Afetter618/WordPress-PenTest
 - https://github.com/Byebyesky/IT-Security-Projekt
 - https://github.com/El-Palomo/DerpNStink
+- https://github.com/flouciel/WooCommerce-CVEs
 - https://github.com/nth347/CVE-2018-20148_exploit
 - https://github.com/tthseus/WooCommerce-CVEs

--- a/2018/CVE-2018-21029.md
+++ b/2018/CVE-2018-21029.md
@ -10,6 +10,7 @@
 ### POC

 #### Reference
+- https://blog.cloudflare.com/dns-encryption-explained/
 - https://github.com/systemd/systemd/issues/9397

 #### Github
--- a/2019/CVE-2019-11358.md
+++ b/2019/CVE-2019-11358.md
@ -289,6 +289,9 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
 - https://github.com/AntofeOctavian/AntofeRTC1
 - https://github.com/AntonianERA/FtcRobotController-master-8.1.1
 - https://github.com/AntonioAlecs/FTC-
+- https://github.com/AnyiLin/10158-Centerstage
+- https://github.com/AnyiLin/10158-Power-Play
+- https://github.com/AnyiLin/Monocular-Visual-Odometry-FTC
 - https://github.com/Apollo9662/sdk_9_0_1
 - https://github.com/Apple-CRISPR/FtcRobotController_2021
 - https://github.com/AravNeroth/2023-2024-Robolobos-FTC-14363
@ -1010,6 +1013,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
 - https://github.com/FTC9182/FTC9182-2021-2022
 - https://github.com/FTC9837/FTC9837_UltimateGoal
 - https://github.com/FTC9889/CC_9889_2020_2021
+- https://github.com/FTCCrashAndBurn/FtcRobotController-23
 - https://github.com/FTCCyclone/CycloneRobotController
 - https://github.com/FTCJoeBots/2020-JoeBots-Training-Ground
 - https://github.com/FTCJoeBots/2023-ChassisBot
@ -2829,6 +2833,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
 - https://github.com/connorjlink/FtcRobotController2021
 - https://github.com/coreycoreycorey/FtcRobotController
 - https://github.com/cormickf/Ftc-Powerplay
+- https://github.com/coronerx/5404FTC
 - https://github.com/cosmin-26/ftc-qube
 - https://github.com/cosmin-26/ftc23.camera
 - https://github.com/cozymentor/FTC2022
@ -3417,6 +3422,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
 - https://github.com/lancelarsen/PhoenixForceFreightFrenzy
 - https://github.com/lancelarsen/PhoenixForceUltimateGoal
 - https://github.com/lancelarsen/PhoenixForceUltimateGoal2
+- https://github.com/lancelarsen/PhoenixForceUltimateGoal3
 - https://github.com/largoftc/Firsttech
 - https://github.com/larrytao05/FtcRobotController
 - https://github.com/laupetre/FTC-2021
@ -3820,6 +3826,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
 - https://github.com/sesmar/FtcRobotController-8.0
 - https://github.com/sgarciaabad/FtcRobotController-9.0
 - https://github.com/sgu-101/FTC-8569
+- https://github.com/sgu-101/FTC-8569-CenterStage
 - https://github.com/sgutierrez8c54/Ftc2020
 - https://github.com/sgutierrez8c54/PowerPlay202223
 - https://github.com/shalinda/ftcpowerplay
--- a/2019/CVE-2019-11500.md
+++ b/2019/CVE-2019-11500.md
@ -0,0 +1,17 @@
+### [CVE-2019-11500](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11500)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/KeerthiYasasvi/Honeypot-Data-Analysis-using-T-pot
+
--- a/2019/CVE-2019-12345.md
+++ b/2019/CVE-2019-12345.md
@ -13,5 +13,5 @@ XSS exists in the Kiboko Hostel plugin before 1.1.4 for WordPress.
 - https://wpvulndb.com/vulnerabilities/9289

 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/priamai/cyberlangchain

--- a/2019/CVE-2019-19781.md
+++ b/2019/CVE-2019-19781.md
@ -60,6 +60,7 @@ An issue was discovered in Citrix Application Delivery Controller (ADC) and Gate
 - https://github.com/JamesG-Zero/Shitrix-CVE-2019-19781
 - https://github.com/Jean-Francois-C/Windows-Penetration-Testing
 - https://github.com/KayCHENvip/vulnerability-poc
+- https://github.com/KeerthiYasasvi/Honeypot-Data-Analysis-using-T-pot
 - https://github.com/L4r1k/CitrixNetscalerAnalysis
 - https://github.com/LeapBeyond/cve_2019_19781
 - https://github.com/MalwareTech/CitrixHoneypot
--- a/2019/CVE-2019-19824.md
+++ b/2019/CVE-2019-19824.md
@ -5,7 +5,7 @@

 ### Description

-On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not available. This allows for full control over the device's internals. This affects A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0.
+On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not available. This allows for full control over the device's internals. This affects A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, N100RE through 3.4.0, and N302RE 2.0.2.

 ### POC

--- a/2019/CVE-2019-6462.md
+++ b/2019/CVE-2019-6462.md
@ -13,5 +13,6 @@ An issue was discovered in cairo 1.16.0. There is an infinite loop in the functi
 - https://github.com/TeamSeri0us/pocs/tree/master/gerbv

 #### Github
+- https://github.com/adegoodyer/kubernetes-admin-toolkit
 - https://github.com/facebookincubator/meta-fbvuln

--- a/2019/CVE-2019-7314.md
+++ b/2019/CVE-2019-7314.md
@ -14,6 +14,7 @@ No PoCs from references.

 #### Github
 - https://github.com/12qwetyd/upgdfuzz
+- https://github.com/5angjun/aflnet
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/Arbusz/aflnet
 - https://github.com/Arbusz/c2sfuzz
--- a/2019/CVE-2019-9168.md
+++ b/2019/CVE-2019-9168.md
@ -13,5 +13,6 @@ WooCommerce before 3.5.5 allows XSS via a Photoswipe caption.
 No PoCs from references.

 #### Github
+- https://github.com/flouciel/WooCommerce-CVEs
 - https://github.com/tthseus/WooCommerce-CVEs

--- a/2020/CVE-2020-10021.md
+++ b/2020/CVE-2020-10021.md
@ -15,5 +15,6 @@ Out-of-bounds Write in the USB Mass Storage memoryWrite handler with unaligned S
 #### Github
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/CBackyx/CVE-Reproduction
+- https://github.com/DependableSystemsLab/AutoPatch
 - https://github.com/Moh3nsalehi/AutoPatchCode

--- a/2020/CVE-2020-11899.md
+++ b/2020/CVE-2020-11899.md
@ -17,6 +17,7 @@ The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.

 #### Github
 - https://github.com/CERTCC/PoC-Exploits/tree/master/vu-257161/scripts
+- https://github.com/KeerthiYasasvi/Honeypot-Data-Analysis-using-T-pot
 - https://github.com/Ostorlab/KEV
 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
 - https://github.com/panios/suricata_parser
--- a/2020/CVE-2020-12431.md
+++ b/2020/CVE-2020-12431.md
@ -11,6 +11,7 @@ A Windows privilege change issue was discovered in Splashtop Software Updater be

 #### Reference
 - https://improsec.com/tech-blog/privilege-escalation-vulnerability-in-splashtop-streamer
+- https://support-splashtopbusiness.splashtop.com/hc/en-us/articles/360042648231-Splashtop-Streamer-version-3-3-8-0-for-Windows-released-includes-SOS-version-3-3-8-0

 #### Github
 No PoCs found on GitHub currently.
--- a/2020/CVE-2020-1472.md
+++ b/2020/CVE-2020-1472.md
@ -349,6 +349,7 @@ An elevation of privilege vulnerability exists when an attacker establishes a vu
 - https://github.com/suzi007/RedTeam_Note
 - https://github.com/sv3nbeast/CVE-2020-1472
 - https://github.com/svbjdbk123/ReadTeam
+- https://github.com/syedayman/Network-PenTest-Project
 - https://github.com/t31m0/CVE-2020-1472
 - https://github.com/t31m0/Zero
 - https://github.com/tanjiti/sec_profile
--- a/2020/CVE-2020-28429.md
+++ b/2020/CVE-2020-28429.md
@ -13,5 +13,5 @@ All versions of package geojson2kml are vulnerable to Command Injection via the
 - https://snyk.io/vuln/SNYK-JS-GEOJSON2KML-1050412

 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/20142995/nuclei-templates

--- a/2020/CVE-2020-9496.md
+++ b/2020/CVE-2020-9496.md
@ -28,6 +28,7 @@ XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scriptin
 - https://github.com/Elsfa7-110/kenzer-templates
 - https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet
 - https://github.com/HimmelAward/Goby_POC
+- https://github.com/JulianWu520/DriedMango
 - https://github.com/Ly0nt4r/CVE-2020-9496
 - https://github.com/MrMeizhi/DriedMango
 - https://github.com/SexyBeast233/SecBooks
--- a/2021/CVE-2021-24962.md
+++ b/2021/CVE-2021-24962.md
@ -15,5 +15,5 @@ The WordPress File Upload Free and Pro WordPress plugins before 4.16.3 allow use
 - https://wpscan.com/vulnerability/7a95b3f2-285e-40e3-aead-41932c207623

 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/syedayman/Network-PenTest-Project

--- a/2021/CVE-2021-26295.md
+++ b/2021/CVE-2021-26295.md
@ -29,6 +29,7 @@ Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated at
 - https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet
 - https://github.com/Henry4E36/Apache-OFBiz-Vul
 - https://github.com/HimmelAward/Goby_POC
+- https://github.com/JulianWu520/DriedMango
 - https://github.com/KayCHENvip/vulnerability-poc
 - https://github.com/Li468446/Apache_poc
 - https://github.com/Miraitowa70/POC-Notes
--- a/2021/CVE-2021-29447.md
+++ b/2021/CVE-2021-29447.md
@ -19,6 +19,7 @@ Wordpress is an open source CMS. A user with the ability to upload files (like a
 - https://github.com/0xjukai/Web-security
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/Abdulazizalsewedy/CVE-2021-29447
+- https://github.com/Aijoo100/Aijoo100
 - https://github.com/Anogota/MetaTwo
 - https://github.com/AssassinUKG/CVE-2021-29447
 - https://github.com/AssassinUKG/Writeups
--- a/2021/CVE-2021-30600.md
+++ b/2021/CVE-2021-30600.md
@ -13,5 +13,6 @@ Use after free in Printing in Google Chrome prior to 92.0.4515.159 allowed a rem
 No PoCs from references.

 #### Github
+- https://github.com/splunk-soar-connectors/microsoftdefenderforendpoint
 - https://github.com/splunk-soar-connectors/windowsdefenderatp

--- a/2021/CVE-2021-3489.md
+++ b/2021/CVE-2021-3489.md
@ -11,7 +11,7 @@ The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel did not chec
 ### POC

 #### Reference
-No PoCs from references.
+- https://ubuntu.com/security/notices/USN-4950-1

 #### Github
 - https://github.com/ARPSyndicate/cvemon
--- a/2021/CVE-2021-3490.md
+++ b/2021/CVE-2021-3490.md
@ -12,6 +12,7 @@ The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux ke

 #### Reference
 - http://packetstormsecurity.com/files/164015/Linux-eBPF-ALU32-32-bit-Invalid-Bounds-Tracking-Local-Privilege-Escalation.html
+- https://ubuntu.com/security/notices/USN-4950-1

 #### Github
 - https://github.com/0xsyr0/OSCP
--- a/2021/CVE-2021-3491.md
+++ b/2021/CVE-2021-3491.md
@ -11,6 +11,7 @@ The io_uring subsystem in the Linux kernel allowed the MAX_RW_COUNT limit to be

 #### Reference
 - https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d1f82808877bb10d3deee7cf3374a4eb3fb582db
+- https://ubuntu.com/security/notices/USN-4950-1

 #### Github
 No PoCs found on GitHub currently.
--- a/2021/CVE-2021-3493.md
+++ b/2021/CVE-2021-3493.md
@ -25,6 +25,7 @@ The overlayfs implementation in the linux kernel did not properly validate with
 - https://github.com/20142995/sectool
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/Abdennour-py/CVE-2021-3493
+- https://github.com/Aijoo100/Aijoo100
 - https://github.com/Al1ex/LinuxEelvation
 - https://github.com/AmIAHuman/OverlayFS-CVE-2021-3493
 - https://github.com/Anekant-Singhai/Exploits
--- a/2021/CVE-2021-3560.md
+++ b/2021/CVE-2021-3560.md
@ -20,6 +20,7 @@ It was found that polkit could be tricked into bypassing the credential checks f
 - https://github.com/0xsmirk/vehicle-kernel-exploit
 - https://github.com/0xsyr0/OSCP
 - https://github.com/ARPSyndicate/cvemon
+- https://github.com/Aijoo100/Aijoo100
 - https://github.com/Almorabea/Polkit-exploit
 - https://github.com/AnastasiaLomova/PR1
 - https://github.com/AnastasiaLomova/PR1.1
--- a/2021/CVE-2021-36934.md
+++ b/2021/CVE-2021-36934.md
@ -119,6 +119,7 @@
 - https://github.com/s3mPr1linux/JUST_WALKING_DOG
 - https://github.com/shaktavist/SeriousSam
 - https://github.com/soosmile/POC
+- https://github.com/splunk-soar-connectors/microsoftdefenderforendpoint
 - https://github.com/splunk-soar-connectors/windowsdefenderatp
 - https://github.com/sponkmonk/Ladon_english_update
 - https://github.com/taielab/awesome-hacking-lists
--- a/2021/CVE-2021-41773.md
+++ b/2021/CVE-2021-41773.md
@ -39,6 +39,7 @@ A flaw was found in a change made to path normalization in Apache HTTP Server 2.
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/ARPSyndicate/kenzer-templates
 - https://github.com/AdrMAr5/baiim
+- https://github.com/Aijoo100/Aijoo100
 - https://github.com/AkshayraviC09YC47/CVE-Exploits
 - https://github.com/AnonymouID/POC
 - https://github.com/ArrestX/--POC
--- a/2021/CVE-2021-4217.md
+++ b/2021/CVE-2021-4217.md
@ -14,4 +14,5 @@ No PoCs from references.

 #### Github
 - https://github.com/ARPSyndicate/cvemon
+- https://github.com/adegoodyer/kubernetes-admin-toolkit

--- a/2022/CVE-2022-0847.md
+++ b/2022/CVE-2022-0847.md
@ -34,6 +34,7 @@ A flaw was found in the way the "flags" member of the new pipe buffer structure
 - https://github.com/4luc4rdr5290/CVE-2022-0847
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/Abhi-1712/ejpt-roadmap
+- https://github.com/Aijoo100/Aijoo100
 - https://github.com/Al1ex/CVE-2022-0847
 - https://github.com/Al1ex/LinuxEelvation
 - https://github.com/AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits
--- a/2022/CVE-2022-20073.md
+++ b/2022/CVE-2022-20073.md
@ -0,0 +1,17 @@
+### [CVE-2022-20073](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20073)
+![](https://img.shields.io/static/v1?label=Product&message=MT2601%2C%20MT6580%2C%20MT6735%2C%20MT6739%2C%20MT6761%2C%20MT6763%2C%20MT6765%2C%20MT6768%2C%20MT6771%2C%20MT6779%2C%20MT6781%2C%20MT6785%2C%20MT6799%2C%20MT6833%2C%20MT6873%2C%20MT6877%2C%20MT6885%2C%20MT6893%2C%20MT8163%2C%20MT8167%2C%20MT8167S%2C%20MT8168%2C%20MT8173%2C%20MT8175%2C%20MT8183%2C%20MT8185%2C%20MT8321%2C%20MT8362A%2C%20MT8365%2C%20MT8385%2C%20MT8666%2C%20MT8667%2C%20MT8675%2C%20MT8695%2C%20MT8696%2C%20MT8765%2C%20MT8766%2C%20MT8768%2C%20MT8786%2C%20MT8788%2C%20MT8789%2C%20MT8791%2C%20MT8797&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Elevation%20of%20Privilege&color=brighgreen)
+
+### Description
+
+In preloader (usb), there is a possible out of bounds write due to a integer underflow. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160841; Issue ID: ALPS06160841.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/m1erphy/CVE-2022-20073
+
--- a/2022/CVE-2022-2440.md
+++ b/2022/CVE-2022-2440.md
@ -0,0 +1,17 @@
+### [CVE-2022-2440](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2440)
+![](https://img.shields.io/static/v1?label=Product&message=Theme%20Editor&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.8%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%20Deserialization%20of%20Untrusted%20Data&color=brighgreen)
+
+### Description
+
+The Theme Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'images_array' parameter in versions up to, and including 2.8. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+
--- a/2022/CVE-2022-26143.md
+++ b/2022/CVE-2022-26143.md
@ -10,6 +10,7 @@ The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiV
 ### POC

 #### Reference
+- https://blog.cloudflare.com/cve-2022-26143/
 - https://team-cymru.com/blog/2022/03/08/record-breaking-ddos-potential-discovered-cve-2022-26143/

 #### Github
--- a/2022/CVE-2022-32272.md
+++ b/2022/CVE-2022-32272.md
@ -11,6 +11,7 @@ OPSWAT MetaDefender Core before 5.1.2, MetaDefender ICAP before 4.12.1, and Meta

 #### Reference
 - http://packetstormsecurity.com/files/171549/OPSWAT-Metadefender-Core-4.21.1-Privilege-Escalation.html
+- https://opswat.com

 #### Github
 No PoCs found on GitHub currently.
--- a/2022/CVE-2022-32273.md
+++ b/2022/CVE-2022-32273.md
@ -0,0 +1,17 @@
+### [CVE-2022-32273](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32273)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+As a result of an observable discrepancy in returned messages, OPSWAT MetaDefender Core (MDCore) before 5.1.2 could allow an authenticated user to enumerate filenames on the server.
+
+### POC
+
+#### Reference
+- https://opswat.com
+
+#### Github
+No PoCs found on GitHub currently.
+
--- a/2022/CVE-2022-40778.md
+++ b/2022/CVE-2022-40778.md
@ -0,0 +1,17 @@
+### [CVE-2022-40778](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40778)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+A stored Cross-Site Scripting (XSS) vulnerability in OPSWAT MetaDefender ICAP Server before 4.13.0 allows attackers to execute arbitrary JavaScript or HTML because of the blocked page response.
+
+### POC
+
+#### Reference
+- https://www.opswat.com/products/metadefender/icap
+
+#### Github
+No PoCs found on GitHub currently.
+
--- a/2022/CVE-2022-41409.md
+++ b/2022/CVE-2022-41409.md
@ -13,5 +13,6 @@ Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cau
 No PoCs from references.

 #### Github
+- https://github.com/adegoodyer/kubernetes-admin-toolkit
 - https://github.com/fokypoky/places-list

--- a/2022/CVE-2022-4270.md
+++ b/2022/CVE-2022-4270.md
@ -1,11 +1,11 @@
 ### [CVE-2022-4270](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4270)
 ![](https://img.shields.io/static/v1?label=Product&message=M-Files%20Web&color=blue)
-![](https://img.shields.io/static/v1?label=Version&message=%3D%200%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Version&message=0%3C%2022.5.11436.1%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-269%20Improper%20Privilege%20Management&color=brighgreen)

 ### Description

-Incorrect privilege assignment issue in M-Files Web in M-Files Web versions before 22.5.11436.1 could have changed permissions accidentally.
+Incorrect privilege assignment issue in M-Files Web in M-Files Web versions before 22.5.11436.1 could have changed permissions accidentally.

 ### POC

--- a/2023/CVE-2023-0159.md
+++ b/2023/CVE-2023-0159.md
@ -13,6 +13,7 @@ The Extensive VC Addons for WPBakery page builder WordPress plugin before 1.9.1
 - https://wpscan.com/vulnerability/239ea870-66e5-4754-952e-74d4dd60b809

 #### Github
+- https://github.com/Chocapikk/Chocapikk
 - https://github.com/im-hanzou/EVCer
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/xu-xiang/awesome-security-vul-llm
--- a/2023/CVE-2023-0663.md
+++ b/2023/CVE-2023-0663.md
@ -11,6 +11,7 @@ A vulnerability was found in Calendar Event Management System 2.3.0. It has been

 #### Reference
 - https://vuldb.com/?id.220175
+- https://www.youtube.com/watch?v=UsSZU6EWB1E

 #### Github
 No PoCs found on GitHub currently.
--- a/2023/CVE-2023-0841.md
+++ b/2023/CVE-2023-0841.md
@ -15,5 +15,5 @@ A vulnerability, which was classified as critical, has been found in GPAC 2.3-DE
 - https://github.com/qianshuidewajueji/poc/blob/main/gpac/mp3_dmx_process_poc3

 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/DiRaltvein/memory-corruption-examples

--- a/2023/CVE-2023-22515.md
+++ b/2023/CVE-2023-22515.md
@ -19,6 +19,7 @@ Atlassian has been made aware of an issue reported by a handful of customers whe
 - https://github.com/AdamCrosser/awesome-vuln-writeups
 - https://github.com/Adonijah01/InfoSec365
 - https://github.com/Adonijah01/Schedule
+- https://github.com/Aijoo100/Aijoo100
 - https://github.com/Awrrays/FrameVul
 - https://github.com/C1ph3rX13/CVE-2023-22515
 - https://github.com/C1ph3rX13/CVE-2023-22518
--- a/2023/CVE-2023-22893.md
+++ b/2023/CVE-2023-22893.md
@ -15,5 +15,6 @@ Strapi through 4.5.5 does not verify the access or ID tokens issued during the O
 - https://www.ghostccamm.com/blog/multi_strapi_vulns/

 #### Github
+- https://github.com/20142995/nuclei-templates
 - https://github.com/ARPSyndicate/cvemon

--- a/2023/CVE-2023-26321.md
+++ b/2023/CVE-2023-26321.md
@ -0,0 +1,17 @@
+### [CVE-2023-26321](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26321)
+![](https://img.shields.io/static/v1?label=Product&message=Xiaomi%20File%20Manager%20App%20International%20Version&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=A%20path%20traversal%20vulnerability%20exists&color=brighgreen)
+
+### Description
+
+A path traversal vulnerability exists in the Xiaomi File Manager application product(international version). The vulnerability is caused by unfiltered special characters and can be exploited by attackers to overwrite and execute code in the file.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/Ch0pin/related_work
+
--- a/2023/CVE-2023-2640.md
+++ b/2023/CVE-2023-2640.md
@ -16,6 +16,7 @@ No PoCs from references.
 - https://github.com/0xWhoami35/root-kernel
 - https://github.com/0xsyr0/OSCP
 - https://github.com/CVEDB/awesome-cve-repo
+- https://github.com/CVEDB/top
 - https://github.com/Ev3rPalestine/Analytics-HTB-Walkthrough
 - https://github.com/GhostTroops/TOP
 - https://github.com/HaxorSecInfec/autoroot.sh
--- a/2023/CVE-2023-26801.md
+++ b/2023/CVE-2023-26801.md
@ -13,5 +13,5 @@ LB-LINK BL-AC1900_2.0 v1.0.1, LB-LINK BL-WR9000 v2.4.9, LB-LINK BL-X26 v1.2.5, a
 - https://github.com/winmt/my-vuls/tree/main/LB-LINK%20BL-AC1900%2C%20BL-WR9000%2C%20BL-X26%20and%20BL-LTE300%20Wireless%20Routers

 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/KeerthiYasasvi/Honeypot-Data-Analysis-using-T-pot

--- a/2023/CVE-2023-27350.md
+++ b/2023/CVE-2023-27350.md
@ -21,6 +21,7 @@ This vulnerability allows remote attackers to bypass authentication on affected
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/ASG-CASTLE/CVE-2023-27350
 - https://github.com/AdamCrosser/awesome-vuln-writeups
+- https://github.com/Aijoo100/Aijoo100
 - https://github.com/Jenderal92/CVE-2023-27350
 - https://github.com/Loginsoft-LLC/Linux-Exploit-Detection
 - https://github.com/Loginsoft-Research/Linux-Exploit-Detection
--- a/2023/CVE-2023-2837.md
+++ b/2023/CVE-2023-2837.md
@ -13,5 +13,5 @@ Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.2.
 - https://huntr.dev/bounties/a6bfd1b2-aba8-4c6f-90c4-e95b1831cb17

 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/7resp4ss/7resp4ss

--- a/2023/CVE-2023-29506.md
+++ b/2023/CVE-2023-29506.md
@ -13,5 +13,5 @@ XWiki Commons are technical libraries common to several other top level XWiki pr
 - https://jira.xwiki.org/browse/XWIKI-20335

 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/20142995/nuclei-templates

--- a/2023/CVE-2023-32629.md
+++ b/2023/CVE-2023-32629.md
@ -16,6 +16,7 @@ Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up
 - https://github.com/0xWhoami35/root-kernel
 - https://github.com/0xsyr0/OSCP
 - https://github.com/CVEDB/awesome-cve-repo
+- https://github.com/CVEDB/top
 - https://github.com/Ev3rPalestine/Analytics-HTB-Walkthrough
 - https://github.com/GhostTroops/TOP
 - https://github.com/HaxorSecInfec/autoroot.sh
--- a/2023/CVE-2023-3345.md
+++ b/2023/CVE-2023-3345.md
@ -1,11 +1,11 @@
 ### [CVE-2023-3345](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3345)
 ![](https://img.shields.io/static/v1?label=Product&message=LMS%20by%20Masteriyo&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.6.8%20&color=brighgreen)
-![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Information%20Exposure&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-863%20Incorrect%20Authorization&color=brighgreen)

 ### Description

-The LMS by Masteriyo WordPress plugin before 1.6.8 does not properly safeguards sensitive user information, like other user's email addresses, making it possible for any students to leak them via some of the plugin's REST API endpoints.
+The LMS by Masteriyo WordPress plugin before 1.6.8 does not have proper authorization in one some of its REST API endpoints, making it possible for any students to retrieve email addresses of other students

 ### POC

--- a/2023/CVE-2023-33457.md
+++ b/2023/CVE-2023-33457.md
@ -0,0 +1,17 @@
+### [CVE-2023-33457](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33457)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+In Sogou Workflow v0.10.6, memcpy a negtive size in URIParser::parse , may cause buffer-overflow and crash.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/DiRaltvein/memory-corruption-examples
+
--- a/2023/CVE-2023-34754.md
+++ b/2023/CVE-2023-34754.md
@ -13,5 +13,5 @@ bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the
 - https://ndmcyb.hashnode.dev/bloofox-v0521-was-discovered-to-contain-many-sql-injection-vulnerability

 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/20142995/nuclei-templates

--- a/2023/CVE-2023-36239.md
+++ b/2023/CVE-2023-36239.md
@ -13,5 +13,5 @@ libming listswf 0.4.7 was discovered to contain a buffer overflow in the parseSW
 - https://github.com/libming/libming/issues/273

 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/DiRaltvein/memory-corruption-examples

--- a/2023/CVE-2023-37457.md
+++ b/2023/CVE-2023-37457.md
@ -0,0 +1,17 @@
+### [CVE-2023-37457](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457)
+![](https://img.shields.io/static/v1?label=Product&message=asterisk&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%3D%2018.20.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-120%3A%20Buffer%20Copy%20without%20Checking%20Size%20of%20Input%20('Classic%20Buffer%20Overflow')&color=brighgreen)
+
+### Description
+
+Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the 'update' functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/DiRaltvein/memory-corruption-examples
+
--- a/2023/CVE-2023-38408.md
+++ b/2023/CVE-2023-38408.md
@ -15,6 +15,7 @@ The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently t
 - https://news.ycombinator.com/item?id=36790196

 #### Github
+- https://github.com/Aijoo100/Aijoo100
 - https://github.com/FarelRA/MKM_ssh
 - https://github.com/LucasPDiniz/CVE-2023-38408
 - https://github.com/LucasPDiniz/StudyRoom
--- a/2023/CVE-2023-39848.md
+++ b/2023/CVE-2023-39848.md
@ -66,6 +66,7 @@ No PoCs from references.
 - https://github.com/cuongbtu/dvwa_config
 - https://github.com/davinci96/-aplicacion-vulnerable
 - https://github.com/deftdeft2000/nl_kitkat
+- https://github.com/devsecopsorange/pruebarepo
 - https://github.com/devsecopsteam2022/pruebarepo
 - https://github.com/digininja/DVWA
 - https://github.com/djstevanovic98/DVWA-test
--- a/2023/CVE-2023-4322.md
+++ b/2023/CVE-2023-4322.md
@ -13,5 +13,5 @@ Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0
 - https://huntr.dev/bounties/06e2484c-d6f1-4497-af67-26549be9fffd

 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/7resp4ss/7resp4ss

--- a/2023/CVE-2023-45853.md
+++ b/2023/CVE-2023-45853.md
@ -13,6 +13,7 @@ MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buf
 No PoCs from references.

 #### Github
+- https://github.com/13m0n4de/neko-quiz
 - https://github.com/DmitryIll/shvirtd-example-python
 - https://github.com/GrigGM/05-virt-04-docker-hw
 - https://github.com/bariskanber/zlib-1.3-deb
@ -21,5 +22,6 @@ No PoCs from references.
 - https://github.com/fokypoky/places-list
 - https://github.com/jina-ai/reader
 - https://github.com/marklogic/marklogic-kubernetes
+- https://github.com/ministryofjustice/cica-apply-data-capture-service
 - https://github.com/shakyaraj9569/Documentation

--- a/2023/CVE-2023-46316.md
+++ b/2023/CVE-2023-46316.md
@ -13,5 +13,5 @@ In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not
 - http://packetstormsecurity.com/files/176660/Traceroute-2.1.2-Privilege-Escalation.html

 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/adegoodyer/kubernetes-admin-toolkit

--- a/2023/CVE-2023-5490.md
+++ b/2023/CVE-2023-5490.md
@ -11,6 +11,7 @@ A vulnerability classified as critical was found in Byzoro Smart S45F Multi-Serv

 #### Reference
 - https://github.com/llixixi/cve/blob/main/s45_upload_%20userattestation.md
+- https://vuldb.com/?id.241642

 #### Github
 No PoCs found on GitHub currently.
--- a/2023/CVE-2023-5574.md
+++ b/2023/CVE-2023-5574.md
@ -0,0 +1,20 @@
+### [CVE-2023-5574](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5574)
+![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%206&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Use%20After%20Free&color=brighgreen)
+
+### Description
+
+A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode). If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be triggered during shutdown or reset of the Xvfb server, allowing for possible escalation of privileges or denial of service.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/adegoodyer/kubernetes-admin-toolkit
+
--- a/2023/CVE-2023-6117.md
+++ b/2023/CVE-2023-6117.md
@ -1,7 +1,7 @@
 ### [CVE-2023-6117](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6117)
 ![](https://img.shields.io/static/v1?label=Product&message=M-Files%20Server&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=0%3C%2023.11.13156.0%20&color=brighgreen)
-![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%20Uncontrolled%20Resource%20Consumption&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-770%20Allocation%20of%20Resources%20Without%20Limits%20or%20Throttling&color=brighgreen)

 ### Description

--- a/2023/CVE-2023-6257.md
+++ b/2023/CVE-2023-6257.md
@ -1,11 +1,11 @@
 ### [CVE-2023-6257](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6257)
 ![](https://img.shields.io/static/v1?label=Product&message=Inline%20Related%20Posts&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.6.0%20&color=brighgreen)
-![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-287%20Improper%20Authentication&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen)

 ### Description

-The Inline Related Posts WordPress plugin before 3.6.0 does not ensure that post content displayed via an AJAX action are accessible to the user, allowing any authenticated user, such as subscriber to retrieve the content of password protected posts
+The Inline Related Posts WordPress plugin before 3.6.0 is missing authorization in an AJAX action to ensure that users are allowed to see the content of the posts displayed, allowing any authenticated user, such as subscriber to retrieve the content of password protected posts

 ### POC

--- a/2023/CVE-2023-6553.md
+++ b/2023/CVE-2023-6553.md
@ -15,6 +15,7 @@ The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution

 #### Github
 - https://github.com/Chocapikk/CVE-2023-6553
+- https://github.com/Chocapikk/Chocapikk
 - https://github.com/Marco-zcl/POC
 - https://github.com/Ostorlab/KEV
 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
--- a/2023/CVE-2023-6717.md
+++ b/2023/CVE-2023-6717.md
@ -2,6 +2,7 @@
 ![](https://img.shields.io/static/v1?label=Product&message=Migration%20Toolkit%20for%20Applications%206&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Migration%20Toolkit%20for%20Applications%207&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=RHOSS-1.33-RHEL-8&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=RHPAM%207.13.5%20async&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Data%20Grid%208&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Decision%20Manager%207&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Developer%20Hub&color=blue)
--- a/2023/CVE-2023-6821.md
+++ b/2023/CVE-2023-6821.md
@ -1,11 +1,11 @@
 ### [CVE-2023-6821](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6821)
 ![](https://img.shields.io/static/v1?label=Product&message=Error%20Log%20Viewer%20by%20BestWebSoft&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.1.3%20&color=brighgreen)
-![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Information%20Exposure&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-548%20Exposure%20of%20Information%20Through%20Directory%20Listing&color=brighgreen)

 ### Description

-The Error Log Viewer by BestWebSoft WordPress plugin before 1.1.3 contains a vulnerability that allows you to read and download PHP logs without authorization
+The Error Log Viewer by BestWebSoft WordPress plugin before 1.1.3 is affected by a Directory Listing issue, allowing users to read and download PHP logs without authorization

 ### POC

--- a/2023/CVE-2023-6955.md
+++ b/2023/CVE-2023-6955.md
@ -5,7 +5,7 @@

 ### Description

-An improper access control vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group. 
+An improper access control vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group.

 ### POC

--- a/2023/CVE-2023-7028.md
+++ b/2023/CVE-2023-7028.md
@ -15,6 +15,7 @@ No PoCs from references.
 #### Github
 - https://github.com/0xMarcio/cve
 - https://github.com/0xsyr0/OSCP
+- https://github.com/Aijoo100/Aijoo100
 - https://github.com/Azathothas/Stars
 - https://github.com/CVE-Reversing/CVE-Reversing
 - https://github.com/CVEDB/awesome-cve-repo
--- a/Show More
+++ b/Show More