From 6a17b5b11e84ad083d44bce59327dbfb610402c3 Mon Sep 17 00:00:00 2001 From: 0xMarcio Date: Fri, 30 Aug 2024 20:52:42 +0000 Subject: [PATCH] Update CVE sources 2024-08-30 20:52 --- 2000/CVE-2000-0917.md | 1 + 2001/CVE-2001-0414.md | 2 +- 2002/CVE-2002-0012.md | 17 +++ 2002/CVE-2002-0013.md | 17 +++ 2006/CVE-2006-3336.md | 17 +++ 2009/CVE-2009-1389.md | 2 +- 2011/CVE-2011-2523.md | 1 + 2013/CVE-2013-2028.md | 1 + 2015/CVE-2015-10088.md | 17 +++ 2015/CVE-2015-1328.md | 2 + 2015/CVE-2015-2171.md | 1 + 2015/CVE-2015-3864.md | 1 + 2015/CVE-2015-6668.md | 1 + 2015/CVE-2015-7808.md | 1 + 2015/CVE-2015-8351.md | 1 + 2015/CVE-2015-8562.md | 1 + 2015/CVE-2015-9235.md | 1 + 2016/CVE-2016-20012.md | 1 + 2016/CVE-2016-5195.md | 1 + 2017/CVE-2017-0143.md | 1 + 2017/CVE-2017-0144.md | 2 + 2017/CVE-2017-0145.md | 2 + 2017/CVE-2017-1000112.md | 1 + 2017/CVE-2017-15710.md | 1 + 2017/CVE-2017-18816.md | 17 +++ 2017/CVE-2017-7269.md | 1 + 2017/CVE-2017-7494.md | 1 + 2017/CVE-2017-8625.md | 1 + 2017/CVE-2017-9814.md | 2 +- 2018/CVE-2018-0101.md | 1 + 2018/CVE-2018-10561.md | 1 + 2018/CVE-2018-11776.md | 1 + 2018/CVE-2018-20148.md | 1 + 2018/CVE-2018-21029.md | 1 + 2019/CVE-2019-11358.md | 7 + 2019/CVE-2019-11500.md | 17 +++ 2019/CVE-2019-12345.md | 2 +- 2019/CVE-2019-19781.md | 1 + 2019/CVE-2019-19824.md | 2 +- 2019/CVE-2019-6462.md | 1 + 2019/CVE-2019-7314.md | 1 + 2019/CVE-2019-9168.md | 1 + 2020/CVE-2020-10021.md | 1 + 2020/CVE-2020-11899.md | 1 + 2020/CVE-2020-12431.md | 1 + 2020/CVE-2020-1472.md | 1 + 2020/CVE-2020-28429.md | 2 +- 2020/CVE-2020-9496.md | 1 + 2021/CVE-2021-24962.md | 2 +- 2021/CVE-2021-26295.md | 1 + 2021/CVE-2021-29447.md | 1 + 2021/CVE-2021-30600.md | 1 + 2021/CVE-2021-3489.md | 2 +- 2021/CVE-2021-3490.md | 1 + 2021/CVE-2021-3491.md | 1 + 2021/CVE-2021-3493.md | 1 + 2021/CVE-2021-3560.md | 1 + 2021/CVE-2021-36934.md | 1 + 2021/CVE-2021-41773.md | 1 + 2021/CVE-2021-4217.md | 1 + 2022/CVE-2022-0847.md | 1 + 2022/CVE-2022-20073.md | 17 +++ 2022/CVE-2022-2440.md | 17 +++ 2022/CVE-2022-26143.md | 1 + 2022/CVE-2022-32272.md | 1 + 2022/CVE-2022-32273.md | 17 +++ 2022/CVE-2022-40778.md | 17 +++ 2022/CVE-2022-41409.md | 1 + 2022/CVE-2022-4270.md | 4 +- 2023/CVE-2023-0159.md | 1 + 2023/CVE-2023-0663.md | 1 + 2023/CVE-2023-0841.md | 2 +- 2023/CVE-2023-22515.md | 1 + 2023/CVE-2023-22893.md | 1 + 2023/CVE-2023-26321.md | 17 +++ 2023/CVE-2023-2640.md | 1 + 2023/CVE-2023-26801.md | 2 +- 2023/CVE-2023-27350.md | 1 + 2023/CVE-2023-2837.md | 2 +- 2023/CVE-2023-29506.md | 2 +- 2023/CVE-2023-32629.md | 1 + 2023/CVE-2023-3345.md | 4 +- 2023/CVE-2023-33457.md | 17 +++ 2023/CVE-2023-34754.md | 2 +- 2023/CVE-2023-36239.md | 2 +- 2023/CVE-2023-37457.md | 17 +++ 2023/CVE-2023-38408.md | 1 + 2023/CVE-2023-39848.md | 1 + 2023/CVE-2023-4322.md | 2 +- 2023/CVE-2023-45853.md | 2 + 2023/CVE-2023-46316.md | 2 +- 2023/CVE-2023-5490.md | 1 + 2023/CVE-2023-5574.md | 20 +++ 2023/CVE-2023-6117.md | 2 +- 2023/CVE-2023-6257.md | 4 +- 2023/CVE-2023-6553.md | 1 + 2023/CVE-2023-6717.md | 1 + 2023/CVE-2023-6821.md | 4 +- 2023/CVE-2023-6955.md | 2 +- 2023/CVE-2023-7028.md | 1 + 2023/CVE-2023-7164.md | 4 +- 2024/CVE-2024-0456.md | 2 +- 2024/CVE-2024-1056.md | 17 +++ 2024/CVE-2024-1086.md | 1 + 2024/CVE-2024-1384.md | 17 +++ 2024/CVE-2024-1544.md | 18 +++ 2024/CVE-2024-1545.md | 21 +++ 2024/CVE-2024-20017.md | 2 + 2024/CVE-2024-21413.md | 1 + 2024/CVE-2024-21520.md | 1 + 2024/CVE-2024-2236.md | 1 + 2024/CVE-2024-22643.md | 18 +++ 2024/CVE-2024-22646.md | 18 +++ 2024/CVE-2024-22647.md | 18 +++ 2024/CVE-2024-22648.md | 18 +++ 2024/CVE-2024-23897.md | 1 + 2024/CVE-2024-24787.md | 1 + 2024/CVE-2024-24788.md | 1 + 2024/CVE-2024-24789.md | 2 +- 2024/CVE-2024-24790.md | 17 +++ 2024/CVE-2024-24791.md | 17 +++ 2024/CVE-2024-2541.md | 17 +++ 2024/CVE-2024-25600.md | 1 + 2024/CVE-2024-26144.md | 1 + 2024/CVE-2024-26458.md | 1 + 2024/CVE-2024-26461.md | 1 + 2024/CVE-2024-26462.md | 1 + 2024/CVE-2024-29041.md | 1 + 2024/CVE-2024-29272.md | 1 + 2024/CVE-2024-3094.md | 1 + 2024/CVE-2024-32002.md | 1 + 2024/CVE-2024-3282.md | 2 +- 2024/CVE-2024-3400.md | 1 + 2024/CVE-2024-34102.md | 1 + 2024/CVE-2024-34459.md | 17 +++ 2024/CVE-2024-35325.md | 4 +- 2024/CVE-2024-35326.md | 4 +- 2024/CVE-2024-35328.md | 2 +- 2024/CVE-2024-3661.md | 1 + 2024/CVE-2024-3673.md | 17 +++ 2024/CVE-2024-3679.md | 17 +++ 2024/CVE-2024-36827.md | 17 +++ 2024/CVE-2024-3727.md | 3 +- 2024/CVE-2024-38063.md | 3 + 2024/CVE-2024-3850.md | 2 +- 2024/CVE-2024-38693.md | 17 +++ 2024/CVE-2024-38793.md | 17 +++ 2024/CVE-2024-3944.md | 17 +++ 2024/CVE-2024-39638.md | 17 +++ 2024/CVE-2024-39653.md | 17 +++ 2024/CVE-2024-39658.md | 17 +++ 2024/CVE-2024-39717.md | 17 +++ 2024/CVE-2024-40348.md | 1 + 2024/CVE-2024-40505.md | 17 +++ 2024/CVE-2024-40530.md | 2 +- 2024/CVE-2024-4067.md | 4 +- 2024/CVE-2024-40766.md | 17 +++ 2024/CVE-2024-41661.md | 8 +- 2024/CVE-2024-42477.md | 1 + 2024/CVE-2024-42478.md | 1 + 2024/CVE-2024-42479.md | 1 + 2024/CVE-2024-42900.md | 17 +++ 2024/CVE-2024-42913.md | 17 +++ 2024/CVE-2024-43132.md | 17 +++ 2024/CVE-2024-43144.md | 17 +++ 2024/CVE-2024-43399.md | 2 +- 2024/CVE-2024-43444.md | 2 +- 2024/CVE-2024-43884.md | 2 +- 2024/CVE-2024-43915.md | 17 +++ 2024/CVE-2024-43916.md | 17 +++ 2024/CVE-2024-43917.md | 17 +++ 2024/CVE-2024-43918.md | 17 +++ 2024/CVE-2024-43952.md | 17 +++ 2024/CVE-2024-43953.md | 17 +++ 2024/CVE-2024-43954.md | 17 +++ 2024/CVE-2024-43955.md | 17 +++ 2024/CVE-2024-43958.md | 17 +++ 2024/CVE-2024-43960.md | 17 +++ 2024/CVE-2024-43963.md | 17 +++ 2024/CVE-2024-43966.md | 1 + 2024/CVE-2024-43967.md | 17 +++ 2024/CVE-2024-44070.md | 17 +++ 2024/CVE-2024-44340.md | 17 +++ 2024/CVE-2024-44341.md | 17 +++ 2024/CVE-2024-44342.md | 17 +++ 2024/CVE-2024-44760.md | 17 +++ 2024/CVE-2024-44761.md | 17 +++ 2024/CVE-2024-44776.md | 17 +++ 2024/CVE-2024-44777.md | 17 +++ 2024/CVE-2024-44778.md | 17 +++ 2024/CVE-2024-44779.md | 17 +++ 2024/CVE-2024-44913.md | 17 +++ 2024/CVE-2024-44914.md | 17 +++ 2024/CVE-2024-44915.md | 17 +++ 2024/CVE-2024-44919.md | 17 +++ 2024/CVE-2024-4497.md | 1 + 2024/CVE-2024-45163.md | 1 + 2024/CVE-2024-45232.md | 17 +++ 2024/CVE-2024-45233.md | 17 +++ 2024/CVE-2024-45241.md | 1 + 2024/CVE-2024-45264.md | 18 +++ 2024/CVE-2024-45435.md | 17 +++ 2024/CVE-2024-45436.md | 17 +++ 2024/CVE-2024-45491.md | 17 +++ 2024/CVE-2024-45492.md | 17 +++ 2024/CVE-2024-4872.md | 17 +++ 2024/CVE-2024-5057.md | 17 +++ 2024/CVE-2024-5274.md | 3 +- 2024/CVE-2024-5288.md | 18 +++ 2024/CVE-2024-5417.md | 17 +++ 2024/CVE-2024-5469.md | 17 +++ 2024/CVE-2024-5499.md | 17 +++ 2024/CVE-2024-5651.md | 17 +++ 2024/CVE-2024-5814.md | 18 +++ 2024/CVE-2024-5844.md | 17 +++ 2024/CVE-2024-5846.md | 17 +++ 2024/CVE-2024-5857.md | 17 +++ 2024/CVE-2024-5987.md | 17 +++ 2024/CVE-2024-5991.md | 18 +++ 2024/CVE-2024-6117.md | 17 +++ 2024/CVE-2024-6118.md | 17 +++ 2024/CVE-2024-6227.md | 17 +++ 2024/CVE-2024-6255.md | 17 +++ 2024/CVE-2024-6323.md | 17 +++ 2024/CVE-2024-6330.md | 2 +- 2024/CVE-2024-6331.md | 17 +++ 2024/CVE-2024-6386.md | 1 + 2024/CVE-2024-6451.md | 2 +- 2024/CVE-2024-6551.md | 17 +++ 2024/CVE-2024-6595.md | 17 +++ 2024/CVE-2024-6632.md | 17 +++ 2024/CVE-2024-6633.md | 17 +++ 2024/CVE-2024-6650.md | 2 +- 2024/CVE-2024-6670.md | 17 +++ 2024/CVE-2024-6671.md | 17 +++ 2024/CVE-2024-6672.md | 17 +++ 2024/CVE-2024-6715.md | 1 + 2024/CVE-2024-6716.md | 2 +- 2024/CVE-2024-6783.md | 2 +- 2024/CVE-2024-6879.md | 2 +- 2024/CVE-2024-6911.md | 1 + 2024/CVE-2024-6923.md | 1 + 2024/CVE-2024-6927.md | 17 +++ 2024/CVE-2024-7006.md | 20 +++ 2024/CVE-2024-7029.md | 18 +++ 2024/CVE-2024-7071.md | 18 +++ 2024/CVE-2024-7122.md | 17 +++ 2024/CVE-2024-7132.md | 17 +++ 2024/CVE-2024-7313.md | 1 + 2024/CVE-2024-7418.md | 17 +++ 2024/CVE-2024-7592.md | 1 + 2024/CVE-2024-7593.md | 1 + 2024/CVE-2024-7606.md | 18 +++ 2024/CVE-2024-7607.md | 18 +++ 2024/CVE-2024-7608.md | 2 +- 2024/CVE-2024-7856.md | 17 +++ 2024/CVE-2024-7857.md | 17 +++ 2024/CVE-2024-7858.md | 17 +++ 2024/CVE-2024-7895.md | 17 +++ 2024/CVE-2024-7940.md | 17 +++ 2024/CVE-2024-7941.md | 17 +++ 2024/CVE-2024-7954.md | 6 +- 2024/CVE-2024-7969.md | 4 +- 2024/CVE-2024-8016.md | 17 +++ 2024/CVE-2024-8088.md | 17 +++ 2024/CVE-2024-8181.md | 18 +++ 2024/CVE-2024-8182.md | 18 +++ 2024/CVE-2024-8193.md | 17 +++ 2024/CVE-2024-8194.md | 17 +++ 2024/CVE-2024-8198.md | 17 +++ 2024/CVE-2024-8199.md | 17 +++ 2024/CVE-2024-8200.md | 17 +++ 2024/CVE-2024-8207.md | 17 +++ 2024/CVE-2024-8234.md | 17 +++ 2024/CVE-2024-8250.md | 17 +++ 2024/CVE-2024-8252.md | 17 +++ 2024/CVE-2024-8255.md | 17 +++ 2024/CVE-2024-8274.md | 17 +++ 2024/CVE-2024-8294.md | 17 +++ 2024/CVE-2024-8295.md | 17 +++ 2024/CVE-2024-8296.md | 17 +++ 2024/CVE-2024-8297.md | 17 +++ 2024/CVE-2024-8301.md | 17 +++ 2024/CVE-2024-8302.md | 17 +++ 2024/CVE-2024-8303.md | 17 +++ 2024/CVE-2024-8304.md | 17 +++ 2024/CVE-2024-8319.md | 17 +++ 2024/CVE-2024-8327.md | 17 +++ 2024/CVE-2024-8328.md | 17 +++ 2024/CVE-2024-8329.md | 17 +++ 2024/CVE-2024-8330.md | 17 +++ github.txt | 291 +++++++++++++++++++++++++++++++++++++++ references.txt | 26 ++++ 293 files changed, 2968 insertions(+), 59 deletions(-) create mode 100644 2002/CVE-2002-0012.md create mode 100644 2002/CVE-2002-0013.md create mode 100644 2006/CVE-2006-3336.md create mode 100644 2015/CVE-2015-10088.md create mode 100644 2017/CVE-2017-18816.md create mode 100644 2019/CVE-2019-11500.md create mode 100644 2022/CVE-2022-20073.md create mode 100644 2022/CVE-2022-2440.md create mode 100644 2022/CVE-2022-32273.md create mode 100644 2022/CVE-2022-40778.md create mode 100644 2023/CVE-2023-26321.md create mode 100644 2023/CVE-2023-33457.md create mode 100644 2023/CVE-2023-37457.md create mode 100644 2023/CVE-2023-5574.md create mode 100644 2024/CVE-2024-1056.md create mode 100644 2024/CVE-2024-1384.md create mode 100644 2024/CVE-2024-1544.md create mode 100644 2024/CVE-2024-1545.md create mode 100644 2024/CVE-2024-22643.md create mode 100644 2024/CVE-2024-22646.md create mode 100644 2024/CVE-2024-22647.md create mode 100644 2024/CVE-2024-22648.md create mode 100644 2024/CVE-2024-24790.md create mode 100644 2024/CVE-2024-24791.md create mode 100644 2024/CVE-2024-2541.md create mode 100644 2024/CVE-2024-34459.md create mode 100644 2024/CVE-2024-3673.md create mode 100644 2024/CVE-2024-3679.md create mode 100644 2024/CVE-2024-36827.md create mode 100644 2024/CVE-2024-38693.md create mode 100644 2024/CVE-2024-38793.md create mode 100644 2024/CVE-2024-3944.md create mode 100644 2024/CVE-2024-39638.md create mode 100644 2024/CVE-2024-39653.md create mode 100644 2024/CVE-2024-39658.md create mode 100644 2024/CVE-2024-39717.md create mode 100644 2024/CVE-2024-40505.md create mode 100644 2024/CVE-2024-40766.md create mode 100644 2024/CVE-2024-42900.md create mode 100644 2024/CVE-2024-42913.md create mode 100644 2024/CVE-2024-43132.md create mode 100644 2024/CVE-2024-43144.md create mode 100644 2024/CVE-2024-43915.md create mode 100644 2024/CVE-2024-43916.md create mode 100644 2024/CVE-2024-43917.md create mode 100644 2024/CVE-2024-43918.md create mode 100644 2024/CVE-2024-43952.md create mode 100644 2024/CVE-2024-43953.md create mode 100644 2024/CVE-2024-43954.md create mode 100644 2024/CVE-2024-43955.md create mode 100644 2024/CVE-2024-43958.md create mode 100644 2024/CVE-2024-43960.md create mode 100644 2024/CVE-2024-43963.md create mode 100644 2024/CVE-2024-43967.md create mode 100644 2024/CVE-2024-44070.md create mode 100644 2024/CVE-2024-44340.md create mode 100644 2024/CVE-2024-44341.md create mode 100644 2024/CVE-2024-44342.md create mode 100644 2024/CVE-2024-44760.md create mode 100644 2024/CVE-2024-44761.md create mode 100644 2024/CVE-2024-44776.md create mode 100644 2024/CVE-2024-44777.md create mode 100644 2024/CVE-2024-44778.md create mode 100644 2024/CVE-2024-44779.md create mode 100644 2024/CVE-2024-44913.md create mode 100644 2024/CVE-2024-44914.md create mode 100644 2024/CVE-2024-44915.md create mode 100644 2024/CVE-2024-44919.md create mode 100644 2024/CVE-2024-45232.md create mode 100644 2024/CVE-2024-45233.md create mode 100644 2024/CVE-2024-45264.md create mode 100644 2024/CVE-2024-45435.md create mode 100644 2024/CVE-2024-45436.md create mode 100644 2024/CVE-2024-45491.md create mode 100644 2024/CVE-2024-45492.md create mode 100644 2024/CVE-2024-4872.md create mode 100644 2024/CVE-2024-5057.md create mode 100644 2024/CVE-2024-5288.md create mode 100644 2024/CVE-2024-5417.md create mode 100644 2024/CVE-2024-5469.md create mode 100644 2024/CVE-2024-5499.md create mode 100644 2024/CVE-2024-5651.md create mode 100644 2024/CVE-2024-5814.md create mode 100644 2024/CVE-2024-5844.md create mode 100644 2024/CVE-2024-5846.md create mode 100644 2024/CVE-2024-5857.md create mode 100644 2024/CVE-2024-5987.md create mode 100644 2024/CVE-2024-5991.md create mode 100644 2024/CVE-2024-6117.md create mode 100644 2024/CVE-2024-6118.md create mode 100644 2024/CVE-2024-6227.md create mode 100644 2024/CVE-2024-6255.md create mode 100644 2024/CVE-2024-6323.md create mode 100644 2024/CVE-2024-6331.md create mode 100644 2024/CVE-2024-6551.md create mode 100644 2024/CVE-2024-6595.md create mode 100644 2024/CVE-2024-6632.md create mode 100644 2024/CVE-2024-6633.md create mode 100644 2024/CVE-2024-6670.md create mode 100644 2024/CVE-2024-6671.md create mode 100644 2024/CVE-2024-6672.md create mode 100644 2024/CVE-2024-6927.md create mode 100644 2024/CVE-2024-7006.md create mode 100644 2024/CVE-2024-7029.md create mode 100644 2024/CVE-2024-7071.md create mode 100644 2024/CVE-2024-7122.md create mode 100644 2024/CVE-2024-7132.md create mode 100644 2024/CVE-2024-7418.md create mode 100644 2024/CVE-2024-7606.md create mode 100644 2024/CVE-2024-7607.md create mode 100644 2024/CVE-2024-7856.md create mode 100644 2024/CVE-2024-7857.md create mode 100644 2024/CVE-2024-7858.md create mode 100644 2024/CVE-2024-7895.md create mode 100644 2024/CVE-2024-7940.md create mode 100644 2024/CVE-2024-7941.md create mode 100644 2024/CVE-2024-8016.md create mode 100644 2024/CVE-2024-8088.md create mode 100644 2024/CVE-2024-8181.md create mode 100644 2024/CVE-2024-8182.md create mode 100644 2024/CVE-2024-8193.md create mode 100644 2024/CVE-2024-8194.md create mode 100644 2024/CVE-2024-8198.md create mode 100644 2024/CVE-2024-8199.md create mode 100644 2024/CVE-2024-8200.md create mode 100644 2024/CVE-2024-8207.md create mode 100644 2024/CVE-2024-8234.md create mode 100644 2024/CVE-2024-8250.md create mode 100644 2024/CVE-2024-8252.md create mode 100644 2024/CVE-2024-8255.md create mode 100644 2024/CVE-2024-8274.md create mode 100644 2024/CVE-2024-8294.md create mode 100644 2024/CVE-2024-8295.md create mode 100644 2024/CVE-2024-8296.md create mode 100644 2024/CVE-2024-8297.md create mode 100644 2024/CVE-2024-8301.md create mode 100644 2024/CVE-2024-8302.md create mode 100644 2024/CVE-2024-8303.md create mode 100644 2024/CVE-2024-8304.md create mode 100644 2024/CVE-2024-8319.md create mode 100644 2024/CVE-2024-8327.md create mode 100644 2024/CVE-2024-8328.md create mode 100644 2024/CVE-2024-8329.md create mode 100644 2024/CVE-2024-8330.md diff --git a/2000/CVE-2000-0917.md b/2000/CVE-2000-0917.md index d439b43cc..a91006cd5 100644 --- a/2000/CVE-2000-0917.md +++ b/2000/CVE-2000-0917.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/LEXUEYE/oinkmaster - https://github.com/davidliu88/oinkmaster +- https://github.com/zer0duck/oinkmaster diff --git a/2001/CVE-2001-0414.md b/2001/CVE-2001-0414.md index df6430dd6..37b3aaffe 100644 --- a/2001/CVE-2001-0414.md +++ b/2001/CVE-2001-0414.md @@ -13,5 +13,5 @@ Buffer overflow in ntpd ntp daemon 4.0.99k and earlier (aka xntpd and xntp3) all - http://marc.info/?l=bugtraq&m=98642418618512&w=2 #### Github -No PoCs found on GitHub currently. +- https://github.com/KeerthiYasasvi/Honeypot-Data-Analysis-using-T-pot diff --git a/2002/CVE-2002-0012.md b/2002/CVE-2002-0012.md new file mode 100644 index 000000000..573ad70b9 --- /dev/null +++ b/2002/CVE-2002-0012.md @@ -0,0 +1,17 @@ +### [CVE-2002-0012](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0012) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Vulnerabilities in a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via SNMPv1 trap handling, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/KeerthiYasasvi/Honeypot-Data-Analysis-using-T-pot + diff --git a/2002/CVE-2002-0013.md b/2002/CVE-2002-0013.md new file mode 100644 index 000000000..c4f92778e --- /dev/null +++ b/2002/CVE-2002-0013.md @@ -0,0 +1,17 @@ +### [CVE-2002-0013](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0013) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via (1) GetRequest, (2) GetNextRequest, and (3) SetRequest messages, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/KeerthiYasasvi/Honeypot-Data-Analysis-using-T-pot + diff --git a/2006/CVE-2006-3336.md b/2006/CVE-2006-3336.md new file mode 100644 index 000000000..0d496bc98 --- /dev/null +++ b/2006/CVE-2006-3336.md @@ -0,0 +1,17 @@ +### [CVE-2006-3336](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3336) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +TWiki 01-Dec-2000 up to 4.0.3 allows remote attackers to bypass the upload filter and execute arbitrary code via filenames with double extensions such as ".php.en", ".php.1", and other allowed extensions that are not .txt. NOTE: this is only a vulnerability when the server allows script execution in the pub directory. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/syedayman/Network-PenTest-Project + diff --git a/2009/CVE-2009-1389.md b/2009/CVE-2009-1389.md index 6da6001d6..5eba017b7 100644 --- a/2009/CVE-2009-1389.md +++ b/2009/CVE-2009-1389.md @@ -13,5 +13,5 @@ Buffer overflow in the RTL8169 NIC driver (drivers/net/r8169.c) in the Linux ker - http://www.vmware.com/security/advisories/VMSA-2009-0016.html #### Github -No PoCs found on GitHub currently. +- https://github.com/lobo360/iptables-ubuntu diff --git a/2011/CVE-2011-2523.md b/2011/CVE-2011-2523.md index 59e638bad..e95dcba0d 100644 --- a/2011/CVE-2011-2523.md +++ b/2011/CVE-2011-2523.md @@ -57,6 +57,7 @@ vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which - https://github.com/Wanderwille/13.01 - https://github.com/XiangSi-Howard/CTF---CVE-2011-2523 - https://github.com/Y2FuZXBh/exploits +- https://github.com/YellowFederica/MTD-with-SDN - https://github.com/andaks1/ib01 - https://github.com/castiel-aj/Cybertalents-Challenges-Writeups - https://github.com/cherrera0001/vsftpd_2.3.4_Exploit diff --git a/2013/CVE-2013-2028.md b/2013/CVE-2013-2028.md index 846b344aa..6b7dce067 100644 --- a/2013/CVE-2013-2028.md +++ b/2013/CVE-2013-2028.md @@ -15,6 +15,7 @@ The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 thro #### Github - https://github.com/ARPSyndicate/cvemon +- https://github.com/BJ-PXD/Explotacion-de-Vulnerabiliddes-bee-box - https://github.com/CVEDB/PoC-List - https://github.com/CVEDB/awesome-cve-repo - https://github.com/JERRY123S/all-poc diff --git a/2015/CVE-2015-10088.md b/2015/CVE-2015-10088.md new file mode 100644 index 000000000..250465fd1 --- /dev/null +++ b/2015/CVE-2015-10088.md @@ -0,0 +1,17 @@ +### [CVE-2015-10088](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-10088) +![](https://img.shields.io/static/v1?label=Product&message=ayttm&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%200.5.0.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-134%20Format%20String&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, was found in ayttm up to 0.5.0.89. This affects the function http_connect in the library libproxy/proxy.c. The manipulation leads to format string. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The patch is named 40e04680018614a7d2b68566b261b061a0597046. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-222267. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/DiRaltvein/memory-corruption-examples + diff --git a/2015/CVE-2015-1328.md b/2015/CVE-2015-1328.md index 9a4ad01be..8ee666dd6 100644 --- a/2015/CVE-2015-1328.md +++ b/2015/CVE-2015-1328.md @@ -18,6 +18,7 @@ The overlayfs implementation in the linux (aka Linux kernel) package before 3.19 - https://github.com/ARPSyndicate/cvemon - https://github.com/AfvanMoopen/tryhackme- - https://github.com/Al1ex/LinuxEelvation +- https://github.com/BlackFrog-hub/cve-2015-1328 - https://github.com/C0dak/linux-kernel-exploits - https://github.com/C0dak/local-root-exploit- - https://github.com/DarkenCode/PoC @@ -48,6 +49,7 @@ The overlayfs implementation in the linux (aka Linux kernel) package before 3.19 - https://github.com/coffee727/linux-exp - https://github.com/copperfieldd/linux-kernel-exploits - https://github.com/distance-vector/linux-kernel-exploits +- https://github.com/elit3pwner/CVE-2015-1328-GoldenEye - https://github.com/fei9747/LinuxEelvation - https://github.com/ferovap/Tools - https://github.com/freelancermijan/Linux-Privilege-Escalation-Tryhackme diff --git a/2015/CVE-2015-2171.md b/2015/CVE-2015-2171.md index cd2ce5577..14bdeac22 100644 --- a/2015/CVE-2015-2171.md +++ b/2015/CVE-2015-2171.md @@ -14,5 +14,6 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon +- https://github.com/flouciel/Deserialize - https://github.com/tthseus/Deserialize diff --git a/2015/CVE-2015-3864.md b/2015/CVE-2015-3864.md index 7776f84e2..5cfda204e 100644 --- a/2015/CVE-2015-3864.md +++ b/2015/CVE-2015-3864.md @@ -17,6 +17,7 @@ Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4Extractor.c #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/Bhathiya404/Exploiting-Stagefright-Vulnerability-CVE-2015-3864 +- https://github.com/Cmadhushanka/CVE-2015-3864-Exploitation - https://github.com/HenryVHuang/CVE-2015-3864 - https://github.com/HighW4y2H3ll/libstagefrightExploit - https://github.com/eudemonics/scaredycat diff --git a/2015/CVE-2015-6668.md b/2015/CVE-2015-6668.md index 2eff63a9f..187c30039 100644 --- a/2015/CVE-2015-6668.md +++ b/2015/CVE-2015-6668.md @@ -22,6 +22,7 @@ The Job Manager plugin before 0.7.25 allows remote attackers to read arbitrary C - https://github.com/Sp3c73rSh4d0w/CVE-2015-6668 - https://github.com/c0d3cr4f73r/CVE-2015-6668 - https://github.com/crypticdante/CVE-2015-6668 +- https://github.com/jimdiroffii/CVE-2015-6668 - https://github.com/k4u5h41/CVE-2015-6668 - https://github.com/n3ov4n1sh/CVE-2015-6668 diff --git a/2015/CVE-2015-7808.md b/2015/CVE-2015-7808.md index 334d7688c..5fca050b6 100644 --- a/2015/CVE-2015-7808.md +++ b/2015/CVE-2015-7808.md @@ -25,6 +25,7 @@ The vB_Api_Hook::decodeArguments method in vBulletin 5 Connect 5.1.2 through 5.1 - https://github.com/Xcod3bughunt3r/ExploitsTools - https://github.com/XiphosResearch/exploits - https://github.com/dr4v/exploits +- https://github.com/flouciel/Deserialize - https://github.com/jmedeng/suriya73-exploits - https://github.com/mukarramkhalid/vBulletin-5.1.x-PreAuth-RCE - https://github.com/shildenbrand/Exploits diff --git a/2015/CVE-2015-8351.md b/2015/CVE-2015-8351.md index 96082c20e..44317fb2d 100644 --- a/2015/CVE-2015-8351.md +++ b/2015/CVE-2015-8351.md @@ -16,6 +16,7 @@ PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/G01d3nW01f/CVE-2015-8351 +- https://github.com/G4sp4rCS/exploit-CVE-2015-8351 - https://github.com/Ki11i0n4ir3/CVE-2015-8351 - https://github.com/igruntplay/exploit-CVE-2015-8351 diff --git a/2015/CVE-2015-8562.md b/2015/CVE-2015-8562.md index 0aa81ceb3..8e8314008 100644 --- a/2015/CVE-2015-8562.md +++ b/2015/CVE-2015-8562.md @@ -32,6 +32,7 @@ Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP o - https://github.com/atcasanova/cve-2015-8562-exploit - https://github.com/bakery312/Vulhub-Reproduce - https://github.com/emtee40/google-explorer +- https://github.com/flouciel/Deserialize - https://github.com/guanjivip/CVE-2015-8562 - https://github.com/hktalent/bug-bounty - https://github.com/iGio90/hacking-stuff diff --git a/2015/CVE-2015-9235.md b/2015/CVE-2015-9235.md index b1e81893e..124ae3484 100644 --- a/2015/CVE-2015-9235.md +++ b/2015/CVE-2015-9235.md @@ -18,6 +18,7 @@ No PoCs from references. - https://github.com/Nucleware/powershell-jwt - https://github.com/WinDyAlphA/CVE-2015-9235_JWT_key_confusion - https://github.com/aalex954/jwt-key-confusion-poc +- https://github.com/armor-code/acsdk - https://github.com/capstone-cy-team-1/vuln-web-app - https://github.com/mxcezl/JWT-SecLabs - https://github.com/phramz/tc2022-jwt101 diff --git a/2016/CVE-2016-20012.md b/2016/CVE-2016-20012.md index a955291d1..ff12c4ee4 100644 --- a/2016/CVE-2016-20012.md +++ b/2016/CVE-2016-20012.md @@ -18,6 +18,7 @@ - https://github.com/ARPSyndicate/cvemon - https://github.com/Totes5706/TotesHTB - https://github.com/accalina/crowflag +- https://github.com/aztec-eagle/cve-2016-20012 - https://github.com/firatesatoglu/iot-searchengine - https://github.com/firatesatoglu/shodanSearch - https://github.com/omerfsen/terraform-almalinux-libvirt diff --git a/2016/CVE-2016-5195.md b/2016/CVE-2016-5195.md index db7f61535..6c67b3734 100644 --- a/2016/CVE-2016-5195.md +++ b/2016/CVE-2016-5195.md @@ -392,6 +392,7 @@ Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allo - https://github.com/sribaba/android-CVE-2016-5195 - https://github.com/ssr-111/linux-kernel-exploitation - https://github.com/sv3nbeast/Attack-Notes +- https://github.com/syedayman/Network-PenTest-Project - https://github.com/talent-x90c/cve_list - https://github.com/tangsilian/android-vuln - https://github.com/teamssix/container-escape-check diff --git a/2017/CVE-2017-0143.md b/2017/CVE-2017-0143.md index dc1c1ee6d..032daf6f5 100644 --- a/2017/CVE-2017-0143.md +++ b/2017/CVE-2017-0143.md @@ -49,6 +49,7 @@ The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 - https://github.com/Lynk4/Windows-Server-2008-VAPT - https://github.com/Micr067/Pentest_Note - https://github.com/MinYoungLeeDev/Attack-Defense-Analysis-of-a-Vulnerable-Network +- https://github.com/N3rdyN3xus/MS17-010_CVE-2017-0143 - https://github.com/NatteeSetobol/Etern-blue-Windows-7-Checker - https://github.com/Nieuport/Active-Directory-Kill-Chain-Attack-Defense - https://github.com/Ostorlab/KEV diff --git a/2017/CVE-2017-0144.md b/2017/CVE-2017-0144.md index 6b6cccfb9..261818ae8 100644 --- a/2017/CVE-2017-0144.md +++ b/2017/CVE-2017-0144.md @@ -138,12 +138,14 @@ The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 - https://github.com/revanmalang/OSCP - https://github.com/rvsvishnuv/rvsvishnuv.github.io - https://github.com/shubhamg0sai/All_top_500_hacking_tool +- https://github.com/shubhamg0sai/top_500_tool - https://github.com/skeeperloyaltie/network - https://github.com/skhjacksonheights/bestTermuxTools_skh - https://github.com/sponkmonk/Ladon_english_update - https://github.com/starlingvibes/TryHackMe - https://github.com/sunzu94/AD-Attack-Defense - https://github.com/sworatz/toolx500 +- https://github.com/syedayman/Network-PenTest-Project - https://github.com/tataev/Security - https://github.com/trhacknon/scan4all - https://github.com/txuswashere/OSCP diff --git a/2017/CVE-2017-0145.md b/2017/CVE-2017-0145.md index 83cd9e38f..223c12452 100644 --- a/2017/CVE-2017-0145.md +++ b/2017/CVE-2017-0145.md @@ -87,9 +87,11 @@ The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/retr0-13/AD-Attack-Defense - https://github.com/shubhamg0sai/All_top_500_hacking_tool +- https://github.com/shubhamg0sai/top_500_tool - https://github.com/skhjacksonheights/bestTermuxTools_skh - https://github.com/sunzu94/AD-Attack-Defense - https://github.com/sworatz/toolx500 +- https://github.com/syedayman/Network-PenTest-Project - https://github.com/tataev/Security - https://github.com/trhacknon/scan4all - https://github.com/uroboros-security/SMB-CVE diff --git a/2017/CVE-2017-1000112.md b/2017/CVE-2017-1000112.md index c4d83dc33..dc3701b6b 100644 --- a/2017/CVE-2017-1000112.md +++ b/2017/CVE-2017-1000112.md @@ -78,6 +78,7 @@ Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. W - https://github.com/lnick2023/nicenice - https://github.com/m0mkris/linux-kernel-exploits - https://github.com/maririn312/Linux_menthor +- https://github.com/milabs/kiddy - https://github.com/milabs/lkrg-bypass - https://github.com/mzet-/linux-exploit-suggester - https://github.com/n3t1nv4d3/kernel-exploits diff --git a/2017/CVE-2017-15710.md b/2017/CVE-2017-15710.md index 3d9fc559c..fa6f4e480 100644 --- a/2017/CVE-2017-15710.md +++ b/2017/CVE-2017-15710.md @@ -26,6 +26,7 @@ No PoCs from references. - https://github.com/Xorlent/Red-Teaming-TTPs - https://github.com/austin-lai/External-Penetration-Testing-Holo-Corporate-Network-TryHackMe-Holo-Network - https://github.com/bioly230/THM_Skynet +- https://github.com/fdool73/insightvm_slackbot - https://github.com/firatesatoglu/shodanSearch - https://github.com/rackerlabs/insightvm_slackbot - https://github.com/retr0-13/nrich diff --git a/2017/CVE-2017-18816.md b/2017/CVE-2017-18816.md new file mode 100644 index 000000000..3928d6c36 --- /dev/null +++ b/2017/CVE-2017-18816.md @@ -0,0 +1,17 @@ +### [CVE-2017-18816](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18816) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +NETGEAR ReadyNAS OS 6 devices, running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. + +### POC + +#### Reference +- https://kb.netgear.com/000049049/Security-Advisory-for-Stored-Cross-Site-Scripting-Vulnerability-on-Some-ReadyNAS-devices-PSV-2017-0290 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2017/CVE-2017-7269.md b/2017/CVE-2017-7269.md index e6ee6e014..5c04615a3 100644 --- a/2017/CVE-2017-7269.md +++ b/2017/CVE-2017-7269.md @@ -41,6 +41,7 @@ Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in In - https://github.com/HacTF/poc--exp - https://github.com/JERRY123S/all-poc - https://github.com/Mr-xn/Penetration_Testing_POC +- https://github.com/N3rdyN3xus/CVE-2017-7269 - https://github.com/NetW0rK1le3r/awesome-hacking-lists - https://github.com/Ostorlab/KEV - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors diff --git a/2017/CVE-2017-7494.md b/2017/CVE-2017-7494.md index bd6041e43..b08234d46 100644 --- a/2017/CVE-2017-7494.md +++ b/2017/CVE-2017-7494.md @@ -33,6 +33,7 @@ Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to r - https://github.com/Astrogeorgeonethree/Starred - https://github.com/Astrogeorgeonethree/Starred2 - https://github.com/Atem1988/Starred +- https://github.com/BJ-PXD/Explotacion-de-Vulnerabiliddes-bee-box - https://github.com/C0dak/linux-kernel-exploits - https://github.com/C0dak/local-root-exploit- - https://github.com/CVEDB/PoC-List diff --git a/2017/CVE-2017-8625.md b/2017/CVE-2017-8625.md index 23e3f4869..a700acb31 100644 --- a/2017/CVE-2017-8625.md +++ b/2017/CVE-2017-8625.md @@ -23,6 +23,7 @@ Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 - https://github.com/ARPSyndicate/cvemon - https://github.com/AdhamRammadan/CyberRoad - https://github.com/Ashadowkhan/PENTESTINGBIBLE +- https://github.com/DefensiveThinking/list-infosec-encyclopedia - https://github.com/Digit4lBytes/RedTeam - https://github.com/DigitalQuinn/InfosecCompilation - https://github.com/Fa1c0n35/Awesome-Red-Teaming. diff --git a/2017/CVE-2017-9814.md b/2017/CVE-2017-9814.md index 8a1dbad59..e02bb2ab4 100644 --- a/2017/CVE-2017-9814.md +++ b/2017/CVE-2017-9814.md @@ -13,5 +13,5 @@ cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to c - https://bugs.freedesktop.org/show_bug.cgi?id=101547 #### Github -No PoCs found on GitHub currently. +- https://github.com/adegoodyer/kubernetes-admin-toolkit diff --git a/2018/CVE-2018-0101.md b/2018/CVE-2018-0101.md index 4b8efad4c..8c40969b9 100644 --- a/2018/CVE-2018-0101.md +++ b/2018/CVE-2018-0101.md @@ -21,6 +21,7 @@ A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco - https://github.com/Correia-jpv/fucking-awesome-honeypots - https://github.com/Cymmetria/ciscoasa_honeypot - https://github.com/Elsfa7-110/kenzer-templates +- https://github.com/KeerthiYasasvi/Honeypot-Data-Analysis-using-T-pot - https://github.com/Mehedi-Babu/honeypots_cyber - https://github.com/Nieuport/-awesome-honeypots- - https://github.com/Ondrik8/-Security diff --git a/2018/CVE-2018-10561.md b/2018/CVE-2018-10561.md index 547769510..d8bada9a4 100644 --- a/2018/CVE-2018-10561.md +++ b/2018/CVE-2018-10561.md @@ -15,6 +15,7 @@ An issue was discovered on Dasan GPON home routers. It is possible to bypass aut #### Github - https://github.com/0x0d3ad/Kn0ck - https://github.com/0xT11/CVE-POC +- https://github.com/20142995/nuclei-templates - https://github.com/ARPSyndicate/cvemon - https://github.com/ATpiu/CVE-2018-10562 - https://github.com/EvilAnne/Python_Learn diff --git a/2018/CVE-2018-11776.md b/2018/CVE-2018-11776.md index 531ece2e8..59850ff5d 100644 --- a/2018/CVE-2018-11776.md +++ b/2018/CVE-2018-11776.md @@ -59,6 +59,7 @@ Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remo - https://github.com/IkerSaint/VULNAPP-vulnerable-app - https://github.com/Ivan1ee/struts2-057-exp - https://github.com/JERRY123S/all-poc +- https://github.com/KeerthiYasasvi/Honeypot-Data-Analysis-using-T-pot - https://github.com/LightC0der/Apache-Struts-0Day-Exploit - https://github.com/Maarckz/PayloadParaTudo - https://github.com/Muhammd/Awesome-Payloads diff --git a/2018/CVE-2018-20148.md b/2018/CVE-2018-20148.md index f08cf3803..2614778bd 100644 --- a/2018/CVE-2018-20148.md +++ b/2018/CVE-2018-20148.md @@ -17,6 +17,7 @@ In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could conduct PHP o - https://github.com/Afetter618/WordPress-PenTest - https://github.com/Byebyesky/IT-Security-Projekt - https://github.com/El-Palomo/DerpNStink +- https://github.com/flouciel/WooCommerce-CVEs - https://github.com/nth347/CVE-2018-20148_exploit - https://github.com/tthseus/WooCommerce-CVEs diff --git a/2018/CVE-2018-21029.md b/2018/CVE-2018-21029.md index 020e2158a..771c7c0ac 100644 --- a/2018/CVE-2018-21029.md +++ b/2018/CVE-2018-21029.md @@ -10,6 +10,7 @@ ### POC #### Reference +- https://blog.cloudflare.com/dns-encryption-explained/ - https://github.com/systemd/systemd/issues/9397 #### Github diff --git a/2019/CVE-2019-11358.md b/2019/CVE-2019-11358.md index 7a9582658..f2c5dc95a 100644 --- a/2019/CVE-2019-11358.md +++ b/2019/CVE-2019-11358.md @@ -289,6 +289,9 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan - https://github.com/AntofeOctavian/AntofeRTC1 - https://github.com/AntonianERA/FtcRobotController-master-8.1.1 - https://github.com/AntonioAlecs/FTC- +- https://github.com/AnyiLin/10158-Centerstage +- https://github.com/AnyiLin/10158-Power-Play +- https://github.com/AnyiLin/Monocular-Visual-Odometry-FTC - https://github.com/Apollo9662/sdk_9_0_1 - https://github.com/Apple-CRISPR/FtcRobotController_2021 - https://github.com/AravNeroth/2023-2024-Robolobos-FTC-14363 @@ -1010,6 +1013,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan - https://github.com/FTC9182/FTC9182-2021-2022 - https://github.com/FTC9837/FTC9837_UltimateGoal - https://github.com/FTC9889/CC_9889_2020_2021 +- https://github.com/FTCCrashAndBurn/FtcRobotController-23 - https://github.com/FTCCyclone/CycloneRobotController - https://github.com/FTCJoeBots/2020-JoeBots-Training-Ground - https://github.com/FTCJoeBots/2023-ChassisBot @@ -2829,6 +2833,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan - https://github.com/connorjlink/FtcRobotController2021 - https://github.com/coreycoreycorey/FtcRobotController - https://github.com/cormickf/Ftc-Powerplay +- https://github.com/coronerx/5404FTC - https://github.com/cosmin-26/ftc-qube - https://github.com/cosmin-26/ftc23.camera - https://github.com/cozymentor/FTC2022 @@ -3417,6 +3422,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan - https://github.com/lancelarsen/PhoenixForceFreightFrenzy - https://github.com/lancelarsen/PhoenixForceUltimateGoal - https://github.com/lancelarsen/PhoenixForceUltimateGoal2 +- https://github.com/lancelarsen/PhoenixForceUltimateGoal3 - https://github.com/largoftc/Firsttech - https://github.com/larrytao05/FtcRobotController - https://github.com/laupetre/FTC-2021 @@ -3820,6 +3826,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan - https://github.com/sesmar/FtcRobotController-8.0 - https://github.com/sgarciaabad/FtcRobotController-9.0 - https://github.com/sgu-101/FTC-8569 +- https://github.com/sgu-101/FTC-8569-CenterStage - https://github.com/sgutierrez8c54/Ftc2020 - https://github.com/sgutierrez8c54/PowerPlay202223 - https://github.com/shalinda/ftcpowerplay diff --git a/2019/CVE-2019-11500.md b/2019/CVE-2019-11500.md new file mode 100644 index 000000000..26541d3f8 --- /dev/null +++ b/2019/CVE-2019-11500.md @@ -0,0 +1,17 @@ +### [CVE-2019-11500](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11500) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/KeerthiYasasvi/Honeypot-Data-Analysis-using-T-pot + diff --git a/2019/CVE-2019-12345.md b/2019/CVE-2019-12345.md index b7e419881..8703411c4 100644 --- a/2019/CVE-2019-12345.md +++ b/2019/CVE-2019-12345.md @@ -13,5 +13,5 @@ XSS exists in the Kiboko Hostel plugin before 1.1.4 for WordPress. - https://wpvulndb.com/vulnerabilities/9289 #### Github -No PoCs found on GitHub currently. +- https://github.com/priamai/cyberlangchain diff --git a/2019/CVE-2019-19781.md b/2019/CVE-2019-19781.md index 1a8812eb4..0c8939421 100644 --- a/2019/CVE-2019-19781.md +++ b/2019/CVE-2019-19781.md @@ -60,6 +60,7 @@ An issue was discovered in Citrix Application Delivery Controller (ADC) and Gate - https://github.com/JamesG-Zero/Shitrix-CVE-2019-19781 - https://github.com/Jean-Francois-C/Windows-Penetration-Testing - https://github.com/KayCHENvip/vulnerability-poc +- https://github.com/KeerthiYasasvi/Honeypot-Data-Analysis-using-T-pot - https://github.com/L4r1k/CitrixNetscalerAnalysis - https://github.com/LeapBeyond/cve_2019_19781 - https://github.com/MalwareTech/CitrixHoneypot diff --git a/2019/CVE-2019-19824.md b/2019/CVE-2019-19824.md index 927000143..75e7ece05 100644 --- a/2019/CVE-2019-19824.md +++ b/2019/CVE-2019-19824.md @@ -5,7 +5,7 @@ ### Description -On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not available. This allows for full control over the device's internals. This affects A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0. +On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not available. This allows for full control over the device's internals. This affects A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, N100RE through 3.4.0, and N302RE 2.0.2. ### POC diff --git a/2019/CVE-2019-6462.md b/2019/CVE-2019-6462.md index 0b320484a..c34321d17 100644 --- a/2019/CVE-2019-6462.md +++ b/2019/CVE-2019-6462.md @@ -13,5 +13,6 @@ An issue was discovered in cairo 1.16.0. There is an infinite loop in the functi - https://github.com/TeamSeri0us/pocs/tree/master/gerbv #### Github +- https://github.com/adegoodyer/kubernetes-admin-toolkit - https://github.com/facebookincubator/meta-fbvuln diff --git a/2019/CVE-2019-7314.md b/2019/CVE-2019-7314.md index 5582ca35d..7780a9960 100644 --- a/2019/CVE-2019-7314.md +++ b/2019/CVE-2019-7314.md @@ -14,6 +14,7 @@ No PoCs from references. #### Github - https://github.com/12qwetyd/upgdfuzz +- https://github.com/5angjun/aflnet - https://github.com/ARPSyndicate/cvemon - https://github.com/Arbusz/aflnet - https://github.com/Arbusz/c2sfuzz diff --git a/2019/CVE-2019-9168.md b/2019/CVE-2019-9168.md index 167de3924..bc8883a4d 100644 --- a/2019/CVE-2019-9168.md +++ b/2019/CVE-2019-9168.md @@ -13,5 +13,6 @@ WooCommerce before 3.5.5 allows XSS via a Photoswipe caption. No PoCs from references. #### Github +- https://github.com/flouciel/WooCommerce-CVEs - https://github.com/tthseus/WooCommerce-CVEs diff --git a/2020/CVE-2020-10021.md b/2020/CVE-2020-10021.md index 2af849254..1ec078691 100644 --- a/2020/CVE-2020-10021.md +++ b/2020/CVE-2020-10021.md @@ -15,5 +15,6 @@ Out-of-bounds Write in the USB Mass Storage memoryWrite handler with unaligned S #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/CBackyx/CVE-Reproduction +- https://github.com/DependableSystemsLab/AutoPatch - https://github.com/Moh3nsalehi/AutoPatchCode diff --git a/2020/CVE-2020-11899.md b/2020/CVE-2020-11899.md index 1a3577d7f..d8d83c810 100644 --- a/2020/CVE-2020-11899.md +++ b/2020/CVE-2020-11899.md @@ -17,6 +17,7 @@ The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read. #### Github - https://github.com/CERTCC/PoC-Exploits/tree/master/vu-257161/scripts +- https://github.com/KeerthiYasasvi/Honeypot-Data-Analysis-using-T-pot - https://github.com/Ostorlab/KEV - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors - https://github.com/panios/suricata_parser diff --git a/2020/CVE-2020-12431.md b/2020/CVE-2020-12431.md index 82c11477e..72aca9ca4 100644 --- a/2020/CVE-2020-12431.md +++ b/2020/CVE-2020-12431.md @@ -11,6 +11,7 @@ A Windows privilege change issue was discovered in Splashtop Software Updater be #### Reference - https://improsec.com/tech-blog/privilege-escalation-vulnerability-in-splashtop-streamer +- https://support-splashtopbusiness.splashtop.com/hc/en-us/articles/360042648231-Splashtop-Streamer-version-3-3-8-0-for-Windows-released-includes-SOS-version-3-3-8-0 #### Github No PoCs found on GitHub currently. diff --git a/2020/CVE-2020-1472.md b/2020/CVE-2020-1472.md index 78f112147..3f8212b1a 100644 --- a/2020/CVE-2020-1472.md +++ b/2020/CVE-2020-1472.md @@ -349,6 +349,7 @@ An elevation of privilege vulnerability exists when an attacker establishes a vu - https://github.com/suzi007/RedTeam_Note - https://github.com/sv3nbeast/CVE-2020-1472 - https://github.com/svbjdbk123/ReadTeam +- https://github.com/syedayman/Network-PenTest-Project - https://github.com/t31m0/CVE-2020-1472 - https://github.com/t31m0/Zero - https://github.com/tanjiti/sec_profile diff --git a/2020/CVE-2020-28429.md b/2020/CVE-2020-28429.md index 2ef960c36..d6ebc6d79 100644 --- a/2020/CVE-2020-28429.md +++ b/2020/CVE-2020-28429.md @@ -13,5 +13,5 @@ All versions of package geojson2kml are vulnerable to Command Injection via the - https://snyk.io/vuln/SNYK-JS-GEOJSON2KML-1050412 #### Github -No PoCs found on GitHub currently. +- https://github.com/20142995/nuclei-templates diff --git a/2020/CVE-2020-9496.md b/2020/CVE-2020-9496.md index 15aa56393..c4ee26a84 100644 --- a/2020/CVE-2020-9496.md +++ b/2020/CVE-2020-9496.md @@ -28,6 +28,7 @@ XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scriptin - https://github.com/Elsfa7-110/kenzer-templates - https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet - https://github.com/HimmelAward/Goby_POC +- https://github.com/JulianWu520/DriedMango - https://github.com/Ly0nt4r/CVE-2020-9496 - https://github.com/MrMeizhi/DriedMango - https://github.com/SexyBeast233/SecBooks diff --git a/2021/CVE-2021-24962.md b/2021/CVE-2021-24962.md index 11d20cabd..52686a727 100644 --- a/2021/CVE-2021-24962.md +++ b/2021/CVE-2021-24962.md @@ -15,5 +15,5 @@ The WordPress File Upload Free and Pro WordPress plugins before 4.16.3 allow use - https://wpscan.com/vulnerability/7a95b3f2-285e-40e3-aead-41932c207623 #### Github -No PoCs found on GitHub currently. +- https://github.com/syedayman/Network-PenTest-Project diff --git a/2021/CVE-2021-26295.md b/2021/CVE-2021-26295.md index 6334b2b37..65d7efdc8 100644 --- a/2021/CVE-2021-26295.md +++ b/2021/CVE-2021-26295.md @@ -29,6 +29,7 @@ Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated at - https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet - https://github.com/Henry4E36/Apache-OFBiz-Vul - https://github.com/HimmelAward/Goby_POC +- https://github.com/JulianWu520/DriedMango - https://github.com/KayCHENvip/vulnerability-poc - https://github.com/Li468446/Apache_poc - https://github.com/Miraitowa70/POC-Notes diff --git a/2021/CVE-2021-29447.md b/2021/CVE-2021-29447.md index 45c66ccb1..b21f04ccf 100644 --- a/2021/CVE-2021-29447.md +++ b/2021/CVE-2021-29447.md @@ -19,6 +19,7 @@ Wordpress is an open source CMS. A user with the ability to upload files (like a - https://github.com/0xjukai/Web-security - https://github.com/ARPSyndicate/cvemon - https://github.com/Abdulazizalsewedy/CVE-2021-29447 +- https://github.com/Aijoo100/Aijoo100 - https://github.com/Anogota/MetaTwo - https://github.com/AssassinUKG/CVE-2021-29447 - https://github.com/AssassinUKG/Writeups diff --git a/2021/CVE-2021-30600.md b/2021/CVE-2021-30600.md index de47e5ddb..92d525f4e 100644 --- a/2021/CVE-2021-30600.md +++ b/2021/CVE-2021-30600.md @@ -13,5 +13,6 @@ Use after free in Printing in Google Chrome prior to 92.0.4515.159 allowed a rem No PoCs from references. #### Github +- https://github.com/splunk-soar-connectors/microsoftdefenderforendpoint - https://github.com/splunk-soar-connectors/windowsdefenderatp diff --git a/2021/CVE-2021-3489.md b/2021/CVE-2021-3489.md index 2fe3e3871..4977cd33f 100644 --- a/2021/CVE-2021-3489.md +++ b/2021/CVE-2021-3489.md @@ -11,7 +11,7 @@ The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel did not chec ### POC #### Reference -No PoCs from references. +- https://ubuntu.com/security/notices/USN-4950-1 #### Github - https://github.com/ARPSyndicate/cvemon diff --git a/2021/CVE-2021-3490.md b/2021/CVE-2021-3490.md index 6181309df..e0452a0b3 100644 --- a/2021/CVE-2021-3490.md +++ b/2021/CVE-2021-3490.md @@ -12,6 +12,7 @@ The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux ke #### Reference - http://packetstormsecurity.com/files/164015/Linux-eBPF-ALU32-32-bit-Invalid-Bounds-Tracking-Local-Privilege-Escalation.html +- https://ubuntu.com/security/notices/USN-4950-1 #### Github - https://github.com/0xsyr0/OSCP diff --git a/2021/CVE-2021-3491.md b/2021/CVE-2021-3491.md index 14f1a594d..5af223b19 100644 --- a/2021/CVE-2021-3491.md +++ b/2021/CVE-2021-3491.md @@ -11,6 +11,7 @@ The io_uring subsystem in the Linux kernel allowed the MAX_RW_COUNT limit to be #### Reference - https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d1f82808877bb10d3deee7cf3374a4eb3fb582db +- https://ubuntu.com/security/notices/USN-4950-1 #### Github No PoCs found on GitHub currently. diff --git a/2021/CVE-2021-3493.md b/2021/CVE-2021-3493.md index 3c280f793..12e136b50 100644 --- a/2021/CVE-2021-3493.md +++ b/2021/CVE-2021-3493.md @@ -25,6 +25,7 @@ The overlayfs implementation in the linux kernel did not properly validate with - https://github.com/20142995/sectool - https://github.com/ARPSyndicate/cvemon - https://github.com/Abdennour-py/CVE-2021-3493 +- https://github.com/Aijoo100/Aijoo100 - https://github.com/Al1ex/LinuxEelvation - https://github.com/AmIAHuman/OverlayFS-CVE-2021-3493 - https://github.com/Anekant-Singhai/Exploits diff --git a/2021/CVE-2021-3560.md b/2021/CVE-2021-3560.md index 1d2ce7dd3..52e1eaa98 100644 --- a/2021/CVE-2021-3560.md +++ b/2021/CVE-2021-3560.md @@ -20,6 +20,7 @@ It was found that polkit could be tricked into bypassing the credential checks f - https://github.com/0xsmirk/vehicle-kernel-exploit - https://github.com/0xsyr0/OSCP - https://github.com/ARPSyndicate/cvemon +- https://github.com/Aijoo100/Aijoo100 - https://github.com/Almorabea/Polkit-exploit - https://github.com/AnastasiaLomova/PR1 - https://github.com/AnastasiaLomova/PR1.1 diff --git a/2021/CVE-2021-36934.md b/2021/CVE-2021-36934.md index 0a7de7067..8f25dbdcd 100644 --- a/2021/CVE-2021-36934.md +++ b/2021/CVE-2021-36934.md @@ -119,6 +119,7 @@ - https://github.com/s3mPr1linux/JUST_WALKING_DOG - https://github.com/shaktavist/SeriousSam - https://github.com/soosmile/POC +- https://github.com/splunk-soar-connectors/microsoftdefenderforendpoint - https://github.com/splunk-soar-connectors/windowsdefenderatp - https://github.com/sponkmonk/Ladon_english_update - https://github.com/taielab/awesome-hacking-lists diff --git a/2021/CVE-2021-41773.md b/2021/CVE-2021-41773.md index 35eb5e72c..980e26666 100644 --- a/2021/CVE-2021-41773.md +++ b/2021/CVE-2021-41773.md @@ -39,6 +39,7 @@ A flaw was found in a change made to path normalization in Apache HTTP Server 2. - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/AdrMAr5/baiim +- https://github.com/Aijoo100/Aijoo100 - https://github.com/AkshayraviC09YC47/CVE-Exploits - https://github.com/AnonymouID/POC - https://github.com/ArrestX/--POC diff --git a/2021/CVE-2021-4217.md b/2021/CVE-2021-4217.md index 5df2ba95b..77e843038 100644 --- a/2021/CVE-2021-4217.md +++ b/2021/CVE-2021-4217.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon +- https://github.com/adegoodyer/kubernetes-admin-toolkit diff --git a/2022/CVE-2022-0847.md b/2022/CVE-2022-0847.md index aee131ca0..d1a9687df 100644 --- a/2022/CVE-2022-0847.md +++ b/2022/CVE-2022-0847.md @@ -34,6 +34,7 @@ A flaw was found in the way the "flags" member of the new pipe buffer structure - https://github.com/4luc4rdr5290/CVE-2022-0847 - https://github.com/ARPSyndicate/cvemon - https://github.com/Abhi-1712/ejpt-roadmap +- https://github.com/Aijoo100/Aijoo100 - https://github.com/Al1ex/CVE-2022-0847 - https://github.com/Al1ex/LinuxEelvation - https://github.com/AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits diff --git a/2022/CVE-2022-20073.md b/2022/CVE-2022-20073.md new file mode 100644 index 000000000..bd1409c0b --- /dev/null +++ b/2022/CVE-2022-20073.md @@ -0,0 +1,17 @@ +### [CVE-2022-20073](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20073) +![](https://img.shields.io/static/v1?label=Product&message=MT2601%2C%20MT6580%2C%20MT6735%2C%20MT6739%2C%20MT6761%2C%20MT6763%2C%20MT6765%2C%20MT6768%2C%20MT6771%2C%20MT6779%2C%20MT6781%2C%20MT6785%2C%20MT6799%2C%20MT6833%2C%20MT6873%2C%20MT6877%2C%20MT6885%2C%20MT6893%2C%20MT8163%2C%20MT8167%2C%20MT8167S%2C%20MT8168%2C%20MT8173%2C%20MT8175%2C%20MT8183%2C%20MT8185%2C%20MT8321%2C%20MT8362A%2C%20MT8365%2C%20MT8385%2C%20MT8666%2C%20MT8667%2C%20MT8675%2C%20MT8695%2C%20MT8696%2C%20MT8765%2C%20MT8766%2C%20MT8768%2C%20MT8786%2C%20MT8788%2C%20MT8789%2C%20MT8791%2C%20MT8797&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Elevation%20of%20Privilege&color=brighgreen) + +### Description + +In preloader (usb), there is a possible out of bounds write due to a integer underflow. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160841; Issue ID: ALPS06160841. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/m1erphy/CVE-2022-20073 + diff --git a/2022/CVE-2022-2440.md b/2022/CVE-2022-2440.md new file mode 100644 index 000000000..35833b9e7 --- /dev/null +++ b/2022/CVE-2022-2440.md @@ -0,0 +1,17 @@ +### [CVE-2022-2440](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2440) +![](https://img.shields.io/static/v1?label=Product&message=Theme%20Editor&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.8%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%20Deserialization%20of%20Untrusted%20Data&color=brighgreen) + +### Description + +The Theme Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'images_array' parameter in versions up to, and including 2.8. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2022/CVE-2022-26143.md b/2022/CVE-2022-26143.md index b2d1a7b86..91ce012a2 100644 --- a/2022/CVE-2022-26143.md +++ b/2022/CVE-2022-26143.md @@ -10,6 +10,7 @@ The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiV ### POC #### Reference +- https://blog.cloudflare.com/cve-2022-26143/ - https://team-cymru.com/blog/2022/03/08/record-breaking-ddos-potential-discovered-cve-2022-26143/ #### Github diff --git a/2022/CVE-2022-32272.md b/2022/CVE-2022-32272.md index 1c8e6bd54..959ec47c4 100644 --- a/2022/CVE-2022-32272.md +++ b/2022/CVE-2022-32272.md @@ -11,6 +11,7 @@ OPSWAT MetaDefender Core before 5.1.2, MetaDefender ICAP before 4.12.1, and Meta #### Reference - http://packetstormsecurity.com/files/171549/OPSWAT-Metadefender-Core-4.21.1-Privilege-Escalation.html +- https://opswat.com #### Github No PoCs found on GitHub currently. diff --git a/2022/CVE-2022-32273.md b/2022/CVE-2022-32273.md new file mode 100644 index 000000000..42fa33700 --- /dev/null +++ b/2022/CVE-2022-32273.md @@ -0,0 +1,17 @@ +### [CVE-2022-32273](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32273) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +As a result of an observable discrepancy in returned messages, OPSWAT MetaDefender Core (MDCore) before 5.1.2 could allow an authenticated user to enumerate filenames on the server. + +### POC + +#### Reference +- https://opswat.com + +#### Github +No PoCs found on GitHub currently. + diff --git a/2022/CVE-2022-40778.md b/2022/CVE-2022-40778.md new file mode 100644 index 000000000..8d085f49c --- /dev/null +++ b/2022/CVE-2022-40778.md @@ -0,0 +1,17 @@ +### [CVE-2022-40778](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40778) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A stored Cross-Site Scripting (XSS) vulnerability in OPSWAT MetaDefender ICAP Server before 4.13.0 allows attackers to execute arbitrary JavaScript or HTML because of the blocked page response. + +### POC + +#### Reference +- https://www.opswat.com/products/metadefender/icap + +#### Github +No PoCs found on GitHub currently. + diff --git a/2022/CVE-2022-41409.md b/2022/CVE-2022-41409.md index 748c532b7..2495d7282 100644 --- a/2022/CVE-2022-41409.md +++ b/2022/CVE-2022-41409.md @@ -13,5 +13,6 @@ Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cau No PoCs from references. #### Github +- https://github.com/adegoodyer/kubernetes-admin-toolkit - https://github.com/fokypoky/places-list diff --git a/2022/CVE-2022-4270.md b/2022/CVE-2022-4270.md index d658bf581..0744b6f33 100644 --- a/2022/CVE-2022-4270.md +++ b/2022/CVE-2022-4270.md @@ -1,11 +1,11 @@ ### [CVE-2022-4270](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4270) ![](https://img.shields.io/static/v1?label=Product&message=M-Files%20Web&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=%3D%200%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%2022.5.11436.1%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-269%20Improper%20Privilege%20Management&color=brighgreen) ### Description -Incorrect privilege assignment issue in M-Files Web in M-Files Web versions before 22.5.11436.1 could have changed permissions accidentally. +Incorrect privilege assignment issue in M-Files Web in M-Files Web versions beforeĀ 22.5.11436.1 could have changed permissions accidentally. ### POC diff --git a/2023/CVE-2023-0159.md b/2023/CVE-2023-0159.md index 6ef451b99..ec0bbb34b 100644 --- a/2023/CVE-2023-0159.md +++ b/2023/CVE-2023-0159.md @@ -13,6 +13,7 @@ The Extensive VC Addons for WPBakery page builder WordPress plugin before 1.9.1 - https://wpscan.com/vulnerability/239ea870-66e5-4754-952e-74d4dd60b809 #### Github +- https://github.com/Chocapikk/Chocapikk - https://github.com/im-hanzou/EVCer - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/xu-xiang/awesome-security-vul-llm diff --git a/2023/CVE-2023-0663.md b/2023/CVE-2023-0663.md index 847268d19..9cefcfcc5 100644 --- a/2023/CVE-2023-0663.md +++ b/2023/CVE-2023-0663.md @@ -11,6 +11,7 @@ A vulnerability was found in Calendar Event Management System 2.3.0. It has been #### Reference - https://vuldb.com/?id.220175 +- https://www.youtube.com/watch?v=UsSZU6EWB1E #### Github No PoCs found on GitHub currently. diff --git a/2023/CVE-2023-0841.md b/2023/CVE-2023-0841.md index d2c8fad48..783b76fb4 100644 --- a/2023/CVE-2023-0841.md +++ b/2023/CVE-2023-0841.md @@ -15,5 +15,5 @@ A vulnerability, which was classified as critical, has been found in GPAC 2.3-DE - https://github.com/qianshuidewajueji/poc/blob/main/gpac/mp3_dmx_process_poc3 #### Github -No PoCs found on GitHub currently. +- https://github.com/DiRaltvein/memory-corruption-examples diff --git a/2023/CVE-2023-22515.md b/2023/CVE-2023-22515.md index c3eab2f0c..5fd51bc99 100644 --- a/2023/CVE-2023-22515.md +++ b/2023/CVE-2023-22515.md @@ -19,6 +19,7 @@ Atlassian has been made aware of an issue reported by a handful of customers whe - https://github.com/AdamCrosser/awesome-vuln-writeups - https://github.com/Adonijah01/InfoSec365 - https://github.com/Adonijah01/Schedule +- https://github.com/Aijoo100/Aijoo100 - https://github.com/Awrrays/FrameVul - https://github.com/C1ph3rX13/CVE-2023-22515 - https://github.com/C1ph3rX13/CVE-2023-22518 diff --git a/2023/CVE-2023-22893.md b/2023/CVE-2023-22893.md index 2bdfb6ba3..3a5d4b726 100644 --- a/2023/CVE-2023-22893.md +++ b/2023/CVE-2023-22893.md @@ -15,5 +15,6 @@ Strapi through 4.5.5 does not verify the access or ID tokens issued during the O - https://www.ghostccamm.com/blog/multi_strapi_vulns/ #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/ARPSyndicate/cvemon diff --git a/2023/CVE-2023-26321.md b/2023/CVE-2023-26321.md new file mode 100644 index 000000000..7a61cf0fd --- /dev/null +++ b/2023/CVE-2023-26321.md @@ -0,0 +1,17 @@ +### [CVE-2023-26321](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26321) +![](https://img.shields.io/static/v1?label=Product&message=Xiaomi%20File%20Manager%20App%20International%20Version&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=A%20path%20traversal%20vulnerability%20exists&color=brighgreen) + +### Description + +A path traversal vulnerability exists in the Xiaomi File Manager application product(international version). The vulnerability is caused by unfiltered special characters and can be exploited by attackers to overwrite and execute code in the file. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Ch0pin/related_work + diff --git a/2023/CVE-2023-2640.md b/2023/CVE-2023-2640.md index a1ae6ae19..5f0a91178 100644 --- a/2023/CVE-2023-2640.md +++ b/2023/CVE-2023-2640.md @@ -16,6 +16,7 @@ No PoCs from references. - https://github.com/0xWhoami35/root-kernel - https://github.com/0xsyr0/OSCP - https://github.com/CVEDB/awesome-cve-repo +- https://github.com/CVEDB/top - https://github.com/Ev3rPalestine/Analytics-HTB-Walkthrough - https://github.com/GhostTroops/TOP - https://github.com/HaxorSecInfec/autoroot.sh diff --git a/2023/CVE-2023-26801.md b/2023/CVE-2023-26801.md index 2df0890b8..17ea15e0f 100644 --- a/2023/CVE-2023-26801.md +++ b/2023/CVE-2023-26801.md @@ -13,5 +13,5 @@ LB-LINK BL-AC1900_2.0 v1.0.1, LB-LINK BL-WR9000 v2.4.9, LB-LINK BL-X26 v1.2.5, a - https://github.com/winmt/my-vuls/tree/main/LB-LINK%20BL-AC1900%2C%20BL-WR9000%2C%20BL-X26%20and%20BL-LTE300%20Wireless%20Routers #### Github -No PoCs found on GitHub currently. +- https://github.com/KeerthiYasasvi/Honeypot-Data-Analysis-using-T-pot diff --git a/2023/CVE-2023-27350.md b/2023/CVE-2023-27350.md index 81a1b4f7b..183f4f46c 100644 --- a/2023/CVE-2023-27350.md +++ b/2023/CVE-2023-27350.md @@ -21,6 +21,7 @@ This vulnerability allows remote attackers to bypass authentication on affected - https://github.com/ARPSyndicate/cvemon - https://github.com/ASG-CASTLE/CVE-2023-27350 - https://github.com/AdamCrosser/awesome-vuln-writeups +- https://github.com/Aijoo100/Aijoo100 - https://github.com/Jenderal92/CVE-2023-27350 - https://github.com/Loginsoft-LLC/Linux-Exploit-Detection - https://github.com/Loginsoft-Research/Linux-Exploit-Detection diff --git a/2023/CVE-2023-2837.md b/2023/CVE-2023-2837.md index 7bbdf59be..65ef0d94e 100644 --- a/2023/CVE-2023-2837.md +++ b/2023/CVE-2023-2837.md @@ -13,5 +13,5 @@ Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.2. - https://huntr.dev/bounties/a6bfd1b2-aba8-4c6f-90c4-e95b1831cb17 #### Github -No PoCs found on GitHub currently. +- https://github.com/7resp4ss/7resp4ss diff --git a/2023/CVE-2023-29506.md b/2023/CVE-2023-29506.md index 8e0e13458..6840a7053 100644 --- a/2023/CVE-2023-29506.md +++ b/2023/CVE-2023-29506.md @@ -13,5 +13,5 @@ XWiki Commons are technical libraries common to several other top level XWiki pr - https://jira.xwiki.org/browse/XWIKI-20335 #### Github -No PoCs found on GitHub currently. +- https://github.com/20142995/nuclei-templates diff --git a/2023/CVE-2023-32629.md b/2023/CVE-2023-32629.md index e29403756..06d9f0fee 100644 --- a/2023/CVE-2023-32629.md +++ b/2023/CVE-2023-32629.md @@ -16,6 +16,7 @@ Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up - https://github.com/0xWhoami35/root-kernel - https://github.com/0xsyr0/OSCP - https://github.com/CVEDB/awesome-cve-repo +- https://github.com/CVEDB/top - https://github.com/Ev3rPalestine/Analytics-HTB-Walkthrough - https://github.com/GhostTroops/TOP - https://github.com/HaxorSecInfec/autoroot.sh diff --git a/2023/CVE-2023-3345.md b/2023/CVE-2023-3345.md index 9bac4aa7a..f6498ac24 100644 --- a/2023/CVE-2023-3345.md +++ b/2023/CVE-2023-3345.md @@ -1,11 +1,11 @@ ### [CVE-2023-3345](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3345) ![](https://img.shields.io/static/v1?label=Product&message=LMS%20by%20Masteriyo&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.6.8%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Information%20Exposure&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-863%20Incorrect%20Authorization&color=brighgreen) ### Description -The LMS by Masteriyo WordPress plugin before 1.6.8 does not properly safeguards sensitive user information, like other user's email addresses, making it possible for any students to leak them via some of the plugin's REST API endpoints. +The LMS by Masteriyo WordPress plugin before 1.6.8 does not have proper authorization in one some of its REST API endpoints, making it possible for any students to retrieve email addresses of other students ### POC diff --git a/2023/CVE-2023-33457.md b/2023/CVE-2023-33457.md new file mode 100644 index 000000000..a33f3403d --- /dev/null +++ b/2023/CVE-2023-33457.md @@ -0,0 +1,17 @@ +### [CVE-2023-33457](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33457) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In Sogou Workflow v0.10.6, memcpy a negtive size in URIParser::parse , may cause buffer-overflow and crash. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/DiRaltvein/memory-corruption-examples + diff --git a/2023/CVE-2023-34754.md b/2023/CVE-2023-34754.md index 50581aca0..9d25e5cc3 100644 --- a/2023/CVE-2023-34754.md +++ b/2023/CVE-2023-34754.md @@ -13,5 +13,5 @@ bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the - https://ndmcyb.hashnode.dev/bloofox-v0521-was-discovered-to-contain-many-sql-injection-vulnerability #### Github -No PoCs found on GitHub currently. +- https://github.com/20142995/nuclei-templates diff --git a/2023/CVE-2023-36239.md b/2023/CVE-2023-36239.md index 7a67229fe..6d02dbaef 100644 --- a/2023/CVE-2023-36239.md +++ b/2023/CVE-2023-36239.md @@ -13,5 +13,5 @@ libming listswf 0.4.7 was discovered to contain a buffer overflow in the parseSW - https://github.com/libming/libming/issues/273 #### Github -No PoCs found on GitHub currently. +- https://github.com/DiRaltvein/memory-corruption-examples diff --git a/2023/CVE-2023-37457.md b/2023/CVE-2023-37457.md new file mode 100644 index 000000000..71d321faf --- /dev/null +++ b/2023/CVE-2023-37457.md @@ -0,0 +1,17 @@ +### [CVE-2023-37457](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457) +![](https://img.shields.io/static/v1?label=Product&message=asterisk&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%3D%2018.20.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-120%3A%20Buffer%20Copy%20without%20Checking%20Size%20of%20Input%20('Classic%20Buffer%20Overflow')&color=brighgreen) + +### Description + +Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the 'update' functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/DiRaltvein/memory-corruption-examples + diff --git a/2023/CVE-2023-38408.md b/2023/CVE-2023-38408.md index 6ef99733f..5941157a2 100644 --- a/2023/CVE-2023-38408.md +++ b/2023/CVE-2023-38408.md @@ -15,6 +15,7 @@ The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently t - https://news.ycombinator.com/item?id=36790196 #### Github +- https://github.com/Aijoo100/Aijoo100 - https://github.com/FarelRA/MKM_ssh - https://github.com/LucasPDiniz/CVE-2023-38408 - https://github.com/LucasPDiniz/StudyRoom diff --git a/2023/CVE-2023-39848.md b/2023/CVE-2023-39848.md index cae1216fa..297337a74 100644 --- a/2023/CVE-2023-39848.md +++ b/2023/CVE-2023-39848.md @@ -66,6 +66,7 @@ No PoCs from references. - https://github.com/cuongbtu/dvwa_config - https://github.com/davinci96/-aplicacion-vulnerable - https://github.com/deftdeft2000/nl_kitkat +- https://github.com/devsecopsorange/pruebarepo - https://github.com/devsecopsteam2022/pruebarepo - https://github.com/digininja/DVWA - https://github.com/djstevanovic98/DVWA-test diff --git a/2023/CVE-2023-4322.md b/2023/CVE-2023-4322.md index e8f0ac64d..8fcdbccb1 100644 --- a/2023/CVE-2023-4322.md +++ b/2023/CVE-2023-4322.md @@ -13,5 +13,5 @@ Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0 - https://huntr.dev/bounties/06e2484c-d6f1-4497-af67-26549be9fffd #### Github -No PoCs found on GitHub currently. +- https://github.com/7resp4ss/7resp4ss diff --git a/2023/CVE-2023-45853.md b/2023/CVE-2023-45853.md index b5e49ddd9..11735f457 100644 --- a/2023/CVE-2023-45853.md +++ b/2023/CVE-2023-45853.md @@ -13,6 +13,7 @@ MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buf No PoCs from references. #### Github +- https://github.com/13m0n4de/neko-quiz - https://github.com/DmitryIll/shvirtd-example-python - https://github.com/GrigGM/05-virt-04-docker-hw - https://github.com/bariskanber/zlib-1.3-deb @@ -21,5 +22,6 @@ No PoCs from references. - https://github.com/fokypoky/places-list - https://github.com/jina-ai/reader - https://github.com/marklogic/marklogic-kubernetes +- https://github.com/ministryofjustice/cica-apply-data-capture-service - https://github.com/shakyaraj9569/Documentation diff --git a/2023/CVE-2023-46316.md b/2023/CVE-2023-46316.md index f2a24c26f..7ef892c1b 100644 --- a/2023/CVE-2023-46316.md +++ b/2023/CVE-2023-46316.md @@ -13,5 +13,5 @@ In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not - http://packetstormsecurity.com/files/176660/Traceroute-2.1.2-Privilege-Escalation.html #### Github -No PoCs found on GitHub currently. +- https://github.com/adegoodyer/kubernetes-admin-toolkit diff --git a/2023/CVE-2023-5490.md b/2023/CVE-2023-5490.md index 309550fed..b5ec29d8a 100644 --- a/2023/CVE-2023-5490.md +++ b/2023/CVE-2023-5490.md @@ -11,6 +11,7 @@ A vulnerability classified as critical was found in Byzoro Smart S45F Multi-Serv #### Reference - https://github.com/llixixi/cve/blob/main/s45_upload_%20userattestation.md +- https://vuldb.com/?id.241642 #### Github No PoCs found on GitHub currently. diff --git a/2023/CVE-2023-5574.md b/2023/CVE-2023-5574.md new file mode 100644 index 000000000..2fffca575 --- /dev/null +++ b/2023/CVE-2023-5574.md @@ -0,0 +1,20 @@ +### [CVE-2023-5574](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5574) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%206&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Use%20After%20Free&color=brighgreen) + +### Description + +A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode). If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be triggered during shutdown or reset of the Xvfb server, allowing for possible escalation of privileges or denial of service. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/adegoodyer/kubernetes-admin-toolkit + diff --git a/2023/CVE-2023-6117.md b/2023/CVE-2023-6117.md index 7a899157b..cf3fe6792 100644 --- a/2023/CVE-2023-6117.md +++ b/2023/CVE-2023-6117.md @@ -1,7 +1,7 @@ ### [CVE-2023-6117](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6117) ![](https://img.shields.io/static/v1?label=Product&message=M-Files%20Server&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=0%3C%2023.11.13156.0%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%20Uncontrolled%20Resource%20Consumption&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-770%20Allocation%20of%20Resources%20Without%20Limits%20or%20Throttling&color=brighgreen) ### Description diff --git a/2023/CVE-2023-6257.md b/2023/CVE-2023-6257.md index c76f87ee3..bc97a9f36 100644 --- a/2023/CVE-2023-6257.md +++ b/2023/CVE-2023-6257.md @@ -1,11 +1,11 @@ ### [CVE-2023-6257](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6257) ![](https://img.shields.io/static/v1?label=Product&message=Inline%20Related%20Posts&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.6.0%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-287%20Improper%20Authentication&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) ### Description -The Inline Related Posts WordPress plugin before 3.6.0 does not ensure that post content displayed via an AJAX action are accessible to the user, allowing any authenticated user, such as subscriber to retrieve the content of password protected posts +The Inline Related Posts WordPress plugin before 3.6.0 is missing authorization in an AJAX action to ensure that users are allowed to see the content of the posts displayed, allowing any authenticated user, such as subscriber to retrieve the content of password protected posts ### POC diff --git a/2023/CVE-2023-6553.md b/2023/CVE-2023-6553.md index f6c90b2da..4b44bbaa0 100644 --- a/2023/CVE-2023-6553.md +++ b/2023/CVE-2023-6553.md @@ -15,6 +15,7 @@ The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution #### Github - https://github.com/Chocapikk/CVE-2023-6553 +- https://github.com/Chocapikk/Chocapikk - https://github.com/Marco-zcl/POC - https://github.com/Ostorlab/KEV - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors diff --git a/2023/CVE-2023-6717.md b/2023/CVE-2023-6717.md index 3feda2180..70db9fc50 100644 --- a/2023/CVE-2023-6717.md +++ b/2023/CVE-2023-6717.md @@ -2,6 +2,7 @@ ![](https://img.shields.io/static/v1?label=Product&message=Migration%20Toolkit%20for%20Applications%206&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Migration%20Toolkit%20for%20Applications%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=RHOSS-1.33-RHEL-8&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=RHPAM%207.13.5%20async&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Data%20Grid%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Decision%20Manager%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Developer%20Hub&color=blue) diff --git a/2023/CVE-2023-6821.md b/2023/CVE-2023-6821.md index ea597db23..b1f20c7b4 100644 --- a/2023/CVE-2023-6821.md +++ b/2023/CVE-2023-6821.md @@ -1,11 +1,11 @@ ### [CVE-2023-6821](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6821) ![](https://img.shields.io/static/v1?label=Product&message=Error%20Log%20Viewer%20by%20BestWebSoft&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.1.3%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Information%20Exposure&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-548%20Exposure%20of%20Information%20Through%20Directory%20Listing&color=brighgreen) ### Description -The Error Log Viewer by BestWebSoft WordPress plugin before 1.1.3 contains a vulnerability that allows you to read and download PHP logs without authorization +The Error Log Viewer by BestWebSoft WordPress plugin before 1.1.3 is affected by a Directory Listing issue, allowing users to read and download PHP logs without authorization ### POC diff --git a/2023/CVE-2023-6955.md b/2023/CVE-2023-6955.md index 2207e1819..90fc1829b 100644 --- a/2023/CVE-2023-6955.md +++ b/2023/CVE-2023-6955.md @@ -5,7 +5,7 @@ ### Description -An improper access control vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group. +An improper access control vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group. ### POC diff --git a/2023/CVE-2023-7028.md b/2023/CVE-2023-7028.md index 73f0b8b22..47454b886 100644 --- a/2023/CVE-2023-7028.md +++ b/2023/CVE-2023-7028.md @@ -15,6 +15,7 @@ No PoCs from references. #### Github - https://github.com/0xMarcio/cve - https://github.com/0xsyr0/OSCP +- https://github.com/Aijoo100/Aijoo100 - https://github.com/Azathothas/Stars - https://github.com/CVE-Reversing/CVE-Reversing - https://github.com/CVEDB/awesome-cve-repo diff --git a/2023/CVE-2023-7164.md b/2023/CVE-2023-7164.md index 0287c03f9..8f85281ef 100644 --- a/2023/CVE-2023-7164.md +++ b/2023/CVE-2023-7164.md @@ -1,11 +1,11 @@ ### [CVE-2023-7164](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7164) ![](https://img.shields.io/static/v1?label=Product&message=BackWPup&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.0.4%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Information%20Exposure&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-548%20Exposure%20of%20Information%20Through%20Directory%20Listing&color=brighgreen) ### Description -The BackWPup WordPress plugin before 4.0.4 does not prevent visitors from leaking key information about ongoing backups, allowing unauthenticated attackers to download backups of a site's database. +The BackWPup WordPress plugin before 4.0.4 does not prevent Directory Listing in its temporary backup folder, allowing unauthenticated attackers to download backups of a site's database. ### POC diff --git a/2024/CVE-2024-0456.md b/2024/CVE-2024-0456.md index 3940aef2a..ee4bfb0a9 100644 --- a/2024/CVE-2024-0456.md +++ b/2024/CVE-2024-0456.md @@ -5,7 +5,7 @@ ### Description -An authorization vulnerability exists in GitLab versions 14.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. An unauthorized attacker is able to assign arbitrary users to MRs that they created within the project +An authorization vulnerability exists in GitLab versions 14.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. An unauthorized attacker is able to assign arbitrary users to MRs that they created within the project ### POC diff --git a/2024/CVE-2024-1056.md b/2024/CVE-2024-1056.md new file mode 100644 index 000000000..642a36c93 --- /dev/null +++ b/2024/CVE-2024-1056.md @@ -0,0 +1,17 @@ +### [CVE-2024-1056](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1056) +![](https://img.shields.io/static/v1?label=Product&message=FunnelKit%20Funnel%20Builder%20Pro&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%203.4.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +The FunnelKit Funnel Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'allow_iframe_tag_in_post' function which uses the 'wp_kses_allowed_html' filter to globally allow script and iframe tags in posts in all versions up to, and including, 3.4.5. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-1086.md b/2024/CVE-2024-1086.md index 721a32f02..e100f884e 100644 --- a/2024/CVE-2024-1086.md +++ b/2024/CVE-2024-1086.md @@ -50,6 +50,7 @@ A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables compon - https://github.com/jetblk/Flipper-Zero-JavaScript - https://github.com/johe123qwe/github-trending - https://github.com/kevcooper/CVE-2024-1086-checker +- https://github.com/lobo360/iptables-ubuntu - https://github.com/makoto56/penetration-suite-toolkit - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/phixion/phixion diff --git a/2024/CVE-2024-1384.md b/2024/CVE-2024-1384.md new file mode 100644 index 000000000..1cddf3bdd --- /dev/null +++ b/2024/CVE-2024-1384.md @@ -0,0 +1,17 @@ +### [CVE-2024-1384](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1384) +![](https://img.shields.io/static/v1?label=Product&message=Premium%20Portfolio%20Features%20for%20Phlox%20theme&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.3.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +The Premium Portfolio Features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'aux_recent_portfolios_grid' shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-1544.md b/2024/CVE-2024-1544.md new file mode 100644 index 000000000..0138756ae --- /dev/null +++ b/2024/CVE-2024-1544.md @@ -0,0 +1,18 @@ +### [CVE-2024-1544](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1544) +![](https://img.shields.io/static/v1?label=Product&message=wolfSSL&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%205.6.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-203%20Observable%20Discrepancy&color=brighgreen) + +### Description + +Generating the ECDSA nonce k samples a random number r and then truncates this randomness with a modular reduction mod n where n is the order of the elliptic curve. Meaning k = r mod n. The division used during the reduction estimates a factor q_e by dividing the upper two digits (a digit having e.g. a size of 8 byte) of r by the upper digit of n and then decrements q_e in a loop until it has the correct size. Observing the number of times q_e is decremented through a control-flow revealing side-channel reveals a bias in the most significant bits of k. Depending on the curve this is either a negligible bias or a significant bias large enough to reconstruct k with lattice reduction methods. For SECP160R1, e.g., we find a bias of 15 bits. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/wolfSSL/Arduino-wolfSSL +- https://github.com/wolfSSL/wolfssl + diff --git a/2024/CVE-2024-1545.md b/2024/CVE-2024-1545.md new file mode 100644 index 000000000..7dd0b4f20 --- /dev/null +++ b/2024/CVE-2024-1545.md @@ -0,0 +1,21 @@ +### [CVE-2024-1545](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1545) +![](https://img.shields.io/static/v1?label=Product&message=wolfCrypt&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1256%3A%20Improper%20Restriction%20of%20Software%20Interfaces%20to%20Hardware%20Features&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-252%20Unchecked%20Return%20Value&color=brighgreen) + +### Description + +Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attackerĀ co-resides in the same system with a victim process toĀ disclose information and escalate privileges via Rowhammer fault injection to the RsaKey structure. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/byan-2/wolfssl +- https://github.com/lego-pirates/wolfssl +- https://github.com/wolfSSL/Arduino-wolfSSL +- https://github.com/wolfSSL/wolfssl + diff --git a/2024/CVE-2024-20017.md b/2024/CVE-2024-20017.md index 31d3d01bf..f4c5c9a31 100644 --- a/2024/CVE-2024-20017.md +++ b/2024/CVE-2024-20017.md @@ -14,4 +14,6 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/mellow-hype/cve-2024-20017 +- https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-21413.md b/2024/CVE-2024-21413.md index 47a730b60..d267a04f1 100644 --- a/2024/CVE-2024-21413.md +++ b/2024/CVE-2024-21413.md @@ -19,6 +19,7 @@ Microsoft Outlook Remote Code Execution Vulnerability #### Github - https://github.com/0xMarcio/cve +- https://github.com/Aijoo100/Aijoo100 - https://github.com/BEPb/tryhackme - https://github.com/CMNatic/CVE-2024-21413 - https://github.com/DevAkabari/CVE-2024-21413 diff --git a/2024/CVE-2024-21520.md b/2024/CVE-2024-21520.md index 5c8b2d698..0aacd941c 100644 --- a/2024/CVE-2024-21520.md +++ b/2024/CVE-2024-21520.md @@ -13,6 +13,7 @@ Versions of the package djangorestframework before 3.15.2 are vulnerable to Cros - https://security.snyk.io/vuln/SNYK-PYTHON-DJANGORESTFRAMEWORK-7252137 #### Github +- https://github.com/ch4n3-yoon/CVE-2024-21520-Demo - https://github.com/ch4n3-yoon/ch4n3-yoon - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-2236.md b/2024/CVE-2024-2236.md index 4659cbc4b..7923368d2 100644 --- a/2024/CVE-2024-2236.md +++ b/2024/CVE-2024-2236.md @@ -19,6 +19,7 @@ No PoCs from references. - https://github.com/GrigGM/05-virt-04-docker-hw - https://github.com/TimoTielens/TwT.Docker.Aspnet - https://github.com/TimoTielens/httpd-security +- https://github.com/adegoodyer/kubernetes-admin-toolkit - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/fokypoky/places-list diff --git a/2024/CVE-2024-22643.md b/2024/CVE-2024-22643.md new file mode 100644 index 000000000..725694e43 --- /dev/null +++ b/2024/CVE-2024-22643.md @@ -0,0 +1,18 @@ +### [CVE-2024-22643](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22643) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A Cross-Site Request Forgery (CSRF) vulnerability in SEO Panel version 4.10.0 allows remote attackers to perform unauthorized user password resets. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/cassis-sec/CVE +- https://github.com/cassis-sec/cassis-sec + diff --git a/2024/CVE-2024-22646.md b/2024/CVE-2024-22646.md new file mode 100644 index 000000000..25de487ef --- /dev/null +++ b/2024/CVE-2024-22646.md @@ -0,0 +1,18 @@ +### [CVE-2024-22646](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22646) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An email address enumeration vulnerability exists in the password reset function of SEO Panel version 4.10.0. This allows an attacker to guess which emails exist on the system. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/cassis-sec/CVE +- https://github.com/cassis-sec/cassis-sec + diff --git a/2024/CVE-2024-22647.md b/2024/CVE-2024-22647.md new file mode 100644 index 000000000..ae1f56969 --- /dev/null +++ b/2024/CVE-2024-22647.md @@ -0,0 +1,18 @@ +### [CVE-2024-22647](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22647) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An user enumeration vulnerability was found in SEO Panel 4.10.0. This issue occurs during user authentication, where a difference in error messages could allow an attacker to determine if a username is valid or not, enabling a brute-force attack with valid usernames. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/cassis-sec/CVE +- https://github.com/cassis-sec/cassis-sec + diff --git a/2024/CVE-2024-22648.md b/2024/CVE-2024-22648.md new file mode 100644 index 000000000..49dbcde30 --- /dev/null +++ b/2024/CVE-2024-22648.md @@ -0,0 +1,18 @@ +### [CVE-2024-22648](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22648) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A Blind SSRF vulnerability exists in the "Crawl Meta Data" functionality of SEO Panel version 4.10.0. This makes it possible for remote attackers to scan ports in the local environment. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/cassis-sec/CVE +- https://github.com/cassis-sec/cassis-sec + diff --git a/2024/CVE-2024-23897.md b/2024/CVE-2024-23897.md index c01b59d47..74e8be771 100644 --- a/2024/CVE-2024-23897.md +++ b/2024/CVE-2024-23897.md @@ -26,6 +26,7 @@ Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of - https://github.com/B4CK4TT4CK/CVE-2024-23897 - https://github.com/CKevens/CVE-2024-23897 - https://github.com/GhostTroops/TOP +- https://github.com/JAthulya/CVE-2024-23897 - https://github.com/Maalfer/CVE-2024-23897 - https://github.com/Marco-zcl/POC - https://github.com/Mr-xn/Penetration_Testing_POC diff --git a/2024/CVE-2024-24787.md b/2024/CVE-2024-24787.md index f1bd51b2f..018ce2d76 100644 --- a/2024/CVE-2024-24787.md +++ b/2024/CVE-2024-24787.md @@ -14,6 +14,7 @@ No PoCs from references. #### Github - https://github.com/LOURC0D3/CVE-2024-24787-PoC +- https://github.com/adegoodyer/kubernetes-admin-toolkit - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-24788.md b/2024/CVE-2024-24788.md index d71af971b..042fa09ee 100644 --- a/2024/CVE-2024-24788.md +++ b/2024/CVE-2024-24788.md @@ -13,6 +13,7 @@ A malformed DNS message in response to a query can cause the Lookup functions to No PoCs from references. #### Github +- https://github.com/adegoodyer/kubernetes-admin-toolkit - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/tanjiti/sec_profile diff --git a/2024/CVE-2024-24789.md b/2024/CVE-2024-24789.md index 0a0efe135..2bb971baa 100644 --- a/2024/CVE-2024-24789.md +++ b/2024/CVE-2024-24789.md @@ -13,5 +13,5 @@ The archive/zip package's handling of certain types of invalid zip files differs - https://go.dev/issue/66869 #### Github -No PoCs found on GitHub currently. +- https://github.com/adegoodyer/kubernetes-admin-toolkit diff --git a/2024/CVE-2024-24790.md b/2024/CVE-2024-24790.md new file mode 100644 index 000000000..7ad028caf --- /dev/null +++ b/2024/CVE-2024-24790.md @@ -0,0 +1,17 @@ +### [CVE-2024-24790](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24790) +![](https://img.shields.io/static/v1?label=Product&message=net%2Fnetip&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.21.11%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-180%3A%20Incorrect%20Behavior%20Order%3A%20Validate%20Before%20Canonicalize&color=brighgreen) + +### Description + +The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/adegoodyer/kubernetes-admin-toolkit + diff --git a/2024/CVE-2024-24791.md b/2024/CVE-2024-24791.md new file mode 100644 index 000000000..3aa296732 --- /dev/null +++ b/2024/CVE-2024-24791.md @@ -0,0 +1,17 @@ +### [CVE-2024-24791](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791) +![](https://img.shields.io/static/v1?label=Product&message=net%2Fhttp&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.21.12%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE%20400%3A%20Uncontrolled%20Resource%20Consumption&color=brighgreen) + +### Description + +The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/adegoodyer/kubernetes-admin-toolkit + diff --git a/2024/CVE-2024-2541.md b/2024/CVE-2024-2541.md new file mode 100644 index 000000000..eae08b798 --- /dev/null +++ b/2024/CVE-2024-2541.md @@ -0,0 +1,17 @@ +### [CVE-2024-2541](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2541) +![](https://img.shields.io/static/v1?label=Product&message=Popup%20Builder%20%E2%80%93%20Create%20highly%20converting%2C%20mobile%20friendly%20marketing%20popups.&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%204.3.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Information%20Exposure&color=brighgreen) + +### Description + +The Popup Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.3 via the Subscribers Import feature. This makes it possible for unauthenticated attackers to extract sensitive data after an administrator has imported subscribers via a CSV file. This data may include the first name, last name, e-mail address, and potentially other personally identifiable information of subscribers. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-25600.md b/2024/CVE-2024-25600.md index 91198c03b..24cab788d 100644 --- a/2024/CVE-2024-25600.md +++ b/2024/CVE-2024-25600.md @@ -40,6 +40,7 @@ Improper Control of Generation of Code ('Code Injection') vulnerability in Codee - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main - https://github.com/sampsonv/github-trending +- https://github.com/svchostmm/CVE-2024-25600-mass - https://github.com/tanjiti/sec_profile - https://github.com/wjlin0/poc-doc - https://github.com/wy876/POC diff --git a/2024/CVE-2024-26144.md b/2024/CVE-2024-26144.md index 1bf790ee6..7f60e787e 100644 --- a/2024/CVE-2024-26144.md +++ b/2024/CVE-2024-26144.md @@ -14,5 +14,6 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gmo-ierae/CVE-2024-26144-test - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-26458.md b/2024/CVE-2024-26458.md index e07a826be..84efcdb16 100644 --- a/2024/CVE-2024-26458.md +++ b/2024/CVE-2024-26458.md @@ -14,6 +14,7 @@ No PoCs from references. #### Github - https://github.com/GrigGM/05-virt-04-docker-hw +- https://github.com/adegoodyer/kubernetes-admin-toolkit - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/fokypoky/places-list diff --git a/2024/CVE-2024-26461.md b/2024/CVE-2024-26461.md index 02a1a9d4b..10f071deb 100644 --- a/2024/CVE-2024-26461.md +++ b/2024/CVE-2024-26461.md @@ -14,6 +14,7 @@ No PoCs from references. #### Github - https://github.com/GrigGM/05-virt-04-docker-hw +- https://github.com/adegoodyer/kubernetes-admin-toolkit - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/fokypoky/places-list diff --git a/2024/CVE-2024-26462.md b/2024/CVE-2024-26462.md index 53e25efa1..da1c7b12f 100644 --- a/2024/CVE-2024-26462.md +++ b/2024/CVE-2024-26462.md @@ -14,6 +14,7 @@ No PoCs from references. #### Github - https://github.com/GrigGM/05-virt-04-docker-hw +- https://github.com/adegoodyer/kubernetes-admin-toolkit - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/fokypoky/places-list diff --git a/2024/CVE-2024-29041.md b/2024/CVE-2024-29041.md index 9f30f7d16..f1fa08645 100644 --- a/2024/CVE-2024-29041.md +++ b/2024/CVE-2024-29041.md @@ -14,5 +14,6 @@ Express.js minimalist web framework for node. Versions of Express.js prior to 4. No PoCs from references. #### Github +- https://github.com/dhushyanth-h-m/Audio_Transcriber - https://github.com/qazipoor/React-Clothing-Shop diff --git a/2024/CVE-2024-29272.md b/2024/CVE-2024-29272.md index bb82d1ef7..1d4c5ed09 100644 --- a/2024/CVE-2024-29272.md +++ b/2024/CVE-2024-29272.md @@ -13,6 +13,7 @@ Arbitrary File Upload vulnerability in VvvebJs before version 1.7.5, allows unau - https://github.com/givanz/VvvebJs/issues/343 #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/NaInSec/CVE-LIST - https://github.com/awjkjflkwlekfdjs/CVE-2024-29272 - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-3094.md b/2024/CVE-2024-3094.md index a9a19e328..786a96ad1 100644 --- a/2024/CVE-2024-3094.md +++ b/2024/CVE-2024-3094.md @@ -23,6 +23,7 @@ Malicious code was discovered in the upstream tarballs of xz, starting with vers #### Github - https://github.com/0x7Fancy/0x7Fancy.github.io - https://github.com/0xlane/xz-cve-2024-3094 +- https://github.com/AndreaCicca/Sicurezza-Informatica-Presentazione - https://github.com/Bella-Bc/xz-backdoor-CVE-2024-3094-Check - https://github.com/Cas-Cornelissen/xz-vulnerability-ansible - https://github.com/CyberGuard-Foundation/CVE-2024-3094 diff --git a/2024/CVE-2024-32002.md b/2024/CVE-2024-32002.md index 256858c39..1a96266d8 100644 --- a/2024/CVE-2024-32002.md +++ b/2024/CVE-2024-32002.md @@ -32,6 +32,7 @@ No PoCs from references. - https://github.com/Goplush/CVE-2024-32002-git-rce - https://github.com/Hector65432/cve-2024-32002-1 - https://github.com/Hector65432/cve-2024-32002-2 +- https://github.com/JJoosh/CVE-2024-32002 - https://github.com/JJoosh/CVE-2024-32002-Reverse-Shell - https://github.com/JakobTheDev/cve-2024-32002-poc-aw - https://github.com/JakobTheDev/cve-2024-32002-poc-rce diff --git a/2024/CVE-2024-3282.md b/2024/CVE-2024-3282.md index 8384d71c1..be80b2394 100644 --- a/2024/CVE-2024-3282.md +++ b/2024/CVE-2024-3282.md @@ -13,5 +13,5 @@ The WP Table Builder WordPress plugin through 1.5.0 does not sanitise and escap - https://wpscan.com/vulnerability/12bf5e8e-24c9-48b9-b94c-c14ed60d7c15/ #### Github -No PoCs found on GitHub currently. +- https://github.com/20142995/nuclei-templates diff --git a/2024/CVE-2024-3400.md b/2024/CVE-2024-3400.md index 81b937ccf..f9036450e 100644 --- a/2024/CVE-2024-3400.md +++ b/2024/CVE-2024-3400.md @@ -74,6 +74,7 @@ A command injection as a result of arbitrary file creation vulnerability in the - https://github.com/sxyrxyy/CVE-2024-3400-Check - https://github.com/tanjiti/sec_profile - https://github.com/terminalJunki3/CVE-2024-3400-Checker +- https://github.com/tfrederick74656/cve-2024-3400-poc - https://github.com/tk-sawada/IPLineFinder - https://github.com/toxyl/lscve - https://github.com/vulsio/go-cve-dictionary diff --git a/2024/CVE-2024-34102.md b/2024/CVE-2024-34102.md index 5d5635ecc..36f3b6e35 100644 --- a/2024/CVE-2024-34102.md +++ b/2024/CVE-2024-34102.md @@ -16,6 +16,7 @@ Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affe - https://github.com/Mr-xn/Penetration_Testing_POC - https://github.com/Ostorlab/KEV - https://github.com/f0ur0four/Insecure-Deserialization +- https://github.com/imooaaz/exploit - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/redwaysecurity/CVEs diff --git a/2024/CVE-2024-34459.md b/2024/CVE-2024-34459.md new file mode 100644 index 000000000..92ede1d4b --- /dev/null +++ b/2024/CVE-2024-34459.md @@ -0,0 +1,17 @@ +### [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/adegoodyer/kubernetes-admin-toolkit + diff --git a/2024/CVE-2024-35325.md b/2024/CVE-2024-35325.md index a624f2451..d42ab6f1d 100644 --- a/2024/CVE-2024-35325.md +++ b/2024/CVE-2024-35325.md @@ -1,11 +1,11 @@ ### [CVE-2024-35325](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35325) ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) -![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue) ### Description -A vulnerability was found in libyaml up to 0.2.5. Affected by this issue is the function yaml_event_delete of the file /src/libyaml/src/api.c. The manipulation leads to a double-free. +** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. ### POC diff --git a/2024/CVE-2024-35326.md b/2024/CVE-2024-35326.md index 5df82f6ba..a57a8d3a3 100644 --- a/2024/CVE-2024-35326.md +++ b/2024/CVE-2024-35326.md @@ -1,11 +1,11 @@ ### [CVE-2024-35326](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35326) ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) -![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue) ### Description -libyaml v0.2.5 is vulnerable to Buffer Overflow. Affected by this issue is the function yaml_emitter_emit of the file /src/libyaml/src/emitter.c. The manipulation leads to a double-free. +** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. ### POC diff --git a/2024/CVE-2024-35328.md b/2024/CVE-2024-35328.md index 5cb78c671..c43ec2bd8 100644 --- a/2024/CVE-2024-35328.md +++ b/2024/CVE-2024-35328.md @@ -5,7 +5,7 @@ ### Description -libyaml v0.2.5 is vulnerable to DDOS. Affected by this issue is the function yaml_parser_parse of the file /src/libyaml/src/parser.c. +** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. ### POC diff --git a/2024/CVE-2024-3661.md b/2024/CVE-2024-3661.md index 39831795d..d74d01eed 100644 --- a/2024/CVE-2024-3661.md +++ b/2024/CVE-2024-3661.md @@ -23,5 +23,6 @@ DHCP can add routes to a clientā€™s routing table via the classless static route - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/giterlizzi/secdb-feeds - https://github.com/leviathansecurity/TunnelVision +- https://github.com/superit23/arcanetrickster - https://github.com/tanjiti/sec_profile diff --git a/2024/CVE-2024-3673.md b/2024/CVE-2024-3673.md new file mode 100644 index 000000000..435bdfb32 --- /dev/null +++ b/2024/CVE-2024-3673.md @@ -0,0 +1,17 @@ +### [CVE-2024-3673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3673) +![](https://img.shields.io/static/v1?label=Product&message=Web%20Directory%20Free&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.7.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen) + +### Description + +The Web Directory Free WordPress plugin before 1.7.3 does not validate a parameter before using it in an include(), which could lead to Local File Inclusion issues. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/0e8930cb-e176-4406-a43f-a6032471debf/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-3679.md b/2024/CVE-2024-3679.md new file mode 100644 index 000000000..8bc0fc859 --- /dev/null +++ b/2024/CVE-2024-3679.md @@ -0,0 +1,17 @@ +### [CVE-2024-3679](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3679) +![](https://img.shields.io/static/v1?label=Product&message=Premium%20SEO%20Pack%20%E2%80%93%20WP%20SEO%20Plugin&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.6.001%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Information%20Exposure&color=brighgreen) + +### Description + +The Premium SEO Pack ā€“ WP SEO Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.001. This makes it possible for unauthenticated attackers to view limited information from password protected posts through the social meta data. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-36827.md b/2024/CVE-2024-36827.md new file mode 100644 index 000000000..a3dbe3079 --- /dev/null +++ b/2024/CVE-2024-36827.md @@ -0,0 +1,17 @@ +### [CVE-2024-36827](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36827) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An XML External Entity (XXE) vulnerability in the ebookmeta.get_metadata function of ebookmeta before v1.2.8 allows attackers to access sensitive information or cause a Denial of Service (DoS) via crafted XML input. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/peri0d/my-vulnerability + diff --git a/2024/CVE-2024-3727.md b/2024/CVE-2024-3727.md index 66a424a06..42b63f140 100644 --- a/2024/CVE-2024-3727.md +++ b/2024/CVE-2024-3727.md @@ -5,9 +5,10 @@ ![](https://img.shields.io/static/v1?label=Product&message=OpenShift%20Developer%20Tools%20and%20Services&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=OpenShift%20Serverless&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=OpenShift%20Source-to-Image%20(S2I)%20Builder%20Image&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=RHEL-9-CNV-4.15&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Advanced%20Cluster%20Management%20for%20Kubernetes%202&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Advanced%20Cluster%20Security%203&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Advanced%20Cluster%20Security%204&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Advanced%20Cluster%20Security%204.4&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Ansible%20Automation%20Platform%201.2&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Ansible%20Automation%20Platform%202&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue) diff --git a/2024/CVE-2024-38063.md b/2024/CVE-2024-38063.md index 6162c2b95..1291d09fa 100644 --- a/2024/CVE-2024-38063.md +++ b/2024/CVE-2024-38063.md @@ -53,9 +53,12 @@ No PoCs from references. #### Github - https://github.com/0xMarcio/cve +- https://github.com/GhostTroops/TOP - https://github.com/being1943/my_rss_reader +- https://github.com/fire17/awesome-stars - https://github.com/kherrick/hacker-news - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/tanjiti/sec_profile +- https://github.com/zenzue/CVE-2024-38063-POC - https://github.com/zhaoolee/garss diff --git a/2024/CVE-2024-3850.md b/2024/CVE-2024-3850.md index 79f141d8e..5ad958d10 100644 --- a/2024/CVE-2024-3850.md +++ b/2024/CVE-2024-3850.md @@ -13,5 +13,5 @@ Uniview NVR301-04S2-P4 is vulnerable to reflected cross-site scripting attack (X - https://www.cisa.gov/news-events/ics-advisories/icsa-24-156-01 #### Github -No PoCs found on GitHub currently. +- https://github.com/20142995/nuclei-templates diff --git a/2024/CVE-2024-38693.md b/2024/CVE-2024-38693.md new file mode 100644 index 000000000..18a9bdc1d --- /dev/null +++ b/2024/CVE-2024-38693.md @@ -0,0 +1,17 @@ +### [CVE-2024-38693](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38693) +![](https://img.shields.io/static/v1?label=Product&message=WP%20User%20Frontend&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP User Frontend allows SQL Injection.This issue affects WP User Frontend: from n/a through 4.0.7. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-38793.md b/2024/CVE-2024-38793.md new file mode 100644 index 000000000..ae6dcabcd --- /dev/null +++ b/2024/CVE-2024-38793.md @@ -0,0 +1,17 @@ +### [CVE-2024-38793](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38793) +![](https://img.shields.io/static/v1?label=Product&message=Best%20Restaurant%20Menu%20by%20PriceListo&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PriceListo Best Restaurant Menu by PriceListo allows SQL Injection.This issue affects Best Restaurant Menu by PriceListo: from n/a through 1.4.1. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-3944.md b/2024/CVE-2024-3944.md new file mode 100644 index 000000000..4aae63adf --- /dev/null +++ b/2024/CVE-2024-3944.md @@ -0,0 +1,17 @@ +### [CVE-2024-3944](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3944) +![](https://img.shields.io/static/v1?label=Product&message=WP%20To%20Do&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.3.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +The WP To Do plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Comment in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-39638.md b/2024/CVE-2024-39638.md new file mode 100644 index 000000000..30dfe46d0 --- /dev/null +++ b/2024/CVE-2024-39638.md @@ -0,0 +1,17 @@ +### [CVE-2024-39638](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39638) +![](https://img.shields.io/static/v1?label=Product&message=Registrations%20for%20the%20Events%20Calendar&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Roundup WP Registrations for the Events Calendar allows SQL Injection.This issue affects Registrations for the Events Calendar: from n/a through 2.12.2. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-39653.md b/2024/CVE-2024-39653.md new file mode 100644 index 000000000..3f1122e2e --- /dev/null +++ b/2024/CVE-2024-39653.md @@ -0,0 +1,17 @@ +### [CVE-2024-39653](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39653) +![](https://img.shields.io/static/v1?label=Product&message=VikRentCar&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in E4J s.R.L. VikRentCar allows SQL Injection.This issue affects VikRentCar: from n/a through 1.4.0. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-39658.md b/2024/CVE-2024-39658.md new file mode 100644 index 000000000..096114ccd --- /dev/null +++ b/2024/CVE-2024-39658.md @@ -0,0 +1,17 @@ +### [CVE-2024-39658](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39658) +![](https://img.shields.io/static/v1?label=Product&message=Salon%20booking%20system&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Salon Booking System Salon booking system allows SQL Injection.This issue affects Salon booking system: from n/a through 10.7. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-39717.md b/2024/CVE-2024-39717.md new file mode 100644 index 000000000..fee5b5281 --- /dev/null +++ b/2024/CVE-2024-39717.md @@ -0,0 +1,17 @@ +### [CVE-2024-39717](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39717) +![](https://img.shields.io/static/v1?label=Product&message=Director&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=21.2.2%3C%3D%2021.2.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The Versa Director GUI provides an option to customize the look and feel of the user interface. This option is only available for a user logged with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin. (Tenant level users do not have this privilege). The ā€œChange Faviconā€ (Favorite Icon) option can be mis-used to upload a malicious file ending with .png extension to masquerade as image file. This is possible only after a user with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin has successfully authenticated and logged in. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Ostorlab/KEV + diff --git a/2024/CVE-2024-40348.md b/2024/CVE-2024-40348.md index bf42f9874..2b3a05145 100644 --- a/2024/CVE-2024-40348.md +++ b/2024/CVE-2024-40348.md @@ -15,6 +15,7 @@ No PoCs from references. #### Github - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/qiuluo-oss/Tiger +- https://github.com/tanjiti/sec_profile - https://github.com/wy876/POC - https://github.com/wy876/wiki diff --git a/2024/CVE-2024-40505.md b/2024/CVE-2024-40505.md new file mode 100644 index 000000000..c7ddf7117 --- /dev/null +++ b/2024/CVE-2024-40505.md @@ -0,0 +1,17 @@ +### [CVE-2024-40505](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40505) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +**UNSUPPORTED WHEN ASSIGNED** Directory Traversal vulnerability in D-Link DAP-1650 Firmware v.1.03 allows a local attacker to escalate privileges via the hedwig.cgi component. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/coldwx/coldwx.github.io + diff --git a/2024/CVE-2024-40530.md b/2024/CVE-2024-40530.md index cc1b1bcf0..5c0bff18c 100644 --- a/2024/CVE-2024-40530.md +++ b/2024/CVE-2024-40530.md @@ -5,7 +5,7 @@ ### Description -Insecure Permissions vulnerability in UAB Lexita PanteraCRM CMS v.401.152 and Patera CRM CMS v.402.072 allows a remote attacker to execute arbitrary code via modification of the X-Forwarded-For header component. +A vulnerability in Pantera CRM versions 401.152 and 402.072 allows unauthorized attackers to bypass IP-based access controls by manipulating the X-Forwarded-For header. ### POC diff --git a/2024/CVE-2024-4067.md b/2024/CVE-2024-4067.md index dd8283260..0d6e84601 100644 --- a/2024/CVE-2024-4067.md +++ b/2024/CVE-2024-4067.md @@ -1,11 +1,11 @@ ### [CVE-2024-4067](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4067) ![](https://img.shields.io/static/v1?label=Product&message=micromatch&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%204.05%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1333%3A%20Inefficient%20Regular%20Expression%20Complexity&color=brighgreen) ### Description -The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching. +The NPM package `micromatch` prior to 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching. This issue was fixed in version 4.0.8. ### POC diff --git a/2024/CVE-2024-40766.md b/2024/CVE-2024-40766.md new file mode 100644 index 000000000..d488cbd5c --- /dev/null +++ b/2024/CVE-2024-40766.md @@ -0,0 +1,17 @@ +### [CVE-2024-40766](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40766) +![](https://img.shields.io/static/v1?label=Product&message=SonicOS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%205.9.2.14-12o%20and%20older%20versions%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%20Improper%20Access%20Control&color=brighgreen) + +### Description + +An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Ostorlab/KEV + diff --git a/2024/CVE-2024-41661.md b/2024/CVE-2024-41661.md index b9db00414..ac3e76782 100644 --- a/2024/CVE-2024-41661.md +++ b/2024/CVE-2024-41661.md @@ -1,11 +1,11 @@ ### [CVE-2024-41661](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41661) -![](https://img.shields.io/static/v1?label=Product&message=rengine&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%201.2.0%2C%20%3C%3D%202.1.1%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%3A%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20OS%20Command%20('OS%20Command%20Injection')&color=brighgreen) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue) ### Description -reNgine is an automated reconnaissance framework for web applications. In versions 1.2.0 through 2.1.1, an authenticated command injection vulnerability in the WAF detection tool allows an authenticated attacker to remotely execute arbitrary commands as root user. The URL query parameter `url` is passed to `subprocess.check_output` without any sanitization, resulting in a command injection vulnerability. This API endpoint is accessible by authenticated users with any use role. Because the process runs as `root`, an attacker has root access. Commit edd3c85ee16f93804ad38dac5602549d2d30a93e contains a patch for the issue. +** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-50094. Reason: This candidate is a duplicate of CVE-2023-50094. Notes: All CVE users should reference CVE-2023-50094 instead of this candidate. ### POC diff --git a/2024/CVE-2024-42477.md b/2024/CVE-2024-42477.md index fb7919da0..2e997eec5 100644 --- a/2024/CVE-2024-42477.md +++ b/2024/CVE-2024-42477.md @@ -14,5 +14,6 @@ llama.cpp provides LLM inference in C/C++. The unsafe `type` member in the `rpc_ - https://github.com/ggerganov/llama.cpp/security/advisories/GHSA-mqp6-7pv6-fqjf #### Github +- https://github.com/7resp4ss/7resp4ss - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-42478.md b/2024/CVE-2024-42478.md index 1d572a2e7..ce541f9c5 100644 --- a/2024/CVE-2024-42478.md +++ b/2024/CVE-2024-42478.md @@ -14,5 +14,6 @@ llama.cpp provides LLM inference in C/C++. The unsafe `data` pointer member in t - https://github.com/ggerganov/llama.cpp/security/advisories/GHSA-5vm9-p64x-gqw9 #### Github +- https://github.com/7resp4ss/7resp4ss - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-42479.md b/2024/CVE-2024-42479.md index 0c1665d90..34075e35a 100644 --- a/2024/CVE-2024-42479.md +++ b/2024/CVE-2024-42479.md @@ -14,5 +14,6 @@ llama.cpp provides LLM inference in C/C++. The unsafe `data` pointer member in t - https://github.com/ggerganov/llama.cpp/security/advisories/GHSA-wcr5-566p-9cwj #### Github +- https://github.com/7resp4ss/7resp4ss - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-42900.md b/2024/CVE-2024-42900.md new file mode 100644 index 000000000..cabd7a464 --- /dev/null +++ b/2024/CVE-2024-42900.md @@ -0,0 +1,17 @@ +### [CVE-2024-42900](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42900) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Ruoyi v4.7.9 and before was discovered to contain a cross-site scripting (XSS) vulnerability via the sql parameter of the createTable() function at /tool/gen/create. + +### POC + +#### Reference +- https://g03m0n.github.io/posts/cve-2024-42900/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-42913.md b/2024/CVE-2024-42913.md new file mode 100644 index 000000000..cf4b0d2b1 --- /dev/null +++ b/2024/CVE-2024-42913.md @@ -0,0 +1,17 @@ +### [CVE-2024-42913](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42913) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +RuoYi CMS v4.7.9 was discovered to contain a SQL injection vulnerability via the job_id parameter at /sasfs1. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-43132.md b/2024/CVE-2024-43132.md new file mode 100644 index 000000000..4d2aabb3c --- /dev/null +++ b/2024/CVE-2024-43132.md @@ -0,0 +1,17 @@ +### [CVE-2024-43132](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43132) +![](https://img.shields.io/static/v1?label=Product&message=Docket%20(WooCommerce%20Collections%20%2F%20Wishlist%20%2F%20Watchlist)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPWeb Elite Docket (WooCommerce Collections / Wishlist / Watchlist) allows SQL Injection.This issue affects Docket (WooCommerce Collections / Wishlist / Watchlist): from n/a before 1.7.0. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43144.md b/2024/CVE-2024-43144.md new file mode 100644 index 000000000..8cd01edf5 --- /dev/null +++ b/2024/CVE-2024-43144.md @@ -0,0 +1,17 @@ +### [CVE-2024-43144](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43144) +![](https://img.shields.io/static/v1?label=Product&message=Cost%20Calculator%20Builder&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Cost Calculator Builder allows SQL Injection.This issue affects Cost Calculator Builder: from n/a through 3.2.15. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43399.md b/2024/CVE-2024-43399.md index ef4d432e5..d6dc3cd0c 100644 --- a/2024/CVE-2024-43399.md +++ b/2024/CVE-2024-43399.md @@ -13,5 +13,5 @@ Mobile Security Framework (MobSF) is a pen-testing, malware analysis and securit - https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-4hh3-vj32-gr6j #### Github -No PoCs found on GitHub currently. +- https://github.com/Ostorlab/KEV diff --git a/2024/CVE-2024-43444.md b/2024/CVE-2024-43444.md index c05854a2a..9f64c5d3c 100644 --- a/2024/CVE-2024-43444.md +++ b/2024/CVE-2024-43444.md @@ -1,7 +1,7 @@ ### [CVE-2024-43444](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43444) ![](https://img.shields.io/static/v1?label=Product&message=((OTRS))%20Community%20Edition&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=OTRS&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=7.0.x%3C%3D%207.0.50%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-532%20Insertion%20of%20Sensitive%20Information%20into%20Log%20File&color=brighgreen) ### Description diff --git a/2024/CVE-2024-43884.md b/2024/CVE-2024-43884.md index 6d9f339c9..45ccef50a 100644 --- a/2024/CVE-2024-43884.md +++ b/2024/CVE-2024-43884.md @@ -1,6 +1,6 @@ ### [CVE-2024-43884](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43884) ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=5157b8a503fa%3C%20538fd3921afa%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=5157b8a503fa%3C%205da288429232%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description diff --git a/2024/CVE-2024-43915.md b/2024/CVE-2024-43915.md new file mode 100644 index 000000000..73ac2a92d --- /dev/null +++ b/2024/CVE-2024-43915.md @@ -0,0 +1,17 @@ +### [CVE-2024-43915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43915) +![](https://img.shields.io/static/v1?label=Product&message=Zephyr%20Project%20Manager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dylan James Zephyr Project Manager allows Reflected XSS.This issue affects Zephyr Project Manager: from n/a through .3.102. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43916.md b/2024/CVE-2024-43916.md new file mode 100644 index 000000000..2ecaf9baa --- /dev/null +++ b/2024/CVE-2024-43916.md @@ -0,0 +1,17 @@ +### [CVE-2024-43916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43916) +![](https://img.shields.io/static/v1?label=Product&message=Zephyr%20Project%20Manager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-639%20Authorization%20Bypass%20Through%20User-Controlled%20Key&color=brighgreen) + +### Description + +Authorization Bypass Through User-Controlled Key vulnerability in Dylan James Zephyr Project Manager.This issue affects Zephyr Project Manager: from n/a through 3.3.102. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43917.md b/2024/CVE-2024-43917.md new file mode 100644 index 000000000..f7a9f8828 --- /dev/null +++ b/2024/CVE-2024-43917.md @@ -0,0 +1,17 @@ +### [CVE-2024-43917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43917) +![](https://img.shields.io/static/v1?label=Product&message=TI%20WooCommerce%20Wishlist&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%202.8.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TemplateInvaders TI WooCommerce Wishlist allows SQL Injection.This issue affects TI WooCommerce Wishlist: from n/a through 2.8.2. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43918.md b/2024/CVE-2024-43918.md new file mode 100644 index 000000000..d78d69a44 --- /dev/null +++ b/2024/CVE-2024-43918.md @@ -0,0 +1,17 @@ +### [CVE-2024-43918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43918) +![](https://img.shields.io/static/v1?label=Product&message=WBW%20Product%20Table%20PRO&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW WBW Product Table PRO allows SQL Injection.This issue affects WBW Product Table PRO: from n/a through 1.9.4. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43952.md b/2024/CVE-2024-43952.md new file mode 100644 index 000000000..eaa47fdbf --- /dev/null +++ b/2024/CVE-2024-43952.md @@ -0,0 +1,17 @@ +### [CVE-2024-43952](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43952) +![](https://img.shields.io/static/v1?label=Product&message=Esotera&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.2.5.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Esotera allows Stored XSS.This issue affects Esotera: from n/a through 1.2.5.1. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43953.md b/2024/CVE-2024-43953.md new file mode 100644 index 000000000..2af3ff60a --- /dev/null +++ b/2024/CVE-2024-43953.md @@ -0,0 +1,17 @@ +### [CVE-2024-43953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43953) +![](https://img.shields.io/static/v1?label=Product&message=Classic%20Addons%20%E2%80%93%20WPBakery%20Page%20Builder&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%203.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Classic Addons Classic Addons ā€“ WPBakery Page Builder allows Stored XSS.This issue affects Classic Addons ā€“ WPBakery Page Builder: from n/a through 3.0. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43954.md b/2024/CVE-2024-43954.md new file mode 100644 index 000000000..bee24624f --- /dev/null +++ b/2024/CVE-2024-43954.md @@ -0,0 +1,17 @@ +### [CVE-2024-43954](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43954) +![](https://img.shields.io/static/v1?label=Product&message=Droip&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.1.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-863%20Incorrect%20Authorization&color=brighgreen) + +### Description + +Incorrect Authorization vulnerability in Themeum Droip allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Droip: from n/a through 1.1.1. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43955.md b/2024/CVE-2024-43955.md new file mode 100644 index 000000000..3d83e69d5 --- /dev/null +++ b/2024/CVE-2024-43955.md @@ -0,0 +1,17 @@ +### [CVE-2024-43955](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43955) +![](https://img.shields.io/static/v1?label=Product&message=Droip&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.1.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen) + +### Description + +Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themeum Droip allows File Manipulation.This issue affects Droip: from n/a through 1.1.1. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43958.md b/2024/CVE-2024-43958.md new file mode 100644 index 000000000..28c1f48dd --- /dev/null +++ b/2024/CVE-2024-43958.md @@ -0,0 +1,17 @@ +### [CVE-2024-43958](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43958) +![](https://img.shields.io/static/v1?label=Product&message=IntoTheDark&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.0.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gianni Porto IntoTheDark allows Reflected XSS.This issue affects IntoTheDark: from n/a through 1.0.5. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43960.md b/2024/CVE-2024-43960.md new file mode 100644 index 000000000..2b7e0b9f7 --- /dev/null +++ b/2024/CVE-2024-43960.md @@ -0,0 +1,17 @@ +### [CVE-2024-43960](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43960) +![](https://img.shields.io/static/v1?label=Product&message=Web%20and%20WooCommerce%20Addons%20for%20WPBakery%20Builder&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.4.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Page Builder Addons Web and WooCommerce Addons for WPBakery Builder allows Stored XSS.This issue affects Web and WooCommerce Addons for WPBakery Builder: from n/a through 1.4.6. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43963.md b/2024/CVE-2024-43963.md new file mode 100644 index 000000000..db8f81289 --- /dev/null +++ b/2024/CVE-2024-43963.md @@ -0,0 +1,17 @@ +### [CVE-2024-43963](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43963) +![](https://img.shields.io/static/v1?label=Product&message=YellowPencil%20Visual%20CSS%20Style%20Editor&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WaspThemes YellowPencil Visual CSS Style Editor allows Reflected XSS.This issue affects YellowPencil Visual CSS Style Editor: from n/a through 7.6.1. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43966.md b/2024/CVE-2024-43966.md index 461abe971..3de261bc1 100644 --- a/2024/CVE-2024-43966.md +++ b/2024/CVE-2024-43966.md @@ -13,5 +13,6 @@ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti No PoCs from references. #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-43967.md b/2024/CVE-2024-43967.md new file mode 100644 index 000000000..ea7b079c8 --- /dev/null +++ b/2024/CVE-2024-43967.md @@ -0,0 +1,17 @@ +### [CVE-2024-43967](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43967) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Testimonial%20Widget&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%203.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Stark Digital WP Testimonial Widget allows Stored XSS.This issue affects WP Testimonial Widget: from n/a through 3.1. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-44070.md b/2024/CVE-2024-44070.md new file mode 100644 index 000000000..80ad32c13 --- /dev/null +++ b/2024/CVE-2024-44070.md @@ -0,0 +1,17 @@ +### [CVE-2024-44070](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44070) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in FRRouting (FRR) through 10.1. bgp_attr_encap in bgpd/bgp_attr.c does not check the actual remaining stream length before taking the TLV value. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-44340.md b/2024/CVE-2024-44340.md new file mode 100644 index 000000000..4e0e56801 --- /dev/null +++ b/2024/CVE-2024-44340.md @@ -0,0 +1,17 @@ +### [CVE-2024-44340](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44340) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via keys smartqos_express_devices and smartqos_normal_devices in SetSmartQoSSettings. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-44341.md b/2024/CVE-2024-44341.md new file mode 100644 index 000000000..6f7a6b7fc --- /dev/null +++ b/2024/CVE-2024-44341.md @@ -0,0 +1,17 @@ +### [CVE-2024-44341](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44341) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the lan(0)_dhcps_staticlist parameter. This vulnerability is exploited via a crafted POST request. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-44342.md b/2024/CVE-2024-44342.md new file mode 100644 index 000000000..767d5df0a --- /dev/null +++ b/2024/CVE-2024-44342.md @@ -0,0 +1,17 @@ +### [CVE-2024-44342](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44342) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the wl(0).(0)_ssid parameter. This vulnerability is exploited via a crafted POST request. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-44760.md b/2024/CVE-2024-44760.md new file mode 100644 index 000000000..55a24a329 --- /dev/null +++ b/2024/CVE-2024-44760.md @@ -0,0 +1,17 @@ +### [CVE-2024-44760](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44760) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Incorrect access control in the component /servlet/SnoopServlet of Shenzhou News Union Enterprise Management System v5.0 through v18.8 allows attackers to access sensitive information regarding the server. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-44761.md b/2024/CVE-2024-44761.md new file mode 100644 index 000000000..93ef7074b --- /dev/null +++ b/2024/CVE-2024-44761.md @@ -0,0 +1,17 @@ +### [CVE-2024-44761](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44761) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in EQ Enterprise Management System before v2.0.0 allows attackers to execute a directory traversal via crafted requests. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-44776.md b/2024/CVE-2024-44776.md new file mode 100644 index 000000000..106f08be7 --- /dev/null +++ b/2024/CVE-2024-44776.md @@ -0,0 +1,17 @@ +### [CVE-2024-44776](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44776) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An Open Redirect vulnerability in the page parameter of vTiger CRM v7.4.0 allows attackers to redirect users to a malicious site via a crafted URL. + +### POC + +#### Reference +- https://packetstormsecurity.com/files/180461/vTiger-CRM-7.4.0-Open-Redirection.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-44777.md b/2024/CVE-2024-44777.md new file mode 100644 index 000000000..52281a737 --- /dev/null +++ b/2024/CVE-2024-44777.md @@ -0,0 +1,17 @@ +### [CVE-2024-44777](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44777) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A reflected cross-site scripting (XSS) vulnerability in the tag parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. + +### POC + +#### Reference +- https://packetstormsecurity.com/files/180462/vTiger-CRM-7.4.0-Cross-Site-Scripting.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-44778.md b/2024/CVE-2024-44778.md new file mode 100644 index 000000000..65381a23e --- /dev/null +++ b/2024/CVE-2024-44778.md @@ -0,0 +1,17 @@ +### [CVE-2024-44778](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44778) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A reflected cross-site scripting (XSS) vulnerability in the parent parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. + +### POC + +#### Reference +- https://packetstormsecurity.com/files/180462/vTiger-CRM-7.4.0-Cross-Site-Scripting.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-44779.md b/2024/CVE-2024-44779.md new file mode 100644 index 000000000..6a13245b6 --- /dev/null +++ b/2024/CVE-2024-44779.md @@ -0,0 +1,17 @@ +### [CVE-2024-44779](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44779) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A reflected cross-site scripting (XSS) vulnerability in the viewname parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. + +### POC + +#### Reference +- https://packetstormsecurity.com/files/180462/vTiger-CRM-7.4.0-Cross-Site-Scripting.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-44913.md b/2024/CVE-2024-44913.md new file mode 100644 index 000000000..cd5f2fcb0 --- /dev/null +++ b/2024/CVE-2024-44913.md @@ -0,0 +1,17 @@ +### [CVE-2024-44913](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44913) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in the component EXR!ReadEXR+0x40ef1 of Irfanview v4.67.1.0 allows attackers to cause an access violation via a crafted EXR file. This vulnerability can lead to a Denial of Service (DoS). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-44914.md b/2024/CVE-2024-44914.md new file mode 100644 index 000000000..e86b49d46 --- /dev/null +++ b/2024/CVE-2024-44914.md @@ -0,0 +1,17 @@ +### [CVE-2024-44914](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44914) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in the component EXR!ReadEXR+0x3df50 of Irfanview v4.67.1.0 allows attackers to cause an access violation via a crafted EXR file. This vulnerability can lead to a Denial of Service (DoS). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-44915.md b/2024/CVE-2024-44915.md new file mode 100644 index 000000000..6158bf63f --- /dev/null +++ b/2024/CVE-2024-44915.md @@ -0,0 +1,17 @@ +### [CVE-2024-44915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44915) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in the component EXR!ReadEXR+0x4eef0 of Irfanview v4.67.1.0 allows attackers to cause an access violation via a crafted EXR file. This vulnerability can lead to a Denial of Service (DoS). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-44919.md b/2024/CVE-2024-44919.md new file mode 100644 index 000000000..6ab128b27 --- /dev/null +++ b/2024/CVE-2024-44919.md @@ -0,0 +1,17 @@ +### [CVE-2024-44919](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44919) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A cross-site scripting (XSS) vulnerability in the component admin_ads.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ad description parameter. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-4497.md b/2024/CVE-2024-4497.md index 33f5f3d0e..208bd2b04 100644 --- a/2024/CVE-2024-4497.md +++ b/2024/CVE-2024-4497.md @@ -11,6 +11,7 @@ A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been declared as c #### Reference - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/i/i21/formexeCommand.md +- https://vuldb.com/?id.263086 #### Github - https://github.com/LaPhilosophie/IoT-vulnerable diff --git a/2024/CVE-2024-45163.md b/2024/CVE-2024-45163.md index 558b994c0..1088fd555 100644 --- a/2024/CVE-2024-45163.md +++ b/2024/CVE-2024-45163.md @@ -16,4 +16,5 @@ The Mirai botnet through 2024-08-19 mishandles simultaneous TCP connections to t #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-45232.md b/2024/CVE-2024-45232.md new file mode 100644 index 000000000..6129a6934 --- /dev/null +++ b/2024/CVE-2024-45232.md @@ -0,0 +1,17 @@ +### [CVE-2024-45232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45232) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in powermail extension through 12.3.5 for TYPO3. It fails to validate the mail parameter of the confirmationAction, resulting in Insecure Direct Object Reference (IDOR). An unauthenticated attacker can use this to display the user-submitted data of all forms persisted by the extension. This can only be exploited when the extension is configured to save submitted form data to the database (plugin.tx_powermail.settings.db.enable=1), which however is the default setting of the extension. The fixed versions are 7.5.0, 8.5.0, 10.9.0, and 12.4.0 + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-45233.md b/2024/CVE-2024-45233.md new file mode 100644 index 000000000..2e02fd2b2 --- /dev/null +++ b/2024/CVE-2024-45233.md @@ -0,0 +1,17 @@ +### [CVE-2024-45233](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45233) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in powermail extension through 12.3.5 for TYPO3. Several actions in the OutputController can directly be called, due to missing or insufficiently implemented access checks, resulting in Broken Access Control. Depending on the configuration of the Powermail Frontend plugins, an unauthenticated attacker can exploit this to edit, update, delete, or export data of persisted forms. This can only be exploited when the Powermail Frontend plugins are used. The fixed versions are 7.5.0, 8.5.0, 10.9.0, and 12.4.0. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-45241.md b/2024/CVE-2024-45241.md index 497963bdf..42b8f5f9b 100644 --- a/2024/CVE-2024-45241.md +++ b/2024/CVE-2024-45241.md @@ -13,5 +13,6 @@ A traversal vulnerability in GeneralDocs.aspx in CentralSquare CryWolf (False Al No PoCs from references. #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-45264.md b/2024/CVE-2024-45264.md new file mode 100644 index 000000000..2fb669115 --- /dev/null +++ b/2024/CVE-2024-45264.md @@ -0,0 +1,18 @@ +### [CVE-2024-45264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45264) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A cross-site request forgery (CSRF) vulnerability in the admin panel in SkySystem Arfa-CMS before 5.1.3124 allows remote attackers to add a new administrator, leading to escalation of privileges. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-45435.md b/2024/CVE-2024-45435.md new file mode 100644 index 000000000..29336bc99 --- /dev/null +++ b/2024/CVE-2024-45435.md @@ -0,0 +1,17 @@ +### [CVE-2024-45435](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45435) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Chartist 1.x through 1.3.0 allows Prototype Pollution via the extend function. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-45436.md b/2024/CVE-2024-45436.md new file mode 100644 index 000000000..238335039 --- /dev/null +++ b/2024/CVE-2024-45436.md @@ -0,0 +1,17 @@ +### [CVE-2024-45436](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45436) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +extractFromZipFile in model.go in Ollama before 0.1.47 can extract members of a ZIP archive outside of the parent directory. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-45491.md b/2024/CVE-2024-45491.md new file mode 100644 index 000000000..910e275ae --- /dev/null +++ b/2024/CVE-2024-45491.md @@ -0,0 +1,17 @@ +### [CVE-2024-45491](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45491) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-45492.md b/2024/CVE-2024-45492.md new file mode 100644 index 000000000..e1c857782 --- /dev/null +++ b/2024/CVE-2024-45492.md @@ -0,0 +1,17 @@ +### [CVE-2024-45492](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45492) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-4872.md b/2024/CVE-2024-4872.md new file mode 100644 index 000000000..bff40f05b --- /dev/null +++ b/2024/CVE-2024-4872.md @@ -0,0 +1,17 @@ +### [CVE-2024-4872](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4872) +![](https://img.shields.io/static/v1?label=Product&message=MicroSCADA%20SYS600&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=10.0%3C%3D%2010.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +The product does not validate any query towards persistentdata, resulting in a risk of injection attacks. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-5057.md b/2024/CVE-2024-5057.md new file mode 100644 index 000000000..a99f1e15f --- /dev/null +++ b/2024/CVE-2024-5057.md @@ -0,0 +1,17 @@ +### [CVE-2024-5057](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5057) +![](https://img.shields.io/static/v1?label=Product&message=Easy%20Digital%20Downloads&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Easy Digital Downloads allows SQL Injection.This issue affects Easy Digital Downloads: from n/a through 3.2.12. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-5274.md b/2024/CVE-2024-5274.md index 27a707448..ba8172174 100644 --- a/2024/CVE-2024-5274.md +++ b/2024/CVE-2024-5274.md @@ -10,9 +10,10 @@ Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote a ### POC #### Reference -No PoCs from references. +- https://issues.chromium.org/issues/341663589 #### Github +- https://github.com/DarkNavySecurity/PoC - https://github.com/kip93/kip93 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-5288.md b/2024/CVE-2024-5288.md new file mode 100644 index 000000000..bf6de9483 --- /dev/null +++ b/2024/CVE-2024-5288.md @@ -0,0 +1,18 @@ +### [CVE-2024-5288](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5288) +![](https://img.shields.io/static/v1?label=Product&message=wolfSSL&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%205.7.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-922%20Insecure%20Storage%20of%20Sensitive%20Information&color=brighgreen) + +### Description + +An issue was discovered in wolfSSL before 5.7.0. A safe-error attack via Rowhammer, namely FAULT+PROBE, leads to ECDSA key disclosure. When WOLFSSL_CHECK_SIG_FAULTS is used in signing operations with private ECC keys,such as in server-side TLS connections, the connection is halted if any fault occurs.Ā The success rate in a certain amount of connection requests can be processed via an advanced technique for ECDSA key recovery. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/wolfSSL/Arduino-wolfSSL +- https://github.com/wolfSSL/wolfssl + diff --git a/2024/CVE-2024-5417.md b/2024/CVE-2024-5417.md new file mode 100644 index 000000000..5f65c79cc --- /dev/null +++ b/2024/CVE-2024-5417.md @@ -0,0 +1,17 @@ +### [CVE-2024-5417](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5417) +![](https://img.shields.io/static/v1?label=Product&message=Gutentor&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.3.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Gutentor WordPress plugin before 3.3.6 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/fb7d6839-9ccb-4a0f-9dca-d6841f666a1b/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-5469.md b/2024/CVE-2024-5469.md new file mode 100644 index 000000000..b4581fb8e --- /dev/null +++ b/2024/CVE-2024-5469.md @@ -0,0 +1,17 @@ +### [CVE-2024-5469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5469) +![](https://img.shields.io/static/v1?label=Product&message=GitLab&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=16.10.0%3C%2016.10.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%3A%20Uncontrolled%20Resource%20Consumption&color=brighgreen) + +### Description + +DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0 prior to 16.10.6 and 16.11.0 prior to 16.11.3 allows an attacker to crash KAS via crafted gRPC requests. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-5499.md b/2024/CVE-2024-5499.md new file mode 100644 index 000000000..f59cf001c --- /dev/null +++ b/2024/CVE-2024-5499.md @@ -0,0 +1,17 @@ +### [CVE-2024-5499](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5499) +![](https://img.shields.io/static/v1?label=Product&message=Chrome&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=125.0.6422.141%3C%20125.0.6422.141%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Out%20of%20bounds%20write&color=brighgreen) + +### Description + +Out of bounds write in Streams API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) + +### POC + +#### Reference +- https://issues.chromium.org/issues/339877167 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-5651.md b/2024/CVE-2024-5651.md new file mode 100644 index 000000000..5c2fb34c0 --- /dev/null +++ b/2024/CVE-2024-5651.md @@ -0,0 +1,17 @@ +### [CVE-2024-5651](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5651) +![](https://img.shields.io/static/v1?label=Product&message=Fence%20Agents%20Remediation%200.4%20for%20RHEL%208&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Control%20of%20Generation%20of%20Code%20('Code%20Injection')&color=brighgreen) + +### Description + +A flaw was found in fence agents that rely on SSH/Telnet. This vulnerability can allow a Remote Code Execution (RCE) primitive by supplying an arbitrary command to execute in the --ssh-path/--telnet-path arguments. A low-privilege user, for example, a user with developer access, can create a specially crafted FenceAgentsRemediation for a fence agent supportingĀ  --ssh-path/--telnet-path arguments to execute arbitrary commands on the operator's pod. This RCE leads to a privilege escalation, first as the service account running the operator, then to another service account with cluster-admin privileges. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-5814.md b/2024/CVE-2024-5814.md new file mode 100644 index 000000000..837461916 --- /dev/null +++ b/2024/CVE-2024-5814.md @@ -0,0 +1,18 @@ +### [CVE-2024-5814](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5814) +![](https://img.shields.io/static/v1?label=Product&message=wolfSSL&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%205.7.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection. This is because, aside from the extensions, the client was skipping fully parsing the server hello. https://doi.org/10.46586/tches.v2024.i1.457-500 + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/wolfSSL/Arduino-wolfSSL +- https://github.com/wolfSSL/wolfssl + diff --git a/2024/CVE-2024-5844.md b/2024/CVE-2024-5844.md new file mode 100644 index 000000000..6997b95cd --- /dev/null +++ b/2024/CVE-2024-5844.md @@ -0,0 +1,17 @@ +### [CVE-2024-5844](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5844) +![](https://img.shields.io/static/v1?label=Product&message=Chrome&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=126.0.6478.54%3C%20126.0.6478.54%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Heap%20buffer%20overflow&color=brighgreen) + +### Description + +Heap buffer overflow in Tab Strip in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) + +### POC + +#### Reference +- https://issues.chromium.org/issues/331960660 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-5846.md b/2024/CVE-2024-5846.md new file mode 100644 index 000000000..fbca68444 --- /dev/null +++ b/2024/CVE-2024-5846.md @@ -0,0 +1,17 @@ +### [CVE-2024-5846](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5846) +![](https://img.shields.io/static/v1?label=Product&message=Chrome&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=126.0.6478.54%3C%20126.0.6478.54%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Use%20after%20free&color=brighgreen) + +### Description + +Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) + +### POC + +#### Reference +- https://issues.chromium.org/issues/341095523 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-5857.md b/2024/CVE-2024-5857.md new file mode 100644 index 000000000..396c09462 --- /dev/null +++ b/2024/CVE-2024-5857.md @@ -0,0 +1,17 @@ +### [CVE-2024-5857](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5857) +![](https://img.shields.io/static/v1?label=Product&message=Interactive%20Contact%20Form%20and%20Multi%20Step%20Form%20Builder%20with%20Drag%20%26%20Drop%20Editor%20%E2%80%93%20Funnelforms%20Free&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%203.7.3.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor ā€“ Funnelforms Free plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the af2_handel_file_remove AJAX action in all versions up to, and including, 3.7.3.2. This makes it possible for unauthenticated attackers to delete arbitrary media files. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-5987.md b/2024/CVE-2024-5987.md new file mode 100644 index 000000000..2e98be66e --- /dev/null +++ b/2024/CVE-2024-5987.md @@ -0,0 +1,17 @@ +### [CVE-2024-5987](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5987) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Accessibility%20Helper%20(WAH)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%200.6.2.8%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +The WP Accessibility Helper (WAH) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_contrast_variations' and 'save_empty_contrast_variations' functions in all versions up to, and including, 0.6.2.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to edit or delete contrast settings. Please note these issues were patched in 0.6.2.8, though it broke functionality and the vendor has not responded to our follow-ups. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-5991.md b/2024/CVE-2024-5991.md new file mode 100644 index 000000000..470f6e0a3 --- /dev/null +++ b/2024/CVE-2024-5991.md @@ -0,0 +1,18 @@ +### [CVE-2024-5991](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5991) +![](https://img.shields.io/static/v1?label=Product&message=wolfSSL&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%205.7.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-125%20Out-of-bounds%20Read&color=brighgreen) + +### Description + +In function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the function X509_check_host() takes in a pointer and length to check against, with no requirements that it be NULL terminated. If a caller was attempting to do a name check on a non-NULL terminated buffer, the code would read beyond the bounds of the input array until it found a NULL terminator.This issue affects wolfSSL: through 5.7.0. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/wolfSSL/Arduino-wolfSSL +- https://github.com/wolfSSL/wolfssl + diff --git a/2024/CVE-2024-6117.md b/2024/CVE-2024-6117.md new file mode 100644 index 000000000..53ffd5437 --- /dev/null +++ b/2024/CVE-2024-6117.md @@ -0,0 +1,17 @@ +### [CVE-2024-6117](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6117) +![](https://img.shields.io/static/v1?label=Product&message=MeetingHub%20Paperless%20Meetings&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload%20of%20File%20with%20Dangerous%20Type&color=brighgreen) + +### Description + +A Unrestricted upload of file with dangerous type vulnerability in meeting management function in Hamastar MeetingHub Paperless Meetings 2021 allows remote authenticated users to perform arbitrary system commands via a crafted ASP file. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-6118.md b/2024/CVE-2024-6118.md new file mode 100644 index 000000000..48cad6043 --- /dev/null +++ b/2024/CVE-2024-6118.md @@ -0,0 +1,17 @@ +### [CVE-2024-6118](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6118) +![](https://img.shields.io/static/v1?label=Product&message=MeetingHub%20Paperless%20Meetings&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-256%3A%20Plaintext%20Storage%20of%20a%20Password&color=brighgreen) + +### Description + +A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub Paperless Meetings 2021 allows remote attackers to obtain the other usersā€™ credentials and gain access to the product via an XML file. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-6227.md b/2024/CVE-2024-6227.md new file mode 100644 index 000000000..166fca567 --- /dev/null +++ b/2024/CVE-2024-6227.md @@ -0,0 +1,17 @@ +### [CVE-2024-6227](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6227) +![](https://img.shields.io/static/v1?label=Product&message=aimhubio%2Faim&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%3D%20latest%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%20Uncontrolled%20Resource%20Consumption&color=brighgreen) + +### Description + +A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to cause a denial of service by configuring the remote tracking server to point at itself. This results in the server endlessly connecting to itself, rendering it unable to respond to other connections. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-6255.md b/2024/CVE-2024-6255.md new file mode 100644 index 000000000..b8b5fbb0a --- /dev/null +++ b/2024/CVE-2024-6255.md @@ -0,0 +1,17 @@ +### [CVE-2024-6255](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6255) +![](https://img.shields.io/static/v1?label=Product&message=gaizhenbiao%2Fchuanhuchatgpt&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%3D%20latest%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-73%20External%20Control%20of%20File%20Name%20or%20Path&color=brighgreen) + +### Description + +A vulnerability in the JSON file handling of gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to delete any JSON file on the server, including critical configuration files such as `config.json` and `ds_config_chatbot.json`. This issue arises due to improper validation of file paths, enabling directory traversal attacks. An attacker can exploit this vulnerability to disrupt the functioning of the system, manipulate settings, or potentially cause data loss or corruption. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-6323.md b/2024/CVE-2024-6323.md new file mode 100644 index 000000000..8acae2409 --- /dev/null +++ b/2024/CVE-2024-6323.md @@ -0,0 +1,17 @@ +### [CVE-2024-6323](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6323) +![](https://img.shields.io/static/v1?label=Product&message=GitLab&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=16.11.0%3C%2016.11.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-653%3A%20Improper%20Isolation%20or%20Compartmentalization&color=brighgreen) + +### Description + +Improper authorization in global search in GitLab EE affecting all versions from 16.11 prior to 16.11.5 and 17.0 prior to 17.0.3 and 17.1 prior to 17.1.1 allows an attacker leak content of a private repository in a public project. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-6330.md b/2024/CVE-2024-6330.md index a9fa6b6b7..003ad3862 100644 --- a/2024/CVE-2024-6330.md +++ b/2024/CVE-2024-6330.md @@ -13,5 +13,5 @@ The GEO my WP WordPress plugin before 4.5.0.2 does not prevent unauthenticated a - https://wpscan.com/vulnerability/95b532e0-1ffb-421e-b9c0-de03f89491d7/ #### Github -No PoCs found on GitHub currently. +- https://github.com/20142995/nuclei-templates diff --git a/2024/CVE-2024-6331.md b/2024/CVE-2024-6331.md new file mode 100644 index 000000000..b926f15c2 --- /dev/null +++ b/2024/CVE-2024-6331.md @@ -0,0 +1,17 @@ +### [CVE-2024-6331](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6331) +![](https://img.shields.io/static/v1?label=Product&message=stitionai%2Fdevika&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%3D%20latest%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen) + +### Description + +stitionai/devika main branch as of commit cdfb782b0e634b773b10963c8034dc9207ba1f9f is vulnerable to Local File Read (LFI) by Prompt Injection. The integration of Google Gimini 1.0 Pro with `HarmBlockThreshold.BLOCK_NONE` for `HarmCategory.HARM_CATEGORY_HATE_SPEECH` and `HarmCategory.HARM_CATEGORY_HARASSMENT` in `safety_settings` disables content protection. This allows malicious commands to be executed, such as reading sensitive file contents like `/etc/passwd`. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-6386.md b/2024/CVE-2024-6386.md index f8fc47188..f03a7fae1 100644 --- a/2024/CVE-2024-6386.md +++ b/2024/CVE-2024-6386.md @@ -14,5 +14,6 @@ The WPML plugin for WordPress is vulnerable to Remote Code Execution in all vers #### Github - https://github.com/20142995/nuclei-templates +- https://github.com/Ostorlab/KEV - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-6451.md b/2024/CVE-2024-6451.md index a7c8dbb7c..25f43d5cc 100644 --- a/2024/CVE-2024-6451.md +++ b/2024/CVE-2024-6451.md @@ -13,5 +13,5 @@ AI Engine < 2.4.3 is susceptible to remote-code-execution (RCE) via Log Poisonin - https://wpscan.com/vulnerability/fc06d413-a227-470c-a5b7-cdab57aeab34/ #### Github -No PoCs found on GitHub currently. +- https://github.com/20142995/nuclei-templates diff --git a/2024/CVE-2024-6551.md b/2024/CVE-2024-6551.md new file mode 100644 index 000000000..bc604319d --- /dev/null +++ b/2024/CVE-2024-6551.md @@ -0,0 +1,17 @@ +### [CVE-2024-6551](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6551) +![](https://img.shields.io/static/v1?label=Product&message=GiveWP%20%E2%80%93%20Donation%20Plugin%20and%20Fundraising%20Platform&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%203.15.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Information%20Exposure&color=brighgreen) + +### Description + +The GiveWP ā€“ Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.15.1. This is due to the plugin utilizing Symfony and leaving display_errors on within test files. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-6595.md b/2024/CVE-2024-6595.md new file mode 100644 index 000000000..2d663a7a9 --- /dev/null +++ b/2024/CVE-2024-6595.md @@ -0,0 +1,17 @@ +### [CVE-2024-6595](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6595) +![](https://img.shields.io/static/v1?label=Product&message=GitLab&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=11.8%3C%2016.11.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-427%3A%20Uncontrolled%20Search%20Path%20Element&color=brighgreen) + +### Description + +An issue was discovered in GitLab CE/EE affecting all versions starting from 11.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 where it was possible to upload an NPM package with conflicting package data. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-6632.md b/2024/CVE-2024-6632.md new file mode 100644 index 000000000..d278adaa8 --- /dev/null +++ b/2024/CVE-2024-6632.md @@ -0,0 +1,17 @@ +### [CVE-2024-6632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6632) +![](https://img.shields.io/static/v1?label=Product&message=FileCatalyst%20Workflow&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=5.0.4%3C%3D%205.1.6%20Build%20139%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +A vulnerability exists in FileCatalyst Workflow whereby a field accessible to the super admin can be used to perform an SQL injection attack which can lead to a loss of confidentiality, integrity, and availability. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-6633.md b/2024/CVE-2024-6633.md new file mode 100644 index 000000000..4e231e210 --- /dev/null +++ b/2024/CVE-2024-6633.md @@ -0,0 +1,17 @@ +### [CVE-2024-6633](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6633) +![](https://img.shields.io/static/v1?label=Product&message=FileCatalyst%20Workflow&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen) + +### Description + +The default credentials for the setup HSQL database (HSQLDB) for FileCatalyst Workflow are published in a vendor knowledgebase article. Misuse of these credentials could lead to a compromise of confidentiality, integrity, or availability of the software.The HSQLDB is only included to facilitate installation, has been deprecated, and is not intended for production use per vendor guides. However, users who have not configured FileCatalyst Workflow to use an alternative database per recommendations are vulnerable to attack from any source that can reach the HSQLDB. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-6650.md b/2024/CVE-2024-6650.md index 5bbf64786..81eb265b3 100644 --- a/2024/CVE-2024-6650.md +++ b/2024/CVE-2024-6650.md @@ -13,5 +13,5 @@ A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Loggi - https://github.com/Xu-Mingming/cve/blob/main/xss1.md #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-6670.md b/2024/CVE-2024-6670.md new file mode 100644 index 000000000..9fe0daf72 --- /dev/null +++ b/2024/CVE-2024-6670.md @@ -0,0 +1,17 @@ +### [CVE-2024-6670](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6670) +![](https://img.shields.io/static/v1?label=Product&message=WhatsUp%20Gold&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +In WhatsUp Gold versions released before 2024.0.0,Ā a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-6671.md b/2024/CVE-2024-6671.md new file mode 100644 index 000000000..e27cd0faf --- /dev/null +++ b/2024/CVE-2024-6671.md @@ -0,0 +1,17 @@ +### [CVE-2024-6671](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6671) +![](https://img.shields.io/static/v1?label=Product&message=WhatsUp%20Gold&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-6672.md b/2024/CVE-2024-6672.md new file mode 100644 index 000000000..3f5438f90 --- /dev/null +++ b/2024/CVE-2024-6672.md @@ -0,0 +1,17 @@ +### [CVE-2024-6672](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6672) +![](https://img.shields.io/static/v1?label=Product&message=WhatsUp%20Gold&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an authenticated low-privileged attacker to achieve privilege escalation by modifying a privileged user's password. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-6715.md b/2024/CVE-2024-6715.md index a64557b0b..f49fc2832 100644 --- a/2024/CVE-2024-6715.md +++ b/2024/CVE-2024-6715.md @@ -13,5 +13,6 @@ The Ditty WordPress plugin before 3.1.46 re-introduced a previously fixed secur - https://wpscan.com/vulnerability/19406acc-3441-4d4a-9163-ace8f1dceb78/ #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-6716.md b/2024/CVE-2024-6716.md index ba16edf8a..74c93b5cf 100644 --- a/2024/CVE-2024-6716.md +++ b/2024/CVE-2024-6716.md @@ -16,5 +16,5 @@ A flaw was found in the libtiff library. An out-of-memory issue in the TIFFReadE - https://gitlab.com/libtiff/libtiff/-/issues/620 #### Github -No PoCs found on GitHub currently. +- https://github.com/adegoodyer/kubernetes-admin-toolkit diff --git a/2024/CVE-2024-6783.md b/2024/CVE-2024-6783.md index cbfc12d22..414770f51 100644 --- a/2024/CVE-2024-6783.md +++ b/2024/CVE-2024-6783.md @@ -13,5 +13,5 @@ A vulnerability has been discovered in Vue, that allows an attacker to perform X - https://www.herodevs.com/vulnerability-directory/cve-2024-6783---vue-client-side-xss #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-6879.md b/2024/CVE-2024-6879.md index 14163ac81..540136dfc 100644 --- a/2024/CVE-2024-6879.md +++ b/2024/CVE-2024-6879.md @@ -13,5 +13,5 @@ The Quiz and Survey Master (QSM) WordPress plugin before 9.1.1 fails to validat - https://wpscan.com/vulnerability/4da0b318-03e7-409d-9b02-f108e4232c87/ #### Github -No PoCs found on GitHub currently. +- https://github.com/20142995/nuclei-templates diff --git a/2024/CVE-2024-6911.md b/2024/CVE-2024-6911.md index 1d67082fe..096759aef 100644 --- a/2024/CVE-2024-6911.md +++ b/2024/CVE-2024-6911.md @@ -14,6 +14,7 @@ Files on the Windows system are accessible without authentication to external pa - https://cyberdanube.com/en/en-multiple-vulnerabilities-in-perten-processplus/ #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/wy876/POC - https://github.com/wy876/wiki diff --git a/2024/CVE-2024-6923.md b/2024/CVE-2024-6923.md index 2af6ef6f2..da68d0bb9 100644 --- a/2024/CVE-2024-6923.md +++ b/2024/CVE-2024-6923.md @@ -13,5 +13,6 @@ There is a MEDIUM severity vulnerability affecting CPython.The email module didn - https://github.com/python/cpython/pull/122233 #### Github +- https://github.com/adegoodyer/kubernetes-admin-toolkit - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-6927.md b/2024/CVE-2024-6927.md new file mode 100644 index 000000000..95a5ae13d --- /dev/null +++ b/2024/CVE-2024-6927.md @@ -0,0 +1,17 @@ +### [CVE-2024-6927](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6927) +![](https://img.shields.io/static/v1?label=Product&message=Viral%20Signup&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Viral Signup WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) + +### POC + +#### Reference +- https://wpscan.com/vulnerability/05024ff5-4c7a-4941-8dae-c1a8d2d4e202/ + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-7006.md b/2024/CVE-2024-7006.md new file mode 100644 index 000000000..4ec820ede --- /dev/null +++ b/2024/CVE-2024-7006.md @@ -0,0 +1,20 @@ +### [CVE-2024-7006](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7006) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%206&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Check%20for%20Unusual%20or%20Exceptional%20Conditions&color=brighgreen) + +### Description + +A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash, eventually leading to a denial of service. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/adegoodyer/kubernetes-admin-toolkit + diff --git a/2024/CVE-2024-7029.md b/2024/CVE-2024-7029.md new file mode 100644 index 000000000..fdd88f64b --- /dev/null +++ b/2024/CVE-2024-7029.md @@ -0,0 +1,18 @@ +### [CVE-2024-7029](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7029) +![](https://img.shields.io/static/v1?label=Product&message=AVM1203%20(IP%20Camera)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%20FullImg-1023-1007-1011-1009%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-77%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20a%20Command%20('Command%20Injection')&color=brighgreen) + +### Description + +Commands can be injected over the network and executed without authentication. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Ostorlab/KEV +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-7071.md b/2024/CVE-2024-7071.md new file mode 100644 index 000000000..eeab8edab --- /dev/null +++ b/2024/CVE-2024-7071.md @@ -0,0 +1,18 @@ +### [CVE-2024-7071](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7071) +![](https://img.shields.io/static/v1?label=Product&message=Brain%20Low-Code&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.1.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE%20-%20564%20-%20SQL%20Injection%3A%20Hibernate&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 564 - SQL Injection: Hibernate vulnerability in Brain Information Technologies Inc. Brain Low-Code allows SQL Injection.This issue affects Brain Low-Code: before 2.1.0. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-7122.md b/2024/CVE-2024-7122.md new file mode 100644 index 000000000..a6fd7c40e --- /dev/null +++ b/2024/CVE-2024-7122.md @@ -0,0 +1,17 @@ +### [CVE-2024-7122](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7122) +![](https://img.shields.io/static/v1?label=Product&message=Elementor%20Addon%20Elements&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.13.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.13.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-7132.md b/2024/CVE-2024-7132.md new file mode 100644 index 000000000..0d09a58ae --- /dev/null +++ b/2024/CVE-2024-7132.md @@ -0,0 +1,17 @@ +### [CVE-2024-7132](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7132) +![](https://img.shields.io/static/v1?label=Product&message=Page%20Builder%20Gutenberg%20Blocks&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.1.13%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Page Builder Gutenberg Blocks WordPress plugin before 3.1.13 does not escape the content of post embed via one of its block, which could allow users with the capability to publish posts (editor and admin by default) to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) + +### POC + +#### Reference +- https://wpscan.com/vulnerability/16deb743-6fe9-43a2-9586-d92cfe1daa17/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7313.md b/2024/CVE-2024-7313.md index fc5fb487f..4df969249 100644 --- a/2024/CVE-2024-7313.md +++ b/2024/CVE-2024-7313.md @@ -14,5 +14,6 @@ The Shield Security WordPress plugin before 20.0.6 does not sanitise and escape - https://wpscan.com/vulnerability/83a1bdc6-098e-43d5-89e5-f4202ecd78a1/ #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-7418.md b/2024/CVE-2024-7418.md new file mode 100644 index 000000000..f647fb7ba --- /dev/null +++ b/2024/CVE-2024-7418.md @@ -0,0 +1,17 @@ +### [CVE-2024-7418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7418) +![](https://img.shields.io/static/v1?label=Product&message=The%20Post%20Grid%20%E2%80%93%20Shortcode%2C%20Gutenberg%20Blocks%20and%20Elementor%20Addon%20for%20Post%20Grid&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%207.7.11%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Information%20Exposure&color=brighgreen) + +### Description + +The The Post Grid ā€“ Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.7.11 via the post_query_guten and post_query functions. This makes it possible for authenticated attackers, with contributor-level access and above, to extract information from posts that are not public (i.e. draft, future, etc..). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-7592.md b/2024/CVE-2024-7592.md index bcda5f1ad..3a0a27286 100644 --- a/2024/CVE-2024-7592.md +++ b/2024/CVE-2024-7592.md @@ -13,5 +13,6 @@ There is a LOW severity vulnerability affecting CPython, specifically the'http.c No PoCs from references. #### Github +- https://github.com/adegoodyer/kubernetes-admin-toolkit - https://github.com/ch4n3-yoon/ch4n3-yoon diff --git a/2024/CVE-2024-7593.md b/2024/CVE-2024-7593.md index 351e438b8..2592467a8 100644 --- a/2024/CVE-2024-7593.md +++ b/2024/CVE-2024-7593.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/20142995/nuclei-templates +- https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-7606.md b/2024/CVE-2024-7606.md new file mode 100644 index 000000000..ded90aaa9 --- /dev/null +++ b/2024/CVE-2024-7606.md @@ -0,0 +1,18 @@ +### [CVE-2024-7606](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7606) +![](https://img.shields.io/static/v1?label=Product&message=Front%20End%20Users&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%203.2.28%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +The Front End Users plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'user-search' shortcode in all versions up to, and including, 3.2.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-7607.md b/2024/CVE-2024-7607.md new file mode 100644 index 000000000..13bee8ee7 --- /dev/null +++ b/2024/CVE-2024-7607.md @@ -0,0 +1,18 @@ +### [CVE-2024-7607](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7607) +![](https://img.shields.io/static/v1?label=Product&message=Front%20End%20Users&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%203.2.28%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +The Front End Users plugin for WordPress is vulnerable to time-based SQL Injection via the ā€˜orderā€™ parameter in all versions up to, and including, 3.2.28 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-7608.md b/2024/CVE-2024-7608.md index 20f7af1e3..577ddeb62 100644 --- a/2024/CVE-2024-7608.md +++ b/2024/CVE-2024-7608.md @@ -5,7 +5,7 @@ ### Description -An authenticated user can download sensitive files from Trellix products NX, EX, FX, AX, IVX, and CMS using path traversal for the URL of network anomaly download_artifact. +An authenticated user can access the restricted files from NX, EX, FX, AX, IVX and CMS using path traversal. ### POC diff --git a/2024/CVE-2024-7856.md b/2024/CVE-2024-7856.md new file mode 100644 index 000000000..cad62c74e --- /dev/null +++ b/2024/CVE-2024-7856.md @@ -0,0 +1,17 @@ +### [CVE-2024-7856](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7856) +![](https://img.shields.io/static/v1?label=Product&message=MP3%20Audio%20Player%20%E2%80%93%20Music%20Player%2C%20Podcast%20Player%20%26%20Radio%20by%20Sonaar&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%205.7.0.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +The MP3 Audio Player ā€“ Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to unauthorized arbitrary file deletion due to a missing capability check on the removeTempFiles() function and insufficient path validation on the 'file' parameter in all versions up to, and including, 5.7.0.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary files which can make remote code execution possible when wp-config.php is deleted. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-7857.md b/2024/CVE-2024-7857.md new file mode 100644 index 000000000..f38b5422c --- /dev/null +++ b/2024/CVE-2024-7857.md @@ -0,0 +1,17 @@ +### [CVE-2024-7857](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7857) +![](https://img.shields.io/static/v1?label=Product&message=Media%20Library%20Folders&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%208.2.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +The Media Library Folders plugin for WordPress is vulnerable to second order SQL Injection via the 'sort_type' parameter of the 'mlf_change_sort_type' AJAX action in all versions up to, and including, 8.2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-7858.md b/2024/CVE-2024-7858.md new file mode 100644 index 000000000..67fbc1d9f --- /dev/null +++ b/2024/CVE-2024-7858.md @@ -0,0 +1,17 @@ +### [CVE-2024-7858](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7858) +![](https://img.shields.io/static/v1?label=Product&message=Media%20Library%20Folders&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%208.2.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +The Media Library Folders plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several AJAX functions in the media-library-plus.php file in all versions up to, and including, 8.2.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several actions related to managing media files and folder along with controlling settings. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-7895.md b/2024/CVE-2024-7895.md new file mode 100644 index 000000000..b5eddec94 --- /dev/null +++ b/2024/CVE-2024-7895.md @@ -0,0 +1,17 @@ +### [CVE-2024-7895](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7895) +![](https://img.shields.io/static/v1?label=Product&message=Beaver%20Builder%20%E2%80%93%20WordPress%20Page%20Builder&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.8.3.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +The Beaver Builder ā€“ WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ā€˜typeā€™ parameter in all versions up to, and including, 2.8.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-7940.md b/2024/CVE-2024-7940.md new file mode 100644 index 000000000..e0b8c0c73 --- /dev/null +++ b/2024/CVE-2024-7940.md @@ -0,0 +1,17 @@ +### [CVE-2024-7940](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7940) +![](https://img.shields.io/static/v1?label=Product&message=MicroSCADA%20SYS600&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=10.2%3C%3D%2010.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-306%20Missing%20Authentication%20for%20Critical%20Function&color=brighgreen) + +### Description + +The product exposes a service that is intended for local only toall network interfaces without any authentication. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-7941.md b/2024/CVE-2024-7941.md new file mode 100644 index 000000000..e24ab2e7e --- /dev/null +++ b/2024/CVE-2024-7941.md @@ -0,0 +1,17 @@ +### [CVE-2024-7941](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7941) +![](https://img.shields.io/static/v1?label=Product&message=MicroSCADA%20SYS600&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=10.0%3C%3D%2010.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-601%20URL%20Redirection%20to%20Untrusted%20Site%20('Open%20Redirect')&color=brighgreen) + +### Description + +An HTTP parameter may contain a URL value and could causethe web application to redirect the request to the specified URL.By modifying the URL value to a malicious site, an attacker maysuccessfully launch a phishing scam and steal user credentials. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-7954.md b/2024/CVE-2024-7954.md index 0884c7622..3b577b758 100644 --- a/2024/CVE-2024-7954.md +++ b/2024/CVE-2024-7954.md @@ -13,5 +13,9 @@ The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vu - https://thinkloveshare.com/hacking/spip_preauth_rce_2024_part_1_the_feather/ #### Github -No PoCs found on GitHub currently. +- https://github.com/20142995/nuclei-templates +- https://github.com/Chocapikk/Chocapikk +- https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/tanjiti/sec_profile +- https://github.com/wy876/POC diff --git a/2024/CVE-2024-7969.md b/2024/CVE-2024-7969.md index e4a9995fc..9553ee9b2 100644 --- a/2024/CVE-2024-7969.md +++ b/2024/CVE-2024-7969.md @@ -1,11 +1,11 @@ ### [CVE-2024-7969](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7969) ![](https://img.shields.io/static/v1?label=Product&message=Chrome&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=128.0.6613.84%3C%20128.0.6613.84%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=128.0.6613.113%3C%20128.0.6613.113%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=Type%20Confusion&color=brighgreen) ### Description -Type Confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) +Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) ### POC diff --git a/2024/CVE-2024-8016.md b/2024/CVE-2024-8016.md new file mode 100644 index 000000000..68da45f28 --- /dev/null +++ b/2024/CVE-2024-8016.md @@ -0,0 +1,17 @@ +### [CVE-2024-8016](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8016) +![](https://img.shields.io/static/v1?label=Product&message=The%20Events%20Calendar%20Pro&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%207.0.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%20Deserialization%20of%20Untrusted%20Data&color=brighgreen) + +### Description + +The Events Calendar Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.0.2 via deserialization of untrusted input from the 'filters' parameter in widgets. This makes it possible for authenticated attackers, with administrator-level access and above, to inject a PHP Object. The additional presence of a POP chain allows attackers to execute code remotely. In certain configurations, this can be exploitable by lower level users. We confirmed that this plugin installed with Elementor makes it possible for users with contributor-level access and above to exploit this issue. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-8088.md b/2024/CVE-2024-8088.md new file mode 100644 index 000000000..463c74ba1 --- /dev/null +++ b/2024/CVE-2024-8088.md @@ -0,0 +1,17 @@ +### [CVE-2024-8088](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8088) +![](https://img.shields.io/static/v1?label=Product&message=CPython&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%203.13.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-835%20Loop%20with%20Unreachable%20Exit%20Condition%20('Infinite%20Loop')&color=brighgreen) + +### Description + +There is a HIGH severity vulnerability affecting the CPython "zipfile"module affecting "zipfile.Path". Note that the more common API "zipfile.ZipFile" class is unaffected.When iterating over names of entries in a zip archive (for example, methodsof "zipfile.Path" like "namelist()", "iterdir()", etc)the process can be put into an infinite loop with a maliciously craftedzip archive. This defect applies when reading only metadata or extractingthe contents of the zip archive. Programs that are not handlinguser-controlled zip archives are not affected. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/adegoodyer/kubernetes-admin-toolkit + diff --git a/2024/CVE-2024-8181.md b/2024/CVE-2024-8181.md new file mode 100644 index 000000000..1578bfebe --- /dev/null +++ b/2024/CVE-2024-8181.md @@ -0,0 +1,18 @@ +### [CVE-2024-8181](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8181) +![](https://img.shields.io/static/v1?label=Product&message=Flowise&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.8.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an administrator and allow them to access restricted functionality. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-8182.md b/2024/CVE-2024-8182.md new file mode 100644 index 000000000..37943e875 --- /dev/null +++ b/2024/CVE-2024-8182.md @@ -0,0 +1,18 @@ +### [CVE-2024-8182](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8182) +![](https://img.shields.io/static/v1?label=Product&message=Flowise&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.8.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An Unauthenticated Denial of Service (DoS) vulnerability exists in Flowise version 1.8.2 leading to a complete crash of the instance running a vulnerable version due to improper handling of user supplied input to the ā€œ/api/v1/get-upload-fileā€ api endpoint. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/JoshuaMart/JoshuaMart +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-8193.md b/2024/CVE-2024-8193.md new file mode 100644 index 000000000..4f54bdda3 --- /dev/null +++ b/2024/CVE-2024-8193.md @@ -0,0 +1,17 @@ +### [CVE-2024-8193](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8193) +![](https://img.shields.io/static/v1?label=Product&message=Chrome&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=128.0.6613.113%3C%20128.0.6613.113%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Heap%20buffer%20overflow&color=brighgreen) + +### Description + +Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-8194.md b/2024/CVE-2024-8194.md new file mode 100644 index 000000000..8ea948c36 --- /dev/null +++ b/2024/CVE-2024-8194.md @@ -0,0 +1,17 @@ +### [CVE-2024-8194](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8194) +![](https://img.shields.io/static/v1?label=Product&message=Chrome&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=128.0.6613.113%3C%20128.0.6613.113%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Type%20Confusion&color=brighgreen) + +### Description + +Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-8198.md b/2024/CVE-2024-8198.md new file mode 100644 index 000000000..9775851c9 --- /dev/null +++ b/2024/CVE-2024-8198.md @@ -0,0 +1,17 @@ +### [CVE-2024-8198](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8198) +![](https://img.shields.io/static/v1?label=Product&message=Chrome&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=128.0.6613.113%3C%20128.0.6613.113%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Heap%20buffer%20overflow&color=brighgreen) + +### Description + +Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-8199.md b/2024/CVE-2024-8199.md new file mode 100644 index 000000000..55703fda4 --- /dev/null +++ b/2024/CVE-2024-8199.md @@ -0,0 +1,17 @@ +### [CVE-2024-8199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8199) +![](https://img.shields.io/static/v1?label=Product&message=Reviews%20Feed%20%E2%80%93%20Add%20Testimonials%20and%20Customer%20Reviews%20From%20Google%20Reviews%2C%20Yelp%2C%20TripAdvisor%2C%20and%20More&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.1.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +The Reviews Feed ā€“ Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_api_key' function in all versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update API Key options. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-8200.md b/2024/CVE-2024-8200.md new file mode 100644 index 000000000..dd8a2d6a5 --- /dev/null +++ b/2024/CVE-2024-8200.md @@ -0,0 +1,17 @@ +### [CVE-2024-8200](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8200) +![](https://img.shields.io/static/v1?label=Product&message=Reviews%20Feed%20%E2%80%93%20Add%20Testimonials%20and%20Customer%20Reviews%20From%20Google%20Reviews%2C%20Yelp%2C%20TripAdvisor%2C%20and%20More&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.1.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The Reviews Feed ā€“ Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the 'update_api_key' function. This makes it possible for unauthenticated attackers to update an API key via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-8207.md b/2024/CVE-2024-8207.md new file mode 100644 index 000000000..fd0b932cb --- /dev/null +++ b/2024/CVE-2024-8207.md @@ -0,0 +1,17 @@ +### [CVE-2024-8207](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8207) +![](https://img.shields.io/static/v1?label=Product&message=MongoDB%20Server&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=6.0%3C%206.0.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-114%3A%20Process%20Control&color=brighgreen) + +### Description + +In certain highly specific configurations of the host system and MongoDB server binary installation on Linux Operating Systems, it may be possible for a unintended actor with host-level access to cause the MongoDB Server binary to load unintended actor-controlled shared libraries when the server binary is started, potentially resulting in the unintended actor gaining full control over the MongoDB server process. This issue affects MongoDB Server v5.0 versions prior to 5.0.14 and MongoDB Server v6.0 versions prior to 6.0.3.Required Configuration: Only environments with Linux as the underlying operating system is affected by this issue + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-8234.md b/2024/CVE-2024-8234.md new file mode 100644 index 000000000..d7b198a40 --- /dev/null +++ b/2024/CVE-2024-8234.md @@ -0,0 +1,17 @@ +### [CVE-2024-8234](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8234) +![](https://img.shields.io/static/v1?label=Product&message=NWA1100-N%20firmware&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.00(AACE.1)C0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20OS%20Command%20('OS%20Command%20Injection')&color=brighgreen) + +### Description + +** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the functions formSysCmd(), formUpgradeCert(), and formDelcert() in the Zyxel NWA1100-N firmware version 1.00(AACE.1)C0 could allow an unauthenticated attacker to execute some OS commands to access system files on an affected device. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-8250.md b/2024/CVE-2024-8250.md new file mode 100644 index 000000000..12c0e2ae7 --- /dev/null +++ b/2024/CVE-2024-8250.md @@ -0,0 +1,17 @@ +### [CVE-2024-8250](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8250) +![](https://img.shields.io/static/v1?label=Product&message=Wireshark&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=4.2.0%3C%204.2.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-825%3A%20Expired%20Pointer%20Dereference&color=brighgreen) + +### Description + +NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to 4.0.16 allows denial of service via packet injection or crafted capture file + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-8252.md b/2024/CVE-2024-8252.md new file mode 100644 index 000000000..c927f6b39 --- /dev/null +++ b/2024/CVE-2024-8252.md @@ -0,0 +1,17 @@ +### [CVE-2024-8252](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8252) +![](https://img.shields.io/static/v1?label=Product&message=Clean%20Login&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.14.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-98%20Improper%20Control%20of%20Filename%20for%20Include%2FRequire%20Statement%20in%20PHP%20Program%20('PHP%20Remote%20File%20Inclusion')&color=brighgreen) + +### Description + +The Clean Login plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.14.5 via the 'template' attribute of the clean-login-register shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other ā€œsafeā€ file types can be uploaded and included. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-8255.md b/2024/CVE-2024-8255.md new file mode 100644 index 000000000..ea333e35e --- /dev/null +++ b/2024/CVE-2024-8255.md @@ -0,0 +1,17 @@ +### [CVE-2024-8255](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8255) +![](https://img.shields.io/static/v1?label=Product&message=DTN%20Soft&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%202.0.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%20Deserialization%20of%20Untrusted%20Data&color=brighgreen) + +### Description + +Delta Electronics DTN Soft version 2.0.1 and prior are vulnerable to an attacker achieving remote code execution through a deserialization of untrusted data vulnerability. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-8274.md b/2024/CVE-2024-8274.md new file mode 100644 index 000000000..6575dd72f --- /dev/null +++ b/2024/CVE-2024-8274.md @@ -0,0 +1,17 @@ +### [CVE-2024-8274](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8274) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Booking%20Calendar&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%2010.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +The WP Booking Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters from 'timeline_obj' in all versions up to, and including, 10.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-8294.md b/2024/CVE-2024-8294.md new file mode 100644 index 000000000..f848f5fed --- /dev/null +++ b/2024/CVE-2024-8294.md @@ -0,0 +1,17 @@ +### [CVE-2024-8294](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8294) +![](https://img.shields.io/static/v1?label=Product&message=FeehiCMS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%202.1.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, was found in FeehiCMS up to 2.1.1. This affects the function update of the file /admin/index.php?r=friendly-link%2Fupdate. The manipulation of the argument FriendlyLink[image] leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-8295.md b/2024/CVE-2024-8295.md new file mode 100644 index 000000000..c4bda7bfe --- /dev/null +++ b/2024/CVE-2024-8295.md @@ -0,0 +1,17 @@ +### [CVE-2024-8295](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8295) +![](https://img.shields.io/static/v1?label=Product&message=FeehiCMS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%202.1.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload&color=brighgreen) + +### Description + +A vulnerability has been found in FeehiCMS up to 2.1.1 and classified as critical. This vulnerability affects the function createBanner of the file /admin/index.php?r=banner%2Fbanner-create. The manipulation of the argument BannerForm[img] leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-8296.md b/2024/CVE-2024-8296.md new file mode 100644 index 000000000..6c86f40e1 --- /dev/null +++ b/2024/CVE-2024-8296.md @@ -0,0 +1,17 @@ +### [CVE-2024-8296](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8296) +![](https://img.shields.io/static/v1?label=Product&message=FeehiCMS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%202.1.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload&color=brighgreen) + +### Description + +A vulnerability was found in FeehiCMS up to 2.1.1 and classified as critical. This issue affects the function insert of the file /admin/index.php?r=user%2Fcreate. The manipulation of the argument User[avatar] leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-8297.md b/2024/CVE-2024-8297.md new file mode 100644 index 000000000..edd79dd10 --- /dev/null +++ b/2024/CVE-2024-8297.md @@ -0,0 +1,17 @@ +### [CVE-2024-8297](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8297) +![](https://img.shields.io/static/v1?label=Product&message=Digital%20Library%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-117%20Improper%20Output%20Neutralization%20for%20Logs&color=brighgreen) + +### Description + +A vulnerability was found in kitsada8621 Digital Library Management System 1.0. It has been classified as problematic. Affected is the function JwtRefreshAuth of the file middleware/jwt_refresh_token_middleware.go. The manipulation of the argument Authorization leads to improper output neutralization for logs. It is possible to launch the attack remotely. The name of the patch is 81b3336b4c9240f0bf50c13cb8375cf860d945f1. It is recommended to apply a patch to fix this issue. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-8301.md b/2024/CVE-2024-8301.md new file mode 100644 index 000000000..d82a0efd0 --- /dev/null +++ b/2024/CVE-2024-8301.md @@ -0,0 +1,17 @@ +### [CVE-2024-8301](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8301) +![](https://img.shields.io/static/v1?label=Product&message=CMS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2029d67d9044f6f93378e6eb6ff92272217ff7225c%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /ajax/checkin.php. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-8302.md b/2024/CVE-2024-8302.md new file mode 100644 index 000000000..44affbc0e --- /dev/null +++ b/2024/CVE-2024-8302.md @@ -0,0 +1,17 @@ +### [CVE-2024-8302](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8302) +![](https://img.shields.io/static/v1?label=Product&message=CMS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2029d67d9044f6f93378e6eb6ff92272217ff7225c%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. It has been rated as critical. Affected by this issue is some unknown functionality of the file /ajax/chpwd.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-8303.md b/2024/CVE-2024-8303.md new file mode 100644 index 000000000..a5117b135 --- /dev/null +++ b/2024/CVE-2024-8303.md @@ -0,0 +1,17 @@ +### [CVE-2024-8303](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8303) +![](https://img.shields.io/static/v1?label=Product&message=CMS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2029d67d9044f6f93378e6eb6ff92272217ff7225c%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability classified as critical has been found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. This affects an unknown part of the file /ajax/getBasicInfo.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-8304.md b/2024/CVE-2024-8304.md new file mode 100644 index 000000000..f2ea417f1 --- /dev/null +++ b/2024/CVE-2024-8304.md @@ -0,0 +1,17 @@ +### [CVE-2024-8304](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8304) +![](https://img.shields.io/static/v1?label=Product&message=jpress&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%205.1.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Path%20Traversal&color=brighgreen) + +### Description + +A vulnerability has been found in jpress up to 5.1.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/template/edit of the component Template Module Handler. The manipulation leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-8319.md b/2024/CVE-2024-8319.md new file mode 100644 index 000000000..eb49f3219 --- /dev/null +++ b/2024/CVE-2024-8319.md @@ -0,0 +1,17 @@ +### [CVE-2024-8319](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8319) +![](https://img.shields.io/static/v1?label=Product&message=Tourfic%20%E2%80%93%20Ultimate%20Hotel%20Booking%2C%20Travel%20Booking%20%26%20Apartment%20Booking%20WordPress%20Plugin%20%7C%20WooCommerce%20Booking&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.11.20%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The Tourfic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.11.20. This is due to missing or incorrect nonce validation on the tf_order_status_email_resend_function, tf_visitor_details_edit_function, tf_checkinout_details_edit_function, tf_order_status_edit_function, tf_order_bulk_action_edit_function, tf_remove_room_order_ids, and tf_delete_old_review_fields functions. This makes it possible for unauthenticated attackers to resend order status emails, update visitor/order details, edit check-in/out details, edit order status, perform bulk order status updates, remove room order IDs, and delete old review fields, respectively, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-8327.md b/2024/CVE-2024-8327.md new file mode 100644 index 000000000..b1e2d6ffd --- /dev/null +++ b/2024/CVE-2024-8327.md @@ -0,0 +1,17 @@ +### [CVE-2024-8327](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8327) +![](https://img.shields.io/static/v1?label=Product&message=Easy%20test%20Online%20Learning%20and%20Testing%20Platform&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%2024A01%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +Easy testOnline Learning and Testing Platform fromĀ HWA JIUH DIGITAL TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with regular privilege to inject arbitrary SQL commands to read, modify, and delete database contents. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-8328.md b/2024/CVE-2024-8328.md new file mode 100644 index 000000000..af5d3f937 --- /dev/null +++ b/2024/CVE-2024-8328.md @@ -0,0 +1,17 @@ +### [CVE-2024-8328](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8328) +![](https://img.shields.io/static/v1?label=Product&message=Easy%20test%20Online%20Learning%20and%20Testing%20Platform&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%2024A01%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Easy test Online Learning and Testing Platform from HWA JIUH DIGITAL TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with regular privilege to inject arbitrary JavaScript code and perform Reflected Cross-site scripting attacks. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-8329.md b/2024/CVE-2024-8329.md new file mode 100644 index 000000000..50057f292 --- /dev/null +++ b/2024/CVE-2024-8329.md @@ -0,0 +1,17 @@ +### [CVE-2024-8329](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8329) +![](https://img.shields.io/static/v1?label=Product&message=6SHR%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%200%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +6SHR system from Gether Technology does not properly validate the specific page parameter, allowing remote attackers with regular privilege to inject SQL command to read, modify, and delete database contents. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-8330.md b/2024/CVE-2024-8330.md new file mode 100644 index 000000000..3fb71f511 --- /dev/null +++ b/2024/CVE-2024-8330.md @@ -0,0 +1,17 @@ +### [CVE-2024-8330](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8330) +![](https://img.shields.io/static/v1?label=Product&message=6SHR%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%200%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload%20of%20File%20with%20Dangerous%20Type&color=brighgreen) + +### Description + +6SHR system from Gether Technology does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload web shell scripts and use them to execute arbitrary system commands on the server. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/github.txt b/github.txt index cbd78c2cf..6e67c146c 100644 --- a/github.txt +++ b/github.txt @@ -61,6 +61,7 @@ CVE-1999-0095 - https://github.com/joscanoga/Reto-python-CRM CVE-1999-0101 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-1999-0103 - https://github.com/vdanen/vex-reader CVE-1999-0182 - https://github.com/Parist0nH1ll/Vulnerabilities-Write-Ups +CVE-1999-0183 - https://github.com/KeerthiYasasvi/Honeypot-Data-Analysis-using-T-pot CVE-1999-0192 - https://github.com/AnyMaster/EQGRP CVE-1999-0192 - https://github.com/CKmaenn/EQGRP CVE-1999-0192 - https://github.com/CybernetiX-S3C/EQGRP_Linux @@ -105,6 +106,7 @@ CVE-1999-0372 - https://github.com/SamanShafigh/vulBERT CVE-1999-0428 - https://github.com/chnzzh/OpenSSL-CVE-lib CVE-1999-0502 - https://github.com/ahm3dhany/IDS-Evasion CVE-1999-0511 - https://github.com/anvithalolla/Tesla_PenTest +CVE-1999-0517 - https://github.com/KeerthiYasasvi/Honeypot-Data-Analysis-using-T-pot CVE-1999-0524 - https://github.com/mikemackintosh/ruby-qualys CVE-1999-0532 - https://github.com/HeiTang/ZYXEl-CTF-WriteUp CVE-1999-0635 - https://github.com/muchdogesec/cve2stix @@ -216,6 +218,7 @@ CVE-2000-0834 - https://github.com/ycdxsb/WindowsPrivilegeEscalation CVE-2000-0884 - https://github.com/mokrani-zahir/stock CVE-2000-0917 - https://github.com/LEXUEYE/oinkmaster CVE-2000-0917 - https://github.com/davidliu88/oinkmaster +CVE-2000-0917 - https://github.com/zer0duck/oinkmaster CVE-2000-0920 - https://github.com/Knighthana/YABWF CVE-2000-0935 - https://github.com/Parist0nH1ll/Vulnerabilities-Write-Ups CVE-2000-0936 - https://github.com/Parist0nH1ll/Vulnerabilities-Write-Ups @@ -285,6 +288,7 @@ CVE-2001-0236 - https://github.com/wuvuw/EQGR CVE-2001-0236 - https://github.com/x0rz/EQGRP CVE-2001-0241 - https://github.com/ARPSyndicate/cvemon CVE-2001-0241 - https://github.com/ret2eax/exploits +CVE-2001-0414 - https://github.com/KeerthiYasasvi/Honeypot-Data-Analysis-using-T-pot CVE-2001-0500 - https://github.com/ARPSyndicate/cvemon CVE-2001-0500 - https://github.com/mmpx12/netlas-go CVE-2001-0500 - https://github.com/ret2eax/exploits @@ -424,6 +428,8 @@ CVE-2001-1583 - https://github.com/Live-Hack-CVE/CVE-2001-1583 CVE-2001-1594 - https://github.com/wsbespalov/vmengine CVE-2001-3389 - https://github.com/CVEDB/awesome-cve-repo CVE-2001-3389 - https://github.com/becrevex/Gaston +CVE-2002-0012 - https://github.com/KeerthiYasasvi/Honeypot-Data-Analysis-using-T-pot +CVE-2002-0013 - https://github.com/KeerthiYasasvi/Honeypot-Data-Analysis-using-T-pot CVE-2002-0029 - https://github.com/C4ssif3r/nmap-scripts CVE-2002-0029 - https://github.com/stran0s/stran0s CVE-2002-0078 - https://github.com/andrewd-sysdig/nodejs-helloworld @@ -1624,6 +1630,7 @@ CVE-2006-3240 - https://github.com/shlin168/go-nvd CVE-2006-3274 - https://github.com/ARPSyndicate/cvemon CVE-2006-3274 - https://github.com/MrEmpy/CVE-2006-3392 CVE-2006-3274 - https://github.com/g1vi/CVE-2006-3392 +CVE-2006-3336 - https://github.com/syedayman/Network-PenTest-Project CVE-2006-3360 - https://github.com/Live-Hack-CVE/CVE-2006-3360 CVE-2006-3392 - https://github.com/0x0d3ad/Kn0ck CVE-2006-3392 - https://github.com/0xtz/CVE-2006-3392 @@ -3845,6 +3852,7 @@ CVE-2009-1386 - https://github.com/ARPSyndicate/cvemon CVE-2009-1386 - https://github.com/chnzzh/OpenSSL-CVE-lib CVE-2009-1387 - https://github.com/ARPSyndicate/cvemon CVE-2009-1387 - https://github.com/chnzzh/OpenSSL-CVE-lib +CVE-2009-1389 - https://github.com/lobo360/iptables-ubuntu CVE-2009-1390 - https://github.com/ARPSyndicate/cvemon CVE-2009-1390 - https://github.com/chnzzh/OpenSSL-CVE-lib CVE-2009-1437 - https://github.com/ARPSyndicate/cvemon @@ -7220,6 +7228,7 @@ CVE-2011-2523 - https://github.com/WanShannn/Exploit-vsftpd CVE-2011-2523 - https://github.com/Wanderwille/13.01 CVE-2011-2523 - https://github.com/XiangSi-Howard/CTF---CVE-2011-2523 CVE-2011-2523 - https://github.com/Y2FuZXBh/exploits +CVE-2011-2523 - https://github.com/YellowFederica/MTD-with-SDN CVE-2011-2523 - https://github.com/andaks1/ib01 CVE-2011-2523 - https://github.com/castiel-aj/Cybertalents-Challenges-Writeups CVE-2011-2523 - https://github.com/cherrera0001/vsftpd_2.3.4_Exploit @@ -10207,6 +10216,7 @@ CVE-2013-2006 - https://github.com/LogSec/CVE-2013-2006 CVE-2013-2015 - https://github.com/Live-Hack-CVE/CVE-2015-7509 CVE-2013-2027 - https://github.com/shadawck/mitrecve CVE-2013-2028 - https://github.com/ARPSyndicate/cvemon +CVE-2013-2028 - https://github.com/BJ-PXD/Explotacion-de-Vulnerabiliddes-bee-box CVE-2013-2028 - https://github.com/CVEDB/PoC-List CVE-2013-2028 - https://github.com/CVEDB/awesome-cve-repo CVE-2013-2028 - https://github.com/JERRY123S/all-poc @@ -16163,6 +16173,7 @@ CVE-2015-10075 - https://github.com/Live-Hack-CVE/CVE-2015-10075 CVE-2015-10078 - https://github.com/Live-Hack-CVE/CVE-2015-10078 CVE-2015-10079 - https://github.com/Live-Hack-CVE/CVE-2015-10079 CVE-2015-10087 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2015-10088 - https://github.com/DiRaltvein/memory-corruption-examples CVE-2015-10106 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2015-10125 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2015-10126 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -16269,6 +16280,7 @@ CVE-2015-1328 - https://github.com/0x1ns4n3/CVE-2015-1328-GoldenEye CVE-2015-1328 - https://github.com/ARPSyndicate/cvemon CVE-2015-1328 - https://github.com/AfvanMoopen/tryhackme- CVE-2015-1328 - https://github.com/Al1ex/LinuxEelvation +CVE-2015-1328 - https://github.com/BlackFrog-hub/cve-2015-1328 CVE-2015-1328 - https://github.com/C0dak/linux-kernel-exploits CVE-2015-1328 - https://github.com/C0dak/local-root-exploit- CVE-2015-1328 - https://github.com/DarkenCode/PoC @@ -16299,6 +16311,7 @@ CVE-2015-1328 - https://github.com/catsecorg/CatSec-TryHackMe-WriteUps CVE-2015-1328 - https://github.com/coffee727/linux-exp CVE-2015-1328 - https://github.com/copperfieldd/linux-kernel-exploits CVE-2015-1328 - https://github.com/distance-vector/linux-kernel-exploits +CVE-2015-1328 - https://github.com/elit3pwner/CVE-2015-1328-GoldenEye CVE-2015-1328 - https://github.com/fei9747/LinuxEelvation CVE-2015-1328 - https://github.com/ferovap/Tools CVE-2015-1328 - https://github.com/freelancermijan/Linux-Privilege-Escalation-Tryhackme @@ -16912,6 +16925,7 @@ CVE-2015-2170 - https://github.com/ARPSyndicate/cvemon CVE-2015-2170 - https://github.com/SRVRS094ADM/ClamAV CVE-2015-2170 - https://github.com/mrash/afl-cve CVE-2015-2171 - https://github.com/ARPSyndicate/cvemon +CVE-2015-2171 - https://github.com/flouciel/Deserialize CVE-2015-2171 - https://github.com/tthseus/Deserialize CVE-2015-2177 - https://github.com/ARPSyndicate/cvemon CVE-2015-2177 - https://github.com/lnick2023/nicenice @@ -17796,6 +17810,7 @@ CVE-2015-3854 - https://github.com/flankerhqd/JAADAS CVE-2015-3860 - https://github.com/ARPSyndicate/cvemon CVE-2015-3864 - https://github.com/ARPSyndicate/cvemon CVE-2015-3864 - https://github.com/Bhathiya404/Exploiting-Stagefright-Vulnerability-CVE-2015-3864 +CVE-2015-3864 - https://github.com/Cmadhushanka/CVE-2015-3864-Exploitation CVE-2015-3864 - https://github.com/HenryVHuang/CVE-2015-3864 CVE-2015-3864 - https://github.com/HighW4y2H3ll/libstagefrightExploit CVE-2015-3864 - https://github.com/eudemonics/scaredycat @@ -18993,6 +19008,7 @@ CVE-2015-6668 - https://github.com/N3rdyN3xus/CVE-2015-6668 CVE-2015-6668 - https://github.com/Sp3c73rSh4d0w/CVE-2015-6668 CVE-2015-6668 - https://github.com/c0d3cr4f73r/CVE-2015-6668 CVE-2015-6668 - https://github.com/crypticdante/CVE-2015-6668 +CVE-2015-6668 - https://github.com/jimdiroffii/CVE-2015-6668 CVE-2015-6668 - https://github.com/k4u5h41/CVE-2015-6668 CVE-2015-6668 - https://github.com/n3ov4n1sh/CVE-2015-6668 CVE-2015-6673 - https://github.com/andir/nixos-issue-db-example @@ -19615,6 +19631,7 @@ CVE-2015-7808 - https://github.com/SexyBeast233/SecBooks CVE-2015-7808 - https://github.com/Xcod3bughunt3r/ExploitsTools CVE-2015-7808 - https://github.com/XiphosResearch/exploits CVE-2015-7808 - https://github.com/dr4v/exploits +CVE-2015-7808 - https://github.com/flouciel/Deserialize CVE-2015-7808 - https://github.com/jmedeng/suriya73-exploits CVE-2015-7808 - https://github.com/mukarramkhalid/vBulletin-5.1.x-PreAuth-RCE CVE-2015-7808 - https://github.com/shildenbrand/Exploits @@ -19900,6 +19917,7 @@ CVE-2015-8337 - https://github.com/guoygang/vul-guoygang CVE-2015-8349 - https://github.com/ARPSyndicate/kenzer-templates CVE-2015-8351 - https://github.com/ARPSyndicate/cvemon CVE-2015-8351 - https://github.com/G01d3nW01f/CVE-2015-8351 +CVE-2015-8351 - https://github.com/G4sp4rCS/exploit-CVE-2015-8351 CVE-2015-8351 - https://github.com/Ki11i0n4ir3/CVE-2015-8351 CVE-2015-8351 - https://github.com/igruntplay/exploit-CVE-2015-8351 CVE-2015-8352 - https://github.com/ARPSyndicate/cvemon @@ -20036,6 +20054,7 @@ CVE-2015-8562 - https://github.com/ZaleHack/joomla_rce_CVE-2015-8562 CVE-2015-8562 - https://github.com/atcasanova/cve-2015-8562-exploit CVE-2015-8562 - https://github.com/bakery312/Vulhub-Reproduce CVE-2015-8562 - https://github.com/emtee40/google-explorer +CVE-2015-8562 - https://github.com/flouciel/Deserialize CVE-2015-8562 - https://github.com/guanjivip/CVE-2015-8562 CVE-2015-8562 - https://github.com/hktalent/bug-bounty CVE-2015-8562 - https://github.com/iGio90/hacking-stuff @@ -20331,6 +20350,7 @@ CVE-2015-9235 - https://github.com/MR-SS/challenge CVE-2015-9235 - https://github.com/Nucleware/powershell-jwt CVE-2015-9235 - https://github.com/WinDyAlphA/CVE-2015-9235_JWT_key_confusion CVE-2015-9235 - https://github.com/aalex954/jwt-key-confusion-poc +CVE-2015-9235 - https://github.com/armor-code/acsdk CVE-2015-9235 - https://github.com/capstone-cy-team-1/vuln-web-app CVE-2015-9235 - https://github.com/mxcezl/JWT-SecLabs CVE-2015-9235 - https://github.com/phramz/tc2022-jwt101 @@ -23329,6 +23349,7 @@ CVE-2016-20010 - https://github.com/ARPSyndicate/cvemon CVE-2016-20012 - https://github.com/ARPSyndicate/cvemon CVE-2016-20012 - https://github.com/Totes5706/TotesHTB CVE-2016-20012 - https://github.com/accalina/crowflag +CVE-2016-20012 - https://github.com/aztec-eagle/cve-2016-20012 CVE-2016-20012 - https://github.com/firatesatoglu/iot-searchengine CVE-2016-20012 - https://github.com/firatesatoglu/shodanSearch CVE-2016-20012 - https://github.com/omerfsen/terraform-almalinux-libvirt @@ -26909,6 +26930,7 @@ CVE-2016-5195 - https://github.com/sphinxs329/OSCP-PWK-Notes-Public CVE-2016-5195 - https://github.com/sribaba/android-CVE-2016-5195 CVE-2016-5195 - https://github.com/ssr-111/linux-kernel-exploitation CVE-2016-5195 - https://github.com/sv3nbeast/Attack-Notes +CVE-2016-5195 - https://github.com/syedayman/Network-PenTest-Project CVE-2016-5195 - https://github.com/talent-x90c/cve_list CVE-2016-5195 - https://github.com/tangsilian/android-vuln CVE-2016-5195 - https://github.com/teamssix/container-escape-check @@ -30183,6 +30205,7 @@ CVE-2017-0143 - https://github.com/Larry-Wilkes-CyberCloud/Nessus-Scans CVE-2017-0143 - https://github.com/Lynk4/Windows-Server-2008-VAPT CVE-2017-0143 - https://github.com/Micr067/Pentest_Note CVE-2017-0143 - https://github.com/MinYoungLeeDev/Attack-Defense-Analysis-of-a-Vulnerable-Network +CVE-2017-0143 - https://github.com/N3rdyN3xus/MS17-010_CVE-2017-0143 CVE-2017-0143 - https://github.com/NatteeSetobol/Etern-blue-Windows-7-Checker CVE-2017-0143 - https://github.com/Nieuport/Active-Directory-Kill-Chain-Attack-Defense CVE-2017-0143 - https://github.com/Ostorlab/KEV @@ -30406,12 +30429,14 @@ CVE-2017-0144 - https://github.com/retr0-13/AD-Attack-Defense CVE-2017-0144 - https://github.com/revanmalang/OSCP CVE-2017-0144 - https://github.com/rvsvishnuv/rvsvishnuv.github.io CVE-2017-0144 - https://github.com/shubhamg0sai/All_top_500_hacking_tool +CVE-2017-0144 - https://github.com/shubhamg0sai/top_500_tool CVE-2017-0144 - https://github.com/skeeperloyaltie/network CVE-2017-0144 - https://github.com/skhjacksonheights/bestTermuxTools_skh CVE-2017-0144 - https://github.com/sponkmonk/Ladon_english_update CVE-2017-0144 - https://github.com/starlingvibes/TryHackMe CVE-2017-0144 - https://github.com/sunzu94/AD-Attack-Defense CVE-2017-0144 - https://github.com/sworatz/toolx500 +CVE-2017-0144 - https://github.com/syedayman/Network-PenTest-Project CVE-2017-0144 - https://github.com/tataev/Security CVE-2017-0144 - https://github.com/trhacknon/scan4all CVE-2017-0144 - https://github.com/txuswashere/OSCP @@ -30496,9 +30521,11 @@ CVE-2017-0145 - https://github.com/peterpt/eternal_scanner CVE-2017-0145 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-0145 - https://github.com/retr0-13/AD-Attack-Defense CVE-2017-0145 - https://github.com/shubhamg0sai/All_top_500_hacking_tool +CVE-2017-0145 - https://github.com/shubhamg0sai/top_500_tool CVE-2017-0145 - https://github.com/skhjacksonheights/bestTermuxTools_skh CVE-2017-0145 - https://github.com/sunzu94/AD-Attack-Defense CVE-2017-0145 - https://github.com/sworatz/toolx500 +CVE-2017-0145 - https://github.com/syedayman/Network-PenTest-Project CVE-2017-0145 - https://github.com/tataev/Security CVE-2017-0145 - https://github.com/trhacknon/scan4all CVE-2017-0145 - https://github.com/uroboros-security/SMB-CVE @@ -31720,6 +31747,7 @@ CVE-2017-1000112 - https://github.com/kyuna312/Linux_menthor CVE-2017-1000112 - https://github.com/lnick2023/nicenice CVE-2017-1000112 - https://github.com/m0mkris/linux-kernel-exploits CVE-2017-1000112 - https://github.com/maririn312/Linux_menthor +CVE-2017-1000112 - https://github.com/milabs/kiddy CVE-2017-1000112 - https://github.com/milabs/lkrg-bypass CVE-2017-1000112 - https://github.com/mzet-/linux-exploit-suggester CVE-2017-1000112 - https://github.com/n3t1nv4d3/kernel-exploits @@ -35495,6 +35523,7 @@ CVE-2017-15710 - https://github.com/ShattenJager81/Cyber-2 CVE-2017-15710 - https://github.com/Xorlent/Red-Teaming-TTPs CVE-2017-15710 - https://github.com/austin-lai/External-Penetration-Testing-Holo-Corporate-Network-TryHackMe-Holo-Network CVE-2017-15710 - https://github.com/bioly230/THM_Skynet +CVE-2017-15710 - https://github.com/fdool73/insightvm_slackbot CVE-2017-15710 - https://github.com/firatesatoglu/shodanSearch CVE-2017-15710 - https://github.com/rackerlabs/insightvm_slackbot CVE-2017-15710 - https://github.com/retr0-13/nrich @@ -35686,6 +35715,7 @@ CVE-2017-16030 - https://github.com/ARPSyndicate/cvemon CVE-2017-16030 - https://github.com/ossf-cve-benchmark/CVE-2017-16030 CVE-2017-16031 - https://github.com/PalindromeLabs/awesome-websocket-security CVE-2017-16031 - https://github.com/ossf-cve-benchmark/CVE-2017-16031 +CVE-2017-16034 - https://github.com/ossf-cve-benchmark/CVE-2017-16034 CVE-2017-16035 - https://github.com/ARPSyndicate/cvemon CVE-2017-16036 - https://github.com/ARPSyndicate/cvemon CVE-2017-16037 - https://github.com/ARPSyndicate/cvemon @@ -35721,6 +35751,7 @@ CVE-2017-16082 - https://github.com/ossf-cve-benchmark/CVE-2017-16082 CVE-2017-16083 - https://github.com/ossf-cve-benchmark/CVE-2017-16083 CVE-2017-16084 - https://github.com/ossf-cve-benchmark/CVE-2017-16084 CVE-2017-16086 - https://github.com/ARPSyndicate/cvemon +CVE-2017-16087 - https://github.com/ossf-cve-benchmark/CVE-2017-16087 CVE-2017-16088 - https://github.com/ARPSyndicate/cvemon CVE-2017-16088 - https://github.com/Flyy-yu/CVE-2017-16088 CVE-2017-16088 - https://github.com/hacksparrow/safe-eval @@ -40294,6 +40325,7 @@ CVE-2017-7269 - https://github.com/H0j3n/EzpzCheatSheet CVE-2017-7269 - https://github.com/HacTF/poc--exp CVE-2017-7269 - https://github.com/JERRY123S/all-poc CVE-2017-7269 - https://github.com/Mr-xn/Penetration_Testing_POC +CVE-2017-7269 - https://github.com/N3rdyN3xus/CVE-2017-7269 CVE-2017-7269 - https://github.com/NetW0rK1le3r/awesome-hacking-lists CVE-2017-7269 - https://github.com/Ostorlab/KEV CVE-2017-7269 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors @@ -40641,6 +40673,7 @@ CVE-2017-7494 - https://github.com/AnonVulc/Pentest-Tools CVE-2017-7494 - https://github.com/Astrogeorgeonethree/Starred CVE-2017-7494 - https://github.com/Astrogeorgeonethree/Starred2 CVE-2017-7494 - https://github.com/Atem1988/Starred +CVE-2017-7494 - https://github.com/BJ-PXD/Explotacion-de-Vulnerabiliddes-bee-box CVE-2017-7494 - https://github.com/C0dak/linux-kernel-exploits CVE-2017-7494 - https://github.com/C0dak/local-root-exploit- CVE-2017-7494 - https://github.com/CVEDB/PoC-List @@ -42088,6 +42121,7 @@ CVE-2017-8625 - https://github.com/84KaliPleXon3/PENTESTING-BIBLE CVE-2017-8625 - https://github.com/ARPSyndicate/cvemon CVE-2017-8625 - https://github.com/AdhamRammadan/CyberRoad CVE-2017-8625 - https://github.com/Ashadowkhan/PENTESTINGBIBLE +CVE-2017-8625 - https://github.com/DefensiveThinking/list-infosec-encyclopedia CVE-2017-8625 - https://github.com/Digit4lBytes/RedTeam CVE-2017-8625 - https://github.com/DigitalQuinn/InfosecCompilation CVE-2017-8625 - https://github.com/Fa1c0n35/Awesome-Red-Teaming. @@ -43445,6 +43479,7 @@ CVE-2017-9810 - https://github.com/lean0x2F/lean0x2f.github.io CVE-2017-9811 - https://github.com/lean0x2F/lean0x2f.github.io CVE-2017-9812 - https://github.com/lean0x2F/lean0x2f.github.io CVE-2017-9813 - https://github.com/lean0x2F/lean0x2f.github.io +CVE-2017-9814 - https://github.com/adegoodyer/kubernetes-admin-toolkit CVE-2017-9822 - https://github.com/ARPSyndicate/cvemon CVE-2017-9822 - https://github.com/ARPSyndicate/kenzer-templates CVE-2017-9822 - https://github.com/BLACKHAT-SSG/OSWE-Preparation- @@ -43618,6 +43653,7 @@ CVE-2018-0101 - https://github.com/ARPSyndicate/kenzer-templates CVE-2018-0101 - https://github.com/Correia-jpv/fucking-awesome-honeypots CVE-2018-0101 - https://github.com/Cymmetria/ciscoasa_honeypot CVE-2018-0101 - https://github.com/Elsfa7-110/kenzer-templates +CVE-2018-0101 - https://github.com/KeerthiYasasvi/Honeypot-Data-Analysis-using-T-pot CVE-2018-0101 - https://github.com/Mehedi-Babu/honeypots_cyber CVE-2018-0101 - https://github.com/Nieuport/-awesome-honeypots- CVE-2018-0101 - https://github.com/Ondrik8/-Security @@ -45316,6 +45352,7 @@ CVE-2018-1056 - https://github.com/developer3000S/PoC-in-GitHub CVE-2018-1056 - https://github.com/hectorgie/PoC-in-GitHub CVE-2018-10561 - https://github.com/0x0d3ad/Kn0ck CVE-2018-10561 - https://github.com/0xT11/CVE-POC +CVE-2018-10561 - https://github.com/20142995/nuclei-templates CVE-2018-10561 - https://github.com/ARPSyndicate/cvemon CVE-2018-10561 - https://github.com/ATpiu/CVE-2018-10562 CVE-2018-10561 - https://github.com/EvilAnne/Python_Learn @@ -46166,6 +46203,7 @@ CVE-2018-11776 - https://github.com/HxDDD/CVE-PoC CVE-2018-11776 - https://github.com/IkerSaint/VULNAPP-vulnerable-app CVE-2018-11776 - https://github.com/Ivan1ee/struts2-057-exp CVE-2018-11776 - https://github.com/JERRY123S/all-poc +CVE-2018-11776 - https://github.com/KeerthiYasasvi/Honeypot-Data-Analysis-using-T-pot CVE-2018-11776 - https://github.com/LightC0der/Apache-Struts-0Day-Exploit CVE-2018-11776 - https://github.com/Maarckz/PayloadParaTudo CVE-2018-11776 - https://github.com/Muhammd/Awesome-Payloads @@ -51082,6 +51120,7 @@ CVE-2018-20148 - https://github.com/ARPSyndicate/cvemon CVE-2018-20148 - https://github.com/Afetter618/WordPress-PenTest CVE-2018-20148 - https://github.com/Byebyesky/IT-Security-Projekt CVE-2018-20148 - https://github.com/El-Palomo/DerpNStink +CVE-2018-20148 - https://github.com/flouciel/WooCommerce-CVEs CVE-2018-20148 - https://github.com/nth347/CVE-2018-20148_exploit CVE-2018-20148 - https://github.com/tthseus/WooCommerce-CVEs CVE-2018-20149 - https://github.com/ARPSyndicate/cvemon @@ -60957,6 +60996,9 @@ CVE-2019-11358 - https://github.com/Anti-Shulk/ramsettetestig CVE-2019-11358 - https://github.com/AntofeOctavian/AntofeRTC1 CVE-2019-11358 - https://github.com/AntonianERA/FtcRobotController-master-8.1.1 CVE-2019-11358 - https://github.com/AntonioAlecs/FTC- +CVE-2019-11358 - https://github.com/AnyiLin/10158-Centerstage +CVE-2019-11358 - https://github.com/AnyiLin/10158-Power-Play +CVE-2019-11358 - https://github.com/AnyiLin/Monocular-Visual-Odometry-FTC CVE-2019-11358 - https://github.com/Apollo9662/sdk_9_0_1 CVE-2019-11358 - https://github.com/Apple-CRISPR/FtcRobotController_2021 CVE-2019-11358 - https://github.com/AravNeroth/2023-2024-Robolobos-FTC-14363 @@ -61678,6 +61720,7 @@ CVE-2019-11358 - https://github.com/FTC9013/Team-9013-ftc_app-2023-2024 CVE-2019-11358 - https://github.com/FTC9182/FTC9182-2021-2022 CVE-2019-11358 - https://github.com/FTC9837/FTC9837_UltimateGoal CVE-2019-11358 - https://github.com/FTC9889/CC_9889_2020_2021 +CVE-2019-11358 - https://github.com/FTCCrashAndBurn/FtcRobotController-23 CVE-2019-11358 - https://github.com/FTCCyclone/CycloneRobotController CVE-2019-11358 - https://github.com/FTCJoeBots/2020-JoeBots-Training-Ground CVE-2019-11358 - https://github.com/FTCJoeBots/2023-ChassisBot @@ -63497,6 +63540,7 @@ CVE-2019-11358 - https://github.com/collinsch2/java_ftc_crimson CVE-2019-11358 - https://github.com/connorjlink/FtcRobotController2021 CVE-2019-11358 - https://github.com/coreycoreycorey/FtcRobotController CVE-2019-11358 - https://github.com/cormickf/Ftc-Powerplay +CVE-2019-11358 - https://github.com/coronerx/5404FTC CVE-2019-11358 - https://github.com/cosmin-26/ftc-qube CVE-2019-11358 - https://github.com/cosmin-26/ftc23.camera CVE-2019-11358 - https://github.com/cozymentor/FTC2022 @@ -64085,6 +64129,7 @@ CVE-2019-11358 - https://github.com/lakeridgeacademy/2022-power-play CVE-2019-11358 - https://github.com/lancelarsen/PhoenixForceFreightFrenzy CVE-2019-11358 - https://github.com/lancelarsen/PhoenixForceUltimateGoal CVE-2019-11358 - https://github.com/lancelarsen/PhoenixForceUltimateGoal2 +CVE-2019-11358 - https://github.com/lancelarsen/PhoenixForceUltimateGoal3 CVE-2019-11358 - https://github.com/largoftc/Firsttech CVE-2019-11358 - https://github.com/larrytao05/FtcRobotController CVE-2019-11358 - https://github.com/laupetre/FTC-2021 @@ -64488,6 +64533,7 @@ CVE-2019-11358 - https://github.com/serg-tel/RainyDays-22594-CenterStage CVE-2019-11358 - https://github.com/sesmar/FtcRobotController-8.0 CVE-2019-11358 - https://github.com/sgarciaabad/FtcRobotController-9.0 CVE-2019-11358 - https://github.com/sgu-101/FTC-8569 +CVE-2019-11358 - https://github.com/sgu-101/FTC-8569-CenterStage CVE-2019-11358 - https://github.com/sgutierrez8c54/Ftc2020 CVE-2019-11358 - https://github.com/sgutierrez8c54/PowerPlay202223 CVE-2019-11358 - https://github.com/shalinda/ftcpowerplay @@ -64915,6 +64961,7 @@ CVE-2019-11481 - https://github.com/ARPSyndicate/cvemon CVE-2019-11484 - https://github.com/ARPSyndicate/cvemon CVE-2019-11486 - https://github.com/Sec20-Paper310/Paper310 CVE-2019-11487 - https://github.com/ARPSyndicate/cvemon +CVE-2019-11500 - https://github.com/KeerthiYasasvi/Honeypot-Data-Analysis-using-T-pot CVE-2019-11507 - https://github.com/jaychouzzk/Pulse-Secure-SSL-VPN-CVE-2019 CVE-2019-11508 - https://github.com/jaychouzzk/Pulse-Secure-SSL-VPN-CVE-2019 CVE-2019-1151 - https://github.com/ExpLangcn/FuYao-Go @@ -65558,6 +65605,7 @@ CVE-2019-1234 - https://github.com/ARPSyndicate/cvemon CVE-2019-1234 - https://github.com/andrescl94/vuln-management-api CVE-2019-1234 - https://github.com/ashdsetty/Cloud-Security-Purple-Teaming CVE-2019-1234 - https://github.com/ashdsetty/Detection +CVE-2019-12345 - https://github.com/priamai/cyberlangchain CVE-2019-1234567 - https://github.com/ma5hr00m/HelloWeb CVE-2019-1234567 - https://github.com/ma5hr00m/hello-web CVE-2019-12356 - https://github.com/ARPSyndicate/cvemon @@ -71380,6 +71428,7 @@ CVE-2019-19781 - https://github.com/JERRY123S/all-poc CVE-2019-19781 - https://github.com/JamesG-Zero/Shitrix-CVE-2019-19781 CVE-2019-19781 - https://github.com/Jean-Francois-C/Windows-Penetration-Testing CVE-2019-19781 - https://github.com/KayCHENvip/vulnerability-poc +CVE-2019-19781 - https://github.com/KeerthiYasasvi/Honeypot-Data-Analysis-using-T-pot CVE-2019-19781 - https://github.com/L4r1k/CitrixNetscalerAnalysis CVE-2019-19781 - https://github.com/LeapBeyond/cve_2019_19781 CVE-2019-19781 - https://github.com/MalwareTech/CitrixHoneypot @@ -74327,6 +74376,7 @@ CVE-2019-6454 - https://github.com/flyrev/security-scan-ci-presentation CVE-2019-6455 - https://github.com/strongcourage/uafbench CVE-2019-6461 - https://github.com/adegoodyer/kubernetes-admin-toolkit CVE-2019-6461 - https://github.com/facebookincubator/meta-fbvuln +CVE-2019-6462 - https://github.com/adegoodyer/kubernetes-admin-toolkit CVE-2019-6462 - https://github.com/facebookincubator/meta-fbvuln CVE-2019-6465 - https://github.com/ARPSyndicate/cvemon CVE-2019-6465 - https://github.com/HJXSaber/bind9-my @@ -74835,6 +74885,7 @@ CVE-2019-7310 - https://github.com/0xCyberY/CVE-T4PDF CVE-2019-7310 - https://github.com/ARPSyndicate/cvemon CVE-2019-7310 - https://github.com/mxmssh/manul CVE-2019-7314 - https://github.com/12qwetyd/upgdfuzz +CVE-2019-7314 - https://github.com/5angjun/aflnet CVE-2019-7314 - https://github.com/ARPSyndicate/cvemon CVE-2019-7314 - https://github.com/Arbusz/aflnet CVE-2019-7314 - https://github.com/Arbusz/c2sfuzz @@ -75885,6 +75936,7 @@ CVE-2019-9164 - https://github.com/ARPSyndicate/cvemon CVE-2019-9166 - https://github.com/ARPSyndicate/cvemon CVE-2019-9166 - https://github.com/polict/CVE-2019-9202 CVE-2019-9167 - https://github.com/ARPSyndicate/cvemon +CVE-2019-9168 - https://github.com/flouciel/WooCommerce-CVEs CVE-2019-9168 - https://github.com/tthseus/WooCommerce-CVEs CVE-2019-9169 - https://github.com/flyrev/security-scan-ci-presentation CVE-2019-9184 - https://github.com/0xT11/CVE-POC @@ -78811,6 +78863,7 @@ CVE-2020-10013 - https://github.com/didi/kemon CVE-2020-10014 - https://github.com/Live-Hack-CVE/CVE-2020-10014 CVE-2020-10021 - https://github.com/ARPSyndicate/cvemon CVE-2020-10021 - https://github.com/CBackyx/CVE-Reproduction +CVE-2020-10021 - https://github.com/DependableSystemsLab/AutoPatch CVE-2020-10021 - https://github.com/Moh3nsalehi/AutoPatchCode CVE-2020-10023 - https://github.com/ARPSyndicate/cvemon CVE-2020-10023 - https://github.com/CBackyx/CVE-Reproduction @@ -81186,6 +81239,7 @@ CVE-2020-11898 - https://github.com/SamuelGaudemer/POC_CVE-2020-11898 CVE-2020-11898 - https://github.com/alphaSeclab/sec-daily-2020 CVE-2020-11898 - https://github.com/fang0654/ripple_poc CVE-2020-11899 - https://github.com/CERTCC/PoC-Exploits/tree/master/vu-257161/scripts +CVE-2020-11899 - https://github.com/KeerthiYasasvi/Honeypot-Data-Analysis-using-T-pot CVE-2020-11899 - https://github.com/Ostorlab/KEV CVE-2020-11899 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors CVE-2020-11899 - https://github.com/panios/suricata_parser @@ -84042,6 +84096,7 @@ CVE-2020-1472 - https://github.com/sunzu94/AD-Attack-Defense CVE-2020-1472 - https://github.com/suzi007/RedTeam_Note CVE-2020-1472 - https://github.com/sv3nbeast/CVE-2020-1472 CVE-2020-1472 - https://github.com/svbjdbk123/ReadTeam +CVE-2020-1472 - https://github.com/syedayman/Network-PenTest-Project CVE-2020-1472 - https://github.com/t31m0/CVE-2020-1472 CVE-2020-1472 - https://github.com/t31m0/Zero CVE-2020-1472 - https://github.com/tanjiti/sec_profile @@ -90701,6 +90756,7 @@ CVE-2020-28415 - https://github.com/developer3000S/PoC-in-GitHub CVE-2020-28415 - https://github.com/hectorgie/PoC-in-GitHub CVE-2020-28415 - https://github.com/jet-pentest/CVE-2020-28415 CVE-2020-28415 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2020-28429 - https://github.com/20142995/nuclei-templates CVE-2020-28436 - https://github.com/ARPSyndicate/cvemon CVE-2020-28442 - https://github.com/dellalibera/dellalibera CVE-2020-28445 - https://github.com/ARPSyndicate/cvemon @@ -97019,6 +97075,7 @@ CVE-2020-9496 - https://github.com/BrittanyKuhn/javascript-tutorial CVE-2020-9496 - https://github.com/Elsfa7-110/kenzer-templates CVE-2020-9496 - https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet CVE-2020-9496 - https://github.com/HimmelAward/Goby_POC +CVE-2020-9496 - https://github.com/JulianWu520/DriedMango CVE-2020-9496 - https://github.com/Ly0nt4r/CVE-2020-9496 CVE-2020-9496 - https://github.com/MrMeizhi/DriedMango CVE-2020-9496 - https://github.com/SexyBeast233/SecBooks @@ -103112,6 +103169,7 @@ CVE-2021-24946 - https://github.com/ezelnur6327/ezelnur6327 CVE-2021-24947 - https://github.com/ARPSyndicate/cvemon CVE-2021-24947 - https://github.com/ARPSyndicate/kenzer-templates CVE-2021-24947 - https://github.com/kazet/wpgarlic +CVE-2021-24962 - https://github.com/syedayman/Network-PenTest-Project CVE-2021-24966 - https://github.com/ARPSyndicate/cvemon CVE-2021-24970 - https://github.com/ARPSyndicate/cvemon CVE-2021-24977 - https://github.com/ARPSyndicate/cvemon @@ -104095,6 +104153,7 @@ CVE-2021-26295 - https://github.com/GGStudy-DDUp/2021hvv_vul CVE-2021-26295 - https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet CVE-2021-26295 - https://github.com/Henry4E36/Apache-OFBiz-Vul CVE-2021-26295 - https://github.com/HimmelAward/Goby_POC +CVE-2021-26295 - https://github.com/JulianWu520/DriedMango CVE-2021-26295 - https://github.com/KayCHENvip/vulnerability-poc CVE-2021-26295 - https://github.com/Li468446/Apache_poc CVE-2021-26295 - https://github.com/Miraitowa70/POC-Notes @@ -106510,6 +106569,7 @@ CVE-2021-29447 - https://github.com/0xRar/CVE-2021-29447-PoC CVE-2021-29447 - https://github.com/0xjukai/Web-security CVE-2021-29447 - https://github.com/ARPSyndicate/cvemon CVE-2021-29447 - https://github.com/Abdulazizalsewedy/CVE-2021-29447 +CVE-2021-29447 - https://github.com/Aijoo100/Aijoo100 CVE-2021-29447 - https://github.com/Anogota/MetaTwo CVE-2021-29447 - https://github.com/AssassinUKG/CVE-2021-29447 CVE-2021-29447 - https://github.com/AssassinUKG/Writeups @@ -107138,6 +107198,7 @@ CVE-2021-3060 - https://github.com/trhacknon/Pocingit CVE-2021-3060 - https://github.com/whoforget/CVE-POC CVE-2021-3060 - https://github.com/youwizard/CVE-POC CVE-2021-3060 - https://github.com/zecool/cve +CVE-2021-30600 - https://github.com/splunk-soar-connectors/microsoftdefenderforendpoint CVE-2021-30600 - https://github.com/splunk-soar-connectors/windowsdefenderatp CVE-2021-3062 - https://github.com/ARPSyndicate/cvemon CVE-2021-30623 - https://github.com/CrackerCat/CVE-2021-30632 @@ -110644,6 +110705,7 @@ CVE-2021-3493 - https://github.com/0xsyr0/OSCP CVE-2021-3493 - https://github.com/20142995/sectool CVE-2021-3493 - https://github.com/ARPSyndicate/cvemon CVE-2021-3493 - https://github.com/Abdennour-py/CVE-2021-3493 +CVE-2021-3493 - https://github.com/Aijoo100/Aijoo100 CVE-2021-3493 - https://github.com/Al1ex/LinuxEelvation CVE-2021-3493 - https://github.com/AmIAHuman/OverlayFS-CVE-2021-3493 CVE-2021-3493 - https://github.com/Anekant-Singhai/Exploits @@ -111080,6 +111142,7 @@ CVE-2021-3560 - https://github.com/0xZipp0/OSCP CVE-2021-3560 - https://github.com/0xsmirk/vehicle-kernel-exploit CVE-2021-3560 - https://github.com/0xsyr0/OSCP CVE-2021-3560 - https://github.com/ARPSyndicate/cvemon +CVE-2021-3560 - https://github.com/Aijoo100/Aijoo100 CVE-2021-3560 - https://github.com/Almorabea/Polkit-exploit CVE-2021-3560 - https://github.com/AnastasiaLomova/PR1 CVE-2021-3560 - https://github.com/AnastasiaLomova/PR1.1 @@ -111829,6 +111892,7 @@ CVE-2021-36934 - https://github.com/rumputliar/Active-Directory-Exploitation-Che CVE-2021-36934 - https://github.com/s3mPr1linux/JUST_WALKING_DOG CVE-2021-36934 - https://github.com/shaktavist/SeriousSam CVE-2021-36934 - https://github.com/soosmile/POC +CVE-2021-36934 - https://github.com/splunk-soar-connectors/microsoftdefenderforendpoint CVE-2021-36934 - https://github.com/splunk-soar-connectors/windowsdefenderatp CVE-2021-36934 - https://github.com/sponkmonk/Ladon_english_update CVE-2021-36934 - https://github.com/taielab/awesome-hacking-lists @@ -115250,6 +115314,7 @@ CVE-2021-41773 - https://github.com/5gstudent/cve-2021-41773-and-cve-2021-42013 CVE-2021-41773 - https://github.com/ARPSyndicate/cvemon CVE-2021-41773 - https://github.com/ARPSyndicate/kenzer-templates CVE-2021-41773 - https://github.com/AdrMAr5/baiim +CVE-2021-41773 - https://github.com/Aijoo100/Aijoo100 CVE-2021-41773 - https://github.com/AkshayraviC09YC47/CVE-Exploits CVE-2021-41773 - https://github.com/AnonymouID/POC CVE-2021-41773 - https://github.com/ArrestX/--POC @@ -115916,6 +115981,7 @@ CVE-2021-42169 - https://github.com/ARPSyndicate/cvemon CVE-2021-42169 - https://github.com/Offensive-Penetration-Security/OPSEC-Hall-of-fame CVE-2021-42169 - https://github.com/nu11secur1ty/CVE-mitre CVE-2021-4217 - https://github.com/ARPSyndicate/cvemon +CVE-2021-4217 - https://github.com/adegoodyer/kubernetes-admin-toolkit CVE-2021-42171 - https://github.com/ARPSyndicate/cvemon CVE-2021-42171 - https://github.com/NaInSec/CVE-PoC-in-GitHub CVE-2021-42171 - https://github.com/SYRTI/POC_to_review @@ -122201,6 +122267,7 @@ CVE-2022-0847 - https://github.com/4bhishek0/CVE-2022-0847-Poc CVE-2022-0847 - https://github.com/4luc4rdr5290/CVE-2022-0847 CVE-2022-0847 - https://github.com/ARPSyndicate/cvemon CVE-2022-0847 - https://github.com/Abhi-1712/ejpt-roadmap +CVE-2022-0847 - https://github.com/Aijoo100/Aijoo100 CVE-2022-0847 - https://github.com/Al1ex/CVE-2022-0847 CVE-2022-0847 - https://github.com/Al1ex/LinuxEelvation CVE-2022-0847 - https://github.com/AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits @@ -124007,6 +124074,7 @@ CVE-2022-20053 - https://github.com/pokerfacett/MY_CVE_CREDIT CVE-2022-2006 - https://github.com/Live-Hack-CVE/CVE-2022-2006 CVE-2022-20066 - https://github.com/Live-Hack-CVE/CVE-2022-20066 CVE-2022-2007 - https://github.com/Live-Hack-CVE/CVE-2022-2007 +CVE-2022-20073 - https://github.com/m1erphy/CVE-2022-20073 CVE-2022-2008 - https://github.com/Live-Hack-CVE/CVE-2022-2008 CVE-2022-20098 - https://github.com/ARPSyndicate/cvemon CVE-2022-20098 - https://github.com/pokerfacett/MY_CVE_CREDIT @@ -128876,6 +128944,7 @@ CVE-2022-24396 - https://github.com/ARPSyndicate/cvemon CVE-2022-24396 - https://github.com/Onapsis/vulnerability_advisories CVE-2022-24399 - https://github.com/ARPSyndicate/cvemon CVE-2022-24399 - https://github.com/Onapsis/vulnerability_advisories +CVE-2022-2440 - https://github.com/20142995/nuclei-templates CVE-2022-24407 - https://github.com/ARPSyndicate/cvemon CVE-2022-24407 - https://github.com/fokypoky/places-list CVE-2022-24422 - https://github.com/ARPSyndicate/cvemon @@ -139124,12 +139193,14 @@ CVE-2022-38688 - https://github.com/pokerfacett/MY_CVE_CREDIT CVE-2022-38689 - https://github.com/ARPSyndicate/cvemon CVE-2022-38689 - https://github.com/pokerfacett/MY_CVE_CREDIT CVE-2022-3869 - https://github.com/20142995/nuclei-templates +CVE-2022-38691 - https://github.com/StrayDragon/awesome-stars CVE-2022-38691 - https://github.com/TomKing062/CVE-2022-38691_38692 CVE-2022-38691 - https://github.com/TomKing062/CVE-2022-38694_unlock_bootloader CVE-2022-38694 - https://github.com/4bitFox/hisense_a7cc CVE-2022-38694 - https://github.com/771767383/ZTEyuanhang30sUnlock CVE-2022-38694 - https://github.com/HikariCalyx/hmd-nokia-codename CVE-2022-38694 - https://github.com/KDXF-BOOM/studentpad-research +CVE-2022-38694 - https://github.com/StrayDragon/awesome-stars CVE-2022-38694 - https://github.com/TomKing062/CVE-2022-38694_unlock_bootloader CVE-2022-38694 - https://github.com/c1rcle-xy/https-github.com-KDXF-BOOM-studentpad-research CVE-2022-38694 - https://github.com/melontini/bootloader-unlock-wall-of-shame @@ -140521,6 +140592,7 @@ CVE-2022-41401 - https://github.com/ixSly/CVE-2022-41401 CVE-2022-41401 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2022-41403 - https://github.com/IP-CAM/Opencart-v.3.x-Newsletter-Custom-Popup-contain-SQL-injection CVE-2022-41404 - https://github.com/veracode/ini4j_unpatched_DoS +CVE-2022-41409 - https://github.com/adegoodyer/kubernetes-admin-toolkit CVE-2022-41409 - https://github.com/fokypoky/places-list CVE-2022-41412 - https://github.com/k0mi-tg/CVE-POC CVE-2022-41412 - https://github.com/manas3c/CVE-POC @@ -143144,6 +143216,7 @@ CVE-2023-0157 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2023-0157 - https://github.com/xu-xiang/awesome-security-vul-llm CVE-2023-0158 - https://github.com/ARPSyndicate/cvemon CVE-2023-0158 - https://github.com/NLnetLabs/krill +CVE-2023-0159 - https://github.com/Chocapikk/Chocapikk CVE-2023-0159 - https://github.com/im-hanzou/EVCer CVE-2023-0159 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2023-0159 - https://github.com/xu-xiang/awesome-security-vul-llm @@ -143529,6 +143602,7 @@ CVE-2023-0833 - https://github.com/hinat0y/Dataset9 CVE-2023-0834 - https://github.com/sanchar21/Journal-Final21 CVE-2023-0836 - https://github.com/ARPSyndicate/cvemon CVE-2023-0837 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2023-0841 - https://github.com/DiRaltvein/memory-corruption-examples CVE-2023-0842 - https://github.com/cristianovisk/intel-toolkit CVE-2023-0842 - https://github.com/seal-community/patches CVE-2023-0845 - https://github.com/tdunlap607/docker_vs_cg @@ -145115,6 +145189,7 @@ CVE-2023-22515 - https://github.com/AIex-3/confluence-hack CVE-2023-22515 - https://github.com/AdamCrosser/awesome-vuln-writeups CVE-2023-22515 - https://github.com/Adonijah01/InfoSec365 CVE-2023-22515 - https://github.com/Adonijah01/Schedule +CVE-2023-22515 - https://github.com/Aijoo100/Aijoo100 CVE-2023-22515 - https://github.com/Awrrays/FrameVul CVE-2023-22515 - https://github.com/C1ph3rX13/CVE-2023-22515 CVE-2023-22515 - https://github.com/C1ph3rX13/CVE-2023-22518 @@ -145396,6 +145471,7 @@ CVE-2023-22884 - https://github.com/abrahim7112/Vulnerability-checking-program-f CVE-2023-22884 - https://github.com/jakabakos/CVE-2023-22884-Airflow-SQLi CVE-2023-22884 - https://github.com/kohnakagawa/kohnakagawa CVE-2023-22884 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2023-22893 - https://github.com/20142995/nuclei-templates CVE-2023-22893 - https://github.com/ARPSyndicate/cvemon CVE-2023-22894 - https://github.com/ARPSyndicate/cvemon CVE-2023-22894 - https://github.com/Saboor-Hakimi/CVE-2023-22894 @@ -146793,6 +146869,7 @@ CVE-2023-26396 - https://github.com/kohnakagawa/kohnakagawa CVE-2023-2640 - https://github.com/0xWhoami35/root-kernel CVE-2023-2640 - https://github.com/0xsyr0/OSCP CVE-2023-2640 - https://github.com/CVEDB/awesome-cve-repo +CVE-2023-2640 - https://github.com/CVEDB/top CVE-2023-2640 - https://github.com/Ev3rPalestine/Analytics-HTB-Walkthrough CVE-2023-2640 - https://github.com/GhostTroops/TOP CVE-2023-2640 - https://github.com/HaxorSecInfec/autoroot.sh @@ -146940,6 +147017,7 @@ CVE-2023-26768 - https://github.com/ARPSyndicate/cvemon CVE-2023-26768 - https://github.com/Marsman1996/pocs CVE-2023-26769 - https://github.com/ARPSyndicate/cvemon CVE-2023-26769 - https://github.com/Marsman1996/pocs +CVE-2023-26801 - https://github.com/KeerthiYasasvi/Honeypot-Data-Analysis-using-T-pot CVE-2023-2681 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-26817 - https://github.com/youyou-pm10/MyCVEs CVE-2023-26818 - https://github.com/Zeyad-Azima/CVE-2023-26818 @@ -147104,6 +147182,7 @@ CVE-2023-27350 - https://github.com/0ximan1337/CVE-2023-27350-POC CVE-2023-27350 - https://github.com/ARPSyndicate/cvemon CVE-2023-27350 - https://github.com/ASG-CASTLE/CVE-2023-27350 CVE-2023-27350 - https://github.com/AdamCrosser/awesome-vuln-writeups +CVE-2023-27350 - https://github.com/Aijoo100/Aijoo100 CVE-2023-27350 - https://github.com/Jenderal92/CVE-2023-27350 CVE-2023-27350 - https://github.com/Loginsoft-LLC/Linux-Exploit-Detection CVE-2023-27350 - https://github.com/Loginsoft-Research/Linux-Exploit-Detection @@ -147656,6 +147735,7 @@ CVE-2023-28343 - https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main CVE-2023-28343 - https://github.com/superzerosec/CVE-2023-28343 CVE-2023-28343 - https://github.com/superzerosec/poc-exploit-index CVE-2023-28362 - https://github.com/elttam/publications +CVE-2023-2837 - https://github.com/7resp4ss/7resp4ss CVE-2023-28370 - https://github.com/HotDB-Community/HotDB-Engine CVE-2023-28370 - https://github.com/andersonloyem/magui CVE-2023-28375 - https://github.com/ARPSyndicate/cvemon @@ -148182,6 +148262,7 @@ CVE-2023-29495 - https://github.com/another1024/another1024 CVE-2023-29497 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-29499 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-29505 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2023-29506 - https://github.com/20142995/nuclei-templates CVE-2023-2951 - https://github.com/1-tong/vehicle_cves CVE-2023-2951 - https://github.com/Spr1te76/CVE-2023-2951 CVE-2023-2951 - https://github.com/Vu1nT0tal/Vehicle-Security @@ -149084,6 +149165,7 @@ CVE-2023-32623 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-32629 - https://github.com/0xWhoami35/root-kernel CVE-2023-32629 - https://github.com/0xsyr0/OSCP CVE-2023-32629 - https://github.com/CVEDB/awesome-cve-repo +CVE-2023-32629 - https://github.com/CVEDB/top CVE-2023-32629 - https://github.com/Ev3rPalestine/Analytics-HTB-Walkthrough CVE-2023-32629 - https://github.com/GhostTroops/TOP CVE-2023-32629 - https://github.com/HaxorSecInfec/autoroot.sh @@ -149459,6 +149541,7 @@ CVE-2023-33410 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2023-3344 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-33440 - https://github.com/1337kid/Exploits CVE-2023-33440 - https://github.com/Alexander-Gan/Exploits +CVE-2023-33457 - https://github.com/DiRaltvein/memory-corruption-examples CVE-2023-33466 - https://github.com/H4lo/awesome-IoT-security-article CVE-2023-33466 - https://github.com/ShielderSec/poc CVE-2023-33466 - https://github.com/nomi-sec/PoC-in-GitHub @@ -149976,6 +150059,7 @@ CVE-2023-34733 - https://github.com/VulnTotal-Team/Vehicle-Security CVE-2023-34733 - https://github.com/VulnTotal-Team/vehicle_cves CVE-2023-34747 - https://github.com/codeb0ss/CVE-2023-34747-PoC CVE-2023-34747 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2023-34754 - https://github.com/20142995/nuclei-templates CVE-2023-34758 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-34758 - https://github.com/tangent65536/Slivjacker CVE-2023-34761 - https://github.com/actuator/7-Eleven-Bluetooth-Smart-Cup-Jailbreak @@ -150452,6 +150536,7 @@ CVE-2023-36212 - https://github.com/capture0x/My-CVE CVE-2023-36213 - https://github.com/capture0x/My-CVE CVE-2023-36217 - https://github.com/capture0x/My-CVE CVE-2023-36220 - https://github.com/capture0x/My-CVE +CVE-2023-36239 - https://github.com/DiRaltvein/memory-corruption-examples CVE-2023-36250 - https://github.com/BrunoTeixeira1996/CVE-2023-36250 CVE-2023-36250 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2023-36256 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -150899,6 +150984,7 @@ CVE-2023-37450 - https://github.com/Ostorlab/KEV CVE-2023-37450 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors CVE-2023-37450 - https://github.com/exoForce01/grupo-de-noticias CVE-2023-37450 - https://github.com/xaitax/cisa-catalog-known-vulnerabilities +CVE-2023-37457 - https://github.com/DiRaltvein/memory-corruption-examples CVE-2023-37461 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-37462 - https://github.com/XRSec/AWVS-Update CVE-2023-37462 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -151249,6 +151335,7 @@ CVE-2023-38389 - https://github.com/securi3ytalent/wordpress-exploit CVE-2023-38390 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-38396 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-38398 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2023-38408 - https://github.com/Aijoo100/Aijoo100 CVE-2023-38408 - https://github.com/FarelRA/MKM_ssh CVE-2023-38408 - https://github.com/LucasPDiniz/CVE-2023-38408 CVE-2023-38408 - https://github.com/LucasPDiniz/StudyRoom @@ -151882,6 +151969,7 @@ CVE-2023-39848 - https://github.com/cloudsecnetwork/demo-app CVE-2023-39848 - https://github.com/cuongbtu/dvwa_config CVE-2023-39848 - https://github.com/davinci96/-aplicacion-vulnerable CVE-2023-39848 - https://github.com/deftdeft2000/nl_kitkat +CVE-2023-39848 - https://github.com/devsecopsorange/pruebarepo CVE-2023-39848 - https://github.com/devsecopsteam2022/pruebarepo CVE-2023-39848 - https://github.com/digininja/DVWA CVE-2023-39848 - https://github.com/djstevanovic98/DVWA-test @@ -153063,6 +153151,7 @@ CVE-2023-43208 - https://github.com/wy876/POC CVE-2023-43208 - https://github.com/wy876/wiki CVE-2023-43214 - https://github.com/jrm16020/roboup-mower CVE-2023-43215 - https://github.com/jrm16020/roboup-mower +CVE-2023-4322 - https://github.com/7resp4ss/7resp4ss CVE-2023-43233 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-43250 - https://github.com/mrtouch93/exploits CVE-2023-43251 - https://github.com/mrtouch93/exploits @@ -154029,6 +154118,7 @@ CVE-2023-45836 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-45847 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-45852 - https://github.com/komodoooo/Some-things CVE-2023-45852 - https://github.com/tanjiti/sec_profile +CVE-2023-45853 - https://github.com/13m0n4de/neko-quiz CVE-2023-45853 - https://github.com/DmitryIll/shvirtd-example-python CVE-2023-45853 - https://github.com/GrigGM/05-virt-04-docker-hw CVE-2023-45853 - https://github.com/bariskanber/zlib-1.3-deb @@ -154037,6 +154127,7 @@ CVE-2023-45853 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-45853 - https://github.com/fokypoky/places-list CVE-2023-45853 - https://github.com/jina-ai/reader CVE-2023-45853 - https://github.com/marklogic/marklogic-kubernetes +CVE-2023-45853 - https://github.com/ministryofjustice/cica-apply-data-capture-service CVE-2023-45853 - https://github.com/shakyaraj9569/Documentation CVE-2023-45857 - https://github.com/bmuenzenmeyer/axios-1.0.0-migration-guide CVE-2023-45857 - https://github.com/fuyuooumi1027/CVE-2023-45857-Demo @@ -154211,6 +154302,7 @@ CVE-2023-46304 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2023-46308 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-4631 - https://github.com/b0marek/CVE-2023-4631 CVE-2023-4631 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2023-46316 - https://github.com/adegoodyer/kubernetes-admin-toolkit CVE-2023-46324 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-4634 - https://github.com/Patrowl/CVE-2023-4634 CVE-2023-4634 - https://github.com/lehazare/ProjetCL @@ -154477,6 +154569,7 @@ CVE-2023-46805 - https://github.com/zwxxb/CVE-2023-21887 CVE-2023-46806 - https://github.com/cyllective/CVEs CVE-2023-46807 - https://github.com/cyllective/CVEs CVE-2023-46808 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2023-46809 - https://github.com/bropat/ioBroker.eusec CVE-2023-46813 - https://github.com/Freax13/cve-2023-46813-poc CVE-2023-46813 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2023-46813 - https://github.com/shakyaraj9569/Documentation @@ -156461,6 +156554,7 @@ CVE-2023-5561 - https://github.com/pog007/CVE-2023-5561-PoC CVE-2023-5565 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-5566 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-5572 - https://github.com/l0kihardt/l0kihardt +CVE-2023-5574 - https://github.com/adegoodyer/kubernetes-admin-toolkit CVE-2023-5583 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-5594 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-5595 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -156830,6 +156924,7 @@ CVE-2023-6549 - https://github.com/jake-44/Research CVE-2023-6551 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-6552 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-6553 - https://github.com/Chocapikk/CVE-2023-6553 +CVE-2023-6553 - https://github.com/Chocapikk/Chocapikk CVE-2023-6553 - https://github.com/Marco-zcl/POC CVE-2023-6553 - https://github.com/Ostorlab/KEV CVE-2023-6553 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors @@ -157064,6 +157159,7 @@ CVE-2023-7024 - https://github.com/RENANZG/My-Forensics CVE-2023-7027 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-7028 - https://github.com/0xMarcio/cve CVE-2023-7028 - https://github.com/0xsyr0/OSCP +CVE-2023-7028 - https://github.com/Aijoo100/Aijoo100 CVE-2023-7028 - https://github.com/Azathothas/Stars CVE-2023-7028 - https://github.com/CVE-Reversing/CVE-Reversing CVE-2023-7028 - https://github.com/CVEDB/awesome-cve-repo @@ -162442,6 +162538,7 @@ CVE-2024-1049 - https://github.com/NaInSec/CVE-LIST CVE-2024-1049 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-1053 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-1055 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-1056 - https://github.com/20142995/nuclei-templates CVE-2024-1059 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-1060 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-1061 - https://github.com/JoshuaMart/JoshuaMart @@ -162500,6 +162597,7 @@ CVE-2024-1086 - https://github.com/jafshare/GithubTrending CVE-2024-1086 - https://github.com/jetblk/Flipper-Zero-JavaScript CVE-2024-1086 - https://github.com/johe123qwe/github-trending CVE-2024-1086 - https://github.com/kevcooper/CVE-2024-1086-checker +CVE-2024-1086 - https://github.com/lobo360/iptables-ubuntu CVE-2024-1086 - https://github.com/makoto56/penetration-suite-toolkit CVE-2024-1086 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-1086 - https://github.com/phixion/phixion @@ -162683,6 +162781,7 @@ CVE-2024-1374 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-1377 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-1379 - https://github.com/NaInSec/CVE-LIST CVE-2024-1381 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-1384 - https://github.com/20142995/nuclei-templates CVE-2024-1385 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-1394 - https://github.com/NaInSec/CVE-LIST CVE-2024-1394 - https://github.com/chnzzh/OpenSSL-CVE-lib @@ -163052,6 +163151,8 @@ CVE-2024-20013 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-20015 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-20016 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-20017 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-20017 - https://github.com/mellow-hype/cve-2024-20017 +CVE-2024-20017 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-20018 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-20019 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-2002 - https://github.com/NaInSec/CVE-LIST @@ -163633,6 +163734,7 @@ CVE-2024-21412 - https://github.com/lsr00ter/CVE-2024-21412_Water-Hydra CVE-2024-21412 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-21412 - https://github.com/wr00t/CVE-2024-21412_Water-Hydra CVE-2024-21413 - https://github.com/0xMarcio/cve +CVE-2024-21413 - https://github.com/Aijoo100/Aijoo100 CVE-2024-21413 - https://github.com/BEPb/tryhackme CVE-2024-21413 - https://github.com/CMNatic/CVE-2024-21413 CVE-2024-21413 - https://github.com/DevAkabari/CVE-2024-21413 @@ -163763,6 +163865,7 @@ CVE-2024-21512 - https://github.com/wy876/wiki CVE-2024-21514 - https://github.com/bigb0x/CVE-2024-21514 CVE-2024-21514 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-2152 - https://github.com/RNBBarrett/CrewAI-examples +CVE-2024-21520 - https://github.com/ch4n3-yoon/CVE-2024-21520-Demo CVE-2024-21520 - https://github.com/ch4n3-yoon/ch4n3-yoon CVE-2024-21520 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-21521 - https://github.com/dellalibera/dellalibera @@ -164344,6 +164447,7 @@ CVE-2024-22359 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-2236 - https://github.com/GrigGM/05-virt-04-docker-hw CVE-2024-2236 - https://github.com/TimoTielens/TwT.Docker.Aspnet CVE-2024-2236 - https://github.com/TimoTielens/httpd-security +CVE-2024-2236 - https://github.com/adegoodyer/kubernetes-admin-toolkit CVE-2024-2236 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-2236 - https://github.com/fokypoky/places-list CVE-2024-22361 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -164455,6 +164559,14 @@ CVE-2024-22640 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-22640 - https://github.com/zunak/CVE-2024-22640 CVE-2024-22641 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-22641 - https://github.com/zunak/CVE-2024-22641 +CVE-2024-22643 - https://github.com/cassis-sec/CVE +CVE-2024-22643 - https://github.com/cassis-sec/cassis-sec +CVE-2024-22646 - https://github.com/cassis-sec/CVE +CVE-2024-22646 - https://github.com/cassis-sec/cassis-sec +CVE-2024-22647 - https://github.com/cassis-sec/CVE +CVE-2024-22647 - https://github.com/cassis-sec/cassis-sec +CVE-2024-22648 - https://github.com/cassis-sec/CVE +CVE-2024-22648 - https://github.com/cassis-sec/cassis-sec CVE-2024-22663 - https://github.com/Joe1sn/Joe1sn CVE-2024-22667 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-22675 - https://github.com/l00neyhacker/CVE-2024-22675 @@ -164640,6 +164752,7 @@ CVE-2024-23139 - https://github.com/NaInSec/CVE-LIST CVE-2024-23139 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-2314 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-2316 - https://github.com/Srivishnu-p/CVEs-and-Vulnerabilities +CVE-2024-23163 - https://github.com/20142995/nuclei-templates CVE-2024-2317 - https://github.com/Srivishnu-p/CVEs-and-Vulnerabilities CVE-2024-2317 - https://github.com/tanjiti/sec_profile CVE-2024-23170 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -165042,6 +165155,7 @@ CVE-2024-23897 - https://github.com/Athulya666/CVE-2024-23897 CVE-2024-23897 - https://github.com/B4CK4TT4CK/CVE-2024-23897 CVE-2024-23897 - https://github.com/CKevens/CVE-2024-23897 CVE-2024-23897 - https://github.com/GhostTroops/TOP +CVE-2024-23897 - https://github.com/JAthulya/CVE-2024-23897 CVE-2024-23897 - https://github.com/Maalfer/CVE-2024-23897 CVE-2024-23897 - https://github.com/Marco-zcl/POC CVE-2024-23897 - https://github.com/Mr-xn/Penetration_Testing_POC @@ -165457,13 +165571,18 @@ CVE-2024-24786 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-24786 - https://github.com/nics-tw/sbom2vans CVE-2024-24786 - https://github.com/ytono/gcp-arcade CVE-2024-24787 - https://github.com/LOURC0D3/CVE-2024-24787-PoC +CVE-2024-24787 - https://github.com/adegoodyer/kubernetes-admin-toolkit CVE-2024-24787 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-24787 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-24788 - https://github.com/adegoodyer/kubernetes-admin-toolkit CVE-2024-24788 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-24788 - https://github.com/tanjiti/sec_profile +CVE-2024-24789 - https://github.com/adegoodyer/kubernetes-admin-toolkit CVE-2024-2479 - https://github.com/Johnermac/Johnermac CVE-2024-2479 - https://github.com/NaInSec/CVE-LIST CVE-2024-2479 - https://github.com/SQU4NCH/SQU4NCH +CVE-2024-24790 - https://github.com/adegoodyer/kubernetes-admin-toolkit +CVE-2024-24791 - https://github.com/adegoodyer/kubernetes-admin-toolkit CVE-2024-24795 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-2480 - https://github.com/Johnermac/Johnermac CVE-2024-2480 - https://github.com/NaInSec/CVE-LIST @@ -165886,6 +166005,7 @@ CVE-2024-25398 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-25399 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-25400 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-25407 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-2541 - https://github.com/20142995/nuclei-templates CVE-2024-25410 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-25413 - https://github.com/capture0x/My-CVE CVE-2024-25413 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -166005,6 +166125,7 @@ CVE-2024-25600 - https://github.com/k3ppf0r/2024-PocLib CVE-2024-25600 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-25600 - https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main CVE-2024-25600 - https://github.com/sampsonv/github-trending +CVE-2024-25600 - https://github.com/svchostmm/CVE-2024-25600-mass CVE-2024-25600 - https://github.com/tanjiti/sec_profile CVE-2024-25600 - https://github.com/wjlin0/poc-doc CVE-2024-25600 - https://github.com/wy876/POC @@ -166340,6 +166461,7 @@ CVE-2024-26141 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-26142 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-26143 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-26144 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-26144 - https://github.com/gmo-ierae/CVE-2024-26144-test CVE-2024-26144 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-26146 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-2615 - https://github.com/NaInSec/CVE-LIST @@ -166510,13 +166632,16 @@ CVE-2024-26450 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-26454 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-26455 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-26458 - https://github.com/GrigGM/05-virt-04-docker-hw +CVE-2024-26458 - https://github.com/adegoodyer/kubernetes-admin-toolkit CVE-2024-26458 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-26458 - https://github.com/fokypoky/places-list CVE-2024-2646 - https://github.com/NaInSec/CVE-LIST CVE-2024-26461 - https://github.com/GrigGM/05-virt-04-docker-hw +CVE-2024-26461 - https://github.com/adegoodyer/kubernetes-admin-toolkit CVE-2024-26461 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-26461 - https://github.com/fokypoky/places-list CVE-2024-26462 - https://github.com/GrigGM/05-virt-04-docker-hw +CVE-2024-26462 - https://github.com/adegoodyer/kubernetes-admin-toolkit CVE-2024-26462 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-26462 - https://github.com/fokypoky/places-list CVE-2024-26464 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -167873,6 +167998,7 @@ CVE-2024-29034 - https://github.com/a-zara-n/a-zara-n CVE-2024-29034 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-29036 - https://github.com/NaInSec/CVE-LIST CVE-2024-29037 - https://github.com/NaInSec/CVE-LIST +CVE-2024-29041 - https://github.com/dhushyanth-h-m/Audio_Transcriber CVE-2024-29041 - https://github.com/qazipoor/React-Clothing-Shop CVE-2024-29042 - https://github.com/NaInSec/CVE-LIST CVE-2024-29049 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -168069,6 +168195,7 @@ CVE-2024-29269 - https://github.com/wy876/wiki CVE-2024-29269 - https://github.com/zgimszhd61/openai-sec-test-cve-quickstart CVE-2024-29271 - https://github.com/NaInSec/CVE-LIST CVE-2024-29271 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-29272 - https://github.com/20142995/nuclei-templates CVE-2024-29272 - https://github.com/NaInSec/CVE-LIST CVE-2024-29272 - https://github.com/awjkjflkwlekfdjs/CVE-2024-29272 CVE-2024-29272 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -168841,6 +168968,7 @@ CVE-2024-30929 - https://github.com/Chocapikk/My-CVEs CVE-2024-30929 - https://github.com/Chocapikk/derbynet-research CVE-2024-3094 - https://github.com/0x7Fancy/0x7Fancy.github.io CVE-2024-3094 - https://github.com/0xlane/xz-cve-2024-3094 +CVE-2024-3094 - https://github.com/AndreaCicca/Sicurezza-Informatica-Presentazione CVE-2024-3094 - https://github.com/Bella-Bc/xz-backdoor-CVE-2024-3094-Check CVE-2024-3094 - https://github.com/Cas-Cornelissen/xz-vulnerability-ansible CVE-2024-3094 - https://github.com/CyberGuard-Foundation/CVE-2024-3094 @@ -169258,6 +169386,7 @@ CVE-2024-32002 - https://github.com/GhostTroops/TOP CVE-2024-32002 - https://github.com/Goplush/CVE-2024-32002-git-rce CVE-2024-32002 - https://github.com/Hector65432/cve-2024-32002-1 CVE-2024-32002 - https://github.com/Hector65432/cve-2024-32002-2 +CVE-2024-32002 - https://github.com/JJoosh/CVE-2024-32002 CVE-2024-32002 - https://github.com/JJoosh/CVE-2024-32002-Reverse-Shell CVE-2024-32002 - https://github.com/JakobTheDev/cve-2024-32002-poc-aw CVE-2024-32002 - https://github.com/JakobTheDev/cve-2024-32002-poc-rce @@ -169539,6 +169668,7 @@ CVE-2024-32794 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-32795 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-32806 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3281 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-3282 - https://github.com/20142995/nuclei-templates CVE-2024-3283 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3286 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-32867 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -169851,6 +169981,7 @@ CVE-2024-3400 - https://github.com/swaybs/CVE-2024-3400 CVE-2024-3400 - https://github.com/sxyrxyy/CVE-2024-3400-Check CVE-2024-3400 - https://github.com/tanjiti/sec_profile CVE-2024-3400 - https://github.com/terminalJunki3/CVE-2024-3400-Checker +CVE-2024-3400 - https://github.com/tfrederick74656/cve-2024-3400-poc CVE-2024-3400 - https://github.com/tk-sawada/IPLineFinder CVE-2024-3400 - https://github.com/toxyl/lscve CVE-2024-3400 - https://github.com/vulsio/go-cve-dictionary @@ -169884,6 +170015,7 @@ CVE-2024-34097 - https://github.com/markyason/markyason.github.io CVE-2024-34102 - https://github.com/Mr-xn/Penetration_Testing_POC CVE-2024-34102 - https://github.com/Ostorlab/KEV CVE-2024-34102 - https://github.com/f0ur0four/Insecure-Deserialization +CVE-2024-34102 - https://github.com/imooaaz/exploit CVE-2024-34102 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-34102 - https://github.com/redwaysecurity/CVEs CVE-2024-3413 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -169961,6 +170093,7 @@ CVE-2024-3445 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-34452 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-34452 - https://github.com/surajhacx/CVE-2024-34452 CVE-2024-34454 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-34459 - https://github.com/adegoodyer/kubernetes-admin-toolkit CVE-2024-3446 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-34460 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-34461 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -170352,6 +170485,7 @@ CVE-2024-3661 - https://github.com/cyberspatiallabs/TunnelVision CVE-2024-3661 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3661 - https://github.com/giterlizzi/secdb-feeds CVE-2024-3661 - https://github.com/leviathansecurity/TunnelVision +CVE-2024-3661 - https://github.com/superit23/arcanetrickster CVE-2024-3661 - https://github.com/tanjiti/sec_profile CVE-2024-36673 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3668 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -170361,8 +170495,10 @@ CVE-2024-36756 - https://github.com/YjjNJUPT/AsiaCCS2024_vul_report CVE-2024-36757 - https://github.com/YjjNJUPT/AsiaCCS2024_vul_report CVE-2024-36758 - https://github.com/YjjNJUPT/AsiaCCS2024_vul_report CVE-2024-36759 - https://github.com/YjjNJUPT/AsiaCCS2024_vul_report +CVE-2024-3679 - https://github.com/20142995/nuclei-templates CVE-2024-36795 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-36821 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-36827 - https://github.com/peri0d/my-vulnerability CVE-2024-36837 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-36837 - https://github.com/phtcloud-dev/CVE-2024-36837 CVE-2024-36837 - https://github.com/tanjiti/sec_profile @@ -170499,6 +170635,7 @@ CVE-2024-37889 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-37890 - https://github.com/Meersalzeis/pingapp CVE-2024-37891 - https://github.com/PBorocz/raindrop-io-py CVE-2024-37894 - https://github.com/MegaManSec/Squid-Security-Audit +CVE-2024-37921 - https://github.com/20142995/nuclei-templates CVE-2024-37923 - https://github.com/20142995/nuclei-templates CVE-2024-37924 - https://github.com/20142995/nuclei-templates CVE-2024-37935 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -170513,10 +170650,13 @@ CVE-2024-3806 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-3806 - https://github.com/tanjiti/sec_profile CVE-2024-3806 - https://github.com/truonghuuphuc/CVE-2024-3806-AND-CVE-2024-3807-Poc CVE-2024-38063 - https://github.com/0xMarcio/cve +CVE-2024-38063 - https://github.com/GhostTroops/TOP CVE-2024-38063 - https://github.com/being1943/my_rss_reader +CVE-2024-38063 - https://github.com/fire17/awesome-stars CVE-2024-38063 - https://github.com/kherrick/hacker-news CVE-2024-38063 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-38063 - https://github.com/tanjiti/sec_profile +CVE-2024-38063 - https://github.com/zenzue/CVE-2024-38063-POC CVE-2024-38063 - https://github.com/zhaoolee/garss CVE-2024-3807 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-3807 - https://github.com/truonghuuphuc/CVE-2024-3806-AND-CVE-2024-3807-Poc @@ -170588,6 +170728,7 @@ CVE-2024-38481 - https://github.com/chnzzh/iDRAC-CVE-lib CVE-2024-38483 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-38489 - https://github.com/chnzzh/iDRAC-CVE-lib CVE-2024-38490 - https://github.com/chnzzh/iDRAC-CVE-lib +CVE-2024-3850 - https://github.com/20142995/nuclei-templates CVE-2024-38501 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-38502 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-38514 - https://github.com/20142995/nuclei-templates @@ -170723,6 +170864,7 @@ CVE-2024-39417 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-39418 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-39419 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3942 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-3944 - https://github.com/20142995/nuclei-templates CVE-2024-39472 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3951 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-39549 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -170733,6 +170875,7 @@ CVE-2024-39614 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-3963 - https://github.com/20142995/nuclei-templates CVE-2024-39636 - https://github.com/20142995/nuclei-templates CVE-2024-39637 - https://github.com/20142995/nuclei-templates +CVE-2024-39638 - https://github.com/20142995/nuclei-templates CVE-2024-39639 - https://github.com/20142995/nuclei-templates CVE-2024-3964 - https://github.com/20142995/nuclei-templates CVE-2024-39640 - https://github.com/20142995/nuclei-templates @@ -170778,6 +170921,7 @@ CVE-2024-39689 - https://github.com/roy-aladin/InfraTest CVE-2024-39694 - https://github.com/IdentityServer/IdentityServer4 CVE-2024-3970 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-39700 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-39717 - https://github.com/Ostorlab/KEV CVE-2024-3973 - https://github.com/20142995/nuclei-templates CVE-2024-39778 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3979 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -170983,6 +171127,7 @@ CVE-2024-4033 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4034 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-40348 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-40348 - https://github.com/qiuluo-oss/Tiger +CVE-2024-40348 - https://github.com/tanjiti/sec_profile CVE-2024-40348 - https://github.com/wy876/POC CVE-2024-40348 - https://github.com/wy876/wiki CVE-2024-4036 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -171022,6 +171167,7 @@ CVE-2024-40492 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-40498 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-40498 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-40500 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-40505 - https://github.com/coldwx/coldwx.github.io CVE-2024-40506 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-40507 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-40508 - https://github.com/nomi-sec/PoC-in-GitHub @@ -171049,6 +171195,7 @@ CVE-2024-40722 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-40723 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-40725 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-40725 - https://github.com/tanjiti/sec_profile +CVE-2024-40766 - https://github.com/Ostorlab/KEV CVE-2024-40784 - https://github.com/gandalf4a/crash_report CVE-2024-40789 - https://github.com/leesh3288/leesh3288 CVE-2024-4083 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -171323,8 +171470,11 @@ CVE-2024-42465 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-42466 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4247 - https://github.com/LaPhilosophie/IoT-vulnerable CVE-2024-42474 - https://github.com/nvn1729/advisories +CVE-2024-42477 - https://github.com/7resp4ss/7resp4ss CVE-2024-42477 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42478 - https://github.com/7resp4ss/7resp4ss CVE-2024-42478 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42479 - https://github.com/7resp4ss/7resp4ss CVE-2024-42479 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4248 - https://github.com/LaPhilosophie/IoT-vulnerable CVE-2024-42486 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -171367,6 +171517,7 @@ CVE-2024-42845 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-42849 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-42850 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-4286 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42913 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-42915 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-42919 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-4295 - https://github.com/nomi-sec/PoC-in-GitHub @@ -171643,7 +171794,9 @@ CVE-2024-43373 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-43381 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-43398 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-43398 - https://github.com/lifeparticle/Ruby-Cheatsheet +CVE-2024-43399 - https://github.com/Ostorlab/KEV CVE-2024-4340 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-43425 - https://github.com/20142995/nuclei-templates CVE-2024-43425 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-43442 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-43443 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -171708,16 +171861,33 @@ CVE-2024-43883 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-43884 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4389 - https://github.com/20142995/nuclei-templates CVE-2024-4389 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-43915 - https://github.com/20142995/nuclei-templates +CVE-2024-43916 - https://github.com/20142995/nuclei-templates +CVE-2024-43917 - https://github.com/20142995/nuclei-templates +CVE-2024-43918 - https://github.com/20142995/nuclei-templates CVE-2024-4392 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4393 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-43952 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-43953 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-43954 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-43955 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-43958 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-43960 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-43963 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-43966 - https://github.com/20142995/nuclei-templates CVE-2024-43966 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-43967 - https://github.com/20142995/nuclei-templates CVE-2024-4405 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4406 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-44070 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-44073 - https://github.com/brunoerg/bitcoinfuzz CVE-2024-44083 - https://github.com/Azvanzed/IdaMeme CVE-2024-44083 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-4418 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4433 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-44340 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-44341 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-44342 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4439 - https://github.com/MielPopsssssss/CVE-2024-4439 CVE-2024-4439 - https://github.com/N0boy-0/vulenv CVE-2024-4439 - https://github.com/Ostorlab/KEV @@ -171739,11 +171909,19 @@ CVE-2024-44558 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4460 - https://github.com/sev-hack/sev-hack CVE-2024-4468 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4473 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-44760 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-44761 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4483 - https://github.com/20142995/nuclei-templates CVE-2024-4484 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-4488 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4489 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4491 - https://github.com/LaPhilosophie/IoT-vulnerable +CVE-2024-44913 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-44914 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-44915 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-44916 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-44918 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-44919 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4492 - https://github.com/LaPhilosophie/IoT-vulnerable CVE-2024-4493 - https://github.com/LaPhilosophie/IoT-vulnerable CVE-2024-4493 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -171753,12 +171931,14 @@ CVE-2024-4495 - https://github.com/LaPhilosophie/IoT-vulnerable CVE-2024-4496 - https://github.com/LaPhilosophie/IoT-vulnerable CVE-2024-4497 - https://github.com/LaPhilosophie/IoT-vulnerable CVE-2024-4501 - https://github.com/tanjiti/sec_profile +CVE-2024-45047 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4512 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4513 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4514 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4515 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4516 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-45163 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-45163 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-45166 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-45168 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-45169 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -171768,15 +171948,19 @@ CVE-2024-4519 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4521 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4522 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4523 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-45232 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-45233 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-45238 - https://github.com/chnzzh/OpenSSL-CVE-lib CVE-2024-4524 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-45240 - https://github.com/Ch0pin/related_work +CVE-2024-45241 - https://github.com/20142995/nuclei-templates CVE-2024-45241 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-45242 - https://github.com/actuator/cve CVE-2024-45244 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-4525 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-45258 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4526 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-45264 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-45264 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-45265 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-4527 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -171785,9 +171969,13 @@ CVE-2024-4536 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4537 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4538 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4542 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-45435 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-45436 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4547 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4548 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4549 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-45491 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-45492 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4558 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4559 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4561 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -171955,6 +172143,7 @@ CVE-2024-4860 - https://github.com/JoshuaMart/JoshuaMart CVE-2024-4860 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4865 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4871 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-4872 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4875 - https://github.com/RandomRobbieBF/CVE-2024-4875 CVE-2024-4875 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-48788 - https://github.com/mrobsidian1/CVE-2023-48788-Proof-of-concept-SQLinj @@ -172086,6 +172275,7 @@ CVE-2024-5226 - https://github.com/20142995/nuclei-templates CVE-2024-5229 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5246 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-5273 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-5274 - https://github.com/DarkNavySecurity/PoC CVE-2024-5274 - https://github.com/kip93/kip93 CVE-2024-5274 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-5280 - https://github.com/20142995/nuclei-templates @@ -172125,6 +172315,7 @@ CVE-2024-5455 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5458 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5466 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5467 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-5469 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5488 - https://github.com/20142995/nuclei-templates CVE-2024-5490 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5502 - https://github.com/20142995/nuclei-templates @@ -172153,6 +172344,7 @@ CVE-2024-5633 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-5637 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5638 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5642 - https://github.com/chnzzh/OpenSSL-CVE-lib +CVE-2024-5651 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5653 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5654 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5655 - https://github.com/nomi-sec/PoC-in-GitHub @@ -172203,6 +172395,7 @@ CVE-2024-5814 - https://github.com/wolfSSL/Arduino-wolfSSL CVE-2024-5814 - https://github.com/wolfSSL/wolfssl CVE-2024-5818 - https://github.com/20142995/nuclei-templates CVE-2024-5849 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-5857 - https://github.com/20142995/nuclei-templates CVE-2024-5861 - https://github.com/20142995/nuclei-templates CVE-2024-5880 - https://github.com/20142995/nuclei-templates CVE-2024-5893 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -172222,6 +172415,7 @@ CVE-2024-5973 - https://github.com/20142995/nuclei-templates CVE-2024-5973 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5974 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5975 - https://github.com/20142995/nuclei-templates +CVE-2024-5987 - https://github.com/20142995/nuclei-templates CVE-2024-5991 - https://github.com/wolfSSL/Arduino-wolfSSL CVE-2024-5991 - https://github.com/wolfSSL/wolfssl CVE-2024-6004 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -172235,6 +172429,8 @@ CVE-2024-6095 - https://github.com/20142995/nuclei-templates CVE-2024-6095 - https://github.com/sev-hack/sev-hack CVE-2024-6098 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6100 - https://github.com/leesh3288/leesh3288 +CVE-2024-6117 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-6118 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6120 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6123 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6133 - https://github.com/20142995/nuclei-templates @@ -172259,18 +172455,21 @@ CVE-2024-6193 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6194 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6195 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6197 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-6204 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6205 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-6206 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6222 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-6223 - https://github.com/20142995/nuclei-templates CVE-2024-6224 - https://github.com/20142995/nuclei-templates CVE-2024-6226 - https://github.com/20142995/nuclei-templates +CVE-2024-6227 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6230 - https://github.com/20142995/nuclei-templates CVE-2024-6231 - https://github.com/20142995/nuclei-templates CVE-2024-6243 - https://github.com/20142995/nuclei-templates CVE-2024-6243 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6244 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6254 - https://github.com/20142995/nuclei-templates +CVE-2024-6255 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6265 - https://github.com/truonghuuphuc/CVE CVE-2024-6270 - https://github.com/20142995/nuclei-templates CVE-2024-6270 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -172279,7 +172478,10 @@ CVE-2024-6271 - https://github.com/Jokergazaa/zero-click-exploits CVE-2024-6271 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6272 - https://github.com/20142995/nuclei-templates CVE-2024-6315 - https://github.com/20142995/nuclei-templates +CVE-2024-6323 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6329 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-6330 - https://github.com/20142995/nuclei-templates +CVE-2024-6331 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6339 - https://github.com/20142995/nuclei-templates CVE-2024-6342 - https://github.com/yikesoftware/yikesoftware CVE-2024-6343 - https://github.com/yikesoftware/yikesoftware @@ -172290,6 +172492,7 @@ CVE-2024-6379 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6384 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6385 - https://github.com/Ostorlab/KEV CVE-2024-6386 - https://github.com/20142995/nuclei-templates +CVE-2024-6386 - https://github.com/Ostorlab/KEV CVE-2024-6386 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-6387 - https://github.com/0xMarcio/cve CVE-2024-6387 - https://github.com/CVEDB/awesome-cve-repo @@ -172332,6 +172535,7 @@ CVE-2024-6409 - https://github.com/bigb0x/OpenSSH-Scanner CVE-2024-6409 - https://github.com/ryanalieh/openSSH-scanner CVE-2024-6412 - https://github.com/20142995/nuclei-templates CVE-2024-6420 - https://github.com/20142995/nuclei-templates +CVE-2024-6451 - https://github.com/20142995/nuclei-templates CVE-2024-6462 - https://github.com/20142995/nuclei-templates CVE-2024-6472 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6477 - https://github.com/20142995/nuclei-templates @@ -172356,6 +172560,7 @@ CVE-2024-6531 - https://github.com/pj-arts/bootstrap-4-eol-fixes CVE-2024-6532 - https://github.com/20142995/nuclei-templates CVE-2024-6532 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6536 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-6551 - https://github.com/20142995/nuclei-templates CVE-2024-6552 - https://github.com/20142995/nuclei-templates CVE-2024-6553 - https://github.com/20142995/nuclei-templates CVE-2024-6558 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -172366,6 +172571,7 @@ CVE-2024-6568 - https://github.com/20142995/nuclei-templates CVE-2024-6571 - https://github.com/20142995/nuclei-templates CVE-2024-6575 - https://github.com/20142995/nuclei-templates CVE-2024-6589 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-6595 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6617 - https://github.com/20142995/nuclei-templates CVE-2024-6629 - https://github.com/20142995/nuclei-templates CVE-2024-6631 - https://github.com/20142995/nuclei-templates @@ -172375,12 +172581,16 @@ CVE-2024-6639 - https://github.com/20142995/nuclei-templates CVE-2024-6639 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6646 - https://github.com/wy876/POC CVE-2024-6646 - https://github.com/wy876/wiki +CVE-2024-6650 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6651 - https://github.com/20142995/nuclei-templates CVE-2024-6651 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6665 - https://github.com/20142995/nuclei-templates CVE-2024-6666 - https://github.com/JohnnyBradvo/CVE-2024-6666 CVE-2024-6666 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-6667 - https://github.com/20142995/nuclei-templates +CVE-2024-6670 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-6671 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-6672 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6691 - https://github.com/20142995/nuclei-templates CVE-2024-6692 - https://github.com/20142995/nuclei-templates CVE-2024-6695 - https://github.com/20142995/nuclei-templates @@ -172390,7 +172600,9 @@ CVE-2024-6706 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6707 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6710 - https://github.com/20142995/nuclei-templates CVE-2024-6711 - https://github.com/20142995/nuclei-templates +CVE-2024-6715 - https://github.com/20142995/nuclei-templates CVE-2024-6715 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-6716 - https://github.com/adegoodyer/kubernetes-admin-toolkit CVE-2024-6722 - https://github.com/20142995/nuclei-templates CVE-2024-6724 - https://github.com/20142995/nuclei-templates CVE-2024-6724 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -172418,6 +172630,7 @@ CVE-2024-6782 - https://github.com/20142995/nuclei-templates CVE-2024-6782 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-6782 - https://github.com/wy876/POC CVE-2024-6782 - https://github.com/wy876/wiki +CVE-2024-6783 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6797 - https://github.com/20142995/nuclei-templates CVE-2024-6798 - https://github.com/20142995/nuclei-templates CVE-2024-6800 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -172439,6 +172652,7 @@ CVE-2024-6864 - https://github.com/20142995/nuclei-templates CVE-2024-6865 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6869 - https://github.com/20142995/nuclei-templates CVE-2024-6870 - https://github.com/20142995/nuclei-templates +CVE-2024-6879 - https://github.com/20142995/nuclei-templates CVE-2024-6883 - https://github.com/20142995/nuclei-templates CVE-2024-6884 - https://github.com/20142995/nuclei-templates CVE-2024-6890 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -172446,10 +172660,12 @@ CVE-2024-6891 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6893 - https://github.com/20142995/nuclei-templates CVE-2024-6893 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6896 - https://github.com/20142995/nuclei-templates +CVE-2024-6911 - https://github.com/20142995/nuclei-templates CVE-2024-6911 - https://github.com/wy876/POC CVE-2024-6911 - https://github.com/wy876/wiki CVE-2024-6916 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6917 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-6923 - https://github.com/adegoodyer/kubernetes-admin-toolkit CVE-2024-6923 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6924 - https://github.com/20142995/nuclei-templates CVE-2024-6925 - https://github.com/20142995/nuclei-templates @@ -172476,12 +172692,16 @@ CVE-2024-6975 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6977 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6987 - https://github.com/20142995/nuclei-templates CVE-2024-6990 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7006 - https://github.com/adegoodyer/kubernetes-admin-toolkit CVE-2024-7007 - https://github.com/ericyoc/prob_vuln_assess_space_iot_sys_poc CVE-2024-7008 - https://github.com/20142995/nuclei-templates CVE-2024-7027 - https://github.com/20142995/nuclei-templates +CVE-2024-7029 - https://github.com/Ostorlab/KEV +CVE-2024-7029 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-7030 - https://github.com/20142995/nuclei-templates CVE-2024-7032 - https://github.com/20142995/nuclei-templates CVE-2024-7047 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7051 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7054 - https://github.com/20142995/nuclei-templates CVE-2024-7057 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7060 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -172504,6 +172724,7 @@ CVE-2024-7094 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-7101 - https://github.com/ericyoc/prob_vuln_assess_space_iot_sys_poc CVE-2024-7120 - https://github.com/Ostorlab/KEV CVE-2024-7120 - https://github.com/komodoooo/Some-things +CVE-2024-7122 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7127 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7134 - https://github.com/20142995/nuclei-templates CVE-2024-7136 - https://github.com/20142995/nuclei-templates @@ -172564,6 +172785,7 @@ CVE-2024-7266 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7267 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7297 - https://github.com/JoshuaMart/JoshuaMart CVE-2024-7301 - https://github.com/20142995/nuclei-templates +CVE-2024-7313 - https://github.com/20142995/nuclei-templates CVE-2024-7313 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-7317 - https://github.com/20142995/nuclei-templates CVE-2024-7317 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -172612,6 +172834,7 @@ CVE-2024-7412 - https://github.com/20142995/nuclei-templates CVE-2024-7413 - https://github.com/20142995/nuclei-templates CVE-2024-7414 - https://github.com/20142995/nuclei-templates CVE-2024-7416 - https://github.com/20142995/nuclei-templates +CVE-2024-7418 - https://github.com/20142995/nuclei-templates CVE-2024-7420 - https://github.com/20142995/nuclei-templates CVE-2024-7422 - https://github.com/20142995/nuclei-templates CVE-2024-7436 - https://github.com/tanjiti/sec_profile @@ -172690,8 +172913,14 @@ CVE-2024-7588 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7589 - https://github.com/tanjiti/sec_profile CVE-2024-7590 - https://github.com/20142995/nuclei-templates CVE-2024-7590 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7592 - https://github.com/adegoodyer/kubernetes-admin-toolkit CVE-2024-7592 - https://github.com/ch4n3-yoon/ch4n3-yoon CVE-2024-7593 - https://github.com/20142995/nuclei-templates +CVE-2024-7593 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-7606 - https://github.com/20142995/nuclei-templates +CVE-2024-7606 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7607 - https://github.com/20142995/nuclei-templates +CVE-2024-7607 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7608 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7610 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7621 - https://github.com/20142995/nuclei-templates @@ -172720,6 +172949,7 @@ CVE-2024-7705 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7706 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7707 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7709 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7712 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7715 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7728 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7729 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -172746,8 +172976,12 @@ CVE-2024-7848 - https://github.com/20142995/nuclei-templates CVE-2024-7848 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7850 - https://github.com/20142995/nuclei-templates CVE-2024-7854 - https://github.com/20142995/nuclei-templates +CVE-2024-7856 - https://github.com/20142995/nuclei-templates +CVE-2024-7857 - https://github.com/20142995/nuclei-templates +CVE-2024-7858 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7886 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7887 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7895 - https://github.com/20142995/nuclei-templates CVE-2024-7896 - https://github.com/b0rgch3n/b0rgch3n CVE-2024-7896 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7897 - https://github.com/b0rgch3n/b0rgch3n @@ -172760,6 +172994,11 @@ CVE-2024-7928 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-7928 - https://github.com/tanjiti/sec_profile CVE-2024-7940 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7941 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7954 - https://github.com/20142995/nuclei-templates +CVE-2024-7954 - https://github.com/Chocapikk/Chocapikk +CVE-2024-7954 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-7954 - https://github.com/tanjiti/sec_profile +CVE-2024-7954 - https://github.com/wy876/POC CVE-2024-7964 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7965 - https://github.com/0xAtef/0xAtef CVE-2024-7965 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -172785,12 +173024,22 @@ CVE-2024-7986 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7987 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7988 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-8011 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-8016 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-8027 - https://github.com/7resp4ss/7resp4ss CVE-2024-8033 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-8034 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-8035 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-8043 - https://github.com/20142995/nuclei-templates +CVE-2024-8044 - https://github.com/20142995/nuclei-templates CVE-2024-8046 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-8047 - https://github.com/20142995/nuclei-templates +CVE-2024-8051 - https://github.com/20142995/nuclei-templates +CVE-2024-8052 - https://github.com/20142995/nuclei-templates +CVE-2024-8064 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-8071 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-8072 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-8088 - https://github.com/adegoodyer/kubernetes-admin-toolkit +CVE-2024-8091 - https://github.com/20142995/nuclei-templates CVE-2024-8112 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-8113 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-8120 - https://github.com/20142995/nuclei-templates @@ -172818,8 +173067,50 @@ CVE-2024-8167 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-8168 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-8169 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-8174 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-8181 - https://github.com/20142995/nuclei-templates CVE-2024-8181 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-8182 - https://github.com/JoshuaMart/JoshuaMart CVE-2024-8182 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-8193 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-8194 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-8198 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-8199 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-8200 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-8207 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-8234 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-8235 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-8250 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-8252 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-8255 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-8260 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-8274 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-8294 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-8295 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-8296 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-8297 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-8301 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-8302 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-8303 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-8304 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-8319 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-8327 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-8328 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-8329 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-8330 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-8331 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-8332 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-8334 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-8335 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-8336 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-8337 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-8338 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-8339 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-8340 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-8341 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-8342 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-8343 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-8344 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-8345 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-87654 - https://github.com/runwuf/clickhouse-test CVE-2024-98765 - https://github.com/runwuf/clickhouse-test CVE-2024-99999 - https://github.com/kolewttd/wtt diff --git a/references.txt b/references.txt index 709e0eccf..262bd4492 100644 --- a/references.txt +++ b/references.txt @@ -45506,6 +45506,7 @@ CVE-2017-18809 - https://kb.netgear.com/000049056/Security-Advisory-for-Stored-C CVE-2017-18810 - https://kb.netgear.com/000049055/Security-Advisory-for-Stored-Cross-Site-Scripting-Vulnerability-on-Some-ReadyNAS-Devices-PSV-2017-0300 CVE-2017-18812 - https://kb.netgear.com/000049053/Security-Advisory-for-Stored-Cross-Site-Scripting-Vulnerability-on-Some-ReadyNAS-Devices-PSV-2017-0298 CVE-2017-18813 - https://kb.netgear.com/000049052/Security-Advisory-for-Stored-Cross-Site-Scripting-Vulnerability-on-Some-ReadyNAS-Devices-PSV-2017-0296 +CVE-2017-18816 - https://kb.netgear.com/000049049/Security-Advisory-for-Stored-Cross-Site-Scripting-Vulnerability-on-Some-ReadyNAS-devices-PSV-2017-0290 CVE-2017-18831 - https://kb.netgear.com/000049031/Security-Advisory-for-Vertical-Privilege-Escalation-on-Some-Fully-Managed-Switches-PSV-2017-1952 CVE-2017-18833 - https://kb.netgear.com/000049029/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Fully-Managed-Switches-PSV-2017-1955 CVE-2017-18835 - https://kb.netgear.com/000049027/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Fully-Managed-Switches-PSV-2017-1957 @@ -53044,6 +53045,7 @@ CVE-2018-21016 - https://github.com/gpac/gpac/issues/1180 CVE-2018-21017 - https://github.com/gpac/gpac/issues/1183 CVE-2018-21018 - https://github.com/tootsuite/mastodon/pull/9329 CVE-2018-21018 - https://github.com/tootsuite/mastodon/pull/9381 +CVE-2018-21029 - https://blog.cloudflare.com/dns-encryption-explained/ CVE-2018-21029 - https://github.com/systemd/systemd/issues/9397 CVE-2018-21031 - https://www.elladodelmal.com/2018/08/shodan-es-de-cine-hacking-tautulli-un.html CVE-2018-21031 - https://www.exploit-db.com/docs/47790 @@ -64593,6 +64595,7 @@ CVE-2020-12425 - https://bugzilla.mozilla.org/show_bug.cgi?id=1634738 CVE-2020-12427 - https://www.westerndigital.com/support/productsecurity/wdc-20004-wd-discovery-cross-site-request-forgery-csrf CVE-2020-12429 - https://www.exploit-db.com/exploits/48385 CVE-2020-12431 - https://improsec.com/tech-blog/privilege-escalation-vulnerability-in-splashtop-streamer +CVE-2020-12431 - https://support-splashtopbusiness.splashtop.com/hc/en-us/articles/360042648231-Splashtop-Streamer-version-3-3-8-0-for-Windows-released-includes-SOS-version-3-3-8-0 CVE-2020-12432 - https://github.com/d7x/CVE-2020-12432 CVE-2020-12432 - https://www.youtube.com/watch?v=_tkRnSr6yc0 CVE-2020-12443 - https://github.com/mclab-hbrs/BBB-POC @@ -76613,6 +76616,7 @@ CVE-2021-34880 - https://www.bentley.com/en/common-vulnerability-exposure/BE-202 CVE-2021-34885 - https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005 CVE-2021-34888 - https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005 CVE-2021-34889 - https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0004 +CVE-2021-3489 - https://ubuntu.com/security/notices/USN-4950-1 CVE-2021-34890 - https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005 CVE-2021-34891 - https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005 CVE-2021-34892 - https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005 @@ -76621,9 +76625,11 @@ CVE-2021-34895 - https://www.bentley.com/en/common-vulnerability-exposure/BE-202 CVE-2021-34898 - https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005 CVE-2021-34899 - https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005 CVE-2021-3490 - http://packetstormsecurity.com/files/164015/Linux-eBPF-ALU32-32-bit-Invalid-Bounds-Tracking-Local-Privilege-Escalation.html +CVE-2021-3490 - https://ubuntu.com/security/notices/USN-4950-1 CVE-2021-34901 - https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0004 CVE-2021-34909 - https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005 CVE-2021-3491 - https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d1f82808877bb10d3deee7cf3374a4eb3fb582db +CVE-2021-3491 - https://ubuntu.com/security/notices/USN-4950-1 CVE-2021-34911 - https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0004 CVE-2021-34912 - https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005 CVE-2021-34913 - https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005 @@ -83010,6 +83016,7 @@ CVE-2022-26134 - http://packetstormsecurity.com/files/167430/Confluence-OGNL-Inj CVE-2022-26134 - http://packetstormsecurity.com/files/167431/Through-The-Wire-CVE-2022-26134-Confluence-Proof-Of-Concept.html CVE-2022-26134 - http://packetstormsecurity.com/files/167432/Confluence-OGNL-Injection-Proof-Of-Concept.html CVE-2022-26134 - http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html +CVE-2022-26143 - https://blog.cloudflare.com/cve-2022-26143/ CVE-2022-26143 - https://team-cymru.com/blog/2022/03/08/record-breaking-ddos-potential-discovered-cve-2022-26143/ CVE-2022-26149 - http://packetstormsecurity.com/files/171488/MODX-Revolution-2.8.3-pl-Remote-Code-Execution.html CVE-2022-26159 - https://podalirius.net/en/cves/2022-26159/ @@ -84831,6 +84838,8 @@ CVE-2022-32270 - https://youtu.be/CONlijEgDLc CVE-2022-32271 - https://github.com/Edubr2020/RP_DCP_Code_Exec CVE-2022-32271 - https://youtu.be/AMODp3iTnqY CVE-2022-32272 - http://packetstormsecurity.com/files/171549/OPSWAT-Metadefender-Core-4.21.1-Privilege-Escalation.html +CVE-2022-32272 - https://opswat.com +CVE-2022-32273 - https://opswat.com CVE-2022-32274 - https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-040.txt CVE-2022-32275 - https://github.com/BrotherOfJhonny/grafana CVE-2022-32275 - https://github.com/BrotherOfJhonny/grafana/blob/main/README.md @@ -86698,6 +86707,7 @@ CVE-2022-40761 - https://github.com/Samsung/mTower/issues/83 CVE-2022-40769 - https://blog.1inch.io/a-vulnerability-disclosed-in-profanity-an-ethereum-vanity-address-tool-68ed7455fc8c CVE-2022-40774 - https://github.com/axiomatic-systems/Bento4/issues/757 CVE-2022-40775 - https://github.com/axiomatic-systems/Bento4/issues/758 +CVE-2022-40778 - https://www.opswat.com/products/metadefender/icap CVE-2022-40797 - http://packetstormsecurity.com/files/169964/Roxy-Fileman-1.4.6-Remote-Shell-Upload.html CVE-2022-40798 - https://gist.github.com/ninj4c0d3r/89bdd6702bf00d768302f5e0e5bb8adc CVE-2022-40839 - https://github.com/daaaalllii/cve-s/blob/main/CVE-2022-40839/poc.txt @@ -89085,6 +89095,7 @@ CVE-2023-0647 - https://github.com/Ha0Liu/cveAdd/blob/developer/dst-admin%201.5. CVE-2023-0650 - https://github.com/YAFNET/YAFNET/security/advisories/GHSA-mg6p-jjff-7g5m CVE-2023-0660 - https://wpscan.com/vulnerability/3fe712bc-ce7f-4b30-9fc7-1ff15aa5b6ce CVE-2023-0663 - https://vuldb.com/?id.220175 +CVE-2023-0663 - https://www.youtube.com/watch?v=UsSZU6EWB1E CVE-2023-0666 - https://gitlab.com/wireshark/wireshark/-/issues/19085 CVE-2023-0666 - https://takeonme.org/cves/CVE-2023-0666.html CVE-2023-0667 - https://gitlab.com/wireshark/wireshark/-/issues/19086 @@ -95613,6 +95624,7 @@ CVE-2023-5488 - https://github.com/llixixi/cve/blob/main/s45_upload_%20updatelib CVE-2023-5488 - https://vuldb.com/?id.241640 CVE-2023-5489 - https://github.com/llixixi/cve/blob/main/s45_upload_%20uploadfile.md CVE-2023-5490 - https://github.com/llixixi/cve/blob/main/s45_upload_%20userattestation.md +CVE-2023-5490 - https://vuldb.com/?id.241642 CVE-2023-5491 - https://github.com/llixixi/cve/blob/main/s45_upload_changelogo.md CVE-2023-5492 - https://github.com/llixixi/cve/blob/main/s45_upload_licence.md CVE-2023-5492 - https://vuldb.com/?id.241644 @@ -99018,6 +99030,7 @@ CVE-2024-36679 - https://security.friendsofpresta.org/modules/2024/06/18/livecha CVE-2024-36680 - https://security.friendsofpresta.org/modules/2024/06/18/pkfacebook.html CVE-2024-36681 - https://security.friendsofpresta.org/modules/2024/06/20/pk_isotope.html CVE-2024-3669 - https://wpscan.com/vulnerability/3c37c9a9-1424-427a-adc7-c2336a47e9cf/ +CVE-2024-3673 - https://wpscan.com/vulnerability/0e8930cb-e176-4406-a43f-a6032471debf/ CVE-2024-36773 - https://github.com/OoLs5/VulDiscovery/blob/main/cve-2024-36773.md CVE-2024-36774 - https://github.com/OoLs5/VulDiscovery/blob/main/poc.docx CVE-2024-36775 - https://github.com/OoLs5/VulDiscovery/blob/main/monstra_xss.pdf @@ -99846,6 +99859,7 @@ CVE-2024-42849 - https://github.com/njmbb8/CVE-2024-42849/tree/main CVE-2024-42852 - https://github.com/Hebing123/cve/issues/64 CVE-2024-4289 - https://wpscan.com/vulnerability/072785de-0ce5-42a4-a3fd-4eb1d1a2f1be/ CVE-2024-4290 - https://wpscan.com/vulnerability/a9a10d0f-d8f2-4f3e-92bf-94fc08416d87/ +CVE-2024-42900 - https://g03m0n.github.io/posts/cve-2024-42900/ CVE-2024-42906 - https://github.com/Alkatraz97/CVEs/blob/main/CVE-2024-42906.md CVE-2024-4291 - https://github.com/L1ziang/Vulnerability/blob/main/formAddMacfilterRule.md CVE-2024-42918 - https://packetstormsecurity.com @@ -99930,6 +99944,10 @@ CVE-2024-4469 - https://wpscan.com/vulnerability/d6b1270b-52c0-471d-a5fb-507e21b CVE-2024-4474 - https://wpscan.com/vulnerability/71954c60-6a5b-4cac-9920-6d9b787ead9c/ CVE-2024-4475 - https://wpscan.com/vulnerability/f0c7fa00-da6e-4f07-875f-7b85759a54b3/ CVE-2024-4477 - https://wpscan.com/vulnerability/ab551552-944c-4e2a-9355-7011cbe553b0/ +CVE-2024-44776 - https://packetstormsecurity.com/files/180461/vTiger-CRM-7.4.0-Open-Redirection.html +CVE-2024-44777 - https://packetstormsecurity.com/files/180462/vTiger-CRM-7.4.0-Cross-Site-Scripting.html +CVE-2024-44778 - https://packetstormsecurity.com/files/180462/vTiger-CRM-7.4.0-Cross-Site-Scripting.html +CVE-2024-44779 - https://packetstormsecurity.com/files/180462/vTiger-CRM-7.4.0-Cross-Site-Scripting.html CVE-2024-44793 - https://github.com/WhatCD/Gazelle/issues/131 CVE-2024-44794 - https://github.com/xiebruce/PicUploader/issues/91 CVE-2024-44795 - https://github.com/WhatCD/Gazelle/issues/129 @@ -99944,6 +99962,7 @@ CVE-2024-4494 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/i/ CVE-2024-4495 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/i/i21/formWifiMacFilterGet.md CVE-2024-4496 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/i/i21/formWifiMacFilterSet.md CVE-2024-4497 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/i/i21/formexeCommand.md +CVE-2024-4497 - https://vuldb.com/?id.263086 CVE-2024-4512 - https://github.com/yylmm/CVE/blob/main/Prison%20Management%20System/xss.md CVE-2024-4512 - https://vuldb.com/?id.263116 CVE-2024-45163 - https://cypressthatkid.medium.com/remote-dos-exploit-found-in-mirai-botnet-source-code-27a1aad284f1 @@ -100160,6 +100179,7 @@ CVE-2024-5172 - https://wpscan.com/vulnerability/65d84e69-0548-4c7d-bcde-5777d72 CVE-2024-5199 - https://wpscan.com/vulnerability/a2cb8d7d-6d7c-42e9-b3db-cb3959bfd41b/ CVE-2024-5217 - https://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit CVE-2024-5257 - https://gitlab.com/gitlab-org/gitlab/-/issues/463149 +CVE-2024-5274 - https://issues.chromium.org/issues/341663589 CVE-2024-5276 - https://www.tenable.com/security/research/tra-2024-25 CVE-2024-5280 - https://wpscan.com/vulnerability/bbc214ba-4e97-4b3a-a21b-2931a9e36973/ CVE-2024-5281 - https://wpscan.com/vulnerability/3c0bdb0f-a06a-47a8-9198-a2bf2678b8f1/ @@ -100201,6 +100221,7 @@ CVE-2024-5410 - http://seclists.org/fulldisclosure/2024/May/36 CVE-2024-5410 - https://cyberdanube.com/en/en-multiple-vulnerabilities-in-oring-iap420/ CVE-2024-5411 - http://seclists.org/fulldisclosure/2024/May/36 CVE-2024-5411 - https://cyberdanube.com/en/en-multiple-vulnerabilities-in-oring-iap420/ +CVE-2024-5417 - https://wpscan.com/vulnerability/fb7d6839-9ccb-4a0f-9dca-d6841f666a1b/ CVE-2024-5420 - http://seclists.org/fulldisclosure/2024/Jun/4 CVE-2024-5420 - https://cyberdanube.com/en/en-multiple-vulnerabilities-in-oring-iap420/index.html CVE-2024-5421 - http://seclists.org/fulldisclosure/2024/Jun/4 @@ -100220,6 +100241,7 @@ CVE-2024-5472 - https://wpscan.com/vulnerability/dcddc2de-c32c-4f8c-8490-f3d980b CVE-2024-5473 - https://wpscan.com/vulnerability/9c70cfc4-5759-469a-a6a3-510c405bd28a/ CVE-2024-5475 - https://wpscan.com/vulnerability/cee66543-b5d6-4205-8f9b-0febd7fee445/ CVE-2024-5488 - https://wpscan.com/vulnerability/28507376-ded0-4e1a-b2fc-2182895aa14c/ +CVE-2024-5499 - https://issues.chromium.org/issues/339877167 CVE-2024-5515 - https://github.com/HaojianWang/cve/issues/1 CVE-2024-5516 - https://github.com/ppp-src/ha/issues/3 CVE-2024-5517 - https://github.com/ppp-src/ha/issues/4 @@ -100276,6 +100298,8 @@ CVE-2024-5807 - https://wpscan.com/vulnerability/badb16b5-8c06-4170-b605-ea7af89 CVE-2024-5808 - https://wpscan.com/vulnerability/1783bbce-3cc3-4a7e-a491-b713cee8278b/ CVE-2024-5809 - https://wpscan.com/vulnerability/0af9fbcf-5f0e-4f7f-ae60-b46e704cf0a5/ CVE-2024-5811 - https://wpscan.com/vulnerability/bf6c2e28-51ef-443b-b1c2-d555c7e12f7f/ +CVE-2024-5844 - https://issues.chromium.org/issues/331960660 +CVE-2024-5846 - https://issues.chromium.org/issues/341095523 CVE-2024-5851 - https://vuldb.com/?submit.347385 CVE-2024-5882 - https://wpscan.com/vulnerability/5e8d7808-8f3e-4fc9-a1e7-e108da031ca7/ CVE-2024-5883 - https://wpscan.com/vulnerability/a1894884-c739-4ef4-8d9c-392171ab3d68/ @@ -100483,6 +100507,7 @@ CVE-2024-6912 - https://cyberdanube.com/en/en-multiple-vulnerabilities-in-perten CVE-2024-6913 - http://seclists.org/fulldisclosure/2024/Jul/13 CVE-2024-6913 - https://cyberdanube.com/en/en-multiple-vulnerabilities-in-perten-processplus/ CVE-2024-6923 - https://github.com/python/cpython/pull/122233 +CVE-2024-6927 - https://wpscan.com/vulnerability/05024ff5-4c7a-4941-8dae-c1a8d2d4e202/ CVE-2024-6932 - https://github.com/Hebing123/cve/issues/42 CVE-2024-6933 - https://github.com/Hebing123/cve/issues/55 CVE-2024-6934 - https://github.com/DeepMountains/Mirage/blob/main/CVE-2.md @@ -100534,6 +100559,7 @@ CVE-2024-7116 - https://github.com/topsky979/Security-Collections/tree/main/cve7 CVE-2024-7117 - https://github.com/topsky979/Security-Collections/tree/main/cve8 CVE-2024-7118 - https://github.com/topsky979/Security-Collections/tree/main/cve9 CVE-2024-7119 - https://github.com/topsky979/Security-Collections/tree/main/cve10 +CVE-2024-7132 - https://wpscan.com/vulnerability/16deb743-6fe9-43a2-9586-d92cfe1daa17/ CVE-2024-7160 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3700R/setWanCfg.md CVE-2024-7161 - https://github.com/HuaQiPro/seacms/issues/30 CVE-2024-7162 - https://github.com/HuaQiPro/seacms/issues/29