Update CVE sources 2024-08-09 18:54

2025-06-19 17:30:12 +00:00 · 2024-08-09 18:54:21 +00:00 · 2024-08-09 18:54:21 +00:00 · 70ad145994
commit 70ad145994
parent cb705d0b04
165 changed files with 1681 additions and 32 deletions
--- a/2004/CVE-2004-2687.md
+++ b/2004/CVE-2004-2687.md
@ -19,6 +19,7 @@ No PoCs from references.
 - https://github.com/CVEDB/awesome-cve-repo
 - https://github.com/H3xL00m/distccd_rce_CVE-2004-2687
 - https://github.com/Kr1tz3x3/HTB-Writeups
 - https://github.com/N3rdyN3xus/distccd_rce_CVE-2004-2687
 - https://github.com/Patrick122333/4240project
 - https://github.com/SecGen/SecGen
 - https://github.com/Sp3c73rSh4d0w/distccd_rce_CVE-2004-2687
--- a/2006/CVE-2006-6417.md
+++ b/2006/CVE-2006-6417.md
@ -0,0 +1,17 @@
 ### [CVE-2006-6417](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6417)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 PHP remote file inclusion vulnerability in inc/CONTROL/import/import-mt.php in b2evolution 1.8.5 through 1.9 beta allows remote attackers to execute arbitrary PHP code via a URL in the inc_path parameter.
 ### POC
 #### Reference
 - http://securityreason.com/securityalert/2006
 #### Github
 No PoCs found on GitHub currently.
--- a/2007/CVE-2007-2447.md
+++ b/2007/CVE-2007-2447.md
@ -41,6 +41,7 @@ The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote
 - https://github.com/Ki11i0n4ir3/Sambaster
 - https://github.com/Kr1tz3x3/HTB-Writeups
 - https://github.com/MikeRega7/CVE-2007-2447-RCE
 - https://github.com/N3rdyN3xus/CVE-2007-2447
 - https://github.com/Nosferatuvjr/Samba-Usermap-exploit
 - https://github.com/Patrick122333/4240project
 - https://github.com/SamHackingArticles/CVE-2007-2447
--- a/2008/CVE-2008-4250.md
+++ b/2008/CVE-2008-4250.md
@ -32,6 +32,7 @@ The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP
 - https://github.com/H3xL00m/MS08-067
 - https://github.com/Jean-Francois-C/Boot2root-CTFs-Writeups
 - https://github.com/Kuromesi/Py4CSKG
 - https://github.com/N3rdyN3xus/MS08-067
 - https://github.com/RodrigoVarasLopez/Download-Scanners-from-Nessus-8.7-using-the-API
 - https://github.com/SexyBeast233/SecBooks
 - https://github.com/Sp3c73rSh4d0w/MS08-067
--- a/2009/CVE-2009-2265.md
+++ b/2009/CVE-2009-2265.md
@ -25,6 +25,7 @@ Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow r
 - https://github.com/CVEDB/PoC-List
 - https://github.com/CVEDB/awesome-cve-repo
 - https://github.com/H3xL00m/CVE-2009-2265
 - https://github.com/N3rdyN3xus/CVE-2009-2265
 - https://github.com/Sp3c73rSh4d0w/CVE-2009-2265
 - https://github.com/c0d3cr4f73r/CVE-2009-2265
 - https://github.com/crypticdante/CVE-2009-2265
--- a/2010/CVE-2010-1028.md
+++ b/2010/CVE-2010-1028.md
@ -12,6 +12,7 @@ Integer overflow in the decompression functionality in the Web Open Fonts Format
 #### Reference
 - http://blog.mozilla.com/security/2010/02/22/secunia-advisory-sa38608/
 - http://blog.mozilla.com/security/2010/03/18/update-on-secunia-advisory-sa38608/
 - http://www.h-online.com/security/news/item/Zero-day-exploit-for-Firefox-3-6-936124.html
 - https://bugzilla.mozilla.org/show_bug.cgi?id=552216
 #### Github
--- a/2011/CVE-2011-1249.md
+++ b/2011/CVE-2011-1249.md
@ -22,6 +22,7 @@ The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and S
 - https://github.com/Cruxer8Mech/Idk
 - https://github.com/H3xL00m/CVE-2011-1249
 - https://github.com/Madusanka99/OHTS
 - https://github.com/N3rdyN3xus/CVE-2011-1249
 - https://github.com/Sp3c73rSh4d0w/CVE-2011-1249
 - https://github.com/c0d3cr4f73r/CVE-2011-1249
 - https://github.com/crypticdante/CVE-2011-1249
--- a/2017/CVE-2017-20103.md
+++ b/2017/CVE-2017-20103.md
@ -11,6 +11,7 @@ A vulnerability classified as critical has been found in Kama Click Counter Plug
 #### Reference
 - http://seclists.org/fulldisclosure/2017/Feb/67
 - https://vuldb.com/?id.97335
 #### Github
 No PoCs found on GitHub currently.
--- a/2017/CVE-2017-7615.md
+++ b/2017/CVE-2017-7615.md
@ -15,6 +15,7 @@ MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin
 - https://www.exploit-db.com/exploits/41890/
 #### Github
 - https://github.com/20142995/nuclei-templates
 - https://github.com/20142995/sectool
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/ARPSyndicate/kenzer-templates
--- a/2018/CVE-2018-17463.md
+++ b/2018/CVE-2018-17463.md
@ -17,6 +17,7 @@ Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 al
 - https://github.com/Ostorlab/KEV
 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
 - https://github.com/Uniguri/CVE-1day
 - https://github.com/Uniguri/CVE-nday
 - https://github.com/changelog2020/JSEChalls
 - https://github.com/ernestang98/win-exploits
 - https://github.com/hwiwonl/dayone
--- a/2019/CVE-2019-11358.md
+++ b/2019/CVE-2019-11358.md
@ -2490,6 +2490,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
 - https://github.com/William-f-12/FTCTest
 - https://github.com/WindsorHSRobotics/team-20514_2021-2022
 - https://github.com/WinstonCrosby/CooperCode2023
 - https://github.com/WishingWell13-Forks/FtcRobotController-Freight-Frenzy-Lessons
 - https://github.com/WishingWell13/FtcRobotController-Freight-Frenzy-Lessons
 - https://github.com/WlhsRobotics/FtcRobotController-master
 - https://github.com/WoEN239/CENTERSTAGE-WoEN
@ -2860,6 +2861,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
 - https://github.com/demotivate/rizzlords-robotics
 - https://github.com/demotivate/swagbots
 - https://github.com/denwan20/FTC-programming
 - https://github.com/derekriter08/technohuskies10309_2022
 - https://github.com/derryfieldftc/FightingCougarsRobotController
 - https://github.com/developer3000S/PoC-in-GitHub
 - https://github.com/devsamuelv/Offseason-Code-Dualshock
--- a/2019/CVE-2019-16353.md
+++ b/2019/CVE-2019-16353.md
@ -0,0 +1,17 @@
 ### [CVE-2019-16353](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16353)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 Emerson GE Automation Proficy Machine Edition 8.0 allows an access violation and application crash via crafted traffic from a remote device, as demonstrated by an RX7i device.
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/boofish/ICS3Fuzzer
--- a/2019/CVE-2019-2025.md
+++ b/2019/CVE-2019-2025.md
@ -14,6 +14,7 @@ No PoCs from references.
 #### Github
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/Clock-Skew/EndPointX
 - https://github.com/Sec20-Paper310/Paper310
 - https://github.com/jltxgcy/CVE_2019_2025_EXP
 - https://github.com/kdn111/linux-kernel-exploitation
--- a/2019/CVE-2019-2215.md
+++ b/2019/CVE-2019-2215.md
@ -20,6 +20,7 @@ A use-after-free in binder.c allows an elevation of privilege from an applicatio
 - https://github.com/ATorNinja/CVE-2019-2215
 - https://github.com/Al1ex/LinuxEelvation
 - https://github.com/Byte-Master-101/CVE-2019-2215
 - https://github.com/Clock-Skew/EndPointX
 - https://github.com/CrackerCat/Rootsmart-v2.0
 - https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections
 - https://github.com/DimitriFourny/cve-2019-2215
--- a/2020/CVE-2020-0423.md
+++ b/2020/CVE-2020-0423.md
@ -14,6 +14,7 @@ No PoCs from references.
 #### Github
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/Clock-Skew/EndPointX
 - https://github.com/Swordfish-Security/awesome-android-security
 - https://github.com/TinyNiko/android_bulletin_notes
 - https://github.com/alphaSeclab/sec-daily-2020
--- a/2020/CVE-2020-0796.md
+++ b/2020/CVE-2020-0796.md
@ -102,6 +102,7 @@ A remote code execution vulnerability exists in the way that the Microsoft Serve
 - https://github.com/HernanRodriguez1/Dorks-Shodan-2023
 - https://github.com/IAreKyleW00t/SMBGhosts
 - https://github.com/IFccTeR/1_UP_files
 - https://github.com/IFunFox/1_UP_files
 - https://github.com/IvanVoronov/0day
 - https://github.com/JERRY123S/all-poc
 - https://github.com/Jacob10s/SMBGHOST_EXPLOIT
--- a/2020/CVE-2020-17530.md
+++ b/2020/CVE-2020-17530.md
@ -76,6 +76,7 @@ Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may
 - https://github.com/pctF/vulnerable-app
 - https://github.com/phil-fly/CVE-2020-17530
 - https://github.com/readloud/Awesome-Stars
 - https://github.com/secpool2000/CVE-2020-17530
 - https://github.com/sobinge/nuclei-templates
 - https://github.com/superlink996/chunqiuyunjingbachang
 - https://github.com/trganda/starrlist
--- a/2020/CVE-2020-36646.md
+++ b/2020/CVE-2020-36646.md
@ -13,5 +13,6 @@ A vulnerability classified as problematic has been found in MediaArea ZenLib up
 No PoCs from references.
 #### Github
 - https://github.com/DiRaltvein/memory-corruption-examples
 - https://github.com/Live-Hack-CVE/CVE-2020-36646
--- a/2020/CVE-2020-8617.md
+++ b/2020/CVE-2020-8617.md
@ -26,6 +26,7 @@ Using a specially-crafted message, an attacker may potentially cause a BIND serv
 - https://github.com/Zhivarev/13-01-hw
 - https://github.com/balabit-deps/balabit-os-9-bind9-libs
 - https://github.com/developer3000S/PoC-in-GitHub
 - https://github.com/gothburz/cve-2020-8617
 - https://github.com/hectorgie/PoC-in-GitHub
 - https://github.com/knqyf263/CVE-2020-8617
 - https://github.com/nomi-sec/PoC-in-GitHub
--- a/2021/CVE-2021-20587.md
+++ b/2021/CVE-2021-20587.md
@ -14,4 +14,5 @@ No PoCs from references.
 #### Github
 - https://github.com/Live-Hack-CVE/CVE-2021-20587
 - https://github.com/boofish/ICS3Fuzzer
--- a/2021/CVE-2021-20588.md
+++ b/2021/CVE-2021-20588.md
@ -14,4 +14,5 @@ No PoCs from references.
 #### Github
 - https://github.com/Live-Hack-CVE/CVE-2021-20588
 - https://github.com/boofish/ICS3Fuzzer
--- a/2021/CVE-2021-26084.md
+++ b/2021/CVE-2021-26084.md
@ -43,6 +43,7 @@ In affected versions of Confluence Server and Data Center, an OGNL injection vul
 - https://github.com/CVEDB/PoC-List
 - https://github.com/CVEDB/awesome-cve-repo
 - https://github.com/CVEDB/top
 - https://github.com/CrackerCat/CVE-2021-26084
 - https://github.com/FDlucifer/firece-fish
 - https://github.com/GhostTroops/TOP
 - https://github.com/GlennPegden2/cve-2021-26084-confluence
--- a/2021/CVE-2021-29297.md
+++ b/2021/CVE-2021-29297.md
@ -0,0 +1,17 @@
 ### [CVE-2021-29297](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29297)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 Buffer Overflow in Emerson GE Automation Proficy Machine Edition v8.0 allows an attacker to cause a denial of service and application crash via crafted traffic from a Man-in-the-Middle (MITM) attack to the component "FrameworX.exe" in the module "MSVCR100.dll".
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/boofish/ICS3Fuzzer
--- a/2021/CVE-2021-29298.md
+++ b/2021/CVE-2021-29298.md
@ -0,0 +1,17 @@
 ### [CVE-2021-29298](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29298)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 Improper Input Validation in Emerson GE Automation Proficy Machine Edition v8.0 allows an attacker to cause a denial of service and application crash via crafted traffic from a Man-in-the-Middle (MITM) attack to the component "FrameworX.exe"in the module "fxVPStatcTcp.dll".
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/boofish/ICS3Fuzzer
--- a/2021/CVE-2021-3156.md
+++ b/2021/CVE-2021-3156.md
@ -113,6 +113,7 @@ Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based
 - https://github.com/SexyBeast233/SecBooks
 - https://github.com/SirElmard/ethical_hacking
 - https://github.com/Spektrainfiniti/MP
 - https://github.com/Technetium1/stars
 - https://github.com/TheFlash2k/CVE-2021-3156
 - https://github.com/TheSerialiZator/CTF-2021
 - https://github.com/Threekiii/Awesome-POC
--- a/2021/CVE-2021-34527.md
+++ b/2021/CVE-2021-34527.md
@ -67,6 +67,7 @@
 - https://github.com/AdamAmicro/CAHard
 - https://github.com/AdamPumphrey/PowerShell
 - https://github.com/AleHelp/Windows-Pentesting-cheatsheet
 - https://github.com/Alfesito/windows_hardening
 - https://github.com/Alssi-consulting/HardeningKitty
 - https://github.com/Amaranese/CVE-2021-34527
 - https://github.com/Ascotbe/Kernelhub
--- a/2021/CVE-2021-36260.md
+++ b/2021/CVE-2021-36260.md
@ -30,6 +30,7 @@ A command injection vulnerability in the web server of some Hikvision product. D
 - https://github.com/Aiminsun/CVE-2021-36260
 - https://github.com/ArrestX/--POC
 - https://github.com/Awrrays/FrameVul
 - https://github.com/CVEDB/awesome-cve-repo
 - https://github.com/Cuerz/CVE-2021-36260
 - https://github.com/Fans0n-Fan/Awesome-IoT-exp
 - https://github.com/Haoke98/NetEye
--- a/2021/CVE-2021-3929.md
+++ b/2021/CVE-2021-3929.md
@ -17,6 +17,7 @@ No PoCs from references.
 - https://github.com/NaInSec/CVE-PoC-in-GitHub
 - https://github.com/QiuhaoLi/CVE-2021-3929-3947
 - https://github.com/SYRTI/POC_to_review
 - https://github.com/Technetium1/stars
 - https://github.com/WhooAmii/POC_to_review
 - https://github.com/k0mi-tg/CVE-POC
 - https://github.com/lemon-mint/stars
--- a/2021/CVE-2021-4034.md
+++ b/2021/CVE-2021-4034.md
@ -161,6 +161,7 @@ A local privilege escalation vulnerability was found on polkit's pkexec utility.
 - https://github.com/Taillan/TryHackMe
 - https://github.com/Tanmay-N/CVE-2021-4034
 - https://github.com/TanmoyG1800/CVE-2021-4034
 - https://github.com/Technetium1/stars
 - https://github.com/TheJoyOfHacking/berdav-CVE-2021-4034
 - https://github.com/TheSermux/CVE-2021-4034
 - https://github.com/Threekiii/Awesome-POC
--- a/2021/CVE-2021-40444.md
+++ b/2021/CVE-2021-40444.md
@ -93,6 +93,7 @@
 - https://github.com/Ostorlab/KEV
 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
 - https://github.com/Panopticon-Project/panopticon-WizardSpider
 - https://github.com/Phuong39/CVE-2021-40444-CAB
 - https://github.com/S3N4T0R-0X0/APT28-Adversary-Simulation
 - https://github.com/SYRTI/POC_to_review
 - https://github.com/SirElmard/ethical_hacking
--- a/2021/CVE-2021-46901.md
+++ b/2021/CVE-2021-46901.md
@ -0,0 +1,17 @@
 ### [CVE-2021-46901](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46901)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 examples/6lbr/apps/6lbr-webserver/httpd.c in CETIC-6LBR (aka 6lbr) 1.5.0 has a strcat stack-based buffer overflow via a request for a long URL over a 6LoWPAN network.
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/DiRaltvein/memory-corruption-examples
--- a/2022/CVE-2022-0847.md
+++ b/2022/CVE-2022-0847.md
@ -124,6 +124,7 @@ A flaw was found in the way the "flags" member of the new pipe buffer structure
 - https://github.com/Snoopy-Sec/Localroot-ALL-CVE
 - https://github.com/T4t4ru/CVE-2022-0847
 - https://github.com/Tanq16/link-hub
 - https://github.com/Technetium1/stars
 - https://github.com/Threekiii/Awesome-POC
 - https://github.com/Trickhish/automated_privilege_escalation
 - https://github.com/Turzum/ps-lab-cve-2022-0847
--- a/2022/CVE-2022-1015.md
+++ b/2022/CVE-2022-1015.md
@ -27,6 +27,7 @@ A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of t
 - https://github.com/SYRTI/POC_to_review
 - https://github.com/TurtleARM/CVE-2023-0179-PoC
 - https://github.com/Uniguri/CVE-1day
 - https://github.com/Uniguri/CVE-nday
 - https://github.com/WhooAmii/POC_to_review
 - https://github.com/XiaozaYa/CVE-Recording
 - https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits
--- a/2022/CVE-2022-20421.md
+++ b/2022/CVE-2022-20421.md
@ -15,6 +15,7 @@ No PoCs from references.
 #### Github
 - https://github.com/0xkol/badspin
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/Clock-Skew/EndPointX
 - https://github.com/johe123qwe/github-trending
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/xairy/linux-kernel-exploitation
--- a/2022/CVE-2022-32947.md
+++ b/2022/CVE-2022-32947.md
@ -16,6 +16,7 @@ The issue was addressed with improved memory handling. This issue is fixed in iO
 No PoCs from references.
 #### Github
 - https://github.com/Technetium1/stars
 - https://github.com/asahilina/agx-exploit
 - https://github.com/nomi-sec/PoC-in-GitHub
--- a/2022/CVE-2022-46449.md
+++ b/2022/CVE-2022-46449.md
@ -0,0 +1,17 @@
 ### [CVE-2022-46449](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46449)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 An issue in MPD (Music Player Daemon) v0.23.10 allows attackers to cause a Denial of Service (DoS) via a crafted input.
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/DiRaltvein/memory-corruption-examples
--- a/2022/CVE-2022-46689.md
+++ b/2022/CVE-2022-46689.md
@ -45,6 +45,7 @@ A race condition was addressed with additional validation. This issue is fixed i
 - https://github.com/PureKFD/PureKFD
 - https://github.com/PureKFD/PureKFDRepo
 - https://github.com/Smile1024me/Cowabunga
 - https://github.com/Technetium1/stars
 - https://github.com/Thyssenkrupp234/ra1nm8
 - https://github.com/ZZY3312/KFDFontOverwrite-M1
 - https://github.com/ahkecha/McDirty
--- a/2023/CVE-2023-0210.md
+++ b/2023/CVE-2023-0210.md
@ -15,5 +15,5 @@ A bug affects the Linux kernel’s ksmbd NTLMv2 authentication and is known to c
 - https://www.openwall.com/lists/oss-security/2023/01/04/1
 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/DiRaltvein/memory-corruption-examples
--- a/2023/CVE-2023-20938.md
+++ b/2023/CVE-2023-20938.md
@ -13,6 +13,7 @@ In binder_transaction_buffer_release of binder.c, there is a possible use after
 No PoCs from references.
 #### Github
 - https://github.com/Clock-Skew/EndPointX
 - https://github.com/IamAlch3mist/Awesome-Android-Vulnerability-Research
 - https://github.com/xairy/linux-kernel-exploitation
--- a/2023/CVE-2023-3079.md
+++ b/2023/CVE-2023-3079.md
@ -20,6 +20,7 @@ Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote a
 - https://github.com/RENANZG/My-Forensics
 - https://github.com/Threekiii/CVE
 - https://github.com/Uniguri/CVE-1day
 - https://github.com/Uniguri/CVE-nday
 - https://github.com/ZonghaoLi777/githubTrending
 - https://github.com/aneasystone/github-trending
 - https://github.com/johe123qwe/github-trending
--- a/2023/CVE-2023-47470.md
+++ b/2023/CVE-2023-47470.md
@ -14,5 +14,5 @@ Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210
 - https://patchwork.ffmpeg.org/project/ffmpeg/patch/20230915131147.5945-2-michael@niedermayer.cc/
 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/DiRaltvein/memory-corruption-examples
--- a/2023/CVE-2023-4762.md
+++ b/2023/CVE-2023-4762.md
@ -15,6 +15,7 @@ No PoCs from references.
 #### Github
 - https://github.com/Ostorlab/KEV
 - https://github.com/Uniguri/CVE-1day
 - https://github.com/Uniguri/CVE-nday
 - https://github.com/buptsb/CVE-2023-4762
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/sherlocksecurity/CVE-2023-4762-Code-Review
--- a/2023/CVE-2023-48014.md
+++ b/2023/CVE-2023-48014.md
@ -13,5 +13,5 @@ GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a stack overflo
 - https://github.com/gpac/gpac/issues/2613
 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/DiRaltvein/memory-corruption-examples
--- a/2023/CVE-2023-7050.md
+++ b/2023/CVE-2023-7050.md
@ -0,0 +1,17 @@
 ### [CVE-2023-7050](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7050)
 ![](https://img.shields.io/static/v1?label=Product&message=Online%20Notes%20Sharing%20System&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen)
 ### Description
 A vulnerability has been found in PHPGurukul Online Notes Sharing System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file user/profile.php. The manipulation of the argument name/email leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248737 was assigned to this vulnerability.
 ### POC
 #### Reference
 - https://vuldb.com/?id.248737
 #### Github
 No PoCs found on GitHub currently.
--- a/2023/CVE-2023-7054.md
+++ b/2023/CVE-2023-7054.md
@ -10,7 +10,7 @@ A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has
 ### POC
 #### Reference
-No PoCs from references.
+- https://vuldb.com/?id.248741
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
--- a/2023/CVE-2023-7111.md
+++ b/2023/CVE-2023-7111.md
@ -11,6 +11,7 @@ A vulnerability, which was classified as critical, was found in code-projects Li
 #### Reference
 - https://github.com/h4md153v63n/CVEs/blob/main/Library-Management-System/Library-Management-System_SQL_Injection-3.md
 - https://vuldb.com/?id.249006
 #### Github
 - https://github.com/h4md153v63n/CVEs
--- a/2023/CVE-2023-7193.md
+++ b/2023/CVE-2023-7193.md
@ -0,0 +1,17 @@
 ### [CVE-2023-7193](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7193)
 ![](https://img.shields.io/static/v1?label=Product&message=Bookmark&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=%3D%201.2.0%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%20Improper%20Access%20Controls&color=brighgreen)
 ### Description
 A vulnerability was found in MTab Bookmark up to 1.2.6 and classified as critical. This issue affects some unknown processing of the file public/install.php of the component Installation. The manipulation leads to improper access controls. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249395. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
 ### POC
 #### Reference
 - https://vuldb.com/?id.249395
 #### Github
 No PoCs found on GitHub currently.
--- a/2024/CVE-2024-0030.md
+++ b/2024/CVE-2024-0030.md
@ -14,4 +14,5 @@ No PoCs from references.
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
 - https://github.com/nomi-sec/PoC-in-GitHub
--- a/2024/CVE-2024-0517.md
+++ b/2024/CVE-2024-0517.md
@ -14,6 +14,7 @@ No PoCs from references.
 #### Github
 - https://github.com/Uniguri/CVE-1day
 - https://github.com/Uniguri/CVE-nday
 - https://github.com/ret2eax/exploits
 - https://github.com/rycbar77/V8Exploits
 - https://github.com/sploitem/v8-writeups
--- a/2024/CVE-2024-1086.md
+++ b/2024/CVE-2024-1086.md
@ -30,6 +30,7 @@ A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables compon
 - https://github.com/Notselwyn/notselwyn
 - https://github.com/SenukDias/OSCP_cheat
 - https://github.com/Snoopy-Sec/Localroot-ALL-CVE
 - https://github.com/Technetium1/stars
 - https://github.com/TigerIsMyPet/KernelExploit
 - https://github.com/YgorAlberto/ygoralberto.github.io
 - https://github.com/Zombie-Kaiser/Zombie-Kaiser
--- a/2024/CVE-2024-21302.md
+++ b/2024/CVE-2024-21302.md
@ -20,7 +20,7 @@
 ### Description
-Summary:Microsoft was notified that an elevation of privilege vulnerability exists in Windows based systems supporting Virtualization Based Security (VBS) including a subset of Azure Virtual Machine SKUS; enabling an attacker with administrator privileges to replace current versions of Windows system files with outdated versions. By exploiting this vulnerability, an attacker could reintroduce previously mitigated vulnerabilities, circumvent some features of VBS, and exfiltrate data protected by VBS.Microsoft is developing a security update to mitigate this threat, but it is not yet available. Guidance to help customers reduce the risks associated with this vulnerability and to protect their systems until the mitigation is available in a Windows security update is provided in the Recommended Actions section of this CVE.This CVE will be updated when the mitigation is available in a Windows security update. We highly encourage customers to subscribe to Security Update Guide notifications to receive an alert when this update occurs.
+Summary:Microsoft was notified that an elevation of privilege vulnerability exists in Windows based systems supporting Virtualization Based Security (VBS) including a subset of Azure Virtual Machine SKUS; enabling an attacker with administrator privileges to replace current versions of Windows system files with outdated versions. By exploiting this vulnerability, an attacker could reintroduce previously mitigated vulnerabilities, circumvent some features of VBS, and exfiltrate data protected by VBS.  For more information on Windows versions and VM SKUs supporting VBS, reference: Virtualization-based Security (VBS) | Microsoft Learn..Microsoft is developing a security update to mitigate this vulnerability, but it is not yet available. Guidance to help customers reduce the risks associated with this vulnerability and to protect their systems until the mitigation is available in a Windows security update is provided in the Recommended Actions section of this CVE.This CVE will be updated when the mitigation is available in a Windows security update. We highly encourage customers to subscribe to Security Update Guide notifications to receive an alert when this update occurs.Details:A security researcher informed Microsoft of an elevation of privilege vulnerability in Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, Windows Server 2022 , and a subset of Azure Virtual Machines (VM) SKUs with a Windows based guestOS supporting VBS.The vulnerability enables an attacker with administrator privileges on the target system to replace current Windows system files with outdated versions. Successful exploitation provides an attacker with the ability to reintroduce previously mitigated vulnerabilities, circumvent VBS security features, and exfiltrate data protected by VBS.Microsoft is developing a security update that will revoke outdated, unpatched VBS system files to mitigate this vulnerability, but it is not yet available. Due to the complexity of blocking such a large quantity of files, rigorous testing is required to avoid integration failures or regressions. This CVE will be updated with new information and links to the security updates once available. We highly encourage customers subscribe to Security Update Guide notifications to be alerted of updates. See Microsoft Technical Security Notifications and Security Update Guide Notification System News: Create your profile now – Microsoft Security Response Center.Microsoft is not aware of any attempts to exploit this vulnerability. However, a public presentation regarding this vulnerability was hosted at BlackHat on August 07th, 2024. The presentation was appropriately coordinated with Microsoft but may change the threat landscape. Customers concerned with these risks should reference the guidance provided in the Recommended Actions section of this CVE to protect their systems.Recommended Actions:The following recommendations do not mitigate the vulnerability but can be used to reduce the risk of exploitation until the security update is available.Configure “Audit Object Access” settings to monitor attempts to access files, such as handle creation, read / write operations, or modifications to security descriptors.Audit File System - Windows 10 | Microsoft LearnApply a basic audit policy on a file or folder - Windows 10 | Microsoft LearnAuditing sensitive privileges used to identify access, modification, or replacement of VBS related files could help indicacte attempts to exploit this vulnerability.Audit Sensitive Privilege Use - Windows 10 | Microsoft LearnProtect your Azure tenant by investigating administrators and users flagged for risky sign-ins and rotating their credentials.Investigate risk Microsoft Entra ID Protection - Microsoft Entra ID Protection | Microsoft LearnEnabling Multi-Factor Authentication can also help alleviate concerns about compromised accounts or exposure.Enforce multifactor...
 ### POC
--- a/2024/CVE-2024-23708.md
+++ b/2024/CVE-2024-23708.md
@ -0,0 +1,17 @@
 ### [CVE-2024-23708](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23708)
 ![](https://img.shields.io/static/v1?label=Product&message=Android&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=%3D%2014%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=Elevation%20of%20privilege&color=brighgreen)
 ### Description
 In multiple functions of NotificationManagerService.java, there is a possible way to not show a toast message when a clipboard message has been accessed. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/nomi-sec/PoC-in-GitHub
--- a/2024/CVE-2024-25897.md
+++ b/2024/CVE-2024-25897.md
@ -13,5 +13,5 @@ ChurchCRM 5.5.0 FRCatalog.php is vulnerable to Blind SQL Injection (Time-based)
 - https://github.com/ChurchCRM/CRM/issues/6856
 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/nomi-sec/PoC-in-GitHub
--- a/2024/CVE-2024-29039.md
+++ b/2024/CVE-2024-29039.md
@ -0,0 +1,17 @@
 ### [CVE-2024-29039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29039)
 ![](https://img.shields.io/static/v1?label=Product&message=tpm2-tools&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%205.7%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-807%3A%20Reliance%20on%20Untrusted%20Inputs%20in%20a%20Security%20Decision&color=brighgreen)
 ### Description
 tpm2 is the source repository for the Trusted Platform Module (TPM2.0) tools. This vulnerability allows attackers to manipulate tpm2_checkquote outputs by altering the TPML_PCR_SELECTION in the PCR input file.  As a result, digest values are incorrectly mapped to PCR slots and banks, providing a misleading picture of the TPM state. This issue has been patched in version 5.7.
 ### POC
 #### Reference
 - https://github.com/tpm2-software/tpm2-tools/security/advisories/GHSA-8rjm-5f5f-h4q6
 #### Github
 No PoCs found on GitHub currently.
--- a/2024/CVE-2024-29040.md
+++ b/2024/CVE-2024-29040.md
@ -0,0 +1,17 @@
 ### [CVE-2024-29040](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29040)
 ![](https://img.shields.io/static/v1?label=Product&message=tpm2-tss&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%204.1.0%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%3A%20Deserialization%20of%20Untrusted%20Data&color=brighgreen)
 ### Description
 This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure `TPMS_ATTEST`. For the field `TPM2_GENERATED magic` of this structure any number can be used in the JSON structure. The verifier can receive a state which does not represent the actual, possibly malicious state of the device under test. The malicious device might get access to data it shouldn't, or can use services it shouldn't be able to. This issue has been patched in version 4.1.0.
 ### POC
 #### Reference
 - https://github.com/tpm2-software/tpm2-tss/security/advisories/GHSA-837m-jw3m-h9p6
 #### Github
 No PoCs found on GitHub currently.
--- a/2024/CVE-2024-29181.md
+++ b/2024/CVE-2024-29181.md
@ -0,0 +1,17 @@
 ### [CVE-2024-29181](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29181)
 ![](https://img.shields.io/static/v1?label=Product&message=strapi&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%204.19.1%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-639%3A%20Authorization%20Bypass%20Through%20User-Controlled%20Key&color=brighgreen)
 ### Description
 Strapi is an open-source content management system. Prior to version 4.19.1, a super admin can create a collection where an item in the collection has an association to another collection. When this happens, another user with Author Role can see the list of associated items they did not create. They should see nothing but their own items they created not all items ever created. Users should upgrade @strapi/plugin-content-manager to version 4.19.1 to receive a patch.
 ### POC
 #### Reference
 - https://github.com/strapi/strapi/security/advisories/GHSA-6j89-frxc-q26m
 #### Github
 No PoCs found on GitHub currently.
--- a/2024/CVE-2024-29318.md
+++ b/2024/CVE-2024-29318.md
@ -0,0 +1,17 @@
 ### [CVE-2024-29318](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29318)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 Volmarg Personal Management System 1.4.64 is vulnerable to stored cross site scripting (XSS) via upload of a SVG file with embedded javascript code.
 ### POC
 #### Reference
 - https://github.com/b-hermes/vulnerability-research/tree/main/CVE-2024-29318
 #### Github
 No PoCs found on GitHub currently.
--- a/2024/CVE-2024-29319.md
+++ b/2024/CVE-2024-29319.md
@ -0,0 +1,17 @@
 ### [CVE-2024-29319](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29319)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 Volmarg Personal Management System 1.4.64 is vulnerable to SSRF (Server Side Request Forgery) via uploading a SVG file. The server can make unintended HTTP and DNS requests to a server that the attacker controls.
 ### POC
 #### Reference
 - https://github.com/b-hermes/vulnerability-research/tree/main/CVE-2024-29319
 #### Github
 No PoCs found on GitHub currently.
--- a/2024/CVE-2024-29390.md
+++ b/2024/CVE-2024-29390.md
@ -10,7 +10,7 @@ Daily Expenses Management System version 1.0, developed by PHP Gurukul, contains
 ### POC
 #### Reference
-No PoCs from references.
+- https://github.com/CyberSentryX/CVE_Hunting/blob/main/CVE-2024-29390/README.md
 #### Github
 - https://github.com/CyberSentryX/CVE_Hunting
--- a/2024/CVE-2024-3094.md
+++ b/2024/CVE-2024-3094.md
@ -48,6 +48,7 @@ Malicious code was discovered in the upstream tarballs of xz, starting with vers
 - https://github.com/ScrimForever/CVE-2024-3094
 - https://github.com/Security-Phoenix-demo/CVE-2024-3094-fix-exploits
 - https://github.com/Simplifi-ED/CVE-2024-3094-patcher
 - https://github.com/Technetium1/stars
 - https://github.com/TheTorjanCaptain/CVE-2024-3094-Checker
 - https://github.com/Thiagocsoaresbh/heroku-test
 - https://github.com/Yuma-Tsushima07/CVE-2024-3094
--- a/2024/CVE-2024-34580.md
+++ b/2024/CVE-2024-34580.md
@ -5,11 +5,12 @@
 ### Description
-** DISPUTED ** Apache XML Security for C++ through 2.0.4 implements the XML Signature Syntax and Processing (XMLDsig) specification without protection against an SSRF payload in a KeyInfo element. NOTE: the supplier disputes this CVE Record on the grounds that they are implementing the specification "correctly" and are not "at fault."
+** DISPUTED ** Apache XML Security for C++ through 2.0.4 implements the XML Signature Syntax and Processing (XMLDsig) specification without protection against an SSRF payload in a KeyInfo element. NOTE: the project disputes this CVE Record on the grounds that any vulnerabilities are the result of a failure to configure XML Security for C++ securely. Even when avoiding this particular issue, any use of this library would need considerable additional code and a deep understanding of the standards and protocols involved to arrive at a secure implementation for any particular use case. We recommend against continued direct use of this library.
 ### POC
 #### Reference
 - https://shibboleth.atlassian.net/wiki/spaces/DEV/pages/3726671873/Santuario
 - https://www.sonatype.com/blog/the-exploited-ivanti-connect-ssrf-vulnerability-stems-from-xmltooling-oss-library
 #### Github
--- a/2024/CVE-2024-37085.md
+++ b/2024/CVE-2024-37085.md
@ -18,4 +18,5 @@ No PoCs from references.
 - https://github.com/gokupwn/pushMyResources
 - https://github.com/h0bbel/h0bbel
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/tanjiti/sec_profile
--- a/2024/CVE-2024-37382.md
+++ b/2024/CVE-2024-37382.md
@ -0,0 +1,17 @@
 ### [CVE-2024-37382](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37382)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 An issue discovered in import host feature in Ab Initio Metadata Hub and Authorization Gateway before 4.3.1.1 allows attackers to run arbitrary code via crafted modification of server configuration.
 ### POC
 #### Reference
 - https://www.abinitio.com/en/security-advisories/ab-2024-003/
 #### Github
 No PoCs found on GitHub currently.
--- a/2024/CVE-2024-37568.md
+++ b/2024/CVE-2024-37568.md
@ -11,6 +11,7 @@ lepture Authlib before 1.3.1 has algorithm confusion with asymmetric public keys
 #### Reference
 - https://github.com/lepture/authlib/issues/654
 - https://www.vicarius.io/vsociety/posts/algorithm-confusion-in-lepture-authlib-cve-2024-37568
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
--- a/2024/CVE-2024-3768.md
+++ b/2024/CVE-2024-3768.md
@ -11,6 +11,7 @@ A vulnerability, which was classified as critical, has been found in PHPGurukul/
 #### Reference
 - https://github.com/BurakSevben/CVEs/blob/main/News%20Portal/News%20Portal%20-%20SQL%20Injection%20-%204.md
 - https://github.com/L1OudFd8cl09/CVE/blob/main/25_07_2024_b.md
 - https://vuldb.com/?id.260615
 #### Github
--- a/2024/CVE-2024-38077.md
+++ b/2024/CVE-2024-38077.md
@ -0,0 +1,41 @@
 ### [CVE-2024-38077](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38077)
 ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20%20Service%20Pack%202&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20R2%20Service%20Pack%201%20(Server%20Core%20installation)&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20R2%20Service%20Pack%201&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20Service%20Pack%202%20(Server%20Core%20installation)&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20Service%20Pack%202&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20(Server%20Core%20installation)&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20R2%20(Server%20Core%20installation)&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20R2&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016%20(Server%20Core%20installation)&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019%20(Server%20Core%20installation)&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022%2C%2023H2%20Edition%20(Server%20Core%20installation)&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.14393.7159%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.17763.6054%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.20348.2582%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.25398.1009%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.0.6003.22769%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.1.7601.27219%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Version&message=6.1.0%3C%206.1.7601.27219%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Version&message=6.2.0%3C%206.2.9200.24975%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Version&message=6.3.0%3C%206.3.9600.22074%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-122%3A%20Heap-based%20Buffer%20Overflow&color=brighgreen)
 ### Description
 Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/0xMarcio/cve
 - https://github.com/TrojanAZhen/Self_Back
 - https://github.com/nomi-sec/PoC-in-GitHub
--- a/2024/CVE-2024-39643.md
+++ b/2024/CVE-2024-39643.md
@ -0,0 +1,17 @@
 ### [CVE-2024-39643](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39643)
 ![](https://img.shields.io/static/v1?label=Product&message=RegistrationMagic&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen)
 ### Description
 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in RegistrationMagic Forms RegistrationMagic allows Stored XSS.This issue affects RegistrationMagic: from n/a through 6.0.0.1.
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/20142995/nuclei-templates
--- a/2024/CVE-2024-39646.md
+++ b/2024/CVE-2024-39646.md
@ -0,0 +1,17 @@
 ### [CVE-2024-39646](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39646)
 ![](https://img.shields.io/static/v1?label=Product&message=Custom%20404%20Pro&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen)
 ### Description
 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kunal Nagar Custom 404 Pro allows Reflected XSS.This issue affects Custom 404 Pro: from n/a through 3.11.1.
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/20142995/nuclei-templates
--- a/2024/CVE-2024-39647.md
+++ b/2024/CVE-2024-39647.md
@ -0,0 +1,17 @@
 ### [CVE-2024-39647](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39647)
 ![](https://img.shields.io/static/v1?label=Product&message=Message%20Filter%20for%20Contact%20Form%207&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen)
 ### Description
 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kofi Mokome Message Filter for Contact Form 7 allows Reflected XSS.This issue affects Message Filter for Contact Form 7: from n/a through 1.6.1.1.
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/20142995/nuclei-templates
--- a/2024/CVE-2024-39648.md
+++ b/2024/CVE-2024-39648.md
@ -0,0 +1,17 @@
 ### [CVE-2024-39648](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39648)
 ![](https://img.shields.io/static/v1?label=Product&message=Eventin&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen)
 ### Description
 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themewinter Eventin allows Stored XSS.This issue affects Eventin: from n/a through 4.0.5.
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/20142995/nuclei-templates
--- a/2024/CVE-2024-39649.md
+++ b/2024/CVE-2024-39649.md
@ -0,0 +1,17 @@
 ### [CVE-2024-39649](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39649)
 ![](https://img.shields.io/static/v1?label=Product&message=Essential%20Addons%20for%20Elementor&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen)
 ### Description
 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor allows Stored XSS.This issue affects Essential Addons for Elementor: from n/a through 5.9.26.
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/20142995/nuclei-templates
--- a/2024/CVE-2024-39652.md
+++ b/2024/CVE-2024-39652.md
@ -0,0 +1,17 @@
 ### [CVE-2024-39652](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39652)
 ![](https://img.shields.io/static/v1?label=Product&message=WooCommerce%20PDF%20Vouchers&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen)
 ### Description
 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPWeb Elite WooCommerce PDF Vouchers allows Reflected XSS.This issue affects WooCommerce PDF Vouchers: from n/a before 4.9.5.
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/20142995/nuclei-templates
--- a/2024/CVE-2024-39655.md
+++ b/2024/CVE-2024-39655.md
@ -0,0 +1,17 @@
 ### [CVE-2024-39655](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39655)
 ![](https://img.shields.io/static/v1?label=Product&message=LiquidPoll%20%E2%80%93%20Advanced%20Polls%20for%20Creators%20and%20Brands&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen)
 ### Description
 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LiquidPoll LiquidPoll – Advanced Polls for Creators and Brands.This issue affects LiquidPoll – Advanced Polls for Creators and Brands: from n/a through 3.3.77.
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/20142995/nuclei-templates
--- a/2024/CVE-2024-39656.md
+++ b/2024/CVE-2024-39656.md
@ -0,0 +1,17 @@
 ### [CVE-2024-39656](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39656)
 ![](https://img.shields.io/static/v1?label=Product&message=Tin%20Canny%20Reporting%20for%20LearnDash&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen)
 ### Description
 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Uncanny Owl Tin Canny Reporting for LearnDash allows Reflected XSS.This issue affects Tin Canny Reporting for LearnDash: from n/a through 4.3.0.7.
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/20142995/nuclei-templates
--- a/2024/CVE-2024-39659.md
+++ b/2024/CVE-2024-39659.md
@ -0,0 +1,17 @@
 ### [CVE-2024-39659](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39659)
 ![](https://img.shields.io/static/v1?label=Product&message=WP-PostRatings&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen)
 ### Description
 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Lester ‘GaMerZ’ Chan WP-PostRatings allows Stored XSS.This issue affects WP-PostRatings: from n/a through 1.91.1.
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/20142995/nuclei-templates
--- a/2024/CVE-2024-39660.md
+++ b/2024/CVE-2024-39660.md
@ -0,0 +1,17 @@
 ### [CVE-2024-39660](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39660)
 ![](https://img.shields.io/static/v1?label=Product&message=Photo%20Engine&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen)
 ### Description
 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jordy Meow Photo Engine allows Stored XSS.This issue affects Photo Engine: from n/a through 6.3.1.
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/20142995/nuclei-templates
--- a/2024/CVE-2024-39661.md
+++ b/2024/CVE-2024-39661.md
@ -0,0 +1,17 @@
 ### [CVE-2024-39661](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39661)
 ![](https://img.shields.io/static/v1?label=Product&message=Kubio%20AI%20Page%20Builder&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen)
 ### Description
 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ExtendThemes Kubio AI Page Builder.This issue affects Kubio AI Page Builder: from n/a through 2.2.4.
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/20142995/nuclei-templates
--- a/2024/CVE-2024-39663.md
+++ b/2024/CVE-2024-39663.md
@ -0,0 +1,17 @@
 ### [CVE-2024-39663](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39663)
 ![](https://img.shields.io/static/v1?label=Product&message=WP%20Fast%20Total%20Search&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen)
 ### Description
 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Epsiloncool WP Fast Total Search allows Stored XSS.This issue affects WP Fast Total Search: from n/a through 1.68.232.
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/20142995/nuclei-templates
--- a/2024/CVE-2024-39665.md
+++ b/2024/CVE-2024-39665.md
@ -0,0 +1,17 @@
 ### [CVE-2024-39665](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39665)
 ![](https://img.shields.io/static/v1?label=Product&message=Filter%20%26%20Grids&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen)
 ### Description
 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YMC Filter & Grids allows Stored XSS.This issue affects Filter & Grids: from n/a through 2.9.2.
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/20142995/nuclei-templates
--- a/2024/CVE-2024-39668.md
+++ b/2024/CVE-2024-39668.md
@ -0,0 +1,17 @@
 ### [CVE-2024-39668](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39668)
 ![](https://img.shields.io/static/v1?label=Product&message=Extensions%20for%20Elementor&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen)
 ### Description
 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in petesheppard84 Extensions for Elementor allows Stored XSS.This issue affects Extensions for Elementor: from n/a through 2.0.31.
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/20142995/nuclei-templates
--- a/2024/CVE-2024-40422.md
+++ b/2024/CVE-2024-40422.md
@ -13,5 +13,6 @@ The snapshot_path parameter in the /api/get-browser-snapshot endpoint in stition
 No PoCs from references.
 #### Github
 - https://github.com/20142995/nuclei-templates
 - https://github.com/nomi-sec/PoC-in-GitHub
--- a/2024/CVE-2024-40720.md
+++ b/2024/CVE-2024-40720.md
@ -0,0 +1,17 @@
 ### [CVE-2024-40720](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40720)
 ![](https://img.shields.io/static/v1?label=Product&message=TCBServiSign%20Windows%20Version&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.0.24.0318%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%20Improper%20Input%20Validation&color=brighgreen)
 ### Description
 The specific API in TCBServiSign Windows Version from CHANGING Information Technology does not properly validate server-side input. When a user visits a spoofed website, unauthenticated remote attackers can modify the `HKEY_CURRENT_USER` registry to execute arbitrary commands.
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
--- a/2024/CVE-2024-40721.md
+++ b/2024/CVE-2024-40721.md
@ -0,0 +1,17 @@
 ### [CVE-2024-40721](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40721)
 ![](https://img.shields.io/static/v1?label=Product&message=TCBServiSign%20Windows%20Version&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.0.24.0318%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%20Improper%20Input%20Validation&color=brighgreen)
 ### Description
 The specific API in TCBServiSign Windows Version from CHANGING Information Technology does not properly validate server-side input. When a user visits a spoofed website, unauthenticated remote attackers can cause the TCBServiSign to load a DLL from an arbitrary path.
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
--- a/2024/CVE-2024-40722.md
+++ b/2024/CVE-2024-40722.md
@ -0,0 +1,17 @@
 ### [CVE-2024-40722](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40722)
 ![](https://img.shields.io/static/v1?label=Product&message=TCBServiSign%20Windows%20Version&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.0.24.0318%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%20Stack-based%20Buffer%20Overflow&color=brighgreen)
 ### Description
 The specific API in TCBServiSign Windows Version from CHANGING Information Technology does does not properly validate the length of server-side input. When a user visits a spoofed website, unauthenticated remote attackers can cause a stack-based buffer overflow in the TCBServiSign, temporarily disrupting its service.
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
--- a/2024/CVE-2024-40723.md
+++ b/2024/CVE-2024-40723.md
@ -0,0 +1,17 @@
 ### [CVE-2024-40723](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40723)
 ![](https://img.shields.io/static/v1?label=Product&message=HWATAIServiSign%20Windows%20Version&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.0.24.0219%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%20Stack-based%20Buffer%20Overflow&color=brighgreen)
 ### Description
 The specific API in HWATAIServiSign Windows Version from CHANGING Information Technology does not properly validate the length of server-side inputs. When a user visits a spoofed website, unauthenticated remote attackers can cause a stack-based buffer overflow in the HWATAIServiSign, temporarily disrupting its service.
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
--- a/2024/CVE-2024-41113.md
+++ b/2024/CVE-2024-41113.md
@ -10,6 +10,9 @@ streamlit-geospatial is a streamlit multipage app for geospatial applications. P
 ### POC
 #### Reference
 - https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/1_%F0%9F%93%B7_Timelapse.py#L383-L388
 - https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/1_%F0%9F%93%B7_Timelapse.py#L390-L393
 - https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/1_%F0%9F%93%B7_Timelapse.py#L395
 - https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/
 #### Github
--- a/2024/CVE-2024-41114.md
+++ b/2024/CVE-2024-41114.md
@ -10,6 +10,8 @@ streamlit-geospatial is a streamlit multipage app for geospatial applications. P
 ### POC
 #### Reference
 - https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/1_%F0%9F%93%B7_Timelapse.py#L430
 - https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/1_%F0%9F%93%B7_Timelapse.py#L435
 - https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/
 #### Github
--- a/2024/CVE-2024-41127.md
+++ b/2024/CVE-2024-41127.md
@ -10,6 +10,7 @@ Monkeytype is a minimalistic and customizable typing test. Monkeytype is vulnera
 ### POC
 #### Reference
 - https://github.com/monkeytypegame/monkeytype/security/advisories/GHSA-wcjf-5464-4wq9
 - https://securitylab.github.com/advisories/GHSL-2024-167_monkeytype
 #### Github
--- a/2024/CVE-2024-41129.md
+++ b/2024/CVE-2024-41129.md
@ -0,0 +1,17 @@
 ### [CVE-2024-41129](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41129)
 ![](https://img.shields.io/static/v1?label=Product&message=operator&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%202.0.0%2C%20%3C%202.15.0%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-532%3A%20Insertion%20of%20Sensitive%20Information%20into%20Log%20File&color=brighgreen)
 ### Description
 The ops library is a Python framework for developing and testing Kubernetes and machine charms. The issue here is that ops passes the secret content as one of the args via CLI. This issue may affect any of the charms that are using: Juju (>=3.0), Juju secrets and not correctly capturing and processing `subprocess.CalledProcessError`. This vulnerability is fixed in 2.15.0.
 ### POC
 #### Reference
 - https://github.com/canonical/operator/security/advisories/GHSA-hcmv-jmqh-fjgm
 #### Github
 No PoCs found on GitHub currently.
--- a/2024/CVE-2024-41353.md
+++ b/2024/CVE-2024-41353.md
@ -0,0 +1,17 @@
 ### [CVE-2024-41353](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41353)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\groups\edit-group.php
 ### POC
 #### Reference
 - https://github.com/phpipam/phpipam/issues/4147
 #### Github
 No PoCs found on GitHub currently.
--- a/2024/CVE-2024-41357.md
+++ b/2024/CVE-2024-41357.md
@ -0,0 +1,17 @@
 ### [CVE-2024-41357](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41357)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/admin/powerDNS/record-edit.php.
 ### POC
 #### Reference
 - https://github.com/phpipam/phpipam/issues/4149
 #### Github
 No PoCs found on GitHub currently.
--- a/2024/CVE-2024-41376.md
+++ b/2024/CVE-2024-41376.md
@ -0,0 +1,17 @@
 ### [CVE-2024-41376](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41376)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 dzzoffice 2.02.1 is vulnerable to Directory Traversal via user/space/about.php.
 ### POC
 #### Reference
 - https://github.com/zyx0814/dzzoffice/issues/252
 #### Github
 No PoCs found on GitHub currently.
--- a/2024/CVE-2024-41440.md
+++ b/2024/CVE-2024-41440.md
@ -0,0 +1,21 @@
 ### [CVE-2024-41440](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41440)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 A heap buffer overflow in the function png_quantize() of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file.
 ### POC
 #### Reference
 - https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w1-png_quantize-cli-220c32
 - https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w1-png_quantize-cli-220c32/poc
 - https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w1-png_quantize-cli-220c32/poc/sample18.png
 - https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w1-png_quantize-cli-220c32/vulDescription.assets/image-20240530225208577.png
 - https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w1-png_quantize-cli-220c32/vulDescription.md
 #### Github
 No PoCs found on GitHub currently.
--- a/2024/CVE-2024-41466.md
+++ b/2024/CVE-2024-41466.md
@ -10,7 +10,7 @@ Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow v
 ### POC
 #### Reference
-No PoCs from references.
+- https://github.com/iotresearch/iot-vuln/blob/main/Tenda/FH1201/NatStaticSetting/README.md
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
--- a/2024/CVE-2024-41468.md
+++ b/2024/CVE-2024-41468.md
@ -10,7 +10,7 @@ Tenda FH1201 v1.2.0.14 was discovered to contain a command injection vulnerabili
 ### POC
 #### Reference
-No PoCs from references.
+- https://github.com/iotresearch/iot-vuln/blob/main/Tenda/FH1201/exeCommand/README.md
 #### Github
 - https://github.com/ibaiw/2024Hvv
--- a/2024/CVE-2024-41473.md
+++ b/2024/CVE-2024-41473.md
@ -10,7 +10,7 @@ Tenda FH1201 v1.2.0.14 was discovered to contain a command injection vulnerabili
 ### POC
 #### Reference
-No PoCs from references.
+- https://github.com/iotresearch/iot-vuln/tree/main/Tenda/FH1201/WriteFacMac
 #### Github
 - https://github.com/ibaiw/2024Hvv
--- a/2024/CVE-2024-41628.md
+++ b/2024/CVE-2024-41628.md
@ -13,5 +13,6 @@ Directory Traversal vulnerability in Severalnines Cluster Control 1.9.8 before 1
 No PoCs from references.
 #### Github
 - https://github.com/20142995/nuclei-templates
 - https://github.com/nomi-sec/PoC-in-GitHub
--- a/2024/CVE-2024-41677.md
+++ b/2024/CVE-2024-41677.md
@ -0,0 +1,17 @@
 ### [CVE-2024-41677](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41677)
 ![](https://img.shields.io/static/v1?label=Product&message=qwik&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=%3D%20%40builder.io%2Fqwik%3A%20%3C%201.7.3%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen)
 ### Description
 Qwik is a performance focused javascript framework. A potential mutation XSS vulnerability exists in Qwik for versions up to but not including 1.6.0. Qwik improperly escapes HTML on server-side rendering. It converts strings according to the rules found in the `render-ssr.ts` file. It sometimes causes the situation that the final DOM tree rendered on browsers is different from what Qwik expects on server-side rendering. This may be leveraged to perform XSS attacks, and a type of the XSS is known as mXSS (mutation XSS). This has been resolved in qwik version 1.6.0 and @builder.io/qwik version 1.7.3. All users are advised to upgrade. There are no known workarounds for this vulnerability.
 ### POC
 #### Reference
 - https://github.com/QwikDev/qwik/security/advisories/GHSA-2rwj-7xq8-4gx4
 #### Github
 No PoCs found on GitHub currently.
--- a/2024/CVE-2024-41800.md
+++ b/2024/CVE-2024-41800.md
@ -0,0 +1,17 @@
 ### [CVE-2024-41800](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41800)
 ![](https://img.shields.io/static/v1?label=Product&message=cms&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%205.0.0-beta.1%2C%20%3C%205.2.3%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-287%3A%20Improper%20Authentication&color=brighgreen)
 ### Description
 Craft is a content management system (CMS). Craft CMS 5 allows reuse of TOTP tokens multiple times within the validity period. An attacker is able to re-submit a valid TOTP token to establish an authenticated session. This requires that the attacker has knowledge of the victim's credentials. This has been patched in Craft 5.2.3.
 ### POC
 #### Reference
 - https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240617-01_CraftCMS_TOTP_Valid_After_Use
 #### Github
 No PoCs found on GitHub currently.
--- a/2024/CVE-2024-41808.md
+++ b/2024/CVE-2024-41808.md
@ -0,0 +1,17 @@
 ### [CVE-2024-41808](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41808)
 ![](https://img.shields.io/static/v1?label=Product&message=openobserve&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%3D%200.9.1%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen)
 ### Description
 The OpenObserve open-source observability platform provides the ability to filter logs in a dashboard by the values uploaded in a given log. However, all versions of the platform through 0.9.1 do not sanitize user input in the filter selection menu, which may result in complete account takeover. It has been noted that the front-end uses `DOMPurify` or Vue templating to escape cross-site scripting (XSS) extensively, however certain areas of the front end lack this XSS protection. When combining the missing protection with the insecure authentication handling that the front-end uses, a malicious user may be able to take over any victim's account provided they meet the exploitation steps. As of time of publication, no patched version is available.
 ### POC
 #### Reference
 - https://github.com/openobserve/openobserve/security/advisories/GHSA-hx23-g7m8-h76j
 #### Github
 No PoCs found on GitHub currently.
--- a/Show More
+++ b/Show More