diff --git a/2009/CVE-2009-4895.md b/2009/CVE-2009-4895.md
new file mode 100644
index 000000000..452b66938
--- /dev/null
+++ b/2009/CVE-2009-4895.md
@@ -0,0 +1,17 @@
+### [CVE-2009-4895](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4895)
+
+
+
+
+### Description
+
+Race condition in the tty_fasync function in drivers/char/tty_io.c in the Linux kernel before 2.6.32.6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via unknown vectors, related to the put_tty_queue and __f_setown functions. NOTE: the vulnerability was addressed in a different way in 2.6.32.9.
+
+### POC
+
+#### Reference
+- http://www.ubuntu.com/usn/USN-1000-1
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2010/CVE-2010-1885.md b/2010/CVE-2010-1885.md
new file mode 100644
index 000000000..0a30ada68
--- /dev/null
+++ b/2010/CVE-2010-1885.md
@@ -0,0 +1,17 @@
+### [CVE-2010-1885](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1885)
+
+
+
+
+### Description
+
+The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability."
+
+### POC
+
+#### Reference
+- http://www.kb.cert.org/vuls/id/578319
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2010/CVE-2010-2066.md b/2010/CVE-2010-2066.md
index 7300adbac..9038b995a 100644
--- a/2010/CVE-2010-2066.md
+++ b/2010/CVE-2010-2066.md
@@ -10,6 +10,7 @@ The mext_check_arguments function in fs/ext4/move_extent.c in the Linux kernel b
### POC
#### Reference
+- http://www.ubuntu.com/usn/USN-1000-1
- http://www.vmware.com/security/advisories/VMSA-2011-0003.html
#### Github
diff --git a/2010/CVE-2010-2226.md b/2010/CVE-2010-2226.md
index f3a549f9a..f24f3fd26 100644
--- a/2010/CVE-2010-2226.md
+++ b/2010/CVE-2010-2226.md
@@ -10,6 +10,7 @@ The xfs_swapext function in fs/xfs/xfs_dfrag.c in the Linux kernel before 2.6.35
### POC
#### Reference
+- http://www.ubuntu.com/usn/USN-1000-1
- http://www.vmware.com/security/advisories/VMSA-2011-0003.html
#### Github
diff --git a/2010/CVE-2010-2248.md b/2010/CVE-2010-2248.md
index 4af11f898..4c1c703cd 100644
--- a/2010/CVE-2010-2248.md
+++ b/2010/CVE-2010-2248.md
@@ -10,6 +10,7 @@ fs/cifs/cifssmb.c in the CIFS implementation in the Linux kernel before 2.6.34-r
### POC
#### Reference
+- http://www.ubuntu.com/usn/USN-1000-1
- http://www.vmware.com/security/advisories/VMSA-2011-0003.html
#### Github
diff --git a/2010/CVE-2010-2265.md b/2010/CVE-2010-2265.md
new file mode 100644
index 000000000..7d11e3dc0
--- /dev/null
+++ b/2010/CVE-2010-2265.md
@@ -0,0 +1,17 @@
+### [CVE-2010-2265](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2265)
+
+
+
+
+### Description
+
+Cross-site scripting (XSS) vulnerability in the GetServerName function in sysinfo/commonFunc.js in Microsoft Windows Help and Support Center for Windows XP and Windows Server 2003 allows remote attackers to inject arbitrary web script or HTML via the svr parameter to sysinfo/sysinfomain.htm. NOTE: this can be leveraged with CVE-2010-1885 to execute arbitrary commands without user interaction.
+
+### POC
+
+#### Reference
+- http://www.kb.cert.org/vuls/id/578319
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2010/CVE-2010-2478.md b/2010/CVE-2010-2478.md
new file mode 100644
index 000000000..de1d0c142
--- /dev/null
+++ b/2010/CVE-2010-2478.md
@@ -0,0 +1,17 @@
+### [CVE-2010-2478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2478)
+
+
+
+
+### Description
+
+Integer overflow in the ethtool_get_rxnfc function in net/core/ethtool.c in the Linux kernel before 2.6.33.7 on 32-bit platforms allows local users to cause a denial of service or possibly have unspecified other impact via an ETHTOOL_GRXCLSRLALL ethtool command with a large info.rule_cnt value that triggers a buffer overflow, a different vulnerability than CVE-2010-3084.
+
+### POC
+
+#### Reference
+- http://www.ubuntu.com/usn/USN-1000-1
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2010/CVE-2010-2495.md b/2010/CVE-2010-2495.md
new file mode 100644
index 000000000..77076dfc6
--- /dev/null
+++ b/2010/CVE-2010-2495.md
@@ -0,0 +1,17 @@
+### [CVE-2010-2495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2495)
+
+
+
+
+### Description
+
+The pppol2tp_xmit function in drivers/net/pppol2tp.c in the L2TP implementation in the Linux kernel before 2.6.34 does not properly validate certain values associated with an interface, which allows attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via vectors related to a routing change.
+
+### POC
+
+#### Reference
+- http://www.ubuntu.com/usn/USN-1000-1
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2010/CVE-2010-2521.md b/2010/CVE-2010-2521.md
index 1d582d610..a7ea624eb 100644
--- a/2010/CVE-2010-2521.md
+++ b/2010/CVE-2010-2521.md
@@ -10,6 +10,7 @@ Multiple buffer overflows in fs/nfsd/nfs4xdr.c in the XDR implementation in the
### POC
#### Reference
+- http://www.ubuntu.com/usn/USN-1000-1
- http://www.vmware.com/security/advisories/VMSA-2011-0003.html
#### Github
diff --git a/2010/CVE-2010-2524.md b/2010/CVE-2010-2524.md
index b0e44e8b7..6ddd3e188 100644
--- a/2010/CVE-2010-2524.md
+++ b/2010/CVE-2010-2524.md
@@ -10,6 +10,7 @@ The DNS resolution functionality in the CIFS implementation in the Linux kernel
### POC
#### Reference
+- http://www.ubuntu.com/usn/USN-1000-1
- http://www.vmware.com/security/advisories/VMSA-2011-0003.html
#### Github
diff --git a/2010/CVE-2010-2798.md b/2010/CVE-2010-2798.md
index 2692d833f..23e43fb39 100644
--- a/2010/CVE-2010-2798.md
+++ b/2010/CVE-2010-2798.md
@@ -11,6 +11,7 @@ The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux kernel before
#### Reference
- http://www.redhat.com/support/errata/RHSA-2010-0670.html
+- http://www.ubuntu.com/usn/USN-1000-1
- http://www.vmware.com/security/advisories/VMSA-2011-0012.html
#### Github
diff --git a/2010/CVE-2010-2942.md b/2010/CVE-2010-2942.md
index 19e8bf117..c286a8975 100644
--- a/2010/CVE-2010-2942.md
+++ b/2010/CVE-2010-2942.md
@@ -10,6 +10,7 @@ The actions implementation in the network queueing functionality in the Linux ke
### POC
#### Reference
+- http://www.ubuntu.com/usn/USN-1000-1
- http://www.vmware.com/security/advisories/VMSA-2011-0012.html
#### Github
diff --git a/2010/CVE-2010-2946.md b/2010/CVE-2010-2946.md
new file mode 100644
index 000000000..91cac0301
--- /dev/null
+++ b/2010/CVE-2010-2946.md
@@ -0,0 +1,17 @@
+### [CVE-2010-2946](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2946)
+
+
+
+
+### Description
+
+fs/jfs/xattr.c in the Linux kernel before 2.6.35.2 does not properly handle a certain legacy format for storage of extended attributes, which might allow local users by bypass intended xattr namespace restrictions via an "os2." substring at the beginning of a name.
+
+### POC
+
+#### Reference
+- http://www.ubuntu.com/usn/USN-1000-1
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2010/CVE-2010-2954.md b/2010/CVE-2010-2954.md
index 2d767b455..bb27b0dc9 100644
--- a/2010/CVE-2010-2954.md
+++ b/2010/CVE-2010-2954.md
@@ -10,7 +10,7 @@ The irda_bind function in net/irda/af_irda.c in the Linux kernel before 2.6.36-r
### POC
#### Reference
-No PoCs from references.
+- http://www.ubuntu.com/usn/USN-1000-1
#### Github
- https://github.com/mergebase/usn2json
diff --git a/2010/CVE-2010-2955.md b/2010/CVE-2010-2955.md
index 2b5732e10..fbe8f49fd 100644
--- a/2010/CVE-2010-2955.md
+++ b/2010/CVE-2010-2955.md
@@ -10,7 +10,7 @@ The cfg80211_wext_giwessid function in net/wireless/wext-compat.c in the Linux k
### POC
#### Reference
-No PoCs from references.
+- http://www.ubuntu.com/usn/USN-1000-1
#### Github
- https://github.com/mergebase/usn2json
diff --git a/2010/CVE-2010-2960.md b/2010/CVE-2010-2960.md
index 64721c285..ccee67fb7 100644
--- a/2010/CVE-2010-2960.md
+++ b/2010/CVE-2010-2960.md
@@ -10,7 +10,7 @@ The keyctl_session_to_parent function in security/keys/keyctl.c in the Linux ker
### POC
#### Reference
-No PoCs from references.
+- http://www.ubuntu.com/usn/USN-1000-1
#### Github
- https://github.com/mergebase/usn2json
diff --git a/2010/CVE-2010-2963.md b/2010/CVE-2010-2963.md
index 896cf0bc2..494cfa232 100644
--- a/2010/CVE-2010-2963.md
+++ b/2010/CVE-2010-2963.md
@@ -10,7 +10,7 @@ drivers/media/video/v4l2-compat-ioctl32.c in the Video4Linux (V4L) implementatio
### POC
#### Reference
-No PoCs from references.
+- http://www.ubuntu.com/usn/USN-1000-1
#### Github
- https://github.com/ARPSyndicate/cvemon
diff --git a/2010/CVE-2010-3015.md b/2010/CVE-2010-3015.md
index e9cadc332..c879a4c79 100644
--- a/2010/CVE-2010-3015.md
+++ b/2010/CVE-2010-3015.md
@@ -10,6 +10,7 @@ Integer overflow in the ext4_ext_get_blocks function in fs/ext4/extents.c in the
### POC
#### Reference
+- http://www.ubuntu.com/usn/USN-1000-1
- http://www.vmware.com/security/advisories/VMSA-2011-0012.html
#### Github
diff --git a/2010/CVE-2010-3067.md b/2010/CVE-2010-3067.md
index 0d876fa75..ec79fc959 100644
--- a/2010/CVE-2010-3067.md
+++ b/2010/CVE-2010-3067.md
@@ -11,6 +11,7 @@ Integer overflow in the do_io_submit function in fs/aio.c in the Linux kernel be
#### Reference
- http://www.redhat.com/support/errata/RHSA-2011-0007.html
+- http://www.ubuntu.com/usn/USN-1000-1
- http://www.vmware.com/security/advisories/VMSA-2011-0012.html
#### Github
diff --git a/2010/CVE-2010-3078.md b/2010/CVE-2010-3078.md
index 05471e7ba..1f8f856c3 100644
--- a/2010/CVE-2010-3078.md
+++ b/2010/CVE-2010-3078.md
@@ -11,6 +11,7 @@ The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the Linux ker
#### Reference
- http://www.redhat.com/support/errata/RHSA-2011-0007.html
+- http://www.ubuntu.com/usn/USN-1000-1
- http://www.vmware.com/security/advisories/VMSA-2011-0012.html
#### Github
diff --git a/2010/CVE-2010-3080.md b/2010/CVE-2010-3080.md
index 2abeb010e..d7d1238de 100644
--- a/2010/CVE-2010-3080.md
+++ b/2010/CVE-2010-3080.md
@@ -11,6 +11,7 @@ Double free vulnerability in the snd_seq_oss_open function in sound/core/seq/oss
#### Reference
- http://www.redhat.com/support/errata/RHSA-2011-0007.html
+- http://www.ubuntu.com/usn/USN-1000-1
#### Github
No PoCs found on GitHub currently.
diff --git a/2010/CVE-2010-3084.md b/2010/CVE-2010-3084.md
new file mode 100644
index 000000000..17c4effe2
--- /dev/null
+++ b/2010/CVE-2010-3084.md
@@ -0,0 +1,17 @@
+### [CVE-2010-3084](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3084)
+
+
+
+
+### Description
+
+Buffer overflow in the niu_get_ethtool_tcam_all function in drivers/net/niu.c in the Linux kernel before 2.6.36-rc4 allows local users to cause a denial of service or possibly have unspecified other impact via the ETHTOOL_GRXCLSRLALL ethtool command.
+
+### POC
+
+#### Reference
+- http://www.ubuntu.com/usn/USN-1000-1
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2010/CVE-2010-3310.md b/2010/CVE-2010-3310.md
new file mode 100644
index 000000000..6d4f5b44c
--- /dev/null
+++ b/2010/CVE-2010-3310.md
@@ -0,0 +1,17 @@
+### [CVE-2010-3310](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3310)
+
+
+
+
+### Description
+
+Multiple integer signedness errors in net/rose/af_rose.c in the Linux kernel before 2.6.36-rc5-next-20100923 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a rose_getname function call, related to the rose_bind and rose_connect functions.
+
+### POC
+
+#### Reference
+- http://www.ubuntu.com/usn/USN-1000-1
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2010/CVE-2010-3432.md b/2010/CVE-2010-3432.md
index 3f966dd50..a8e3572bc 100644
--- a/2010/CVE-2010-3432.md
+++ b/2010/CVE-2010-3432.md
@@ -11,6 +11,7 @@ The sctp_packet_config function in net/sctp/output.c in the Linux kernel before
#### Reference
- http://www.redhat.com/support/errata/RHSA-2011-0004.html
+- http://www.ubuntu.com/usn/USN-1000-1
- http://www.vmware.com/security/advisories/VMSA-2011-0012.html
#### Github
diff --git a/2010/CVE-2010-3437.md b/2010/CVE-2010-3437.md
index 20f0dad8b..cafa4e6ed 100644
--- a/2010/CVE-2010-3437.md
+++ b/2010/CVE-2010-3437.md
@@ -10,7 +10,7 @@ Integer signedness error in the pkt_find_dev_from_minor function in drivers/bloc
### POC
#### Reference
-No PoCs from references.
+- http://www.ubuntu.com/usn/USN-1000-1
#### Github
- https://github.com/ARPSyndicate/cvemon
diff --git a/2010/CVE-2010-3442.md b/2010/CVE-2010-3442.md
index be150191d..cda00c346 100644
--- a/2010/CVE-2010-3442.md
+++ b/2010/CVE-2010-3442.md
@@ -11,6 +11,7 @@ Multiple integer overflows in the snd_ctl_new function in sound/core/control.c i
#### Reference
- http://www.redhat.com/support/errata/RHSA-2011-0004.html
+- http://www.ubuntu.com/usn/USN-1000-1
- http://www.vmware.com/security/advisories/VMSA-2011-0012.html
#### Github
diff --git a/2010/CVE-2010-3477.md b/2010/CVE-2010-3477.md
index eaa669942..3eae1d98c 100644
--- a/2010/CVE-2010-3477.md
+++ b/2010/CVE-2010-3477.md
@@ -11,6 +11,7 @@ The tcf_act_police_dump function in net/sched/act_police.c in the actions implem
#### Reference
- http://www.redhat.com/support/errata/RHSA-2011-0007.html
+- http://www.ubuntu.com/usn/USN-1000-1
- http://www.vmware.com/security/advisories/VMSA-2011-0012.html
#### Github
diff --git a/2010/CVE-2010-3705.md b/2010/CVE-2010-3705.md
index 3c8313906..a0175fca4 100644
--- a/2010/CVE-2010-3705.md
+++ b/2010/CVE-2010-3705.md
@@ -10,7 +10,7 @@ The sctp_auth_asoc_get_hmac function in net/sctp/auth.c in the Linux kernel befo
### POC
#### Reference
-No PoCs from references.
+- http://www.ubuntu.com/usn/USN-1000-1
#### Github
- https://github.com/mergebase/usn2json
diff --git a/2010/CVE-2010-3904.md b/2010/CVE-2010-3904.md
index ac18c6716..624aa0012 100644
--- a/2010/CVE-2010-3904.md
+++ b/2010/CVE-2010-3904.md
@@ -11,6 +11,7 @@ The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Socke
#### Reference
- http://packetstormsecurity.com/files/155751/vReliable-Datagram-Sockets-RDS-rds_page_copy_user-Privilege-Escalation.html
+- http://www.ubuntu.com/usn/USN-1000-1
- http://www.vmware.com/security/advisories/VMSA-2011-0012.html
- https://www.exploit-db.com/exploits/44677/
diff --git a/2012/CVE-2012-0158.md b/2012/CVE-2012-0158.md
index d1688a387..875317839 100644
--- a/2012/CVE-2012-0158.md
+++ b/2012/CVE-2012-0158.md
@@ -32,6 +32,7 @@ The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX control
- https://github.com/havocykp/Vulnerability-analysis
- https://github.com/helloandrewpaul/Mandiant---APT
- https://github.com/houjingyi233/office-exploit-case-study
+- https://github.com/mcgowanandrew/Mandiant---APT
- https://github.com/qiantu88/office-cve
- https://github.com/riusksk/vul_war_error
- https://github.com/sv3nbeast/Attack-Notes
diff --git a/2018/CVE-2018-10933.md b/2018/CVE-2018-10933.md
index 70cc438a0..e79317144 100644
--- a/2018/CVE-2018-10933.md
+++ b/2018/CVE-2018-10933.md
@@ -83,6 +83,7 @@ A vulnerability was found in libssh's server-side state machine before versions
- https://github.com/ivanacostarubio/libssh-scanner
- https://github.com/jas502n/CVE-2018-10933
- https://github.com/jbmihoub/all-poc
+- https://github.com/jobroche/libssh-scanner
- https://github.com/john-80/-007
- https://github.com/kgwanjala/oscp-cheatsheet
- https://github.com/kn6869610/CVE-2018-10933
diff --git a/2018/CVE-2018-21165.md b/2018/CVE-2018-21165.md
new file mode 100644
index 000000000..1160ad85b
--- /dev/null
+++ b/2018/CVE-2018-21165.md
@@ -0,0 +1,17 @@
+### [CVE-2018-21165](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21165)
+
+
+
+
+### Description
+
+Certain NETGEAR devices are affected by denial of service. This affects R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.
+
+### POC
+
+#### Reference
+- https://kb.netgear.com/000055194/Security-Advisory-for-Denial-of-Service-on-Some-Routers-PSV-2017-3170
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2019/CVE-2019-11358.md b/2019/CVE-2019-11358.md
index b9d93765c..4b5cb4a97 100644
--- a/2019/CVE-2019-11358.md
+++ b/2019/CVE-2019-11358.md
@@ -1247,6 +1247,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
- https://github.com/IntellyCode/Pascal-FTC-Template
- https://github.com/IoanaAdrian/FreightFrenzySoftHoarders
- https://github.com/Iobotics/FTC-2021-FreightFrenzy
+- https://github.com/Iris-TheRainbow/RoadRunnerQuickstart15031
- https://github.com/Iron-Panthers/Summer-Camp-Bots
- https://github.com/IronEaglesRobotics/FreightFrenzy
- https://github.com/IronEaglesRobotics/PowerPlay
@@ -2584,6 +2585,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
- https://github.com/amogus-1984/FTC-2023
- https://github.com/amphibiousarmy21456/FtcRobotController-FTC-SDK-8.2-WithOpenCV
- https://github.com/amphibiousarmy21456/FtcRobotController-LastYearFinalCopy
+- https://github.com/anandraghunath/TeamAlphabots
- https://github.com/anaypant/FTCTest1
- https://github.com/andreascasanova/FTCFirsttime
- https://github.com/andrei-27/FREIGHT-FRENZY
@@ -3461,6 +3463,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
- https://github.com/mililanirobotics/17063-FTC-23-24
- https://github.com/mililanirobotics/7438-FTC-23-24
- https://github.com/minhle30964/FTC-Team-17288-Season-2020-2021
+- https://github.com/mizpeyamFTC/center_stage_code
- https://github.com/mlhstech/8.1.1
- https://github.com/mmkaram-EPS/FTC-OffSeason-2022
- https://github.com/mneruganti/freightfrenzy
diff --git a/2019/CVE-2019-25100.md b/2019/CVE-2019-25100.md
new file mode 100644
index 000000000..93aa3d414
--- /dev/null
+++ b/2019/CVE-2019-25100.md
@@ -0,0 +1,17 @@
+### [CVE-2019-25100](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25100)
+
+
+
+
+### Description
+
+A vulnerability was found in happyman twmap. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file twmap3/data/ajaxCRUD/pointdata2.php. The manipulation of the argument id leads to sql injection. Upgrading to version v2.9_v4.31 is able to address this issue. The identifier of the patch is babbec79b3fa4efb3bd581ea68af0528d11bba0c. It is recommended to upgrade the affected component. The identifier VDB-217645 was assigned to this vulnerability.
+
+### POC
+
+#### Reference
+- https://github.com/happyman/twmap/releases/tag/v2.9_v4.31
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2022/CVE-2022-22916.md b/2022/CVE-2022-22916.md
index a4ef40614..d23a929ab 100644
--- a/2022/CVE-2022-22916.md
+++ b/2022/CVE-2022-22916.md
@@ -24,6 +24,7 @@ O2OA v6.4.7 was discovered to contain a remote code execution (RCE) vulnerabilit
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/trhacknon/Pocingit
- https://github.com/whoforget/CVE-POC
+- https://github.com/wjlin0/poc-doc
- https://github.com/wy876/POC
- https://github.com/wy876/wiki
- https://github.com/youwizard/CVE-POC
diff --git a/2023/CVE-2023-0833.md b/2023/CVE-2023-0833.md
index d0239938f..459d578e4 100644
--- a/2023/CVE-2023-0833.md
+++ b/2023/CVE-2023-0833.md
@@ -11,7 +11,7 @@ A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp c
### POC
#### Reference
-No PoCs from references.
+- https://github.com/square/okhttp/issues/6738
#### Github
- https://github.com/hinat0y/Dataset1
diff --git a/2023/CVE-2023-1032.md b/2023/CVE-2023-1032.md
index b34b48963..2bfbc2567 100644
--- a/2023/CVE-2023-1032.md
+++ b/2023/CVE-2023-1032.md
@@ -10,6 +10,7 @@ The Linux kernel io_uring IORING_OP_SOCKET operation contained a double free in
### POC
#### Reference
+- https://ubuntu.com/security/notices/USN-5977-1
- https://ubuntu.com/security/notices/USN-6024-1
- https://ubuntu.com/security/notices/USN-6033-1
diff --git a/2023/CVE-2023-27650.md b/2023/CVE-2023-27650.md
new file mode 100644
index 000000000..324aaacab
--- /dev/null
+++ b/2023/CVE-2023-27650.md
@@ -0,0 +1,17 @@
+### [CVE-2023-27650](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27650)
+
+
+
+
+### Description
+
+An issue found in APUS Group Launcher v.3.10.73 and v.3.10.88 allows a remote attacker to execute arbitrary code via the FONT_FILE parameter.
+
+### POC
+
+#### Reference
+- https://github.com/LianKee/SODA/blob/main/CVEs/CVE-2023-27650/CVE%20detail.md
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2023/CVE-2023-28432.md b/2023/CVE-2023-28432.md
index de0b741b3..e9c86d299 100644
--- a/2023/CVE-2023-28432.md
+++ b/2023/CVE-2023-28432.md
@@ -65,6 +65,7 @@ No PoCs from references.
- https://github.com/trailofbits/awesome-ml-security
- https://github.com/unam4/CVE-2023-28432-minio_update_rce
- https://github.com/whoami13apt/files2
+- https://github.com/wjlin0/poc-doc
- https://github.com/wy876/POC
- https://github.com/wy876/wiki
- https://github.com/xk-mt/CVE-2023-28432
diff --git a/2023/CVE-2023-29728.md b/2023/CVE-2023-29728.md
new file mode 100644
index 000000000..fefd613ac
--- /dev/null
+++ b/2023/CVE-2023-29728.md
@@ -0,0 +1,17 @@
+### [CVE-2023-29728](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29728)
+
+
+
+
+### Description
+
+The Call Blocker application 6.6.3 for Android allows attackers to tamper with feature-related data, resulting in a severe elevation of privilege attack.
+
+### POC
+
+#### Reference
+- https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29728/CVE%20detail.md
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2023/CVE-2023-29761.md b/2023/CVE-2023-29761.md
new file mode 100644
index 000000000..aa6576cca
--- /dev/null
+++ b/2023/CVE-2023-29761.md
@@ -0,0 +1,17 @@
+### [CVE-2023-29761](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29761)
+
+
+
+
+### Description
+
+An issue found in Sleep v.20230303 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files.
+
+### POC
+
+#### Reference
+- https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29761/CVE%20detailed.md
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2023/CVE-2023-37057.md b/2023/CVE-2023-37057.md
new file mode 100644
index 000000000..8e2466ea3
--- /dev/null
+++ b/2023/CVE-2023-37057.md
@@ -0,0 +1,17 @@
+### [CVE-2023-37057](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37057)
+
+
+
+
+### Description
+
+An issue in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to execute arbitrary code via the router's authentication mechanism.
+
+### POC
+
+#### Reference
+- https://github.com/ri5c/Jlink-Router-RCE
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2023/CVE-2023-37058.md b/2023/CVE-2023-37058.md
new file mode 100644
index 000000000..76eba698d
--- /dev/null
+++ b/2023/CVE-2023-37058.md
@@ -0,0 +1,17 @@
+### [CVE-2023-37058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37058)
+
+
+
+
+### Description
+
+Insecure Permissions vulnerability in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to escalate privileges via a crafted command.
+
+### POC
+
+#### Reference
+- https://github.com/ri5c/Jlink-Router-RCE
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2023/CVE-2023-37898.md b/2023/CVE-2023-37898.md
new file mode 100644
index 000000000..325de9932
--- /dev/null
+++ b/2023/CVE-2023-37898.md
@@ -0,0 +1,17 @@
+### [CVE-2023-37898](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37898)
+
+
+&color=brighgreen)
+
+### Description
+
+Joplin is a free, open source note taking and to-do application. A Cross-site Scripting (XSS) vulnerability allows an untrusted note opened in safe mode to execute arbitrary code. `packages/renderer/MarkupToHtml.ts` renders note content in safe mode by surrounding it with and
, without escaping any interior HTML tags. Thus, an attacker can create a note that closes the opening tag, then includes HTML that runs JavaScript. Because the rendered markdown iframe has the same origin as the toplevel document and is not sandboxed, any scripts running in the preview iframe can access the top variable and, thus, access the toplevel NodeJS `require` function. `require` can then be used to import modules like fs or child_process and run arbitrary commands. This issue has been addressed in version 2.12.9 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
+
+### POC
+
+#### Reference
+- https://github.com/laurent22/joplin/security/advisories/GHSA-hjmq-3qh4-g2r8
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2023/CVE-2023-3791.md b/2023/CVE-2023-3791.md
new file mode 100644
index 000000000..c7eb9db49
--- /dev/null
+++ b/2023/CVE-2023-3791.md
@@ -0,0 +1,17 @@
+### [CVE-2023-3791](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3791)
+
+
+
+
+### Description
+
+A vulnerability was found in IBOS OA 4.5.5 and classified as critical. Affected by this issue is the function actionExport of the file ?r=contact/default/export of the component Personal Office Address Book. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-235058 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
+
+### POC
+
+#### Reference
+- https://github.com/zry-wyj/cve/blob/main/ibos.md
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2023/CVE-2023-38881.md b/2023/CVE-2023-38881.md
new file mode 100644
index 000000000..a4a1963ff
--- /dev/null
+++ b/2023/CVE-2023-38881.md
@@ -0,0 +1,17 @@
+### [CVE-2023-38881](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38881)
+
+
+
+
+### Description
+
+A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into any of the 'calendar_id', 'school_date', 'month' or 'year' parameters in 'CalendarModal.php'.
+
+### POC
+
+#### Reference
+- https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38881
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2023/CVE-2023-38883.md b/2023/CVE-2023-38883.md
new file mode 100644
index 000000000..e745ef138
--- /dev/null
+++ b/2023/CVE-2023-38883.md
@@ -0,0 +1,17 @@
+### [CVE-2023-38883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38883)
+
+
+
+
+### Description
+
+A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'ajax' parameter in 'ParentLookup.php'.
+
+### POC
+
+#### Reference
+- https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38883
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2023/CVE-2023-38970.md b/2023/CVE-2023-38970.md
index 2a419ed11..90533e9c9 100644
--- a/2023/CVE-2023-38970.md
+++ b/2023/CVE-2023-38970.md
@@ -10,6 +10,7 @@ Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru v.2.9.7 allows a remot
### POC
#### Reference
+- https://github.com/anh91/uasoft-indonesia--badaso/blob/main/XSS3.md
- https://panda002.hashnode.dev/badaso-version-297-has-an-xss-vulnerability-in-new-member
#### Github
diff --git a/2023/CVE-2023-38971.md b/2023/CVE-2023-38971.md
index f4ad31706..01925febc 100644
--- a/2023/CVE-2023-38971.md
+++ b/2023/CVE-2023-38971.md
@@ -10,6 +10,7 @@ Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru v.2.9.7 allows a remot
### POC
#### Reference
+- https://github.com/anh91/uasoft-indonesia--badaso/blob/main/XSS3.md
- https://panda002.hashnode.dev/badaso-version-297-has-xss-vulnerability-in-add-ranks
#### Github
diff --git a/2023/CVE-2023-40617.md b/2023/CVE-2023-40617.md
new file mode 100644
index 000000000..c1bfa0a81
--- /dev/null
+++ b/2023/CVE-2023-40617.md
@@ -0,0 +1,17 @@
+### [CVE-2023-40617](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40617)
+
+
+
+
+### Description
+
+A reflected cross-site scripting (XSS) vulnerability in OpenKnowledgeMaps Head Start 7 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'file' parameter in 'displayPDF.php'.
+
+### POC
+
+#### Reference
+- https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-40617
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2023/CVE-2023-4172.md b/2023/CVE-2023-4172.md
index 9561a85e1..a32687f35 100644
--- a/2023/CVE-2023-4172.md
+++ b/2023/CVE-2023-4172.md
@@ -10,6 +10,7 @@ A vulnerability, which was classified as problematic, has been found in Chengdu
### POC
#### Reference
+- https://github.com/nagenanhai/cve/blob/main/duqu2.md
- https://vuldb.com/?id.236207
#### Github
diff --git a/2023/CVE-2023-43662.md b/2023/CVE-2023-43662.md
index abd891c9a..6bf2aeb3b 100644
--- a/2023/CVE-2023-43662.md
+++ b/2023/CVE-2023-43662.md
@@ -13,5 +13,6 @@ ShokoServer is a media server which specializes in organizing anime. In affected
No PoCs from references.
#### Github
+- https://github.com/wjlin0/poc-doc
- https://github.com/wy876/POC
diff --git a/2023/CVE-2023-45673.md b/2023/CVE-2023-45673.md
new file mode 100644
index 000000000..4735c3443
--- /dev/null
+++ b/2023/CVE-2023-45673.md
@@ -0,0 +1,17 @@
+### [CVE-2023-45673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45673)
+
+
+&color=brighgreen)
+
+### Description
+
+Joplin is a free, open source note taking and to-do application. A remote code execution (RCE) vulnerability in affected versions allows clicking on a link in a PDF in an untrusted note to execute arbitrary shell commands. Clicking links in PDFs allows for arbitrary code execution because Joplin desktop: 1. has not disabled top redirection for note viewer iframes, and 2. and has node integration enabled. This is a remote code execution vulnerability that impacts anyone who attaches untrusted PDFs to notes and has the icon enabled. This issue has been addressed in version 2.13.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.
+
+### POC
+
+#### Reference
+- https://github.com/laurent22/joplin/security/advisories/GHSA-g8qx-5vcm-3x59
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2023/CVE-2023-46584.md b/2023/CVE-2023-46584.md
new file mode 100644
index 000000000..fee499749
--- /dev/null
+++ b/2023/CVE-2023-46584.md
@@ -0,0 +1,17 @@
+### [CVE-2023-46584](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46584)
+
+
+
+
+### Description
+
+SQL Injection vulnerability in PHPGurukul Nipah virus (NiV) " Testing Management System v.1.0 allows a remote attacker to escalate privileges via a crafted request to the new-user-testing.php endpoint.
+
+### POC
+
+#### Reference
+- https://github.com/rumble773/sec-research/blob/main/NiV/CVE-2023-46584.md
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2023/CVE-2023-4711.md b/2023/CVE-2023-4711.md
new file mode 100644
index 000000000..7327ef6c8
--- /dev/null
+++ b/2023/CVE-2023-4711.md
@@ -0,0 +1,17 @@
+### [CVE-2023-4711](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4711)
+
+
+
+
+### Description
+
+A vulnerability, which was classified as critical, has been found in D-Link DAR-8000-10 up to 20230819. Affected by this issue is some unknown functionality of the file /log/decodmail.php. The manipulation of the argument file leads to os command injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. VDB-238574 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
+
+### POC
+
+#### Reference
+- https://github.com/TinkAnet/cve/blob/main/rce.md
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2023/CVE-2023-4713.md b/2023/CVE-2023-4713.md
new file mode 100644
index 000000000..e40e51b80
--- /dev/null
+++ b/2023/CVE-2023-4713.md
@@ -0,0 +1,17 @@
+### [CVE-2023-4713](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4713)
+
+
+
+
+### Description
+
+A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects the function addComment of the file ?r=weibo/comment/addcomment. The manipulation of the argument touid leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-238576. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
+
+### POC
+
+#### Reference
+- https://github.com/13aiZe1/cve/blob/main/sql.md
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2023/CVE-2023-49486.md b/2023/CVE-2023-49486.md
new file mode 100644
index 000000000..72c591870
--- /dev/null
+++ b/2023/CVE-2023-49486.md
@@ -0,0 +1,17 @@
+### [CVE-2023-49486](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49486)
+
+
+
+
+### Description
+
+JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the model management department.
+
+### POC
+
+#### Reference
+- https://github.com/Rabb1ter/cms/blob/main/There%20is%20a%20stored%20XSS%20in%20the%20model%20management%20department.md
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2023/CVE-2023-49487.md b/2023/CVE-2023-49487.md
new file mode 100644
index 000000000..aceb86f59
--- /dev/null
+++ b/2023/CVE-2023-49487.md
@@ -0,0 +1,17 @@
+### [CVE-2023-49487](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49487)
+
+
+
+
+### Description
+
+JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the navigation management department.
+
+### POC
+
+#### Reference
+- https://github.com/Rabb1ter/cms/blob/main/There%20is%20a%20stored%20XSS%20in%20the%20navigation%20management%20office.md
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2023/CVE-2023-50578.md b/2023/CVE-2023-50578.md
new file mode 100644
index 000000000..bdf670ae9
--- /dev/null
+++ b/2023/CVE-2023-50578.md
@@ -0,0 +1,17 @@
+### [CVE-2023-50578](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50578)
+
+
+
+
+### Description
+
+Mingsoft MCMS v5.2.9 was discovered to contain a SQL injection vulnerability via the categoryType parameter at /content/list.do.
+
+### POC
+
+#### Reference
+- https://gitee.com/mingSoft/MCMS/issues/I8MAJK
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2023/CVE-2023-5145.md b/2023/CVE-2023-5145.md
new file mode 100644
index 000000000..1498845fd
--- /dev/null
+++ b/2023/CVE-2023-5145.md
@@ -0,0 +1,17 @@
+### [CVE-2023-5145](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5145)
+
+
+
+
+### Description
+
+** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DAR-7000 up to 20151231 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /sysmanage/licence.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240241 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
+
+### POC
+
+#### Reference
+- https://github.com/llixixi/cve/blob/main/D-LINK-DAR-7000_upload_%20licence.md
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2023/CVE-2023-5261.md b/2023/CVE-2023-5261.md
index 68065a2ee..e56a6593d 100644
--- a/2023/CVE-2023-5261.md
+++ b/2023/CVE-2023-5261.md
@@ -10,7 +10,7 @@ A vulnerability, which was classified as critical, was found in Tongda OA 2017.
### POC
#### Reference
-No PoCs from references.
+- https://github.com/csbsong/bug_report/blob/main/sql2.md
#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds
diff --git a/2023/CVE-2023-6306.md b/2023/CVE-2023-6306.md
index 47454126c..da3a30466 100644
--- a/2023/CVE-2023-6306.md
+++ b/2023/CVE-2023-6306.md
@@ -10,6 +10,7 @@ A vulnerability classified as critical has been found in SourceCodester Free and
### POC
#### Reference
+- https://github.com/BigTiger2020/2023/blob/main/Free%20and%20Open%20Source%20inventory%20management%20system/Free%20and%20Open%20Source%20inventory%20management%20system2.md
- https://vuldb.com/?id.246132
#### Github
diff --git a/2024/CVE-2024-0749.md b/2024/CVE-2024-0749.md
index 648834330..954ca7eec 100644
--- a/2024/CVE-2024-0749.md
+++ b/2024/CVE-2024-0749.md
@@ -12,7 +12,7 @@ A phishing site could have repurposed an `about:` dialog to show phishing conten
### POC
#### Reference
-No PoCs from references.
+- https://bugzilla.mozilla.org/show_bug.cgi?id=1813463
#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds
diff --git a/2024/CVE-2024-21512.md b/2024/CVE-2024-21512.md
index 97a800511..5c67fc459 100644
--- a/2024/CVE-2024-21512.md
+++ b/2024/CVE-2024-21512.md
@@ -16,6 +16,7 @@ Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollutio
- https://security.snyk.io/vuln/SNYK-JS-MYSQL2-6861580
#### Github
+- https://github.com/wjlin0/poc-doc
- https://github.com/wy876/POC
- https://github.com/wy876/wiki
diff --git a/2024/CVE-2024-21514.md b/2024/CVE-2024-21514.md
new file mode 100644
index 000000000..42dcbbfa5
--- /dev/null
+++ b/2024/CVE-2024-21514.md
@@ -0,0 +1,17 @@
+### [CVE-2024-21514](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21514)
+
+
+
+
+### Description
+
+This affects versions of the package opencart/opencart from 0.0.0. An SQL Injection issue was identified in the Divido payment extension for OpenCart, which is included by default in version 3.0.3.9. As an anonymous unauthenticated user, if the Divido payment module is installed (it does not have to be enabled), it is possible to exploit SQL injection to gain unauthorised access to the backend database. For any site which is vulnerable, any unauthenticated user could exploit this to dump the entire OpenCart database, including customer PII data.
+
+### POC
+
+#### Reference
+- https://security.snyk.io/vuln/SNYK-PHP-OPENCARTOPENCART-7266565
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2024/CVE-2024-21515.md b/2024/CVE-2024-21515.md
new file mode 100644
index 000000000..84932134c
--- /dev/null
+++ b/2024/CVE-2024-21515.md
@@ -0,0 +1,17 @@
+### [CVE-2024-21515](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21515)
+
+
+
+
+### Description
+
+This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the filename parameter of the admin tool/log route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted to login and redirected again upon authentication with the payload automatically executing. If the attacked user has admin privileges, this vulnerability could be used as the start of a chain of exploits like Zip Slip or arbitrary file write vulnerabilities in the admin functionality.
**Notes:**
1) This is only exploitable if the attacker knows the name or path of the admin directory. The name of the directory is "admin" by default but there is a pop-up in the dashboard warning users to rename it.
2) The fix for this vulnerability is incomplete. The redirect is removed so that it is not possible for an attacker to control the redirect post admin login anymore, but it is still possible to exploit this issue in admin if the user is authenticated as an admin already.
+
+### POC
+
+#### Reference
+- https://security.snyk.io/vuln/SNYK-PHP-OPENCARTOPENCART-7266573
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2024/CVE-2024-21516.md b/2024/CVE-2024-21516.md
new file mode 100644
index 000000000..49db3f85c
--- /dev/null
+++ b/2024/CVE-2024-21516.md
@@ -0,0 +1,17 @@
+### [CVE-2024-21516](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21516)
+
+
+
+
+### Description
+
+This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the directory parameter of admin common/filemanager.list route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted to login and redirected again upon authentication with the payload automatically executing. If the attacked user has admin privileges, this vulnerability could be used as the start of a chain of exploits like Zip Slip or arbitrary file write vulnerabilities in the admin functionality.
**Notes:**
1) This is only exploitable if the attacker knows the name or path of the admin directory. The name of the directory is "admin" by default but there is a pop-up in the dashboard warning users to rename it.
2) The fix for this vulnerability is incomplete. The redirect is removed so that it is not possible for an attacker to control the redirect post admin login anymore, but it is still possible to exploit this issue in admin if the user is authenticated as an admin already.
+
+### POC
+
+#### Reference
+- https://security.snyk.io/vuln/SNYK-PHP-OPENCARTOPENCART-7266576
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2024/CVE-2024-21517.md b/2024/CVE-2024-21517.md
new file mode 100644
index 000000000..639793d76
--- /dev/null
+++ b/2024/CVE-2024-21517.md
@@ -0,0 +1,17 @@
+### [CVE-2024-21517](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21517)
+
+
+
+
+### Description
+
+This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the redirect parameter of customer account/login route. An attacker can inject arbitrary HTML and Javascript into the page response. As this vulnerability is present in the account functionality it could be used to target and attack customers of the OpenCart shop.
**Notes:**
1) The fix for this vulnerability is incomplete
+
+### POC
+
+#### Reference
+- https://security.snyk.io/vuln/SNYK-PHP-OPENCARTOPENCART-7266577
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2024/CVE-2024-21518.md b/2024/CVE-2024-21518.md
new file mode 100644
index 000000000..1c99ad1fd
--- /dev/null
+++ b/2024/CVE-2024-21518.md
@@ -0,0 +1,17 @@
+### [CVE-2024-21518](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21518)
+
+
+&color=brighgreen)
+
+### Description
+
+This affects versions of the package opencart/opencart from 4.0.0.0. A Zip Slip issue was identified via the marketplace installer due to improper sanitization of the target path, allowing files within a malicious archive to traverse the filesystem and be extracted to arbitrary locations. An attacker can create arbitrary files in the web root of the application and overwrite other existing files by exploiting this vulnerability.
+
+### POC
+
+#### Reference
+- https://security.snyk.io/vuln/SNYK-PHP-OPENCARTOPENCART-7266578
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2024/CVE-2024-21519.md b/2024/CVE-2024-21519.md
new file mode 100644
index 000000000..1b9a30834
--- /dev/null
+++ b/2024/CVE-2024-21519.md
@@ -0,0 +1,17 @@
+### [CVE-2024-21519](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21519)
+
+
+
+
+### Description
+
+This affects versions of the package opencart/opencart from 4.0.0.0. An Arbitrary File Creation issue was identified via the database restoration functionality. By injecting PHP code into the database, an attacker with admin privileges can create a backup file with an arbitrary filename (including the extension), within /system/storage/backup.
**Note:**
It is less likely for the created file to be available within the web root, as part of the security recommendations for the application suggest moving the storage path outside of the web root.
+
+### POC
+
+#### Reference
+- https://security.snyk.io/vuln/SNYK-PHP-OPENCARTOPENCART-7266579
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2024/CVE-2024-23052.md b/2024/CVE-2024-23052.md
index 4856dfd1f..7d5b0d9f8 100644
--- a/2024/CVE-2024-23052.md
+++ b/2024/CVE-2024-23052.md
@@ -13,6 +13,7 @@ An issue in WuKongOpenSource WukongCRM v.72crm_9.0.1_20191202 allows a remote at
- https://github.com/WuKongOpenSource/WukongCRM-9.0-JAVA/issues/28
#### Github
+- https://github.com/wjlin0/poc-doc
- https://github.com/wy876/POC
- https://github.com/wy876/wiki
diff --git a/2024/CVE-2024-23692.md b/2024/CVE-2024-23692.md
index 2b16f998e..e74593f27 100644
--- a/2024/CVE-2024-23692.md
+++ b/2024/CVE-2024-23692.md
@@ -18,5 +18,6 @@
- https://github.com/enomothem/PenTestNote
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/tanjiti/sec_profile
+- https://github.com/wjlin0/poc-doc
- https://github.com/wy876/POC
diff --git a/2024/CVE-2024-2484.md b/2024/CVE-2024-2484.md
new file mode 100644
index 000000000..6c2094e52
--- /dev/null
+++ b/2024/CVE-2024-2484.md
@@ -0,0 +1,17 @@
+### [CVE-2024-2484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2484)
+
+
+&color=brighgreen)
+
+### Description
+
+The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Services and Post Type Grid widgets in all versions up to, and including, 2.10.34 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
diff --git a/2024/CVE-2024-27348.md b/2024/CVE-2024-27348.md
index b19ac9d70..143d45a7e 100644
--- a/2024/CVE-2024-27348.md
+++ b/2024/CVE-2024-27348.md
@@ -18,6 +18,7 @@ No PoCs from references.
- https://github.com/fkie-cad/nvd-json-data-feeds
- https://github.com/kljunowsky/CVE-2024-27348
- https://github.com/nomi-sec/PoC-in-GitHub
+- https://github.com/wjlin0/poc-doc
- https://github.com/wy876/POC
- https://github.com/wy876/wiki
diff --git a/2024/CVE-2024-28995.md b/2024/CVE-2024-28995.md
index 94e400fad..e424debb6 100644
--- a/2024/CVE-2024-28995.md
+++ b/2024/CVE-2024-28995.md
@@ -16,5 +16,6 @@ No PoCs from references.
- https://github.com/enomothem/PenTestNote
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/tanjiti/sec_profile
+- https://github.com/wjlin0/poc-doc
- https://github.com/wy876/POC
diff --git a/2024/CVE-2024-28999.md b/2024/CVE-2024-28999.md
new file mode 100644
index 000000000..4fcef0a24
--- /dev/null
+++ b/2024/CVE-2024-28999.md
@@ -0,0 +1,17 @@
+### [CVE-2024-28999](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28999)
+
+
+&color=brighgreen)
+
+### Description
+
+The SolarWinds Platform was determined to be affected by a Race Condition Vulnerability affecting the web console.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/nomi-sec/PoC-in-GitHub
+
diff --git a/2024/CVE-2024-29041.md b/2024/CVE-2024-29041.md
new file mode 100644
index 000000000..9f30f7d16
--- /dev/null
+++ b/2024/CVE-2024-29041.md
@@ -0,0 +1,18 @@
+### [CVE-2024-29041](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29041)
+
+
+
+&color=brighgreen)
+
+### Description
+
+Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()` but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/qazipoor/React-Clothing-Shop
+
diff --git a/2024/CVE-2024-29824.md b/2024/CVE-2024-29824.md
index adba7a63b..9d44656ff 100644
--- a/2024/CVE-2024-29824.md
+++ b/2024/CVE-2024-29824.md
@@ -15,5 +15,6 @@ No PoCs from references.
#### Github
- https://github.com/enomothem/PenTestNote
- https://github.com/nomi-sec/PoC-in-GitHub
+- https://github.com/wjlin0/poc-doc
- https://github.com/wy876/POC
diff --git a/2024/CVE-2024-29973.md b/2024/CVE-2024-29973.md
index d6f545139..d78dbbfb3 100644
--- a/2024/CVE-2024-29973.md
+++ b/2024/CVE-2024-29973.md
@@ -16,5 +16,6 @@
#### Github
- https://github.com/nomi-sec/PoC-in-GitHub
+- https://github.com/wjlin0/poc-doc
- https://github.com/wy876/POC
diff --git a/2024/CVE-2024-31982.md b/2024/CVE-2024-31982.md
index b3999cbe3..148f6cb44 100644
--- a/2024/CVE-2024-31982.md
+++ b/2024/CVE-2024-31982.md
@@ -13,5 +13,6 @@ XWiki Platform is a generic wiki platform. Starting in version 2.4-milestone-1 a
No PoCs from references.
#### Github
+- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/tanjiti/sec_profile
diff --git a/2024/CVE-2024-3414.md b/2024/CVE-2024-3414.md
new file mode 100644
index 000000000..a620dbe4e
--- /dev/null
+++ b/2024/CVE-2024-3414.md
@@ -0,0 +1,17 @@
+### [CVE-2024-3414](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3414)
+
+
+
+
+### Description
+
+A vulnerability was found in SourceCodester Human Resource Information System 1.0 and classified as problematic. This issue affects some unknown processing of the file Superadmin_Dashboard/process/addcorporate_process.php. The manipulation of the argument corporate_name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259583.
+
+### POC
+
+#### Reference
+- https://vuldb.com/?id.259583
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2024/CVE-2024-3416.md b/2024/CVE-2024-3416.md
index 264f2f94a..043903cdf 100644
--- a/2024/CVE-2024-3416.md
+++ b/2024/CVE-2024-3416.md
@@ -10,7 +10,7 @@ A vulnerability classified as critical was found in SourceCodester Online Course
### POC
#### Reference
-No PoCs from references.
+- https://vuldb.com/?id.259588
#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds
diff --git a/2024/CVE-2024-34470.md b/2024/CVE-2024-34470.md
index 6c2b3ce74..2bcbcc6ba 100644
--- a/2024/CVE-2024-34470.md
+++ b/2024/CVE-2024-34470.md
@@ -16,6 +16,7 @@ An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An Unaut
- https://github.com/fkie-cad/nvd-json-data-feeds
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/osvaldotenorio/CVE-2024-34470
+- https://github.com/wjlin0/poc-doc
- https://github.com/wy876/POC
- https://github.com/wy876/wiki
diff --git a/2024/CVE-2024-3524.md b/2024/CVE-2024-3524.md
index 74c05cbe2..80723105e 100644
--- a/2024/CVE-2024-3524.md
+++ b/2024/CVE-2024-3524.md
@@ -10,7 +10,7 @@ A vulnerability, which was classified as problematic, has been found in Campcode
### POC
#### Reference
-No PoCs from references.
+- https://vuldb.com/?id.259895
#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds
diff --git a/2024/CVE-2024-36104.md b/2024/CVE-2024-36104.md
index 11fca9c3b..48e42e73e 100644
--- a/2024/CVE-2024-36104.md
+++ b/2024/CVE-2024-36104.md
@@ -20,6 +20,7 @@ No PoCs from references.
- https://github.com/enomothem/PenTestNote
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/tanjiti/sec_profile
+- https://github.com/wjlin0/poc-doc
- https://github.com/wy876/POC
- https://github.com/wy876/wiki
diff --git a/2024/CVE-2024-36428.md b/2024/CVE-2024-36428.md
index 257689bc6..33693eebc 100644
--- a/2024/CVE-2024-36428.md
+++ b/2024/CVE-2024-36428.md
@@ -15,6 +15,7 @@ No PoCs from references.
#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds
- https://github.com/tanjiti/sec_profile
+- https://github.com/wjlin0/poc-doc
- https://github.com/wy876/POC
- https://github.com/wy876/wiki
diff --git a/2024/CVE-2024-36597.md b/2024/CVE-2024-36597.md
index b70cf6c83..e4e631863 100644
--- a/2024/CVE-2024-36597.md
+++ b/2024/CVE-2024-36597.md
@@ -13,5 +13,6 @@ Aegon Life v1.0 was discovered to contain a SQL injection vulnerability via the
No PoCs from references.
#### Github
+- https://github.com/wjlin0/poc-doc
- https://github.com/wy876/POC
diff --git a/2024/CVE-2024-37621.md b/2024/CVE-2024-37621.md
new file mode 100644
index 000000000..7f30c423d
--- /dev/null
+++ b/2024/CVE-2024-37621.md
@@ -0,0 +1,17 @@
+### [CVE-2024-37621](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37621)
+
+
+
+
+### Description
+
+StrongShop v1.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the component /shippingOptionConfig/index.blade.php.
+
+### POC
+
+#### Reference
+- https://github.com/Hebing123/cve/issues/47
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2024/CVE-2024-38319.md b/2024/CVE-2024-38319.md
new file mode 100644
index 000000000..7d4998937
--- /dev/null
+++ b/2024/CVE-2024-38319.md
@@ -0,0 +1,17 @@
+### [CVE-2024-38319](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38319)
+
+
+&color=brighgreen)
+
+### Description
+
+IBM Security SOAR 51.0.2.0 could allow an authenticated user to execute malicious code loaded from a specially crafted script. IBM X-Force ID: 294830.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
diff --git a/2024/CVE-2024-3834.md b/2024/CVE-2024-3834.md
index 0d6a71b36..894742ad0 100644
--- a/2024/CVE-2024-3834.md
+++ b/2024/CVE-2024-3834.md
@@ -10,7 +10,7 @@ Use after free in Downloads in Google Chrome prior to 124.0.6367.60 allowed a re
### POC
#### Reference
-No PoCs from references.
+- https://issues.chromium.org/issues/326607008
#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds
diff --git a/2024/CVE-2024-38379.md b/2024/CVE-2024-38379.md
new file mode 100644
index 000000000..382d96c0f
--- /dev/null
+++ b/2024/CVE-2024-38379.md
@@ -0,0 +1,17 @@
+### [CVE-2024-38379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38379)
+
+
+&color=brighgreen)
+
+### Description
+
+Apache Allura's neighborhood settings are vulnerable to a stored XSS attack. Only neighborhood admins can access these settings, so the scope of risk is limited to configurations where neighborhood admins are not fully trusted.This issue affects Apache Allura: from 1.4.0 through 1.17.0.Users are recommended to upgrade to version 1.17.1, which fixes the issue.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/waspthebughunter/waspthebughunter
+
diff --git a/2024/CVE-2024-3910.md b/2024/CVE-2024-3910.md
index 15cb1d3e4..d7d2a958b 100644
--- a/2024/CVE-2024-3910.md
+++ b/2024/CVE-2024-3910.md
@@ -11,6 +11,7 @@ A vulnerability, which was classified as critical, has been found in Tenda AC500
#### Reference
- https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC500/fromDhcpListClient_page.md
+- https://vuldb.com/?id.261146
#### Github
No PoCs found on GitHub currently.
diff --git a/2024/CVE-2024-3961.md b/2024/CVE-2024-3961.md
new file mode 100644
index 000000000..3ac0b9c37
--- /dev/null
+++ b/2024/CVE-2024-3961.md
@@ -0,0 +1,17 @@
+### [CVE-2024-3961](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3961)
+
+
+
+
+### Description
+
+The ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tag_subscriber function in all versions up to, and including, 2.4.9. This makes it possible for unauthenticated attackers to subscribe users to tags. Financial damages may occur to site owners if their API quota is exceeded.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
diff --git a/2024/CVE-2024-4313.md b/2024/CVE-2024-4313.md
new file mode 100644
index 000000000..a272f8ff9
--- /dev/null
+++ b/2024/CVE-2024-4313.md
@@ -0,0 +1,17 @@
+### [CVE-2024-4313](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4313)
+
+
+&color=brighgreen)
+
+### Description
+
+The Table Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
diff --git a/2024/CVE-2024-4358.md b/2024/CVE-2024-4358.md
index 07d5af395..6e641345e 100644
--- a/2024/CVE-2024-4358.md
+++ b/2024/CVE-2024-4358.md
@@ -23,6 +23,7 @@ No PoCs from references.
- https://github.com/sinsinology/CVE-2024-4358
- https://github.com/tanjiti/sec_profile
- https://github.com/verylazytech/CVE-2024-4358
+- https://github.com/wjlin0/poc-doc
- https://github.com/wy876/POC
- https://github.com/wy876/wiki
diff --git a/2024/CVE-2024-4577.md b/2024/CVE-2024-4577.md
index 8a5e2075e..afe199e4f 100644
--- a/2024/CVE-2024-4577.md
+++ b/2024/CVE-2024-4577.md
@@ -15,6 +15,7 @@ In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, w
- https://github.com/11whoami99/CVE-2024-4577
- https://github.com/watchtowrlabs/CVE-2024-4577
- https://github.com/xcanwin/CVE-2024-4577-PHP-RCE
+- https://isc.sans.edu/diary/30994
- https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/
#### Github
@@ -49,8 +50,10 @@ In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, w
- https://github.com/princew88/CVE-2024-4577
- https://github.com/taida957789/CVE-2024-4577
- https://github.com/tanjiti/sec_profile
+- https://github.com/teamdArk5/Sword
- https://github.com/vwilzz/PHP-RCE-4577
- https://github.com/watchtowrlabs/CVE-2024-4577
+- https://github.com/wjlin0/poc-doc
- https://github.com/wy876/POC
- https://github.com/wy876/wiki
- https://github.com/xcanwin/CVE-2024-4577-PHP-RCE
diff --git a/2024/CVE-2024-5156.md b/2024/CVE-2024-5156.md
new file mode 100644
index 000000000..69d8a83a6
--- /dev/null
+++ b/2024/CVE-2024-5156.md
@@ -0,0 +1,17 @@
+### [CVE-2024-5156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5156)
+
+
+&color=brighgreen)
+
+### Description
+
+The Flatsome theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.18.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
diff --git a/2024/CVE-2024-5344.md b/2024/CVE-2024-5344.md
new file mode 100644
index 000000000..c1a13cb8b
--- /dev/null
+++ b/2024/CVE-2024-5344.md
@@ -0,0 +1,17 @@
+### [CVE-2024-5344](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5344)
+
+
+&color=brighgreen)
+
+### Description
+
+The The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘forgoturl’ attribute within the plugin's WP Login & Register widget in all versions up to, and including, 5.5.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
diff --git a/2024/CVE-2024-5346.md b/2024/CVE-2024-5346.md
new file mode 100644
index 000000000..72ac8e590
--- /dev/null
+++ b/2024/CVE-2024-5346.md
@@ -0,0 +1,17 @@
+### [CVE-2024-5346](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5346)
+
+
+&color=brighgreen)
+
+### Description
+
+The Flatsome theme for WordPress is vulnerable to Stored Cross-Site Scripting via the UX Countdown, Video Button, UX Video, UX Slider, UX Sidebar, and UX Payment Icons shortcodes in all versions up to, and including, 3.18.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
diff --git a/2024/CVE-2024-5455.md b/2024/CVE-2024-5455.md
new file mode 100644
index 000000000..eeaaf7103
--- /dev/null
+++ b/2024/CVE-2024-5455.md
@@ -0,0 +1,17 @@
+### [CVE-2024-5455](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5455)
+
+
+&color=brighgreen)
+
+### Description
+
+The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.5.4 via the 'magazine_style' parameter within the Dynamic Smart Showcase widget. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
diff --git a/2024/CVE-2024-5503.md b/2024/CVE-2024-5503.md
new file mode 100644
index 000000000..0fa828cae
--- /dev/null
+++ b/2024/CVE-2024-5503.md
@@ -0,0 +1,17 @@
+### [CVE-2024-5503](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5503)
+
+
+&color=brighgreen)
+
+### Description
+
+The WP Blog Post Layouts plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.3. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
diff --git a/2024/CVE-2024-5741.md b/2024/CVE-2024-5741.md
new file mode 100644
index 000000000..5af0b353c
--- /dev/null
+++ b/2024/CVE-2024-5741.md
@@ -0,0 +1,17 @@
+### [CVE-2024-5741](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5741)
+
+
+&color=brighgreen)
+
+### Description
+
+Stored XSS in inventory tree rendering in Checkmk before 2.3.0p7, 2.2.0p28, 2.1.0p45 and 2.0.0 (EOL)
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
diff --git a/2024/CVE-2024-5756.md b/2024/CVE-2024-5756.md
new file mode 100644
index 000000000..97ee7da33
--- /dev/null
+++ b/2024/CVE-2024-5756.md
@@ -0,0 +1,17 @@
+### [CVE-2024-5756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5756)
+
+
+&color=brighgreen)
+
+### Description
+
+The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the db parameter in all versions up to, and including, 5.7.23 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
diff --git a/2024/CVE-2024-5791.md b/2024/CVE-2024-5791.md
new file mode 100644
index 000000000..b0271cae3
--- /dev/null
+++ b/2024/CVE-2024-5791.md
@@ -0,0 +1,17 @@
+### [CVE-2024-5791](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5791)
+
+
+&color=brighgreen)
+
+### Description
+
+The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wp_id' parameter in all versions up to, and including, 4.4.2 due to missing authorization checks on processAction function, as well as insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that will execute whenever a user accesses a wp-admin dashboard.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
diff --git a/2024/CVE-2024-5976.md b/2024/CVE-2024-5976.md
new file mode 100644
index 000000000..1cc6fd14b
--- /dev/null
+++ b/2024/CVE-2024-5976.md
@@ -0,0 +1,17 @@
+### [CVE-2024-5976](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5976)
+
+
+
+
+### Description
+
+A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. It has been classified as critical. Affected is the function log_employee of the file /classes/Master.php?f=log_employee. The manipulation of the argument employee_code leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-268422 is the identifier assigned to this vulnerability.
+
+### POC
+
+#### Reference
+- https://github.com/Xu-Mingming/cve/blob/main/sql.md
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2024/CVE-2024-6027.md b/2024/CVE-2024-6027.md
new file mode 100644
index 000000000..89e448dfe
--- /dev/null
+++ b/2024/CVE-2024-6027.md
@@ -0,0 +1,17 @@
+### [CVE-2024-6027](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6027)
+
+
+&color=brighgreen)
+
+### Description
+
+The Themify – WooCommerce Product Filter plugin for WordPress is vulnerable to time-based SQL Injection via the ‘conditions’ parameter in all versions up to, and including, 1.4.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
diff --git a/2024/CVE-2024-6147.md b/2024/CVE-2024-6147.md
new file mode 100644
index 000000000..556282f91
--- /dev/null
+++ b/2024/CVE-2024-6147.md
@@ -0,0 +1,17 @@
+### [CVE-2024-6147](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6147)
+
+
+&color=brighgreen)
+
+### Description
+
+Poly Plantronics Hub Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Poly Plantronics Hub. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the Spokes Update Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18271.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
diff --git a/2024/CVE-2024-6153.md b/2024/CVE-2024-6153.md
new file mode 100644
index 000000000..824297b9d
--- /dev/null
+++ b/2024/CVE-2024-6153.md
@@ -0,0 +1,17 @@
+### [CVE-2024-6153](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6153)
+
+%20&color=brighgreen)
+
+
+### Description
+
+Parallels Desktop Updater Protection Mechanism Failure Software Downgrade Vulnerability. This vulnerability allows local attackers to downgrade Parallels software on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability.The specific flaw exists within the Updater service. The issue results from the lack of proper validation of version information before performing an update. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-19481.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
diff --git a/2024/CVE-2024-6154.md b/2024/CVE-2024-6154.md
new file mode 100644
index 000000000..e3195e1d7
--- /dev/null
+++ b/2024/CVE-2024-6154.md
@@ -0,0 +1,17 @@
+### [CVE-2024-6154](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6154)
+
+%20&color=brighgreen)
+
+
+### Description
+
+Parallels Desktop Toolgate Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability.The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the current user on the host system. Was ZDI-CAN-20450.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
diff --git a/2024/CVE-2024-6162.md b/2024/CVE-2024-6162.md
new file mode 100644
index 000000000..5bbe08054
--- /dev/null
+++ b/2024/CVE-2024-6162.md
@@ -0,0 +1,29 @@
+### [CVE-2024-6162](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6162)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+### Description
+
+A vulnerability was found in Undertow. URL-encoded request path information can be broken for concurrent requests on ajp-listener, causing the wrong path to be processed and resulting in a possible denial of service.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
diff --git a/2024/CVE-2024-6183.md b/2024/CVE-2024-6183.md
new file mode 100644
index 000000000..ed1b492a0
--- /dev/null
+++ b/2024/CVE-2024-6183.md
@@ -0,0 +1,17 @@
+### [CVE-2024-6183](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6183)
+
+
+
+
+### Description
+
+A vulnerability classified as problematic has been found in EZ-Suite EZ-Partner 5. Affected is an unknown function of the component Forgot Password Handler. The manipulation leads to basic cross site scripting. It is possible to launch the attack remotely. VDB-269154 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
diff --git a/2024/CVE-2024-6184.md b/2024/CVE-2024-6184.md
index 38febe46b..c4ec06d2c 100644
--- a/2024/CVE-2024-6184.md
+++ b/2024/CVE-2024-6184.md
@@ -13,5 +13,5 @@ A vulnerability classified as critical was found in Ruijie RG-UAC 1.0. Affected
- https://github.com/L1OudFd8cl09/CVE/blob/main/11_06_2024_a.md
#### Github
-No PoCs found on GitHub currently.
+- https://github.com/fkie-cad/nvd-json-data-feeds
diff --git a/2024/CVE-2024-6185.md b/2024/CVE-2024-6185.md
new file mode 100644
index 000000000..565eaccbd
--- /dev/null
+++ b/2024/CVE-2024-6185.md
@@ -0,0 +1,17 @@
+### [CVE-2024-6185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6185)
+
+
+
+
+### Description
+
+A vulnerability, which was classified as critical, has been found in Ruijie RG-UAC 1.0. Affected by this issue is the function get_ip_addr_details of the file /view/dhcp/dhcpConfig/commit.php. The manipulation of the argument ethname leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269156. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
diff --git a/2024/CVE-2024-6186.md b/2024/CVE-2024-6186.md
new file mode 100644
index 000000000..7e1186a3b
--- /dev/null
+++ b/2024/CVE-2024-6186.md
@@ -0,0 +1,17 @@
+### [CVE-2024-6186](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6186)
+
+
+
+
+### Description
+
+A vulnerability, which was classified as critical, was found in Ruijie RG-UAC 1.0. This affects an unknown part of the file /view/userAuthentication/SSO/commit.php. The manipulation of the argument ad_log_name leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-269157 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
diff --git a/2024/CVE-2024-6187.md b/2024/CVE-2024-6187.md
index 244c0adb9..0b2c3285b 100644
--- a/2024/CVE-2024-6187.md
+++ b/2024/CVE-2024-6187.md
@@ -13,5 +13,5 @@ A vulnerability has been found in Ruijie RG-UAC 1.0 and classified as critical.
- https://github.com/L1OudFd8cl09/CVE/blob/main/11_06_2024_d.md
#### Github
-No PoCs found on GitHub currently.
+- https://github.com/fkie-cad/nvd-json-data-feeds
diff --git a/2024/CVE-2024-6188.md b/2024/CVE-2024-6188.md
index 9b16386c5..e6a821171 100644
--- a/2024/CVE-2024-6188.md
+++ b/2024/CVE-2024-6188.md
@@ -13,5 +13,5 @@ A vulnerability was found in Parsec Automation TrackSYS 11.x.x and classified as
- https://kiwiyumi.com/post/tracksys-export-source-code/
#### Github
-No PoCs found on GitHub currently.
+- https://github.com/fkie-cad/nvd-json-data-feeds
diff --git a/2024/CVE-2024-6189.md b/2024/CVE-2024-6189.md
new file mode 100644
index 000000000..db5d3b526
--- /dev/null
+++ b/2024/CVE-2024-6189.md
@@ -0,0 +1,17 @@
+### [CVE-2024-6189](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6189)
+
+
+
+
+### Description
+
+A vulnerability was found in Tenda A301 15.13.08.12. It has been classified as critical. Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269160. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
diff --git a/2024/CVE-2024-6190.md b/2024/CVE-2024-6190.md
index b632c7b53..9833ed320 100644
--- a/2024/CVE-2024-6190.md
+++ b/2024/CVE-2024-6190.md
@@ -13,5 +13,5 @@ A vulnerability was found in itsourcecode Farm Management System 1.0. It has bee
- https://github.com/HryspaHodor/CVE/issues/2
#### Github
-No PoCs found on GitHub currently.
+- https://github.com/fkie-cad/nvd-json-data-feeds
diff --git a/2024/CVE-2024-6191.md b/2024/CVE-2024-6191.md
index a34d2c7e7..5593fda2b 100644
--- a/2024/CVE-2024-6191.md
+++ b/2024/CVE-2024-6191.md
@@ -13,5 +13,5 @@ A vulnerability classified as critical has been found in itsourcecode Student Ma
- https://github.com/HryspaHodor/CVE/issues/3
#### Github
-No PoCs found on GitHub currently.
+- https://github.com/fkie-cad/nvd-json-data-feeds
diff --git a/2024/CVE-2024-6192.md b/2024/CVE-2024-6192.md
index b937c27c4..60b49dfd9 100644
--- a/2024/CVE-2024-6192.md
+++ b/2024/CVE-2024-6192.md
@@ -13,5 +13,5 @@ A vulnerability classified as critical was found in itsourcecode Loan Management
- https://github.com/HryspaHodor/CVE/issues/4
#### Github
-No PoCs found on GitHub currently.
+- https://github.com/fkie-cad/nvd-json-data-feeds
diff --git a/2024/CVE-2024-6193.md b/2024/CVE-2024-6193.md
new file mode 100644
index 000000000..609c0cd68
--- /dev/null
+++ b/2024/CVE-2024-6193.md
@@ -0,0 +1,17 @@
+### [CVE-2024-6193](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6193)
+
+
+
+
+### Description
+
+A vulnerability, which was classified as critical, has been found in itsourcecode Vehicle Management System 1.0. This issue affects some unknown processing of the file driverprofile.php. The manipulation of the argument driverid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-269165 was assigned to this vulnerability.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
diff --git a/2024/CVE-2024-6194.md b/2024/CVE-2024-6194.md
index 0b8e581c9..b7a5bf3f5 100644
--- a/2024/CVE-2024-6194.md
+++ b/2024/CVE-2024-6194.md
@@ -13,5 +13,5 @@ A vulnerability, which was classified as critical, was found in itsourcecode Tai
- https://github.com/HryspaHodor/CVE/issues/6
#### Github
-No PoCs found on GitHub currently.
+- https://github.com/fkie-cad/nvd-json-data-feeds
diff --git a/2024/CVE-2024-6195.md b/2024/CVE-2024-6195.md
new file mode 100644
index 000000000..fb6403c07
--- /dev/null
+++ b/2024/CVE-2024-6195.md
@@ -0,0 +1,17 @@
+### [CVE-2024-6195](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6195)
+
+
+
+
+### Description
+
+A vulnerability has been found in itsourcecode Tailoring Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file orderadd.php. The manipulation of the argument customer leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269167.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
diff --git a/2024/CVE-2024-6212.md b/2024/CVE-2024-6212.md
new file mode 100644
index 000000000..70f316876
--- /dev/null
+++ b/2024/CVE-2024-6212.md
@@ -0,0 +1,17 @@
+### [CVE-2024-6212](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6212)
+
+
+
+
+### Description
+
+A vulnerability was found in SourceCodester Simple Student Attendance System 1.0 and classified as problematic. Affected by this issue is the function get_student of the file student_form.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269276.
+
+### POC
+
+#### Reference
+- https://docs.google.com/document/d/1tl9-EAxUR64Og9zS-nyUx3YtG1V32Monkvq-h39tjpw/edit?usp=sharing
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/github.txt b/github.txt
index 6ae042fc6..cfeda7daa 100644
--- a/github.txt
+++ b/github.txt
@@ -7969,6 +7969,7 @@ CVE-2012-0158 - https://github.com/fangdada/ctf
CVE-2012-0158 - https://github.com/havocykp/Vulnerability-analysis
CVE-2012-0158 - https://github.com/helloandrewpaul/Mandiant---APT
CVE-2012-0158 - https://github.com/houjingyi233/office-exploit-case-study
+CVE-2012-0158 - https://github.com/mcgowanandrew/Mandiant---APT
CVE-2012-0158 - https://github.com/qiantu88/office-cve
CVE-2012-0158 - https://github.com/riusksk/vul_war_error
CVE-2012-0158 - https://github.com/sv3nbeast/Attack-Notes
@@ -44818,6 +44819,7 @@ CVE-2018-10933 - https://github.com/hudunkey/Red-Team-links
CVE-2018-10933 - https://github.com/ivanacostarubio/libssh-scanner
CVE-2018-10933 - https://github.com/jas502n/CVE-2018-10933
CVE-2018-10933 - https://github.com/jbmihoub/all-poc
+CVE-2018-10933 - https://github.com/jobroche/libssh-scanner
CVE-2018-10933 - https://github.com/john-80/-007
CVE-2018-10933 - https://github.com/kgwanjala/oscp-cheatsheet
CVE-2018-10933 - https://github.com/kn6869610/CVE-2018-10933
@@ -60959,6 +60961,7 @@ CVE-2019-11358 - https://github.com/InspirationRobotics/inspiration_ftc
CVE-2019-11358 - https://github.com/IntellyCode/Pascal-FTC-Template
CVE-2019-11358 - https://github.com/IoanaAdrian/FreightFrenzySoftHoarders
CVE-2019-11358 - https://github.com/Iobotics/FTC-2021-FreightFrenzy
+CVE-2019-11358 - https://github.com/Iris-TheRainbow/RoadRunnerQuickstart15031
CVE-2019-11358 - https://github.com/Iron-Panthers/Summer-Camp-Bots
CVE-2019-11358 - https://github.com/IronEaglesRobotics/FreightFrenzy
CVE-2019-11358 - https://github.com/IronEaglesRobotics/PowerPlay
@@ -62296,6 +62299,7 @@ CVE-2019-11358 - https://github.com/ameenchougle/git_testing
CVE-2019-11358 - https://github.com/amogus-1984/FTC-2023
CVE-2019-11358 - https://github.com/amphibiousarmy21456/FtcRobotController-FTC-SDK-8.2-WithOpenCV
CVE-2019-11358 - https://github.com/amphibiousarmy21456/FtcRobotController-LastYearFinalCopy
+CVE-2019-11358 - https://github.com/anandraghunath/TeamAlphabots
CVE-2019-11358 - https://github.com/anaypant/FTCTest1
CVE-2019-11358 - https://github.com/andreascasanova/FTCFirsttime
CVE-2019-11358 - https://github.com/andrei-27/FREIGHT-FRENZY
@@ -63173,6 +63177,7 @@ CVE-2019-11358 - https://github.com/mikewen2024/FtcRobotController-7854
CVE-2019-11358 - https://github.com/mililanirobotics/17063-FTC-23-24
CVE-2019-11358 - https://github.com/mililanirobotics/7438-FTC-23-24
CVE-2019-11358 - https://github.com/minhle30964/FTC-Team-17288-Season-2020-2021
+CVE-2019-11358 - https://github.com/mizpeyamFTC/center_stage_code
CVE-2019-11358 - https://github.com/mlhstech/8.1.1
CVE-2019-11358 - https://github.com/mmkaram-EPS/FTC-OffSeason-2022
CVE-2019-11358 - https://github.com/mneruganti/freightfrenzy
@@ -124577,6 +124582,7 @@ CVE-2022-22916 - https://github.com/manas3c/CVE-POC
CVE-2022-22916 - https://github.com/nomi-sec/PoC-in-GitHub
CVE-2022-22916 - https://github.com/trhacknon/Pocingit
CVE-2022-22916 - https://github.com/whoforget/CVE-POC
+CVE-2022-22916 - https://github.com/wjlin0/poc-doc
CVE-2022-22916 - https://github.com/wy876/POC
CVE-2022-22916 - https://github.com/wy876/wiki
CVE-2022-22916 - https://github.com/youwizard/CVE-POC
@@ -145654,6 +145660,7 @@ CVE-2023-28432 - https://github.com/steponeerror/Cve-2023-28432-
CVE-2023-28432 - https://github.com/trailofbits/awesome-ml-security
CVE-2023-28432 - https://github.com/unam4/CVE-2023-28432-minio_update_rce
CVE-2023-28432 - https://github.com/whoami13apt/files2
+CVE-2023-28432 - https://github.com/wjlin0/poc-doc
CVE-2023-28432 - https://github.com/wy876/POC
CVE-2023-28432 - https://github.com/wy876/wiki
CVE-2023-28432 - https://github.com/xk-mt/CVE-2023-28432
@@ -150984,6 +150991,7 @@ CVE-2023-43655 - https://github.com/fkie-cad/nvd-json-data-feeds
CVE-2023-43656 - https://github.com/fkie-cad/nvd-json-data-feeds
CVE-2023-43659 - https://github.com/kip93/kip93
CVE-2023-43660 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2023-43662 - https://github.com/wjlin0/poc-doc
CVE-2023-43662 - https://github.com/wy876/POC
CVE-2023-43665 - https://github.com/1wc/1wc
CVE-2023-43666 - https://github.com/fkie-cad/nvd-json-data-feeds
@@ -161302,6 +161310,7 @@ CVE-2024-21506 - https://github.com/fkie-cad/nvd-json-data-feeds
CVE-2024-21508 - https://github.com/Geniorio01/CVE-2024-21508-mysql2-RCE
CVE-2024-21508 - https://github.com/nomi-sec/PoC-in-GitHub
CVE-2024-21511 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-21512 - https://github.com/wjlin0/poc-doc
CVE-2024-21512 - https://github.com/wy876/POC
CVE-2024-21512 - https://github.com/wy876/wiki
CVE-2024-2152 - https://github.com/RNBBarrett/CrewAI-examples
@@ -162060,6 +162069,7 @@ CVE-2024-22988 - https://github.com/NaInSec/CVE-LIST
CVE-2024-22988 - https://github.com/fkie-cad/nvd-json-data-feeds
CVE-2024-2304 - https://github.com/NaInSec/CVE-LIST
CVE-2024-23049 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-23052 - https://github.com/wjlin0/poc-doc
CVE-2024-23052 - https://github.com/wy876/POC
CVE-2024-23052 - https://github.com/wy876/wiki
CVE-2024-23057 - https://github.com/fkie-cad/nvd-json-data-feeds
@@ -162320,6 +162330,7 @@ CVE-2024-23692 - https://github.com/Threekiii/CVE
CVE-2024-23692 - https://github.com/enomothem/PenTestNote
CVE-2024-23692 - https://github.com/nomi-sec/PoC-in-GitHub
CVE-2024-23692 - https://github.com/tanjiti/sec_profile
+CVE-2024-23692 - https://github.com/wjlin0/poc-doc
CVE-2024-23692 - https://github.com/wy876/POC
CVE-2024-2370 - https://github.com/NaInSec/CVE-LIST
CVE-2024-2370 - https://github.com/fkie-cad/nvd-json-data-feeds
@@ -164367,6 +164378,7 @@ CVE-2024-27348 - https://github.com/Zeyad-Azima/CVE-2024-27348
CVE-2024-27348 - https://github.com/fkie-cad/nvd-json-data-feeds
CVE-2024-27348 - https://github.com/kljunowsky/CVE-2024-27348
CVE-2024-27348 - https://github.com/nomi-sec/PoC-in-GitHub
+CVE-2024-27348 - https://github.com/wjlin0/poc-doc
CVE-2024-27348 - https://github.com/wy876/POC
CVE-2024-27348 - https://github.com/wy876/wiki
CVE-2024-27349 - https://github.com/fkie-cad/nvd-json-data-feeds
@@ -165143,7 +165155,9 @@ CVE-2024-28979 - https://github.com/fkie-cad/nvd-json-data-feeds
CVE-2024-28995 - https://github.com/enomothem/PenTestNote
CVE-2024-28995 - https://github.com/nomi-sec/PoC-in-GitHub
CVE-2024-28995 - https://github.com/tanjiti/sec_profile
+CVE-2024-28995 - https://github.com/wjlin0/poc-doc
CVE-2024-28995 - https://github.com/wy876/POC
+CVE-2024-28999 - https://github.com/nomi-sec/PoC-in-GitHub
CVE-2024-29003 - https://github.com/fkie-cad/nvd-json-data-feeds
CVE-2024-29009 - https://github.com/fkie-cad/nvd-json-data-feeds
CVE-2024-29018 - https://github.com/NaInSec/CVE-LIST
@@ -165158,6 +165172,7 @@ CVE-2024-29033 - https://github.com/NaInSec/CVE-LIST
CVE-2024-29034 - https://github.com/fkie-cad/nvd-json-data-feeds
CVE-2024-29036 - https://github.com/NaInSec/CVE-LIST
CVE-2024-29037 - https://github.com/NaInSec/CVE-LIST
+CVE-2024-29041 - https://github.com/qazipoor/React-Clothing-Shop
CVE-2024-29042 - https://github.com/NaInSec/CVE-LIST
CVE-2024-29049 - https://github.com/fkie-cad/nvd-json-data-feeds
CVE-2024-2905 - https://github.com/cisagov/vulnrichment
@@ -165520,6 +165535,7 @@ CVE-2024-29812 - https://github.com/fkie-cad/nvd-json-data-feeds
CVE-2024-2982 - https://github.com/fkie-cad/nvd-json-data-feeds
CVE-2024-29824 - https://github.com/enomothem/PenTestNote
CVE-2024-29824 - https://github.com/nomi-sec/PoC-in-GitHub
+CVE-2024-29824 - https://github.com/wjlin0/poc-doc
CVE-2024-29824 - https://github.com/wy876/POC
CVE-2024-2983 - https://github.com/fkie-cad/nvd-json-data-feeds
CVE-2024-29832 - https://github.com/fkie-cad/nvd-json-data-feeds
@@ -165609,6 +165625,7 @@ CVE-2024-2997 - https://github.com/Srivishnu-p/CVEs-and-Vulnerabilities
CVE-2024-2997 - https://github.com/fkie-cad/nvd-json-data-feeds
CVE-2024-29972 - https://github.com/nomi-sec/PoC-in-GitHub
CVE-2024-29973 - https://github.com/nomi-sec/PoC-in-GitHub
+CVE-2024-29973 - https://github.com/wjlin0/poc-doc
CVE-2024-29973 - https://github.com/wy876/POC
CVE-2024-2998 - https://github.com/Srivishnu-p/CVEs-and-Vulnerabilities
CVE-2024-2998 - https://github.com/fkie-cad/nvd-json-data-feeds
@@ -166313,6 +166330,7 @@ CVE-2024-31974 - https://github.com/nomi-sec/PoC-in-GitHub
CVE-2024-31975 - https://github.com/actuator/cve
CVE-2024-31976 - https://github.com/actuator/cve
CVE-2024-31977 - https://github.com/actuator/cve
+CVE-2024-31982 - https://github.com/nomi-sec/PoC-in-GitHub
CVE-2024-31982 - https://github.com/tanjiti/sec_profile
CVE-2024-320002 - https://github.com/nomi-sec/PoC-in-GitHub
CVE-2024-32002 - https://github.com/0xMarcio/cve
@@ -166928,6 +166946,7 @@ CVE-2024-34469 - https://github.com/nomi-sec/PoC-in-GitHub
CVE-2024-34470 - https://github.com/fkie-cad/nvd-json-data-feeds
CVE-2024-34470 - https://github.com/nomi-sec/PoC-in-GitHub
CVE-2024-34470 - https://github.com/osvaldotenorio/CVE-2024-34470
+CVE-2024-34470 - https://github.com/wjlin0/poc-doc
CVE-2024-34470 - https://github.com/wy876/POC
CVE-2024-34470 - https://github.com/wy876/wiki
CVE-2024-34471 - https://github.com/fkie-cad/nvd-json-data-feeds
@@ -167179,6 +167198,7 @@ CVE-2024-36104 - https://github.com/Threekiii/CVE
CVE-2024-36104 - https://github.com/enomothem/PenTestNote
CVE-2024-36104 - https://github.com/nomi-sec/PoC-in-GitHub
CVE-2024-36104 - https://github.com/tanjiti/sec_profile
+CVE-2024-36104 - https://github.com/wjlin0/poc-doc
CVE-2024-36104 - https://github.com/wy876/POC
CVE-2024-36104 - https://github.com/wy876/wiki
CVE-2024-36105 - https://github.com/fkie-cad/nvd-json-data-feeds
@@ -167197,6 +167217,7 @@ CVE-2024-36416 - https://github.com/nomi-sec/PoC-in-GitHub
CVE-2024-36426 - https://github.com/fkie-cad/nvd-json-data-feeds
CVE-2024-36428 - https://github.com/fkie-cad/nvd-json-data-feeds
CVE-2024-36428 - https://github.com/tanjiti/sec_profile
+CVE-2024-36428 - https://github.com/wjlin0/poc-doc
CVE-2024-36428 - https://github.com/wy876/POC
CVE-2024-36428 - https://github.com/wy876/wiki
CVE-2024-36437 - https://github.com/actuator/cve
@@ -167209,6 +167230,7 @@ CVE-2024-36586 - https://github.com/go-compile/security-advisories
CVE-2024-36587 - https://github.com/go-compile/security-advisories
CVE-2024-36588 - https://github.com/go-compile/security-advisories
CVE-2024-36589 - https://github.com/go-compile/security-advisories
+CVE-2024-36597 - https://github.com/wjlin0/poc-doc
CVE-2024-36597 - https://github.com/wy876/POC
CVE-2024-3661 - https://github.com/a1xbit/DecloakingVPN
CVE-2024-3661 - https://github.com/apiverve/news-API
@@ -167320,6 +167342,7 @@ CVE-2024-3822 - https://github.com/fkie-cad/nvd-json-data-feeds
CVE-2024-3823 - https://github.com/fkie-cad/nvd-json-data-feeds
CVE-2024-3824 - https://github.com/fkie-cad/nvd-json-data-feeds
CVE-2024-38276 - https://github.com/cli-ish/cli-ish
+CVE-2024-38319 - https://github.com/fkie-cad/nvd-json-data-feeds
CVE-2024-3832 - https://github.com/fkie-cad/nvd-json-data-feeds
CVE-2024-3833 - https://github.com/fkie-cad/nvd-json-data-feeds
CVE-2024-3834 - https://github.com/fkie-cad/nvd-json-data-feeds
@@ -167367,6 +167390,7 @@ CVE-2024-3936 - https://github.com/fkie-cad/nvd-json-data-feeds
CVE-2024-3942 - https://github.com/fkie-cad/nvd-json-data-feeds
CVE-2024-3951 - https://github.com/fkie-cad/nvd-json-data-feeds
CVE-2024-3957 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-3961 - https://github.com/fkie-cad/nvd-json-data-feeds
CVE-2024-3967 - https://github.com/fkie-cad/nvd-json-data-feeds
CVE-2024-3968 - https://github.com/fkie-cad/nvd-json-data-feeds
CVE-2024-3970 - https://github.com/fkie-cad/nvd-json-data-feeds
@@ -167503,6 +167527,7 @@ CVE-2024-4358 - https://github.com/securitycipher/daily-bugbounty-writeups
CVE-2024-4358 - https://github.com/sinsinology/CVE-2024-4358
CVE-2024-4358 - https://github.com/tanjiti/sec_profile
CVE-2024-4358 - https://github.com/verylazytech/CVE-2024-4358
+CVE-2024-4358 - https://github.com/wjlin0/poc-doc
CVE-2024-4358 - https://github.com/wy876/POC
CVE-2024-4358 - https://github.com/wy876/wiki
CVE-2024-4363 - https://github.com/fkie-cad/nvd-json-data-feeds
@@ -167611,8 +167636,10 @@ CVE-2024-4577 - https://github.com/ohhhh693/CVE-2024-4577
CVE-2024-4577 - https://github.com/princew88/CVE-2024-4577
CVE-2024-4577 - https://github.com/taida957789/CVE-2024-4577
CVE-2024-4577 - https://github.com/tanjiti/sec_profile
+CVE-2024-4577 - https://github.com/teamdArk5/Sword
CVE-2024-4577 - https://github.com/vwilzz/PHP-RCE-4577
CVE-2024-4577 - https://github.com/watchtowrlabs/CVE-2024-4577
+CVE-2024-4577 - https://github.com/wjlin0/poc-doc
CVE-2024-4577 - https://github.com/wy876/POC
CVE-2024-4577 - https://github.com/wy876/wiki
CVE-2024-4577 - https://github.com/xcanwin/CVE-2024-4577-PHP-RCE
@@ -167806,6 +167833,7 @@ CVE-2024-5111 - https://github.com/fkie-cad/nvd-json-data-feeds
CVE-2024-5112 - https://github.com/fkie-cad/nvd-json-data-feeds
CVE-2024-5113 - https://github.com/fkie-cad/nvd-json-data-feeds
CVE-2024-5114 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-5156 - https://github.com/fkie-cad/nvd-json-data-feeds
CVE-2024-5187 - https://github.com/sunriseXu/sunriseXu
CVE-2024-5208 - https://github.com/sev-hack/sev-hack
CVE-2024-5218 - https://github.com/fkie-cad/nvd-json-data-feeds
@@ -167815,6 +167843,7 @@ CVE-2024-5273 - https://github.com/fkie-cad/nvd-json-data-feeds
CVE-2024-5274 - https://github.com/kip93/kip93
CVE-2024-5326 - https://github.com/nomi-sec/PoC-in-GitHub
CVE-2024-5326 - https://github.com/truonghuuphuc/CVE-2024-5326-Poc
+CVE-2024-5344 - https://github.com/fkie-cad/nvd-json-data-feeds
CVE-2024-5346 - https://github.com/fkie-cad/nvd-json-data-feeds
CVE-2024-5359 - https://github.com/fkie-cad/nvd-json-data-feeds
CVE-2024-5360 - https://github.com/fkie-cad/nvd-json-data-feeds
@@ -167832,7 +167861,9 @@ CVE-2024-5390 - https://github.com/fkie-cad/nvd-json-data-feeds
CVE-2024-5391 - https://github.com/fkie-cad/nvd-json-data-feeds
CVE-2024-54321 - https://github.com/runwuf/clickhouse-test
CVE-2024-5438 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-5455 - https://github.com/fkie-cad/nvd-json-data-feeds
CVE-2024-5458 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-5503 - https://github.com/fkie-cad/nvd-json-data-feeds
CVE-2024-5522 - https://github.com/nomi-sec/PoC-in-GitHub
CVE-2024-5522 - https://github.com/truonghuuphuc/CVE-2024-5522-Poc
CVE-2024-5542 - https://github.com/fkie-cad/nvd-json-data-feeds
@@ -167850,7 +167881,9 @@ CVE-2024-5678 - https://github.com/Dashrath158/CVE-Management-App-using-Flask
CVE-2024-5678 - https://github.com/bergel07/FinalProject
CVE-2024-5733 - https://github.com/fkie-cad/nvd-json-data-feeds
CVE-2024-5734 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-5741 - https://github.com/fkie-cad/nvd-json-data-feeds
CVE-2024-5745 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-5756 - https://github.com/fkie-cad/nvd-json-data-feeds
CVE-2024-5758 - https://github.com/fkie-cad/nvd-json-data-feeds
CVE-2024-5766 - https://github.com/fkie-cad/nvd-json-data-feeds
CVE-2024-5770 - https://github.com/fkie-cad/nvd-json-data-feeds
@@ -167862,7 +167895,25 @@ CVE-2024-5775 - https://github.com/fkie-cad/nvd-json-data-feeds
CVE-2024-5785 - https://github.com/fkie-cad/nvd-json-data-feeds
CVE-2024-5786 - https://github.com/fkie-cad/nvd-json-data-feeds
CVE-2024-5791 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-6027 - https://github.com/fkie-cad/nvd-json-data-feeds
CVE-2024-6120 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-6147 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-6153 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-6154 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-6162 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-6183 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-6184 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-6185 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-6186 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-6187 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-6188 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-6189 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-6190 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-6191 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-6192 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-6193 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-6194 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-6195 - https://github.com/fkie-cad/nvd-json-data-feeds
CVE-2024-6271 - https://github.com/Jokergazaa/zero-click-exploits
CVE-2024-65230 - https://github.com/nomi-sec/PoC-in-GitHub
CVE-2024-6666 - https://github.com/JohnnyBradvo/CVE-2024-6666
diff --git a/references.txt b/references.txt
index ac8651d65..6b8abde68 100644
--- a/references.txt
+++ b/references.txt
@@ -16504,6 +16504,7 @@ CVE-2009-4874 - http://www.packetstormsecurity.org/0907-exploits/talkback-lfiexe
CVE-2009-4883 - http://www.exploit-db.com/exploits/8182
CVE-2009-4887 - http://www.exploit-db.com/exploits/8172
CVE-2009-4888 - http://packetstormsecurity.org/0903-exploits/phortail-xss.txt
+CVE-2009-4895 - http://www.ubuntu.com/usn/USN-1000-1
CVE-2009-4897 - http://bugs.ghostscript.com/show_bug.cgi?id=690523
CVE-2009-4904 - http://packetstormsecurity.org/0912-exploits/oblog-xssxsrf.txt
CVE-2009-4906 - http://packetstormsecurity.org/0912-exploits/ape-xsrf.txt
@@ -17452,6 +17453,7 @@ CVE-2010-1877 - http://packetstormsecurity.org/1004-exploits/joomlajtmreseller-s
CVE-2010-1878 - http://packetstormsecurity.org/1004-exploits/joomlaorgchart-lfi.txt
CVE-2010-1878 - http://www.exploit-db.com/exploits/12317
CVE-2010-1881 - https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-044
+CVE-2010-1885 - http://www.kb.cert.org/vuls/id/578319
CVE-2010-1886 - http://support.microsoft.com/kb/982316
CVE-2010-1887 - https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-048
CVE-2010-1891 - https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-069
@@ -17565,6 +17567,7 @@ CVE-2010-2055 - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583316
CVE-2010-2062 - https://dzcore.wordpress.com/2009/07/27/dzc-2009-001-the-movie-player-and-vlc-media-player-real-data-transport-parsing-integer-underflow/
CVE-2010-2063 - http://www.samba.org/samba/security/CVE-2010-2063.html
CVE-2010-2063 - https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9859
+CVE-2010-2066 - http://www.ubuntu.com/usn/USN-1000-1
CVE-2010-2066 - http://www.vmware.com/security/advisories/VMSA-2011-0003.html
CVE-2010-2068 - http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
CVE-2010-2068 - http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
@@ -17636,12 +17639,14 @@ CVE-2010-2185 - http://www.redhat.com/support/errata/RHSA-2010-0470.html
CVE-2010-2186 - http://www.redhat.com/support/errata/RHSA-2010-0470.html
CVE-2010-2187 - http://www.redhat.com/support/errata/RHSA-2010-0470.html
CVE-2010-2188 - http://www.redhat.com/support/errata/RHSA-2010-0470.html
+CVE-2010-2226 - http://www.ubuntu.com/usn/USN-1000-1
CVE-2010-2226 - http://www.vmware.com/security/advisories/VMSA-2011-0003.html
CVE-2010-2227 - http://www.vmware.com/security/advisories/VMSA-2011-0003.html
CVE-2010-2227 - http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html
CVE-2010-2235 - http://people.fedoraproject.org/~shenson/cobbler/cobbler-2.0.8.tar.gz
CVE-2010-2240 - http://www.redhat.com/support/errata/RHSA-2010-0670.html
CVE-2010-2243 - https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ad6759fbf35d104dbf573cd6f4c6784ad6823f7e
+CVE-2010-2248 - http://www.ubuntu.com/usn/USN-1000-1
CVE-2010-2248 - http://www.vmware.com/security/advisories/VMSA-2011-0003.html
CVE-2010-2252 - http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00023.html
CVE-2010-2252 - http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00031.html
@@ -17654,6 +17659,7 @@ CVE-2010-2259 - http://packetstormsecurity.org/1001-exploits/joomlabfsurvey-lfi.
CVE-2010-2260 - http://packetstormsecurity.org/1001-exploits/bandwidthmeter-xss.txt
CVE-2010-2263 - http://spa-s3c.blogspot.com/2010/06/full-responsible-disclosurenginx-engine.html
CVE-2010-2263 - http://www.exploit-db.com/exploits/13822
+CVE-2010-2265 - http://www.kb.cert.org/vuls/id/578319
CVE-2010-2273 - http://bugs.dojotoolkit.org/ticket/10773
CVE-2010-2273 - http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833
CVE-2010-2273 - http://www.gdssecurity.com/l/b/2010/03/12/multiple-dom-based-xss-in-dojo-toolkit-sdk/
@@ -17761,11 +17767,13 @@ CVE-2010-2468 - http://www.darkreading.com/blog/archives/2010/04/attacking_door.
CVE-2010-2468 - http://www.slideshare.net/shawn_merdinger/we-dont-need-no-stinkin-badges-hacking-electronic-door-access-controllersquot-shawn-merdinger-carolinacon
CVE-2010-2469 - http://www.darkreading.com/blog/archives/2010/04/attacking_door.html
CVE-2010-2469 - http://www.slideshare.net/shawn_merdinger/we-dont-need-no-stinkin-badges-hacking-electronic-door-access-controllersquot-shawn-merdinger-carolinacon
+CVE-2010-2478 - http://www.ubuntu.com/usn/USN-1000-1
CVE-2010-2480 - http://bugs.python.org/issue9061
CVE-2010-2480 - https://bugzilla.redhat.com/show_bug.cgi?id=609573
CVE-2010-2490 - https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2490
CVE-2010-2492 - http://www.redhat.com/support/errata/RHSA-2011-0007.html
CVE-2010-2492 - http://www.vmware.com/security/advisories/VMSA-2011-0012.html
+CVE-2010-2495 - http://www.ubuntu.com/usn/USN-1000-1
CVE-2010-2502 - http://www.splunk.com/view/SP-CAAAFGD
CVE-2010-2503 - http://www.splunk.com/view/SP-CAAAFGD
CVE-2010-2504 - http://www.splunk.com/view/SP-CAAAFGD
@@ -17774,7 +17782,9 @@ CVE-2010-2507 - http://packetstormsecurity.org/1006-exploits/joomlapicasa2galler
CVE-2010-2513 - http://packetstormsecurity.org/1006-exploits/joomlajeajax-sql.txt
CVE-2010-2514 - http://packetstormsecurity.org/1006-exploits/joomlajfaq-sqlxss.txt
CVE-2010-2515 - http://packetstormsecurity.org/1006-exploits/joomlajfaq-sqlxss.txt
+CVE-2010-2521 - http://www.ubuntu.com/usn/USN-1000-1
CVE-2010-2521 - http://www.vmware.com/security/advisories/VMSA-2011-0003.html
+CVE-2010-2524 - http://www.ubuntu.com/usn/USN-1000-1
CVE-2010-2524 - http://www.vmware.com/security/advisories/VMSA-2011-0003.html
CVE-2010-2525 - https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2646a1f61a3b5525914757f10fa12b5b94713648
CVE-2010-2526 - http://www.ubuntu.com/usn/USN-1001-1
@@ -17855,6 +17865,7 @@ CVE-2010-2795 - https://issues.jasig.org/browse/PHPCAS-61
CVE-2010-2796 - https://issues.jasig.org/browse/PHPCAS-67
CVE-2010-2797 - http://cross-site-scripting.blogspot.com/2010/07/cms-made-simple-18-local-file-inclusion.html
CVE-2010-2798 - http://www.redhat.com/support/errata/RHSA-2010-0670.html
+CVE-2010-2798 - http://www.ubuntu.com/usn/USN-1000-1
CVE-2010-2798 - http://www.vmware.com/security/advisories/VMSA-2011-0012.html
CVE-2010-2800 - http://libmspack.svn.sourceforge.net/viewvc/libmspack?view=revision&revision=95
CVE-2010-2801 - http://libmspack.svn.sourceforge.net/viewvc/libmspack?view=revision&revision=118
@@ -17927,11 +17938,17 @@ CVE-2010-2936 - http://www.oracle.com/technetwork/topics/security/cpujan2011-194
CVE-2010-2936 - https://bugzilla.redhat.com/show_bug.cgi?id=622529#c6
CVE-2010-2938 - http://www.vmware.com/security/advisories/VMSA-2011-0012.html
CVE-2010-2939 - http://www.vmware.com/security/advisories/VMSA-2011-0003.html
+CVE-2010-2942 - http://www.ubuntu.com/usn/USN-1000-1
CVE-2010-2942 - http://www.vmware.com/security/advisories/VMSA-2011-0012.html
CVE-2010-2943 - http://www.ubuntu.com/usn/USN-1041-1
CVE-2010-2943 - http://www.vmware.com/security/advisories/VMSA-2011-0012.html
+CVE-2010-2946 - http://www.ubuntu.com/usn/USN-1000-1
CVE-2010-2950 - https://bugzilla.redhat.com/show_bug.cgi?id=598537
+CVE-2010-2954 - http://www.ubuntu.com/usn/USN-1000-1
+CVE-2010-2955 - http://www.ubuntu.com/usn/USN-1000-1
+CVE-2010-2960 - http://www.ubuntu.com/usn/USN-1000-1
CVE-2010-2962 - http://www.ubuntu.com/usn/USN-1041-1
+CVE-2010-2963 - http://www.ubuntu.com/usn/USN-1000-1
CVE-2010-2965 - http://www.kb.cert.org/vuls/id/MAPG-86EPFA
CVE-2010-2975 - http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html
CVE-2010-2976 - http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html
@@ -17946,6 +17963,7 @@ CVE-2010-2984 - http://www.cisco.com/en/US/docs/wireless/controller/release/note
CVE-2010-2986 - http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html
CVE-2010-2987 - http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html
CVE-2010-2988 - http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html
+CVE-2010-3015 - http://www.ubuntu.com/usn/USN-1000-1
CVE-2010-3015 - http://www.vmware.com/security/advisories/VMSA-2011-0012.html
CVE-2010-3023 - http://packetstormsecurity.org/1008-exploits/diamondlist-xssxsrf.txt
CVE-2010-3024 - http://marc.info/?l=bugtraq&m=128104130309426&w=2
@@ -17960,6 +17978,7 @@ CVE-2010-3048 - http://www.fuzzmyapp.com/advisories/FMA-2010-002/FMA-2010-002-EN
CVE-2010-3056 - http://yehg.net/lab/pr0js/advisories/phpmyadmin/%5Bphpmyadmin-3.3.5%5D_cross_site_scripting%28XSS%29
CVE-2010-3066 - http://www.vmware.com/security/advisories/VMSA-2011-0012.html
CVE-2010-3067 - http://www.redhat.com/support/errata/RHSA-2011-0007.html
+CVE-2010-3067 - http://www.ubuntu.com/usn/USN-1000-1
CVE-2010-3067 - http://www.vmware.com/security/advisories/VMSA-2011-0012.html
CVE-2010-3069 - http://www.vmware.com/security/advisories/VMSA-2010-0019.html
CVE-2010-3073 - https://bugzilla.redhat.com/show_bug.cgi?id=630460
@@ -17968,11 +17987,14 @@ CVE-2010-3075 - https://bugzilla.redhat.com/show_bug.cgi?id=630460
CVE-2010-3076 - http://packetstormsecurity.org/1009-exploits/smbind-sql.txt
CVE-2010-3077 - http://seclists.org/fulldisclosure/2010/Sep/82
CVE-2010-3078 - http://www.redhat.com/support/errata/RHSA-2011-0007.html
+CVE-2010-3078 - http://www.ubuntu.com/usn/USN-1000-1
CVE-2010-3078 - http://www.vmware.com/security/advisories/VMSA-2011-0012.html
CVE-2010-3079 - http://www.ubuntu.com/usn/USN-1041-1
CVE-2010-3080 - http://www.redhat.com/support/errata/RHSA-2011-0007.html
+CVE-2010-3080 - http://www.ubuntu.com/usn/USN-1000-1
CVE-2010-3081 - http://sota.gen.nz/compat1/
CVE-2010-3081 - http://www.vmware.com/security/advisories/VMSA-2011-0003.html
+CVE-2010-3084 - http://www.ubuntu.com/usn/USN-1000-1
CVE-2010-3086 - http://kerneltrap.org/mailarchive/linux-kernel/2008/2/6/752194/thread
CVE-2010-3086 - http://www.vmware.com/security/advisories/VMSA-2011-0012.html
CVE-2010-3107 - https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12074
@@ -18055,6 +18077,7 @@ CVE-2010-3301 - http://sota.gen.nz/compat2/
CVE-2010-3301 - http://www.ubuntu.com/usn/USN-1041-1
CVE-2010-3305 - https://www.exploit-db.com/exploits/15014
CVE-2010-3305 - https://www.openwall.com/lists/oss-security/2010/09/17/7
+CVE-2010-3310 - http://www.ubuntu.com/usn/USN-1000-1
CVE-2010-3313 - http://www.exploit-db.com/exploits/11777/
CVE-2010-3314 - http://www.exploit-db.com/exploits/11777/
CVE-2010-3315 - http://www.ubuntu.com/usn/USN-1053-1
@@ -18086,9 +18109,12 @@ CVE-2010-3426 - http://packetstormsecurity.org/1009-exploits/joomlajphone-lfi.tx
CVE-2010-3429 - http://www.ocert.org/advisories/ocert-2010-004.html
CVE-2010-3429 - http://www.openwall.com/lists/oss-security/2010/09/28/4
CVE-2010-3432 - http://www.redhat.com/support/errata/RHSA-2011-0004.html
+CVE-2010-3432 - http://www.ubuntu.com/usn/USN-1000-1
CVE-2010-3432 - http://www.vmware.com/security/advisories/VMSA-2011-0012.html
+CVE-2010-3437 - http://www.ubuntu.com/usn/USN-1000-1
CVE-2010-3439 - https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3439
CVE-2010-3442 - http://www.redhat.com/support/errata/RHSA-2011-0004.html
+CVE-2010-3442 - http://www.ubuntu.com/usn/USN-1000-1
CVE-2010-3442 - http://www.vmware.com/security/advisories/VMSA-2011-0012.html
CVE-2010-3444 - https://bugzilla.redhat.com/show_bug.cgi?id=565997
CVE-2010-3450 - http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
@@ -18107,6 +18133,7 @@ CVE-2010-3464 - http://packetstormsecurity.org/1009-exploits/santafox-xssxsrf.tx
CVE-2010-3467 - http://packetstormsecurity.org/1009-exploits/exoopport-sql.txt
CVE-2010-3468 - http://www.exploit-db.com/exploits/15120
CVE-2010-3477 - http://www.redhat.com/support/errata/RHSA-2011-0007.html
+CVE-2010-3477 - http://www.ubuntu.com/usn/USN-1000-1
CVE-2010-3477 - http://www.vmware.com/security/advisories/VMSA-2011-0012.html
CVE-2010-3479 - http://packetstormsecurity.org/1009-exploits/boutikone-sql.txt
CVE-2010-3480 - http://www.exploit-db.com/exploits/15011
@@ -18364,6 +18391,7 @@ CVE-2010-3692 - https://issues.jasig.org/browse/PHPCAS-80
CVE-2010-3695 - http://securityreason.com/securityalert/8170
CVE-2010-3699 - http://www.redhat.com/support/errata/RHSA-2011-0004.html
CVE-2010-3699 - http://www.vmware.com/security/advisories/VMSA-2011-0012.html
+CVE-2010-3705 - http://www.ubuntu.com/usn/USN-1000-1
CVE-2010-3709 - http://securityreason.com/achievement_securityalert/90
CVE-2010-3709 - http://www.exploit-db.com/exploits/15431
CVE-2010-3712 - http://www.openwall.com/lists/oss-security/2011/03/13/8
@@ -18449,6 +18477,7 @@ CVE-2010-3888 - http://www.symantec.com/connect/blogs/stuxnet-using-three-additi
CVE-2010-3889 - http://www.securelist.com/en/blog/2291/Myrtus_and_Guava_Episode_MS10_061
CVE-2010-3889 - http://www.symantec.com/connect/blogs/stuxnet-using-three-additional-zero-day-vulnerabilities
CVE-2010-3904 - http://packetstormsecurity.com/files/155751/vReliable-Datagram-Sockets-RDS-rds_page_copy_user-Privilege-Escalation.html
+CVE-2010-3904 - http://www.ubuntu.com/usn/USN-1000-1
CVE-2010-3904 - http://www.vmware.com/security/advisories/VMSA-2011-0012.html
CVE-2010-3904 - https://www.exploit-db.com/exploits/44677/
CVE-2010-3906 - http://www.exploit-db.com/exploits/15744
@@ -52590,6 +52619,7 @@ CVE-2018-21149 - https://kb.netgear.com/000059484/Security-Advisory-for-Post-Aut
CVE-2018-21151 - https://kb.netgear.com/000059482/Security-Advisory-for-Post-Authentication-Buffer-Overflow-on-Some-Gateways-and-Routers-PSV-2017-3154
CVE-2018-21159 - https://kb.netgear.com/000059471/Security-Advisory-for-Security-Misconfiguration-on-ReadyNAS-OS-6-PSV-2017-1999
CVE-2018-21160 - https://kb.netgear.com/000059470/Security-Advisory-for-Cross-Site-Request-Forgery-on-ReadyNAS-OS-6-PSV-2017-1998
+CVE-2018-21165 - https://kb.netgear.com/000055194/Security-Advisory-for-Denial-of-Service-on-Some-Routers-PSV-2017-3170
CVE-2018-21167 - https://kb.netgear.com/000055191/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Routers-Gateways-Extenders-and-DSL-Modems-PSV-2017-3093
CVE-2018-21171 - https://kb.netgear.com/000055187/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2632
CVE-2018-21173 - https://kb.netgear.com/000055185/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-PSV-2017-2627
@@ -60434,6 +60464,7 @@ CVE-2019-25096 - https://github.com/soerennb/extplorer/releases/tag/v2.1.13
CVE-2019-25097 - https://github.com/soerennb/extplorer/releases/tag/v2.1.13
CVE-2019-25098 - https://github.com/soerennb/extplorer/releases/tag/v2.1.13
CVE-2019-2510 - http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
+CVE-2019-25100 - https://github.com/happyman/twmap/releases/tag/v2.9_v4.31
CVE-2019-25102 - https://vuldb.com/?id.220638
CVE-2019-2511 - http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
CVE-2019-2512 - http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
@@ -88513,6 +88544,7 @@ CVE-2023-0820 - https://wpscan.com/vulnerability/b93d9f9d-0fd9-49b8-b465-d32b953
CVE-2023-0823 - https://wpscan.com/vulnerability/83f23a9f-9ace-47d2-a5f3-a4915129b16c
CVE-2023-0824 - https://wpscan.com/vulnerability/48a3a542-9130-4524-9d19-ff9eccecb148/
CVE-2023-0827 - https://huntr.dev/bounties/75bc7d07-46a7-4ed9-a405-af4fc47fb422
+CVE-2023-0833 - https://github.com/square/okhttp/issues/6738
CVE-2023-0841 - https://github.com/advisories/GHSA-w52x-cp47-xhhw
CVE-2023-0841 - https://github.com/gpac/gpac/issues/2396
CVE-2023-0841 - https://github.com/qianshuidewajueji/poc/blob/main/gpac/mp3_dmx_process_poc3
@@ -88594,6 +88626,7 @@ CVE-2023-1021 - https://wpscan.com/vulnerability/91d04f96-11b2-46dc-860c-dc6c263
CVE-2023-1025 - https://wpscan.com/vulnerability/13621b13-8d31-4214-a665-cb15981f3ec1
CVE-2023-1030 - https://github.com/jidle123/bug_report/blob/main/vendors/winex01/Online%20Boat%20Reservation%20System/XSS-1.md#online-boat-reservation-system-v10-by-winex01-has-cross-site-scripting-reflected
CVE-2023-1031 - https://fluidattacks.com/advisories/napoli
+CVE-2023-1032 - https://ubuntu.com/security/notices/USN-5977-1
CVE-2023-1032 - https://ubuntu.com/security/notices/USN-6024-1
CVE-2023-1032 - https://ubuntu.com/security/notices/USN-6033-1
CVE-2023-1033 - https://huntr.dev/bounties/ba3cd929-8b60-4d8d-b77d-f28409ecf387
@@ -90550,6 +90583,7 @@ CVE-2023-27648 - https://github.com/LianKee/SODA/blob/main/CVEs/CVE-2023-27648/C
CVE-2023-27649 - https://github.com/LianKee/SODA/blob/main/CVEs/CVE-2023-27649/CVE%20detail.md
CVE-2023-2765 - https://github.com/eckert-lcc/cve/blob/main/Weaver%20oa.md
CVE-2023-2765 - https://vuldb.com/?id.229270
+CVE-2023-27650 - https://github.com/LianKee/SODA/blob/main/CVEs/CVE-2023-27650/CVE%20detail.md
CVE-2023-27651 - https://github.com/LianKee/SODA/blob/main/CVEs/CVE-2023-27651/CVE%20detail.md
CVE-2023-27652 - https://github.com/LianKee/SODA/blob/main/CVEs/CVE-2023-27652/CVE%20detail.md
CVE-2023-27653 - https://github.com/LianKee/SODA/blob/main/CVEs/CVE-2023-27653/CVE%20detail.md
@@ -90952,6 +90986,7 @@ CVE-2023-29724 - https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-2972
CVE-2023-29725 - https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29725/CVE%20detail.md
CVE-2023-29726 - https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29726/CVE%20detail.md
CVE-2023-29727 - https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29727/CVE%20detail.md
+CVE-2023-29728 - https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29728/CVE%20detail.md
CVE-2023-29731 - https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29731/CVE%20detail.md
CVE-2023-29732 - https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29732/CVE%20detail.md
CVE-2023-29733 - https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29733/CVE%20detail.md
@@ -90981,6 +91016,7 @@ CVE-2023-29756 - https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-2975
CVE-2023-29757 - https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29757/CVE%20detailed.md
CVE-2023-29758 - https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29758/CVE%20detailed.md
CVE-2023-29759 - https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29759/CVE%20detailed.md
+CVE-2023-29761 - https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29761/CVE%20detailed.md
CVE-2023-29766 - https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29766/CVE%20detailed.md
CVE-2023-29767 - https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29767/CVE%20detailed.md
CVE-2023-29770 - https://github.com/sapplica/sentrifugo/issues/384
@@ -92294,6 +92330,8 @@ CVE-2023-36968 - https://okankurtulus.com.tr/2023/06/21/food-ordering-system-v1-
CVE-2023-36969 - https://okankurtulus.com.tr/2023/06/26/cms-made-simple-v2-2-17-file-upload-remote-code-execution-rce-authenticated/
CVE-2023-36970 - https://okankurtulus.com.tr/2023/06/27/cms-made-simple-v2-2-17-stored-cross-site-scripting-xss-authenticated/
CVE-2023-37049 - https://github.com/Num-Nine/CVE/issues/1
+CVE-2023-37057 - https://github.com/ri5c/Jlink-Router-RCE
+CVE-2023-37058 - https://github.com/ri5c/Jlink-Router-RCE
CVE-2023-3706 - https://wpscan.com/vulnerability/daa4d93a-f8b1-4809-a18e-8ab63a05de5a
CVE-2023-3707 - https://wpscan.com/vulnerability/541bbe4c-3295-4073-901d-763556269f48
CVE-2023-37070 - https://github.com/InfoSecWarrior/Offensive-Payloads/blob/main/Cross-Site-Scripting-XSS-Payloads.txt
@@ -92469,11 +92507,13 @@ CVE-2023-3788 - https://www.vulnerability-lab.com/get_content.php?id=2278
CVE-2023-3789 - https://seclists.org/fulldisclosure/2023/Jul/36
CVE-2023-3789 - https://www.vulnerability-lab.com/get_content.php?id=2286
CVE-2023-37895 - http://seclists.org/fulldisclosure/2023/Jul/43
+CVE-2023-37898 - https://github.com/laurent22/joplin/security/advisories/GHSA-hjmq-3qh4-g2r8
CVE-2023-3790 - https://seclists.org/fulldisclosure/2023/Jul/33
CVE-2023-3790 - https://www.vulnerability-lab.com/get_content.php?id=2274
CVE-2023-37900 - https://github.com/crossplane/crossplane/blob/ac8b24fe739c5d942ea885157148497f196c3dd3/security/ADA-security-audit-23.pdf
CVE-2023-37903 - https://github.com/patriksimek/vm2/security/advisories/GHSA-g644-9gfx-q4q4
CVE-2023-37907 - https://github.com/cryptomator/cryptomator/security/advisories/GHSA-9c9p-c3mg-hpjq
+CVE-2023-3791 - https://github.com/zry-wyj/cve/blob/main/ibos.md
CVE-2023-37910 - https://jira.xwiki.org/browse/XWIKI-20334
CVE-2023-37915 - https://github.com/OpenDDS/OpenDDS/security/advisories/GHSA-v5pp-7prc-5xq9
CVE-2023-37916 - https://github.com/1Panel-dev/KubePi/security/advisories/GHSA-87f6-8gr7-pc6h
@@ -92623,7 +92663,9 @@ CVE-2023-38874 - https://github.com/dub-flow/vulnerability-research/tree/main/CV
CVE-2023-38876 - https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38876
CVE-2023-38877 - https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38877
CVE-2023-38879 - https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38879
+CVE-2023-38881 - https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38881
CVE-2023-38882 - https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38882
+CVE-2023-38883 - https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38883
CVE-2023-38886 - https://akerva.com/wp-content/uploads/2023/09/AKERVA_Security-Advisory_CVE-2023-38886_Dolibarr_RCE-1.pdf
CVE-2023-38888 - https://akerva.com/wp-content/uploads/2023/09/AKERVA_Security-Advisory_CVE-2023-38888_Dolibarr_XSS.pdf
CVE-2023-38890 - https://github.com/akshadjoshi/CVE-2023-38890
@@ -92646,7 +92688,9 @@ CVE-2023-38961 - https://github.com/jerryscript-project/jerryscript/issues/5092
CVE-2023-38965 - http://packetstormsecurity.com/files/175077/Lost-And-Found-Information-System-1.0-Insecure-Direct-Object-Reference.html
CVE-2023-38969 - https://panda002.hashnode.dev/badaso-version-297-has-an-xss-vulnerability-in-add-books
CVE-2023-3897 - http://packetstormsecurity.com/files/177179/SureMDM-On-Premise-CAPTCHA-Bypass-User-Enumeration.html
+CVE-2023-38970 - https://github.com/anh91/uasoft-indonesia--badaso/blob/main/XSS3.md
CVE-2023-38970 - https://panda002.hashnode.dev/badaso-version-297-has-an-xss-vulnerability-in-new-member
+CVE-2023-38971 - https://github.com/anh91/uasoft-indonesia--badaso/blob/main/XSS3.md
CVE-2023-38971 - https://panda002.hashnode.dev/badaso-version-297-has-xss-vulnerability-in-add-ranks
CVE-2023-38973 - https://github.com/anh91/uasoft-indonesia--badaso/blob/main/xss5.md
CVE-2023-38975 - https://github.com/qdrant/qdrant/issues/2268
@@ -92915,6 +92959,7 @@ CVE-2023-4059 - https://wpscan.com/vulnerability/fc719d12-2f58-4d1f-b696-0f937e7
CVE-2023-40590 - https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4
CVE-2023-4060 - https://wpscan.com/vulnerability/88745c9b-1c20-4004-89f6-d9ee223651f2
CVE-2023-40610 - https://github.com/orangecertcc/security-research/security/advisories/GHSA-f678-j579-4xf5
+CVE-2023-40617 - https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-40617
CVE-2023-40618 - https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-40618
CVE-2023-40660 - http://www.openwall.com/lists/oss-security/2023/12/13/2
CVE-2023-40660 - https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651
@@ -93092,6 +93137,7 @@ CVE-2023-41708 - http://packetstormsecurity.com/files/177130/OX-App-Suite-7.10.6
CVE-2023-4171 - https://github.com/nagenanhai/cve/blob/main/duqu.md
CVE-2023-41710 - http://packetstormsecurity.com/files/176422/OX-App-Suite-7.10.6-Access-Control-Cross-Site-Scripting.html
CVE-2023-41717 - https://github.com/federella/CVE-2023-41717
+CVE-2023-4172 - https://github.com/nagenanhai/cve/blob/main/duqu2.md
CVE-2023-4172 - https://vuldb.com/?id.236207
CVE-2023-4173 - http://packetstormsecurity.com/files/174016/mooSocial-3.1.8-Cross-Site-Scripting.html
CVE-2023-4174 - http://packetstormsecurity.com/files/174017/Social-Commerce-3.1.6-Cross-Site-Scripting.html
@@ -93667,6 +93713,7 @@ CVE-2023-45670 - https://securitylab.github.com/advisories/GHSL-2023-190_Frigate
CVE-2023-45671 - https://securitylab.github.com/advisories/GHSL-2023-190_Frigate/
CVE-2023-45672 - https://github.com/blakeblackshear/frigate/security/advisories/GHSA-qp3h-4q62-p428
CVE-2023-45672 - https://securitylab.github.com/advisories/GHSL-2023-190_Frigate/
+CVE-2023-45673 - https://github.com/laurent22/joplin/security/advisories/GHSA-g8qx-5vcm-3x59
CVE-2023-4568 - https://www.tenable.com/security/research/tra-2023-31
CVE-2023-45685 - https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/
CVE-2023-45686 - https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/
@@ -93825,6 +93872,7 @@ CVE-2023-4658 - https://gitlab.com/gitlab-org/gitlab/-/issues/423835
CVE-2023-46580 - https://github.com/ersinerenler/Code-Projects-Inventory-Management-1.0/blob/main/CVE-2023-46580-Code-Projects-Inventory-Management-1.0-Stored-Cross-Site-Scripting-Vulnerability.md
CVE-2023-46581 - https://github.com/ersinerenler/Code-Projects-Inventory-Management-1.0/blob/main/CVE-2023-46581-Code-Projects-Inventory-Management-1.0-SQL-Injection-Vulnerability.md
CVE-2023-46582 - https://github.com/ersinerenler/Code-Projects-Inventory-Management-1.0/blob/main/CVE-2023-46582-Code-Projects-Inventory-Management-1.0-SQL-Injection-Vulnerability.md
+CVE-2023-46584 - https://github.com/rumble773/sec-research/blob/main/NiV/CVE-2023-46584.md
CVE-2023-46587 - https://github.com/nasroabd/vulns/tree/main/XnView/2.51.5
CVE-2023-46602 - https://github.com/InternationalColorConsortium/DemoIccMAX/pull/53
CVE-2023-46603 - https://github.com/InternationalColorConsortium/DemoIccMAX/pull/53
@@ -93915,11 +93963,13 @@ CVE-2023-47091 - https://advisories.stormshield.eu/2023-024/
CVE-2023-47102 - https://quantiano.github.io/cve-2023-47102/
CVE-2023-47106 - https://github.com/traefik/traefik/security/advisories/GHSA-fvhj-4qfh-q2hm
CVE-2023-47108 - https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-8pgv-569h-w5rw
+CVE-2023-4711 - https://github.com/TinkAnet/cve/blob/main/rce.md
CVE-2023-47115 - https://github.com/HumanSignal/label-studio/security/advisories/GHSA-q68h-xwq5-mm7x
CVE-2023-47116 - https://github.com/HumanSignal/label-studio/security/advisories/GHSA-p59w-9gqw-wj8r
CVE-2023-47117 - https://github.com/HumanSignal/label-studio/security/advisories/GHSA-6hjj-gq77-j4qw
CVE-2023-4712 - https://github.com/wpay65249519/cve/blob/main/SQL_injection.md
CVE-2023-47128 - https://github.com/piccolo-orm/piccolo/security/advisories/GHSA-xq59-7jf3-rjc6
+CVE-2023-4713 - https://github.com/13aiZe1/cve/blob/main/sql.md
CVE-2023-47130 - https://owasp.org/www-community/vulnerabilities/PHP_Object_Injection
CVE-2023-4714 - http://packetstormsecurity.com/files/174446/PlayTube-3.0.1-Information-Disclosure.html
CVE-2023-47171 - https://talosintelligence.com/vulnerability_reports/TALOS-2023-1869
@@ -94342,6 +94392,8 @@ CVE-2023-49468 - https://github.com/strukturag/libde265/issues/432
CVE-2023-49471 - https://github.com/zunak/CVE-2023-49471
CVE-2023-49473 - https://github.com/Hack404-007/cves-info/blob/main/JF6000-exp
CVE-2023-49484 - https://github.com/jiaofj/cms/blob/main/There%20is%20a%20storage%20based%20XSS%20in%20the%20article%20management%20department.md
+CVE-2023-49486 - https://github.com/Rabb1ter/cms/blob/main/There%20is%20a%20stored%20XSS%20in%20the%20model%20management%20department.md
+CVE-2023-49487 - https://github.com/Rabb1ter/cms/blob/main/There%20is%20a%20stored%20XSS%20in%20the%20navigation%20management%20office.md
CVE-2023-49492 - https://github.com/Hebing123/cve/issues/2
CVE-2023-49493 - https://github.com/Hebing123/cve/issues/2
CVE-2023-49494 - https://github.com/Hebing123/cve/issues/3
@@ -94492,6 +94544,7 @@ CVE-2023-50559 - https://github.com/OpenXiangShan/XiangShan/issues/2534
CVE-2023-50569 - https://gist.github.com/ISHGARD-2/a6b57de899f977e2af41780e7428b4bf
CVE-2023-50569 - https://github.com/Cacti/cacti/security/advisories/GHSA-xwqc-7jc4-xm73
CVE-2023-5057 - https://wpscan.com/vulnerability/58a63507-f0fd-46f1-a80c-6b1c41dddcf5
+CVE-2023-50578 - https://gitee.com/mingSoft/MCMS/issues/I8MAJK
CVE-2023-50585 - https://github.com/LaPhilosophie/IoT-vulnerable/blob/main/Tenda/A18/formSetDeviceName.md
CVE-2023-50589 - https://github.com/VauP/CVE-IDs/blob/main/proof_of_concept.md
CVE-2023-5060 - https://huntr.dev/bounties/01b0917d-f92f-4903-9eca-bcfc46e847e3
@@ -94621,6 +94674,7 @@ CVE-2023-51444 - https://osgeo-org.atlassian.net/browse/GEOS-11176
CVE-2023-51445 - https://github.com/geoserver/geoserver/security/advisories/GHSA-fh7p-5f6g-vj2w
CVE-2023-51445 - https://osgeo-org.atlassian.net/browse/GEOS-11148
CVE-2023-51448 - https://github.com/Cacti/cacti/security/advisories/GHSA-w85f-7c4w-7594
+CVE-2023-5145 - https://github.com/llixixi/cve/blob/main/D-LINK-DAR-7000_upload_%20licence.md
CVE-2023-5146 - https://github.com/llixixi/cve/blob/main/D-LINK-DAR-8000-10_upload_%20updatelib.md
CVE-2023-5147 - https://github.com/llixixi/cve/blob/main/D-LINK-DAR-7000_upload_%20updateos.md
CVE-2023-5148 - https://github.com/llixixi/cve/blob/main/D-LINK-DAR-7000_upload_%20uploadfile.md
@@ -94768,6 +94822,7 @@ CVE-2023-5245 - https://research.jfrog.com/vulnerabilities/mleap-path-traversal-
CVE-2023-52555 - https://github.com/mongo-express/mongo-express/issues/1338
CVE-2023-52564 - http://www.openwall.com/lists/oss-security/2024/04/11/9
CVE-2023-5259 - https://github.com/RCEraser/cve/blob/main/ForU-CMS.md
+CVE-2023-5261 - https://github.com/csbsong/bug_report/blob/main/sql2.md
CVE-2023-5264 - https://github.com/yhy217/huakecms-vul/issues/1
CVE-2023-5267 - https://github.com/kpz-wm/cve/blob/main/sql.md
CVE-2023-5284 - https://vuldb.com/?id.240912
@@ -95115,6 +95170,7 @@ CVE-2023-6300 - https://github.com/BigTiger2020/2023/blob/main/best-courier-mana
CVE-2023-6301 - https://github.com/BigTiger2020/2023/blob/main/best-courier-management-system/best-courier-management-system-reflected%20xss2.md
CVE-2023-6301 - https://vuldb.com/?id.246127
CVE-2023-6305 - https://github.com/BigTiger2020/2023/blob/main/Free%20and%20Open%20Source%20inventory%20management%20system/Free%20and%20Open%20Source%20inventory%20management%20system.md
+CVE-2023-6306 - https://github.com/BigTiger2020/2023/blob/main/Free%20and%20Open%20Source%20inventory%20management%20system/Free%20and%20Open%20Source%20inventory%20management%20system2.md
CVE-2023-6306 - https://vuldb.com/?id.246132
CVE-2023-6308 - https://github.com/gatsby2003/Struts2-046/blob/main/Xiamen%20Four-Faith%20Communication%20Technology%20Co.,%20Ltd.%20video%20surveillance%20management%20system%20has%20a%20command%20execution%20vulnerability.md
CVE-2023-6309 - https://github.com/moses-smt/mosesdecoder/issues/237
@@ -95492,6 +95548,7 @@ CVE-2024-0736 - https://0day.today/exploit/39249
CVE-2024-0737 - https://packetstormsecurity.com/files/176553/LightFTP-1.1-Denial-Of-Service.html
CVE-2024-0741 - https://bugzilla.mozilla.org/show_bug.cgi?id=1864587
CVE-2024-0745 - https://bugzilla.mozilla.org/show_bug.cgi?id=1871838
+CVE-2024-0749 - https://bugzilla.mozilla.org/show_bug.cgi?id=1813463
CVE-2024-0750 - https://bugzilla.mozilla.org/show_bug.cgi?id=1863083
CVE-2024-0756 - https://wpscan.com/vulnerability/9130a42d-fca3-4f9c-ab97-d5e0a7a5cef2/
CVE-2024-0757 - https://wpscan.com/vulnerability/eccd017c-e442-46b6-b5e6-aec7bbd5f836/
@@ -95957,6 +96014,12 @@ CVE-2024-21509 - https://security.snyk.io/vuln/SNYK-JS-MYSQL2-6591084
CVE-2024-21511 - https://security.snyk.io/vuln/SNYK-JS-MYSQL2-6670046
CVE-2024-21512 - https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-7176010
CVE-2024-21512 - https://security.snyk.io/vuln/SNYK-JS-MYSQL2-6861580
+CVE-2024-21514 - https://security.snyk.io/vuln/SNYK-PHP-OPENCARTOPENCART-7266565
+CVE-2024-21515 - https://security.snyk.io/vuln/SNYK-PHP-OPENCARTOPENCART-7266573
+CVE-2024-21516 - https://security.snyk.io/vuln/SNYK-PHP-OPENCARTOPENCART-7266576
+CVE-2024-21517 - https://security.snyk.io/vuln/SNYK-PHP-OPENCARTOPENCART-7266577
+CVE-2024-21518 - https://security.snyk.io/vuln/SNYK-PHP-OPENCARTOPENCART-7266578
+CVE-2024-21519 - https://security.snyk.io/vuln/SNYK-PHP-OPENCARTOPENCART-7266579
CVE-2024-2152 - https://github.com/vanitashtml/CVE-Dumps/blob/main/SQL%20Injection%20in%20Mobile%20Management%20Store.md
CVE-2024-2153 - https://github.com/vanitashtml/CVE-Dumps/blob/main/SQL%20Injection%20in%20View%20Order%20-%20Mobile%20Management%20Store.md
CVE-2024-2154 - https://github.com/vanitashtml/CVE-Dumps/blob/main/Unauthenticated%20SQL%20Injection%20-%20Mobile%20Management%20Store.md
@@ -97659,6 +97722,8 @@ CVE-2024-3407 - https://wpscan.com/vulnerability/262348ab-a335-4acf-8e4d-229fc0b
CVE-2024-34070 - https://github.com/froxlor/Froxlor/security/advisories/GHSA-x525-54hf-xr53
CVE-2024-34075 - https://github.com/xiboon/kurwov/security/advisories/GHSA-hfrv-h3q8-9jpr
CVE-2024-34082 - https://github.com/getgrav/grav/security/advisories/GHSA-f8v5-jmfh-pr69
+CVE-2024-3414 - https://vuldb.com/?id.259583
+CVE-2024-3416 - https://vuldb.com/?id.259588
CVE-2024-34196 - https://gist.github.com/Swind1er/1ec2fde42254598a72f1d716f9cfe2a1
CVE-2024-34199 - https://github.com/DMCERTCE/PoC_Tiny_Overflow
CVE-2024-34200 - https://github.com/n0wstr/IOTVuln/tree/main/CP450/setIpQosRules
@@ -97811,6 +97876,7 @@ CVE-2024-35232 - https://github.com/huandu/facebook/security/advisories/GHSA-3f6
CVE-2024-35235 - http://www.openwall.com/lists/oss-security/2024/06/11/1
CVE-2024-35235 - https://github.com/OpenPrinting/cups/security/advisories/GHSA-vvwp-mv6j-hw6f
CVE-2024-35236 - https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-7j99-76cj-q9pg
+CVE-2024-3524 - https://vuldb.com/?id.259895
CVE-2024-3529 - https://vuldb.com/?id.259899
CVE-2024-35324 - https://github.com/w0x68y/cve-lists/blob/main/CMS/Douchat/Douchat%204.0.5%20arbitrary%20file%20upload%20vulnerability.md
CVE-2024-35326 - https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35326.c
@@ -97966,6 +98032,7 @@ CVE-2024-37568 - https://github.com/lepture/authlib/issues/654
CVE-2024-37569 - https://www.youtube.com/watch?v=I9TQqfP5qzM
CVE-2024-37619 - https://github.com/Hebing123/cve/issues/45
CVE-2024-37620 - https://github.com/Hebing123/cve/issues/46
+CVE-2024-37621 - https://github.com/Hebing123/cve/issues/47
CVE-2024-37622 - https://github.com/rainrocka/xinhu/issues/4
CVE-2024-37623 - https://github.com/rainrocka/xinhu/issues/5
CVE-2024-37624 - https://github.com/rainrocka/xinhu/issues/6
@@ -98009,6 +98076,7 @@ CVE-2024-3797 - https://github.com/BurakSevben/CVEs/blob/main/QR%20Code%20Bookma
CVE-2024-3822 - https://wpscan.com/vulnerability/ff5411b1-9e04-4e72-a502-e431d774642a/
CVE-2024-3823 - https://wpscan.com/vulnerability/a138215c-4b8c-4182-978f-d21ce25070d3/
CVE-2024-3824 - https://wpscan.com/vulnerability/749ae334-b1d1-421e-a04c-35464c961a4a/
+CVE-2024-3834 - https://issues.chromium.org/issues/326607008
CVE-2024-38347 - https://github.com/SandeepRajauriya/CVEs/blob/main/CVE-2024-38347
CVE-2024-38348 - https://github.com/SandeepRajauriya/CVEs/blob/main/CVE-2024-38348
CVE-2024-38358 - https://github.com/wasmerio/wasmer/security/advisories/GHSA-55f3-3qvg-8pv5
@@ -98047,6 +98115,7 @@ CVE-2024-3908 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC
CVE-2024-3909 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC500/formexeCommand.md
CVE-2024-3909 - https://vuldb.com/?id.261145
CVE-2024-3910 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC500/fromDhcpListClient_page.md
+CVE-2024-3910 - https://vuldb.com/?id.261146
CVE-2024-3917 - https://wpscan.com/vulnerability/88162016-9fc7-4194-9e81-44c50991f6e9/
CVE-2024-3918 - https://wpscan.com/vulnerability/2074d0f5-4165-4130-9391-37cb21e8aa1b/
CVE-2024-3920 - https://wpscan.com/vulnerability/2fb28c77-3c35-4a2f-91ed-823d0d011048/
@@ -98183,6 +98252,7 @@ CVE-2024-4577 - https://cert.be/en/advisory/warning-php-remote-code-execution-pa
CVE-2024-4577 - https://github.com/11whoami99/CVE-2024-4577
CVE-2024-4577 - https://github.com/watchtowrlabs/CVE-2024-4577
CVE-2024-4577 - https://github.com/xcanwin/CVE-2024-4577-PHP-RCE
+CVE-2024-4577 - https://isc.sans.edu/diary/30994
CVE-2024-4577 - https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/
CVE-2024-4585 - https://github.com/Hckwzh/cms/blob/main/16.md
CVE-2024-4586 - https://github.com/Hckwzh/cms/blob/main/17.md
@@ -98385,6 +98455,7 @@ CVE-2024-5894 - https://github.com/Hefei-Coffee/cve/blob/main/sql10.md
CVE-2024-5895 - https://github.com/Hefei-Coffee/cve/blob/main/sql11.md
CVE-2024-5896 - https://github.com/Hefei-Coffee/cve/blob/main/sql12.md
CVE-2024-5898 - https://github.com/guiyxli/cve/issues/1
+CVE-2024-5976 - https://github.com/Xu-Mingming/cve/blob/main/sql.md
CVE-2024-5981 - https://github.com/LiuYongXiang-git/cve/issues/1
CVE-2024-5983 - https://github.com/LiuYongXiang-git/cve/issues/2
CVE-2024-5984 - https://github.com/LiuYongXiang-git/cve/issues/3
@@ -98410,4 +98481,5 @@ CVE-2024-6190 - https://github.com/HryspaHodor/CVE/issues/2
CVE-2024-6191 - https://github.com/HryspaHodor/CVE/issues/3
CVE-2024-6192 - https://github.com/HryspaHodor/CVE/issues/4
CVE-2024-6194 - https://github.com/HryspaHodor/CVE/issues/6
+CVE-2024-6212 - https://docs.google.com/document/d/1tl9-EAxUR64Og9zS-nyUx3YtG1V32Monkvq-h39tjpw/edit?usp=sharing
CVE-2024-6218 - https://github.com/HryspaHodor/CVE/issues/7