Update CVE sources 2024-06-23 04:42

2025-06-19 17:30:12 +00:00 · 2024-06-23 04:42:52 +00:00 · 2024-06-23 04:42:52 +00:00 · 7490dda3bb
commit 7490dda3bb
parent 809a858b1a
126 changed files with 1288 additions and 19 deletions
--- a/2009/CVE-2009-4895.md
+++ b/2009/CVE-2009-4895.md
@ -0,0 +1,17 @@
+### [CVE-2009-4895](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4895)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Race condition in the tty_fasync function in drivers/char/tty_io.c in the Linux kernel before 2.6.32.6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via unknown vectors, related to the put_tty_queue and __f_setown functions.  NOTE: the vulnerability was addressed in a different way in 2.6.32.9.
+
+### POC
+
+#### Reference
+- http://www.ubuntu.com/usn/USN-1000-1
+
+#### Github
+No PoCs found on GitHub currently.
+
--- a/2010/CVE-2010-1885.md
+++ b/2010/CVE-2010-1885.md
@ -0,0 +1,17 @@
+### [CVE-2010-1885](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1885)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability."
+
+### POC
+
+#### Reference
+- http://www.kb.cert.org/vuls/id/578319
+
+#### Github
+No PoCs found on GitHub currently.
+
--- a/2010/CVE-2010-2066.md
+++ b/2010/CVE-2010-2066.md
@ -10,6 +10,7 @@ The mext_check_arguments function in fs/ext4/move_extent.c in the Linux kernel b
 ### POC

 #### Reference
+- http://www.ubuntu.com/usn/USN-1000-1
 - http://www.vmware.com/security/advisories/VMSA-2011-0003.html

 #### Github
--- a/2010/CVE-2010-2226.md
+++ b/2010/CVE-2010-2226.md
@ -10,6 +10,7 @@ The xfs_swapext function in fs/xfs/xfs_dfrag.c in the Linux kernel before 2.6.35
 ### POC

 #### Reference
+- http://www.ubuntu.com/usn/USN-1000-1
 - http://www.vmware.com/security/advisories/VMSA-2011-0003.html

 #### Github
--- a/2010/CVE-2010-2248.md
+++ b/2010/CVE-2010-2248.md
@ -10,6 +10,7 @@ fs/cifs/cifssmb.c in the CIFS implementation in the Linux kernel before 2.6.34-r
 ### POC

 #### Reference
+- http://www.ubuntu.com/usn/USN-1000-1
 - http://www.vmware.com/security/advisories/VMSA-2011-0003.html

 #### Github
--- a/2010/CVE-2010-2265.md
+++ b/2010/CVE-2010-2265.md
@ -0,0 +1,17 @@
+### [CVE-2010-2265](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2265)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Cross-site scripting (XSS) vulnerability in the GetServerName function in sysinfo/commonFunc.js in Microsoft Windows Help and Support Center for Windows XP and Windows Server 2003 allows remote attackers to inject arbitrary web script or HTML via the svr parameter to sysinfo/sysinfomain.htm.  NOTE: this can be leveraged with CVE-2010-1885 to execute arbitrary commands without user interaction.
+
+### POC
+
+#### Reference
+- http://www.kb.cert.org/vuls/id/578319
+
+#### Github
+No PoCs found on GitHub currently.
+
--- a/2010/CVE-2010-2478.md
+++ b/2010/CVE-2010-2478.md
@ -0,0 +1,17 @@
+### [CVE-2010-2478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2478)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20n%2Fa%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Integer overflow in the ethtool_get_rxnfc function in net/core/ethtool.c in the Linux kernel before 2.6.33.7 on 32-bit platforms allows local users to cause a denial of service or possibly have unspecified other impact via an ETHTOOL_GRXCLSRLALL ethtool command with a large info.rule_cnt value that triggers a buffer overflow, a different vulnerability than CVE-2010-3084.
+
+### POC
+
+#### Reference
+- http://www.ubuntu.com/usn/USN-1000-1
+
+#### Github
+No PoCs found on GitHub currently.
+
--- a/2010/CVE-2010-2495.md
+++ b/2010/CVE-2010-2495.md
@ -0,0 +1,17 @@
+### [CVE-2010-2495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2495)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20n%2Fa%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+The pppol2tp_xmit function in drivers/net/pppol2tp.c in the L2TP implementation in the Linux kernel before 2.6.34 does not properly validate certain values associated with an interface, which allows attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via vectors related to a routing change.
+
+### POC
+
+#### Reference
+- http://www.ubuntu.com/usn/USN-1000-1
+
+#### Github
+No PoCs found on GitHub currently.
+
--- a/2010/CVE-2010-2521.md
+++ b/2010/CVE-2010-2521.md
@ -10,6 +10,7 @@ Multiple buffer overflows in fs/nfsd/nfs4xdr.c in the XDR implementation in the
 ### POC

 #### Reference
+- http://www.ubuntu.com/usn/USN-1000-1
 - http://www.vmware.com/security/advisories/VMSA-2011-0003.html

 #### Github
--- a/2010/CVE-2010-2524.md
+++ b/2010/CVE-2010-2524.md
@ -10,6 +10,7 @@ The DNS resolution functionality in the CIFS implementation in the Linux kernel
 ### POC

 #### Reference
+- http://www.ubuntu.com/usn/USN-1000-1
 - http://www.vmware.com/security/advisories/VMSA-2011-0003.html

 #### Github
--- a/2010/CVE-2010-2798.md
+++ b/2010/CVE-2010-2798.md
@ -11,6 +11,7 @@ The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux kernel before

 #### Reference
 - http://www.redhat.com/support/errata/RHSA-2010-0670.html
+- http://www.ubuntu.com/usn/USN-1000-1
 - http://www.vmware.com/security/advisories/VMSA-2011-0012.html

 #### Github
--- a/2010/CVE-2010-2942.md
+++ b/2010/CVE-2010-2942.md
@ -10,6 +10,7 @@ The actions implementation in the network queueing functionality in the Linux ke
 ### POC

 #### Reference
+- http://www.ubuntu.com/usn/USN-1000-1
 - http://www.vmware.com/security/advisories/VMSA-2011-0012.html

 #### Github
--- a/2010/CVE-2010-2946.md
+++ b/2010/CVE-2010-2946.md
@ -0,0 +1,17 @@
+### [CVE-2010-2946](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2946)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20n%2Fa%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+fs/jfs/xattr.c in the Linux kernel before 2.6.35.2 does not properly handle a certain legacy format for storage of extended attributes, which might allow local users by bypass intended xattr namespace restrictions via an "os2." substring at the beginning of a name.
+
+### POC
+
+#### Reference
+- http://www.ubuntu.com/usn/USN-1000-1
+
+#### Github
+No PoCs found on GitHub currently.
+
--- a/2010/CVE-2010-2954.md
+++ b/2010/CVE-2010-2954.md
@ -10,7 +10,7 @@ The irda_bind function in net/irda/af_irda.c in the Linux kernel before 2.6.36-r
 ### POC

 #### Reference
-No PoCs from references.
+- http://www.ubuntu.com/usn/USN-1000-1

 #### Github
 - https://github.com/mergebase/usn2json
--- a/2010/CVE-2010-2955.md
+++ b/2010/CVE-2010-2955.md
@ -10,7 +10,7 @@ The cfg80211_wext_giwessid function in net/wireless/wext-compat.c in the Linux k
 ### POC

 #### Reference
-No PoCs from references.
+- http://www.ubuntu.com/usn/USN-1000-1

 #### Github
 - https://github.com/mergebase/usn2json
--- a/2010/CVE-2010-2960.md
+++ b/2010/CVE-2010-2960.md
@ -10,7 +10,7 @@ The keyctl_session_to_parent function in security/keys/keyctl.c in the Linux ker
 ### POC

 #### Reference
-No PoCs from references.
+- http://www.ubuntu.com/usn/USN-1000-1

 #### Github
 - https://github.com/mergebase/usn2json
--- a/2010/CVE-2010-2963.md
+++ b/2010/CVE-2010-2963.md
@ -10,7 +10,7 @@ drivers/media/video/v4l2-compat-ioctl32.c in the Video4Linux (V4L) implementatio
 ### POC

 #### Reference
-No PoCs from references.
+- http://www.ubuntu.com/usn/USN-1000-1

 #### Github
 - https://github.com/ARPSyndicate/cvemon
--- a/2010/CVE-2010-3015.md
+++ b/2010/CVE-2010-3015.md
@ -10,6 +10,7 @@ Integer overflow in the ext4_ext_get_blocks function in fs/ext4/extents.c in the
 ### POC

 #### Reference
+- http://www.ubuntu.com/usn/USN-1000-1
 - http://www.vmware.com/security/advisories/VMSA-2011-0012.html

 #### Github
--- a/2010/CVE-2010-3067.md
+++ b/2010/CVE-2010-3067.md
@ -11,6 +11,7 @@ Integer overflow in the do_io_submit function in fs/aio.c in the Linux kernel be

 #### Reference
 - http://www.redhat.com/support/errata/RHSA-2011-0007.html
+- http://www.ubuntu.com/usn/USN-1000-1
 - http://www.vmware.com/security/advisories/VMSA-2011-0012.html

 #### Github
--- a/2010/CVE-2010-3078.md
+++ b/2010/CVE-2010-3078.md
@ -11,6 +11,7 @@ The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the Linux ker

 #### Reference
 - http://www.redhat.com/support/errata/RHSA-2011-0007.html
+- http://www.ubuntu.com/usn/USN-1000-1
 - http://www.vmware.com/security/advisories/VMSA-2011-0012.html

 #### Github
--- a/2010/CVE-2010-3080.md
+++ b/2010/CVE-2010-3080.md
@ -11,6 +11,7 @@ Double free vulnerability in the snd_seq_oss_open function in sound/core/seq/oss

 #### Reference
 - http://www.redhat.com/support/errata/RHSA-2011-0007.html
+- http://www.ubuntu.com/usn/USN-1000-1

 #### Github
 No PoCs found on GitHub currently.
--- a/2010/CVE-2010-3084.md
+++ b/2010/CVE-2010-3084.md
@ -0,0 +1,17 @@
+### [CVE-2010-3084](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3084)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20n%2Fa%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Buffer overflow in the niu_get_ethtool_tcam_all function in drivers/net/niu.c in the Linux kernel before 2.6.36-rc4 allows local users to cause a denial of service or possibly have unspecified other impact via the ETHTOOL_GRXCLSRLALL ethtool command.
+
+### POC
+
+#### Reference
+- http://www.ubuntu.com/usn/USN-1000-1
+
+#### Github
+No PoCs found on GitHub currently.
+
--- a/2010/CVE-2010-3310.md
+++ b/2010/CVE-2010-3310.md
@ -0,0 +1,17 @@
+### [CVE-2010-3310](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3310)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20n%2Fa%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Multiple integer signedness errors in net/rose/af_rose.c in the Linux kernel before 2.6.36-rc5-next-20100923 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a rose_getname function call, related to the rose_bind and rose_connect functions.
+
+### POC
+
+#### Reference
+- http://www.ubuntu.com/usn/USN-1000-1
+
+#### Github
+No PoCs found on GitHub currently.
+
--- a/2010/CVE-2010-3432.md
+++ b/2010/CVE-2010-3432.md
@ -11,6 +11,7 @@ The sctp_packet_config function in net/sctp/output.c in the Linux kernel before

 #### Reference
 - http://www.redhat.com/support/errata/RHSA-2011-0004.html
+- http://www.ubuntu.com/usn/USN-1000-1
 - http://www.vmware.com/security/advisories/VMSA-2011-0012.html

 #### Github
--- a/2010/CVE-2010-3437.md
+++ b/2010/CVE-2010-3437.md
@ -10,7 +10,7 @@ Integer signedness error in the pkt_find_dev_from_minor function in drivers/bloc
 ### POC

 #### Reference
-No PoCs from references.
+- http://www.ubuntu.com/usn/USN-1000-1

 #### Github
 - https://github.com/ARPSyndicate/cvemon
--- a/2010/CVE-2010-3442.md
+++ b/2010/CVE-2010-3442.md
@ -11,6 +11,7 @@ Multiple integer overflows in the snd_ctl_new function in sound/core/control.c i

 #### Reference
 - http://www.redhat.com/support/errata/RHSA-2011-0004.html
+- http://www.ubuntu.com/usn/USN-1000-1
 - http://www.vmware.com/security/advisories/VMSA-2011-0012.html

 #### Github
--- a/2010/CVE-2010-3477.md
+++ b/2010/CVE-2010-3477.md
@ -11,6 +11,7 @@ The tcf_act_police_dump function in net/sched/act_police.c in the actions implem

 #### Reference
 - http://www.redhat.com/support/errata/RHSA-2011-0007.html
+- http://www.ubuntu.com/usn/USN-1000-1
 - http://www.vmware.com/security/advisories/VMSA-2011-0012.html

 #### Github
--- a/2010/CVE-2010-3705.md
+++ b/2010/CVE-2010-3705.md
@ -10,7 +10,7 @@ The sctp_auth_asoc_get_hmac function in net/sctp/auth.c in the Linux kernel befo
 ### POC

 #### Reference
-No PoCs from references.
+- http://www.ubuntu.com/usn/USN-1000-1

 #### Github
 - https://github.com/mergebase/usn2json
--- a/2010/CVE-2010-3904.md
+++ b/2010/CVE-2010-3904.md
@ -11,6 +11,7 @@ The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Socke

 #### Reference
 - http://packetstormsecurity.com/files/155751/vReliable-Datagram-Sockets-RDS-rds_page_copy_user-Privilege-Escalation.html
+- http://www.ubuntu.com/usn/USN-1000-1
 - http://www.vmware.com/security/advisories/VMSA-2011-0012.html
 - https://www.exploit-db.com/exploits/44677/

--- a/2012/CVE-2012-0158.md
+++ b/2012/CVE-2012-0158.md
@ -32,6 +32,7 @@ The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX control
 - https://github.com/havocykp/Vulnerability-analysis
 - https://github.com/helloandrewpaul/Mandiant---APT
 - https://github.com/houjingyi233/office-exploit-case-study
+- https://github.com/mcgowanandrew/Mandiant---APT
 - https://github.com/qiantu88/office-cve
 - https://github.com/riusksk/vul_war_error
 - https://github.com/sv3nbeast/Attack-Notes
--- a/2018/CVE-2018-10933.md
+++ b/2018/CVE-2018-10933.md
@ -83,6 +83,7 @@ A vulnerability was found in libssh's server-side state machine before versions
 - https://github.com/ivanacostarubio/libssh-scanner
 - https://github.com/jas502n/CVE-2018-10933
 - https://github.com/jbmihoub/all-poc
+- https://github.com/jobroche/libssh-scanner
 - https://github.com/john-80/-007
 - https://github.com/kgwanjala/oscp-cheatsheet
 - https://github.com/kn6869610/CVE-2018-10933
--- a/2018/CVE-2018-21165.md
+++ b/2018/CVE-2018-21165.md
@ -0,0 +1,17 @@
+### [CVE-2018-21165](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21165)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Certain NETGEAR devices are affected by denial of service. This affects R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.
+
+### POC
+
+#### Reference
+- https://kb.netgear.com/000055194/Security-Advisory-for-Denial-of-Service-on-Some-Routers-PSV-2017-3170
+
+#### Github
+No PoCs found on GitHub currently.
+
--- a/2019/CVE-2019-11358.md
+++ b/2019/CVE-2019-11358.md
@ -1247,6 +1247,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
 - https://github.com/IntellyCode/Pascal-FTC-Template
 - https://github.com/IoanaAdrian/FreightFrenzySoftHoarders
 - https://github.com/Iobotics/FTC-2021-FreightFrenzy
+- https://github.com/Iris-TheRainbow/RoadRunnerQuickstart15031
 - https://github.com/Iron-Panthers/Summer-Camp-Bots
 - https://github.com/IronEaglesRobotics/FreightFrenzy
 - https://github.com/IronEaglesRobotics/PowerPlay
@ -2584,6 +2585,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
 - https://github.com/amogus-1984/FTC-2023
 - https://github.com/amphibiousarmy21456/FtcRobotController-FTC-SDK-8.2-WithOpenCV
 - https://github.com/amphibiousarmy21456/FtcRobotController-LastYearFinalCopy
+- https://github.com/anandraghunath/TeamAlphabots
 - https://github.com/anaypant/FTCTest1
 - https://github.com/andreascasanova/FTCFirsttime
 - https://github.com/andrei-27/FREIGHT-FRENZY
@ -3461,6 +3463,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
 - https://github.com/mililanirobotics/17063-FTC-23-24
 - https://github.com/mililanirobotics/7438-FTC-23-24
 - https://github.com/minhle30964/FTC-Team-17288-Season-2020-2021
+- https://github.com/mizpeyamFTC/center_stage_code
 - https://github.com/mlhstech/8.1.1
 - https://github.com/mmkaram-EPS/FTC-OffSeason-2022
 - https://github.com/mneruganti/freightfrenzy
--- a/2019/CVE-2019-25100.md
+++ b/2019/CVE-2019-25100.md
@ -0,0 +1,17 @@
+### [CVE-2019-25100](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25100)
+![](https://img.shields.io/static/v1?label=Product&message=twmap&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20n%2Fa%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen)
+
+### Description
+
+A vulnerability was found in happyman twmap. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file twmap3/data/ajaxCRUD/pointdata2.php. The manipulation of the argument id leads to sql injection. Upgrading to version v2.9_v4.31 is able to address this issue. The identifier of the patch is babbec79b3fa4efb3bd581ea68af0528d11bba0c. It is recommended to upgrade the affected component. The identifier VDB-217645 was assigned to this vulnerability.
+
+### POC
+
+#### Reference
+- https://github.com/happyman/twmap/releases/tag/v2.9_v4.31
+
+#### Github
+No PoCs found on GitHub currently.
+
--- a/2022/CVE-2022-22916.md
+++ b/2022/CVE-2022-22916.md
@ -24,6 +24,7 @@ O2OA v6.4.7 was discovered to contain a remote code execution (RCE) vulnerabilit
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/trhacknon/Pocingit
 - https://github.com/whoforget/CVE-POC
+- https://github.com/wjlin0/poc-doc
 - https://github.com/wy876/POC
 - https://github.com/wy876/wiki
 - https://github.com/youwizard/CVE-POC
--- a/2023/CVE-2023-0833.md
+++ b/2023/CVE-2023-0833.md
@ -11,7 +11,7 @@ A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp c
 ### POC

 #### Reference
-No PoCs from references.
+- https://github.com/square/okhttp/issues/6738

 #### Github
 - https://github.com/hinat0y/Dataset1
--- a/2023/CVE-2023-1032.md
+++ b/2023/CVE-2023-1032.md
@ -10,6 +10,7 @@ The Linux kernel io_uring IORING_OP_SOCKET operation contained a double free in
 ### POC

 #### Reference
+- https://ubuntu.com/security/notices/USN-5977-1
 - https://ubuntu.com/security/notices/USN-6024-1
 - https://ubuntu.com/security/notices/USN-6033-1

--- a/2023/CVE-2023-27650.md
+++ b/2023/CVE-2023-27650.md
@ -0,0 +1,17 @@
+### [CVE-2023-27650](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27650)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+An issue found in APUS Group Launcher v.3.10.73 and v.3.10.88 allows a remote attacker to execute arbitrary code via the FONT_FILE parameter.
+
+### POC
+
+#### Reference
+- https://github.com/LianKee/SODA/blob/main/CVEs/CVE-2023-27650/CVE%20detail.md
+
+#### Github
+No PoCs found on GitHub currently.
+
--- a/2023/CVE-2023-28432.md
+++ b/2023/CVE-2023-28432.md
@ -65,6 +65,7 @@ No PoCs from references.
 - https://github.com/trailofbits/awesome-ml-security
 - https://github.com/unam4/CVE-2023-28432-minio_update_rce
 - https://github.com/whoami13apt/files2
+- https://github.com/wjlin0/poc-doc
 - https://github.com/wy876/POC
 - https://github.com/wy876/wiki
 - https://github.com/xk-mt/CVE-2023-28432
--- a/2023/CVE-2023-29728.md
+++ b/2023/CVE-2023-29728.md
@ -0,0 +1,17 @@
+### [CVE-2023-29728](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29728)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+The Call Blocker application 6.6.3 for Android allows attackers to tamper with feature-related data, resulting in a severe elevation of privilege attack.
+
+### POC
+
+#### Reference
+- https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29728/CVE%20detail.md
+
+#### Github
+No PoCs found on GitHub currently.
+
--- a/2023/CVE-2023-29761.md
+++ b/2023/CVE-2023-29761.md
@ -0,0 +1,17 @@
+### [CVE-2023-29761](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29761)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+An issue found in Sleep v.20230303 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files.
+
+### POC
+
+#### Reference
+- https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29761/CVE%20detailed.md
+
+#### Github
+No PoCs found on GitHub currently.
+
--- a/2023/CVE-2023-37057.md
+++ b/2023/CVE-2023-37057.md
@ -0,0 +1,17 @@
+### [CVE-2023-37057](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37057)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+An issue in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to execute arbitrary code via the router's authentication mechanism.
+
+### POC
+
+#### Reference
+- https://github.com/ri5c/Jlink-Router-RCE
+
+#### Github
+No PoCs found on GitHub currently.
+
--- a/2023/CVE-2023-37058.md
+++ b/2023/CVE-2023-37058.md
@ -0,0 +1,17 @@
+### [CVE-2023-37058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37058)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Insecure Permissions vulnerability in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to escalate privileges via a crafted command.
+
+### POC
+
+#### Reference
+- https://github.com/ri5c/Jlink-Router-RCE
+
+#### Github
+No PoCs found on GitHub currently.
+
--- a/2023/CVE-2023-37898.md
+++ b/2023/CVE-2023-37898.md
@ -0,0 +1,17 @@
+### [CVE-2023-37898](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37898)
+![](https://img.shields.io/static/v1?label=Product&message=joplin&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%202.12.9%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+Joplin is a free, open source note taking and to-do application. A Cross-site Scripting (XSS) vulnerability allows an untrusted note opened in safe mode to execute arbitrary code. `packages/renderer/MarkupToHtml.ts` renders note content in safe mode by surrounding it with <pre> and </pre>, without escaping any interior HTML tags. Thus, an attacker can create a note that closes the opening <pre> tag, then includes HTML that runs JavaScript. Because the rendered markdown iframe has the same origin as the toplevel document and is not sandboxed, any scripts running in the preview iframe can access the top variable and, thus, access the toplevel NodeJS `require` function. `require` can then be used to import modules like fs or child_process and run arbitrary commands. This issue has been addressed in version 2.12.9 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
+
+### POC
+
+#### Reference
+- https://github.com/laurent22/joplin/security/advisories/GHSA-hjmq-3qh4-g2r8
+
+#### Github
+No PoCs found on GitHub currently.
+
--- a/2023/CVE-2023-3791.md
+++ b/2023/CVE-2023-3791.md
@ -0,0 +1,17 @@
+### [CVE-2023-3791](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3791)
+![](https://img.shields.io/static/v1?label=Product&message=OA&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%204.5.5%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen)
+
+### Description
+
+A vulnerability was found in IBOS OA 4.5.5 and classified as critical. Affected by this issue is the function actionExport of the file ?r=contact/default/export of the component Personal Office Address Book. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-235058 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
+
+### POC
+
+#### Reference
+- https://github.com/zry-wyj/cve/blob/main/ibos.md
+
+#### Github
+No PoCs found on GitHub currently.
+
--- a/2023/CVE-2023-38881.md
+++ b/2023/CVE-2023-38881.md
@ -0,0 +1,17 @@
+### [CVE-2023-38881](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38881)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into any of the 'calendar_id', 'school_date', 'month' or 'year' parameters in 'CalendarModal.php'.
+
+### POC
+
+#### Reference
+- https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38881
+
+#### Github
+No PoCs found on GitHub currently.
+
--- a/2023/CVE-2023-38883.md
+++ b/2023/CVE-2023-38883.md
@ -0,0 +1,17 @@
+### [CVE-2023-38883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38883)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'ajax' parameter in 'ParentLookup.php'.
+
+### POC
+
+#### Reference
+- https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38883
+
+#### Github
+No PoCs found on GitHub currently.
+
--- a/2023/CVE-2023-38970.md
+++ b/2023/CVE-2023-38970.md
@ -10,6 +10,7 @@ Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru v.2.9.7 allows a remot
 ### POC

 #### Reference
+- https://github.com/anh91/uasoft-indonesia--badaso/blob/main/XSS3.md
 - https://panda002.hashnode.dev/badaso-version-297-has-an-xss-vulnerability-in-new-member

 #### Github
--- a/2023/CVE-2023-38971.md
+++ b/2023/CVE-2023-38971.md
@ -10,6 +10,7 @@ Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru v.2.9.7 allows a remot
 ### POC

 #### Reference
+- https://github.com/anh91/uasoft-indonesia--badaso/blob/main/XSS3.md
 - https://panda002.hashnode.dev/badaso-version-297-has-xss-vulnerability-in-add-ranks

 #### Github
--- a/2023/CVE-2023-40617.md
+++ b/2023/CVE-2023-40617.md
@ -0,0 +1,17 @@
+### [CVE-2023-40617](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40617)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+A reflected cross-site scripting (XSS) vulnerability in OpenKnowledgeMaps Head Start 7 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'file' parameter in 'displayPDF.php'.
+
+### POC
+
+#### Reference
+- https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-40617
+
+#### Github
+No PoCs found on GitHub currently.
+
--- a/2023/CVE-2023-4172.md
+++ b/2023/CVE-2023-4172.md
@ -10,6 +10,7 @@ A vulnerability, which was classified as problematic, has been found in Chengdu
 ### POC

 #### Reference
+- https://github.com/nagenanhai/cve/blob/main/duqu2.md
 - https://vuldb.com/?id.236207

 #### Github
--- a/2023/CVE-2023-43662.md
+++ b/2023/CVE-2023-43662.md
@ -13,5 +13,6 @@ ShokoServer is a media server which specializes in organizing anime. In affected
 No PoCs from references.

 #### Github
+- https://github.com/wjlin0/poc-doc
 - https://github.com/wy876/POC

--- a/2023/CVE-2023-45673.md
+++ b/2023/CVE-2023-45673.md
@ -0,0 +1,17 @@
+### [CVE-2023-45673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45673)
+![](https://img.shields.io/static/v1?label=Product&message=joplin&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%202.13.3%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%3A%20Improper%20Control%20of%20Generation%20of%20Code%20('Code%20Injection')&color=brighgreen)
+
+### Description
+
+Joplin is a free, open source note taking and to-do application. A remote code execution (RCE) vulnerability in affected versions allows clicking on a link in a PDF in an untrusted note to execute arbitrary shell commands. Clicking links in PDFs allows for arbitrary code execution because Joplin desktop: 1. has not disabled top redirection for note viewer iframes, and 2. and has node integration enabled. This is a remote code execution vulnerability that impacts anyone who attaches untrusted PDFs to notes and has the icon enabled. This issue has been addressed in version 2.13.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.
+
+### POC
+
+#### Reference
+- https://github.com/laurent22/joplin/security/advisories/GHSA-g8qx-5vcm-3x59
+
+#### Github
+No PoCs found on GitHub currently.
+
--- a/2023/CVE-2023-46584.md
+++ b/2023/CVE-2023-46584.md
@ -0,0 +1,17 @@
+### [CVE-2023-46584](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46584)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+SQL Injection vulnerability in PHPGurukul Nipah virus (NiV) " Testing Management System v.1.0 allows a remote attacker to escalate privileges via a crafted request to the new-user-testing.php endpoint.
+
+### POC
+
+#### Reference
+- https://github.com/rumble773/sec-research/blob/main/NiV/CVE-2023-46584.md
+
+#### Github
+No PoCs found on GitHub currently.
+
--- a/2023/CVE-2023-4711.md
+++ b/2023/CVE-2023-4711.md
@ -0,0 +1,17 @@
+### [CVE-2023-4711](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4711)
+![](https://img.shields.io/static/v1?label=Product&message=DAR-8000-10&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%2020230819%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%20OS%20Command%20Injection&color=brighgreen)
+
+### Description
+
+A vulnerability, which was classified as critical, has been found in D-Link DAR-8000-10 up to 20230819. Affected by this issue is some unknown functionality of the file /log/decodmail.php. The manipulation of the argument file leads to os command injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. VDB-238574 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
+
+### POC
+
+#### Reference
+- https://github.com/TinkAnet/cve/blob/main/rce.md
+
+#### Github
+No PoCs found on GitHub currently.
+
--- a/2023/CVE-2023-4713.md
+++ b/2023/CVE-2023-4713.md
@ -0,0 +1,17 @@
+### [CVE-2023-4713](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4713)
+![](https://img.shields.io/static/v1?label=Product&message=OA&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%204.5.5%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen)
+
+### Description
+
+A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects the function addComment of the file ?r=weibo/comment/addcomment. The manipulation of the argument touid leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-238576. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
+
+### POC
+
+#### Reference
+- https://github.com/13aiZe1/cve/blob/main/sql.md
+
+#### Github
+No PoCs found on GitHub currently.
+
--- a/2023/CVE-2023-49486.md
+++ b/2023/CVE-2023-49486.md
@ -0,0 +1,17 @@
+### [CVE-2023-49486](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49486)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the model management department.
+
+### POC
+
+#### Reference
+- https://github.com/Rabb1ter/cms/blob/main/There%20is%20a%20stored%20XSS%20in%20the%20model%20management%20department.md
+
+#### Github
+No PoCs found on GitHub currently.
+
--- a/2023/CVE-2023-49487.md
+++ b/2023/CVE-2023-49487.md
@ -0,0 +1,17 @@
+### [CVE-2023-49487](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49487)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the navigation management department.
+
+### POC
+
+#### Reference
+- https://github.com/Rabb1ter/cms/blob/main/There%20is%20a%20stored%20XSS%20in%20the%20navigation%20management%20office.md
+
+#### Github
+No PoCs found on GitHub currently.
+
--- a/2023/CVE-2023-50578.md
+++ b/2023/CVE-2023-50578.md
@ -0,0 +1,17 @@
+### [CVE-2023-50578](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50578)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Mingsoft MCMS v5.2.9 was discovered to contain a SQL injection vulnerability via the categoryType parameter at /content/list.do.
+
+### POC
+
+#### Reference
+- https://gitee.com/mingSoft/MCMS/issues/I8MAJK
+
+#### Github
+No PoCs found on GitHub currently.
+
--- a/2023/CVE-2023-5145.md
+++ b/2023/CVE-2023-5145.md
@ -0,0 +1,17 @@
+### [CVE-2023-5145](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5145)
+![](https://img.shields.io/static/v1?label=Product&message=DAR-7000&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%2020151231%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload&color=brighgreen)
+
+### Description
+
+** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DAR-7000 up to 20151231 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /sysmanage/licence.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240241 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
+
+### POC
+
+#### Reference
+- https://github.com/llixixi/cve/blob/main/D-LINK-DAR-7000_upload_%20licence.md
+
+#### Github
+No PoCs found on GitHub currently.
+
--- a/2023/CVE-2023-5261.md
+++ b/2023/CVE-2023-5261.md
@ -10,7 +10,7 @@ A vulnerability, which was classified as critical, was found in Tongda OA 2017.
 ### POC

 #### Reference
-No PoCs from references.
+- https://github.com/csbsong/bug_report/blob/main/sql2.md

 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
--- a/2023/CVE-2023-6306.md
+++ b/2023/CVE-2023-6306.md
@ -10,6 +10,7 @@ A vulnerability classified as critical has been found in SourceCodester Free and
 ### POC

 #### Reference
+- https://github.com/BigTiger2020/2023/blob/main/Free%20and%20Open%20Source%20inventory%20management%20system/Free%20and%20Open%20Source%20inventory%20management%20system2.md
 - https://vuldb.com/?id.246132

 #### Github
--- a/2024/CVE-2024-0749.md
+++ b/2024/CVE-2024-0749.md
@ -12,7 +12,7 @@ A phishing site could have repurposed an `about:` dialog to show phishing conten
 ### POC

 #### Reference
-No PoCs from references.
+- https://bugzilla.mozilla.org/show_bug.cgi?id=1813463

 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
--- a/2024/CVE-2024-21512.md
+++ b/2024/CVE-2024-21512.md
@ -16,6 +16,7 @@ Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollutio
 - https://security.snyk.io/vuln/SNYK-JS-MYSQL2-6861580

 #### Github
+- https://github.com/wjlin0/poc-doc
 - https://github.com/wy876/POC
 - https://github.com/wy876/wiki

--- a/2024/CVE-2024-21514.md
+++ b/2024/CVE-2024-21514.md
@ -0,0 +1,17 @@
+### [CVE-2024-21514](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21514)
+![](https://img.shields.io/static/v1?label=Product&message=opencart%2Fopencart&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=0.0.0%3C%20*%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen)
+
+### Description
+
+This affects versions of the package opencart/opencart from 0.0.0. An SQL Injection issue was identified in the Divido payment extension for OpenCart, which is included by default in version 3.0.3.9. As an anonymous unauthenticated user, if the Divido payment module is installed (it does not have to be enabled), it is possible to exploit SQL injection to gain unauthorised access to the backend database. For any site which is vulnerable, any unauthenticated user could exploit this to dump the entire OpenCart database, including customer PII data.
+
+### POC
+
+#### Reference
+- https://security.snyk.io/vuln/SNYK-PHP-OPENCARTOPENCART-7266565
+
+#### Github
+No PoCs found on GitHub currently.
+
--- a/2024/CVE-2024-21515.md
+++ b/2024/CVE-2024-21515.md
@ -0,0 +1,17 @@
+### [CVE-2024-21515](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21515)
+![](https://img.shields.io/static/v1?label=Product&message=opencart%2Fopencart&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=4.0.0.0%3C%20*%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Reflected%20Cross-site%20Scripting&color=brighgreen)
+
+### Description
+
+This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the filename parameter of the admin tool/log route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted to login and redirected again upon authentication with the payload automatically executing. If the attacked user has admin privileges, this vulnerability could be used as the start of a chain of exploits like Zip Slip or arbitrary file write vulnerabilities in the admin functionality.

**Notes:**

1) This is only exploitable if the attacker knows the name or path of the admin directory. The name of the directory is "admin" by default but there is a pop-up in the dashboard warning users to rename it.

2) The fix for this vulnerability is incomplete. The redirect is removed so that it is not possible for an attacker to control the redirect post admin login anymore, but it is still possible to exploit this issue in admin if the user is authenticated as an admin already.
+
+### POC
+
+#### Reference
+- https://security.snyk.io/vuln/SNYK-PHP-OPENCARTOPENCART-7266573
+
+#### Github
+No PoCs found on GitHub currently.
+
--- a/2024/CVE-2024-21516.md
+++ b/2024/CVE-2024-21516.md
@ -0,0 +1,17 @@
+### [CVE-2024-21516](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21516)
+![](https://img.shields.io/static/v1?label=Product&message=opencart%2Fopencart&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=4.0.0.0%3C%20*%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Reflected%20Cross-site%20Scripting&color=brighgreen)
+
+### Description
+
+This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the directory parameter of admin common/filemanager.list route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted to login and redirected again upon authentication with the payload automatically executing. If the attacked user has admin privileges, this vulnerability could be used as the start of a chain of exploits like Zip Slip or arbitrary file write vulnerabilities in the admin functionality.

**Notes:**

1) This is only exploitable if the attacker knows the name or path of the admin directory. The name of the directory is "admin" by default but there is a pop-up in the dashboard warning users to rename it.

2) The fix for this vulnerability is incomplete. The redirect is removed so that it is not possible for an attacker to control the redirect post admin login anymore, but it is still possible to exploit this issue in admin if the user is authenticated as an admin already.
+
+### POC
+
+#### Reference
+- https://security.snyk.io/vuln/SNYK-PHP-OPENCARTOPENCART-7266576
+
+#### Github
+No PoCs found on GitHub currently.
+
--- a/2024/CVE-2024-21517.md
+++ b/2024/CVE-2024-21517.md
@ -0,0 +1,17 @@
+### [CVE-2024-21517](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21517)
+![](https://img.shields.io/static/v1?label=Product&message=opencart%2Fopencart&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=4.0.0.0%3C%20*%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Reflected%20Cross-site%20Scripting&color=brighgreen)
+
+### Description
+
+This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the redirect parameter of customer account/login route. An attacker can inject arbitrary HTML and Javascript into the page response. As this vulnerability is present in the account functionality it could be used to target and attack customers of the OpenCart shop.

**Notes:**

1) The fix for this vulnerability is incomplete
+
+### POC
+
+#### Reference
+- https://security.snyk.io/vuln/SNYK-PHP-OPENCARTOPENCART-7266577
+
+#### Github
+No PoCs found on GitHub currently.
+
--- a/2024/CVE-2024-21518.md
+++ b/2024/CVE-2024-21518.md
@ -0,0 +1,17 @@
+### [CVE-2024-21518](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21518)
+![](https://img.shields.io/static/v1?label=Product&message=opencart%2Fopencart&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=4.0.0.0%3C%20*%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Arbitrary%20File%20Write%20via%20Archive%20Extraction%20(Zip%20Slip)&color=brighgreen)
+
+### Description
+
+This affects versions of the package opencart/opencart from 4.0.0.0. A Zip Slip issue was identified via the marketplace installer due to improper sanitization of the target path, allowing files within a malicious archive to traverse the filesystem and be extracted to arbitrary locations. An attacker can create arbitrary files in the web root of the application and overwrite other existing files by exploiting this vulnerability.
+
+### POC
+
+#### Reference
+- https://security.snyk.io/vuln/SNYK-PHP-OPENCARTOPENCART-7266578
+
+#### Github
+No PoCs found on GitHub currently.
+
--- a/2024/CVE-2024-21519.md
+++ b/2024/CVE-2024-21519.md
@ -0,0 +1,17 @@
+### [CVE-2024-21519](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21519)
+![](https://img.shields.io/static/v1?label=Product&message=opencart%2Fopencart&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=4.0.0.0%3C%20*%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Arbitrary%20File%20Creation&color=brighgreen)
+
+### Description
+
+This affects versions of the package opencart/opencart from 4.0.0.0. An Arbitrary File Creation issue was identified via the database restoration functionality. By injecting PHP code into the database, an attacker with admin privileges can create a backup file with an arbitrary filename (including the extension), within /system/storage/backup.

**Note:**

It is less likely for the created file to be available within the web root, as part of the security recommendations for the application suggest moving the storage path outside of the web root.
+
+### POC
+
+#### Reference
+- https://security.snyk.io/vuln/SNYK-PHP-OPENCARTOPENCART-7266579
+
+#### Github
+No PoCs found on GitHub currently.
+
--- a/2024/CVE-2024-23052.md
+++ b/2024/CVE-2024-23052.md
@ -13,6 +13,7 @@ An issue in WuKongOpenSource WukongCRM v.72crm_9.0.1_20191202 allows a remote at
 - https://github.com/WuKongOpenSource/WukongCRM-9.0-JAVA/issues/28

 #### Github
+- https://github.com/wjlin0/poc-doc
 - https://github.com/wy876/POC
 - https://github.com/wy876/wiki

--- a/2024/CVE-2024-23692.md
+++ b/2024/CVE-2024-23692.md
@ -18,5 +18,6 @@
 - https://github.com/enomothem/PenTestNote
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/tanjiti/sec_profile
+- https://github.com/wjlin0/poc-doc
 - https://github.com/wy876/POC

--- a/2024/CVE-2024-2484.md
+++ b/2024/CVE-2024-2484.md
@ -0,0 +1,17 @@
+### [CVE-2024-2484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2484)
+![](https://img.shields.io/static/v1?label=Product&message=Orbit%20Fox%20by%20ThemeIsle&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.10.34%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Services and Post Type Grid widgets in all versions up to, and including, 2.10.34 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
--- a/2024/CVE-2024-27348.md
+++ b/2024/CVE-2024-27348.md
@ -18,6 +18,7 @@ No PoCs from references.
 - https://github.com/fkie-cad/nvd-json-data-feeds
 - https://github.com/kljunowsky/CVE-2024-27348
 - https://github.com/nomi-sec/PoC-in-GitHub
+- https://github.com/wjlin0/poc-doc
 - https://github.com/wy876/POC
 - https://github.com/wy876/wiki

--- a/2024/CVE-2024-28995.md
+++ b/2024/CVE-2024-28995.md
@ -16,5 +16,6 @@ No PoCs from references.
 - https://github.com/enomothem/PenTestNote
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/tanjiti/sec_profile
+- https://github.com/wjlin0/poc-doc
 - https://github.com/wy876/POC

--- a/2024/CVE-2024-28999.md
+++ b/2024/CVE-2024-28999.md
@ -0,0 +1,17 @@
+### [CVE-2024-28999](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28999)
+![](https://img.shields.io/static/v1?label=Product&message=SolarWinds%20Platform&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-362%20Concurrent%20Execution%20using%20Shared%20Resource%20with%20Improper%20Synchronization%20('Race%20Condition')&color=brighgreen)
+
+### Description
+
+The SolarWinds Platform was determined to be affected by a Race Condition Vulnerability affecting the web console. 
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/nomi-sec/PoC-in-GitHub
+
--- a/2024/CVE-2024-29041.md
+++ b/2024/CVE-2024-29041.md
@ -0,0 +1,18 @@
+### [CVE-2024-29041](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29041)
+![](https://img.shields.io/static/v1?label=Product&message=express&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D4.14.0%2C%20%3C4.19.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1286%3A%20Improper%20Validation%20of%20Syntactic%20Correctness%20of%20Input&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-601%3A%20URL%20Redirection%20to%20Untrusted%20Site%20('Open%20Redirect')&color=brighgreen)
+
+### Description
+
+Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()` but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/qazipoor/React-Clothing-Shop
+
--- a/2024/CVE-2024-29824.md
+++ b/2024/CVE-2024-29824.md
@ -15,5 +15,6 @@ No PoCs from references.
 #### Github
 - https://github.com/enomothem/PenTestNote
 - https://github.com/nomi-sec/PoC-in-GitHub
+- https://github.com/wjlin0/poc-doc
 - https://github.com/wy876/POC

--- a/2024/CVE-2024-29973.md
+++ b/2024/CVE-2024-29973.md
@ -16,5 +16,6 @@

 #### Github
 - https://github.com/nomi-sec/PoC-in-GitHub
+- https://github.com/wjlin0/poc-doc
 - https://github.com/wy876/POC

--- a/2024/CVE-2024-31982.md
+++ b/2024/CVE-2024-31982.md
@ -13,5 +13,6 @@ XWiki Platform is a generic wiki platform. Starting in version 2.4-milestone-1 a
 No PoCs from references.

 #### Github
+- https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/tanjiti/sec_profile

--- a/2024/CVE-2024-3414.md
+++ b/2024/CVE-2024-3414.md
@ -0,0 +1,17 @@
+### [CVE-2024-3414](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3414)
+![](https://img.shields.io/static/v1?label=Product&message=Human%20Resource%20Information%20System&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen)
+
+### Description
+
+A vulnerability was found in SourceCodester Human Resource Information System 1.0 and classified as problematic. This issue affects some unknown processing of the file Superadmin_Dashboard/process/addcorporate_process.php. The manipulation of the argument corporate_name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259583.
+
+### POC
+
+#### Reference
+- https://vuldb.com/?id.259583
+
+#### Github
+No PoCs found on GitHub currently.
+
--- a/2024/CVE-2024-3416.md
+++ b/2024/CVE-2024-3416.md
@ -10,7 +10,7 @@ A vulnerability classified as critical was found in SourceCodester Online Course
 ### POC

 #### Reference
-No PoCs from references.
+- https://vuldb.com/?id.259588

 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
--- a/2024/CVE-2024-34470.md
+++ b/2024/CVE-2024-34470.md
@ -16,6 +16,7 @@ An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An Unaut
 - https://github.com/fkie-cad/nvd-json-data-feeds
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/osvaldotenorio/CVE-2024-34470
+- https://github.com/wjlin0/poc-doc
 - https://github.com/wy876/POC
 - https://github.com/wy876/wiki

--- a/2024/CVE-2024-3524.md
+++ b/2024/CVE-2024-3524.md
@ -10,7 +10,7 @@ A vulnerability, which was classified as problematic, has been found in Campcode
 ### POC

 #### Reference
-No PoCs from references.
+- https://vuldb.com/?id.259895

 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
--- a/2024/CVE-2024-36104.md
+++ b/2024/CVE-2024-36104.md
@ -20,6 +20,7 @@ No PoCs from references.
 - https://github.com/enomothem/PenTestNote
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/tanjiti/sec_profile
+- https://github.com/wjlin0/poc-doc
 - https://github.com/wy876/POC
 - https://github.com/wy876/wiki

--- a/2024/CVE-2024-36428.md
+++ b/2024/CVE-2024-36428.md
@ -15,6 +15,7 @@ No PoCs from references.
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
 - https://github.com/tanjiti/sec_profile
+- https://github.com/wjlin0/poc-doc
 - https://github.com/wy876/POC
 - https://github.com/wy876/wiki

--- a/2024/CVE-2024-36597.md
+++ b/2024/CVE-2024-36597.md
@ -13,5 +13,6 @@ Aegon Life v1.0 was discovered to contain a SQL injection vulnerability via the
 No PoCs from references.

 #### Github
+- https://github.com/wjlin0/poc-doc
 - https://github.com/wy876/POC

--- a/2024/CVE-2024-37621.md
+++ b/2024/CVE-2024-37621.md
@ -0,0 +1,17 @@
+### [CVE-2024-37621](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37621)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+StrongShop v1.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the component /shippingOptionConfig/index.blade.php.
+
+### POC
+
+#### Reference
+- https://github.com/Hebing123/cve/issues/47
+
+#### Github
+No PoCs found on GitHub currently.
+
--- a/2024/CVE-2024-38319.md
+++ b/2024/CVE-2024-38319.md
@ -0,0 +1,17 @@
+### [CVE-2024-38319](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38319)
+![](https://img.shields.io/static/v1?label=Product&message=Security%20SOAR&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%2051.0.2.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%20Improper%20Control%20of%20Generation%20of%20Code%20('Code%20Injection')&color=brighgreen)
+
+### Description
+
+IBM Security SOAR 51.0.2.0 could allow an authenticated user to execute malicious code loaded from a specially crafted script.  IBM X-Force ID:  294830.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
--- a/2024/CVE-2024-3834.md
+++ b/2024/CVE-2024-3834.md
@ -10,7 +10,7 @@ Use after free in Downloads in Google Chrome prior to 124.0.6367.60 allowed a re
 ### POC

 #### Reference
-No PoCs from references.
+- https://issues.chromium.org/issues/326607008

 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
--- a/2024/CVE-2024-38379.md
+++ b/2024/CVE-2024-38379.md
@ -0,0 +1,17 @@
+### [CVE-2024-38379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38379)
+![](https://img.shields.io/static/v1?label=Product&message=Apache%20Allura&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=1.4.0%3C%3D%201.17.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+Apache Allura's neighborhood settings are vulnerable to a stored XSS attack.  Only neighborhood admins can access these settings, so the scope of risk is limited to configurations where neighborhood admins are not fully trusted.This issue affects Apache Allura: from 1.4.0 through 1.17.0.Users are recommended to upgrade to version 1.17.1, which fixes the issue.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/waspthebughunter/waspthebughunter
+
--- a/2024/CVE-2024-3910.md
+++ b/2024/CVE-2024-3910.md
@ -11,6 +11,7 @@ A vulnerability, which was classified as critical, has been found in Tenda AC500

 #### Reference
 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC500/fromDhcpListClient_page.md
+- https://vuldb.com/?id.261146

 #### Github
 No PoCs found on GitHub currently.
--- a/2024/CVE-2024-3961.md
+++ b/2024/CVE-2024-3961.md
@ -0,0 +1,17 @@
+### [CVE-2024-3961](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3961)
+![](https://img.shields.io/static/v1?label=Product&message=ConvertKit%20%E2%80%93%20Email%20Newsletter%2C%20Email%20Marketing%2C%20Subscribers%20and%20Landing%20Pages&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.4.9%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen)
+
+### Description
+
+The ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tag_subscriber function in all versions up to, and including, 2.4.9. This makes it possible for unauthenticated attackers to subscribe users to tags. Financial damages may occur to site owners if their API quota is exceeded.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
--- a/2024/CVE-2024-4313.md
+++ b/2024/CVE-2024-4313.md
@ -0,0 +1,17 @@
+### [CVE-2024-4313](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4313)
+![](https://img.shields.io/static/v1?label=Product&message=Table%20Addons%20for%20Elementor&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.1.2%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+The Table Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
--- a/2024/CVE-2024-4358.md
+++ b/2024/CVE-2024-4358.md
@ -23,6 +23,7 @@ No PoCs from references.
 - https://github.com/sinsinology/CVE-2024-4358
 - https://github.com/tanjiti/sec_profile
 - https://github.com/verylazytech/CVE-2024-4358
+- https://github.com/wjlin0/poc-doc
 - https://github.com/wy876/POC
 - https://github.com/wy876/wiki

--- a/2024/CVE-2024-4577.md
+++ b/2024/CVE-2024-4577.md
@ -15,6 +15,7 @@ In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, w
 - https://github.com/11whoami99/CVE-2024-4577
 - https://github.com/watchtowrlabs/CVE-2024-4577
 - https://github.com/xcanwin/CVE-2024-4577-PHP-RCE
+- https://isc.sans.edu/diary/30994
 - https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/

 #### Github
@ -49,8 +50,10 @@ In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, w
 - https://github.com/princew88/CVE-2024-4577
 - https://github.com/taida957789/CVE-2024-4577
 - https://github.com/tanjiti/sec_profile
+- https://github.com/teamdArk5/Sword
 - https://github.com/vwilzz/PHP-RCE-4577
 - https://github.com/watchtowrlabs/CVE-2024-4577
+- https://github.com/wjlin0/poc-doc
 - https://github.com/wy876/POC
 - https://github.com/wy876/wiki
 - https://github.com/xcanwin/CVE-2024-4577-PHP-RCE
--- a/2024/CVE-2024-5156.md
+++ b/2024/CVE-2024-5156.md
@ -0,0 +1,17 @@
+### [CVE-2024-5156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5156)
+![](https://img.shields.io/static/v1?label=Product&message=Flatsome&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%203.18.7%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+The Flatsome theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.18.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
--- a/2024/CVE-2024-5344.md
+++ b/2024/CVE-2024-5344.md
@ -0,0 +1,17 @@
+### [CVE-2024-5344](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5344)
+![](https://img.shields.io/static/v1?label=Product&message=The%20Plus%20Addons%20for%20Elementor%20Page%20Builder&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%205.5.6%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+The The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘forgoturl’ attribute within the plugin's WP Login & Register widget in all versions up to, and including, 5.5.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
--- a/2024/CVE-2024-5346.md
+++ b/2024/CVE-2024-5346.md
@ -0,0 +1,17 @@
+### [CVE-2024-5346](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5346)
+![](https://img.shields.io/static/v1?label=Product&message=Flatsome&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%203.18.7%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+The Flatsome theme for WordPress is vulnerable to Stored Cross-Site Scripting via the UX Countdown, Video Button, UX Video, UX Slider, UX Sidebar, and UX Payment Icons shortcodes in all versions up to, and including, 3.18.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
--- a/2024/CVE-2024-5455.md
+++ b/2024/CVE-2024-5455.md
@ -0,0 +1,17 @@
+### [CVE-2024-5455](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5455)
+![](https://img.shields.io/static/v1?label=Product&message=The%20Plus%20Addons%20for%20Elementor%20Page%20Builder&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%205.5.6%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-98%20Improper%20Control%20of%20Filename%20for%20Include%2FRequire%20Statement%20in%20PHP%20Program%20('PHP%20Remote%20File%20Inclusion')&color=brighgreen)
+
+### Description
+
+The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.5.4 via the 'magazine_style' parameter within the Dynamic Smart Showcase widget. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
--- a/Show More
+++ b/Show More