Update CVE sources 2024-08-24 17:55

2025-06-19 17:30:12 +00:00 · 2024-08-24 17:55:21 +00:00 · 2024-08-24 17:55:21 +00:00 · 8d17e0c8f8
commit 8d17e0c8f8
parent 7f567c153c
184 changed files with 2149 additions and 15 deletions
--- a/2014/CVE-2014-4210.md
+++ b/2014/CVE-2014-4210.md
@ -86,6 +86,7 @@ Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusi
 - https://github.com/password520/RedTeamer
 - https://github.com/pwnagelabs/VEF
 - https://github.com/qi4L/WeblogicScan.go
+- https://github.com/qiuluo-oss/Tiger
 - https://github.com/rabbitmask/WeblogicScan
 - https://github.com/rabbitmask/WeblogicScanLot
 - https://github.com/rabbitmask/WeblogicScanServer
--- a/2016/CVE-2016-3088.md
+++ b/2016/CVE-2016-3088.md
@ -55,6 +55,7 @@ The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remot
 - https://github.com/pravinsrc/NOTES-windows-kernel-links
 - https://github.com/pudiding/CVE-2016-3088
 - https://github.com/qazbnm456/awesome-cve-poc
+- https://github.com/qiuluo-oss/Tiger
 - https://github.com/retr0-13/Goby
 - https://github.com/sponkmonk/Ladon_english_update
 - https://github.com/t0m4too/t0m4to
--- a/2017/CVE-2017-12615.md
+++ b/2017/CVE-2017-12615.md
@ -91,6 +91,7 @@ When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.
 - https://github.com/q99266/saury-vulnhub
 - https://github.com/qazbnm456/awesome-cve-poc
 - https://github.com/qiantu88/Tomcat-Exploit
+- https://github.com/qiuluo-oss/Tiger
 - https://github.com/qiwentaidi/Slack
 - https://github.com/r0eXpeR/redteam_vul
 - https://github.com/safe6Sec/PentestNote
--- a/2017/CVE-2017-14849.md
+++ b/2017/CVE-2017-14849.md
@ -41,6 +41,7 @@ No PoCs from references.
 - https://github.com/merlinepedra25/nuclei-templates
 - https://github.com/openx-org/BLEN
 - https://github.com/q99266/saury-vulnhub
+- https://github.com/qiuluo-oss/Tiger
 - https://github.com/ronoski/j2ee-rscan
 - https://github.com/snyk-labs/container-breaking-in-goof
 - https://github.com/sobinge/nuclei-templates
--- a/2017/CVE-2017-16894.md
+++ b/2017/CVE-2017-16894.md
@ -26,5 +26,6 @@ In Laravel framework through 5.5.21, remote attackers can obtain sensitive infor
 - https://github.com/Threekiii/Awesome-POC
 - https://github.com/Z0fhack/Goby_POC
 - https://github.com/d4n-sec/d4n-sec.github.io
+- https://github.com/qiuluo-oss/Tiger
 - https://github.com/v4p0r/rooon-fiuuu

--- a/2017/CVE-2017-18349.md
+++ b/2017/CVE-2017-18349.md
@ -37,4 +37,5 @@ parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0
 - https://github.com/luckyfuture0177/VULOnceMore
 - https://github.com/openx-org/BLEN
 - https://github.com/pan2013e/ppt4j
+- https://github.com/qiuluo-oss/Tiger

--- a/2018/CVE-2018-1273.md
+++ b/2018/CVE-2018-1273.md
@ -67,6 +67,7 @@ Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older
 - https://github.com/nBp1Ng/SpringFramework-Vul
 - https://github.com/onewinner/VulToolsKit
 - https://github.com/qazbnm456/awesome-cve-poc
+- https://github.com/qiuluo-oss/Tiger
 - https://github.com/ronoski/j2ee-rscan
 - https://github.com/seal-community/patches
 - https://github.com/snowlovely/HacLang
--- a/2018/CVE-2018-18778.md
+++ b/2018/CVE-2018-18778.md
@ -36,4 +36,5 @@ No PoCs from references.
 - https://github.com/openx-org/BLEN
 - https://github.com/petitfleur/prov_navigator
 - https://github.com/provnavigator/prov_navigator
+- https://github.com/qiuluo-oss/Tiger

--- a/2019/CVE-2019-0232.md
+++ b/2019/CVE-2019-0232.md
@ -41,6 +41,7 @@ When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/pyn3rd/CVE-2019-0232
 - https://github.com/qazbnm456/awesome-cve-poc
+- https://github.com/qiuluo-oss/Tiger
 - https://github.com/r0eXpeR/redteam_vul
 - https://github.com/rootameen/vulpine
 - https://github.com/safe6Sec/PentestNote
--- a/2019/CVE-2019-11358.md
+++ b/2019/CVE-2019-11358.md
@ -3598,6 +3598,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
 - https://github.com/pcrobotics2/2023-15425-CenterStage
 - https://github.com/pcrobotics2/2023-19545-CenterStage
 - https://github.com/pcrobotics2/2023-22130-CenterStage
+- https://github.com/perfectparadox8400/8400_2024
 - https://github.com/petergriffinnn/code
 - https://github.com/petthepotat-dump/FTC-22-23-Refactored
 - https://github.com/pgdev1729/FTC-Robot-Controller-Centerstage
--- a/2020/CVE-2020-10199.md
+++ b/2020/CVE-2020-10199.md
@ -88,6 +88,7 @@ Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).
 - https://github.com/xuetusummer/Penetration_Testing_POC
 - https://github.com/yedada-wei/-
 - https://github.com/yedada-wei/gongkaishouji
+- https://github.com/zhaojunliing/awesome-stars
 - https://github.com/zhzyker/CVE-2020-10199_POC-EXP
 - https://github.com/zhzyker/exphub
 - https://github.com/zoroqi/my-awesome
--- a/2020/CVE-2020-10204.md
+++ b/2020/CVE-2020-10204.md
@ -77,6 +77,7 @@ Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution.
 - https://github.com/xuetusummer/Penetration_Testing_POC
 - https://github.com/yedada-wei/-
 - https://github.com/yedada-wei/gongkaishouji
+- https://github.com/zhaojunliing/awesome-stars
 - https://github.com/zhzyker/CVE-2020-10204
 - https://github.com/zhzyker/exphub
 - https://github.com/zoroqi/my-awesome
--- a/2020/CVE-2020-11444.md
+++ b/2020/CVE-2020-11444.md
@ -48,6 +48,7 @@ Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect A
 - https://github.com/soosmile/POC
 - https://github.com/weeka10/-hktalent-TOP
 - https://github.com/whoadmin/pocs
+- https://github.com/zhaojunliing/awesome-stars
 - https://github.com/zhzyker/CVE-2020-11444
 - https://github.com/zhzyker/exphub
 - https://github.com/zoroqi/my-awesome
--- a/2020/CVE-2020-13945.md
+++ b/2020/CVE-2020-13945.md
@ -24,6 +24,7 @@ In Apache APISIX, the user enabled the Admin API and deleted the Admin API acces
 - https://github.com/bakery312/Vulhub-Reproduce
 - https://github.com/bigblackhat/oFx
 - https://github.com/openx-org/BLEN
+- https://github.com/qiuluo-oss/Tiger
 - https://github.com/samurai411/toolbox
 - https://github.com/t0m4too/t0m4to
 - https://github.com/tanjiti/sec_profile
--- a/2020/CVE-2020-14882.md
+++ b/2020/CVE-2020-14882.md
@ -190,6 +190,7 @@ Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware
 - https://github.com/yichensec/Bug_writer
 - https://github.com/yyzsec/2021SecWinterTask
 - https://github.com/zer0yu/Awesome-CobaltStrike
+- https://github.com/zhaojunliing/awesome-stars
 - https://github.com/zhzyker/exphub
 - https://github.com/zhzyker/vulmap
 - https://github.com/zoroqi/my-awesome
--- a/2020/CVE-2020-1938.md
+++ b/2020/CVE-2020-1938.md
@ -216,6 +216,7 @@ When using the Apache JServ Protocol (AJP), care must be taken when trusting inc
 - https://github.com/yedada-wei/gongkaishouji
 - https://github.com/yq1ng/Java
 - https://github.com/ze0r/GhostCat-LFI-exp
+- https://github.com/zhaojunliing/awesome-stars
 - https://github.com/zhzyker/exphub
 - https://github.com/zoroqi/my-awesome

--- a/2020/CVE-2020-2551.md
+++ b/2020/CVE-2020-2551.md
@ -176,6 +176,7 @@ Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware
 - https://github.com/yedada-wei/-
 - https://github.com/yedada-wei/gongkaishouji
 - https://github.com/zema1/oracle-vuln-crawler
+- https://github.com/zhaojunliing/awesome-stars
 - https://github.com/zhzyker/exphub
 - https://github.com/zoroqi/my-awesome
 - https://github.com/zzwlpx/weblogicPoc
--- a/2020/CVE-2020-2555.md
+++ b/2020/CVE-2020-2555.md
@ -163,6 +163,7 @@ Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (compo
 - https://github.com/xuetusummer/Penetration_Testing_POC
 - https://github.com/yedada-wei/-
 - https://github.com/yedada-wei/gongkaishouji
+- https://github.com/zhaojunliing/awesome-stars
 - https://github.com/zhzyker/exphub
 - https://github.com/zhzyker/vulmap
 - https://github.com/zoroqi/my-awesome
--- a/2020/CVE-2020-2883.md
+++ b/2020/CVE-2020-2883.md
@ -125,6 +125,7 @@ Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware
 - https://github.com/xuetusummer/Penetration_Testing_POC
 - https://github.com/yedada-wei/-
 - https://github.com/yedada-wei/gongkaishouji
+- https://github.com/zhaojunliing/awesome-stars
 - https://github.com/zhzyker/exphub
 - https://github.com/zhzyker/vulmap
 - https://github.com/zoroqi/my-awesome
--- a/2020/CVE-2020-5410.md
+++ b/2020/CVE-2020-5410.md
@ -71,6 +71,7 @@ No PoCs from references.
 - https://github.com/pen4uin/vulnerability-research
 - https://github.com/pen4uin/vulnerability-research-list
 - https://github.com/pentration/gongkaishouji
+- https://github.com/qiuluo-oss/Tiger
 - https://github.com/readloud/Awesome-Stars
 - https://github.com/ronoski/j2ee-rscan
 - https://github.com/shadowsock5/spring-cloud-config-starter
--- a/2021/CVE-2021-21315.md
+++ b/2021/CVE-2021-21315.md
@ -49,6 +49,7 @@ No PoCs from references.
 - https://github.com/mmk-1/kubernetes-poc
 - https://github.com/n1sh1th/CVE-POC
 - https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main
+- https://github.com/qiuluo-oss/Tiger
 - https://github.com/slimtoolkit/slim
 - https://github.com/soosmile/POC
 - https://github.com/superlink996/chunqiuyunjingbachang
--- a/2021/CVE-2021-3129.md
+++ b/2021/CVE-2021-3129.md
@ -119,6 +119,7 @@ Ignition before 2.5.2, as used in Laravel and other products, allows unauthentic
 - https://github.com/pen4uin/vulnerability-research
 - https://github.com/pen4uin/vulnerability-research-list
 - https://github.com/qingchenhh/Tools-collection
+- https://github.com/qiuluo-oss/Tiger
 - https://github.com/r3volved/CVEAggregate
 - https://github.com/ramimac/aws-customer-security-incidents
 - https://github.com/randolphcyg/nuclei-plus
--- a/2021/CVE-2021-45232.md
+++ b/2021/CVE-2021-45232.md
@ -57,6 +57,7 @@ No PoCs from references.
 - https://github.com/pen4uin/awesome-vulnerability-research
 - https://github.com/pen4uin/vulnerability-research
 - https://github.com/pen4uin/vulnerability-research-list
+- https://github.com/qiuluo-oss/Tiger
 - https://github.com/soosmile/POC
 - https://github.com/t0m4too/t0m4to
 - https://github.com/trhacknon/Pocingit
--- a/2022/CVE-2022-1526.md
+++ b/2022/CVE-2022-1526.md
@ -11,6 +11,7 @@ A vulnerability, which was classified as problematic, was found in Emlog Pro up

 #### Reference
 - https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/emlog%3C=pro-1.2.2%20Stored%20Cross-Site%20Scripting(XSS).md
+- https://vuldb.com/?id.198705

 #### Github
 No PoCs found on GitHub currently.
--- a/2022/CVE-2022-40734.md
+++ b/2022/CVE-2022-40734.md
@ -23,4 +23,5 @@ UniSharp laravel-filemanager (aka Laravel Filemanager) before 2.6.4 allows downl
 - https://github.com/Miraitowa70/POC-Notes
 - https://github.com/Threekiii/Awesome-POC
 - https://github.com/d4n-sec/d4n-sec.github.io
+- https://github.com/qiuluo-oss/Tiger

--- a/2022/CVE-2022-41678.md
+++ b/2022/CVE-2022-41678.md
@ -20,6 +20,7 @@ No PoCs from references.
 - https://github.com/Threekiii/Vulhub-Reproduce
 - https://github.com/bakery312/Vulhub-Reproduce
 - https://github.com/d4n-sec/d4n-sec.github.io
+- https://github.com/qiuluo-oss/Tiger
 - https://github.com/tanjiti/sec_profile
 - https://github.com/wjlin0/poc-doc
 - https://github.com/wy876/POC
--- a/2022/CVE-2022-43634.md
+++ b/2022/CVE-2022-43634.md
@ -13,5 +13,6 @@ This vulnerability allows remote attackers to execute arbitrary code on affected
 No PoCs from references.

 #### Github
+- https://github.com/DiRaltvein/memory-corruption-examples
 - https://github.com/fkie-cad/nvd-json-data-feeds

--- a/2023/CVE-2023-0926.md
+++ b/2023/CVE-2023-0926.md
@ -0,0 +1,17 @@
+### [CVE-2023-0926](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0926)
+![](https://img.shields.io/static/v1?label=Product&message=Custom%20Permalinks&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.6.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+The Custom Permalinks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.6.0 due to insufficient input sanitization and output escaping on tag names. This allows authenticated users, with editor-level permissions or greater to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page, even when 'unfiltered_html' has been disabled.
+
+### POC
+
+#### Reference
+- https://github.com/samiahmedsiddiqui/custom-permalinks/pull/96
+
+#### Github
+No PoCs found on GitHub currently.
+
--- a/2023/CVE-2023-2414.md
+++ b/2023/CVE-2023-2414.md
@ -1,11 +1,11 @@
 ### [CVE-2023-2414](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2414)
 ![](https://img.shields.io/static/v1?label=Product&message=Online%20Booking%20%26%20Scheduling%20Calendar%20for%20WordPress%20by%20vcita&color=blue)
-![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%204.2.10%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%204.4.6%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen)

 ### Description

-The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_save_settings_callback function in versions up to, and including, 4.2.10. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to modify the plugins settings, upload media files, and inject malicious JavaScript.
+The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_save_settings_callback function in versions up to, and including, 4.4.6. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to modify the plugins settings, upload arbitrary files, and inject malicious JavaScript (before 4.3.2).

 ### POC

--- a/2023/CVE-2023-27772.md
+++ b/2023/CVE-2023-27772.md
@ -0,0 +1,17 @@
+### [CVE-2023-27772](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27772)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+libiec61850 v1.5.1 was discovered to contain a segmentation violation via the function ControlObjectClient_setOrigin() at /client/client_control.c.
+
+### POC
+
+#### Reference
+- https://github.com/mz-automation/libiec61850/issues/442
+
+#### Github
+No PoCs found on GitHub currently.
+
--- a/2023/CVE-2023-38646.md
+++ b/2023/CVE-2023-38646.md
@ -83,6 +83,7 @@ Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 all
 - https://github.com/passwa11/2023Hvv_
 - https://github.com/passwa11/CVE-2023-38646
 - https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main
+- https://github.com/qiuluo-oss/Tiger
 - https://github.com/raytheon0x21/CVE-2023-38646
 - https://github.com/robotmikhro/CVE-2023-38646
 - https://github.com/samurai411/toolbox
--- a/2023/CVE-2023-41101.md
+++ b/2023/CVE-2023-41101.md
@ -0,0 +1,17 @@
+### [CVE-2023-41101](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41101)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+An issue was discovered in the captive portal in OpenNDS before version 10.1.3. get_query in http_microhttpd.c does not validate the length of the query string of GET requests. This leads to a stack-based buffer overflow in versions 9.x and earlier, and to a heap-based buffer overflow in versions 10.x and later. Attackers may exploit the issue to crash OpenNDS (Denial-of-Service condition) or to inject and execute arbitrary bytecode (Remote Code Execution). Affected OpenNDS before version 10.1.3 fixed in OpenWrt master and OpenWrt 23.05 on 23. November by updating OpenNDS to version 10.2.0.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/DiRaltvein/memory-corruption-examples
+
--- a/2023/CVE-2023-4442.md
+++ b/2023/CVE-2023-4442.md
@ -10,7 +10,7 @@ A vulnerability was found in SourceCodester Free Hospital Management System for
 ### POC

 #### Reference
-No PoCs from references.
+- https://vuldb.com/?id.237563

 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
--- a/2023/CVE-2023-4449.md
+++ b/2023/CVE-2023-4449.md
@ -0,0 +1,17 @@
+### [CVE-2023-4449](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4449)
+![](https://img.shields.io/static/v1?label=Product&message=Free%20and%20Open%20Source%20Inventory%20Management%20System&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen)
+
+### Description
+
+A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /index.php?page=member. The manipulation of the argument columns[0][data] leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-237570 is the identifier assigned to this vulnerability.
+
+### POC
+
+#### Reference
+- https://vuldb.com/?id.237570
+
+#### Github
+No PoCs found on GitHub currently.
+
--- a/2023/CVE-2023-44709.md
+++ b/2023/CVE-2023-44709.md
@ -13,5 +13,5 @@ PlutoSVG commit 336c02997277a1888e6ccbbbe674551a0582e5c4 and before was discover
 - https://github.com/sammycage/plutosvg/issues/7

 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/DiRaltvein/memory-corruption-examples

--- a/2023/CVE-2023-4741.md
+++ b/2023/CVE-2023-4741.md
@ -10,7 +10,7 @@ A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This
 ### POC

 #### Reference
-No PoCs from references.
+- https://vuldb.com/?id.238630

 #### Github
 - https://github.com/nomi-sec/PoC-in-GitHub
--- a/2023/CVE-2023-4745.md
+++ b/2023/CVE-2023-4745.md
@ -11,6 +11,7 @@ A vulnerability was found in Byzoro Smart S45F Multi-Service Secure Gateway Inte

 #### Reference
 - https://github.com/Jacky-Y/vuls/blob/main/vul6.md
+- https://vuldb.com/?id.238634

 #### Github
 No PoCs found on GitHub currently.
--- a/2023/CVE-2023-49485.md
+++ b/2023/CVE-2023-49485.md
@ -0,0 +1,17 @@
+### [CVE-2023-49485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49485)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the column management department.
+
+### POC
+
+#### Reference
+- https://github.com/Rabb1ter/cms/blob/main/There%20is%20a%20storage%20type%20XSS%20in%20the%20column%20management%20department.md
+
+#### Github
+No PoCs found on GitHub currently.
+
--- a/2023/CVE-2023-4987.md
+++ b/2023/CVE-2023-4987.md
@ -11,6 +11,7 @@ A vulnerability, which was classified as critical, has been found in infinitiete

 #### Reference
 - http://packetstormsecurity.com/files/174760/Taskhub-2.8.7-SQL-Injection.html
+- https://vuldb.com/?id.239798

 #### Github
 No PoCs found on GitHub currently.
--- a/2023/CVE-2023-4991.md
+++ b/2023/CVE-2023-4991.md
@ -0,0 +1,17 @@
+### [CVE-2023-4991](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4991)
+![](https://img.shields.io/static/v1?label=Product&message=QWAlerter&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%204.50%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-428%20Unquoted%20Search%20Path&color=brighgreen)
+
+### Description
+
+A vulnerability was found in NextBX QWAlerter 4.50. It has been rated as critical. Affected by this issue is some unknown functionality of the file QWAlerter.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. The identifier of this vulnerability is VDB-239804. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
+
+### POC
+
+#### Reference
+- https://vuldb.com/?id.239804
+
+#### Github
+No PoCs found on GitHub currently.
+
--- a/2024/CVE-2024-20767.md
+++ b/2024/CVE-2024-20767.md
@ -24,6 +24,7 @@ No PoCs from references.
 - https://github.com/m-cetin/CVE-2024-20767
 - https://github.com/netlas-io/netlas-dorks
 - https://github.com/nomi-sec/PoC-in-GitHub
+- https://github.com/qiuluo-oss/Tiger
 - https://github.com/tanjiti/sec_profile
 - https://github.com/trganda/starrlist
 - https://github.com/wjlin0/poc-doc
--- a/2024/CVE-2024-21689.md
+++ b/2024/CVE-2024-21689.md
@ -0,0 +1,18 @@
+### [CVE-2024-21689](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21689)
+![](https://img.shields.io/static/v1?label=Product&message=Bamboo%20Data%20Center&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Bamboo%20Server&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=RCE%20(Remote%20Code%20Execution)&color=brighgreen)
+
+### Description
+
+This High severity RCE (Remote Code Execution) vulnerability CVE-2024-21689  was introduced in versions 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Bamboo Data Center and Server.

This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.6, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction.

Atlassian recommends that Bamboo Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions:
 Bamboo Data Center and Server 9.2: Upgrade to a release greater than or equal to 9.2.17

 Bamboo Data Center and Server 9.6: Upgrade to a release greater than or equal to 9.6.5

See the release notes ([https://confluence.atlassian.com/bambooreleases/bamboo-release-notes-1189793869.html]). You can download the latest version of Bamboo Data Center and Server from the download center ([https://www.atlassian.com/software/bamboo/download-archives]).

This vulnerability was reported via our Bug Bounty program.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/nomi-sec/PoC-in-GitHub
+
--- a/2024/CVE-2024-21733.md
+++ b/2024/CVE-2024-21733.md
@ -18,6 +18,7 @@ Generation of Error Message Containing Sensitive Information vulnerability in Ap
 - https://github.com/Ostorlab/KEV
 - https://github.com/fkie-cad/nvd-json-data-feeds
 - https://github.com/nomi-sec/PoC-in-GitHub
+- https://github.com/qiuluo-oss/Tiger
 - https://github.com/tanjiti/sec_profile
 - https://github.com/versio-io/product-lifecycle-security-api
 - https://github.com/wjlin0/poc-doc
--- a/2024/CVE-2024-22263.md
+++ b/2024/CVE-2024-22263.md
@ -14,4 +14,5 @@ No PoCs from references.

 #### Github
 - https://github.com/nomi-sec/PoC-in-GitHub
+- https://github.com/tanjiti/sec_profile

--- a/2024/CVE-2024-2887.md
+++ b/2024/CVE-2024-2887.md
@ -13,5 +13,6 @@ Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a
 No PoCs from references.

 #### Github
+- https://github.com/TrojanAZhen/Self_Back
 - https://github.com/fkie-cad/nvd-json-data-feeds

--- a/2024/CVE-2024-34065.md
+++ b/2024/CVE-2024-34065.md
@ -0,0 +1,18 @@
+### [CVE-2024-34065](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34065)
+![](https://img.shields.io/static/v1?label=Product&message=strapi&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%204.24.2%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-294%3A%20Authentication%20Bypass%20by%20Capture-replay&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-601%3A%20URL%20Redirection%20to%20Untrusted%20Site%20('Open%20Redirect')&color=brighgreen)
+
+### Description
+
+Strapi is an open-source content management system. By combining two vulnerabilities (an `Open Redirect` and `session token sent as URL query parameter`) in @strapi/plugin-users-permissions before version 4.24.2, is its possible of an unauthenticated attacker to bypass authentication mechanisms and retrieve the 3rd party tokens. The attack requires user interaction (one click). Unauthenticated attackers can leverage two vulnerabilities to obtain an 3rd party token and the bypass authentication of Strapi apps. Users should upgrade @strapi/plugin-users-permissions to version 4.24.2 to receive a patch.
+
+### POC
+
+#### Reference
+- https://github.com/strapi/strapi/security/advisories/GHSA-wrvh-rcmr-9qfc
+
+#### Github
+No PoCs found on GitHub currently.
+
--- a/2024/CVE-2024-34312.md
+++ b/2024/CVE-2024-34312.md
@ -10,7 +10,7 @@ Virtual Programming Lab for Moodle up to v4.2.3 was discovered to contain a cros
 ### POC

 #### Reference
-No PoCs from references.
+- https://github.com/vincentscode/CVE-2024-34312

 #### Github
 - https://github.com/nomi-sec/PoC-in-GitHub
--- a/2024/CVE-2024-34329.md
+++ b/2024/CVE-2024-34329.md
@ -10,7 +10,7 @@ Insecure permissions in Entrust Datacard XPS Card Printer Driver 8.4 and earlier
 ### POC

 #### Reference
-No PoCs from references.
+- https://github.com/pamoutaf/CVE-2024-34329/blob/main/README.md

 #### Github
 - https://github.com/nomi-sec/PoC-in-GitHub
--- a/2024/CVE-2024-34361.md
+++ b/2024/CVE-2024-34361.md
@ -10,7 +10,7 @@ Pi-hole is a DNS sinkhole that protects devices from unwanted content without in
 ### POC

 #### Reference
-No PoCs from references.
+- https://github.com/pi-hole/pi-hole/security/advisories/GHSA-jg6g-rrj6-xfg6

 #### Github
 - https://github.com/nomi-sec/PoC-in-GitHub
--- a/2024/CVE-2024-34452.md
+++ b/2024/CVE-2024-34452.md
@ -10,7 +10,7 @@ CMSimple_XH 1.7.6 allows XSS by uploading a crafted SVG document.
 ### POC

 #### Reference
-No PoCs from references.
+- https://github.com/surajhacx/CVE-2024-34452/

 #### Github
 - https://github.com/nomi-sec/PoC-in-GitHub
--- a/2024/CVE-2024-34702.md
+++ b/2024/CVE-2024-34702.md
@ -0,0 +1,17 @@
+### [CVE-2024-34702](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34702)
+![](https://img.shields.io/static/v1?label=Product&message=botan&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%202.19.5%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-405%3A%20Asymmetric%20Resource%20Consumption%20(Amplification)&color=brighgreen)
+
+### Description
+
+Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters.  Prior to 3.5.0 and 2.19.5, checking name constraints in X.509 certificates is quadratic in the number of names and name constraints. An attacker who presented a certificate chain which contained a very large number of names in the SubjectAlternativeName, signed by a CA certificate which contained a large number of name constraints, could cause a denial of service. The problem has been addressed in Botan 3.5.0 and a partial backport has also been applied and is included in Botan 2.19.5.
+
+### POC
+
+#### Reference
+- https://github.com/randombit/botan/security/advisories/GHSA-5gg9-hqpr-r58j
+
+#### Github
+No PoCs found on GitHub currently.
+
--- a/2024/CVE-2024-34703.md
+++ b/2024/CVE-2024-34703.md
@ -0,0 +1,18 @@
+### [CVE-2024-34703](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34703)
+![](https://img.shields.io/static/v1?label=Product&message=botan&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%203.3.0%2C%20%3C%203.3.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-405%3A%20Asymmetric%20Resource%20Consumption%20(Amplification)&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-770%3A%20Allocation%20of%20Resources%20Without%20Limits%20or%20Throttling&color=brighgreen)
+
+### Description
+
+Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to versions 3.3.0 and 2.19.4, an attacker could present an ECDSA X.509 certificate using explicit encoding where the parameters are very large. The proof of concept used a 16Kbit prime for this purpose. When parsing, the parameter is checked to be prime, causing excessive computation. This was patched in 2.19.4 and 3.3.0 to allow the prime parameter of the elliptic curve to be at most 521 bits. No known workarounds are available. Note that support for explicit encoding of elliptic curve parameters is deprecated in Botan.
+
+### POC
+
+#### Reference
+- https://github.com/randombit/botan/security/advisories/GHSA-w4g2-7m2h-7xj7
+
+#### Github
+No PoCs found on GitHub currently.
+
--- a/2024/CVE-2024-35325.md
+++ b/2024/CVE-2024-35325.md
@ -0,0 +1,17 @@
+### [CVE-2024-35325](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35325)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+A vulnerability was found in libyaml up to 0.2.5. Affected by this issue is the function yaml_event_delete of the file /src/libyaml/src/api.c. The manipulation leads to a double-free.
+
+### POC
+
+#### Reference
+- https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c
+
+#### Github
+No PoCs found on GitHub currently.
+
--- a/2024/CVE-2024-36514.md
+++ b/2024/CVE-2024-36514.md
@ -0,0 +1,17 @@
+### [CVE-2024-36514](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36514)
+![](https://img.shields.io/static/v1?label=Product&message=ADAudit%20Plus&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=0%3C%208000%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen)
+
+### Description
+
+Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in file summary option.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
--- a/2024/CVE-2024-36515.md
+++ b/2024/CVE-2024-36515.md
@ -0,0 +1,17 @@
+### [CVE-2024-36515](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36515)
+![](https://img.shields.io/static/v1?label=Product&message=ADAudit%20Plus&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=0%3C%208000%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen)
+
+### Description
+
+Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard.Note: This vulnerability is different from another vulnerability (CVE-2024-36516), both of which have affected ADAudit Plus' dashboard.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
--- a/2024/CVE-2024-36516.md
+++ b/2024/CVE-2024-36516.md
@ -0,0 +1,17 @@
+### [CVE-2024-36516](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36516)
+![](https://img.shields.io/static/v1?label=Product&message=ADAudit%20Plus&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=0%3C%208000%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen)
+
+### Description
+
+Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard.Note: This vulnerability is different from another vulnerability (CVE-2024-36515), both of which have affected ADAudit Plus' dashboard.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
--- a/2024/CVE-2024-36517.md
+++ b/2024/CVE-2024-36517.md
@ -0,0 +1,17 @@
+### [CVE-2024-36517](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36517)
+![](https://img.shields.io/static/v1?label=Product&message=ADAudit%20Plus&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=0%3C%208000%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen)
+
+### Description
+
+Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in alerts module.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
--- a/2024/CVE-2024-37311.md
+++ b/2024/CVE-2024-37311.md
@ -0,0 +1,17 @@
+### [CVE-2024-37311](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37311)
+![](https://img.shields.io/static/v1?label=Product&message=online&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%2024.04.1.1%2C%20%3C%2024.04.4.3%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-295%3A%20Improper%20Certificate%20Validation&color=brighgreen)
+
+### Description
+
+Collabora Online is a collaborative online office suite based on LibreOffice. In affected versions of Collabora Online, https connections from coolwsd to other hosts may incompletely verify the remote host's certificate's against the full chain of trust. This vulnerability is fixed in Collabora Online 24.04.4.3, 23.05.14.1, and 22.05.23.1.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
--- a/2024/CVE-2024-38856.md
+++ b/2024/CVE-2024-38856.md
@ -20,6 +20,7 @@ No PoCs from references.
 - https://github.com/fkie-cad/nvd-json-data-feeds
 - https://github.com/k3ppf0r/2024-PocLib
 - https://github.com/nomi-sec/PoC-in-GitHub
+- https://github.com/qiuluo-oss/Tiger
 - https://github.com/tanjiti/sec_profile
 - https://github.com/wy876/POC
 - https://github.com/wy876/wiki
--- a/2024/CVE-2024-38869.md
+++ b/2024/CVE-2024-38869.md
@ -0,0 +1,20 @@
+### [CVE-2024-38869](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38869)
+![](https://img.shields.io/static/v1?label=Product&message=ServiceDesk%20Plus%20MSP&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=ServiceDesk%20Plus&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=SupportCenter%20Plus&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%2014800%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%2014810%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+An Stored Cross-site Scripting vulnerability affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: through 14800; SupportCenter Plus: through 14800.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
--- a/2024/CVE-2024-39666.md
+++ b/2024/CVE-2024-39666.md
@ -0,0 +1,17 @@
+### [CVE-2024-39666](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39666)
+![](https://img.shields.io/static/v1?label=Product&message=WooCommerce&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 9.1.2.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+
--- a/2024/CVE-2024-40348.md
+++ b/2024/CVE-2024-40348.md
@ -14,6 +14,7 @@ No PoCs from references.

 #### Github
 - https://github.com/nomi-sec/PoC-in-GitHub
+- https://github.com/qiuluo-oss/Tiger
 - https://github.com/wy876/POC
 - https://github.com/wy876/wiki

--- a/2024/CVE-2024-41150.md
+++ b/2024/CVE-2024-41150.md
@ -0,0 +1,20 @@
+### [CVE-2024-41150](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41150)
+![](https://img.shields.io/static/v1?label=Product&message=ServiceDesk%20Plus%20MSP&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=ServiceDesk%20Plus&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=SupportCenter%20Plus&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%2014800%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%2014810%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+An Stored Cross-site Scripting vulnerability affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: through 14800; SupportCenter Plus: through 14800.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
--- a/2024/CVE-2024-42040.md
+++ b/2024/CVE-2024-42040.md
@ -0,0 +1,17 @@
+### [CVE-2024-42040](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42040)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Buffer Overflow vulnerability in the net/bootp.c in DENEX U-Boot from its initial commit in 2002 (3861aa5) up to today on any platform allows an attacker on the local network to leak memory from four up to 32 bytes of memory stored behind the packet to the network depending on the later use of DHCP-provided parameters via crafted DHCP responses.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
--- a/2024/CVE-2024-42764.md
+++ b/2024/CVE-2024-42764.md
@ -0,0 +1,17 @@
+### [CVE-2024-42764](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42764)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Kashipara Bus Ticket Reservation System v1.0 is vulnerable to Cross Site Request Forgery (CSRF) via /deleteTicket.php.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
--- a/2024/CVE-2024-42765.md
+++ b/2024/CVE-2024-42765.md
@ -0,0 +1,17 @@
+### [CVE-2024-42765](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42765)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+A SQL injection vulnerability in "/login.php" of the Kashipara Bus Ticket Reservation System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the "email" or "password" Login page parameters.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
--- a/2024/CVE-2024-42766.md
+++ b/2024/CVE-2024-42766.md
@ -0,0 +1,17 @@
+### [CVE-2024-42766](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42766)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Kashipara Bus Ticket Reservation System v1.0 0 is vulnerable to Incorrect Access Control via /deleteTicket.php.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
--- a/2024/CVE-2024-42845.md
+++ b/2024/CVE-2024-42845.md
@ -0,0 +1,17 @@
+### [CVE-2024-42845](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42845)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+An eval Injection vulnerability in the component invesalius/reader/dicom.py of InVesalius 3.1.99991 through 3.1.99998 allows attackers to execute arbitrary code via loading a crafted DICOM file.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/nomi-sec/PoC-in-GitHub
+
--- a/2024/CVE-2024-42915.md
+++ b/2024/CVE-2024-42915.md
@ -0,0 +1,17 @@
+### [CVE-2024-42915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42915)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+A host header injection vulnerability in Staff Appraisal System v1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This will allow attackers to arbitrarily reset other users' passwords and compromise their accounts.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
--- a/2024/CVE-2024-42918.md
+++ b/2024/CVE-2024-42918.md
@ -0,0 +1,17 @@
+### [CVE-2024-42918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42918)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+itsourcecode Online Accreditation Management System contains a Cross Site Scripting vulnerability, which allows an attacker to execute arbitrary code via a crafted payload to the SCHOOLNAME, EMAILADDRES, CONTACTNO, COMPANYNAME and COMPANYCONTACTNO parameters in controller.php.
+
+### POC
+
+#### Reference
+- https://packetstormsecurity.com
+
+#### Github
+No PoCs found on GitHub currently.
+
--- a/2024/CVE-2024-42992.md
+++ b/2024/CVE-2024-42992.md
@ -0,0 +1,17 @@
+### [CVE-2024-42992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42992)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Python Pip Pandas v2.2.2 was discovered to contain an arbitrary file read vulnerability.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/nomi-sec/PoC-in-GitHub
+
--- a/2024/CVE-2024-43238.md
+++ b/2024/CVE-2024-43238.md
@ -13,5 +13,6 @@ Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site
 No PoCs from references.

 #### Github
+- https://github.com/20142995/nuclei-templates
 - https://github.com/fkie-cad/nvd-json-data-feeds

--- a/2024/CVE-2024-43239.md
+++ b/2024/CVE-2024-43239.md
@ -0,0 +1,17 @@
+### [CVE-2024-43239](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43239)
+![](https://img.shields.io/static/v1?label=Product&message=Masteriyo%20-%20LMS&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-639%20Authorization%20Bypass%20Through%20User-Controlled%20Key&color=brighgreen)
+
+### Description
+
+Authorization Bypass Through User-Controlled Key vulnerability in Masteriyo Masteriyo - LMS.This issue affects Masteriyo - LMS: from n/a through 1.11.4.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+
--- a/2024/CVE-2024-43240.md
+++ b/2024/CVE-2024-43240.md
@ -0,0 +1,17 @@
+### [CVE-2024-43240](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43240)
+![](https://img.shields.io/static/v1?label=Product&message=Ultimate%20Membership%20Pro&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%2012.6%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-269%20Improper%20Privilege%20Management&color=brighgreen)
+
+### Description
+
+Improper Privilege Management vulnerability in azzaroco Ultimate Membership Pro allows Privilege Escalation.This issue affects Ultimate Membership Pro: from n/a through 12.6.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+
--- a/2024/CVE-2024-43241.md
+++ b/2024/CVE-2024-43241.md
@ -0,0 +1,17 @@
+### [CVE-2024-43241](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43241)
+![](https://img.shields.io/static/v1?label=Product&message=Ultimate%20Membership%20Pro&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%2012.6%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in azzaroco Ultimate Membership Pro allows Reflected XSS.This issue affects Ultimate Membership Pro: from n/a through 12.6.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+
--- a/2024/CVE-2024-43242.md
+++ b/2024/CVE-2024-43242.md
@ -0,0 +1,17 @@
+### [CVE-2024-43242](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43242)
+![](https://img.shields.io/static/v1?label=Product&message=Ultimate%20Membership%20Pro&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%2012.6%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%20Deserialization%20of%20Untrusted%20Data&color=brighgreen)
+
+### Description
+
+Deserialization of Untrusted Data vulnerability in azzaroco Ultimate Membership Pro allows Object Injection.This issue affects Ultimate Membership Pro: from n/a through 12.6.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+
--- a/2024/CVE-2024-43244.md
+++ b/2024/CVE-2024-43244.md
@ -0,0 +1,17 @@
+### [CVE-2024-43244](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43244)
+![](https://img.shields.io/static/v1?label=Product&message=Houzez&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in favethemes Houzez allows Reflected XSS.This issue affects Houzez: from n/a through 3.2.4.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+
--- a/2024/CVE-2024-43245.md
+++ b/2024/CVE-2024-43245.md
@ -0,0 +1,17 @@
+### [CVE-2024-43245](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43245)
+![](https://img.shields.io/static/v1?label=Product&message=JobSearch&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%202.3.4%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-269%20Improper%20Privilege%20Management&color=brighgreen)
+
+### Description
+
+Improper Privilege Management vulnerability in eyecix JobSearch allows Privilege Escalation.This issue affects JobSearch: from n/a through 2.3.4.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+
--- a/2024/CVE-2024-43246.md
+++ b/2024/CVE-2024-43246.md
@ -0,0 +1,17 @@
+### [CVE-2024-43246](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43246)
+![](https://img.shields.io/static/v1?label=Product&message=WHMpress&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%206.2-revision-5%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in creativeon WHMpress allows Reflected XSS.This issue affects WHMpress: from n/a through 6.2-revision-5.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+
--- a/2024/CVE-2024-43247.md
+++ b/2024/CVE-2024-43247.md
@ -0,0 +1,17 @@
+### [CVE-2024-43247](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43247)
+![](https://img.shields.io/static/v1?label=Product&message=WHMpress&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%206.2-revision-5%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen)
+
+### Description
+
+Missing Authorization vulnerability in creativeon WHMpress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WHMpress: from n/a through 6.2-revision-5.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+
--- a/2024/CVE-2024-43248.md
+++ b/2024/CVE-2024-43248.md
@ -0,0 +1,17 @@
+### [CVE-2024-43248](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43248)
+![](https://img.shields.io/static/v1?label=Product&message=Bit%20Form%20Pro&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%202.6.4%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen)
+
+### Description
+
+Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Bit Apps Bit Form Pro allows File Manipulation.This issue affects Bit Form Pro: from n/a through 2.6.4.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+
--- a/2024/CVE-2024-43249.md
+++ b/2024/CVE-2024-43249.md
@ -0,0 +1,17 @@
+### [CVE-2024-43249](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43249)
+![](https://img.shields.io/static/v1?label=Product&message=Bit%20Form%20Pro&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%202.6.4%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload%20of%20File%20with%20Dangerous%20Type&color=brighgreen)
+
+### Description
+
+Unrestricted Upload of File with Dangerous Type vulnerability in Bit Apps Bit Form Pro allows Command Injection.This issue affects Bit Form Pro: from n/a through 2.6.4.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+
--- a/2024/CVE-2024-43250.md
+++ b/2024/CVE-2024-43250.md
@ -0,0 +1,17 @@
+### [CVE-2024-43250](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43250)
+![](https://img.shields.io/static/v1?label=Product&message=Bit%20Form%20Pro&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%202.6.4%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-863%20Incorrect%20Authorization&color=brighgreen)
+
+### Description
+
+Incorrect Authorization vulnerability in Bit Apps Bit Form Pro bitformpro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bit Form Pro: from n/a through 2.6.4.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+
--- a/2024/CVE-2024-43252.md
+++ b/2024/CVE-2024-43252.md
@ -0,0 +1,17 @@
+### [CVE-2024-43252](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43252)
+![](https://img.shields.io/static/v1?label=Product&message=Crew%20HRM&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%20Deserialization%20of%20Untrusted%20Data&color=brighgreen)
+
+### Description
+
+Deserialization of Untrusted Data vulnerability in Crew HRM allows Object Injection.This issue affects Crew HRM: from n/a through 1.1.1.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+
--- a/2024/CVE-2024-43256.md
+++ b/2024/CVE-2024-43256.md
@ -0,0 +1,17 @@
+### [CVE-2024-43256](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43256)
+![](https://img.shields.io/static/v1?label=Product&message=Leopard%20-%20WordPress%20offload%20media&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%202.0.36%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen)
+
+### Description
+
+Missing Authorization vulnerability in nouthemes Leopard - WordPress offload media allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Leopard - WordPress offload media: from n/a through 2.0.36.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+
--- a/2024/CVE-2024-43261.md
+++ b/2024/CVE-2024-43261.md
@ -0,0 +1,17 @@
+### [CVE-2024-43261](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43261)
+![](https://img.shields.io/static/v1?label=Product&message=Compute%20Links&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.2.1%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-98%20Improper%20Control%20of%20Filename%20for%20Include%2FRequire%20Statement%20in%20PHP%20Program%20('PHP%20Remote%20File%20Inclusion')&color=brighgreen)
+
+### Description
+
+Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Hamed Naderfar Compute Links allows PHP Remote File Inclusion.This issue affects Compute Links: from n/a through 1.2.1.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+
--- a/2024/CVE-2024-43262.md
+++ b/2024/CVE-2024-43262.md
@ -0,0 +1,17 @@
+### [CVE-2024-43262](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43262)
+![](https://img.shields.io/static/v1?label=Product&message=Busiprof&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%202.4.8%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in webriti Busiprof allows Stored XSS.This issue affects Busiprof: from n/a through 2.4.8.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+
--- a/2024/CVE-2024-43263.md
+++ b/2024/CVE-2024-43263.md
@ -0,0 +1,17 @@
+### [CVE-2024-43263](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43263)
+![](https://img.shields.io/static/v1?label=Product&message=Visual%20Composer%20Starter&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%203.3%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Visual Composer Visual Composer Starter allows Stored XSS.This issue affects Visual Composer Starter: from n/a through 3.3.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+
--- a/2024/CVE-2024-43266.md
+++ b/2024/CVE-2024-43266.md
@ -0,0 +1,17 @@
+### [CVE-2024-43266](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43266)
+![](https://img.shields.io/static/v1?label=Product&message=WP%20Job%20Portal&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%202.1.6%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-639%20Authorization%20Bypass%20Through%20User-Controlled%20Key&color=brighgreen)
+
+### Description
+
+Authorization Bypass Through User-Controlled Key vulnerability in WP Job Portal.This issue affects WP Job Portal: from n/a through 2.1.6.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+
--- a/2024/CVE-2024-43267.md
+++ b/2024/CVE-2024-43267.md
@ -0,0 +1,17 @@
+### [CVE-2024-43267](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43267)
+![](https://img.shields.io/static/v1?label=Product&message=Mega%20Addons%20For%20Elementor&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.9%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Qamar Sheeraz, Nasir Ahmad, GenialSouls Mega Addons For Elementor allows Stored XSS.This issue affects Mega Addons For Elementor: from n/a through 1.9.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+
--- a/2024/CVE-2024-43271.md
+++ b/2024/CVE-2024-43271.md
@ -0,0 +1,17 @@
+### [CVE-2024-43271](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43271)
+![](https://img.shields.io/static/v1?label=Product&message=Woo%20Products%20Widgets%20For%20Elementor&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%202.0.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen)
+
+### Description
+
+Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themelocation Woo Products Widgets For Elementor allows PHP Local File Inclusion.This issue affects Woo Products Widgets For Elementor: from n/a through 2.0.0.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+
--- a/2024/CVE-2024-43272.md
+++ b/2024/CVE-2024-43272.md
@ -0,0 +1,17 @@
+### [CVE-2024-43272](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43272)
+![](https://img.shields.io/static/v1?label=Product&message=Icegram&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-306%20Missing%20Authentication%20for%20Critical%20Function&color=brighgreen)
+
+### Description
+
+Missing Authentication for Critical Function vulnerability in icegram Icegram allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Icegram: from n/a through 3.1.24.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+
--- a/2024/CVE-2024-43276.md
+++ b/2024/CVE-2024-43276.md
@ -13,5 +13,6 @@ Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site
 No PoCs from references.

 #### Github
+- https://github.com/20142995/nuclei-templates
 - https://github.com/fkie-cad/nvd-json-data-feeds

--- a/2024/CVE-2024-43278.md
+++ b/2024/CVE-2024-43278.md
@ -0,0 +1,17 @@
+### [CVE-2024-43278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43278)
+![](https://img.shields.io/static/v1?label=Product&message=Meta%20Field%20Block&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Phi Phan Meta Field Block allows Stored XSS.This issue affects Meta Field Block: from n/a through 1.2.13.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+
--- a/2024/CVE-2024-43279.md
+++ b/2024/CVE-2024-43279.md
@ -0,0 +1,17 @@
+### [CVE-2024-43279](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43279)
+![](https://img.shields.io/static/v1?label=Product&message=Newsletters&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tribulant Newsletters allows Reflected XSS.This issue affects Newsletters: from n/a through 4.9.8.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+
--- a/2024/CVE-2024-43280.md
+++ b/2024/CVE-2024-43280.md
@ -0,0 +1,17 @@
+### [CVE-2024-43280](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43280)
+![](https://img.shields.io/static/v1?label=Product&message=Salon%20booking%20system&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-601%20URL%20Redirection%20to%20Untrusted%20Site%20('Open%20Redirect')&color=brighgreen)
+
+### Description
+
+URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Salon Booking System Salon booking system.This issue affects Salon booking system: from n/a through 10.8.1.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+
--- a/2024/CVE-2024-43281.md
+++ b/2024/CVE-2024-43281.md
@ -0,0 +1,17 @@
+### [CVE-2024-43281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43281)
+![](https://img.shields.io/static/v1?label=Product&message=Void%20Elementor%20Post%20Grid%20Addon%20for%20Elementor%20Page%20builder&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen)
+
+### Description
+
+Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in VOID CODERS Void Elementor Post Grid Addon for Elementor Page builder allows PHP Local File Inclusion.This issue affects Void Elementor Post Grid Addon for Elementor Page builder: from n/a through 2.3.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+
--- a/2024/CVE-2024-43282.md
+++ b/2024/CVE-2024-43282.md
@ -0,0 +1,17 @@
+### [CVE-2024-43282](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43282)
+![](https://img.shields.io/static/v1?label=Product&message=Tutor%20LMS&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen)
+
+### Description
+
+Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.2.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+
--- a/2024/CVE-2024-43284.md
+++ b/2024/CVE-2024-43284.md
@ -0,0 +1,17 @@
+### [CVE-2024-43284](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43284)
+![](https://img.shields.io/static/v1?label=Product&message=WP%20Travel%20Gutenberg%20Blocks&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Travel WP Travel Gutenberg Blocks allows Stored XSS.This issue affects WP Travel Gutenberg Blocks: from n/a through 3.5.1.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+
--- a/2024/CVE-2024-43288.md
+++ b/2024/CVE-2024-43288.md
@ -0,0 +1,17 @@
+### [CVE-2024-43288](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43288)
+![](https://img.shields.io/static/v1?label=Product&message=wpForo%20Forum&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-639%20Authorization%20Bypass%20Through%20User-Controlled%20Key&color=brighgreen)
+
+### Description
+
+Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team wpForo Forum.This issue affects wpForo Forum: from n/a through 2.3.4.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+
--- a/Show More
+++ b/Show More