Update Sat May 25 23:14:52 UTC 2024

2020/CVE-2020-19150.md

@@ -0,0 +1,17 @@
+### [CVE-2020-19150](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19150)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information or cause a denial of service via the 'FileManager.delete()' function in the component 'modules/filemanager/FileManagerController.java'.
+
+### POC
+
+#### Reference
+- https://www.seebug.org/vuldb/ssvid-97885
+
+#### Github
+No PoCs found on GitHub currently.
+

2020/CVE-2020-19151.md

@@ -0,0 +1,17 @@
+### [CVE-2020-19151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19151)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Command Injection in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code by uploading a malicious HTML template file via the component 'jfinal_cms/admin/filemanager/list'.
+
+### POC
+
+#### Reference
+- https://www.seebug.org/vuldb/ssvid-97881
+
+#### Github
+No PoCs found on GitHub currently.
+

2020/CVE-2020-19154.md

@@ -0,0 +1,17 @@
+### [CVE-2020-19154](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19154)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'FileManager.editFile()' function in the component 'modules/filemanager/FileManagerController.java'.
+
+### POC
+
+#### Reference
+- https://www.seebug.org/vuldb/ssvid-97882
+
+#### Github
+No PoCs found on GitHub currently.
+

2020/CVE-2020-19280.md

@@ -11,6 +11,7 @@ Jeesns 1.4.2 contains a cross-site request forgery (CSRF) which allows attackers
 
 #### Reference
 - https://github.com/zchuanzhao/jeesns/issues/9
+- https://www.seebug.org/vuldb/ssvid-97938
 
 #### Github
 No PoCs found on GitHub currently.

2020/CVE-2020-19283.md

@@ -10,7 +10,7 @@ A reflected cross-site scripting (XSS) vulnerability in the /newVersion componen
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://www.seebug.org/vuldb/ssvid-97939
 
 #### Github
 - https://github.com/ARPSyndicate/kenzer-templates

2020/CVE-2020-19286.md

@@ -0,0 +1,17 @@
+### [CVE-2020-19286](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19286)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+A stored cross-site scripting (XSS) vulnerability in the /question/detail component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the source field of the editor.
+
+### POC
+
+#### Reference
+- https://www.seebug.org/vuldb/ssvid-97942
+
+#### Github
+No PoCs found on GitHub currently.
+

2020/CVE-2020-19290.md

@@ -0,0 +1,17 @@
+### [CVE-2020-19290](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19290)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+A stored cross-site scripting (XSS) vulnerability in the /weibo/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Weibo comment section.
+
+### POC
+
+#### Reference
+- https://www.seebug.org/vuldb/ssvid-97949
+
+#### Github
+No PoCs found on GitHub currently.
+

2020/CVE-2020-19292.md

@@ -0,0 +1,17 @@
+### [CVE-2020-19292](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19292)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+A stored cross-site scripting (XSS) vulnerability in the /question/ask component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted question.
+
+### POC
+
+#### Reference
+- https://www.seebug.org/vuldb/ssvid-97953
+
+#### Github
+No PoCs found on GitHub currently.
+

2021/CVE-2021-3544.md

@@ -1,6 +1,6 @@
 ### [CVE-2021-3544](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3544)
 ![](https://img.shields.io/static/v1?label=Product&message=QEMU&color=blue)
-![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20QEMU%20versions%20up%20to%20and%20including%206.0%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-401&color=brighgreen)
 
 ### Description

2021/CVE-2021-3545.md

@@ -1,6 +1,6 @@
 ### [CVE-2021-3545](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3545)
 ![](https://img.shields.io/static/v1?label=Product&message=QEMU&color=blue)
-![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20QEMU%20versions%20up%20to%20and%20including%206.0%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-908-%3ECWE-200&color=brighgreen)
 
 ### Description

2021/CVE-2021-3546.md

@@ -1,6 +1,6 @@
 ### [CVE-2021-3546](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3546)
 ![](https://img.shields.io/static/v1?label=Product&message=QEMU&color=blue)
-![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20QEMU%20versions%20up%20to%20and%20including%206.0%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-787&color=brighgreen)
 
 ### Description

2022/CVE-2022-0847.md

@@ -40,6 +40,7 @@ A flaw was found in the way the "flags" member of the new pipe buffer structure
 - https://github.com/AnastasiaLomova/PR1.1
 - https://github.com/Arinerron/CVE-2022-0847-DirtyPipe-Exploit
 - https://github.com/ArrestX/--POC
+- https://github.com/Asbatel/CBDS_CVE-2022-0847_POC
 - https://github.com/Awrrays/Pentest-Tips
 - https://github.com/AyoubNajim/cve-2022-0847dirtypipe-exploit
 - https://github.com/BlessedRebuS/OSCP-Pentesting-Cheatsheet

2022/CVE-2022-2292.md

@@ -11,6 +11,7 @@ A vulnerability classified as problematic has been found in SourceCodester Hotel
 
 #### Reference
 - https://github.com/CyberThoth/CVE/blob/a203e5c7b3ac88a5a0bc7200324f2b24716e8fc2/CVE/Hotel%20Management%20system/Cross%20Site%20Scripting(Stored)/POC.md
+- https://vuldb.com/?id.203166
 
 #### Github
 No PoCs found on GitHub currently.

2022/CVE-2022-2419.md

@@ -11,6 +11,7 @@ A vulnerability was found in URVE Web Manager. It has been declared as critical.
 
 #### Reference
 - https://github.com/joinia/webray.com.cn/blob/main/URVE/URVE%20Web%20Manager%20upload.php%20File%20upload%20vulnerability.md
+- https://vuldb.com/?id.203902
 
 #### Github
 No PoCs found on GitHub currently.

2022/CVE-2022-2420.md

@@ -11,6 +11,7 @@ A vulnerability was found in URVE Web Manager. It has been rated as critical. Th
 
 #### Reference
 - https://github.com/joinia/webray.com.cn/blob/main/URVE/URVE%20Web%20Manager%20uploader.php%20%20File%20upload%20vulnerability.md
+- https://vuldb.com/?id.203903
 
 #### Github
 No PoCs found on GitHub currently.

2022/CVE-2022-2490.md

@@ -11,6 +11,7 @@ A vulnerability classified as critical has been found in SourceCodester Simple E
 
 #### Reference
 - https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Simple-E-Learning-System.md#search.php
+- https://vuldb.com/?id.204552
 
 #### Github
 No PoCs found on GitHub currently.

2022/CVE-2022-25765.md

@@ -22,6 +22,7 @@ The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL
 - https://github.com/LordRNA/CVE-2022-25765
 - https://github.com/PurpleWaveIO/CVE-2022-25765-pdfkit-Exploit-Reverse-Shell
 - https://github.com/UNICORDev/exploit-CVE-2022-25765
+- https://github.com/Wai-Yan-Kyaw/PDFKitExploit
 - https://github.com/bmshema/CVE_PoCs
 - https://github.com/k0mi-tg/CVE-POC
 - https://github.com/lekosbelas/PDFkit-CMD-Injection

2022/CVE-2022-2681.md

@@ -0,0 +1,17 @@
+### [CVE-2022-2681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2681)
+![](https://img.shields.io/static/v1?label=Product&message=Online%20Student%20Admission%20System&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen)
+
+### Description
+
+A vulnerability classified as problematic was found in SourceCodester Online Student Admission System. Affected by this vulnerability is an unknown functionality of the file edit-profile.php of the component Student User Page. The manipulation with the input <script>alert(/xss/)</script> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205669 was assigned to this vulnerability.
+
+### POC
+
+#### Reference
+- https://vuldb.com/?id.205669
+
+#### Github
+No PoCs found on GitHub currently.
+

2022/CVE-2022-2744.md

@@ -0,0 +1,17 @@
+### [CVE-2022-2744](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2744)
+![](https://img.shields.io/static/v1?label=Product&message=Gym%20Management%20System&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload&color=brighgreen)
+
+### Description
+
+A vulnerability, which was classified as critical, has been found in SourceCodester Gym Management System. Affected by this issue is some unknown functionality of the file /admin/add_exercises.php of the component Background Management. The manipulation of the argument exer_img leads to unrestricted upload. The attack may be launched remotely. The identifier of this vulnerability is VDB-206012.
+
+### POC
+
+#### Reference
+- https://vuldb.com/?id.206012
+
+#### Github
+No PoCs found on GitHub currently.
+

2022/CVE-2022-2748.md

@@ -0,0 +1,17 @@
+### [CVE-2022-2748](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2748)
+![](https://img.shields.io/static/v1?label=Product&message=Simple%20Online%20Book%20Store%20System&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen)
+
+### Description
+
+A vulnerability was found in SourceCodester Simple Online Book Store System. It has been classified as problematic. Affected is an unknown function of the file /admin/edit.php. The manipulation of the argument eid leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-206016.
+
+### POC
+
+#### Reference
+- https://vuldb.com/?id.206016
+
+#### Github
+No PoCs found on GitHub currently.
+

2022/CVE-2022-2842.md

@@ -0,0 +1,17 @@
+### [CVE-2022-2842](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2842)
+![](https://img.shields.io/static/v1?label=Product&message=Gym%20Management%20System&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen)
+
+### Description
+
+A vulnerability classified as critical has been found in SourceCodester Gym Management System. This affects an unknown part of the file login.php. The manipulation of the argument user_email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-206451.
+
+### POC
+
+#### Reference
+- https://vuldb.com/?id.206451
+
+#### Github
+No PoCs found on GitHub currently.
+

2022/CVE-2022-30190.md

@@ -192,6 +192,7 @@
 - https://github.com/manas3c/CVE-POC
 - https://github.com/mattjmillner/CVE-Smackdown
 - https://github.com/maxDcb/Reources
+- https://github.com/mechanysm/MS-MSDT-Proactive-remediation
 - https://github.com/melting0256/Enterprise-Cybersecurity
 - https://github.com/meowhua15/CVE-2022-30190
 - https://github.com/michealadams30/Cve-2022-30190

2022/CVE-2022-33980.md

@@ -21,6 +21,7 @@ No PoCs from references.
 - https://github.com/Mr-xn/Penetration_Testing_POC
 - https://github.com/NaInSec/CVE-PoC-in-GitHub
 - https://github.com/P0lar1ght/CVE-2022-33980-EXP
+- https://github.com/P0lar1ght/CVE-2022-33980-POC
 - https://github.com/Pear1y/Vuln-Env
 - https://github.com/Phuong39/2022-HW-POC
 - https://github.com/SYRTI/POC_to_review

2022/CVE-2022-48655.md

@@ -1,6 +1,6 @@
 ### [CVE-2022-48655](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48655)
 ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue)
-![](https://img.shields.io/static/v1?label=Version&message=95a15d80aa0d%3C%201f08a1b26cfc%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Version&message=95a15d80aa0d%3C%207184491fc515%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 
 ### Description

2024/CVE-2024-1212.md

@@ -16,6 +16,7 @@ No PoCs from references.
 - https://github.com/Chocapikk/CVE-2024-1212
 - https://github.com/Ostorlab/KEV
 - https://github.com/RhinoSecurityLabs/CVEs
+- https://github.com/XRSec/AWVS-Update
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/tanjiti/sec_profile
 

2024/CVE-2024-1561.md

@@ -19,4 +19,5 @@ No PoCs from references.
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/tanjiti/sec_profile
 - https://github.com/wy876/POC
+- https://github.com/wy876/wiki
 

2024/CVE-2024-1709.md

@@ -18,6 +18,7 @@ ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Byp
 - https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
 - https://www.huntress.com/blog/detection-guidance-for-connectwise-cwe-288-2
 - https://www.huntress.com/blog/vulnerability-reproduced-immediately-patch-screenconnect-23-9-8
+- https://www.securityweek.com/connectwise-confirms-screenconnect-flaw-under-active-exploitation/
 
 #### Github
 - https://github.com/GhostTroops/TOP

2024/CVE-2024-20767.md

@@ -18,6 +18,7 @@ No PoCs from references.
 - https://github.com/NaInSec/CVE-LIST
 - https://github.com/Ostorlab/KEV
 - https://github.com/Praison001/CVE-2024-20767-Adobe-ColdFusion
+- https://github.com/XRSec/AWVS-Update
 - https://github.com/huyqa/cve-2024-20767
 - https://github.com/m-cetin/CVE-2024-20767
 - https://github.com/nomi-sec/PoC-in-GitHub

2024/CVE-2024-21683.md

@@ -14,7 +14,9 @@ No PoCs from references.
 
 #### Github
 - https://github.com/W01fh4cker/CVE-2024-21683-RCE
+- https://github.com/johe123qwe/github-trending
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/tanjiti/sec_profile
 - https://github.com/wy876/POC
+- https://github.com/wy876/wiki
 

2024/CVE-2024-22120.md

@@ -23,5 +23,6 @@ Zabbix server can perform command execution for configured scripts. After comman
 - https://github.com/sampsonv/github-trending
 - https://github.com/tanjiti/sec_profile
 - https://github.com/wy876/POC
+- https://github.com/wy876/wiki
 - https://github.com/zhaoxiaoha/github-trending
 

2024/CVE-2024-26304.md

@@ -17,4 +17,5 @@ No PoCs from references.
 - https://github.com/fkie-cad/nvd-json-data-feeds
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/wy876/POC
+- https://github.com/wy876/wiki
 

2024/CVE-2024-26583.md

@@ -1,6 +1,6 @@
 ### [CVE-2024-26583](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26583)
 ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue)
-![](https://img.shields.io/static/v1?label=Version&message=0cada33241d9%3C%207a3ca06d04d5%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Version&message=0cada33241d9%3C%20f17d21ea7391%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 
 ### Description

2024/CVE-2024-26584.md

@@ -1,6 +1,6 @@
 ### [CVE-2024-26584](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26584)
 ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue)
-![](https://img.shields.io/static/v1?label=Version&message=a54667f6728c%3C%20cd1bbca03f3c%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Version&message=a54667f6728c%3C%203ade391adc58%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 
 ### Description

2024/CVE-2024-27130.md

@@ -19,4 +19,5 @@ No PoCs from references.
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/watchtowrlabs/CVE-2024-27130
 - https://github.com/wy876/POC
+- https://github.com/wy876/wiki
 

2024/CVE-2024-28255.md

@@ -15,6 +15,7 @@ OpenMetadata is a unified platform for discovery, observability, and governance
 #### Github
 - https://github.com/NaInSec/CVE-LIST
 - https://github.com/Ostorlab/KEV
+- https://github.com/XRSec/AWVS-Update
 - https://github.com/YongYe-Security/CVE-2024-28255
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/tanjiti/sec_profile

2024/CVE-2024-29894.md

@@ -0,0 +1,19 @@
+### [CVE-2024-29894](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29894)
+![](https://img.shields.io/static/v1?label=Product&message=cacti&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%201.2.27%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-116%3A%20Improper%20Encoding%20or%20Escaping%20of%20Output&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 contain a residual cross-site scripting vulnerability caused by an incomplete fix for CVE-2023-50250. `raise_message_javascript` from `lib/functions.php` now uses purify.js to fix CVE-2023-50250 (among others). However, it still generates the code out of unescaped PHP variables `$title` and `$header`. If those variables contain single quotes, they can be used to inject JavaScript code. An attacker exploiting this vulnerability could execute actions on behalf of other users. This ability to impersonate users could lead to unauthorized changes to settings. Version 1.2.27 fixes this issue.
+
+### POC
+
+#### Reference
+- https://github.com/Cacti/cacti/security/advisories/GHSA-grj5-8fcj-34gh
+- https://github.com/Cacti/cacti/security/advisories/GHSA-xwqc-7jc4-xm73
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-30056.md

@@ -0,0 +1,17 @@
+### [CVE-2024-30056](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30056)
+![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Edge%20(Chromium-based)&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=1.0.0%3C%20124.0.2478.109%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-359%3A%20Exposure%20of%20Private%20Personal%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen)
+
+### Description
+
+Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+

2024/CVE-2024-32002.md

@@ -33,5 +33,6 @@ No PoCs from references.
 - https://github.com/sampsonv/github-trending
 - https://github.com/tanjiti/sec_profile
 - https://github.com/wy876/POC
+- https://github.com/wy876/wiki
 - https://github.com/zhaoxiaoha/github-trending
 

2024/CVE-2024-33427.md

@@ -10,7 +10,7 @@ Buffer Overflow vulnerability in Squid version before v.6.10 allows a local atta
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://github.com/squid-cache/squid/pull/1763
 
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds

2024/CVE-2024-33752.md

@@ -15,4 +15,5 @@ No PoCs from references.
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
 - https://github.com/wy876/POC
+- https://github.com/wy876/wiki
 

2024/CVE-2024-33809.md

@@ -10,7 +10,7 @@ PingCAP TiDB v7.5.1 was discovered to contain a buffer overflow vulnerability, w
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://github.com/pingcap/tidb/issues/52159
 
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds

2024/CVE-2024-4956.md

@@ -17,4 +17,5 @@ No PoCs from references.
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/tanjiti/sec_profile
 - https://github.com/wy876/POC
+- https://github.com/wy876/wiki
 

2024/CVE-2024-5145.md

@@ -11,6 +11,7 @@ A vulnerability was found in SourceCodester Vehicle Management System up to 1.0
 
 #### Reference
 - https://github.com/CveSecLook/cve/issues/38
+- https://github.com/CveSecLook/cve/issues/38CVE-2020-7009
 
 #### Github
 No PoCs found on GitHub currently.

references.txt

@@ -2994,6 +2994,9 @@ CVE-2020-1913 - https://www.facebook.com/security/advisories/cve-2020-1913
 CVE-2020-19131 - http://blog.topsec.com.cn/%E5%A4%A9%E8%9E%8D%E4%BF%A1%E5%85%B3%E4%BA%8Elibtiff%E4%B8%ADinvertimage%E5%87%BD%E6%95%B0%E5%A0%86%E6%BA%A2%E5%87%BA%E6%BC%8F%E6%B4%9E%E7%9A%84%E5%88%86%E6%9E%90/
 CVE-2020-19131 - http://bugzilla.maptools.org/show_bug.cgi?id=2831
 CVE-2020-1915 - https://www.facebook.com/security/advisories/cve-2020-1915
+CVE-2020-19150 - https://www.seebug.org/vuldb/ssvid-97885
+CVE-2020-19151 - https://www.seebug.org/vuldb/ssvid-97881
+CVE-2020-19154 - https://www.seebug.org/vuldb/ssvid-97882
 CVE-2020-19165 - https://github.com/Mint60/PHP/issues/1
 CVE-2020-19185 - https://github.com/zjuchenyuan/fuzzpoc/blob/master/infotocap_poc1.md
 CVE-2020-19186 - https://github.com/zjuchenyuan/fuzzpoc/blob/master/infotocap_poc2.md
@@ -3010,6 +3013,11 @@ CVE-2020-1927 - https://www.oracle.com/security-alerts/cpuApr2021.html
 CVE-2020-1927 - https://www.oracle.com/security-alerts/cpujul2020.html
 CVE-2020-1927 - https://www.oracle.com/security-alerts/cpujul2022.html
 CVE-2020-19280 - https://github.com/zchuanzhao/jeesns/issues/9
+CVE-2020-19280 - https://www.seebug.org/vuldb/ssvid-97938
+CVE-2020-19283 - https://www.seebug.org/vuldb/ssvid-97939
+CVE-2020-19286 - https://www.seebug.org/vuldb/ssvid-97942
+CVE-2020-19290 - https://www.seebug.org/vuldb/ssvid-97949
+CVE-2020-19292 - https://www.seebug.org/vuldb/ssvid-97953
 CVE-2020-19295 - https://www.seebug.org/vuldb/ssvid-97950
 CVE-2020-19301 - https://github.com/tingyuu/vaeThink/issues/1
 CVE-2020-19302 - https://github.com/tingyuu/vaeThink/issues/2
@@ -18468,6 +18476,7 @@ CVE-2022-2291 - https://github.com/CyberThoth/CVE/blob/a203e5c7b3ac88a5a0bc72003
 CVE-2022-2291 - https://vuldb.com/?id.203165
 CVE-2022-22916 - https://github.com/wendell1224/O2OA-POC/blob/main/POC.md
 CVE-2022-2292 - https://github.com/CyberThoth/CVE/blob/a203e5c7b3ac88a5a0bc7200324f2b24716e8fc2/CVE/Hotel%20Management%20system/Cross%20Site%20Scripting(Stored)/POC.md
+CVE-2022-2292 - https://vuldb.com/?id.203166
 CVE-2022-22922 - https://github.com/emremulazimoglu/cve/blob/main/CWE330-TL-WA850RE-v6.md
 CVE-2022-2293 - https://github.com/CyberThoth/CVE/blob/a203e5c7b3ac88a5a0bc7200324f2b24716e8fc2/CVE/Simple%20Sales%20Management%20System/Cross%20Site%20Scripting(Stored)/POC.md
 CVE-2022-22934 - https://github.com/saltstack/salt/releases,
@@ -18844,6 +18853,7 @@ CVE-2022-24187 - https://www.scrawledsecurityblog.com/2022/11/automating-unsolic
 CVE-2022-24188 - https://www.scrawledsecurityblog.com/2022/11/automating-unsolicited-richard-pics.html
 CVE-2022-24189 - https://www.scrawledsecurityblog.com/2022/11/automating-unsolicited-richard-pics.html
 CVE-2022-2419 - https://github.com/joinia/webray.com.cn/blob/main/URVE/URVE%20Web%20Manager%20upload.php%20File%20upload%20vulnerability.md
+CVE-2022-2419 - https://vuldb.com/?id.203902
 CVE-2022-24190 - https://www.scrawledsecurityblog.com/2022/11/automating-unsolicited-richard-pics.html
 CVE-2022-24191 - https://github.com/michaelrsweet/htmldoc/issues/470
 CVE-2022-24196 - https://github.com/itext/itext7/pull/78
@@ -18853,6 +18863,7 @@ CVE-2022-24197 - https://github.com/itext/itext7/pull/78#issuecomment-1089282165
 CVE-2022-24198 - https://github.com/itext/itext7/pull/78
 CVE-2022-24198 - https://github.com/itext/itext7/pull/78#issuecomment-1089287808
 CVE-2022-2420 - https://github.com/joinia/webray.com.cn/blob/main/URVE/URVE%20Web%20Manager%20uploader.php%20%20File%20upload%20vulnerability.md
+CVE-2022-2420 - https://vuldb.com/?id.203903
 CVE-2022-24223 - http://packetstormsecurity.com/files/165922/Atom-CMS-2.0-SQL-Injection.html
 CVE-2022-2423 - https://wpscan.com/vulnerability/714b4f2b-3f17-4730-8c25-21d8da4cb8d2
 CVE-2022-24231 - https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2022/Simple-Student-Information
@@ -19022,6 +19033,7 @@ CVE-2022-2489 - https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.c
 CVE-2022-2489 - https://vuldb.com/?id.204551
 CVE-2022-24891 - https://www.oracle.com/security-alerts/cpujul2022.html
 CVE-2022-2490 - https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Simple-E-Learning-System.md#search.php
+CVE-2022-2490 - https://vuldb.com/?id.204552
 CVE-2022-24900 - https://github.com/onlaj/Piano-LED-Visualizer/issues/350
 CVE-2022-24900 - https://github.com/onlaj/Piano-LED-Visualizer/pull/351
 CVE-2022-24900 - https://github.com/onlaj/Piano-LED-Visualizer/security/advisories/GHSA-g78x-q3x8-r6m4
@@ -19691,6 +19703,7 @@ CVE-2022-26780 - https://talosintelligence.com/vulnerability_reports/TALOS-2022-
 CVE-2022-26781 - https://talosintelligence.com/vulnerability_reports/TALOS-2022-1481
 CVE-2022-26782 - https://talosintelligence.com/vulnerability_reports/TALOS-2022-1481
 CVE-2022-2679 - https://vuldb.com/?id.205667
+CVE-2022-2681 - https://vuldb.com/?id.205669
 CVE-2022-2683 - https://github.com/anx0ing/CVE_demo/blob/main/2022/Simple%20Food%20Ordering%20System-XSS.md
 CVE-2022-2683 - https://vuldb.com/?id.205671
 CVE-2022-26833 - https://talosintelligence.com/vulnerability_reports/TALOS-2022-1513
@@ -19857,6 +19870,7 @@ CVE-2022-27432 - https://www.exploit-db.com/exploits/50831
 CVE-2022-27435 - https://github.com/D4rkP0w4r/Full-Ecommece-Website-Add_Product-Unrestricted-File-Upload-RCE-POC
 CVE-2022-27436 - https://github.com/D4rkP0w4r/Full-Ecommece-Website-Add_User-Stored-XSS-POC
 CVE-2022-27438 - https://gerr.re/posts/cve-2022-27438/
+CVE-2022-2744 - https://vuldb.com/?id.206012
 CVE-2022-27444 - https://jira.mariadb.org/browse/MDEV-28080
 CVE-2022-27445 - https://jira.mariadb.org/browse/MDEV-28081
 CVE-2022-27446 - https://jira.mariadb.org/browse/MDEV-28082
@@ -19872,6 +19886,7 @@ CVE-2022-27457 - https://jira.mariadb.org/browse/MDEV-28098
 CVE-2022-27458 - https://jira.mariadb.org/browse/MDEV-28099
 CVE-2022-2747 - https://vuldb.com/?id.206015
 CVE-2022-27474 - https://github.com/Mount4in/Mount4in.github.io/blob/master/poc.py
+CVE-2022-2748 - https://vuldb.com/?id.206016
 CVE-2022-27480 - http://packetstormsecurity.com/files/166743/Siemens-A8000-CP-8050-CP-8031-SICAM-WEB-Missing-File-Download-Missing-Authentication.html
 CVE-2022-27480 - http://seclists.org/fulldisclosure/2022/Apr/20
 CVE-2022-27481 - https://cert-portal.siemens.com/productcert/pdf/ssa-392912.pdf
@@ -20156,6 +20171,7 @@ CVE-2022-28410 - https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom2
 CVE-2022-28411 - https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/Simple-Real-Estate-Portal-System/SQLi-5.md
 CVE-2022-28412 - https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/car-driving-school-management-system/SQLi-1.md
 CVE-2022-28413 - https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/car-driving-school-management-system/SQLi-2.md
+CVE-2022-2842 - https://vuldb.com/?id.206451
 CVE-2022-2845 - https://huntr.dev/bounties/3e1d31ac-1cfd-4a9f-bc5c-213376b69445
 CVE-2022-28452 - https://github.com/YavuzSahbaz/Red-Planet-Laundry-Management-System-1.0-is-vulnerable-to-SQL
 CVE-2022-28452 - https://github.com/nu11secur1ty/CVE-mitre/tree/main/2022/CVE-2022-28452
@@ -31664,6 +31680,7 @@ CVE-2024-1709 - https://www.horizon3.ai/attack-research/red-team/connectwise-scr
 CVE-2024-1709 - https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
 CVE-2024-1709 - https://www.huntress.com/blog/detection-guidance-for-connectwise-cwe-288-2
 CVE-2024-1709 - https://www.huntress.com/blog/vulnerability-reproduced-immediately-patch-screenconnect-23-9-8
+CVE-2024-1709 - https://www.securityweek.com/connectwise-confirms-screenconnect-flaw-under-active-exploitation/
 CVE-2024-1712 - https://wpscan.com/vulnerability/23805a61-9fcd-4744-a60d-05c8cb43ee01/
 CVE-2024-1713 - https://github.com/google/security-research/security/advisories/GHSA-r7m9-grw7-vcc4
 CVE-2024-1743 - https://wpscan.com/vulnerability/3cb1f707-6093-42a7-a778-2b296bdf1735/
@@ -33067,6 +33084,8 @@ CVE-2024-2983 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH
 CVE-2024-2984 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/formSetCfm.md
 CVE-2024-2985 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/formQuickIndex.md
 CVE-2024-29882 - https://github.com/ossrs/srs/security/advisories/GHSA-gv9r-qcjc-5hj7
+CVE-2024-29894 - https://github.com/Cacti/cacti/security/advisories/GHSA-grj5-8fcj-34gh
+CVE-2024-29894 - https://github.com/Cacti/cacti/security/advisories/GHSA-xwqc-7jc4-xm73
 CVE-2024-29895 - https://github.com/Cacti/cacti/security/advisories/GHSA-cr28-x256-xf5m
 CVE-2024-29903 - https://github.com/sigstore/cosign/security/advisories/GHSA-95pr-fxf5-86gv
 CVE-2024-29916 - https://unsaflok.com
@@ -33432,6 +33451,7 @@ CVE-2024-33383 - https://juvl1ne.github.io/2024/04/18/novel-plus-vulnerability/
 CVE-2024-33398 - https://github.com/HouqiyuA/k8s-rbac-poc
 CVE-2024-33423 - https://github.com/adiapera/xss_language_cmsimple_5.15
 CVE-2024-33424 - https://github.com/adiapera/xss_language_cmsimple_5.15
+CVE-2024-33427 - https://github.com/squid-cache/squid/pull/1763
 CVE-2024-33428 - https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/heap-buffer-overflow-1/heap-buffer-overflow-1.assets/image-20240420005017430.png
 CVE-2024-33428 - https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/heap-buffer-overflow-1/heap-buffer-overflow-1.md
 CVE-2024-33428 - https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/heap-buffer-overflow-1/poc
@@ -33495,6 +33515,7 @@ CVE-2024-33788 - https://github.com/ymkyu/CVE/tree/main/CVE-2024-33788
 CVE-2024-33789 - https://github.com/ymkyu/CVE/tree/main/CVE-2024-33789
 CVE-2024-33792 - https://github.com/ymkyu/CVE/tree/main/CVE-2024-33792
 CVE-2024-33793 - https://github.com/ymkyu/CVE/tree/main/CVE-2024-33793
+CVE-2024-33809 - https://github.com/pingcap/tidb/issues/52159
 CVE-2024-33820 - https://gist.github.com/Swind1er/ee095fbfe13f77a5b45b39a5aa82bd17
 CVE-2024-33829 - https://github.com/xyaly163/cms/blob/main/1.md
 CVE-2024-33830 - https://github.com/xyaly163/cms/blob/main/2.md
@@ -33844,4 +33865,5 @@ CVE-2024-5134 - https://github.com/BurakSevben/CVEs/blob/main/Electricity%20Cons
 CVE-2024-5135 - https://github.com/BurakSevben/CVEs/blob/main/Directory%20Management%20System/Directory%20Management%20System%20-%20SQL%20Injection%20-%201.md
 CVE-2024-5136 - https://github.com/BurakSevben/CVEs/blob/main/Directory%20Management%20System/Directory%20Management%20System%20-%20Cross-Site-Scripting%20-%201.md
 CVE-2024-5137 - https://github.com/BurakSevben/CVEs/blob/main/Directory%20Management%20System/Directory%20Management%20System%20-%20Cross-Site-Scripting%20-%202.md
-CVE-2024-5145 - https://github.com/CveSecLook/cve/issues/38
+CVE-2024-5145 - https://github.com/CveSecLook/cve/issues/38
+CVE-2024-5145 - https://github.com/CveSecLook/cve/issues/38CVE-2020-7009 - https://www.elastic.co/community/security/