Update Sat May 25 23:14:52 UTC 2024

2025-06-19 17:30:12 +00:00 · 2024-05-25 23:14:53 +00:00 · 2024-05-25 23:14:53 +00:00 · 8f32eec229
commit 8f32eec229
parent 867c6686e9
45 changed files with 23396 additions and 11 deletions
--- a/2020/CVE-2020-19150.md
+++ b/2020/CVE-2020-19150.md
@ -0,0 +1,17 @@
 ### [CVE-2020-19150](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19150)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information or cause a denial of service via the 'FileManager.delete()' function in the component 'modules/filemanager/FileManagerController.java'.
 ### POC
 #### Reference
 - https://www.seebug.org/vuldb/ssvid-97885
 #### Github
 No PoCs found on GitHub currently.
--- a/2020/CVE-2020-19151.md
+++ b/2020/CVE-2020-19151.md
@ -0,0 +1,17 @@
 ### [CVE-2020-19151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19151)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 Command Injection in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code by uploading a malicious HTML template file via the component 'jfinal_cms/admin/filemanager/list'.
 ### POC
 #### Reference
 - https://www.seebug.org/vuldb/ssvid-97881
 #### Github
 No PoCs found on GitHub currently.
--- a/2020/CVE-2020-19154.md
+++ b/2020/CVE-2020-19154.md
@ -0,0 +1,17 @@
 ### [CVE-2020-19154](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19154)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'FileManager.editFile()' function in the component 'modules/filemanager/FileManagerController.java'.
 ### POC
 #### Reference
 - https://www.seebug.org/vuldb/ssvid-97882
 #### Github
 No PoCs found on GitHub currently.
--- a/2020/CVE-2020-19280.md
+++ b/2020/CVE-2020-19280.md
@ -11,6 +11,7 @@ Jeesns 1.4.2 contains a cross-site request forgery (CSRF) which allows attackers
 #### Reference
 - https://github.com/zchuanzhao/jeesns/issues/9
 - https://www.seebug.org/vuldb/ssvid-97938
 #### Github
 No PoCs found on GitHub currently.
--- a/2020/CVE-2020-19283.md
+++ b/2020/CVE-2020-19283.md
@ -10,7 +10,7 @@ A reflected cross-site scripting (XSS) vulnerability in the /newVersion componen
 ### POC
 #### Reference
-No PoCs from references.
+- https://www.seebug.org/vuldb/ssvid-97939
 #### Github
 - https://github.com/ARPSyndicate/kenzer-templates
--- a/2020/CVE-2020-19286.md
+++ b/2020/CVE-2020-19286.md
@ -0,0 +1,17 @@
 ### [CVE-2020-19286](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19286)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 A stored cross-site scripting (XSS) vulnerability in the /question/detail component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the source field of the editor.
 ### POC
 #### Reference
 - https://www.seebug.org/vuldb/ssvid-97942
 #### Github
 No PoCs found on GitHub currently.
--- a/2020/CVE-2020-19290.md
+++ b/2020/CVE-2020-19290.md
@ -0,0 +1,17 @@
 ### [CVE-2020-19290](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19290)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 A stored cross-site scripting (XSS) vulnerability in the /weibo/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Weibo comment section.
 ### POC
 #### Reference
 - https://www.seebug.org/vuldb/ssvid-97949
 #### Github
 No PoCs found on GitHub currently.
--- a/2020/CVE-2020-19292.md
+++ b/2020/CVE-2020-19292.md
@ -0,0 +1,17 @@
 ### [CVE-2020-19292](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19292)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 A stored cross-site scripting (XSS) vulnerability in the /question/ask component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted question.
 ### POC
 #### Reference
 - https://www.seebug.org/vuldb/ssvid-97953
 #### Github
 No PoCs found on GitHub currently.
--- a/2021/CVE-2021-3544.md
+++ b/2021/CVE-2021-3544.md
@ -1,6 +1,6 @@
 ### [CVE-2021-3544](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3544)
 ![](https://img.shields.io/static/v1?label=Product&message=QEMU&color=blue)
-![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20QEMU%20versions%20up%20to%20and%20including%206.0%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-401&color=brighgreen)
 ### Description
--- a/2021/CVE-2021-3545.md
+++ b/2021/CVE-2021-3545.md
@ -1,6 +1,6 @@
 ### [CVE-2021-3545](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3545)
 ![](https://img.shields.io/static/v1?label=Product&message=QEMU&color=blue)
-![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20QEMU%20versions%20up%20to%20and%20including%206.0%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-908-%3ECWE-200&color=brighgreen)
 ### Description
--- a/2021/CVE-2021-3546.md
+++ b/2021/CVE-2021-3546.md
@ -1,6 +1,6 @@
 ### [CVE-2021-3546](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3546)
 ![](https://img.shields.io/static/v1?label=Product&message=QEMU&color=blue)
-![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20QEMU%20versions%20up%20to%20and%20including%206.0%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-787&color=brighgreen)
 ### Description
--- a/2022/CVE-2022-0847.md
+++ b/2022/CVE-2022-0847.md
@ -40,6 +40,7 @@ A flaw was found in the way the "flags" member of the new pipe buffer structure
 - https://github.com/AnastasiaLomova/PR1.1
 - https://github.com/Arinerron/CVE-2022-0847-DirtyPipe-Exploit
 - https://github.com/ArrestX/--POC
 - https://github.com/Asbatel/CBDS_CVE-2022-0847_POC
 - https://github.com/Awrrays/Pentest-Tips
 - https://github.com/AyoubNajim/cve-2022-0847dirtypipe-exploit
 - https://github.com/BlessedRebuS/OSCP-Pentesting-Cheatsheet
--- a/2022/CVE-2022-2292.md
+++ b/2022/CVE-2022-2292.md
@ -11,6 +11,7 @@ A vulnerability classified as problematic has been found in SourceCodester Hotel
 #### Reference
 - https://github.com/CyberThoth/CVE/blob/a203e5c7b3ac88a5a0bc7200324f2b24716e8fc2/CVE/Hotel%20Management%20system/Cross%20Site%20Scripting(Stored)/POC.md
 - https://vuldb.com/?id.203166
 #### Github
 No PoCs found on GitHub currently.
--- a/2022/CVE-2022-2419.md
+++ b/2022/CVE-2022-2419.md
@ -11,6 +11,7 @@ A vulnerability was found in URVE Web Manager. It has been declared as critical.
 #### Reference
 - https://github.com/joinia/webray.com.cn/blob/main/URVE/URVE%20Web%20Manager%20upload.php%20File%20upload%20vulnerability.md
 - https://vuldb.com/?id.203902
 #### Github
 No PoCs found on GitHub currently.
--- a/2022/CVE-2022-2420.md
+++ b/2022/CVE-2022-2420.md
@ -11,6 +11,7 @@ A vulnerability was found in URVE Web Manager. It has been rated as critical. Th
 #### Reference
 - https://github.com/joinia/webray.com.cn/blob/main/URVE/URVE%20Web%20Manager%20uploader.php%20%20File%20upload%20vulnerability.md
 - https://vuldb.com/?id.203903
 #### Github
 No PoCs found on GitHub currently.
--- a/2022/CVE-2022-2490.md
+++ b/2022/CVE-2022-2490.md
@ -11,6 +11,7 @@ A vulnerability classified as critical has been found in SourceCodester Simple E
 #### Reference
 - https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Simple-E-Learning-System.md#search.php
 - https://vuldb.com/?id.204552
 #### Github
 No PoCs found on GitHub currently.
--- a/2022/CVE-2022-25765.md
+++ b/2022/CVE-2022-25765.md
@ -22,6 +22,7 @@ The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL
 - https://github.com/LordRNA/CVE-2022-25765
 - https://github.com/PurpleWaveIO/CVE-2022-25765-pdfkit-Exploit-Reverse-Shell
 - https://github.com/UNICORDev/exploit-CVE-2022-25765
 - https://github.com/Wai-Yan-Kyaw/PDFKitExploit
 - https://github.com/bmshema/CVE_PoCs
 - https://github.com/k0mi-tg/CVE-POC
 - https://github.com/lekosbelas/PDFkit-CMD-Injection
--- a/2022/CVE-2022-2681.md
+++ b/2022/CVE-2022-2681.md
@ -0,0 +1,17 @@
 ### [CVE-2022-2681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2681)
 ![](https://img.shields.io/static/v1?label=Product&message=Online%20Student%20Admission%20System&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen)
 ### Description
 A vulnerability classified as problematic was found in SourceCodester Online Student Admission System. Affected by this vulnerability is an unknown functionality of the file edit-profile.php of the component Student User Page. The manipulation with the input <script>alert(/xss/)</script> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205669 was assigned to this vulnerability.
 ### POC
 #### Reference
 - https://vuldb.com/?id.205669
 #### Github
 No PoCs found on GitHub currently.
--- a/2022/CVE-2022-2744.md
+++ b/2022/CVE-2022-2744.md
@ -0,0 +1,17 @@
 ### [CVE-2022-2744](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2744)
 ![](https://img.shields.io/static/v1?label=Product&message=Gym%20Management%20System&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload&color=brighgreen)
 ### Description
 A vulnerability, which was classified as critical, has been found in SourceCodester Gym Management System. Affected by this issue is some unknown functionality of the file /admin/add_exercises.php of the component Background Management. The manipulation of the argument exer_img leads to unrestricted upload. The attack may be launched remotely. The identifier of this vulnerability is VDB-206012.
 ### POC
 #### Reference
 - https://vuldb.com/?id.206012
 #### Github
 No PoCs found on GitHub currently.
--- a/2022/CVE-2022-2748.md
+++ b/2022/CVE-2022-2748.md
@ -0,0 +1,17 @@
 ### [CVE-2022-2748](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2748)
 ![](https://img.shields.io/static/v1?label=Product&message=Simple%20Online%20Book%20Store%20System&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen)
 ### Description
 A vulnerability was found in SourceCodester Simple Online Book Store System. It has been classified as problematic. Affected is an unknown function of the file /admin/edit.php. The manipulation of the argument eid leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-206016.
 ### POC
 #### Reference
 - https://vuldb.com/?id.206016
 #### Github
 No PoCs found on GitHub currently.
--- a/2022/CVE-2022-2842.md
+++ b/2022/CVE-2022-2842.md
@ -0,0 +1,17 @@
 ### [CVE-2022-2842](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2842)
 ![](https://img.shields.io/static/v1?label=Product&message=Gym%20Management%20System&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen)
 ### Description
 A vulnerability classified as critical has been found in SourceCodester Gym Management System. This affects an unknown part of the file login.php. The manipulation of the argument user_email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-206451.
 ### POC
 #### Reference
 - https://vuldb.com/?id.206451
 #### Github
 No PoCs found on GitHub currently.
--- a/2022/CVE-2022-30190.md
+++ b/2022/CVE-2022-30190.md
@ -192,6 +192,7 @@
 - https://github.com/manas3c/CVE-POC
 - https://github.com/mattjmillner/CVE-Smackdown
 - https://github.com/maxDcb/Reources
 - https://github.com/mechanysm/MS-MSDT-Proactive-remediation
 - https://github.com/melting0256/Enterprise-Cybersecurity
 - https://github.com/meowhua15/CVE-2022-30190
 - https://github.com/michealadams30/Cve-2022-30190
--- a/2022/CVE-2022-33980.md
+++ b/2022/CVE-2022-33980.md
@ -21,6 +21,7 @@ No PoCs from references.
 - https://github.com/Mr-xn/Penetration_Testing_POC
 - https://github.com/NaInSec/CVE-PoC-in-GitHub
 - https://github.com/P0lar1ght/CVE-2022-33980-EXP
 - https://github.com/P0lar1ght/CVE-2022-33980-POC
 - https://github.com/Pear1y/Vuln-Env
 - https://github.com/Phuong39/2022-HW-POC
 - https://github.com/SYRTI/POC_to_review
--- a/2022/CVE-2022-48655.md
+++ b/2022/CVE-2022-48655.md
@ -1,6 +1,6 @@
 ### [CVE-2022-48655](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48655)
 ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue)
-![](https://img.shields.io/static/v1?label=Version&message=95a15d80aa0d%3C%201f08a1b26cfc%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Version&message=95a15d80aa0d%3C%207184491fc515%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
--- a/2024/CVE-2024-1212.md
+++ b/2024/CVE-2024-1212.md
@ -16,6 +16,7 @@ No PoCs from references.
 - https://github.com/Chocapikk/CVE-2024-1212
 - https://github.com/Ostorlab/KEV
 - https://github.com/RhinoSecurityLabs/CVEs
 - https://github.com/XRSec/AWVS-Update
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/tanjiti/sec_profile
--- a/2024/CVE-2024-1561.md
+++ b/2024/CVE-2024-1561.md
@ -19,4 +19,5 @@ No PoCs from references.
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/tanjiti/sec_profile
 - https://github.com/wy876/POC
 - https://github.com/wy876/wiki
--- a/2024/CVE-2024-1709.md
+++ b/2024/CVE-2024-1709.md
@ -18,6 +18,7 @@ ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Byp
 - https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
 - https://www.huntress.com/blog/detection-guidance-for-connectwise-cwe-288-2
 - https://www.huntress.com/blog/vulnerability-reproduced-immediately-patch-screenconnect-23-9-8
 - https://www.securityweek.com/connectwise-confirms-screenconnect-flaw-under-active-exploitation/
 #### Github
 - https://github.com/GhostTroops/TOP
--- a/2024/CVE-2024-20767.md
+++ b/2024/CVE-2024-20767.md
@ -18,6 +18,7 @@ No PoCs from references.
 - https://github.com/NaInSec/CVE-LIST
 - https://github.com/Ostorlab/KEV
 - https://github.com/Praison001/CVE-2024-20767-Adobe-ColdFusion
 - https://github.com/XRSec/AWVS-Update
 - https://github.com/huyqa/cve-2024-20767
 - https://github.com/m-cetin/CVE-2024-20767
 - https://github.com/nomi-sec/PoC-in-GitHub
--- a/2024/CVE-2024-21683.md
+++ b/2024/CVE-2024-21683.md
@ -14,7 +14,9 @@ No PoCs from references.
 #### Github
 - https://github.com/W01fh4cker/CVE-2024-21683-RCE
 - https://github.com/johe123qwe/github-trending
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/tanjiti/sec_profile
 - https://github.com/wy876/POC
 - https://github.com/wy876/wiki
--- a/2024/CVE-2024-22120.md
+++ b/2024/CVE-2024-22120.md
@ -23,5 +23,6 @@ Zabbix server can perform command execution for configured scripts. After comman
 - https://github.com/sampsonv/github-trending
 - https://github.com/tanjiti/sec_profile
 - https://github.com/wy876/POC
 - https://github.com/wy876/wiki
 - https://github.com/zhaoxiaoha/github-trending
--- a/2024/CVE-2024-26304.md
+++ b/2024/CVE-2024-26304.md
@ -17,4 +17,5 @@ No PoCs from references.
 - https://github.com/fkie-cad/nvd-json-data-feeds
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/wy876/POC
 - https://github.com/wy876/wiki
--- a/2024/CVE-2024-26583.md
+++ b/2024/CVE-2024-26583.md
@ -1,6 +1,6 @@
 ### [CVE-2024-26583](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26583)
 ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue)
-![](https://img.shields.io/static/v1?label=Version&message=0cada33241d9%3C%207a3ca06d04d5%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Version&message=0cada33241d9%3C%20f17d21ea7391%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
--- a/2024/CVE-2024-26584.md
+++ b/2024/CVE-2024-26584.md
@ -1,6 +1,6 @@
 ### [CVE-2024-26584](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26584)
 ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue)
-![](https://img.shields.io/static/v1?label=Version&message=a54667f6728c%3C%20cd1bbca03f3c%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Version&message=a54667f6728c%3C%203ade391adc58%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
--- a/2024/CVE-2024-27130.md
+++ b/2024/CVE-2024-27130.md
@ -19,4 +19,5 @@ No PoCs from references.
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/watchtowrlabs/CVE-2024-27130
 - https://github.com/wy876/POC
 - https://github.com/wy876/wiki
--- a/2024/CVE-2024-28255.md
+++ b/2024/CVE-2024-28255.md
@ -15,6 +15,7 @@ OpenMetadata is a unified platform for discovery, observability, and governance
 #### Github
 - https://github.com/NaInSec/CVE-LIST
 - https://github.com/Ostorlab/KEV
 - https://github.com/XRSec/AWVS-Update
 - https://github.com/YongYe-Security/CVE-2024-28255
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/tanjiti/sec_profile
--- a/2024/CVE-2024-29894.md
+++ b/2024/CVE-2024-29894.md
@ -0,0 +1,19 @@
 ### [CVE-2024-29894](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29894)
 ![](https://img.shields.io/static/v1?label=Product&message=cacti&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%201.2.27%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-116%3A%20Improper%20Encoding%20or%20Escaping%20of%20Output&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen)
 ### Description
 Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 contain a residual cross-site scripting vulnerability caused by an incomplete fix for CVE-2023-50250. `raise_message_javascript` from `lib/functions.php` now uses purify.js to fix CVE-2023-50250 (among others). However, it still generates the code out of unescaped PHP variables `$title` and `$header`. If those variables contain single quotes, they can be used to inject JavaScript code. An attacker exploiting this vulnerability could execute actions on behalf of other users. This ability to impersonate users could lead to unauthorized changes to settings. Version 1.2.27 fixes this issue.
 ### POC
 #### Reference
 - https://github.com/Cacti/cacti/security/advisories/GHSA-grj5-8fcj-34gh
 - https://github.com/Cacti/cacti/security/advisories/GHSA-xwqc-7jc4-xm73
 #### Github
 No PoCs found on GitHub currently.
--- a/2024/CVE-2024-30056.md
+++ b/2024/CVE-2024-30056.md
@ -0,0 +1,17 @@
 ### [CVE-2024-30056](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30056)
 ![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Edge%20(Chromium-based)&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=1.0.0%3C%20124.0.2478.109%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-359%3A%20Exposure%20of%20Private%20Personal%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen)
 ### Description
 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
--- a/2024/CVE-2024-32002.md
+++ b/2024/CVE-2024-32002.md
@ -33,5 +33,6 @@ No PoCs from references.
 - https://github.com/sampsonv/github-trending
 - https://github.com/tanjiti/sec_profile
 - https://github.com/wy876/POC
 - https://github.com/wy876/wiki
 - https://github.com/zhaoxiaoha/github-trending
--- a/2024/CVE-2024-33427.md
+++ b/2024/CVE-2024-33427.md
@ -10,7 +10,7 @@ Buffer Overflow vulnerability in Squid version before v.6.10 allows a local atta
 ### POC
 #### Reference
-No PoCs from references.
+- https://github.com/squid-cache/squid/pull/1763
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
--- a/2024/CVE-2024-33752.md
+++ b/2024/CVE-2024-33752.md
@ -15,4 +15,5 @@ No PoCs from references.
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
 - https://github.com/wy876/POC
 - https://github.com/wy876/wiki
--- a/2024/CVE-2024-33809.md
+++ b/2024/CVE-2024-33809.md
@ -10,7 +10,7 @@ PingCAP TiDB v7.5.1 was discovered to contain a buffer overflow vulnerability, w
 ### POC
 #### Reference
-No PoCs from references.
+- https://github.com/pingcap/tidb/issues/52159
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
--- a/2024/CVE-2024-4956.md
+++ b/2024/CVE-2024-4956.md
@ -17,4 +17,5 @@ No PoCs from references.
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/tanjiti/sec_profile
 - https://github.com/wy876/POC
 - https://github.com/wy876/wiki
--- a/2024/CVE-2024-5145.md
+++ b/2024/CVE-2024-5145.md
@ -11,6 +11,7 @@ A vulnerability was found in SourceCodester Vehicle Management System up to 1.0
 #### Reference
 - https://github.com/CveSecLook/cve/issues/38
 - https://github.com/CveSecLook/cve/issues/38CVE-2020-7009
 #### Github
 No PoCs found on GitHub currently.
--- a/github.txt
+++ b/github.txt
--- a/references.txt
+++ b/references.txt
@ -2994,6 +2994,9 @@ CVE-2020-1913 - https://www.facebook.com/security/advisories/cve-2020-1913
 CVE-2020-19131 - http://blog.topsec.com.cn/%E5%A4%A9%E8%9E%8D%E4%BF%A1%E5%85%B3%E4%BA%8Elibtiff%E4%B8%ADinvertimage%E5%87%BD%E6%95%B0%E5%A0%86%E6%BA%A2%E5%87%BA%E6%BC%8F%E6%B4%9E%E7%9A%84%E5%88%86%E6%9E%90/
 CVE-2020-19131 - http://bugzilla.maptools.org/show_bug.cgi?id=2831
 CVE-2020-1915 - https://www.facebook.com/security/advisories/cve-2020-1915
 CVE-2020-19150 - https://www.seebug.org/vuldb/ssvid-97885
 CVE-2020-19151 - https://www.seebug.org/vuldb/ssvid-97881
 CVE-2020-19154 - https://www.seebug.org/vuldb/ssvid-97882
 CVE-2020-19165 - https://github.com/Mint60/PHP/issues/1
 CVE-2020-19185 - https://github.com/zjuchenyuan/fuzzpoc/blob/master/infotocap_poc1.md
 CVE-2020-19186 - https://github.com/zjuchenyuan/fuzzpoc/blob/master/infotocap_poc2.md
@ -3010,6 +3013,11 @@ CVE-2020-1927 - https://www.oracle.com/security-alerts/cpuApr2021.html
 CVE-2020-1927 - https://www.oracle.com/security-alerts/cpujul2020.html
 CVE-2020-1927 - https://www.oracle.com/security-alerts/cpujul2022.html
 CVE-2020-19280 - https://github.com/zchuanzhao/jeesns/issues/9
 CVE-2020-19280 - https://www.seebug.org/vuldb/ssvid-97938
 CVE-2020-19283 - https://www.seebug.org/vuldb/ssvid-97939
 CVE-2020-19286 - https://www.seebug.org/vuldb/ssvid-97942
 CVE-2020-19290 - https://www.seebug.org/vuldb/ssvid-97949
 CVE-2020-19292 - https://www.seebug.org/vuldb/ssvid-97953
 CVE-2020-19295 - https://www.seebug.org/vuldb/ssvid-97950
 CVE-2020-19301 - https://github.com/tingyuu/vaeThink/issues/1
 CVE-2020-19302 - https://github.com/tingyuu/vaeThink/issues/2
@ -18468,6 +18476,7 @@ CVE-2022-2291 - https://github.com/CyberThoth/CVE/blob/a203e5c7b3ac88a5a0bc72003
 CVE-2022-2291 - https://vuldb.com/?id.203165
 CVE-2022-22916 - https://github.com/wendell1224/O2OA-POC/blob/main/POC.md
 CVE-2022-2292 - https://github.com/CyberThoth/CVE/blob/a203e5c7b3ac88a5a0bc7200324f2b24716e8fc2/CVE/Hotel%20Management%20system/Cross%20Site%20Scripting(Stored)/POC.md
 CVE-2022-2292 - https://vuldb.com/?id.203166
 CVE-2022-22922 - https://github.com/emremulazimoglu/cve/blob/main/CWE330-TL-WA850RE-v6.md
 CVE-2022-2293 - https://github.com/CyberThoth/CVE/blob/a203e5c7b3ac88a5a0bc7200324f2b24716e8fc2/CVE/Simple%20Sales%20Management%20System/Cross%20Site%20Scripting(Stored)/POC.md
 CVE-2022-22934 - https://github.com/saltstack/salt/releases,
@ -18844,6 +18853,7 @@ CVE-2022-24187 - https://www.scrawledsecurityblog.com/2022/11/automating-unsolic
 CVE-2022-24188 - https://www.scrawledsecurityblog.com/2022/11/automating-unsolicited-richard-pics.html
 CVE-2022-24189 - https://www.scrawledsecurityblog.com/2022/11/automating-unsolicited-richard-pics.html
 CVE-2022-2419 - https://github.com/joinia/webray.com.cn/blob/main/URVE/URVE%20Web%20Manager%20upload.php%20File%20upload%20vulnerability.md
 CVE-2022-2419 - https://vuldb.com/?id.203902
 CVE-2022-24190 - https://www.scrawledsecurityblog.com/2022/11/automating-unsolicited-richard-pics.html
 CVE-2022-24191 - https://github.com/michaelrsweet/htmldoc/issues/470
 CVE-2022-24196 - https://github.com/itext/itext7/pull/78
@ -18853,6 +18863,7 @@ CVE-2022-24197 - https://github.com/itext/itext7/pull/78#issuecomment-1089282165
 CVE-2022-24198 - https://github.com/itext/itext7/pull/78
 CVE-2022-24198 - https://github.com/itext/itext7/pull/78#issuecomment-1089287808
 CVE-2022-2420 - https://github.com/joinia/webray.com.cn/blob/main/URVE/URVE%20Web%20Manager%20uploader.php%20%20File%20upload%20vulnerability.md
 CVE-2022-2420 - https://vuldb.com/?id.203903
 CVE-2022-24223 - http://packetstormsecurity.com/files/165922/Atom-CMS-2.0-SQL-Injection.html
 CVE-2022-2423 - https://wpscan.com/vulnerability/714b4f2b-3f17-4730-8c25-21d8da4cb8d2
 CVE-2022-24231 - https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2022/Simple-Student-Information
@ -19022,6 +19033,7 @@ CVE-2022-2489 - https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.c
 CVE-2022-2489 - https://vuldb.com/?id.204551
 CVE-2022-24891 - https://www.oracle.com/security-alerts/cpujul2022.html
 CVE-2022-2490 - https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Simple-E-Learning-System.md#search.php
 CVE-2022-2490 - https://vuldb.com/?id.204552
 CVE-2022-24900 - https://github.com/onlaj/Piano-LED-Visualizer/issues/350
 CVE-2022-24900 - https://github.com/onlaj/Piano-LED-Visualizer/pull/351
 CVE-2022-24900 - https://github.com/onlaj/Piano-LED-Visualizer/security/advisories/GHSA-g78x-q3x8-r6m4
@ -19691,6 +19703,7 @@ CVE-2022-26780 - https://talosintelligence.com/vulnerability_reports/TALOS-2022-
 CVE-2022-26781 - https://talosintelligence.com/vulnerability_reports/TALOS-2022-1481
 CVE-2022-26782 - https://talosintelligence.com/vulnerability_reports/TALOS-2022-1481
 CVE-2022-2679 - https://vuldb.com/?id.205667
 CVE-2022-2681 - https://vuldb.com/?id.205669
 CVE-2022-2683 - https://github.com/anx0ing/CVE_demo/blob/main/2022/Simple%20Food%20Ordering%20System-XSS.md
 CVE-2022-2683 - https://vuldb.com/?id.205671
 CVE-2022-26833 - https://talosintelligence.com/vulnerability_reports/TALOS-2022-1513
@ -19857,6 +19870,7 @@ CVE-2022-27432 - https://www.exploit-db.com/exploits/50831
 CVE-2022-27435 - https://github.com/D4rkP0w4r/Full-Ecommece-Website-Add_Product-Unrestricted-File-Upload-RCE-POC
 CVE-2022-27436 - https://github.com/D4rkP0w4r/Full-Ecommece-Website-Add_User-Stored-XSS-POC
 CVE-2022-27438 - https://gerr.re/posts/cve-2022-27438/
 CVE-2022-2744 - https://vuldb.com/?id.206012
 CVE-2022-27444 - https://jira.mariadb.org/browse/MDEV-28080
 CVE-2022-27445 - https://jira.mariadb.org/browse/MDEV-28081
 CVE-2022-27446 - https://jira.mariadb.org/browse/MDEV-28082
@ -19872,6 +19886,7 @@ CVE-2022-27457 - https://jira.mariadb.org/browse/MDEV-28098
 CVE-2022-27458 - https://jira.mariadb.org/browse/MDEV-28099
 CVE-2022-2747 - https://vuldb.com/?id.206015
 CVE-2022-27474 - https://github.com/Mount4in/Mount4in.github.io/blob/master/poc.py
 CVE-2022-2748 - https://vuldb.com/?id.206016
 CVE-2022-27480 - http://packetstormsecurity.com/files/166743/Siemens-A8000-CP-8050-CP-8031-SICAM-WEB-Missing-File-Download-Missing-Authentication.html
 CVE-2022-27480 - http://seclists.org/fulldisclosure/2022/Apr/20
 CVE-2022-27481 - https://cert-portal.siemens.com/productcert/pdf/ssa-392912.pdf
@ -20156,6 +20171,7 @@ CVE-2022-28410 - https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom2
 CVE-2022-28411 - https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/Simple-Real-Estate-Portal-System/SQLi-5.md
 CVE-2022-28412 - https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/car-driving-school-management-system/SQLi-1.md
 CVE-2022-28413 - https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/car-driving-school-management-system/SQLi-2.md
 CVE-2022-2842 - https://vuldb.com/?id.206451
 CVE-2022-2845 - https://huntr.dev/bounties/3e1d31ac-1cfd-4a9f-bc5c-213376b69445
 CVE-2022-28452 - https://github.com/YavuzSahbaz/Red-Planet-Laundry-Management-System-1.0-is-vulnerable-to-SQL
 CVE-2022-28452 - https://github.com/nu11secur1ty/CVE-mitre/tree/main/2022/CVE-2022-28452
@ -31664,6 +31680,7 @@ CVE-2024-1709 - https://www.horizon3.ai/attack-research/red-team/connectwise-scr
 CVE-2024-1709 - https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
 CVE-2024-1709 - https://www.huntress.com/blog/detection-guidance-for-connectwise-cwe-288-2
 CVE-2024-1709 - https://www.huntress.com/blog/vulnerability-reproduced-immediately-patch-screenconnect-23-9-8
 CVE-2024-1709 - https://www.securityweek.com/connectwise-confirms-screenconnect-flaw-under-active-exploitation/
 CVE-2024-1712 - https://wpscan.com/vulnerability/23805a61-9fcd-4744-a60d-05c8cb43ee01/
 CVE-2024-1713 - https://github.com/google/security-research/security/advisories/GHSA-r7m9-grw7-vcc4
 CVE-2024-1743 - https://wpscan.com/vulnerability/3cb1f707-6093-42a7-a778-2b296bdf1735/
@ -33067,6 +33084,8 @@ CVE-2024-2983 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH
 CVE-2024-2984 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/formSetCfm.md
 CVE-2024-2985 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/formQuickIndex.md
 CVE-2024-29882 - https://github.com/ossrs/srs/security/advisories/GHSA-gv9r-qcjc-5hj7
 CVE-2024-29894 - https://github.com/Cacti/cacti/security/advisories/GHSA-grj5-8fcj-34gh
 CVE-2024-29894 - https://github.com/Cacti/cacti/security/advisories/GHSA-xwqc-7jc4-xm73
 CVE-2024-29895 - https://github.com/Cacti/cacti/security/advisories/GHSA-cr28-x256-xf5m
 CVE-2024-29903 - https://github.com/sigstore/cosign/security/advisories/GHSA-95pr-fxf5-86gv
 CVE-2024-29916 - https://unsaflok.com
@ -33432,6 +33451,7 @@ CVE-2024-33383 - https://juvl1ne.github.io/2024/04/18/novel-plus-vulnerability/
 CVE-2024-33398 - https://github.com/HouqiyuA/k8s-rbac-poc
 CVE-2024-33423 - https://github.com/adiapera/xss_language_cmsimple_5.15
 CVE-2024-33424 - https://github.com/adiapera/xss_language_cmsimple_5.15
 CVE-2024-33427 - https://github.com/squid-cache/squid/pull/1763
 CVE-2024-33428 - https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/heap-buffer-overflow-1/heap-buffer-overflow-1.assets/image-20240420005017430.png
 CVE-2024-33428 - https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/heap-buffer-overflow-1/heap-buffer-overflow-1.md
 CVE-2024-33428 - https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/heap-buffer-overflow-1/poc
@ -33495,6 +33515,7 @@ CVE-2024-33788 - https://github.com/ymkyu/CVE/tree/main/CVE-2024-33788
 CVE-2024-33789 - https://github.com/ymkyu/CVE/tree/main/CVE-2024-33789
 CVE-2024-33792 - https://github.com/ymkyu/CVE/tree/main/CVE-2024-33792
 CVE-2024-33793 - https://github.com/ymkyu/CVE/tree/main/CVE-2024-33793
 CVE-2024-33809 - https://github.com/pingcap/tidb/issues/52159
 CVE-2024-33820 - https://gist.github.com/Swind1er/ee095fbfe13f77a5b45b39a5aa82bd17
 CVE-2024-33829 - https://github.com/xyaly163/cms/blob/main/1.md
 CVE-2024-33830 - https://github.com/xyaly163/cms/blob/main/2.md
@ -33844,4 +33865,5 @@ CVE-2024-5134 - https://github.com/BurakSevben/CVEs/blob/main/Electricity%20Cons
 CVE-2024-5135 - https://github.com/BurakSevben/CVEs/blob/main/Directory%20Management%20System/Directory%20Management%20System%20-%20SQL%20Injection%20-%201.md
 CVE-2024-5136 - https://github.com/BurakSevben/CVEs/blob/main/Directory%20Management%20System/Directory%20Management%20System%20-%20Cross-Site-Scripting%20-%201.md
 CVE-2024-5137 - https://github.com/BurakSevben/CVEs/blob/main/Directory%20Management%20System/Directory%20Management%20System%20-%20Cross-Site-Scripting%20-%202.md
-CVE-2024-5145 - https://github.com/CveSecLook/cve/issues/38
+CVE-2024-5145 - https://github.com/CveSecLook/cve/issues/38
 CVE-2024-5145 - https://github.com/CveSecLook/cve/issues/38CVE-2020-7009 - https://www.elastic.co/community/security/