Update CVE sources 2024-08-18 19:26

2007/CVE-2007-2426.md

@@ -14,5 +14,6 @@ PHP remote file inclusion vulnerability in myfunctions/mygallerybrowser.php in t
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon
+- https://github.com/goudunz1/CVE-2007-2426
 - https://github.com/warriordog/little-log-scan
 

2009/CVE-2009-4762.md

@@ -0,0 +1,17 @@
+### [CVE-2009-4762](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4762)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603.
+
+### POC
+
+#### Reference
+- http://ubuntu.com/usn/usn-941-1
+
+#### Github
+No PoCs found on GitHub currently.
+

2011/CVE-2011-2938.md

@@ -12,6 +12,7 @@ Multiple cross-site scripting (XSS) vulnerabilities in filter_api.php in MantisB
 #### Reference
 - http://packetstormsecurity.org/files/104149
 - http://securityreason.com/securityalert/8391
+- https://bugzilla.redhat.com/show_bug.cgi?id=731777
 
 #### Github
 No PoCs found on GitHub currently.

2014/CVE-2014-0160.md

@@ -402,6 +402,7 @@ The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not p
 - https://github.com/luciusmona/NSAKEY-OpenVPN-install
 - https://github.com/madhavmehndiratta/Google-Code-In-2019
 - https://github.com/mahyarx/pentest-tools
+- https://github.com/maitejartf/awesome-security
 - https://github.com/majidkalantarii/WebHacking
 - https://github.com/marianobarrios/tls-channel
 - https://github.com/marrocamp/Impressionante-pentest

2014/CVE-2014-6271.md

@@ -461,6 +461,7 @@ GNU Bash through 4.3 processes trailing strings after function definitions in th
 - https://github.com/loyality7/Awesome-Cyber
 - https://github.com/lp008/Hack-readme
 - https://github.com/mahyarx/pentest-tools
+- https://github.com/maitejartf/awesome-security
 - https://github.com/majidkalantarii/WebHacking
 - https://github.com/make0day/pentest
 - https://github.com/maragard/genestealer

2019/CVE-2019-11447.md

@@ -24,6 +24,7 @@ An issue was discovered in CutePHP CuteNews 2.1.2. An attacker can infiltrate th
 - https://github.com/CRFSlick/CVE-2019-11447-POC
 - https://github.com/ColdFusionX/CVE-2019-11447_CuteNews-AvatarUploadRCE
 - https://github.com/Meowmycks/OSCPprep-Cute
+- https://github.com/Mr-Tree-S/POC_EXP
 - https://github.com/anquanscan/sec-tools
 - https://github.com/developer3000S/PoC-in-GitHub
 - https://github.com/dinesh876/CVE-2019-11447-POC

2022/CVE-2022-1751.md

@@ -0,0 +1,17 @@
+### [CVE-2022-1751](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1751)
+![](https://img.shields.io/static/v1?label=Product&message=Skitter%20Slideshow&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.5.2%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-918%20Server-Side%20Request%20Forgery%20(SSRF)&color=brighgreen)
+
+### Description
+
+The Skitter Slideshow plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.2 via the /image.php file. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+

2022/CVE-2022-4532.md

@@ -0,0 +1,17 @@
+### [CVE-2022-4532](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4532)
+![](https://img.shields.io/static/v1?label=Product&message=LOGIN%20AND%20REGISTRATION%20ATTEMPTS%20LIMIT&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.1%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-348%20Use%20of%20Less%20Trusted%20Source&color=brighgreen)
+
+### Description
+
+The LOGIN AND REGISTRATION ATTEMPTS LIMIT plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.1. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address from logging in.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+

2023/CVE-2023-0714.md

@@ -0,0 +1,17 @@
+### [CVE-2023-0714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0714)
+![](https://img.shields.io/static/v1?label=Product&message=MetForm%20%E2%80%93%20Contact%20Form%2C%20Survey%2C%20Quiz%2C%20%26%20Custom%20Form%20Builder%20for%20Elementor&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%203.2.4%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload%20of%20File%20with%20Dangerous%20Type&color=brighgreen)
+
+### Description
+
+The Metform Elementor Contact Form Builder for WordPress is vulnerable to Arbitrary File Upload due to insufficient file type validation in versions up to, and including, 3.2.4. This allows unauthenticated visitors to perform a "double extension" attack and upload files containing a malicious extension but ending with a benign extension, which may make remote code execution possible in some configurations.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+

2023/CVE-2023-1604.md

@@ -0,0 +1,17 @@
+### [CVE-2023-1604](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1604)
+![](https://img.shields.io/static/v1?label=Product&message=Short%20URL&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.6.8%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen)
+
+### Description
+
+The Short URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.8. This is due to missing or incorrect nonce validation on the configuration_page function. This makes it possible for unauthenticated attackers to add and import redirects, including comments containing cross-site scripting as detailed in CVE-2023-1602, granted they can trick a site administrator into performing an action such as clicking on a link.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+

2023/CVE-2023-3408.md

@@ -0,0 +1,17 @@
+### [CVE-2023-3408](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3408)
+![](https://img.shields.io/static/v1?label=Product&message=Bricks&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.8.1%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen)
+
+### Description
+
+The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'save_settings' function. This makes it possible for unauthenticated attackers to modify the theme's settings, including enabling a setting which allows lower-privileged users such as contributors to perform code execution, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+

2023/CVE-2023-3409.md

@@ -0,0 +1,17 @@
+### [CVE-2023-3409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3409)
+![](https://img.shields.io/static/v1?label=Product&message=Bricks&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.8.1%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen)
+
+### Description
+
+The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'reset_settings' function. This makes it possible for unauthenticated attackers to reset the theme's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+

2023/CVE-2023-3416.md

@@ -0,0 +1,17 @@
+### [CVE-2023-3416](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3416)
+![](https://img.shields.io/static/v1?label=Product&message=tagDiv%20Opt-In%20Builder&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.4.4%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen)
+
+### Description
+
+The tagDiv Opt-In Builder plugin is vulnerable to Blind SQL Injection via the 'subscriptionCouponId' parameter via the 'create_stripe_subscription' REST API endpoint in versions up to, and including, 1.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with administrator-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+

2023/CVE-2023-3419.md

@@ -0,0 +1,17 @@
+### [CVE-2023-3419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3419)
+![](https://img.shields.io/static/v1?label=Product&message=tagDiv%20Opt-In%20Builder&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.4.4%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen)
+
+### Description
+
+The tagDiv Opt-In Builder plugin is vulnerable to Blind SQL Injection via the 'couponId' parameter of the 'recreate_stripe_subscription' REST API endpoint in versions up to, and including, 1.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with administrator-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+

2023/CVE-2023-3521.md

@@ -13,5 +13,5 @@ Cross-site Scripting (XSS) - Reflected in GitHub repository fossbilling/fossbill
 - https://huntr.dev/bounties/76a3441d-7f75-4a8d-a7a0-95a7f5456eb0
 
 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/20142995/nuclei-templates
 

2023/CVE-2023-39351.md

@@ -13,5 +13,5 @@ FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released
 - https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q9x9-cqjc-rgwq
 
 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/DiRaltvein/memory-corruption-examples
 

2023/CVE-2023-4024.md

@@ -0,0 +1,17 @@
+### [CVE-2023-4024](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4024)
+![](https://img.shields.io/static/v1?label=Product&message=Radio%20Player%20%E2%80%93%20Live%20Shoutcast%2C%20Icecast%20and%20Any%20Audio%20Stream%20Player%20for%20WordPress&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.0.73%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen)
+
+### Description
+
+The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_player function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to delete player instances.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+

2023/CVE-2023-4025.md

@@ -0,0 +1,17 @@
+### [CVE-2023-4025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4025)
+![](https://img.shields.io/static/v1?label=Product&message=Radio%20Player%20%E2%80%93%20Live%20Shoutcast%2C%20Icecast%20and%20Any%20Audio%20Stream%20Player%20for%20WordPress&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.0.73%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen)
+
+### Description
+
+The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_player function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to update player instances.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+

2023/CVE-2023-4027.md

@@ -0,0 +1,17 @@
+### [CVE-2023-4027](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4027)
+![](https://img.shields.io/static/v1?label=Product&message=Radio%20Player%20%E2%80%93%20Live%20Shoutcast%2C%20Icecast%20and%20Any%20Audio%20Stream%20Player%20for%20WordPress&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.0.73%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen)
+
+### Description
+
+The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_settings function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to update plugin settings.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+

2023/CVE-2023-4507.md

@@ -0,0 +1,17 @@
+### [CVE-2023-4507](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4507)
+![](https://img.shields.io/static/v1?label=Product&message=Admission%20AppManager&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.0.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+The Admission AppManager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'q' parameter in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+

2023/CVE-2023-4604.md

@@ -0,0 +1,17 @@
+### [CVE-2023-4604](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4604)
+![](https://img.shields.io/static/v1?label=Product&message=Slideshow%2C%20Image%20Slider%20by%202J&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.3.54%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+The Slideshow, Image Slider by 2J plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘post’ parameter in versions up to, and including, 1.3.54 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+

2023/CVE-2023-4730.md

@@ -0,0 +1,17 @@
+### [CVE-2023-4730](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4730)
+![](https://img.shields.io/static/v1?label=Product&message=LadiApp%3A%20Landing%20Page%2C%20PopupX%2C%20Marketing%20Automation%2C%20Affiliate%20Marketing%E2%80%A6&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%204.3%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen)
+
+### Description
+
+The LadiApp plugn for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init_endpoint() function hooked via 'init' in versions up to, and including, 4.3. This makes it possible for unauthenticated attackers to modify a variety of settings. An attacker can directly modify the 'ladipage_key' which enables them to create new posts on the website and inject malicious web scripts.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+

2023/CVE-2023-5505.md

@@ -0,0 +1,17 @@
+### [CVE-2023-5505](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5505)
+![](https://img.shields.io/static/v1?label=Product&message=BackWPup%20%E2%80%93%20WordPress%20Backup%20%26%20Restore%20Plugin&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%204.0.1%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen)
+
+### Description
+
+The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the job-specific backup folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally, default settings will place an index.php and a .htaccess file into the chosen directory (unless already present) when the first backup job is run that are intended to prevent directory listing and file access. This means that an attacker could set the backup directory to the root of another site in a shared environment and thus disable that site.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+

2024/CVE-2024-36991.md

@@ -13,6 +13,7 @@ In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an atta
 No PoCs from references.
 
 #### Github
+- https://github.com/0xMarcio/cve
 - https://github.com/Ostorlab/KEV
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/onewinner/POCS

2024/CVE-2024-38021.md

@@ -19,4 +19,5 @@ No PoCs from references.
 
 #### Github
 - https://github.com/cybereagle2001/KQL-Security-Querries
+- https://github.com/delivr-to/detections
 

2024/CVE-2024-38063.md

@@ -55,5 +55,6 @@ No PoCs from references.
 - https://github.com/being1943/my_rss_reader
 - https://github.com/kherrick/hacker-news
 - https://github.com/nomi-sec/PoC-in-GitHub
+- https://github.com/tanjiti/sec_profile
 - https://github.com/zhaoolee/garss
 

2024/CVE-2024-38475.md

@@ -0,0 +1,17 @@
+### [CVE-2024-38475](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475)
+![](https://img.shields.io/static/v1?label=Product&message=Apache%20HTTP%20Server&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=2.4.0%3C%3D%202.4.59%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-116%20Improper%20Encoding%20or%20Escaping%20of%20Output&color=brighgreen)
+
+### Description
+
+Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected.  Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/nomi-sec/PoC-in-GitHub
+

2024/CVE-2024-40776.md

@@ -20,6 +20,8 @@ A use-after-free issue was addressed with improved memory management. This issue
 #### Reference
 - http://seclists.org/fulldisclosure/2024/Jul/15
 - http://seclists.org/fulldisclosure/2024/Jul/16
+- http://seclists.org/fulldisclosure/2024/Jul/17
+- http://seclists.org/fulldisclosure/2024/Jul/18
 
 #### Github
 No PoCs found on GitHub currently.

2024/CVE-2024-40779.md

@@ -20,6 +20,8 @@ An out-of-bounds read was addressed with improved bounds checking. This issue is
 #### Reference
 - http://seclists.org/fulldisclosure/2024/Jul/15
 - http://seclists.org/fulldisclosure/2024/Jul/16
+- http://seclists.org/fulldisclosure/2024/Jul/17
+- http://seclists.org/fulldisclosure/2024/Jul/18
 
 #### Github
 No PoCs found on GitHub currently.

2024/CVE-2024-40780.md

@@ -20,6 +20,8 @@ An out-of-bounds read was addressed with improved bounds checking. This issue is
 #### Reference
 - http://seclists.org/fulldisclosure/2024/Jul/15
 - http://seclists.org/fulldisclosure/2024/Jul/16
+- http://seclists.org/fulldisclosure/2024/Jul/17
+- http://seclists.org/fulldisclosure/2024/Jul/18
 
 #### Github
 No PoCs found on GitHub currently.

2024/CVE-2024-41660.md

@@ -0,0 +1,17 @@
+### [CVE-2024-41660](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41660)
+![](https://img.shields.io/static/v1?label=Product&message=slpd-lite&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20all%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-120%3A%20Buffer%20Copy%20without%20Checking%20Size%20of%20Input%20('Classic%20Buffer%20Overflow')&color=brighgreen)
+
+### Description
+
+slpd-lite is a unicast SLP UDP server. Any OpenBMC system that includes the slpd-lite package is impacted. Installing this package is the default when building OpenBMC. Nefarious users can send slp packets to the BMC using UDP port 427 to cause memory overflow issues within the slpd-lite daemon on the BMC. Patches will be available in the latest openbmc/slpd-lite repository.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/tanjiti/sec_profile
+

2024/CVE-2024-42318.md

@@ -10,7 +10,8 @@ In the Linux kernel, the following vulnerability has been resolved:landlock: Don
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://lore.kernel.org/all/20240817.shahka3Ee1iy@digikod.net/
+- https://www.openwall.com/lists/oss-security/2024/08/17/2
 
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds

2024/CVE-2024-5420.md

@@ -16,5 +16,5 @@ Missing input validation in the SEH Computertechnik utnserver Pro, SEH Computer
 - https://cyberdanube.com/en/en-multiple-vulnerabilities-in-oring-iap420/index.html
 
 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/20142995/nuclei-templates
 

2024/CVE-2024-5421.md

@@ -16,5 +16,5 @@ Missing input validation and OS command integration of the input in the utnserve
 - https://cyberdanube.com/en/en-multiple-vulnerabilities-in-seh-untserver-pro/index.html
 
 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/20142995/nuclei-templates
 

2024/CVE-2024-6043.md

@@ -13,5 +13,5 @@ A vulnerability classified as critical has been found in SourceCodester Best Hou
 - https://github.com/yezzzo/y3/blob/main/SourceCodester%20Best%20house%20rental%20management%20system%20project%20in%20php%201.0%20SQL%20Injection.md
 
 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/nomi-sec/PoC-in-GitHub
 

2024/CVE-2024-6500.md

@@ -0,0 +1,19 @@
+### [CVE-2024-6500](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6500)
+![](https://img.shields.io/static/v1?label=Product&message=InPost%20PL&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=InPost%20for%20WooCommerce&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.4.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.4.4%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen)
+
+### Description
+
+The InPost for WooCommerce plugin and InPost PL plugin for WordPress are vulnerable to unauthorized access and deletion of data due to a missing capability check on the 'parse_request' function in all versions up to, and including, 1.4.0 (for InPost for WooCommerce) as well as 1.4.4 (for InPost PL). This makes it possible for unauthenticated attackers to read and delete arbitrary files on Windows servers. On Linux servers, only files within the WordPress install will be deleted, but all files can be read.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+

2024/CVE-2024-6893.md

@@ -13,5 +13,6 @@ The "soap_cgi.pyc" API handler allows the XML body of SOAP requests to contain r
 - https://korelogic.com/Resources/Advisories/KL-001-2024-010.txt
 
 #### Github
+- https://github.com/20142995/nuclei-templates
 - https://github.com/fkie-cad/nvd-json-data-feeds
 

2024/CVE-2024-7094.md

@@ -15,4 +15,5 @@ No PoCs from references.
 #### Github
 - https://github.com/20142995/nuclei-templates
 - https://github.com/fkie-cad/nvd-json-data-feeds
+- https://github.com/nomi-sec/PoC-in-GitHub
 

2024/CVE-2024-7646.md

@@ -0,0 +1,17 @@
+### [CVE-2024-7646](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7646)
+![](https://img.shields.io/static/v1?label=Product&message=ingress-nginx&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%20Improper%20Input%20Validation&color=brighgreen)
+
+### Description
+
+A security issue was discovered in ingress-nginx where an actor with permission to create Ingress objects (in the `networking.k8s.io` or `extensions` API group) can bypass annotation validation to inject arbitrary commands and obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/nomi-sec/PoC-in-GitHub
+

2024/CVE-2024-7703.md

@@ -0,0 +1,19 @@
+### [CVE-2024-7703](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7703)
+![](https://img.shields.io/static/v1?label=Product&message=ARMember%20%E2%80%93%20Membership%20Plugin%2C%20Content%20Restriction%2C%20Member%20Levels%2C%20User%20Profile%20%26%20User%20signup&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%204.0.37%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.0.37 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+- https://github.com/lfillaz/CVE-2024-7703
+- https://github.com/nomi-sec/PoC-in-GitHub
+

2024/CVE-2024-7738.md

@@ -0,0 +1,18 @@
+### [CVE-2024-7738](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7738)
+![](https://img.shields.io/static/v1?label=Product&message=vscode-markdown-pdf&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%201.5.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-21%20Pathname%20Traversal&color=brighgreen)
+
+### Description
+
+A vulnerability, which was classified as problematic, has been found in yzane vscode-markdown-pdf 1.5.0. Affected by this issue is some unknown functionality of the component Markdown File Handler. The manipulation leads to pathname traversal. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
+
+### POC
+
+#### Reference
+- https://github.com/abhi-ingle/Vulnerability-Research/blob/main/POC/Arbitrary%20File%20Read/file_read_report.md
+- https://github.com/abhi-ingle/Vulnerability-Research/blob/main/POC/Arbitrary%20File%20Read/poc_arbitrary_file_read.mp4
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-7739.md

@@ -0,0 +1,18 @@
+### [CVE-2024-7739](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7739)
+![](https://img.shields.io/static/v1?label=Product&message=vscode-markdown-pdf&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%201.5.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen)
+
+### Description
+
+A vulnerability, which was classified as problematic, was found in yzane vscode-markdown-pdf 1.5.0. This affects an unknown part. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
+
+### POC
+
+#### Reference
+- https://github.com/abhi-ingle/Vulnerability-Research/blob/main/POC/Script%20Injection/poc_script_inject.mp4
+- https://github.com/abhi-ingle/Vulnerability-Research/blob/main/POC/Script%20Injection/script_injection_report.md
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-7742.md

@@ -0,0 +1,17 @@
+### [CVE-2024-7742](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7742)
+![](https://img.shields.io/static/v1?label=Product&message=ltcms&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0.20%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-918%20Server-Side%20Request%20Forgery&color=brighgreen)
+
+### Description
+
+A vulnerability was found in wanglongcn ltcms 1.0.20. It has been classified as critical. Affected is the function multiDownload of the file /api/file/multiDownload of the component API Endpoint. The manipulation of the argument file leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
+
+### POC
+
+#### Reference
+- https://github.com/DeepMountains/Mirage/blob/main/CVE14-3.md
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-7750.md

@@ -0,0 +1,17 @@
+### [CVE-2024-7750](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7750)
+![](https://img.shields.io/static/v1?label=Product&message=Clinics%20Patient%20Management%20System&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen)
+
+### Description
+
+A vulnerability has been found in SourceCodester Clinics Patient Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /medicines.php. The manipulation of the argument medicine_name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
+
+### POC
+
+#### Reference
+- https://github.com/Wsstiger/cve/blob/main/Clinic's_sql.md
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-7754.md

@@ -0,0 +1,17 @@
+### [CVE-2024-7754](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7754)
+![](https://img.shields.io/static/v1?label=Product&message=Clinics%20Patient%20Management%20System&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen)
+
+### Description
+
+A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /ajax/check_medicine_name.php. The manipulation of the argument user_name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
+
+### POC
+
+#### Reference
+- https://github.com/Wsstiger/cve/blob/main/Clinic's_sql3.md
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-7793.md

@@ -0,0 +1,17 @@
+### [CVE-2024-7793](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7793)
+![](https://img.shields.io/static/v1?label=Product&message=Task%20Progress%20Tracker&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen)
+
+### Description
+
+A vulnerability was found in SourceCodester Task Progress Tracker 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /endpoint/add-task.php. The manipulation of the argument task_name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
+
+### POC
+
+#### Reference
+- https://github.com/joinia/webray.com.cn/blob/main/Task-Progress-Tracker/Task-Progress-Trackerxss.md
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-7798.md

@@ -0,0 +1,17 @@
+### [CVE-2024-7798](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7798)
+![](https://img.shields.io/static/v1?label=Product&message=Simple%20Online%20Bidding%20System&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen)
+
+### Description
+
+A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /simple-online-bidding-system/bidding/admin/ajax.php?action=login2. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
+
+### POC
+
+#### Reference
+- https://github.com/Wsstiger/cve/blob/main/Sourcecoster_sql2.md
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-7799.md

@@ -0,0 +1,17 @@
+### [CVE-2024-7799](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7799)
+![](https://img.shields.io/static/v1?label=Product&message=Simple%20Online%20Bidding%20System&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-285%20Improper%20Authorization&color=brighgreen)
+
+### Description
+
+A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /simple-online-bidding-system/bidding/admin/users.php. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
+
+### POC
+
+#### Reference
+- https://github.com/Wsstiger/cve/blob/main/Sourcecoster_unauthorized.md
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-7800.md

@@ -0,0 +1,17 @@
+### [CVE-2024-7800](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7800)
+![](https://img.shields.io/static/v1?label=Product&message=Simple%20Online%20Bidding%20System&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen)
+
+### Description
+
+A vulnerability classified as critical has been found in SourceCodester Simple Online Bidding System 1.0. This affects an unknown part of the file /simple-online-bidding-system/bidding/admin/ajax.php?action=delete_product. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
+
+### POC
+
+#### Reference
+- https://github.com/Wsstiger/cve/blob/main/Sourcecoster_sql3.md
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-7808.md

@@ -0,0 +1,17 @@
+### [CVE-2024-7808](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7808)
+![](https://img.shields.io/static/v1?label=Product&message=Job%20Portal&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen)
+
+### Description
+
+A vulnerability was found in code-projects Job Portal 1.0. It has been classified as critical. Affected is an unknown function of the file logindbc.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
+
+### POC
+
+#### Reference
+- https://github.com/XYgit-99/cve/issues/1
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-7809.md

@@ -0,0 +1,17 @@
+### [CVE-2024-7809](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7809)
+![](https://img.shields.io/static/v1?label=Product&message=Online%20Graduate%20Tracer%20System&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-548%20Exposure%20of%20Information%20Through%20Directory%20Listing&color=brighgreen)
+
+### Description
+
+A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /tracking/nbproject/. The manipulation leads to exposure of information through directory listing. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
+
+### POC
+
+#### Reference
+- https://github.com/Wsstiger/cve/blob/main/Tracer_mu.md
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-7812.md

@@ -0,0 +1,17 @@
+### [CVE-2024-7812](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7812)
+![](https://img.shields.io/static/v1?label=Product&message=Best%20House%20Rental%20Management%20System&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen)
+
+### Description
+
+A vulnerability classified as problematic was found in SourceCodester Best House Rental Management System 1.0. This vulnerability affects unknown code of the file /rental_0/rental/ajax.php?action=save_tenant of the component POST Parameter Handler. The manipulation of the argument lastname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
+
+### POC
+
+#### Reference
+- https://github.com/lscjl/lsi.webray.com.cn/blob/main/CVE-project/rental%20management%20system%20Stored%20Cross-Site%20Scripting(XSS).md
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-7828.md

@@ -0,0 +1,36 @@
+### [CVE-2024-7828](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7828)
+![](https://img.shields.io/static/v1?label=Product&message=DNR-202L&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=DNR-322L&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=DNR-326&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=DNS-1100-4&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=DNS-120&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=DNS-1200-05&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=DNS-1550-04&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=DNS-315L&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=DNS-320&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=DNS-320L&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=DNS-320LW&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=DNS-321&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=DNS-323&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=DNS-325&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=DNS-326&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=DNS-327L&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=DNS-340L&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=DNS-343&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=DNS-345&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=DNS-726-4&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%2020240814%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-120%20Buffer%20Overflow&color=brighgreen)
+
+### Description
+
+** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. This vulnerability affects the function cgi_set_cover of the file /cgi-bin/photocenter_mgr.cgi. The manipulation of the argument album_name leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.
+
+### POC
+
+#### Reference
+- https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_set_cover.md
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-7829.md

@@ -29,7 +29,7 @@
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_del_photo.md
 
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds

2024/CVE-2024-7830.md

@@ -29,7 +29,7 @@
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_move_photo.md
 
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds

2024/CVE-2024-7831.md

@@ -29,7 +29,7 @@
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_get_cooliris.md
 
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds

2024/CVE-2024-7832.md

@@ -29,7 +29,7 @@
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_get_fullscreen_photos.md
 
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds

2024/CVE-2024-7838.md

@@ -0,0 +1,17 @@
+### [CVE-2024-7838](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7838)
+![](https://img.shields.io/static/v1?label=Product&message=Online%20Food%20Ordering%20System&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen)
+
+### Description
+
+A vulnerability was found in itsourcecode Online Food Ordering System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /addcategory.php. The manipulation of the argument cname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
+
+### POC
+
+#### Reference
+- https://github.com/ppp-src/a/issues/1
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-7839.md

@@ -0,0 +1,17 @@
+### [CVE-2024-7839](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7839)
+![](https://img.shields.io/static/v1?label=Product&message=Billing%20System&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen)
+
+### Description
+
+A vulnerability classified as critical has been found in itsourcecode Billing System 1.0. This affects an unknown part of the file addbill.php. The manipulation of the argument owners_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
+
+### POC
+
+#### Reference
+- https://github.com/ppp-src/a/issues/2
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-7841.md

@@ -0,0 +1,17 @@
+### [CVE-2024-7841](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7841)
+![](https://img.shields.io/static/v1?label=Product&message=Clinics%20Patient%20Management%20System&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen)
+
+### Description
+
+A vulnerability classified as critical was found in SourceCodester Clinics Patient Management System 1.0. This vulnerability affects unknown code of the file /pms/ajax/check_user_name.php. The manipulation of the argument user_name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
+
+### POC
+
+#### Reference
+- https://github.com/qqlove555/cve/blob/main/sql.md
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-7842.md

@@ -0,0 +1,17 @@
+### [CVE-2024-7842](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7842)
+![](https://img.shields.io/static/v1?label=Product&message=Online%20Graduate%20Tracer%20System&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Information%20Disclosure&color=brighgreen)
+
+### Description
+
+A vulnerability, which was classified as problematic, has been found in SourceCodester Online Graduate Tracer System 1.0. This issue affects some unknown processing of the file /tracking/admin/export_it.php. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
+
+### POC
+
+#### Reference
+- https://github.com/Wsstiger/cve/blob/main/Tracer_info.md
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-7845.md

@@ -0,0 +1,17 @@
+### [CVE-2024-7845](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7845)
+![](https://img.shields.io/static/v1?label=Product&message=Online%20Graduate%20Tracer%20System&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen)
+
+### Description
+
+A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /tracking/admin/fetch_it.php. The manipulation of the argument request leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
+
+### POC
+
+#### Reference
+- https://github.com/Wsstiger/cve/blob/main/Tracer_sql2.md
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-7849.md

@@ -0,0 +1,36 @@
+### [CVE-2024-7849](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7849)
+![](https://img.shields.io/static/v1?label=Product&message=DNR-202L&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=DNR-322L&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=DNR-326&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=DNS-1100-4&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=DNS-120&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=DNS-1200-05&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=DNS-1550-04&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=DNS-315L&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=DNS-320&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=DNS-320L&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=DNS-320LW&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=DNS-321&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=DNS-323&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=DNS-325&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=DNS-326&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=DNS-327L&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=DNS-340L&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=DNS-343&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=DNS-345&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=DNS-726-4&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%2020240814%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-120%20Buffer%20Overflow&color=brighgreen)
+
+### Description
+
+** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. This affects the function cgi_create_album of the file /cgi-bin/photocenter_mgr.cgi. The manipulation of the argument current_path leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.
+
+### POC
+
+#### Reference
+- https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_create_album.md
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-7851.md

@@ -0,0 +1,17 @@
+### [CVE-2024-7851](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7851)
+![](https://img.shields.io/static/v1?label=Product&message=Yoga%20Class%20Registration%20System&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-285%20Improper%20Authorization&color=brighgreen)
+
+### Description
+
+A vulnerability has been found in SourceCodester Yoga Class Registration System 1.0 and classified as critical. This vulnerability affects unknown code of the file /classes/Users.php?f=save of the component Add User Handler. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
+
+### POC
+
+#### Reference
+- https://github.com/Wsstiger/cve/blob/main/Yoga_add.md
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-7852.md

@@ -0,0 +1,17 @@
+### [CVE-2024-7852](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7852)
+![](https://img.shields.io/static/v1?label=Product&message=Yoga%20Class%20Registration%20System&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen)
+
+### Description
+
+A vulnerability was found in SourceCodester Yoga Class Registration System 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/inquiries/view_inquiry.php. The manipulation of the argument message leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
+
+### POC
+
+#### Reference
+- https://github.com/Wsstiger/cve/blob/main/Yoga_xss.md
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-7887.md

@@ -10,7 +10,7 @@ A vulnerability was found in LimeSurvey 6.3.0-231016 and classified as problemat
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://github.com/Hebing123/cve/issues/67
 
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds

2024/CVE-2024-7896.md

@@ -0,0 +1,17 @@
+### [CVE-2024-7896](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7896)
+![](https://img.shields.io/static/v1?label=Product&message=Online%20Store%20Management%20System%20%E3%83%8D%E3%83%83%E3%83%88%E5%BA%97%E8%88%97%E7%AE%A1%E7%90%86%E3%82%B7%E3%82%B9%E3%83%86%E3%83%A0&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%204.02%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-77%20Command%20Injection&color=brighgreen)
+
+### Description
+
+A vulnerability was found in Tosei Online Store Management System ネット店舗管理システム 4.02/4.03/4.04. It has been rated as critical. Affected by this issue is some unknown functionality of the file /cgi-bin/p1_ftpserver.php. The manipulation of the argument adr_txt leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
+
+### POC
+
+#### Reference
+- https://gist.github.com/b0rgch3n/4788c7c429d49095915d84161a157295
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+

2024/CVE-2024-7897.md

@@ -0,0 +1,17 @@
+### [CVE-2024-7897](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7897)
+![](https://img.shields.io/static/v1?label=Product&message=Online%20Store%20Management%20System%20%E3%83%8D%E3%83%83%E3%83%88%E5%BA%97%E8%88%97%E7%AE%A1%E7%90%86%E3%82%B7%E3%82%B9%E3%83%86%E3%83%A0&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%204.02%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-77%20Command%20Injection&color=brighgreen)
+
+### Description
+
+A vulnerability classified as critical has been found in Tosei Online Store Management System ネット店舗管理システム 4.02/4.03/4.04. This affects an unknown part of the file /cgi-bin/tosei_kikai.php. The manipulation of the argument kikaibangou leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
+
+### POC
+
+#### Reference
+- https://gist.github.com/b0rgch3n/bb47a1ed6f66c1e8c7a80f210f4ac8ef
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+

2024/CVE-2024-7898.md

@@ -0,0 +1,17 @@
+### [CVE-2024-7898](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7898)
+![](https://img.shields.io/static/v1?label=Product&message=Online%20Store%20Management%20System%20%E3%83%8D%E3%83%83%E3%83%88%E5%BA%97%E8%88%97%E7%AE%A1%E7%90%86%E3%82%B7%E3%82%B9%E3%83%86%E3%83%A0&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%204.02%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1392%20Use%20of%20Default%20Credentials&color=brighgreen)
+
+### Description
+
+A vulnerability classified as critical was found in Tosei Online Store Management System ネット店舗管理システム 4.02/4.03/4.04. This vulnerability affects unknown code of the component Backend. The manipulation leads to use of default credentials. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
+
+### POC
+
+#### Reference
+- https://gist.github.com/b0rgch3n/3136cad95b09e42184fb2d78aae33651
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-7900.md

@@ -0,0 +1,18 @@
+### [CVE-2024-7900](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7900)
+![](https://img.shields.io/static/v1?label=Product&message=TpMeCMS&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%201.3.3.2%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen)
+
+### Description
+
+A vulnerability, which was classified as problematic, was found in xiaohe4966 TpMeCMS 1.3.3.2. Affected is an unknown function of the file /h.php/general/config?ref=addtabs of the component Basic Configuration Handler. The manipulation of the argument Site Name/Beian/Contact address/copyright/technical support leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
+
+### POC
+
+#### Reference
+- https://github.com/DeepMountains/Mirage/blob/main/CVE16-1.md
+- https://github.com/DeepMountains/Mirage/blob/main/CVE16-2.md
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-7904.md

@@ -0,0 +1,17 @@
+### [CVE-2024-7904](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7904)
+![](https://img.shields.io/static/v1?label=Product&message=DedeBIZ&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%206.3.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload&color=brighgreen)
+
+### Description
+
+A vulnerability was found in DedeBIZ 6.3.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file admin/file_manage_control.php of the component File Extension Handler. The manipulation of the argument upfile1 leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+

github.txt

@@ -2049,6 +2049,7 @@ CVE-2007-2383 - https://github.com/sho-h/pkgvulscheck
 CVE-2007-2405 - https://github.com/0xCyberY/CVE-T4PDF
 CVE-2007-2405 - https://github.com/ARPSyndicate/cvemon
 CVE-2007-2426 - https://github.com/ARPSyndicate/cvemon
+CVE-2007-2426 - https://github.com/goudunz1/CVE-2007-2426
 CVE-2007-2426 - https://github.com/warriordog/little-log-scan
 CVE-2007-2438 - https://github.com/ARPSyndicate/cvemon
 CVE-2007-2438 - https://github.com/finagin/encyclopedia
@@ -11909,6 +11910,7 @@ CVE-2014-0160 - https://github.com/loyality7/Awesome-Cyber
 CVE-2014-0160 - https://github.com/luciusmona/NSAKEY-OpenVPN-install
 CVE-2014-0160 - https://github.com/madhavmehndiratta/Google-Code-In-2019
 CVE-2014-0160 - https://github.com/mahyarx/pentest-tools
+CVE-2014-0160 - https://github.com/maitejartf/awesome-security
 CVE-2014-0160 - https://github.com/majidkalantarii/WebHacking
 CVE-2014-0160 - https://github.com/marianobarrios/tls-channel
 CVE-2014-0160 - https://github.com/marrocamp/Impressionante-pentest
@@ -14481,6 +14483,7 @@ CVE-2014-6271 - https://github.com/louisdeck/empiricism
 CVE-2014-6271 - https://github.com/loyality7/Awesome-Cyber
 CVE-2014-6271 - https://github.com/lp008/Hack-readme
 CVE-2014-6271 - https://github.com/mahyarx/pentest-tools
+CVE-2014-6271 - https://github.com/maitejartf/awesome-security
 CVE-2014-6271 - https://github.com/majidkalantarii/WebHacking
 CVE-2014-6271 - https://github.com/make0day/pentest
 CVE-2014-6271 - https://github.com/maragard/genestealer
@@ -64774,6 +64777,7 @@ CVE-2019-11447 - https://github.com/ARPSyndicate/cvemon
 CVE-2019-11447 - https://github.com/CRFSlick/CVE-2019-11447-POC
 CVE-2019-11447 - https://github.com/ColdFusionX/CVE-2019-11447_CuteNews-AvatarUploadRCE
 CVE-2019-11447 - https://github.com/Meowmycks/OSCPprep-Cute
+CVE-2019-11447 - https://github.com/Mr-Tree-S/POC_EXP
 CVE-2019-11447 - https://github.com/anquanscan/sec-tools
 CVE-2019-11447 - https://github.com/developer3000S/PoC-in-GitHub
 CVE-2019-11447 - https://github.com/dinesh876/CVE-2019-11447-POC
@@ -123491,6 +123495,7 @@ CVE-2022-1732 - https://github.com/ARPSyndicate/cvemon
 CVE-2022-1737 - https://github.com/ARPSyndicate/cvemon
 CVE-2022-1737 - https://github.com/JoshuaMart/JoshuaMart
 CVE-2022-1748 - https://github.com/claroty/opcua-exploit-framework
+CVE-2022-1751 - https://github.com/20142995/nuclei-templates
 CVE-2022-1756 - https://github.com/ARPSyndicate/cvemon
 CVE-2022-1757 - https://github.com/ARPSyndicate/cvemon
 CVE-2022-1758 - https://github.com/ARPSyndicate/cvemon
@@ -141796,6 +141801,7 @@ CVE-2022-45299 - https://github.com/whoforget/CVE-POC
 CVE-2022-45299 - https://github.com/youwizard/CVE-POC
 CVE-2022-45313 - https://github.com/ARPSyndicate/cvemon
 CVE-2022-45313 - https://github.com/H4lo/awesome-IoT-security-article
+CVE-2022-4532 - https://github.com/20142995/nuclei-templates
 CVE-2022-45320 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2022-45347 - https://github.com/Threekiii/CVE
 CVE-2022-45354 - https://github.com/RandomRobbieBF/CVE-2022-45354
@@ -143226,6 +143232,7 @@ CVE-2023-0701 - https://github.com/ARPSyndicate/cvemon
 CVE-2023-0702 - https://github.com/ARPSyndicate/cvemon
 CVE-2023-0704 - https://github.com/ARPSyndicate/cvemon
 CVE-2023-0705 - https://github.com/ARPSyndicate/cvemon
+CVE-2023-0714 - https://github.com/20142995/nuclei-templates
 CVE-2023-0732 - https://github.com/ARPSyndicate/cvemon
 CVE-2023-0732 - https://github.com/Vinalti/cve-badge.li
 CVE-2023-0737 - https://github.com/bAuh0lz/Vulnerabilities
@@ -143647,6 +143654,7 @@ CVE-2023-1595 - https://github.com/karimhabush/cyberowl
 CVE-2023-1596 - https://github.com/truocphan/VulnBox
 CVE-2023-1597 - https://github.com/truocphan/VulnBox
 CVE-2023-1598 - https://github.com/morpheuslord/CVE-llm_dataset
+CVE-2023-1604 - https://github.com/20142995/nuclei-templates
 CVE-2023-1614 - https://github.com/ARPSyndicate/cvemon
 CVE-2023-1629 - https://github.com/ARPSyndicate/cvemon
 CVE-2023-1629 - https://github.com/zeze-zeze/WindowsKernelVuln
@@ -149503,6 +149511,8 @@ CVE-2023-34062 - https://github.com/chainguard-dev/pombump
 CVE-2023-34062 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2023-34062 - https://github.com/tanjiti/sec_profile
 CVE-2023-34062 - https://github.com/vaikas/pombump
+CVE-2023-3408 - https://github.com/20142995/nuclei-templates
+CVE-2023-3409 - https://github.com/20142995/nuclei-templates
 CVE-2023-34092 - https://github.com/FlapyPan/test-cve-2023-34092
 CVE-2023-34092 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2023-34094 - https://github.com/aboutbo/aboutbo
@@ -149523,6 +149533,7 @@ CVE-2023-34151 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2023-34152 - https://github.com/SudoIndividual/CVE-2023-34152
 CVE-2023-34152 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2023-34152 - https://github.com/overgrowncarrot1/ImageTragick_CVE-2023-34152
+CVE-2023-3416 - https://github.com/20142995/nuclei-templates
 CVE-2023-34164 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2023-3417 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2023-34174 - https://github.com/hackintoanetwork/hackintoanetwork
@@ -149531,6 +149542,7 @@ CVE-2023-3418 - https://github.com/NaInSec/CVE-LIST
 CVE-2023-34181 - https://github.com/hackintoanetwork/hackintoanetwork
 CVE-2023-34185 - https://github.com/hackintoanetwork/hackintoanetwork
 CVE-2023-34188 - https://github.com/narfindustries/http-garden
+CVE-2023-3419 - https://github.com/20142995/nuclei-templates
 CVE-2023-34190 - https://github.com/LOURC0D3/LOURC0D3
 CVE-2023-34192 - https://github.com/netlas-io/netlas-dorks
 CVE-2023-34197 - https://github.com/fkie-cad/nvd-json-data-feeds
@@ -149924,6 +149936,7 @@ CVE-2023-3519 - https://github.com/telekom-security/cve-2023-3519-citrix-scanner
 CVE-2023-3519 - https://github.com/whoami13apt/files2
 CVE-2023-3519 - https://github.com/xaitax/cisa-catalog-known-vulnerabilities
 CVE-2023-35191 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2023-3521 - https://github.com/20142995/nuclei-templates
 CVE-2023-3528 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2023-3529 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2023-35311 - https://github.com/Douda/PSSymantecCloud
@@ -151473,6 +151486,7 @@ CVE-2023-39326 - https://github.com/testing-felickz/docker-scout-demo
 CVE-2023-39336 - https://github.com/netlas-io/netlas-dorks
 CVE-2023-39341 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2023-39344 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2023-39351 - https://github.com/DiRaltvein/memory-corruption-examples
 CVE-2023-39357 - https://github.com/NaInSec/CVE-LIST
 CVE-2023-39360 - https://github.com/NaInSec/CVE-LIST
 CVE-2023-39361 - https://github.com/NaInSec/CVE-LIST
@@ -151797,7 +151811,10 @@ CVE-2023-40217 - https://github.com/toxyl/lscve
 CVE-2023-40225 - https://github.com/narfindustries/http-garden
 CVE-2023-4023 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2023-40238 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2023-4024 - https://github.com/20142995/nuclei-templates
+CVE-2023-4025 - https://github.com/20142995/nuclei-templates
 CVE-2023-40250 - https://github.com/c0m0r1/c0m0r1
+CVE-2023-4027 - https://github.com/20142995/nuclei-templates
 CVE-2023-40275 - https://github.com/BugBountyHunterCVE/CVE-2023-40275
 CVE-2023-40275 - https://github.com/NaInSec/CVE-LIST
 CVE-2023-40275 - https://github.com/fkie-cad/nvd-json-data-feeds
@@ -153467,10 +153484,12 @@ CVE-2023-45052 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2023-45055 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2023-45058 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2023-45060 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2023-45061 - https://github.com/20142995/nuclei-templates
 CVE-2023-45063 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2023-45064 - https://github.com/hackintoanetwork/hackintoanetwork
 CVE-2023-45068 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2023-45069 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2023-4507 - https://github.com/20142995/nuclei-templates
 CVE-2023-45074 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2023-45102 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2023-45103 - https://github.com/fkie-cad/nvd-json-data-feeds
@@ -153671,6 +153690,7 @@ CVE-2023-45648 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2023-45648 - https://github.com/fractal-visi0n/security-assessement
 CVE-2023-45648 - https://github.com/muneebaashiq/MBProjects
 CVE-2023-45648 - https://github.com/tanjiti/sec_profile
+CVE-2023-45649 - https://github.com/20142995/nuclei-templates
 CVE-2023-45650 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2023-45651 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2023-45653 - https://github.com/fkie-cad/nvd-json-data-feeds
@@ -153858,6 +153878,7 @@ CVE-2023-46023 - https://github.com/ersinerenler/Code-Projects-Simple-Task-List-
 CVE-2023-46024 - https://github.com/ersinerenler/PHPGurukul-Teacher-Subject-Allocation-Management-System-1.0
 CVE-2023-46025 - https://github.com/ersinerenler/PHPGurukul-Teacher-Subject-Allocation-Management-System-1.0
 CVE-2023-46026 - https://github.com/ersinerenler/PHPGurukul-Teacher-Subject-Allocation-Management-System-1.0
+CVE-2023-4604 - https://github.com/20142995/nuclei-templates
 CVE-2023-46058 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2023-46059 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2023-46066 - https://github.com/fkie-cad/nvd-json-data-feeds
@@ -154376,6 +154397,7 @@ CVE-2023-47252 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2023-47254 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2023-47262 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2023-47265 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2023-4730 - https://github.com/20142995/nuclei-templates
 CVE-2023-47320 - https://github.com/RhinoSecurityLabs/CVEs
 CVE-2023-47321 - https://github.com/RhinoSecurityLabs/CVEs
 CVE-2023-47322 - https://github.com/RhinoSecurityLabs/CVEs
@@ -154452,6 +154474,7 @@ CVE-2023-4768 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2023-4769 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2023-47691 - https://github.com/NaInSec/CVE-LIST
 CVE-2023-47691 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2023-47694 - https://github.com/20142995/nuclei-templates
 CVE-2023-47699 - https://github.com/NaInSec/CVE-LIST
 CVE-2023-47699 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2023-47702 - https://github.com/fkie-cad/nvd-json-data-feeds
@@ -156138,6 +156161,7 @@ CVE-2023-5484 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2023-5485 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2023-5486 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2023-5487 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2023-5505 - https://github.com/20142995/nuclei-templates
 CVE-2023-5517 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2023-5517 - https://github.com/fokypoky/places-list
 CVE-2023-5517 - https://github.com/marklogic/marklogic-docker
@@ -169995,6 +170019,7 @@ CVE-2024-36971 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-36971 - https://github.com/tanjiti/sec_profile
 CVE-2024-3698 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-3699 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-36991 - https://github.com/0xMarcio/cve
 CVE-2024-36991 - https://github.com/Ostorlab/KEV
 CVE-2024-36991 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2024-36991 - https://github.com/onewinner/POCS
@@ -170040,6 +170065,7 @@ CVE-2024-37399 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-37407 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-3744 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-3745 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-37450 - https://github.com/20142995/nuclei-templates
 CVE-2024-37465 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-37466 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-3748 - https://github.com/fkie-cad/nvd-json-data-feeds
@@ -170106,6 +170132,7 @@ CVE-2024-37935 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-37952 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-3797 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-38021 - https://github.com/cybereagle2001/KQL-Security-Querries
+CVE-2024-38021 - https://github.com/delivr-to/detections
 CVE-2024-38030 - https://github.com/tomerpeled92/CVE
 CVE-2024-38036 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2024-38041 - https://github.com/nomi-sec/PoC-in-GitHub
@@ -170115,6 +170142,7 @@ CVE-2024-3806 - https://github.com/truonghuuphuc/CVE-2024-3806-AND-CVE-2024-3807
 CVE-2024-38063 - https://github.com/being1943/my_rss_reader
 CVE-2024-38063 - https://github.com/kherrick/hacker-news
 CVE-2024-38063 - https://github.com/nomi-sec/PoC-in-GitHub
+CVE-2024-38063 - https://github.com/tanjiti/sec_profile
 CVE-2024-38063 - https://github.com/zhaoolee/garss
 CVE-2024-3807 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2024-3807 - https://github.com/truonghuuphuc/CVE-2024-3806-AND-CVE-2024-3807-Poc
@@ -170179,6 +170207,7 @@ CVE-2024-3846 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-3847 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-38472 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2024-38473 - https://github.com/nomi-sec/PoC-in-GitHub
+CVE-2024-38475 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2024-38481 - https://github.com/chnzzh/iDRAC-CVE-lib
 CVE-2024-38483 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-38489 - https://github.com/chnzzh/iDRAC-CVE-lib
@@ -170228,6 +170257,7 @@ CVE-2024-38786 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-38787 - https://github.com/20142995/nuclei-templates
 CVE-2024-38787 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-3879 - https://github.com/LaPhilosophie/IoT-vulnerable
+CVE-2024-38793 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2024-3880 - https://github.com/LaPhilosophie/IoT-vulnerable
 CVE-2024-38809 - https://github.com/ch4n3-yoon/ch4n3-yoon
 CVE-2024-3881 - https://github.com/LaPhilosophie/IoT-vulnerable
@@ -170714,6 +170744,7 @@ CVE-2024-41640 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2024-4165 - https://github.com/LaPhilosophie/IoT-vulnerable
 CVE-2024-41651 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2024-4166 - https://github.com/LaPhilosophie/IoT-vulnerable
+CVE-2024-41660 - https://github.com/tanjiti/sec_profile
 CVE-2024-41662 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-41662 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2024-41662 - https://github.com/sh3bu/sh3bu
@@ -170992,6 +171023,7 @@ CVE-2024-43207 - https://github.com/20142995/nuclei-templates
 CVE-2024-43208 - https://github.com/20142995/nuclei-templates
 CVE-2024-43209 - https://github.com/20142995/nuclei-templates
 CVE-2024-43210 - https://github.com/20142995/nuclei-templates
+CVE-2024-43211 - https://github.com/20142995/nuclei-templates
 CVE-2024-43212 - https://github.com/20142995/nuclei-templates
 CVE-2024-43213 - https://github.com/20142995/nuclei-templates
 CVE-2024-43214 - https://github.com/20142995/nuclei-templates
@@ -171026,12 +171058,36 @@ CVE-2024-43233 - https://github.com/20142995/nuclei-templates
 CVE-2024-43233 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-43235 - https://github.com/20142995/nuclei-templates
 CVE-2024-43236 - https://github.com/20142995/nuclei-templates
+CVE-2024-43238 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-4324 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-43276 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-4328 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-43305 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-43306 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-43307 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-43308 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-43309 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-4331 - https://github.com/angelov-1080/CVE_Checker
 CVE-2024-4331 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-43313 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-43318 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-43320 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-43321 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-43324 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-43327 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-43329 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-4333 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-43330 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-43335 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-4334 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-43342 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-43344 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-43346 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-43347 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-43348 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-43349 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-43351 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-43352 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-43358 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-43359 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-43360 - https://github.com/fkie-cad/nvd-json-data-feeds
@@ -171470,6 +171526,8 @@ CVE-2024-5385 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-5389 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-5390 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-5391 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-5420 - https://github.com/20142995/nuclei-templates
+CVE-2024-5421 - https://github.com/20142995/nuclei-templates
 CVE-2024-5423 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-54321 - https://github.com/runwuf/clickhouse-test
 CVE-2024-5438 - https://github.com/fkie-cad/nvd-json-data-feeds
@@ -171563,6 +171621,7 @@ CVE-2024-6004 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-6021 - https://github.com/20142995/nuclei-templates
 CVE-2024-6027 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-6028 - https://github.com/nomi-sec/PoC-in-GitHub
+CVE-2024-6043 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2024-6050 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2024-6070 - https://github.com/20142995/nuclei-templates
 CVE-2024-6095 - https://github.com/sev-hack/sev-hack
@@ -171659,6 +171718,7 @@ CVE-2024-6494 - https://github.com/20142995/nuclei-templates
 CVE-2024-6494 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-6496 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-6498 - https://github.com/20142995/nuclei-templates
+CVE-2024-6500 - https://github.com/20142995/nuclei-templates
 CVE-2024-6518 - https://github.com/fluentform/fluentform
 CVE-2024-6520 - https://github.com/fluentform/fluentform
 CVE-2024-6521 - https://github.com/fluentform/fluentform
@@ -171734,6 +171794,7 @@ CVE-2024-6869 - https://github.com/20142995/nuclei-templates
 CVE-2024-6884 - https://github.com/20142995/nuclei-templates
 CVE-2024-6890 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-6891 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-6893 - https://github.com/20142995/nuclei-templates
 CVE-2024-6893 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-6896 - https://github.com/20142995/nuclei-templates
 CVE-2024-6911 - https://github.com/wy876/POC
@@ -171776,6 +171837,7 @@ CVE-2024-7092 - https://github.com/20142995/nuclei-templates
 CVE-2024-7092 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-7094 - https://github.com/20142995/nuclei-templates
 CVE-2024-7094 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-7094 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2024-7120 - https://github.com/Ostorlab/KEV
 CVE-2024-7120 - https://github.com/komodoooo/Some-things
 CVE-2024-7136 - https://github.com/20142995/nuclei-templates
@@ -171939,13 +172001,16 @@ CVE-2024-7621 - https://github.com/20142995/nuclei-templates
 CVE-2024-7624 - https://github.com/20142995/nuclei-templates
 CVE-2024-7628 - https://github.com/20142995/nuclei-templates
 CVE-2024-7630 - https://github.com/20142995/nuclei-templates
+CVE-2024-7646 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2024-7648 - https://github.com/20142995/nuclei-templates
 CVE-2024-7649 - https://github.com/20142995/nuclei-templates
 CVE-2024-7690 - https://github.com/20142995/nuclei-templates
 CVE-2024-7691 - https://github.com/20142995/nuclei-templates
 CVE-2024-7692 - https://github.com/20142995/nuclei-templates
 CVE-2024-7697 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-7703 - https://github.com/20142995/nuclei-templates
 CVE-2024-7703 - https://github.com/lfillaz/CVE-2024-7703
+CVE-2024-7703 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2024-7704 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-7705 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-7706 - https://github.com/fkie-cad/nvd-json-data-feeds
@@ -171967,6 +172032,8 @@ CVE-2024-7886 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-7887 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-7896 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-7897 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-7904 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-7906 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-87654 - https://github.com/runwuf/clickhouse-test
 CVE-2024-98765 - https://github.com/runwuf/clickhouse-test
 CVE-2024-99999 - https://github.com/kolewttd/wtt

references.txt

@@ -16837,6 +16837,7 @@ CVE-2009-4756 - http://www.exploit-db.com/exploits/8588
 CVE-2009-4757 - http://www.exploit-db.com/exploits/8601
 CVE-2009-4758 - http://www.exploit-db.com/exploits/8568
 CVE-2009-4759 - http://www.exploit-db.com/exploits/8607
+CVE-2009-4762 - http://ubuntu.com/usn/usn-941-1
 CVE-2009-4765 - http://packetstormsecurity.org/1001-exploits/aspcnrhikaye-disclose.txt
 CVE-2009-4766 - http://packetstormsecurity.org/1001-exploits/ypportal-disclose.txt
 CVE-2009-4775 - http://www.exploit-db.com/exploits/9607
@@ -20497,6 +20498,7 @@ CVE-2011-2935 - https://oss-security.openwall.narkive.com/1UH3NYx8/cve-request-e
 CVE-2011-2936 - https://oss-security.openwall.narkive.com/1UH3NYx8/cve-request-elgg-1-7-10-multiple-vulnerabilities
 CVE-2011-2938 - http://packetstormsecurity.org/files/104149
 CVE-2011-2938 - http://securityreason.com/securityalert/8391
+CVE-2011-2938 - https://bugzilla.redhat.com/show_bug.cgi?id=731777
 CVE-2011-2944 - http://packetstormsecurity.org/files/110166/The-Uploader-2.0.4-Eng-Ita-Remote-File-Upload.html
 CVE-2011-2964 - http://www.openwall.com/lists/oss-security/2011/07/13/3
 CVE-2011-2964 - http://www.openwall.com/lists/oss-security/2011/07/18/3
@@ -99374,14 +99376,20 @@ CVE-2024-40775 - http://seclists.org/fulldisclosure/2024/Jul/18
 CVE-2024-40775 - http://seclists.org/fulldisclosure/2024/Jul/19
 CVE-2024-40776 - http://seclists.org/fulldisclosure/2024/Jul/15
 CVE-2024-40776 - http://seclists.org/fulldisclosure/2024/Jul/16
+CVE-2024-40776 - http://seclists.org/fulldisclosure/2024/Jul/17
+CVE-2024-40776 - http://seclists.org/fulldisclosure/2024/Jul/18
 CVE-2024-40777 - http://seclists.org/fulldisclosure/2024/Jul/16
 CVE-2024-40778 - http://seclists.org/fulldisclosure/2024/Jul/16
 CVE-2024-40778 - http://seclists.org/fulldisclosure/2024/Jul/17
 CVE-2024-40778 - http://seclists.org/fulldisclosure/2024/Jul/18
 CVE-2024-40779 - http://seclists.org/fulldisclosure/2024/Jul/15
 CVE-2024-40779 - http://seclists.org/fulldisclosure/2024/Jul/16
+CVE-2024-40779 - http://seclists.org/fulldisclosure/2024/Jul/17
+CVE-2024-40779 - http://seclists.org/fulldisclosure/2024/Jul/18
 CVE-2024-40780 - http://seclists.org/fulldisclosure/2024/Jul/15
 CVE-2024-40780 - http://seclists.org/fulldisclosure/2024/Jul/16
+CVE-2024-40780 - http://seclists.org/fulldisclosure/2024/Jul/17
+CVE-2024-40780 - http://seclists.org/fulldisclosure/2024/Jul/18
 CVE-2024-40781 - http://seclists.org/fulldisclosure/2024/Jul/18
 CVE-2024-40781 - http://seclists.org/fulldisclosure/2024/Jul/19
 CVE-2024-40782 - http://seclists.org/fulldisclosure/2024/Jul/15
@@ -99623,6 +99631,8 @@ CVE-2024-42055 - https://github.com/CervantesSec/cervantes/commit/78631a034d0fb3
 CVE-2024-4210 - https://hackerone.com/reports/2431562
 CVE-2024-4217 - https://wpscan.com/vulnerability/55cb43bf-7c8f-4df7-b4de-bf2bb1c2766d/
 CVE-2024-4224 - https://takeonme.org/cves/CVE-2024-4224.html
+CVE-2024-42318 - https://lore.kernel.org/all/20240817.shahka3Ee1iy@digikod.net/
+CVE-2024-42318 - https://www.openwall.com/lists/oss-security/2024/08/17/2
 CVE-2024-42348 - https://github.com/FOGProject/fogproject/security/advisories/GHSA-456c-4gw3-c9xw
 CVE-2024-42349 - https://github.com/FOGProject/fogproject/security/advisories/GHSA-697m-3c4p-g29h
 CVE-2024-42352 - https://github.com/nuxt/icon/security/advisories/GHSA-cxgv-px37-4mp2
@@ -100470,18 +100480,51 @@ CVE-2024-7705 - https://github.com/DeepMountains/Mirage/blob/main/CVE12-1.md
 CVE-2024-7706 - https://github.com/DeepMountains/Mirage/blob/main/CVE12-2.md
 CVE-2024-7707 - https://github.com/VodkaVortex/IoT/blob/main/formSafeEmailFilter.md
 CVE-2024-7715 - https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_photo_search.md
+CVE-2024-7738 - https://github.com/abhi-ingle/Vulnerability-Research/blob/main/POC/Arbitrary%20File%20Read/file_read_report.md
+CVE-2024-7738 - https://github.com/abhi-ingle/Vulnerability-Research/blob/main/POC/Arbitrary%20File%20Read/poc_arbitrary_file_read.mp4
+CVE-2024-7739 - https://github.com/abhi-ingle/Vulnerability-Research/blob/main/POC/Script%20Injection/poc_script_inject.mp4
+CVE-2024-7739 - https://github.com/abhi-ingle/Vulnerability-Research/blob/main/POC/Script%20Injection/script_injection_report.md
 CVE-2024-7740 - https://github.com/DeepMountains/Mirage/blob/main/CVE14-1.md
 CVE-2024-7741 - https://github.com/DeepMountains/Mirage/blob/main/CVE14-2.md
+CVE-2024-7742 - https://github.com/DeepMountains/Mirage/blob/main/CVE14-3.md
 CVE-2024-7743 - https://github.com/DeepMountains/Mirage/blob/main/CVE14-4.md
 CVE-2024-7748 - https://github.com/joinia/webray.com.cn/blob/main/Accounts-Manager-App/Accounts-Manager-Appsql.md
 CVE-2024-7749 - https://github.com/joinia/webray.com.cn/blob/main/Accounts-Manager-App/Accounts-Manager-Appxss.md
+CVE-2024-7750 - https://github.com/Wsstiger/cve/blob/main/Clinic's_sql.md
 CVE-2024-7751 - https://github.com/Wsstiger/cve/blob/main/Clinic's_sql2.md
 CVE-2024-7752 - https://github.com/Wsstiger/cve/blob/main/Clinic's_xss.md
+CVE-2024-7754 - https://github.com/Wsstiger/cve/blob/main/Clinic's_sql3.md
 CVE-2024-7792 - https://github.com/joinia/webray.com.cn/blob/main/Task-Progress-Tracker/Task-Progress-Trackersql.md
+CVE-2024-7793 - https://github.com/joinia/webray.com.cn/blob/main/Task-Progress-Tracker/Task-Progress-Trackerxss.md
 CVE-2024-7794 - https://github.com/ppp-src/ha/issues/5
+CVE-2024-7798 - https://github.com/Wsstiger/cve/blob/main/Sourcecoster_sql2.md
+CVE-2024-7799 - https://github.com/Wsstiger/cve/blob/main/Sourcecoster_unauthorized.md
+CVE-2024-7800 - https://github.com/Wsstiger/cve/blob/main/Sourcecoster_sql3.md
+CVE-2024-7808 - https://github.com/XYgit-99/cve/issues/1
+CVE-2024-7809 - https://github.com/Wsstiger/cve/blob/main/Tracer_mu.md
 CVE-2024-7810 - https://github.com/Wsstiger/cve/blob/main/Tracer_sql.md
 CVE-2024-7811 - https://github.com/Peanut886/Vulnerability/blob/main/webray.com.cn/2024/daily%20expenses%20monitoring%20app%20-%20delete-expense.php%20sql%20injection%20vulnerability.md
+CVE-2024-7812 - https://github.com/lscjl/lsi.webray.com.cn/blob/main/CVE-project/rental%20management%20system%20Stored%20Cross-Site%20Scripting(XSS).md
 CVE-2024-7813 - https://github.com/CYB84/CVE_Writeup/blob/main/Directory%20Listing.md
 CVE-2024-7814 - https://github.com/CYB84/CVE_Writeup/blob/main/Online%20Railway%20Reservation%20System/Stored%20XSS.md
 CVE-2024-7815 - https://github.com/CYB84/CVE_Writeup/blob/main/Online%20Railway%20Reservation%20System/Stored%20XSS.md
+CVE-2024-7828 - https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_set_cover.md
+CVE-2024-7829 - https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_del_photo.md
+CVE-2024-7830 - https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_move_photo.md
+CVE-2024-7831 - https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_get_cooliris.md
+CVE-2024-7832 - https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_get_fullscreen_photos.md
+CVE-2024-7838 - https://github.com/ppp-src/a/issues/1
+CVE-2024-7839 - https://github.com/ppp-src/a/issues/2
+CVE-2024-7841 - https://github.com/qqlove555/cve/blob/main/sql.md
+CVE-2024-7842 - https://github.com/Wsstiger/cve/blob/main/Tracer_info.md
+CVE-2024-7845 - https://github.com/Wsstiger/cve/blob/main/Tracer_sql2.md
+CVE-2024-7849 - https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_create_album.md
+CVE-2024-7851 - https://github.com/Wsstiger/cve/blob/main/Yoga_add.md
+CVE-2024-7852 - https://github.com/Wsstiger/cve/blob/main/Yoga_xss.md
 CVE-2024-7868 - https://www.xpdfreader.com/security-bug/CVE-2024-7868.html
+CVE-2024-7887 - https://github.com/Hebing123/cve/issues/67
+CVE-2024-7896 - https://gist.github.com/b0rgch3n/4788c7c429d49095915d84161a157295
+CVE-2024-7897 - https://gist.github.com/b0rgch3n/bb47a1ed6f66c1e8c7a80f210f4ac8ef
+CVE-2024-7898 - https://gist.github.com/b0rgch3n/3136cad95b09e42184fb2d78aae33651
+CVE-2024-7900 - https://github.com/DeepMountains/Mirage/blob/main/CVE16-1.md
+CVE-2024-7900 - https://github.com/DeepMountains/Mirage/blob/main/CVE16-2.md