From d2e2cbe9cacf02ebeac5303066c276a1df97ef3f Mon Sep 17 00:00:00 2001 From: 0xMarcio Date: Wed, 21 Aug 2024 13:32:10 +0000 Subject: [PATCH] Update CVE sources 2024-08-21 13:32 --- 2006/CVE-2006-4660.md | 17 ++++++++ 2006/CVE-2006-4661.md | 17 ++++++++ 2006/CVE-2006-5051.md | 2 + 2008/CVE-2008-4109.md | 2 + 2010/CVE-2010-2075.md | 1 + 2013/CVE-2013-0156.md | 1 + 2019/CVE-2019-11080.md | 1 + 2019/CVE-2019-11358.md | 1 + 2022/CVE-2022-3997.md | 17 ++++++++ 2022/CVE-2022-48020.md | 17 ++++++++ 2022/CVE-2022-4891.md | 2 +- 2023/CVE-2023-2290.md | 17 ++++++++ 2023/CVE-2023-29384.md | 17 ++++++++ 2023/CVE-2023-4542.md | 1 + 2023/CVE-2023-4590.md | 17 ++++++++ 2023/CVE-2023-48251.md | 36 ++++++++++++++++ 2023/CVE-2023-50100.md | 17 ++++++++ 2023/CVE-2023-5029.md | 17 ++++++++ 2023/CVE-2023-5587.md | 17 ++++++++ 2023/CVE-2023-5681.md | 1 + 2023/CVE-2023-5919.md | 17 ++++++++ 2024/CVE-2024-20746.md | 1 + 2024/CVE-2024-22526.md | 2 +- 2024/CVE-2024-23339.md | 1 + 2024/CVE-2024-25582.md | 17 ++++++++ 2024/CVE-2024-26585.md | 2 +- 2024/CVE-2024-27088.md | 1 + 2024/CVE-2024-27609.md | 17 ++++++++ 2024/CVE-2024-28087.md | 1 + 2024/CVE-2024-3000.md | 1 + 2024/CVE-2024-33644.md | 17 ++++++++ 2024/CVE-2024-36111.md | 1 + 2024/CVE-2024-38189.md | 1 + 2024/CVE-2024-38856.md | 1 + 2024/CVE-2024-39472.md | 2 +- 2024/CVE-2024-41042.md | 2 +- 2024/CVE-2024-41468.md | 1 + 2024/CVE-2024-41473.md | 1 + 2024/CVE-2024-42259.md | 2 +- 2024/CVE-2024-42299.md | 2 +- 2024/CVE-2024-42301.md | 2 +- 2024/CVE-2024-42302.md | 2 +- 2024/CVE-2024-42304.md | 2 +- 2024/CVE-2024-42305.md | 2 +- 2024/CVE-2024-42306.md | 2 +- 2024/CVE-2024-42308.md | 2 +- 2024/CVE-2024-42309.md | 2 +- 2024/CVE-2024-42310.md | 2 +- 2024/CVE-2024-42311.md | 2 +- 2024/CVE-2024-42312.md | 2 +- 2024/CVE-2024-42313.md | 2 +- 2024/CVE-2024-42318.md | 2 +- 2024/CVE-2024-42675.md | 17 ++++++++ 2024/CVE-2024-43145.md | 17 ++++++++ 2024/CVE-2024-43207.md | 17 ++++++++ 2024/CVE-2024-43238.md | 17 ++++++++ 2024/CVE-2024-43276.md | 17 ++++++++ 2024/CVE-2024-43291.md | 17 ++++++++ 2024/CVE-2024-43294.md | 17 ++++++++ 2024/CVE-2024-43304.md | 17 ++++++++ 2024/CVE-2024-43305.md | 18 ++++++++ 2024/CVE-2024-43306.md | 17 ++++++++ 2024/CVE-2024-43307.md | 17 ++++++++ 2024/CVE-2024-43308.md | 17 ++++++++ 2024/CVE-2024-43309.md | 17 ++++++++ 2024/CVE-2024-43313.md | 17 ++++++++ 2024/CVE-2024-43315.md | 17 ++++++++ 2024/CVE-2024-43318.md | 17 ++++++++ 2024/CVE-2024-43320.md | 18 ++++++++ 2024/CVE-2024-43321.md | 17 ++++++++ 2024/CVE-2024-43324.md | 18 ++++++++ 2024/CVE-2024-43327.md | 17 ++++++++ 2024/CVE-2024-43329.md | 18 ++++++++ 2024/CVE-2024-43330.md | 18 ++++++++ 2024/CVE-2024-43335.md | 17 ++++++++ 2024/CVE-2024-43342.md | 17 ++++++++ 2024/CVE-2024-43344.md | 17 ++++++++ 2024/CVE-2024-43346.md | 17 ++++++++ 2024/CVE-2024-43347.md | 18 ++++++++ 2024/CVE-2024-43348.md | 17 ++++++++ 2024/CVE-2024-43349.md | 18 ++++++++ 2024/CVE-2024-43351.md | 18 ++++++++ 2024/CVE-2024-43352.md | 17 ++++++++ 2024/CVE-2024-43381.md | 2 +- 2024/CVE-2024-44067.md | 17 ++++++++ 2024/CVE-2024-5372.md | 17 ++++++++ 2024/CVE-2024-6330.md | 17 ++++++++ 2024/CVE-2024-6387.md | 2 + 2024/CVE-2024-6451.md | 17 ++++++++ 2024/CVE-2024-6781.md | 1 + 2024/CVE-2024-6782.md | 1 + 2024/CVE-2024-6843.md | 17 ++++++++ 2024/CVE-2024-6911.md | 1 + 2024/CVE-2024-7896.md | 1 + 2024/CVE-2024-7906.md | 17 ++++++++ github.txt | 94 ++++++++++++++++++++++++++++++++++++++++++ references.txt | 18 ++++++++ 97 files changed, 1069 insertions(+), 20 deletions(-) create mode 100644 2006/CVE-2006-4660.md create mode 100644 2006/CVE-2006-4661.md create mode 100644 2022/CVE-2022-3997.md create mode 100644 2022/CVE-2022-48020.md create mode 100644 2023/CVE-2023-2290.md create mode 100644 2023/CVE-2023-29384.md create mode 100644 2023/CVE-2023-4590.md create mode 100644 2023/CVE-2023-48251.md create mode 100644 2023/CVE-2023-50100.md create mode 100644 2023/CVE-2023-5029.md create mode 100644 2023/CVE-2023-5587.md create mode 100644 2023/CVE-2023-5919.md create mode 100644 2024/CVE-2024-25582.md create mode 100644 2024/CVE-2024-27609.md create mode 100644 2024/CVE-2024-33644.md create mode 100644 2024/CVE-2024-42675.md create mode 100644 2024/CVE-2024-43145.md create mode 100644 2024/CVE-2024-43207.md create mode 100644 2024/CVE-2024-43238.md create mode 100644 2024/CVE-2024-43276.md create mode 100644 2024/CVE-2024-43291.md create mode 100644 2024/CVE-2024-43294.md create mode 100644 2024/CVE-2024-43304.md create mode 100644 2024/CVE-2024-43305.md create mode 100644 2024/CVE-2024-43306.md create mode 100644 2024/CVE-2024-43307.md create mode 100644 2024/CVE-2024-43308.md create mode 100644 2024/CVE-2024-43309.md create mode 100644 2024/CVE-2024-43313.md create mode 100644 2024/CVE-2024-43315.md create mode 100644 2024/CVE-2024-43318.md create mode 100644 2024/CVE-2024-43320.md create mode 100644 2024/CVE-2024-43321.md create mode 100644 2024/CVE-2024-43324.md create mode 100644 2024/CVE-2024-43327.md create mode 100644 2024/CVE-2024-43329.md create mode 100644 2024/CVE-2024-43330.md create mode 100644 2024/CVE-2024-43335.md create mode 100644 2024/CVE-2024-43342.md create mode 100644 2024/CVE-2024-43344.md create mode 100644 2024/CVE-2024-43346.md create mode 100644 2024/CVE-2024-43347.md create mode 100644 2024/CVE-2024-43348.md create mode 100644 2024/CVE-2024-43349.md create mode 100644 2024/CVE-2024-43351.md create mode 100644 2024/CVE-2024-43352.md create mode 100644 2024/CVE-2024-44067.md create mode 100644 2024/CVE-2024-5372.md create mode 100644 2024/CVE-2024-6330.md create mode 100644 2024/CVE-2024-6451.md create mode 100644 2024/CVE-2024-6843.md create mode 100644 2024/CVE-2024-7906.md diff --git a/2006/CVE-2006-4660.md b/2006/CVE-2006-4660.md new file mode 100644 index 000000000..5838d67b8 --- /dev/null +++ b/2006/CVE-2006-4660.md @@ -0,0 +1,17 @@ +### [CVE-2006-4660](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4660) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Multiple cross-site scripting (XSS) vulnerabilities in the RSS Feed module in AOL ICQ Toolbar 1.3 for Internet Explorer (toolbaru.dll) allow remote attackers to process arbitrary web script or HTML in the Feeds interface context via the (1) title and (2) description elements within an item element in an RSS feed. + +### POC + +#### Reference +- http://securityreason.com/securityalert/1523 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-4661.md b/2006/CVE-2006-4661.md new file mode 100644 index 000000000..4a3bfaa35 --- /dev/null +++ b/2006/CVE-2006-4661.md @@ -0,0 +1,17 @@ +### [CVE-2006-4661](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4661) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +AOL ICQ Toolbar 1.3 for Internet Explorer (toolbaru.dll) does not properly validate the origin of the configuration web page (options2.html), which allows user-assisted remote attackers to provide a web page that contains disguised checkboxes that trick the user into reconfiguring the toolbar. + +### POC + +#### Reference +- http://securityreason.com/securityalert/1523 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-5051.md b/2006/CVE-2006-5051.md index a6705b77a..87ae5e797 100644 --- a/2006/CVE-2006-5051.md +++ b/2006/CVE-2006-5051.md @@ -18,11 +18,13 @@ Signal handler race condition in OpenSSH before 4.4 allows remote attackers to c - https://github.com/Passyed/regreSSHion-Fix - https://github.com/TAM-K592/CVE-2024-6387 - https://github.com/ThemeHackers/CVE-2024-6387 +- https://github.com/almogopp/OpenSSH-CVE-2024-6387-Fix - https://github.com/azurejoga/CVE-2024-6387-how-to-fix - https://github.com/bigb0x/CVE-2024-6387 - https://github.com/giterlizzi/secdb-feeds - https://github.com/invaderslabs/regreSSHion-CVE-2024-6387- - https://github.com/kalvin-net/NoLimit-Secu-RegreSSHion - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/s1d6point7bugcrowd/CVE-2024-6387-Race-Condition-in-Signal-Handling-for-OpenSSH - https://github.com/sardine-web/CVE-2024-6387_Check diff --git a/2008/CVE-2008-4109.md b/2008/CVE-2008-4109.md index 8c559e558..4a5171a83 100644 --- a/2008/CVE-2008-4109.md +++ b/2008/CVE-2008-4109.md @@ -17,8 +17,10 @@ A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 o - https://github.com/David-M-Berry/openssh-cve-discovery - https://github.com/Passyed/regreSSHion-Fix - https://github.com/TAM-K592/CVE-2024-6387 +- https://github.com/almogopp/OpenSSH-CVE-2024-6387-Fix - https://github.com/azurejoga/CVE-2024-6387-how-to-fix - https://github.com/bigb0x/CVE-2024-6387 - https://github.com/invaderslabs/regreSSHion-CVE-2024-6387- - https://github.com/kalvin-net/NoLimit-Secu-RegreSSHion +- https://github.com/s1d6point7bugcrowd/CVE-2024-6387-Race-Condition-in-Signal-Handling-for-OpenSSH diff --git a/2010/CVE-2010-2075.md b/2010/CVE-2010-2075.md index 6daeae166..843acf3de 100644 --- a/2010/CVE-2010-2075.md +++ b/2010/CVE-2010-2075.md @@ -22,6 +22,7 @@ No PoCs from references. - https://github.com/Glumgam/UnrealiRCd-3.2.8.1-exploit-python - https://github.com/JoseLRC97/UnrealIRCd-3.2.8.1-Backdoor-Command-Execution - https://github.com/MFernstrom/OffensivePascal-CVE-2010-2075 +- https://github.com/Mr-Tree-S/POC_EXP - https://github.com/Okarn/TP_securite_EDOU_JACQUEMONT - https://github.com/Patrick122333/4240project - https://github.com/Sh4dowX404/UnrealIRCD-3.2.8.1-Backdoor diff --git a/2013/CVE-2013-0156.md b/2013/CVE-2013-0156.md index 664918f88..ff26bb5de 100644 --- a/2013/CVE-2013-0156.md +++ b/2013/CVE-2013-0156.md @@ -34,6 +34,7 @@ active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0. - https://github.com/hktalent/TOP - https://github.com/jbmihoub/all-poc - https://github.com/josal/crack-0.1.8-fixed +- https://github.com/localeapp/localeapp - https://github.com/mengdaya/Web-CTF-Cheatsheet - https://github.com/michenriksen/nmap-scripts - https://github.com/mitaku/rails_cve_2013_0156_patch diff --git a/2019/CVE-2019-11080.md b/2019/CVE-2019-11080.md index e20291ac6..ebc0b8984 100644 --- a/2019/CVE-2019-11080.md +++ b/2019/CVE-2019-11080.md @@ -11,6 +11,7 @@ Sitecore Experience Platform (XP) prior to 9.1.1 is vulnerable to remote code ex #### Reference - http://packetstormsecurity.com/files/153274/Sitecore-8.x-Deserialization-Remote-Code-Execution.html +- https://dev.sitecore.net/Downloads/Sitecore%20Experience%20Platform/91/Sitecore%20Experience%20Platform%2091%20Update1/Release%20Notes #### Github No PoCs found on GitHub currently. diff --git a/2019/CVE-2019-11358.md b/2019/CVE-2019-11358.md index 131de06fe..256eaa5d8 100644 --- a/2019/CVE-2019-11358.md +++ b/2019/CVE-2019-11358.md @@ -1848,6 +1848,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan - https://github.com/QuantumRoboticsFTC/freightfrenzy-app - https://github.com/QuantumRoboticsFTC/powerplay-app - https://github.com/QuantumRoboticsFTC/ultimategoal-app +- https://github.com/R-Tacoz/FTC14607_23-24RC - https://github.com/R3Vipers/test - https://github.com/RCGV1/testingFTC - https://github.com/RDasari7304/PurePursuitController diff --git a/2022/CVE-2022-3997.md b/2022/CVE-2022-3997.md new file mode 100644 index 000000000..0e99c7109 --- /dev/null +++ b/2022/CVE-2022-3997.md @@ -0,0 +1,17 @@ +### [CVE-2022-3997](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3997) +![](https://img.shields.io/static/v1?label=Product&message=scm&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-707%20Improper%20Neutralization%20-%3E%20CWE-74%20Injection%20-%3E%20CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, has been found in MonikaBrzica scm. Affected by this issue is some unknown functionality of the file upis_u_bazu.php. The manipulation of the argument email/lozinka/ime/id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-213698 is the identifier assigned to this vulnerability. + +### POC + +#### Reference +- https://vuldb.com/?id.213698 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2022/CVE-2022-48020.md b/2022/CVE-2022-48020.md new file mode 100644 index 000000000..8c9635d07 --- /dev/null +++ b/2022/CVE-2022-48020.md @@ -0,0 +1,17 @@ +### [CVE-2022-48020](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48020) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Vinteo VCC v2.36.4 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the conference parameter. This vulnerability allows attackers to inject arbitrary code which will be executed by the victim user's browser. + +### POC + +#### Reference +- https://www.linkedin.com/in/dmitry-kiryukhin-b5741421b/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2022/CVE-2022-4891.md b/2022/CVE-2022-4891.md index 543208c26..0b4ccee31 100644 --- a/2022/CVE-2022-4891.md +++ b/2022/CVE-2022-4891.md @@ -13,5 +13,5 @@ A vulnerability has been found in Sisimai up to 4.25.14p11 and classified as pro - https://vuldb.com/?id.218452 #### Github -No PoCs found on GitHub currently. +- https://github.com/sisimai/rb-sisimai diff --git a/2023/CVE-2023-2290.md b/2023/CVE-2023-2290.md new file mode 100644 index 000000000..1a63b2833 --- /dev/null +++ b/2023/CVE-2023-2290.md @@ -0,0 +1,17 @@ +### [CVE-2023-2290](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2290) +![](https://img.shields.io/static/v1?label=Product&message=ThinkPad%20&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20various%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-119%20Improper%20Restriction%20of%20Operations%20within%20the%20Bounds%20of%20a%20Memory%20Buffer&color=brighgreen) + +### Description + +A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute arbitrary code. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/tadghh/Dell-unlock-undervolting + diff --git a/2023/CVE-2023-29384.md b/2023/CVE-2023-29384.md new file mode 100644 index 000000000..a4098ad63 --- /dev/null +++ b/2023/CVE-2023-29384.md @@ -0,0 +1,17 @@ +### [CVE-2023-29384](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29384) +![](https://img.shields.io/static/v1?label=Product&message=WordPress%20Job%20Board%20and%20Recruitment%20Plugin%20%E2%80%93%20JobWP&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload%20of%20File%20with%20Dangerous%20Type&color=brighgreen) + +### Description + +Unrestricted Upload of File with Dangerous Type vulnerability in HM Plugin WordPress Job Board and Recruitment Plugin – JobWP.This issue affects WordPress Job Board and Recruitment Plugin – JobWP: from n/a through 2.0. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2023/CVE-2023-4542.md b/2023/CVE-2023-4542.md index 8347ec2ff..859de0b0e 100644 --- a/2023/CVE-2023-4542.md +++ b/2023/CVE-2023-4542.md @@ -14,6 +14,7 @@ A vulnerability was found in D-Link DAR-8000-10 up to 20230809. It has been clas #### Github - https://github.com/20142995/sectool +- https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/tanjiti/sec_profile - https://github.com/wjlin0/poc-doc - https://github.com/wy876/POC diff --git a/2023/CVE-2023-4590.md b/2023/CVE-2023-4590.md new file mode 100644 index 000000000..783a18fc4 --- /dev/null +++ b/2023/CVE-2023-4590.md @@ -0,0 +1,17 @@ +### [CVE-2023-4590](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4590) +![](https://img.shields.io/static/v1?label=Product&message=Frhed%20&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.6.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-120%20Buffer%20Copy%20without%20Checking%20Size%20of%20Input%20('Classic%20Buffer%20Overflow')&color=brighgreen) + +### Description + +Buffer overflow vulnerability in Frhed hex editor, affecting version 1.6.0. This vulnerability could allow an attacker to execute arbitrary code via a long filename argument through the Structured Exception Handler (SEH) registers. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2023/CVE-2023-48251.md b/2023/CVE-2023-48251.md new file mode 100644 index 000000000..06a017314 --- /dev/null +++ b/2023/CVE-2023-48251.md @@ -0,0 +1,36 @@ +### [CVE-2023-48251](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48251) +![](https://img.shields.io/static/v1?label=Product&message=Nexo%20cordless%20nutrunner%20NXA011S-36V%20(0608842011)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Nexo%20cordless%20nutrunner%20NXA011S-36V-B%20(0608842012)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Nexo%20cordless%20nutrunner%20NXA015S-36V%20(0608842001)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Nexo%20cordless%20nutrunner%20NXA015S-36V-B%20(0608842006)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Nexo%20cordless%20nutrunner%20NXA030S-36V%20(0608842002)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Nexo%20cordless%20nutrunner%20NXA030S-36V-B%20(0608842007)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Nexo%20cordless%20nutrunner%20NXA050S-36V%20(0608842003)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Nexo%20cordless%20nutrunner%20NXA050S-36V-B%20(0608842008)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Nexo%20cordless%20nutrunner%20NXA065S-36V%20(0608842013)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Nexo%20cordless%20nutrunner%20NXA065S-36V-B%20(0608842014)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Nexo%20cordless%20nutrunner%20NXP012QD-36V%20(0608842005)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Nexo%20cordless%20nutrunner%20NXP012QD-36V-B%20(0608842010)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Nexo%20cordless%20nutrunner%20NXV012T-36V%20(0608842015)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Nexo%20cordless%20nutrunner%20NXV012T-36V-B%20(0608842016)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Nexo%20special%20cordless%20nutrunner%20(0608PE2272)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Nexo%20special%20cordless%20nutrunner%20(0608PE2301)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Nexo%20special%20cordless%20nutrunner%20(0608PE2514)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Nexo%20special%20cordless%20nutrunner%20(0608PE2515)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Nexo%20special%20cordless%20nutrunner%20(0608PE2666)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Nexo%20special%20cordless%20nutrunner%20(0608PE2673)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=NEXO-OS%20V1000-Release%3C%3D%20NEXO-OS%20V1500-SP2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-798%20Use%20of%20Hard-coded%20Credentials&color=brighgreen) + +### Description + +The vulnerability allows a remote attacker to authenticate to the SSH service with root privileges through a hidden hard-coded account. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/oxagast/oxasploits + diff --git a/2023/CVE-2023-50100.md b/2023/CVE-2023-50100.md new file mode 100644 index 000000000..1f1993047 --- /dev/null +++ b/2023/CVE-2023-50100.md @@ -0,0 +1,17 @@ +### [CVE-2023-50100](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50100) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via carousel image editing. + +### POC + +#### Reference +- https://github.com/Jarvis-616/cms/blob/master/There%20is%20a%20storage%20type%20XSS%20for%20carousel%20image%20editing.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-5029.md b/2023/CVE-2023-5029.md new file mode 100644 index 000000000..30f10d410 --- /dev/null +++ b/2023/CVE-2023-5029.md @@ -0,0 +1,17 @@ +### [CVE-2023-5029](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5029) +![](https://img.shields.io/static/v1?label=Product&message=mccms&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%202.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, was found in mccms 2.6. This affects an unknown part of the file /category/order/hits/copyright/46/finish/1/list/1. The manipulation with the input '"1 leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239871. + +### POC + +#### Reference +- https://vuldb.com/?id.239871 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-5587.md b/2023/CVE-2023-5587.md new file mode 100644 index 000000000..f9af1bc53 --- /dev/null +++ b/2023/CVE-2023-5587.md @@ -0,0 +1,17 @@ +### [CVE-2023-5587](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5587) +![](https://img.shields.io/static/v1?label=Product&message=Free%20Hospital%20Management%20System%20for%20Small%20Practices&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in SourceCodester Free Hospital Management System for Small Practices 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /vm/admin/doctors.php of the component Parameter Handler. The manipulation of the argument search leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-242186 is the identifier assigned to this vulnerability. + +### POC + +#### Reference +- https://vuldb.com/?id.242186 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-5681.md b/2023/CVE-2023-5681.md index aca6bd3e4..1bcd0a50e 100644 --- a/2023/CVE-2023-5681.md +++ b/2023/CVE-2023-5681.md @@ -11,6 +11,7 @@ A vulnerability, which was classified as critical, was found in Netentsec NS-ASG #### Reference - https://github.com/Wsecpro/cve1/blob/main/NS-ASG-sql-list_addr_fwresource_ip.md +- https://vuldb.com/?id.243057 #### Github No PoCs found on GitHub currently. diff --git a/2023/CVE-2023-5919.md b/2023/CVE-2023-5919.md new file mode 100644 index 000000000..374551a2b --- /dev/null +++ b/2023/CVE-2023-5919.md @@ -0,0 +1,17 @@ +### [CVE-2023-5919](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5919) +![](https://img.shields.io/static/v1?label=Product&message=Company%20Website%20CMS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload&color=brighgreen) + +### Description + +A vulnerability was found in SourceCodester Company Website CMS 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /dashboard/createblog of the component Create Blog Page. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-244310 is the identifier assigned to this vulnerability. + +### POC + +#### Reference +- https://vuldb.com/?id.244310 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-20746.md b/2024/CVE-2024-20746.md index 5ee13bd14..d025cc40f 100644 --- a/2024/CVE-2024-20746.md +++ b/2024/CVE-2024-20746.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/NaInSec/CVE-LIST - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-22526.md b/2024/CVE-2024-22526.md index 5fb4451e9..4f8e227d2 100644 --- a/2024/CVE-2024-22526.md +++ b/2024/CVE-2024-22526.md @@ -13,5 +13,5 @@ Buffer Overflow vulnerability in bandisoft bandiview v7.0, allows local attacker - https://gist.github.com/GAP-dev/c33276a151c824300d68aecc317082a3 #### Github -No PoCs found on GitHub currently. +- https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-23339.md b/2024/CVE-2024-23339.md index 232f497a9..355de18bd 100644 --- a/2024/CVE-2024-23339.md +++ b/2024/CVE-2024-23339.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/d3ng03/PP-Auto-Detector +- https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-25582.md b/2024/CVE-2024-25582.md new file mode 100644 index 000000000..df302f5a9 --- /dev/null +++ b/2024/CVE-2024-25582.md @@ -0,0 +1,17 @@ +### [CVE-2024-25582](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25582) +![](https://img.shields.io/static/v1?label=Product&message=OX%20App%20Suite&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%207.10.6-rev42%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +Module savepoints could be abused to inject references to malicious code delivered through the same domain. Attackers could perform malicious API requests or extract information from the users account. Exploiting this vulnerability requires temporary access to an account or successful social engineering to make a user follow a prepared link to a malicious account. Please deploy the provided updates and patch releases. The savepoint module path has been restricted to modules that provide the feature, excluding any arbitrary or non-existing modules. No publicly available exploits are known. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-26585.md b/2024/CVE-2024-26585.md index 54111268c..737282ede 100644 --- a/2024/CVE-2024-26585.md +++ b/2024/CVE-2024-26585.md @@ -1,6 +1,6 @@ ### [CVE-2024-26585](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26585) ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=a42055e8d2c3%3C%20196f198ca6fc%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=a42055e8d2c3%3C%20dd32621f1924%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description diff --git a/2024/CVE-2024-27088.md b/2024/CVE-2024-27088.md index 6ceec629c..27f1bbb0b 100644 --- a/2024/CVE-2024-27088.md +++ b/2024/CVE-2024-27088.md @@ -15,4 +15,5 @@ es5-ext contains ECMAScript 5 extensions. Passing functions with very long names #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-27609.md b/2024/CVE-2024-27609.md new file mode 100644 index 000000000..81e88649f --- /dev/null +++ b/2024/CVE-2024-27609.md @@ -0,0 +1,17 @@ +### [CVE-2024-27609](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27609) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Bonita before 2023.2-u2 allows stored XSS via a UI screen in the administration panel. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/mohammedatary/mohammedatary + diff --git a/2024/CVE-2024-28087.md b/2024/CVE-2024-28087.md index d7d62e763..299477848 100644 --- a/2024/CVE-2024-28087.md +++ b/2024/CVE-2024-28087.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/mohammedatary/mohammedatary diff --git a/2024/CVE-2024-3000.md b/2024/CVE-2024-3000.md index f724c46f7..6dae56b5b 100644 --- a/2024/CVE-2024-3000.md +++ b/2024/CVE-2024-3000.md @@ -12,6 +12,7 @@ A vulnerability classified as critical was found in code-projects Online Book Sy #### Reference - https://github.com/BurakSevben/CVEs/blob/main/Online%20Book%20System/Online%20Book%20System%20-%20Authentication%20Bypass.md - https://vuldb.com/?id.258202 +- https://vuldb.com/?submit.305052 #### Github - https://github.com/FoxyProxys/CVE-2024-3000 diff --git a/2024/CVE-2024-33644.md b/2024/CVE-2024-33644.md new file mode 100644 index 000000000..9083aaeac --- /dev/null +++ b/2024/CVE-2024-33644.md @@ -0,0 +1,17 @@ +### [CVE-2024-33644](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33644) +![](https://img.shields.io/static/v1?label=Product&message=Customify%20Site%20Library&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%200.0.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%20Improper%20Control%20of%20Generation%20of%20Code%20('Code%20Injection')&color=brighgreen) + +### Description + +Improper Control of Generation of Code ('Code Injection') vulnerability in WPCustomify Customify Site Library allows Code Injection.This issue affects Customify Site Library: from n/a through 0.0.9. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-36111.md b/2024/CVE-2024-36111.md index 51c11136a..113d9093c 100644 --- a/2024/CVE-2024-36111.md +++ b/2024/CVE-2024-36111.md @@ -15,4 +15,5 @@ KubePi is a K8s panel. Starting in version 1.6.3 and prior to version 1.8.0, the #### Github - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/wy876/POC +- https://github.com/wy876/wiki diff --git a/2024/CVE-2024-38189.md b/2024/CVE-2024-38189.md index 39207182a..d0bf7a36e 100644 --- a/2024/CVE-2024-38189.md +++ b/2024/CVE-2024-38189.md @@ -19,4 +19,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-38856.md b/2024/CVE-2024-38856.md index 55f297b10..020391641 100644 --- a/2024/CVE-2024-38856.md +++ b/2024/CVE-2024-38856.md @@ -22,4 +22,5 @@ No PoCs from references. - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/tanjiti/sec_profile - https://github.com/wy876/POC +- https://github.com/wy876/wiki diff --git a/2024/CVE-2024-39472.md b/2024/CVE-2024-39472.md index 14661bc8e..e9056ca2f 100644 --- a/2024/CVE-2024-39472.md +++ b/2024/CVE-2024-39472.md @@ -1,6 +1,6 @@ ### [CVE-2024-39472](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472) ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=0c771b99d6c9%3C%2057835c0e7152%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0c771b99d6c9%3C%20f754591b17d0%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description diff --git a/2024/CVE-2024-41042.md b/2024/CVE-2024-41042.md index 67ecf11f3..e5d234675 100644 --- a/2024/CVE-2024-41042.md +++ b/2024/CVE-2024-41042.md @@ -1,6 +1,6 @@ ### [CVE-2024-41042](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41042) ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=20a69341f2d0%3C%20b6b6e430470e%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=20a69341f2d0%3C%201947e4c3346f%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description diff --git a/2024/CVE-2024-41468.md b/2024/CVE-2024-41468.md index 68f3fd743..f410f8dba 100644 --- a/2024/CVE-2024-41468.md +++ b/2024/CVE-2024-41468.md @@ -15,4 +15,5 @@ Tenda FH1201 v1.2.0.14 was discovered to contain a command injection vulnerabili #### Github - https://github.com/ibaiw/2024Hvv - https://github.com/wy876/POC +- https://github.com/wy876/wiki diff --git a/2024/CVE-2024-41473.md b/2024/CVE-2024-41473.md index 68618067f..dc67e7da3 100644 --- a/2024/CVE-2024-41473.md +++ b/2024/CVE-2024-41473.md @@ -15,4 +15,5 @@ Tenda FH1201 v1.2.0.14 was discovered to contain a command injection vulnerabili #### Github - https://github.com/ibaiw/2024Hvv - https://github.com/wy876/POC +- https://github.com/wy876/wiki diff --git a/2024/CVE-2024-42259.md b/2024/CVE-2024-42259.md index 8b424ca71..aa4101400 100644 --- a/2024/CVE-2024-42259.md +++ b/2024/CVE-2024-42259.md @@ -1,6 +1,6 @@ ### [CVE-2024-42259](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42259) ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=c58305af1835%3C%204b09513ce93b%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=c58305af1835%3C%203e06073d2480%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description diff --git a/2024/CVE-2024-42299.md b/2024/CVE-2024-42299.md index a72cb5a35..5c4187606 100644 --- a/2024/CVE-2024-42299.md +++ b/2024/CVE-2024-42299.md @@ -1,6 +1,6 @@ ### [CVE-2024-42299](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42299) ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=b46acd6a6a62%3C%20b90ceffdc975%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=b46acd6a6a62%3C%200484adcb5fbc%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description diff --git a/2024/CVE-2024-42301.md b/2024/CVE-2024-42301.md index 929eefcf5..a7c2f9c56 100644 --- a/2024/CVE-2024-42301.md +++ b/2024/CVE-2024-42301.md @@ -1,6 +1,6 @@ ### [CVE-2024-42301](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42301) ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f4%3C%207f4da759092a%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f4%3C%20166a0bddcc27%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description diff --git a/2024/CVE-2024-42302.md b/2024/CVE-2024-42302.md index 4fa06008b..0b47e020b 100644 --- a/2024/CVE-2024-42302.md +++ b/2024/CVE-2024-42302.md @@ -1,6 +1,6 @@ ### [CVE-2024-42302](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42302) ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=189f856e76f5%3C%20f63df70b439b%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=d0292124bb57%3C%20c52f9e1a9eb4%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description diff --git a/2024/CVE-2024-42304.md b/2024/CVE-2024-42304.md index 17f20baa4..df7e1791b 100644 --- a/2024/CVE-2024-42304.md +++ b/2024/CVE-2024-42304.md @@ -1,6 +1,6 @@ ### [CVE-2024-42304](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42304) ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=4e19d6b65fb4%3C%20b609753cbbd3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=3a17ca864baf%3C%20d81d7e347d1f%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description diff --git a/2024/CVE-2024-42305.md b/2024/CVE-2024-42305.md index a18b82267..2b69cf610 100644 --- a/2024/CVE-2024-42305.md +++ b/2024/CVE-2024-42305.md @@ -1,6 +1,6 @@ ### [CVE-2024-42305](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42305) ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=ac27a0ec112a%3C%20abb411ac9918%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=ac27a0ec112a%3C%20b80575ffa98b%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description diff --git a/2024/CVE-2024-42306.md b/2024/CVE-2024-42306.md index 49e2c1f18..e86786f5f 100644 --- a/2024/CVE-2024-42306.md +++ b/2024/CVE-2024-42306.md @@ -1,6 +1,6 @@ ### [CVE-2024-42306](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42306) ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=6ac8f2c8362a%3C%20271cab2ca006%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=7648ea9896b3%3C%20cae9e59cc416%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description diff --git a/2024/CVE-2024-42308.md b/2024/CVE-2024-42308.md index 3c3b1ecae..20d0c3c4e 100644 --- a/2024/CVE-2024-42308.md +++ b/2024/CVE-2024-42308.md @@ -1,6 +1,6 @@ ### [CVE-2024-42308](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42308) ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f4%3C%20f068494430d1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f4%3C%2071dbf9535934%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description diff --git a/2024/CVE-2024-42309.md b/2024/CVE-2024-42309.md index 61030aeb5..d4166ff4e 100644 --- a/2024/CVE-2024-42309.md +++ b/2024/CVE-2024-42309.md @@ -1,6 +1,6 @@ ### [CVE-2024-42309](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42309) ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=89c78134cc54%3C%20f70ffeca5464%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=89c78134cc54%3C%2013b5f3ee94bd%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description diff --git a/2024/CVE-2024-42310.md b/2024/CVE-2024-42310.md index 8c62bc745..4645f7746 100644 --- a/2024/CVE-2024-42310.md +++ b/2024/CVE-2024-42310.md @@ -1,6 +1,6 @@ ### [CVE-2024-42310](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42310) ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=6a227d5fd6c4%3C%20e74eb5e80894%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6a227d5fd6c4%3C%20f392c36cebf4%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description diff --git a/2024/CVE-2024-42311.md b/2024/CVE-2024-42311.md index a9a4f81f1..5f60c2135 100644 --- a/2024/CVE-2024-42311.md +++ b/2024/CVE-2024-42311.md @@ -1,6 +1,6 @@ ### [CVE-2024-42311](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42311) ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f4%3C%2058d83fc16050%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f4%3C%20f7316b2b2f11%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description diff --git a/2024/CVE-2024-42312.md b/2024/CVE-2024-42312.md index 3ad8f7161..c7b5ef20e 100644 --- a/2024/CVE-2024-42312.md +++ b/2024/CVE-2024-42312.md @@ -1,6 +1,6 @@ ### [CVE-2024-42312](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42312) ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=5ec27ec735ba%3C%201deae34db9f4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=5ec27ec735ba%3C%20b2591c89a6e2%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description diff --git a/2024/CVE-2024-42313.md b/2024/CVE-2024-42313.md index 3629ed9d7..ef891bfe9 100644 --- a/2024/CVE-2024-42313.md +++ b/2024/CVE-2024-42313.md @@ -1,6 +1,6 @@ ### [CVE-2024-42313](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42313) ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=af2c3834c8ca%3C%20da55685247f4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=af2c3834c8ca%3C%20ad8cf035baf2%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description diff --git a/2024/CVE-2024-42318.md b/2024/CVE-2024-42318.md index c4aa66154..e570084d7 100644 --- a/2024/CVE-2024-42318.md +++ b/2024/CVE-2024-42318.md @@ -1,6 +1,6 @@ ### [CVE-2024-42318](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42318) ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=385975dca53e%3C%200d74fd54db0b%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=385975dca53e%3C%20916c648323fa%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description diff --git a/2024/CVE-2024-42675.md b/2024/CVE-2024-42675.md new file mode 100644 index 000000000..d3c3eafd7 --- /dev/null +++ b/2024/CVE-2024-42675.md @@ -0,0 +1,17 @@ +### [CVE-2024-42675](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42675) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue) + +### Description + +** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43145.md b/2024/CVE-2024-43145.md new file mode 100644 index 000000000..7319bbf06 --- /dev/null +++ b/2024/CVE-2024-43145.md @@ -0,0 +1,17 @@ +### [CVE-2024-43145](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43145) +![](https://img.shields.io/static/v1?label=Product&message=GeoDirectory&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AyeCode Ltd GeoDirectory.This issue affects GeoDirectory: from n/a through 2.3.61. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43207.md b/2024/CVE-2024-43207.md new file mode 100644 index 000000000..e1a79343d --- /dev/null +++ b/2024/CVE-2024-43207.md @@ -0,0 +1,17 @@ +### [CVE-2024-43207](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43207) +![](https://img.shields.io/static/v1?label=Product&message=Unite%20Gallery%20Lite&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.7.62%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Valiano Unite Gallery Lite.This issue affects Unite Gallery Lite: from n/a through 1.7.62. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43238.md b/2024/CVE-2024-43238.md new file mode 100644 index 000000000..235758e71 --- /dev/null +++ b/2024/CVE-2024-43238.md @@ -0,0 +1,17 @@ +### [CVE-2024-43238](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43238) +![](https://img.shields.io/static/v1?label=Product&message=weMail&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in weDevs weMail allows Reflected XSS.This issue affects weMail: from n/a through 1.14.5. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43276.md b/2024/CVE-2024-43276.md new file mode 100644 index 000000000..edb9c6e89 --- /dev/null +++ b/2024/CVE-2024-43276.md @@ -0,0 +1,17 @@ +### [CVE-2024-43276](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43276) +![](https://img.shields.io/static/v1?label=Product&message=Child%20Theme%20Creator&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Svetoslav Marinov (Slavi) Child Theme Creator allows Reflected XSS.This issue affects Child Theme Creator: from n/a through 1.5.4. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43291.md b/2024/CVE-2024-43291.md new file mode 100644 index 000000000..15fcd2bc5 --- /dev/null +++ b/2024/CVE-2024-43291.md @@ -0,0 +1,17 @@ +### [CVE-2024-43291](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43291) +![](https://img.shields.io/static/v1?label=Product&message=Void%20Contact%20Form%207%20Widget%20For%20Elementor%20Page%20Builder&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in voidCoders Void Contact Form 7 Widget For Elementor Page Builder allows Stored XSS.This issue affects Void Contact Form 7 Widget For Elementor Page Builder: from n/a through 2.4.1. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43294.md b/2024/CVE-2024-43294.md new file mode 100644 index 000000000..7fd9c714e --- /dev/null +++ b/2024/CVE-2024-43294.md @@ -0,0 +1,17 @@ +### [CVE-2024-43294](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43294) +![](https://img.shields.io/static/v1?label=Product&message=Bold%20Timeline%20Lite&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BoldThemes Bold Timeline Lite allows Stored XSS.This issue affects Bold Timeline Lite: from n/a through 1.2.0. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43304.md b/2024/CVE-2024-43304.md new file mode 100644 index 000000000..5ebf09554 --- /dev/null +++ b/2024/CVE-2024-43304.md @@ -0,0 +1,17 @@ +### [CVE-2024-43304](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43304) +![](https://img.shields.io/static/v1?label=Product&message=Cryptocurrency%20Widgets%20%E2%80%93%20Price%20Ticker%20%26%20Coins%20List&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Cool Plugins Cryptocurrency Widgets – Price Ticker & Coins List allows Reflected XSS.This issue affects Cryptocurrency Widgets – Price Ticker & Coins List: from n/a through 2.8.0. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43305.md b/2024/CVE-2024-43305.md new file mode 100644 index 000000000..d87ae538f --- /dev/null +++ b/2024/CVE-2024-43305.md @@ -0,0 +1,18 @@ +### [CVE-2024-43305](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43305) +![](https://img.shields.io/static/v1?label=Product&message=Custom%20Layouts%20%E2%80%93%20Post%20%2B%20Product%20grids%20made%20easy&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Code Amp Custom Layouts – Post + Product grids made easy allows Stored XSS.This issue affects Custom Layouts – Post + Product grids made easy: from n/a through 1.4.11. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43306.md b/2024/CVE-2024-43306.md new file mode 100644 index 000000000..7bdbf1106 --- /dev/null +++ b/2024/CVE-2024-43306.md @@ -0,0 +1,17 @@ +### [CVE-2024-43306](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43306) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP-Lister Lite for eBay allows Reflected XSS.This issue affects WP-Lister Lite for eBay: from n/a through 3.6.0. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43307.md b/2024/CVE-2024-43307.md new file mode 100644 index 000000000..970c41b9b --- /dev/null +++ b/2024/CVE-2024-43307.md @@ -0,0 +1,17 @@ +### [CVE-2024-43307](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43307) +![](https://img.shields.io/static/v1?label=Product&message=Structured%20Content&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gordon Böhme, Antonio Leutsch Structured Content allows Stored XSS.This issue affects Structured Content: from n/a through 1.6.2. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43308.md b/2024/CVE-2024-43308.md new file mode 100644 index 000000000..aeaaa4dbd --- /dev/null +++ b/2024/CVE-2024-43308.md @@ -0,0 +1,17 @@ +### [CVE-2024-43308](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43308) +![](https://img.shields.io/static/v1?label=Product&message=Gutentor%20-%20Gutenberg%20Blocks%20-%20Page%20Builder%20for%20Gutenberg%20Editor&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gutentor Gutentor - Gutenberg Blocks - Page Builder for Gutenberg Editor allows Stored XSS.This issue affects Gutentor - Gutenberg Blocks - Page Builder for Gutenberg Editor: from n/a through 3.3.5. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43309.md b/2024/CVE-2024-43309.md new file mode 100644 index 000000000..279c4c752 --- /dev/null +++ b/2024/CVE-2024-43309.md @@ -0,0 +1,17 @@ +### [CVE-2024-43309](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43309) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Telegram%20Widget%20and%20Join%20Link&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Socio WP Telegram Widget and Join Link allows Stored XSS.This issue affects WP Telegram Widget and Join Link: from n/a through 2.1.27. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43313.md b/2024/CVE-2024-43313.md new file mode 100644 index 000000000..e979e6c08 --- /dev/null +++ b/2024/CVE-2024-43313.md @@ -0,0 +1,17 @@ +### [CVE-2024-43313](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43313) +![](https://img.shields.io/static/v1?label=Product&message=FormFacade&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in FormFacade allows Reflected XSS.This issue affects FormFacade: from n/a through 1.3.2. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43315.md b/2024/CVE-2024-43315.md new file mode 100644 index 000000000..36374bd4f --- /dev/null +++ b/2024/CVE-2024-43315.md @@ -0,0 +1,17 @@ +### [CVE-2024-43315](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43315) +![](https://img.shields.io/static/v1?label=Product&message=Stripe%20Payments%20For%20WooCommerce%20by%20Checkout&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-639%20Authorization%20Bypass%20Through%20User-Controlled%20Key&color=brighgreen) + +### Description + +Authorization Bypass Through User-Controlled Key vulnerability in Checkout Plugins Stripe Payments For WooCommerce by Checkout.This issue affects Stripe Payments For WooCommerce by Checkout: from n/a through 1.9.1. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43318.md b/2024/CVE-2024-43318.md new file mode 100644 index 000000000..de42bc3b7 --- /dev/null +++ b/2024/CVE-2024-43318.md @@ -0,0 +1,17 @@ +### [CVE-2024-43318](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43318) +![](https://img.shields.io/static/v1?label=Product&message=e2pdf&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in E2Pdf.Com allows Stored XSS.This issue affects e2pdf: from n/a through 1.25.05. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43320.md b/2024/CVE-2024-43320.md new file mode 100644 index 000000000..0aa2bf5c1 --- /dev/null +++ b/2024/CVE-2024-43320.md @@ -0,0 +1,18 @@ +### [CVE-2024-43320](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43320) +![](https://img.shields.io/static/v1?label=Product&message=Livemesh%20Addons%20for%20WPBakery%20Page%20Builder&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Livemesh Livemesh Addons for WPBakery Page Builder addons-for-visual-composer allows Stored XSS.This issue affects Livemesh Addons for WPBakery Page Builder: from n/a through 3.9. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43321.md b/2024/CVE-2024-43321.md new file mode 100644 index 000000000..977dc8be8 --- /dev/null +++ b/2024/CVE-2024-43321.md @@ -0,0 +1,17 @@ +### [CVE-2024-43321](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43321) +![](https://img.shields.io/static/v1?label=Product&message=Team%20Showcase&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins Team Showcase allows Stored XSS.This issue affects Team Showcase: from n/a through 1.22.23. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43324.md b/2024/CVE-2024-43324.md new file mode 100644 index 000000000..9dad1816e --- /dev/null +++ b/2024/CVE-2024-43324.md @@ -0,0 +1,18 @@ +### [CVE-2024-43324](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43324) +![](https://img.shields.io/static/v1?label=Product&message=Clever%20Addons%20for%20Elementor&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CleverSoft Clever Addons for Elementor allows Stored XSS.This issue affects Clever Addons for Elementor: from n/a through 2.2.0. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43327.md b/2024/CVE-2024-43327.md new file mode 100644 index 000000000..01876a2bb --- /dev/null +++ b/2024/CVE-2024-43327.md @@ -0,0 +1,17 @@ +### [CVE-2024-43327](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43327) +![](https://img.shields.io/static/v1?label=Product&message=Invite%20Anyone&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Boone Gorges Invite Anyone allows Reflected XSS.This issue affects Invite Anyone: from n/a through 1.4.7. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43329.md b/2024/CVE-2024-43329.md new file mode 100644 index 000000000..05c24651e --- /dev/null +++ b/2024/CVE-2024-43329.md @@ -0,0 +1,18 @@ +### [CVE-2024-43329](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43329) +![](https://img.shields.io/static/v1?label=Product&message=Allegiant&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.2.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Chill Allegiant allegiant allows Stored XSS.This issue affects Allegiant: from n/a through 1.2.7. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43330.md b/2024/CVE-2024-43330.md new file mode 100644 index 000000000..132af0afd --- /dev/null +++ b/2024/CVE-2024-43330.md @@ -0,0 +1,18 @@ +### [CVE-2024-43330](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43330) +![](https://img.shields.io/static/v1?label=Product&message=PowerPack%20for%20Beaver%20Builder&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in IdeaBox Creations PowerPack for Beaver Builder allows Reflected XSS.This issue affects PowerPack for Beaver Builder: from n/a before 2.37.4. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43335.md b/2024/CVE-2024-43335.md new file mode 100644 index 000000000..76e37ac72 --- /dev/null +++ b/2024/CVE-2024-43335.md @@ -0,0 +1,17 @@ +### [CVE-2024-43335](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43335) +![](https://img.shields.io/static/v1?label=Product&message=Responsive%20Blocks%20%E2%80%93%20WordPress%20Gutenberg%20Blocks&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CyberChimps Responsive Blocks – WordPress Gutenberg Blocks allows Stored XSS.This issue affects Responsive Blocks – WordPress Gutenberg Blocks: from n/a through 1.8.8. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43342.md b/2024/CVE-2024-43342.md new file mode 100644 index 000000000..201172ebc --- /dev/null +++ b/2024/CVE-2024-43342.md @@ -0,0 +1,17 @@ +### [CVE-2024-43342](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43342) +![](https://img.shields.io/static/v1?label=Product&message=Ultimate%20Store%20Kit%20Elementor%20Addons&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BdThemes Ultimate Store Kit Elementor Addons allows Stored XSS.This issue affects Ultimate Store Kit Elementor Addons: from n/a through 1.6.4. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43344.md b/2024/CVE-2024-43344.md new file mode 100644 index 000000000..7d93c7af3 --- /dev/null +++ b/2024/CVE-2024-43344.md @@ -0,0 +1,17 @@ +### [CVE-2024-43344](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43344) +![](https://img.shields.io/static/v1?label=Product&message=Icegram&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Icegram allows Stored XSS.This issue affects Icegram: from n/a through 3.1.25. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43346.md b/2024/CVE-2024-43346.md new file mode 100644 index 000000000..e956bf09a --- /dev/null +++ b/2024/CVE-2024-43346.md @@ -0,0 +1,17 @@ +### [CVE-2024-43346](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43346) +![](https://img.shields.io/static/v1?label=Product&message=Modal%20Window&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wow-Company Modal Window allows Stored XSS.This issue affects Modal Window: from n/a through 6.0.3. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43347.md b/2024/CVE-2024-43347.md new file mode 100644 index 000000000..97314f54f --- /dev/null +++ b/2024/CVE-2024-43347.md @@ -0,0 +1,18 @@ +### [CVE-2024-43347](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43347) +![](https://img.shields.io/static/v1?label=Product&message=Button%20contact%20VR&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%204.7.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in VirusTran Button contact VR allows Stored XSS.This issue affects Button contact VR: from n/a through 4.7.3. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43348.md b/2024/CVE-2024-43348.md new file mode 100644 index 000000000..dc61797c9 --- /dev/null +++ b/2024/CVE-2024-43348.md @@ -0,0 +1,17 @@ +### [CVE-2024-43348](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43348) +![](https://img.shields.io/static/v1?label=Product&message=Purity%20Of%20Soul&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Iznyn Purity Of Soul allows Reflected XSS.This issue affects Purity Of Soul: from n/a through 1.9. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43349.md b/2024/CVE-2024-43349.md new file mode 100644 index 000000000..f8f23af1a --- /dev/null +++ b/2024/CVE-2024-43349.md @@ -0,0 +1,18 @@ +### [CVE-2024-43349](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43349) +![](https://img.shields.io/static/v1?label=Product&message=All%20Bootstrap%20Blocks&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.3.19%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AREOI All Bootstrap Blocks allows Stored XSS.This issue affects All Bootstrap Blocks: from n/a through 1.3.19. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43351.md b/2024/CVE-2024-43351.md new file mode 100644 index 000000000..d3ef4c5ca --- /dev/null +++ b/2024/CVE-2024-43351.md @@ -0,0 +1,18 @@ +### [CVE-2024-43351](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43351) +![](https://img.shields.io/static/v1?label=Product&message=Bravada&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.1.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Bravada bravada allows Stored XSS.This issue affects Bravada: from n/a through 1.1.2. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43352.md b/2024/CVE-2024-43352.md new file mode 100644 index 000000000..6707d0002 --- /dev/null +++ b/2024/CVE-2024-43352.md @@ -0,0 +1,17 @@ +### [CVE-2024-43352](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43352) +![](https://img.shields.io/static/v1?label=Product&message=GivingPress%20Lite&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.8.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Organic Themes GivingPress Lite allows Stored XSS.This issue affects GivingPress Lite: from n/a through 1.8.6. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43381.md b/2024/CVE-2024-43381.md index a6ffabd2c..36c35be37 100644 --- a/2024/CVE-2024-43381.md +++ b/2024/CVE-2024-43381.md @@ -11,7 +11,7 @@ reNgine is an automated reconnaissance framework for web applications. Versions ### POC #### Reference -No PoCs from references. +- https://github.com/yogeshojha/rengine/security/advisories/GHSA-96q4-fj2m-jqf7 #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-44067.md b/2024/CVE-2024-44067.md new file mode 100644 index 000000000..901f358c7 --- /dev/null +++ b/2024/CVE-2024-44067.md @@ -0,0 +1,17 @@ +### [CVE-2024-44067](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44067) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The T-Head XuanTie C910 CPU in the TH1520 SoC and the T-Head XuanTie C920 CPU in the SOPHON SG2042 have instructions that allow unprivileged attackers to write to arbitrary physical memory locations, aka GhostWrite. + +### POC + +#### Reference +- https://ghostwriteattack.com + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-5372.md b/2024/CVE-2024-5372.md new file mode 100644 index 000000000..449ebd05b --- /dev/null +++ b/2024/CVE-2024-5372.md @@ -0,0 +1,17 @@ +### [CVE-2024-5372](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5372) +![](https://img.shields.io/static/v1?label=Product&message=College%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability classified as problematic was found in Kashipara College Management System 1.0. This vulnerability affects unknown code of the file submit_extracurricular_activity.php. The manipulation of the argument activity_contact leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-266284. + +### POC + +#### Reference +- https://vuldb.com/?submit.343452 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-6330.md b/2024/CVE-2024-6330.md new file mode 100644 index 000000000..a9fa6b6b7 --- /dev/null +++ b/2024/CVE-2024-6330.md @@ -0,0 +1,17 @@ +### [CVE-2024-6330](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6330) +![](https://img.shields.io/static/v1?label=Product&message=GEO%20my%20WP&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.5.0.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%20Improper%20Control%20of%20Generation%20of%20Code%20('Code%20Injection')&color=brighgreen) + +### Description + +The GEO my WP WordPress plugin before 4.5.0.2 does not prevent unauthenticated attackers from including arbitrary files in PHP's execution context, which leads to Remote Code Execution. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/95b532e0-1ffb-421e-b9c0-de03f89491d7/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-6387.md b/2024/CVE-2024-6387.md index 886a2d544..bd5871fe1 100644 --- a/2024/CVE-2024-6387.md +++ b/2024/CVE-2024-6387.md @@ -43,6 +43,7 @@ A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). - https://github.com/ThemeHackers/CVE-2024-6387 - https://github.com/Threekiii/CVE - https://github.com/TrojanAZhen/Self_Back +- https://github.com/almogopp/OpenSSH-CVE-2024-6387-Fix - https://github.com/azurejoga/CVE-2024-6387-how-to-fix - https://github.com/beac0n/ruroco - https://github.com/bigb0x/CVE-2024-6387 @@ -55,6 +56,7 @@ A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). - https://github.com/maycon/stars - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/rxerium/stars +- https://github.com/s1d6point7bugcrowd/CVE-2024-6387-Race-Condition-in-Signal-Handling-for-OpenSSH - https://github.com/sardine-web/CVE-2024-6387_Check - https://github.com/tanjiti/sec_profile - https://github.com/teamos-hub/regreSSHion diff --git a/2024/CVE-2024-6451.md b/2024/CVE-2024-6451.md new file mode 100644 index 000000000..a7c8dbb7c --- /dev/null +++ b/2024/CVE-2024-6451.md @@ -0,0 +1,17 @@ +### [CVE-2024-6451](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6451) +![](https://img.shields.io/static/v1?label=Product&message=AI%20Engine&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.5.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%20Improper%20Control%20of%20Generation%20of%20Code%20('Code%20Injection')&color=brighgreen) + +### Description + +AI Engine < 2.4.3 is susceptible to remote-code-execution (RCE) via Log Poisoning. The AI Engine WordPress plugin before 2.5.1 fails to validate the file extension of "logs_path", allowing Administrators to change log filetypes from .log to .php. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/fc06d413-a227-470c-a5b7-cdab57aeab34/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-6781.md b/2024/CVE-2024-6781.md index 12ca40fdc..4cea9e55a 100644 --- a/2024/CVE-2024-6781.md +++ b/2024/CVE-2024-6781.md @@ -15,4 +15,5 @@ Path traversal in Calibre <= 7.14.0 allow unauthenticated attackers to achieve a #### Github - https://github.com/20142995/nuclei-templates - https://github.com/wy876/POC +- https://github.com/wy876/wiki diff --git a/2024/CVE-2024-6782.md b/2024/CVE-2024-6782.md index 73459df53..12736597d 100644 --- a/2024/CVE-2024-6782.md +++ b/2024/CVE-2024-6782.md @@ -16,4 +16,5 @@ Improper access control in Calibre 6.9.0 ~ 7.14.0 allow unauthenticated attacker - https://github.com/20142995/nuclei-templates - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/wy876/POC +- https://github.com/wy876/wiki diff --git a/2024/CVE-2024-6843.md b/2024/CVE-2024-6843.md new file mode 100644 index 000000000..ed1a31ea4 --- /dev/null +++ b/2024/CVE-2024-6843.md @@ -0,0 +1,17 @@ +### [CVE-2024-6843](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6843) +![](https://img.shields.io/static/v1?label=Product&message=Chatbot%20with%20ChatGPT%20WordPress&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.4.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not sanitise and escape user inputs, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks against admins + +### POC + +#### Reference +- https://wpscan.com/vulnerability/9a5cb440-065a-445a-9a09-55bd5f782e85/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-6911.md b/2024/CVE-2024-6911.md index 79a108384..1d67082fe 100644 --- a/2024/CVE-2024-6911.md +++ b/2024/CVE-2024-6911.md @@ -15,4 +15,5 @@ Files on the Windows system are accessible without authentication to external pa #### Github - https://github.com/wy876/POC +- https://github.com/wy876/wiki diff --git a/2024/CVE-2024-7896.md b/2024/CVE-2024-7896.md index 1650e4d70..5a8e0d7fd 100644 --- a/2024/CVE-2024-7896.md +++ b/2024/CVE-2024-7896.md @@ -11,6 +11,7 @@ A vulnerability was found in Tosei Online Store Management System ネット店 #### Reference - https://gist.github.com/b0rgch3n/4788c7c429d49095915d84161a157295 +- https://vuldb.com/?submit.387131 #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-7906.md b/2024/CVE-2024-7906.md new file mode 100644 index 000000000..32172a9bd --- /dev/null +++ b/2024/CVE-2024-7906.md @@ -0,0 +1,17 @@ +### [CVE-2024-7906](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7906) +![](https://img.shields.io/static/v1?label=Product&message=DedeBIZ&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%206.3.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload&color=brighgreen) + +### Description + +A vulnerability classified as critical was found in DedeBIZ 6.3.0. This vulnerability affects the function get_mime_type of the file /admin/dialog/select_images_post.php of the component Attachment Settings. The manipulation of the argument upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/github.txt b/github.txt index 8cf786aa5..9d1f6dbff 100644 --- a/github.txt +++ b/github.txt @@ -1801,12 +1801,14 @@ CVE-2006-5051 - https://github.com/David-M-Berry/openssh-cve-discovery CVE-2006-5051 - https://github.com/Passyed/regreSSHion-Fix CVE-2006-5051 - https://github.com/TAM-K592/CVE-2024-6387 CVE-2006-5051 - https://github.com/ThemeHackers/CVE-2024-6387 +CVE-2006-5051 - https://github.com/almogopp/OpenSSH-CVE-2024-6387-Fix CVE-2006-5051 - https://github.com/azurejoga/CVE-2024-6387-how-to-fix CVE-2006-5051 - https://github.com/bigb0x/CVE-2024-6387 CVE-2006-5051 - https://github.com/giterlizzi/secdb-feeds CVE-2006-5051 - https://github.com/invaderslabs/regreSSHion-CVE-2024-6387- CVE-2006-5051 - https://github.com/kalvin-net/NoLimit-Secu-RegreSSHion CVE-2006-5051 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2006-5051 - https://github.com/s1d6point7bugcrowd/CVE-2024-6387-Race-Condition-in-Signal-Handling-for-OpenSSH CVE-2006-5051 - https://github.com/sardine-web/CVE-2024-6387_Check CVE-2006-5156 - https://github.com/trend-anz/Deep-Security-CVE-to-IPS-Mapper CVE-2006-5178 - https://github.com/Whissi/realpath_turbo @@ -3050,10 +3052,12 @@ CVE-2008-4109 - https://github.com/CVEDB/awesome-cve-repo CVE-2008-4109 - https://github.com/David-M-Berry/openssh-cve-discovery CVE-2008-4109 - https://github.com/Passyed/regreSSHion-Fix CVE-2008-4109 - https://github.com/TAM-K592/CVE-2024-6387 +CVE-2008-4109 - https://github.com/almogopp/OpenSSH-CVE-2024-6387-Fix CVE-2008-4109 - https://github.com/azurejoga/CVE-2024-6387-how-to-fix CVE-2008-4109 - https://github.com/bigb0x/CVE-2024-6387 CVE-2008-4109 - https://github.com/invaderslabs/regreSSHion-CVE-2024-6387- CVE-2008-4109 - https://github.com/kalvin-net/NoLimit-Secu-RegreSSHion +CVE-2008-4109 - https://github.com/s1d6point7bugcrowd/CVE-2024-6387-Race-Condition-in-Signal-Handling-for-OpenSSH CVE-2008-4114 - https://github.com/RodrigoVarasLopez/Download-Scanners-from-Nessus-8.7-using-the-API CVE-2008-4163 - https://github.com/ARPSyndicate/cvemon CVE-2008-4163 - https://github.com/DButter/whitehat_public @@ -5251,6 +5255,7 @@ CVE-2010-2075 - https://github.com/FredBrave/CVE-2010-2075-UnrealIRCd-3.2.8.1 CVE-2010-2075 - https://github.com/Glumgam/UnrealiRCd-3.2.8.1-exploit-python CVE-2010-2075 - https://github.com/JoseLRC97/UnrealIRCd-3.2.8.1-Backdoor-Command-Execution CVE-2010-2075 - https://github.com/MFernstrom/OffensivePascal-CVE-2010-2075 +CVE-2010-2075 - https://github.com/Mr-Tree-S/POC_EXP CVE-2010-2075 - https://github.com/Okarn/TP_securite_EDOU_JACQUEMONT CVE-2010-2075 - https://github.com/Patrick122333/4240project CVE-2010-2075 - https://github.com/Sh4dowX404/UnrealIRCD-3.2.8.1-Backdoor @@ -9488,6 +9493,7 @@ CVE-2013-0156 - https://github.com/heroku/heroku-CVE-2013-0156 CVE-2013-0156 - https://github.com/hktalent/TOP CVE-2013-0156 - https://github.com/jbmihoub/all-poc CVE-2013-0156 - https://github.com/josal/crack-0.1.8-fixed +CVE-2013-0156 - https://github.com/localeapp/localeapp CVE-2013-0156 - https://github.com/mengdaya/Web-CTF-Cheatsheet CVE-2013-0156 - https://github.com/michenriksen/nmap-scripts CVE-2013-0156 - https://github.com/mitaku/rails_cve_2013_0156_patch @@ -62434,6 +62440,7 @@ CVE-2019-11358 - https://github.com/QASMT-FTC/FTC-13626-Team2 CVE-2019-11358 - https://github.com/QuantumRoboticsFTC/freightfrenzy-app CVE-2019-11358 - https://github.com/QuantumRoboticsFTC/powerplay-app CVE-2019-11358 - https://github.com/QuantumRoboticsFTC/ultimategoal-app +CVE-2019-11358 - https://github.com/R-Tacoz/FTC14607_23-24RC CVE-2019-11358 - https://github.com/R3Vipers/test CVE-2019-11358 - https://github.com/RCGV1/testingFTC CVE-2019-11358 - https://github.com/RDasari7304/PurePursuitController @@ -122889,6 +122896,7 @@ CVE-2022-1195 - https://github.com/ARPSyndicate/cvemon CVE-2022-1203 - https://github.com/RandomRobbieBF/CVE-2022-1203 CVE-2022-1203 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2022-1204 - https://github.com/ARPSyndicate/cvemon +CVE-2022-1206 - https://github.com/20142995/nuclei-templates CVE-2022-1207 - https://github.com/ARPSyndicate/cvemon CVE-2022-1208 - https://github.com/ARPSyndicate/cvemon CVE-2022-1210 - https://github.com/ARPSyndicate/cvemon @@ -142819,6 +142827,7 @@ CVE-2022-48702 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2022-48703 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2022-4883 - https://github.com/1g-v/DevSec_Docker_lab CVE-2022-4883 - https://github.com/L-ivan7/-.-DevSec_Docker +CVE-2022-4891 - https://github.com/sisimai/rb-sisimai CVE-2022-4896 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2022-4896 - https://github.com/sapellaniz/CVE-2022-4896 CVE-2022-4897 - https://github.com/ARPSyndicate/cvemon @@ -145179,6 +145188,7 @@ CVE-2023-22894 - https://github.com/Saboor-Hakimi/CVE-2023-22894 CVE-2023-22894 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2023-22897 - https://github.com/ARPSyndicate/cvemon CVE-2023-22897 - https://github.com/MrTuxracer/advisories +CVE-2023-2290 - https://github.com/tadghh/Dell-unlock-undervolting CVE-2023-22903 - https://github.com/go-compile/security-advisories CVE-2023-22906 - https://github.com/abrahim7112/Vulnerability-checking-program-for-Android CVE-2023-22906 - https://github.com/nomi-sec/PoC-in-GitHub @@ -147858,6 +147868,7 @@ CVE-2023-29383 - https://github.com/GrigGM/05-virt-04-docker-hw CVE-2023-29383 - https://github.com/adegoodyer/kubernetes-admin-toolkit CVE-2023-29383 - https://github.com/fokypoky/places-list CVE-2023-29383 - https://github.com/tl87/container-scanner +CVE-2023-29384 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2023-29385 - https://github.com/hackintoanetwork/hackintoanetwork CVE-2023-29389 - https://github.com/1-tong/vehicle_cves CVE-2023-29389 - https://github.com/Vu1nT0tal/Vehicle-Security @@ -153629,6 +153640,7 @@ CVE-2023-45386 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-4539 - https://github.com/defragmentator/mitmsqlproxy CVE-2023-4540 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-4542 - https://github.com/20142995/sectool +CVE-2023-4542 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2023-4542 - https://github.com/tanjiti/sec_profile CVE-2023-4542 - https://github.com/wjlin0/poc-doc CVE-2023-4542 - https://github.com/wy876/POC @@ -153817,6 +153829,7 @@ CVE-2023-45866 - https://github.com/vs4vijay/exploits CVE-2023-45866 - https://github.com/zhaoxiaoha/github-trending CVE-2023-4587 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-45887 - https://github.com/MikeIsAStar/DS-Wireless-Communication-Remote-Code-Execution +CVE-2023-4590 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2023-4591 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-4591 - https://github.com/tanjiti/sec_profile CVE-2023-45918 - https://github.com/GrigGM/05-virt-04-docker-hw @@ -154588,6 +154601,7 @@ CVE-2023-48201 - https://github.com/mechaneus/mechaneus.github.io CVE-2023-48202 - https://github.com/mechaneus/mechaneus.github.io CVE-2023-4822 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-48226 - https://github.com/mbiesiad/security-hall-of-fame-mb +CVE-2023-48251 - https://github.com/oxagast/oxasploits CVE-2023-48268 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-4827 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-48291 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -163006,6 +163020,7 @@ CVE-2024-20745 - https://github.com/NaInSec/CVE-LIST CVE-2024-20745 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-20746 - https://github.com/NaInSec/CVE-LIST CVE-2024-20746 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-20746 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-2075 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-20750 - https://github.com/vulsio/go-cve-dictionary CVE-2024-20752 - https://github.com/NaInSec/CVE-LIST @@ -164120,6 +164135,7 @@ CVE-2024-22515 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-22519 - https://github.com/Drone-Lab/opendroneid-vulnerability CVE-2024-22520 - https://github.com/Drone-Lab/Dronetag-vulnerability CVE-2024-22523 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-22526 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-22530 - https://github.com/luelueking/luelueking CVE-2024-22532 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-22532 - https://github.com/nomi-sec/PoC-in-GitHub @@ -164453,6 +164469,7 @@ CVE-2024-23334 - https://github.com/z3rObyte/CVE-2024-23334-PoC CVE-2024-23335 - https://github.com/CP04042K/CVE CVE-2024-23336 - https://github.com/CP04042K/CVE CVE-2024-23339 - https://github.com/d3ng03/PP-Auto-Detector +CVE-2024-23339 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-23342 - https://github.com/memphis-tools/dummy_fastapi_flask_blog_app CVE-2024-23343 - https://github.com/Sim4n6/Sim4n6 CVE-2024-23349 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -165662,6 +165679,7 @@ CVE-2024-25579 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-2558 - https://github.com/LaPhilosophie/IoT-vulnerable CVE-2024-2558 - https://github.com/NaInSec/CVE-LIST CVE-2024-25580 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-25582 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-2559 - https://github.com/LaPhilosophie/IoT-vulnerable CVE-2024-2559 - https://github.com/NaInSec/CVE-LIST CVE-2024-2559 - https://github.com/helloyhrr/IoT_vulnerability @@ -166468,6 +166486,7 @@ CVE-2024-27085 - https://github.com/NaInSec/CVE-LIST CVE-2024-27085 - https://github.com/kip93/kip93 CVE-2024-27087 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-27088 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-27088 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-2709 - https://github.com/LaPhilosophie/IoT-vulnerable CVE-2024-2709 - https://github.com/NaInSec/CVE-LIST CVE-2024-2709 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -166786,6 +166805,7 @@ CVE-2024-2758 - https://github.com/Vos68/HTTP2-Continuation-Flood-PoC CVE-2024-2759 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-27593 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-2760 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-27609 - https://github.com/mohammedatary/mohammedatary CVE-2024-27612 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-27613 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-27619 - https://github.com/ioprojecton/dir-3040_dos @@ -167039,6 +167059,7 @@ CVE-2024-28085 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-28085 - https://github.com/skyler-ferrante/CVE-2024-28085 CVE-2024-28085 - https://github.com/testing-felickz/docker-scout-demo CVE-2024-28087 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-28087 - https://github.com/mohammedatary/mohammedatary CVE-2024-28088 - https://github.com/levpachmanov/cve-2024-28088-poc CVE-2024-28088 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-28088 - https://github.com/seal-community/patches @@ -169352,6 +169373,7 @@ CVE-2024-33612 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-33633 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-33640 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-33643 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-33644 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-33645 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-33646 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-33648 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -169818,6 +169840,7 @@ CVE-2024-35522 - https://github.com/AnixPasBesoin/AnixPasBesoin CVE-2024-35523 - https://github.com/AnixPasBesoin/AnixPasBesoin CVE-2024-35524 - https://github.com/AnixPasBesoin/AnixPasBesoin CVE-2024-35537 - https://github.com/aaravavi/TVS-Connect-Application-VAPT +CVE-2024-35538 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-35548 - https://github.com/bytyme/MybatisPlusSQLInjection CVE-2024-35570 - https://github.com/ibaiw/2024Hvv CVE-2024-35591 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -169915,6 +169938,7 @@ CVE-2024-36104 - https://github.com/wy876/wiki CVE-2024-36105 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-36111 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-36111 - https://github.com/wy876/POC +CVE-2024-36111 - https://github.com/wy876/wiki CVE-2024-36120 - https://github.com/SteakEnthusiast/My-CTF-Challenges CVE-2024-36136 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3614 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -170175,6 +170199,7 @@ CVE-2024-38166 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3817 - https://github.com/dellalibera/dellalibera CVE-2024-3817 - https://github.com/otms61/vex_dir CVE-2024-38189 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-38189 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-38202 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-38206 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3822 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -170271,6 +170296,7 @@ CVE-2024-38856 - https://github.com/k3ppf0r/2024-PocLib CVE-2024-38856 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-38856 - https://github.com/tanjiti/sec_profile CVE-2024-38856 - https://github.com/wy876/POC +CVE-2024-38856 - https://github.com/wy876/wiki CVE-2024-3889 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3891 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3892 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -170728,8 +170754,10 @@ CVE-2024-41465 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-41466 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-41468 - https://github.com/ibaiw/2024Hvv CVE-2024-41468 - https://github.com/wy876/POC +CVE-2024-41468 - https://github.com/wy876/wiki CVE-2024-41473 - https://github.com/ibaiw/2024Hvv CVE-2024-41473 - https://github.com/wy876/POC +CVE-2024-41473 - https://github.com/wy876/wiki CVE-2024-41476 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-41550 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-41551 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -170928,6 +170956,7 @@ CVE-2024-4257 - https://github.com/wy876/wiki CVE-2024-4265 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-42657 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-42658 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-42675 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-42676 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-42677 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-42678 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -170939,6 +170968,7 @@ CVE-2024-42758 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-42849 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-42850 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-4286 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42919 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-4295 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-4295 - https://github.com/truonghuuphuc/CVE-2024-4295-Poc CVE-2024-4296 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -171061,7 +171091,22 @@ CVE-2024-43236 - https://github.com/20142995/nuclei-templates CVE-2024-43238 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4324 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-43276 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-43277 - https://github.com/20142995/nuclei-templates CVE-2024-4328 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-43285 - https://github.com/20142995/nuclei-templates +CVE-2024-43287 - https://github.com/20142995/nuclei-templates +CVE-2024-43290 - https://github.com/20142995/nuclei-templates +CVE-2024-43291 - https://github.com/20142995/nuclei-templates +CVE-2024-43293 - https://github.com/20142995/nuclei-templates +CVE-2024-43294 - https://github.com/20142995/nuclei-templates +CVE-2024-43295 - https://github.com/20142995/nuclei-templates +CVE-2024-43297 - https://github.com/20142995/nuclei-templates +CVE-2024-43298 - https://github.com/20142995/nuclei-templates +CVE-2024-43299 - https://github.com/20142995/nuclei-templates +CVE-2024-43301 - https://github.com/20142995/nuclei-templates +CVE-2024-43302 - https://github.com/20142995/nuclei-templates +CVE-2024-43304 - https://github.com/20142995/nuclei-templates +CVE-2024-43305 - https://github.com/20142995/nuclei-templates CVE-2024-43305 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-43306 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-43307 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -171069,25 +171114,51 @@ CVE-2024-43308 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-43309 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4331 - https://github.com/angelov-1080/CVE_Checker CVE-2024-4331 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-43310 - https://github.com/20142995/nuclei-templates +CVE-2024-43312 - https://github.com/20142995/nuclei-templates CVE-2024-43313 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-43314 - https://github.com/20142995/nuclei-templates +CVE-2024-43315 - https://github.com/20142995/nuclei-templates +CVE-2024-43316 - https://github.com/20142995/nuclei-templates +CVE-2024-43317 - https://github.com/20142995/nuclei-templates CVE-2024-43318 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-43320 - https://github.com/20142995/nuclei-templates CVE-2024-43320 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-43321 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-43323 - https://github.com/20142995/nuclei-templates +CVE-2024-43324 - https://github.com/20142995/nuclei-templates CVE-2024-43324 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-43325 - https://github.com/20142995/nuclei-templates +CVE-2024-43326 - https://github.com/20142995/nuclei-templates CVE-2024-43327 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-43329 - https://github.com/20142995/nuclei-templates CVE-2024-43329 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4333 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-43330 - https://github.com/20142995/nuclei-templates CVE-2024-43330 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-43331 - https://github.com/20142995/nuclei-templates +CVE-2024-43332 - https://github.com/20142995/nuclei-templates CVE-2024-43335 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-43336 - https://github.com/20142995/nuclei-templates +CVE-2024-43337 - https://github.com/20142995/nuclei-templates +CVE-2024-43339 - https://github.com/20142995/nuclei-templates CVE-2024-4334 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-43340 - https://github.com/20142995/nuclei-templates +CVE-2024-43341 - https://github.com/20142995/nuclei-templates CVE-2024-43342 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-43343 - https://github.com/20142995/nuclei-templates CVE-2024-43344 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-43346 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-43347 - https://github.com/20142995/nuclei-templates CVE-2024-43347 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-43348 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-43349 - https://github.com/20142995/nuclei-templates CVE-2024-43349 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-43351 - https://github.com/20142995/nuclei-templates CVE-2024-43351 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-43352 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-43355 - https://github.com/20142995/nuclei-templates +CVE-2024-43356 - https://github.com/20142995/nuclei-templates CVE-2024-43358 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-43359 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-43360 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -171546,6 +171617,7 @@ CVE-2024-5542 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5555 - https://github.com/JohnnyBradvo/CVE-2024-5555 CVE-2024-5555 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-5572 - https://github.com/ajmalabubakkr/CVE +CVE-2024-5576 - https://github.com/20142995/nuclei-templates CVE-2024-5585 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5585 - https://github.com/tianstcht/tianstcht CVE-2024-5595 - https://github.com/20142995/nuclei-templates @@ -171583,6 +171655,7 @@ CVE-2024-5744 - https://github.com/20142995/nuclei-templates CVE-2024-5745 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5756 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5758 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-5763 - https://github.com/20142995/nuclei-templates CVE-2024-5765 - https://github.com/20142995/nuclei-templates CVE-2024-5766 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5770 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -171608,7 +171681,11 @@ CVE-2024-5861 - https://github.com/20142995/nuclei-templates CVE-2024-5893 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5894 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5895 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-5932 - https://github.com/20142995/nuclei-templates CVE-2024-5936 - https://github.com/20142995/nuclei-templates +CVE-2024-5939 - https://github.com/20142995/nuclei-templates +CVE-2024-5940 - https://github.com/20142995/nuclei-templates +CVE-2024-5941 - https://github.com/20142995/nuclei-templates CVE-2024-5947 - https://github.com/komodoooo/Some-things CVE-2024-5947 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-5961 - https://github.com/nomi-sec/PoC-in-GitHub @@ -171688,6 +171765,7 @@ CVE-2024-6387 - https://github.com/TAM-K592/CVE-2024-6387 CVE-2024-6387 - https://github.com/ThemeHackers/CVE-2024-6387 CVE-2024-6387 - https://github.com/Threekiii/CVE CVE-2024-6387 - https://github.com/TrojanAZhen/Self_Back +CVE-2024-6387 - https://github.com/almogopp/OpenSSH-CVE-2024-6387-Fix CVE-2024-6387 - https://github.com/azurejoga/CVE-2024-6387-how-to-fix CVE-2024-6387 - https://github.com/beac0n/ruroco CVE-2024-6387 - https://github.com/bigb0x/CVE-2024-6387 @@ -171700,6 +171778,7 @@ CVE-2024-6387 - https://github.com/lukibahr/stars CVE-2024-6387 - https://github.com/maycon/stars CVE-2024-6387 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-6387 - https://github.com/rxerium/stars +CVE-2024-6387 - https://github.com/s1d6point7bugcrowd/CVE-2024-6387-Race-Condition-in-Signal-Handling-for-OpenSSH CVE-2024-6387 - https://github.com/sardine-web/CVE-2024-6387_Check CVE-2024-6387 - https://github.com/tanjiti/sec_profile CVE-2024-6387 - https://github.com/teamos-hub/regreSSHion @@ -171734,6 +171813,7 @@ CVE-2024-6553 - https://github.com/20142995/nuclei-templates CVE-2024-6558 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6562 - https://github.com/20142995/nuclei-templates CVE-2024-6571 - https://github.com/20142995/nuclei-templates +CVE-2024-6575 - https://github.com/20142995/nuclei-templates CVE-2024-6589 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6629 - https://github.com/20142995/nuclei-templates CVE-2024-6639 - https://github.com/20142995/nuclei-templates @@ -171773,9 +171853,11 @@ CVE-2024-6768 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-6779 - https://github.com/leesh3288/leesh3288 CVE-2024-6781 - https://github.com/20142995/nuclei-templates CVE-2024-6781 - https://github.com/wy876/POC +CVE-2024-6781 - https://github.com/wy876/wiki CVE-2024-6782 - https://github.com/20142995/nuclei-templates CVE-2024-6782 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-6782 - https://github.com/wy876/POC +CVE-2024-6782 - https://github.com/wy876/wiki CVE-2024-6797 - https://github.com/20142995/nuclei-templates CVE-2024-6798 - https://github.com/20142995/nuclei-templates CVE-2024-6802 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -171789,6 +171871,7 @@ CVE-2024-6853 - https://github.com/20142995/nuclei-templates CVE-2024-6855 - https://github.com/20142995/nuclei-templates CVE-2024-6856 - https://github.com/20142995/nuclei-templates CVE-2024-6859 - https://github.com/20142995/nuclei-templates +CVE-2024-6864 - https://github.com/20142995/nuclei-templates CVE-2024-6865 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6869 - https://github.com/20142995/nuclei-templates CVE-2024-6884 - https://github.com/20142995/nuclei-templates @@ -171798,6 +171881,7 @@ CVE-2024-6893 - https://github.com/20142995/nuclei-templates CVE-2024-6893 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6896 - https://github.com/20142995/nuclei-templates CVE-2024-6911 - https://github.com/wy876/POC +CVE-2024-6911 - https://github.com/wy876/wiki CVE-2024-6917 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6923 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6924 - https://github.com/20142995/nuclei-templates @@ -171824,6 +171908,7 @@ CVE-2024-6990 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7008 - https://github.com/20142995/nuclei-templates CVE-2024-7027 - https://github.com/20142995/nuclei-templates CVE-2024-7047 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7054 - https://github.com/20142995/nuclei-templates CVE-2024-7057 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7060 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7063 - https://github.com/20142995/nuclei-templates @@ -172004,10 +172089,12 @@ CVE-2024-7630 - https://github.com/20142995/nuclei-templates CVE-2024-7646 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-7648 - https://github.com/20142995/nuclei-templates CVE-2024-7649 - https://github.com/20142995/nuclei-templates +CVE-2024-7689 - https://github.com/20142995/nuclei-templates CVE-2024-7690 - https://github.com/20142995/nuclei-templates CVE-2024-7691 - https://github.com/20142995/nuclei-templates CVE-2024-7692 - https://github.com/20142995/nuclei-templates CVE-2024-7697 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7702 - https://github.com/20142995/nuclei-templates CVE-2024-7703 - https://github.com/20142995/nuclei-templates CVE-2024-7703 - https://github.com/lfillaz/CVE-2024-7703 CVE-2024-7703 - https://github.com/nomi-sec/PoC-in-GitHub @@ -172021,19 +172108,26 @@ CVE-2024-7728 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7729 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7731 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7732 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7775 - https://github.com/20142995/nuclei-templates +CVE-2024-7777 - https://github.com/20142995/nuclei-templates +CVE-2024-7780 - https://github.com/20142995/nuclei-templates +CVE-2024-7782 - https://github.com/20142995/nuclei-templates CVE-2024-7790 - https://github.com/JoshuaMart/JoshuaMart CVE-2024-7790 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7827 - https://github.com/20142995/nuclei-templates CVE-2024-7829 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7830 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7831 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7832 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7833 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7850 - https://github.com/20142995/nuclei-templates CVE-2024-7886 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7887 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7896 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7897 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7904 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7906 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7928 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-87654 - https://github.com/runwuf/clickhouse-test CVE-2024-98765 - https://github.com/runwuf/clickhouse-test CVE-2024-99999 - https://github.com/kolewttd/wtt diff --git a/references.txt b/references.txt index 66da2cebd..c62c586e6 100644 --- a/references.txt +++ b/references.txt @@ -4812,6 +4812,8 @@ CVE-2006-4647 - https://www.exploit-db.com/exploits/2309 CVE-2006-4648 - https://www.exploit-db.com/exploits/2312 CVE-2006-4655 - http://securityreason.com/securityalert/1545 CVE-2006-4656 - https://www.exploit-db.com/exploits/2317 +CVE-2006-4660 - http://securityreason.com/securityalert/1523 +CVE-2006-4661 - http://securityreason.com/securityalert/1523 CVE-2006-4662 - http://securityreason.com/securityalert/1530 CVE-2006-4662 - http://www.securityfocus.com/archive/1/445513/100/0/threaded CVE-2006-4664 - https://www.exploit-db.com/exploits/2311 @@ -56687,6 +56689,7 @@ CVE-2019-11074 - https://how2itsec.blogspot.com/2019/10/security-fixes-in-prtg-1 CVE-2019-11074 - https://sensepost.com/blog/2019/being-stubborn-pays-off-pt.-1-cve-2018-19204/ CVE-2019-11076 - https://github.com/livehybrid/poc-cribl-rce CVE-2019-11080 - http://packetstormsecurity.com/files/153274/Sitecore-8.x-Deserialization-Remote-Code-Execution.html +CVE-2019-11080 - https://dev.sitecore.net/Downloads/Sitecore%20Experience%20Platform/91/Sitecore%20Experience%20Platform%2091%20Update1/Release%20Notes CVE-2019-11085 - https://usn.ubuntu.com/4068-1/ CVE-2019-11085 - https://usn.ubuntu.com/4118-1/ CVE-2019-11091 - https://seclists.org/bugtraq/2019/Jun/28 @@ -86481,6 +86484,7 @@ CVE-2022-3989 - https://wpscan.com/vulnerability/1bd20329-f3a5-466d-81b0-e4ff0ca CVE-2022-3993 - https://huntr.dev/bounties/bebd0cd6-18ec-469c-b6ca-19ffa9db0699 CVE-2022-3994 - https://wpscan.com/vulnerability/802a2139-ab48-4281-888f-225e6e3134aa CVE-2022-39960 - https://gist.github.com/CveCt0r/ca8c6e46f536e9ae69fc6061f132463e +CVE-2022-3997 - https://vuldb.com/?id.213698 CVE-2022-39974 - https://github.com/wasm3/wasm3/issues/379 CVE-2022-3998 - https://github.com/MonikaBrzica/scm/issues/1 CVE-2022-39983 - https://www.swascan.com/it/vulnerability-report-instant-developer/ @@ -88552,6 +88556,7 @@ CVE-2022-48012 - https://github.com/Sakura-501/Opencats-0.9.7-Vulnerabilities/bl CVE-2022-48013 - https://github.com/Sakura-501/Opencats-0.9.7-Vulnerabilities/blob/main/Opencats-0.9.7-Stored%20XSS%20in%20Calendar-Add-Event.md CVE-2022-48019 - https://github.com/kkent030315/CVE-2022-42046 CVE-2022-4802 - https://huntr.dev/bounties/d47d4a94-92e3-4400-b012-a8577cbd7956 +CVE-2022-48020 - https://www.linkedin.com/in/dmitry-kiryukhin-b5741421b/ CVE-2022-4803 - https://huntr.dev/bounties/0fba72b9-db10-4d9f-a707-2acf2004a286 CVE-2022-4805 - https://huntr.dev/bounties/b03f6a9b-e49b-42d6-a318-1d7afd985873 CVE-2022-4806 - https://huntr.dev/bounties/2c7101bc-e6d8-4cd0-9003-bc8d86f4e4be @@ -95133,6 +95138,7 @@ CVE-2023-50089 - https://github.com/NoneShell/Vulnerabilities/blob/main/NETGEAR/ CVE-2023-50094 - https://github.com/yogeshojha/rengine/security/advisories/GHSA-fx7f-f735-vgh4 CVE-2023-50094 - https://www.mattz.io/posts/cve-2023-50094/ CVE-2023-50096 - https://github.com/elttam/publications/blob/master/writeups/CVE-2023-50096.md +CVE-2023-50100 - https://github.com/Jarvis-616/cms/blob/master/There%20is%20a%20storage%20type%20XSS%20for%20carousel%20image%20editing.md CVE-2023-50110 - https://github.com/TestLinkOpenSourceTRMS/testlink-code/pull/357 CVE-2023-50120 - https://github.com/gpac/gpac/issues/2698 CVE-2023-50123 - https://www.secura.com/services/iot/consumer-products/security-concerns-in-popular-smart-home-devices @@ -95173,6 +95179,7 @@ CVE-2023-50265 - https://securitylab.github.com/advisories/GHSL-2023-192_GHSL-20 CVE-2023-50266 - https://securitylab.github.com/advisories/GHSL-2023-192_GHSL-2023-194_bazarr/ CVE-2023-5027 - https://vuldb.com/?id.239869 CVE-2023-5028 - https://vuldb.com/?id.239870 +CVE-2023-5029 - https://vuldb.com/?id.239871 CVE-2023-5030 - https://github.com/husterdjx/cve/blob/main/sql1.md CVE-2023-5033 - https://vuldb.com/?id.239877 CVE-2023-50358 - https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2024/2024-213941-1032 @@ -95583,6 +95590,7 @@ CVE-2023-5572 - https://huntr.dev/bounties/db649f1b-8578-4ef0-8df3-d320ab33f1be CVE-2023-5573 - https://huntr.dev/bounties/46a2bb2c-712a-4008-a147-b862e3af7d72 CVE-2023-5585 - https://vuldb.com/?id.242170 CVE-2023-5586 - https://huntr.dev/bounties/d2a6ea71-3555-47a6-9b18-35455d103740 +CVE-2023-5587 - https://vuldb.com/?id.242186 CVE-2023-5590 - https://huntr.dev/bounties/e268cd68-4f34-49bd-878b-82b96dcc0c99 CVE-2023-5591 - https://huntr.dev/bounties/54813d42-5b93-440e-b9b1-c179d2cbf090 CVE-2023-5595 - https://huntr.dev/bounties/0064cf76-ece1-495d-82b4-e4a1bebeb28e @@ -95610,6 +95618,7 @@ CVE-2023-5672 - https://wpscan.com/vulnerability/7c1dff5b-bed3-49f8-96cc-1bc9abe CVE-2023-5673 - https://wpscan.com/vulnerability/231f72bf-9ad0-417e-b7a0-3555875749e9 CVE-2023-5674 - https://wpscan.com/vulnerability/32a23d0d-7ece-4870-a99d-f3f344be2d67 CVE-2023-5681 - https://github.com/Wsecpro/cve1/blob/main/NS-ASG-sql-list_addr_fwresource_ip.md +CVE-2023-5681 - https://vuldb.com/?id.243057 CVE-2023-5682 - https://github.com/Godfather-onec/cve/blob/main/sql.md CVE-2023-5684 - https://github.com/Chef003/cve/blob/main/rce.md CVE-2023-5686 - https://huntr.com/bounties/bbfe1f76-8fa1-4a8c-909d-65b16e970be0 @@ -95690,6 +95699,7 @@ CVE-2023-5905 - https://wpscan.com/vulnerability/f94e91ef-1773-476c-9945-37e89ce CVE-2023-5906 - https://wpscan.com/vulnerability/911d495c-3867-4259-a73a-572cd4fccdde CVE-2023-5907 - https://wpscan.com/vulnerability/f250226f-4a05-4d75-93c4-5444a4ce919e CVE-2023-5911 - https://wpscan.com/vulnerability/dde0767d-1dff-4261-adbe-1f3fdf2d9aae +CVE-2023-5919 - https://vuldb.com/?id.244310 CVE-2023-5922 - https://wpscan.com/vulnerability/debd8498-5770-4270-9ee1-1503e675ef34/ CVE-2023-5931 - https://wpscan.com/vulnerability/3d6889e3-a01b-4e7f-868f-af7cc8c7531a CVE-2023-5939 - https://wpscan.com/vulnerability/db5d41fc-bcd3-414f-aa99-54d5537007bc @@ -98070,6 +98080,7 @@ CVE-2024-29975 - https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/ CVE-2024-29976 - https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/ CVE-2024-3000 - https://github.com/BurakSevben/CVEs/blob/main/Online%20Book%20System/Online%20Book%20System%20-%20Authentication%20Bypass.md CVE-2024-3000 - https://vuldb.com/?id.258202 +CVE-2024-3000 - https://vuldb.com/?submit.305052 CVE-2024-3001 - https://github.com/BurakSevben/CVEs/blob/main/Online%20Book%20System/Online%20Book%20System-%20SQL%20Injection%20-%203.md CVE-2024-3002 - https://github.com/BurakSevben/CVEs/blob/main/Online%20Book%20System/Online%20Book%20System-%20SQL%20Injection%20-%204.md CVE-2024-3003 - https://github.com/BurakSevben/CVEs/blob/main/Online%20Book%20System/Online%20Book%20System-%20SQL%20Injection%20-%205.md @@ -99747,6 +99758,7 @@ CVE-2024-43168 - https://github.com/NLnetLabs/unbound/issues/1039 CVE-2024-43360 - https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-9cmr-7437-v9fj CVE-2024-43373 - https://github.com/j4k0xb/webcrack/security/advisories/GHSA-ccqh-278p-xq6w CVE-2024-43374 - https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw +CVE-2024-43381 - https://github.com/yogeshojha/rengine/security/advisories/GHSA-96q4-fj2m-jqf7 CVE-2024-4340 - https://github.com/advisories/GHSA-2m57-hf25-phgg CVE-2024-4340 - https://research.jfrog.com/vulnerabilities/sqlparse-stack-exhaustion-dos-jfsa-2024-001031292/ CVE-2024-4348 - https://vuldb.com/?submit.320855 @@ -99759,6 +99771,7 @@ CVE-2024-4384 - https://wpscan.com/vulnerability/ad714196-2590-4dc9-b5b9-50808e9 CVE-2024-4388 - https://wpscan.com/vulnerability/5c791747-f60a-40a7-94fd-e4b9bb5ea2b0/ CVE-2024-4395 - https://khronokernel.com/macos/2024/05/01/CVE-2024-4395.html CVE-2024-4399 - https://wpscan.com/vulnerability/0690327e-da60-4d71-8b3c-ac9533d82302/ +CVE-2024-44067 - https://ghostwriteattack.com CVE-2024-4469 - https://wpscan.com/vulnerability/d6b1270b-52c0-471d-a5fb-507e21b46310/ CVE-2024-4474 - https://wpscan.com/vulnerability/71954c60-6a5b-4cac-9920-6d9b787ead9c/ CVE-2024-4475 - https://wpscan.com/vulnerability/f0c7fa00-da6e-4f07-875f-7b85759a54b3/ @@ -99996,6 +100009,7 @@ CVE-2024-5363 - https://github.com/rockersiyuan/CVE/blob/main/SourceCodester_Hou CVE-2024-5364 - https://github.com/rockersiyuan/CVE/blob/main/SourceCodester_House_Rental_Management_System_Sql_Inject-2.md CVE-2024-5365 - https://github.com/rockersiyuan/CVE/blob/main/SourceCodester_House_Rental_Management_System_Sql_Inject-3.md CVE-2024-5366 - https://github.com/rockersiyuan/CVE/blob/main/SourceCodester_House_Rental_Management_System_Sql_Inject-4.md +CVE-2024-5372 - https://vuldb.com/?submit.343452 CVE-2024-5377 - https://github.com/yuyuliq/cve/issues/1 CVE-2024-5378 - https://github.com/GAO-UNO/cve/blob/main/sql2.md CVE-2024-5379 - https://gitee.com/heyewei/JFinalcms/issues/I8VHGR @@ -100167,6 +100181,7 @@ CVE-2024-6273 - https://docs.google.com/document/d/14ExrgXqPQlgvjw2poqNzYzAOi-C5 CVE-2024-6273 - https://github.com/sgr-xd/CVEs/blob/main/CVE-2024-6273.md CVE-2024-6289 - https://wpscan.com/vulnerability/fd6d0362-df1d-4416-b8b5-6e5d0ce84793/ CVE-2024-6308 - https://github.com/L1OudFd8cl09/CVE/blob/main/25_06_2024_a.md +CVE-2024-6330 - https://wpscan.com/vulnerability/95b532e0-1ffb-421e-b9c0-de03f89491d7/ CVE-2024-6334 - https://wpscan.com/vulnerability/6c09083c-6960-4369-8c5c-ad20e34aaa8b/ CVE-2024-6362 - https://wpscan.com/vulnerability/d2e2d06b-0f07-40b9-9b87-3373f62ae1a9/ CVE-2024-6366 - https://wpscan.com/vulnerability/5b90cbdd-52cc-4e7b-bf39-bea0dd59e19e/ @@ -100184,6 +100199,7 @@ CVE-2024-6408 - https://wpscan.com/vulnerability/31aaeffb-a752-4941-9d0f-1b374fb CVE-2024-6412 - https://wpscan.com/vulnerability/9eb0dad6-3c19-4fe4-a20d-d45b51410444/ CVE-2024-6417 - https://github.com/xyj123a/cve/blob/main/sql.md CVE-2024-6420 - https://wpscan.com/vulnerability/dfda6577-81aa-4397-a2d6-1d736f9ebd44/ +CVE-2024-6451 - https://wpscan.com/vulnerability/fc06d413-a227-470c-a5b7-cdab57aeab34/ CVE-2024-6459 - https://wpscan.com/vulnerability/330359fa-d085-4923-b5a8-c0e2e5267247/ CVE-2024-6460 - https://wpscan.com/vulnerability/ba2f53e0-30be-4f37-91bc-5fa151f1eee7/ CVE-2024-6477 - https://wpscan.com/vulnerability/346c855a-4d42-4a87-aac9-e5bfc2242b16/ @@ -100232,6 +100248,7 @@ CVE-2024-6802 - https://reports-kunull.vercel.app/CVEs/2024/CVE-2024-6802 CVE-2024-6807 - https://reports-kunull.vercel.app/CVE%20research/2024/cve-2024-6807 CVE-2024-6807 - https://reports-kunull.vercel.app/CVEs/2024/CVE-2024-6807 CVE-2024-6808 - https://github.com/qianqiusujiu/cve/issues/1 +CVE-2024-6843 - https://wpscan.com/vulnerability/9a5cb440-065a-445a-9a09-55bd5f782e85/ CVE-2024-6884 - https://wpscan.com/vulnerability/1768de0c-e4ea-4c98-abf1-7ac805f214b8/ CVE-2024-6890 - https://korelogic.com/Resources/Advisories/KL-001-2024-007.txt CVE-2024-6891 - https://korelogic.com/Resources/Advisories/KL-001-2024-008.txt @@ -100524,6 +100541,7 @@ CVE-2024-7852 - https://github.com/Wsstiger/cve/blob/main/Yoga_xss.md CVE-2024-7868 - https://www.xpdfreader.com/security-bug/CVE-2024-7868.html CVE-2024-7887 - https://github.com/Hebing123/cve/issues/67 CVE-2024-7896 - https://gist.github.com/b0rgch3n/4788c7c429d49095915d84161a157295 +CVE-2024-7896 - https://vuldb.com/?submit.387131 CVE-2024-7897 - https://gist.github.com/b0rgch3n/bb47a1ed6f66c1e8c7a80f210f4ac8ef CVE-2024-7898 - https://gist.github.com/b0rgch3n/3136cad95b09e42184fb2d78aae33651 CVE-2024-7900 - https://github.com/DeepMountains/Mirage/blob/main/CVE16-1.md