Update CVE sources 2024-08-26 18:34

2025-06-19 17:30:12 +00:00 · 2024-08-26 18:34:01 +00:00 · 2024-08-26 18:34:01 +00:00 · e1800aedb5
commit e1800aedb5
parent 9b4b567743
78 changed files with 967 additions and 15 deletions
--- a/2007/CVE-2007-4559.md
+++ b/2007/CVE-2007-4559.md
@ -18,6 +18,7 @@ No PoCs from references.
 - https://github.com/Brianpan/go-creosote
 - https://github.com/CVEDB/PoC-List
 - https://github.com/CVEDB/awesome-cve-repo
 - https://github.com/JamesDarf/tarpioka
 - https://github.com/NaInSec/CVE-LIST
 - https://github.com/Ooscaar/MALW
 - https://github.com/advanced-threat-research/Creosote
--- a/2013/CVE-2013-1060.md
+++ b/2013/CVE-2013-1060.md
@ -10,6 +10,7 @@ A certain Ubuntu build procedure for perf, as distributed in the Linux kernel pa
 ### POC
 #### Reference
 - http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1060.html
 - http://www.ubuntu.com/usn/USN-1938-1
 #### Github
--- a/2019/CVE-2019-11358.md
+++ b/2019/CVE-2019-11358.md
@ -2037,7 +2037,9 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
 - https://github.com/Sarvesh-Somasundaram/5795UltimateGoal
 - https://github.com/Satgoy152/FreightFrenzy
 - https://github.com/ScarlettRobotics/FTC-2021
 - https://github.com/ScarlettRobotics/FTC20718-2022-23
 - https://github.com/ScarlettRobotics/FTC20718-2023-24
 - https://github.com/ScarlettRobotics/FTC22531-2022-23
 - https://github.com/ScarlettRobotics/FTC22531-2023-24
 - https://github.com/Scarsdale-Robotics/2021-2022-Freight-Frenzy
 - https://github.com/Scarsdale-Robotics/OpenCV-Tutorial
@ -3412,6 +3414,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
 - https://github.com/laawingnuts/LAAWingnuts
 - https://github.com/lakeridgeacademy/2022-power-play
 - https://github.com/lancelarsen/PhoenixForceFreightFrenzy
 - https://github.com/lancelarsen/PhoenixForceUltimateGoal
 - https://github.com/largoftc/Firsttech
 - https://github.com/larrytao05/FtcRobotController
 - https://github.com/laupetre/FTC-2021
--- a/2019/CVE-2019-19905.md
+++ b/2019/CVE-2019-19905.md
@ -10,7 +10,7 @@ NetHack 3.6.x before 3.6.4 is prone to a buffer overflow vulnerability when read
 ### POC
 #### Reference
-No PoCs from references.
+- https://github.com/NetHack/NetHack/commit/f001de79542b8c38b1f8e6d7eaefbbd28ab94b47
 #### Github
 - https://github.com/0xT11/CVE-POC
--- a/2020/CVE-2020-25887.md
+++ b/2020/CVE-2020-25887.md
@ -0,0 +1,17 @@
 ### [CVE-2020-25887](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25887)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 Buffer overflow in mg_resolve_from_hosts_file in Mongoose 6.18, when reading from a crafted hosts file.
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/DiRaltvein/memory-corruption-examples
--- a/2022/CVE-2022-21724.md
+++ b/2022/CVE-2022-21724.md
@ -22,6 +22,7 @@ No PoCs from references.
 - https://github.com/VeerMuchandi/s3c-springboot-demo
 - https://github.com/Whoopsunix/JavaRce
 - https://github.com/YDCloudSecurity/cloud-security-guides
 - https://github.com/clj-holmes/clj-watson
 - https://github.com/fra-dln/DevSecOps-playground-Actions
 - https://github.com/luelueking/Deserial_Sink_With_JDBC
 - https://github.com/tanjiti/sec_profile
--- a/2022/CVE-2022-38072.md
+++ b/2022/CVE-2022-38072.md
@ -15,5 +15,5 @@ An improper array index validation vulnerability exists in the stl_fix_normal_di
 - https://talosintelligence.com/vulnerability_reports/TALOS-2022-1594
 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/DiRaltvein/memory-corruption-examples
--- a/2023/CVE-2023-0516.md
+++ b/2023/CVE-2023-0516.md
@ -0,0 +1,17 @@
 ### [CVE-2023-0516](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0516)
 ![](https://img.shields.io/static/v1?label=Product&message=Online%20Tours%20%26%20Travels%20Management%20System&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen)
 ### Description
 A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been classified as critical. Affected is an unknown function of the file user/forget_password.php of the component Parameter Handler. The manipulation of the argument email leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-219336.
 ### POC
 #### Reference
 - https://vuldb.com/?id.219336
 #### Github
 No PoCs found on GitHub currently.
--- a/2023/CVE-2023-0530.md
+++ b/2023/CVE-2023-0530.md
@ -0,0 +1,17 @@
 ### [CVE-2023-0530](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0530)
 ![](https://img.shields.io/static/v1?label=Product&message=Online%20Tours%20%26%20Travels%20Management%20System&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen)
 ### Description
 A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/approve_user.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-219599.
 ### POC
 #### Reference
 - https://vuldb.com/?id.219599
 #### Github
 No PoCs found on GitHub currently.
--- a/2023/CVE-2023-0774.md
+++ b/2023/CVE-2023-0774.md
@ -10,6 +10,7 @@ A vulnerability has been found in SourceCodester Medical Certificate Generator A
 ### POC
 #### Reference
 - https://vuldb.com/?id.220558
 - https://www.youtube.com/watch?v=s3oK5jebx_I
 #### Github
--- a/2023/CVE-2023-0960.md
+++ b/2023/CVE-2023-0960.md
@ -0,0 +1,17 @@
 ### [CVE-2023-0960](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0960)
 ![](https://img.shields.io/static/v1?label=Product&message=SeaCMS&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=%3D%2011.6%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%20Deserialization&color=brighgreen)
 ### Description
 A vulnerability was found in SeaCMS 11.6 and classified as problematic. Affected by this issue is some unknown functionality of the file /data/config.ftp.php of the component Picture Management. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-221630 is the identifier assigned to this vulnerability.
 ### POC
 #### Reference
 - https://vuldb.com/?id.221630
 #### Github
 No PoCs found on GitHub currently.
--- a/2023/CVE-2023-24187.md
+++ b/2023/CVE-2023-24187.md
@ -0,0 +1,17 @@
 ### [CVE-2023-24187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24187)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 An XML External Entity (XXE) vulnerability in ureport v2.2.9 allows attackers to execute arbitrary code via uploading a crafted XML file to /ureport/designer/saveReportFile.
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/tanjiti/sec_profile
--- a/2023/CVE-2023-2640.md
+++ b/2023/CVE-2023-2640.md
@ -17,6 +17,7 @@ No PoCs from references.
 - https://github.com/0xsyr0/OSCP
 - https://github.com/CVEDB/awesome-cve-repo
 - https://github.com/Ev3rPalestine/Analytics-HTB-Walkthrough
 - https://github.com/GhostTroops/TOP
 - https://github.com/HaxorSecInfec/autoroot.sh
 - https://github.com/K5LK/CVE-2023-2640-32629
 - https://github.com/Kiosec/Linux-Exploitation
--- a/2023/CVE-2023-27356.md
+++ b/2023/CVE-2023-27356.md
@ -0,0 +1,17 @@
 ### [CVE-2023-27356](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27356)
 ![](https://img.shields.io/static/v1?label=Product&message=RAX30&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0.9.90_3%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%3A%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20OS%20Command%20('OS%20Command%20Injection')&color=brighgreen)
 ### Description
 NETGEAR RAX30 logCtrl Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the logCtrl action. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19825.
 ### POC
 #### Reference
 - https://kb.netgear.com/000065618/Security-Advisory-for-Post-authentication-Command-Injection-on-Some-Routers-PSV-2022-0350
 #### Github
 No PoCs found on GitHub currently.
--- a/2023/CVE-2023-31209.md
+++ b/2023/CVE-2023-31209.md
@ -1,7 +1,7 @@
 ### [CVE-2023-31209](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31209)
 ![](https://img.shields.io/static/v1?label=Product&message=Checkmk&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=2.2.0%3C%202.2.0p4%20&color=brighgreen)
-![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-74%3A%20Improper%20Neutralization%20of%20Special%20Elements%20in%20Output%20Used%20by%20a%20Downstream%20Component%20('Injection')&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%3A%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20OS%20Command%20('OS%20Command%20Injection')&color=brighgreen)
 ### Description
--- a/2023/CVE-2023-32629.md
+++ b/2023/CVE-2023-32629.md
@ -17,6 +17,7 @@ Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up
 - https://github.com/0xsyr0/OSCP
 - https://github.com/CVEDB/awesome-cve-repo
 - https://github.com/Ev3rPalestine/Analytics-HTB-Walkthrough
 - https://github.com/GhostTroops/TOP
 - https://github.com/HaxorSecInfec/autoroot.sh
 - https://github.com/K5LK/CVE-2023-2640-32629
 - https://github.com/Kiosec/Linux-Exploitation
--- a/2023/CVE-2023-48864.md
+++ b/2023/CVE-2023-48864.md
@ -10,7 +10,7 @@ SEMCMS v4.8 was discovered to contain a SQL injection vulnerability via the lang
 ### POC
 #### Reference
-No PoCs from references.
+- https://gitee.com/NoBlake/cve-2023-48864
 #### Github
 - https://github.com/nomi-sec/PoC-in-GitHub
--- a/2023/CVE-2023-48957.md
+++ b/2023/CVE-2023-48957.md
@ -0,0 +1,18 @@
 ### [CVE-2023-48957](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48957)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 PureVPN Linux client 2.0.2-Productions fails to properly handle DNS queries, allowing them to bypass the VPN tunnel and be sent directly to the ISP or default DNS servers.
 ### POC
 #### Reference
 - https://latesthackingnews.com/2023/11/13/multiple-vulnerabilities-found-in-purevpn-one-remains-unpatched/
 - https://www.rafaybaloch.com/2023/11/Multiple%20Critical-Vulnerabilities-in-PureVPN.html?m=1
 #### Github
 No PoCs found on GitHub currently.
--- a/2024/CVE-2024-1939.md
+++ b/2024/CVE-2024-1939.md
@ -14,4 +14,6 @@ No PoCs from references.
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/rycbar77/V8Exploits
--- a/2024/CVE-2024-2316.md
+++ b/2024/CVE-2024-2316.md
@ -10,7 +10,7 @@ A vulnerability has been found in Bdtask Hospital AutoManager up to 20240227 and
 ### POC
 #### Reference
-No PoCs from references.
+- https://vuldb.com/?id.256270
 #### Github
 - https://github.com/Srivishnu-p/CVEs-and-Vulnerabilities
--- a/2024/CVE-2024-23692.md
+++ b/2024/CVE-2024-23692.md
@ -22,6 +22,7 @@
 - https://github.com/jakabakos/CVE-2024-23692-RCE-in-Rejetto-HFS
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/onewinner/POCS
 - https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main
 - https://github.com/tanjiti/sec_profile
 - https://github.com/vanboomqi/CVE-2024-23692
 - https://github.com/wjlin0/poc-doc
--- a/2024/CVE-2024-24809.md
+++ b/2024/CVE-2024-24809.md
@ -15,4 +15,5 @@ Traccar is an open source GPS tracking system. Versions prior to 6.0 are vulnera
 #### Github
 - https://github.com/20142995/nuclei-templates
 - https://github.com/Ostorlab/KEV
--- a/2024/CVE-2024-2887.md
+++ b/2024/CVE-2024-2887.md
@ -16,4 +16,5 @@ No PoCs from references.
 - https://github.com/TrojanAZhen/Self_Back
 - https://github.com/fkie-cad/nvd-json-data-feeds
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/rycbar77/V8Exploits
--- a/2024/CVE-2024-31380.md
+++ b/2024/CVE-2024-31380.md
@ -1,11 +1,11 @@
 ### [CVE-2024-31380](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31380)
 ![](https://img.shields.io/static/v1?label=Product&message=Oxygen%20Builder&color=blue)
-![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%204.8.3%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%204.9%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%20Improper%20Control%20of%20Generation%20of%20Code%20('Code%20Injection')&color=brighgreen)
 ### Description
-Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Oxygen Builder allows Code Injection.This issue affects Oxygen Builder: from n/a through 4.8.3.
+Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Oxygen Builder allows Code Injection. Vendor is ignoring report, refuses to patch the issue.This issue affects Oxygen Builder: from n/a through 4.9.
 ### POC
--- a/2024/CVE-2024-38856.md
+++ b/2024/CVE-2024-38856.md
@ -20,6 +20,7 @@ No PoCs from references.
 - https://github.com/fkie-cad/nvd-json-data-feeds
 - https://github.com/k3ppf0r/2024-PocLib
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main
 - https://github.com/qiuluo-oss/Tiger
 - https://github.com/tanjiti/sec_profile
 - https://github.com/wy876/POC
--- a/2024/CVE-2024-41849.md
+++ b/2024/CVE-2024-41849.md
@ -0,0 +1,17 @@
 ### [CVE-2024-41849](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41849)
 ![](https://img.shields.io/static/v1?label=Product&message=Adobe%20Experience%20Manager&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Input%20Validation%20(CWE-20)&color=brighgreen)
 ### Description
 Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could lead to a security feature bypass. An low-privileged attacker could leverage this vulnerability to slightly affect the integrity of the page. Exploitation of this issue requires user interaction and scope is changed.
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
--- a/2024/CVE-2024-41996.md
+++ b/2024/CVE-2024-41996.md
@ -0,0 +1,18 @@
 ### [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.
 ### POC
 #### Reference
 - https://dheatattack.gitlab.io/details/
 - https://dheatattack.gitlab.io/faq/
 #### Github
 No PoCs found on GitHub currently.
--- a/2024/CVE-2024-42056.md
+++ b/2024/CVE-2024-42056.md
@ -0,0 +1,17 @@
 ### [CVE-2024-42056](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42056)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 Retool (self-hosted enterprise) through 3.40.0 inserts resource authentication credentials into sent data. Credentials for users with "Use" permissions can be discovered (by an authenticated attacker) via the /api/resources endpoint. The earliest affected version is 3.18.1.
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
--- a/2024/CVE-2024-42085.md
+++ b/2024/CVE-2024-42085.md
@ -0,0 +1,17 @@
 ### [CVE-2024-42085](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42085)
 ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=2fa487a94667%3C%207026576e8909%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 In the Linux kernel, the following vulnerability has been resolved:usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlockWhen config CONFIG_USB_DWC3_DUAL_ROLE is selected, and trigger systemto enter suspend status with below command:echo mem > /sys/power/stateThere will be a deadlock issue occurring. Detailed invoking path asbelow:dwc3_suspend_common()    spin_lock_irqsave(&dwc->lock, flags);              <-- 1st    dwc3_gadget_suspend(dwc);        dwc3_gadget_soft_disconnect(dwc);            spin_lock_irqsave(&dwc->lock, flags);      <-- 2ndThis issue is exposed by commit c7ebd8149ee5 ("usb: dwc3: gadget: FixNULL pointer dereference in dwc3_gadget_suspend") that removes the codeof checking whether dwc->gadget_driver is NULL or not. It causes thefollowing code is executed and deadlock occurs when trying to get thespinlock. In fact, the root cause is the commit 5265397f9442("usb: dwc3:Remove DWC3 locking during gadget suspend/resume") that forgot to removethe lock of otg mode. So, remove the redundant lock of otg mode duringgadget suspend/resume.
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
--- a/2024/CVE-2024-42090.md
+++ b/2024/CVE-2024-42090.md
@ -0,0 +1,17 @@
 ### [CVE-2024-42090](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42090)
 ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=42fed7ba44e4%3C%20e65a0dc2e85e%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 In the Linux kernel, the following vulnerability has been resolved:pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFERIn create_pinctrl(), pinctrl_maps_mutex is acquired before callingadd_setting(). If add_setting() returns -EPROBE_DEFER, create_pinctrl()calls pinctrl_free(). However, pinctrl_free() attempts to acquirepinctrl_maps_mutex, which is already held by create_pinctrl(), leading toa potential deadlock.This patch resolves the issue by releasing pinctrl_maps_mutex beforecalling pinctrl_free(), preventing the deadlock.This bug was discovered and resolved using Coverity Static AnalysisSecurity Testing (SAST) by Synopsys, Inc.
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
--- a/2024/CVE-2024-42093.md
+++ b/2024/CVE-2024-42093.md
@ -0,0 +1,17 @@
 ### [CVE-2024-42093](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42093)
 ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f4%3C%20b2262b3be27c%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 In the Linux kernel, the following vulnerability has been resolved:net/dpaa2: Avoid explicit cpumask var allocation on stackFor CONFIG_CPUMASK_OFFSTACK=y kernel, explicit allocation of cpumaskvariable on stack is not recommended since it can cause potential stackoverflow.Instead, kernel code should always use *cpumask_var API(s) to allocatecpumask var in config-neutral way, leaving allocation strategy toCONFIG_CPUMASK_OFFSTACK.Use *cpumask_var API(s) to address it.
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
--- a/2024/CVE-2024-42786.md
+++ b/2024/CVE-2024-42786.md
@ -0,0 +1,17 @@
 ### [CVE-2024-42786](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42786)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 A SQL injection vulnerability in "/music/view_user.php" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter of View User Profile Page.
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
--- a/2024/CVE-2024-42992.md
+++ b/2024/CVE-2024-42992.md
@ -13,5 +13,6 @@ Python Pip Pandas v2.2.2 was discovered to contain an arbitrary file read vulner
 No PoCs from references.
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
 - https://github.com/nomi-sec/PoC-in-GitHub
--- a/2024/CVE-2024-43442.md
+++ b/2024/CVE-2024-43442.md
@ -0,0 +1,18 @@
 ### [CVE-2024-43442](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43442)
 ![](https://img.shields.io/static/v1?label=Product&message=((OTRS))%20Community%20Edition&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=OTRS&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=7.0.x%3C%3D%207.0.50%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-790%20Improper%20Filtering%20of%20Special%20Elements&color=brighgreen)
 ### Description
 Improper Neutralization of Input done by an attacker with admin privileges ('Cross-site Scripting') in  OTRS (System Configuration modules) and ((OTRS)) Community Edition allows Cross-Site Scripting (XSS) within the System Configuration targeting other admins.This issue affects:   *  OTRS from 7.0.X through 7.0.50  *  OTRS 8.0.X  *  OTRS 2023.X  *  OTRS from 2024.X through 2024.5.X  *  ((OTRS)) Community Edition: 6.0.xProducts based on the ((OTRS)) Community Edition also very likely to be affected
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
--- a/2024/CVE-2024-43443.md
+++ b/2024/CVE-2024-43443.md
@ -0,0 +1,18 @@
 ### [CVE-2024-43443](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43443)
 ![](https://img.shields.io/static/v1?label=Product&message=((OTRS))%20Community%20Edition&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=OTRS&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=7.0.x%3C%3D%207.0.50%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-790%20Improper%20Filtering%20of%20Special%20Elements&color=brighgreen)
 ### Description
 Improper Neutralization of Input done by an attacker with admin privileges ('Cross-site Scripting') in Process Management modules of OTRS and ((OTRS)) Community Edition allows Cross-Site Scripting (XSS) within the Process Management targeting other admins.This issue affects:   *  OTRS from 7.0.X through 7.0.50  *  OTRS 8.0.X  *  OTRS 2023.X  *  OTRS from 2024.X through 2024.5.X  *  ((OTRS)) Community Edition: 6.0.xProducts based on the ((OTRS)) Community Edition also very likely to be affected
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
--- a/2024/CVE-2024-43444.md
+++ b/2024/CVE-2024-43444.md
@ -0,0 +1,18 @@
 ### [CVE-2024-43444](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43444)
 ![](https://img.shields.io/static/v1?label=Product&message=((OTRS))%20Community%20Edition&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=OTRS&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=7.0.x%3C%3D%207.0.50%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-532%20Insertion%20of%20Sensitive%20Information%20into%20Log%20File&color=brighgreen)
 ### Description
 Passwords of agents and customers are displayed in plain text in the OTRS admin log module if certain configurations regarding the authentication sources match and debugging for the authentication backend has been enabled.This issue affects:   *  OTRS from 7.0.X through 7.0.50  *  OTRS 8.0.X  *  OTRS 2023.X  *  OTRS from 2024.X through 2024.5.X  *  ((OTRS)) Community Edition: 6.0.xProducts based on the ((OTRS)) Community Edition also very likely to be affected
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
--- a/2024/CVE-2024-43688.md
+++ b/2024/CVE-2024-43688.md
@ -10,8 +10,10 @@ cron/entry.c in vixie cron before 9cc8ab1, as used in OpenBSD 7.4 and 7.5, allow
 ### POC
 #### Reference
-No PoCs from references.
+- https://www.supernetworks.org/CVE-2024-43688/openbsd-cron-heap-underflow.txt
 - https://www.supernetworks.org/advisories/CVE-2024-43688-openbsd-cron-heap-underflow.txt
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
 - https://github.com/kherrick/lobsters
--- a/2024/CVE-2024-43884.md
+++ b/2024/CVE-2024-43884.md
@ -0,0 +1,17 @@
 ### [CVE-2024-43884](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43884)
 ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=5157b8a503fa%3C%20538fd3921afa%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 In the Linux kernel, the following vulnerability has been resolved:Bluetooth: MGMT: Add error handling to pair_device()hci_conn_params_add() never checks for a NULL value and could lead to a NULLpointer dereference causing a crash.Fixed by adding error handling in the function.
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
--- a/2024/CVE-2024-44083.md
+++ b/2024/CVE-2024-44083.md
@ -13,5 +13,6 @@ ida64.dll in Hex-Rays IDA Pro through 8.4 crashes when there is a section that h
 No PoCs from references.
 #### Github
 - https://github.com/Azvanzed/IdaMeme
 - https://github.com/nomi-sec/PoC-in-GitHub
--- a/2024/CVE-2024-45238.md
+++ b/2024/CVE-2024-45238.md
@ -0,0 +1,17 @@
 ### [CVE-2024-45238](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45238)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a resource certificate containing a bit string that doesn't properly decode into a Subject Public Key. OpenSSL does not report this problem during parsing, and when compiled with OpenSSL libcrypto versions below 3, Fort recklessly dereferences the pointer. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing.
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/chnzzh/OpenSSL-CVE-lib
--- a/2024/CVE-2024-45240.md
+++ b/2024/CVE-2024-45240.md
@ -0,0 +1,17 @@
 ### [CVE-2024-45240](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45240)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 The TikTok (aka com.zhiliaoapp.musically) application before 34.5.5 for Android allows the takeover of Lynxview JavaScript interfaces via deeplink traversal (in the application's exposed WebView). (On Android 12 and later, this is only exploitable by third-party applications.)
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/Ch0pin/related_work
--- a/2024/CVE-2024-45241.md
+++ b/2024/CVE-2024-45241.md
@ -0,0 +1,17 @@
 ### [CVE-2024-45241](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45241)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 A traversal vulnerability in GeneralDocs.aspx in CentralSquare CryWolf (False Alarm Management) through 2024-08-09 allows unauthenticated attackers to read files outside of the working web directory via the rpt parameter, leading to the disclosure of sensitive information.
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/nomi-sec/PoC-in-GitHub
--- a/2024/CVE-2024-45256.md
+++ b/2024/CVE-2024-45256.md
@ -0,0 +1,17 @@
 ### [CVE-2024-45256](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45256)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 An arbitrary file write issue in the exfiltration endpoint in BYOB (Build Your Own Botnet) 2.0 allows attackers to overwrite SQLite databases and bypass authentication via an unauthenticated HTTP request with a crafted parameter. This occurs in file_add in api/files/routes.py.
 ### POC
 #### Reference
 - https://blog.chebuya.com/posts/unauthenticated-remote-command-execution-on-byob/
 #### Github
 No PoCs found on GitHub currently.
--- a/2024/CVE-2024-45258.md
+++ b/2024/CVE-2024-45258.md
@ -0,0 +1,17 @@
 ### [CVE-2024-45258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45258)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 ### Description
 The req package before 3.43.4 for Go may send an unintended request when a malformed URL is provided, because cleanHost in http.go intentionally uses a "garbage in, garbage out" design.
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
--- a/2024/CVE-2024-4577.md
+++ b/2024/CVE-2024-4577.md
@ -57,6 +57,7 @@ In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, w
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/ohhhh693/CVE-2024-4577
 - https://github.com/onewinner/POCS
 - https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main
 - https://github.com/princew88/CVE-2024-4577
 - https://github.com/taida957789/CVE-2024-4577
 - https://github.com/tanjiti/sec_profile
--- a/2024/CVE-2024-6197.md
+++ b/2024/CVE-2024-6197.md
@ -0,0 +1,17 @@
 ### [CVE-2024-6197](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6197)
 ![](https://img.shields.io/static/v1?label=Product&message=curl&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=8.8.0%3C%3D%208.8.0%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-590%20Free%20of%20Memory%20not%20on%20the%20Heap%20&color=brighgreen)
 ### Description
 libcurl's ASN1 parser has this utf8asn1str() function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes `free()` on a 4 byte localstack buffer.  Most modern malloc implementations detect this error and immediately abort. Some however accept the input pointer and add that memory to its list of available chunks. This leads to the overwriting of nearby stack memory. The content of the overwrite is decided by the `free()` implementation; likely to be memory pointers and a set of flags.  The most likely outcome of exploting this flaw is a crash, although it cannot be ruled out that more serious results can be had in special circumstances.
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
--- a/2024/CVE-2024-6715.md
+++ b/2024/CVE-2024-6715.md
@ -13,5 +13,5 @@ The Ditty  WordPress plugin before 3.1.46 re-introduced a previously fixed secur
 - https://wpscan.com/vulnerability/19406acc-3441-4d4a-9163-ace8f1dceb78/
 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/fkie-cad/nvd-json-data-feeds
--- a/2024/CVE-2024-6729.md
+++ b/2024/CVE-2024-6729.md
@ -5,13 +5,14 @@
 ### Description
-A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /control/add_act.php. The manipulation of the argument aname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-271402 is the identifier assigned to this vulnerability.
+A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /control/add_act.php. The manipulation of the argument aname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
 ### POC
 #### Reference
 - https://reports-kunull.vercel.app/CVE%20research/2024/cve-2024-6729
 - https://reports-kunull.vercel.app/CVEs/2024/CVE-2024-6729
 - https://reports.kunull.net/CVEs/2024/CVE-2024-6729
 #### Github
 No PoCs found on GitHub currently.
--- a/2024/CVE-2024-6731.md
+++ b/2024/CVE-2024-6731.md
@ -5,13 +5,14 @@
 ### Description
-A vulnerability classified as critical has been found in SourceCodester Student Study Center Desk Management System 1.0. This affects an unknown part of the file /Master.php?f=save_student. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271449 was assigned to this vulnerability.
+A vulnerability classified as critical has been found in SourceCodester Student Study Center Desk Management System 1.0. This affects an unknown part of the file /Master.php?f=save_student. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
 ### POC
 #### Reference
 - https://reports-kunull.vercel.app/CVE%20research/2024/cve-2024-6731
 - https://reports-kunull.vercel.app/CVEs/2024/CVE-2024-6731
 - https://reports.kunull.net/CVEs/2024/CVE-2024-6731
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
--- a/2024/CVE-2024-6732.md
+++ b/2024/CVE-2024-6732.md
@ -5,13 +5,14 @@
 ### Description
-A vulnerability classified as critical was found in SourceCodester Student Study Center Desk Management System 1.0. This vulnerability affects unknown code of the file /sscdms/classes/Users.php?f=save. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-271450 is the identifier assigned to this vulnerability.
+A vulnerability classified as critical was found in SourceCodester Student Study Center Desk Management System 1.0. This vulnerability affects unknown code of the file /sscdms/classes/Users.php?f=save. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
 ### POC
 #### Reference
 - https://reports-kunull.vercel.app/CVE%20research/2024/cve-2024-6732
 - https://reports-kunull.vercel.app/CVEs/2024/CVE-2024-6732
 - https://reports.kunull.net/CVEs/2024/CVE-2024-6732
 - https://vuldb.com/?submit.374370
 #### Github
--- a/2024/CVE-2024-6802.md
+++ b/2024/CVE-2024-6802.md
@ -5,13 +5,14 @@
 ### Description
-A vulnerability, which was classified as critical, was found in SourceCodester Computer Laboratory Management System 1.0. Affected is an unknown function of the file /lms/classes/Master.php?f=save_record. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271704.
+A vulnerability, which was classified as critical, was found in SourceCodester Computer Laboratory Management System 1.0. Affected is an unknown function of the file /lms/classes/Master.php?f=save_record. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
 ### POC
 #### Reference
 - https://reports-kunull.vercel.app/CVE%20research/2024/cve-2024-6802
 - https://reports-kunull.vercel.app/CVEs/2024/CVE-2024-6802
 - https://reports.kunull.net/CVEs/2024/CVE-2024-6802
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
--- a/2024/CVE-2024-6807.md
+++ b/2024/CVE-2024-6807.md
@ -5,13 +5,14 @@
 ### Description
-A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /sscdms/classes/Users.php?f=save of the component HTTP POST Request Handler. The manipulation of the argument firstname/middlename/lastname/username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-271706 is the identifier assigned to this vulnerability.
+A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /sscdms/classes/Users.php?f=save of the component HTTP POST Request Handler. The manipulation of the argument firstname/middlename/lastname/username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
 ### POC
 #### Reference
 - https://reports-kunull.vercel.app/CVE%20research/2024/cve-2024-6807
 - https://reports-kunull.vercel.app/CVEs/2024/CVE-2024-6807
 - https://reports.kunull.net/CVEs/2024/CVE-2024-6807
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
--- a/2024/CVE-2024-6879.md
+++ b/2024/CVE-2024-6879.md
@ -0,0 +1,17 @@
 ### [CVE-2024-6879](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6879)
 ![](https://img.shields.io/static/v1?label=Product&message=Quiz%20and%20Survey%20Master%20(QSM)&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=0%3C%209.1.1%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen)
 ### Description
 The Quiz and Survey Master (QSM)  WordPress plugin before 9.1.1 fails to validate and escape certain Quiz fields before displaying them on a page or post where the Quiz is embedded, which could allows contributor and above roles to perform Stored Cross-Site Scripting (XSS) attacks.
 ### POC
 #### Reference
 - https://wpscan.com/vulnerability/4da0b318-03e7-409d-9b02-f108e4232c87/
 #### Github
 No PoCs found on GitHub currently.
--- a/2024/CVE-2024-7066.md
+++ b/2024/CVE-2024-7066.md
@ -13,5 +13,5 @@ A vulnerability was found in F-logic DataCube3 1.0. It has been declared as crit
 - https://vuldb.com/?id.272347
 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/fkie-cad/nvd-json-data-feeds
--- a/2024/CVE-2024-7313.md
+++ b/2024/CVE-2024-7313.md
@ -0,0 +1,18 @@
 ### [CVE-2024-7313](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7313)
 ![](https://img.shields.io/static/v1?label=Product&message=Shield%20Security&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=0%3C%2020.0.6%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen)
 ### Description
 The Shield Security  WordPress plugin before 20.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
 ### POC
 #### Reference
 - https://wpscan.com/vulnerability/83a1bdc6-098e-43d5-89e5-f4202ecd78a1/
 #### Github
 - https://github.com/nomi-sec/PoC-in-GitHub
--- a/2024/CVE-2024-7843.md
+++ b/2024/CVE-2024-7843.md
@ -0,0 +1,17 @@
 ### [CVE-2024-7843](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7843)
 ![](https://img.shields.io/static/v1?label=Product&message=Online%20Graduate%20Tracer%20System&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Information%20Disclosure&color=brighgreen)
 ### Description
 A vulnerability, which was classified as problematic, was found in SourceCodester Online Graduate Tracer System 1.0. Affected is an unknown function of the file /tracking/admin/exportcs.php. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
 ### POC
 #### Reference
 - https://github.com/Wsstiger/cve/blob/main/Tracer_info2.md
 #### Github
 No PoCs found on GitHub currently.
--- a/2024/CVE-2024-7844.md
+++ b/2024/CVE-2024-7844.md
@ -0,0 +1,17 @@
 ### [CVE-2024-7844](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7844)
 ![](https://img.shields.io/static/v1?label=Product&message=Online%20Graduate%20Tracer%20System&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen)
 ### Description
 A vulnerability has been found in SourceCodester Online Graduate Tracer System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /tracking/admin/add_acc.php. The manipulation of the argument name/user/position leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
 ### POC
 #### Reference
 - https://github.com/Wsstiger/cve/blob/main/Tracer_XSS.md
 #### Github
 No PoCs found on GitHub currently.
--- a/2024/CVE-2024-7907.md
+++ b/2024/CVE-2024-7907.md
@ -0,0 +1,17 @@
 ### [CVE-2024-7907](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7907)
 ![](https://img.shields.io/static/v1?label=Product&message=X6000R&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=%3D%209.4.0cu.852_20230719%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-77%20Command%20Injection&color=brighgreen)
 ### Description
 A vulnerability, which was classified as critical, has been found in TOTOLINK X6000R 9.4.0cu.852_20230719. This issue affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument rtLogServer leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
 ### POC
 #### Reference
 - https://github.com/BeaCox/IoT_vuln/tree/main/totolink/x6000R/setSyslogCfg_injection
 #### Github
 No PoCs found on GitHub currently.
--- a/2024/CVE-2024-7908.md
+++ b/2024/CVE-2024-7908.md
@ -0,0 +1,17 @@
 ### [CVE-2024-7908](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7908)
 ![](https://img.shields.io/static/v1?label=Product&message=EX1200L&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=%3D%209.3.5u.6146_B20201023%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%20Stack-based%20Buffer%20Overflow&color=brighgreen)
 ### Description
 A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. Affected is the function setDefResponse of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument IpAddress leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
 ### POC
 #### Reference
 - https://github.com/BeaCox/IoT_vuln/tree/main/totolink/EX1200L/setDefResponse_bof
 #### Github
 No PoCs found on GitHub currently.
--- a/2024/CVE-2024-7909.md
+++ b/2024/CVE-2024-7909.md
@ -0,0 +1,17 @@
 ### [CVE-2024-7909](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7909)
 ![](https://img.shields.io/static/v1?label=Product&message=EX1200L&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=%3D%209.3.5u.6146_B20201023%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%20Stack-based%20Buffer%20Overflow&color=brighgreen)
 ### Description
 A vulnerability has been found in TOTOLINK EX1200L 9.3.5u.6146_B20201023 and classified as critical. Affected by this vulnerability is the function setLanguageCfg of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument langType leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
 ### POC
 #### Reference
 - https://github.com/BeaCox/IoT_vuln/tree/main/totolink/EX1200L/setLanguageCfg_bof
 #### Github
 No PoCs found on GitHub currently.
--- a/2024/CVE-2024-7912.md
+++ b/2024/CVE-2024-7912.md
@ -0,0 +1,17 @@
 ### [CVE-2024-7912](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7912)
 ![](https://img.shields.io/static/v1?label=Product&message=Online%20Railway%20Reservation%20System&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-548%20Exposure%20of%20Information%20Through%20Directory%20Listing&color=brighgreen)
 ### Description
 A vulnerability was found in CodeAstro Online Railway Reservation System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/assets/. The manipulation leads to exposure of information through directory listing. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
 ### POC
 #### Reference
 - https://github.com/CYB84/CVE_Writeup/blob/main/Online%20Railway%20Reservation%20System/Directory%20Listing.md
 #### Github
 No PoCs found on GitHub currently.
--- a/2024/CVE-2024-7913.md
+++ b/2024/CVE-2024-7913.md
@ -0,0 +1,17 @@
 ### [CVE-2024-7913](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7913)
 ![](https://img.shields.io/static/v1?label=Product&message=Billing%20System&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen)
 ### Description
 A vulnerability was found in itsourcecode Billing System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /addclient1.php. The manipulation of the argument lname/fname/mi/address/contact/meterReader leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
 ### POC
 #### Reference
 - https://github.com/ppp-src/a/issues/4
 #### Github
 No PoCs found on GitHub currently.
--- a/2024/CVE-2024-7914.md
+++ b/2024/CVE-2024-7914.md
@ -0,0 +1,17 @@
 ### [CVE-2024-7914](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7914)
 ![](https://img.shields.io/static/v1?label=Product&message=Yoga%20Class%20Registration%20System&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen)
 ### Description
 A vulnerability classified as problematic has been found in SourceCodester Yoga Class Registration System 1.0. Affected is an unknown function of the file /php-ycrs/classes/SystemSettings.php. The manipulation of the argument address leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
 ### POC
 #### Reference
 - https://github.com/Wsstiger/cve/blob/main/Yoga_xss2.md
 #### Github
 No PoCs found on GitHub currently.
--- a/2024/CVE-2024-7922.md
+++ b/2024/CVE-2024-7922.md
@ -0,0 +1,37 @@
 ### [CVE-2024-7922](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7922)
 ![](https://img.shields.io/static/v1?label=Product&message=DNR-202L&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=DNR-322L&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=DNR-326&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=DNS-1100-4&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=DNS-120&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=DNS-1200-05&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=DNS-1550-04&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=DNS-315L&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=DNS-320&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=DNS-320L&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=DNS-320LW&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=DNS-321&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=DNS-323&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=DNS-325&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=DNS-326&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=DNS-327L&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=DNS-340L&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=DNS-343&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=DNS-345&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=DNS-726-4&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=%3D%2020240814%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-77%20Command%20Injection&color=brighgreen)
 ### Description
 ** UNSUPPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814 and classified as critical. Affected by this issue is the function cgi_audio_search/cgi_create_playlist/cgi_get_album_all_tracks/cgi_get_alltracks_editlist/cgi_get_artist_all_album/cgi_get_genre_all_tracks/cgi_get_tracks_list/cgi_set_airplay_content/cgi_write_playlist of the file /cgi-bin/myMusic.cgi. The manipulation leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.
 ### POC
 #### Reference
 - https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_create_playlist.md
 - https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_get_tracks_list.md
 #### Github
 No PoCs found on GitHub currently.
--- a/2024/CVE-2024-7930.md
+++ b/2024/CVE-2024-7930.md
@ -0,0 +1,17 @@
 ### [CVE-2024-7930](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7930)
 ![](https://img.shields.io/static/v1?label=Product&message=Clinics%20Patient%20Management%20System&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen)
 ### Description
 A vulnerability has been found in SourceCodester Clinics Patient Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /pms/ajax/get_packings.php. The manipulation of the argument medicine_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
 ### POC
 #### Reference
 - https://github.com/Pingxy/cve/blob/main/sql.md
 #### Github
 No PoCs found on GitHub currently.
--- a/2024/CVE-2024-7933.md
+++ b/2024/CVE-2024-7933.md
@ -0,0 +1,17 @@
 ### [CVE-2024-7933](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7933)
 ![](https://img.shields.io/static/v1?label=Product&message=Project%20Expense%20Monitoring%20System&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen)
 ### Description
 A vulnerability was found in itsourcecode Project Expense Monitoring System 1.0. It has been classified as critical. Affected is an unknown function of the file login1.php of the component Backend Login. The manipulation of the argument user leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
 ### POC
 #### Reference
 - https://github.com/DeepMountains/zzz/blob/main/CVE3-1.md
 #### Github
 No PoCs found on GitHub currently.
--- a/2024/CVE-2024-7934.md
+++ b/2024/CVE-2024-7934.md
@ -0,0 +1,17 @@
 ### [CVE-2024-7934](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7934)
 ![](https://img.shields.io/static/v1?label=Product&message=Project%20Expense%20Monitoring%20System&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen)
 ### Description
 A vulnerability was found in itsourcecode Project Expense Monitoring System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file execute.php. The manipulation of the argument code leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
 ### POC
 #### Reference
 - https://github.com/DeepMountains/zzz/blob/main/CVE3-2.md
 #### Github
 No PoCs found on GitHub currently.
--- a/2024/CVE-2024-7935.md
+++ b/2024/CVE-2024-7935.md
@ -0,0 +1,17 @@
 ### [CVE-2024-7935](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7935)
 ![](https://img.shields.io/static/v1?label=Product&message=Project%20Expense%20Monitoring%20System&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen)
 ### Description
 A vulnerability was found in itsourcecode Project Expense Monitoring System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file print.php. The manipulation of the argument map_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
 ### POC
 #### Reference
 - https://github.com/DeepMountains/zzz/blob/main/CVE3-3.md
 #### Github
 No PoCs found on GitHub currently.
--- a/2024/CVE-2024-7936.md
+++ b/2024/CVE-2024-7936.md
@ -0,0 +1,17 @@
 ### [CVE-2024-7936](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7936)
 ![](https://img.shields.io/static/v1?label=Product&message=Project%20Expense%20Monitoring%20System&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen)
 ### Description
 A vulnerability classified as critical has been found in itsourcecode Project Expense Monitoring System 1.0. This affects an unknown part of the file transferred_report.php. The manipulation of the argument start/end/employee leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
 ### POC
 #### Reference
 - https://github.com/DeepMountains/zzz/blob/main/CVE3-4.md
 #### Github
 No PoCs found on GitHub currently.
--- a/2024/CVE-2024-7937.md
+++ b/2024/CVE-2024-7937.md
@ -0,0 +1,17 @@
 ### [CVE-2024-7937](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7937)
 ![](https://img.shields.io/static/v1?label=Product&message=Project%20Expense%20Monitoring%20System&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen)
 ### Description
 A vulnerability classified as critical was found in itsourcecode Project Expense Monitoring System 1.0. This vulnerability affects unknown code of the file printtransfer.php. The manipulation of the argument transfer_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
 ### POC
 #### Reference
 - https://github.com/DeepMountains/zzz/blob/main/CVE3-5.md
 #### Github
 No PoCs found on GitHub currently.
--- a/2024/CVE-2024-7943.md
+++ b/2024/CVE-2024-7943.md
@ -0,0 +1,17 @@
 ### [CVE-2024-7943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7943)
 ![](https://img.shields.io/static/v1?label=Product&message=Laravel%20Property%20Management%20System&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload&color=brighgreen)
 ### Description
 A vulnerability was found in itsourcecode Laravel Property Management System 1.0 and classified as critical. This issue affects the function upload of the file PropertiesController.php. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
 ### POC
 #### Reference
 - https://github.com/DeepMountains/zzz/blob/main/CVE2-1.md
 #### Github
 No PoCs found on GitHub currently.
--- a/2024/CVE-2024-7945.md
+++ b/2024/CVE-2024-7945.md
@ -0,0 +1,17 @@
 ### [CVE-2024-7945](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7945)
 ![](https://img.shields.io/static/v1?label=Product&message=Laravel%20Property%20Management%20System&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen)
 ### Description
 A vulnerability was found in itsourcecode Laravel Property Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/notes/create of the component Notes Page. The manipulation of the argument Note text leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
 ### POC
 #### Reference
 - https://github.com/DeepMountains/zzz/blob/main/CVE2-3.md
 #### Github
 No PoCs found on GitHub currently.
--- a/2024/CVE-2024-7946.md
+++ b/2024/CVE-2024-7946.md
@ -0,0 +1,17 @@
 ### [CVE-2024-7946](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7946)
 ![](https://img.shields.io/static/v1?label=Product&message=Online%20Blood%20Bank%20Management%20System&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen)
 ### Description
 A vulnerability was found in itsourcecode Online Blood Bank Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file register.php of the component User Signup. The manipulation of the argument user leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
 ### POC
 #### Reference
 - https://github.com/a1175165157/cve/issues/1
 #### Github
 No PoCs found on GitHub currently.
--- a/2024/CVE-2024-7947.md
+++ b/2024/CVE-2024-7947.md
@ -0,0 +1,17 @@
 ### [CVE-2024-7947](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7947)
 ![](https://img.shields.io/static/v1?label=Product&message=Point%20of%20Sales%20and%20Inventory%20Management%20System&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen)
 ### Description
 A vulnerability classified as critical has been found in SourceCodester Point of Sales and Inventory Management System 1.0. This affects an unknown part of the file login.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
 ### POC
 #### Reference
 - https://github.com/CveSecLook/cve/issues/60
 #### Github
 No PoCs found on GitHub currently.
--- a/2024/CVE-2024-8011.md
+++ b/2024/CVE-2024-8011.md
@ -0,0 +1,17 @@
 ### [CVE-2024-8011](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8011)
 ![](https://img.shields.io/static/v1?label=Product&message=Options%2B&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-863%20Incorrect%20Authorization&color=brighgreen)
 ### Description
 Logitech Options+ on MacOS prior 1.72 allows a local attacker to inject dynamic library within Options+ runtime and abuse permissions granted by the user to Options+ such as Camera.
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
--- a/2024/CVE-2024-8161.md
+++ b/2024/CVE-2024-8161.md
@ -0,0 +1,17 @@
 ### [CVE-2024-8161](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8161)
 ![](https://img.shields.io/static/v1?label=Product&message=CIGESv2&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.15.5%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen)
 ### Description
 SQL injection vulnerability in ATISolutions CIGES affecting versions lower than 2.15.5. This vulnerability allows a remote attacker to send a specially crafted SQL query to the /modules/ajaxServiciosCentro.php point in the idCentro parameter and retrieve all the information stored in the database.
 ### POC
 #### Reference
 No PoCs from references.
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
--- a/github.txt
+++ b/github.txt
@ -2232,6 +2232,7 @@ CVE-2007-4559 - https://github.com/BSolarV/cvedetails-summary
 CVE-2007-4559 - https://github.com/Brianpan/go-creosote
 CVE-2007-4559 - https://github.com/CVEDB/PoC-List
 CVE-2007-4559 - https://github.com/CVEDB/awesome-cve-repo
 CVE-2007-4559 - https://github.com/JamesDarf/tarpioka
 CVE-2007-4559 - https://github.com/NaInSec/CVE-LIST
 CVE-2007-4559 - https://github.com/Ooscaar/MALW
 CVE-2007-4559 - https://github.com/advanced-threat-research/Creosote
@ -62700,7 +62701,9 @@ CVE-2019-11358 - https://github.com/Sanjay191110/sanjaycenterstage
 CVE-2019-11358 - https://github.com/Sarvesh-Somasundaram/5795UltimateGoal
 CVE-2019-11358 - https://github.com/Satgoy152/FreightFrenzy
 CVE-2019-11358 - https://github.com/ScarlettRobotics/FTC-2021
 CVE-2019-11358 - https://github.com/ScarlettRobotics/FTC20718-2022-23
 CVE-2019-11358 - https://github.com/ScarlettRobotics/FTC20718-2023-24
 CVE-2019-11358 - https://github.com/ScarlettRobotics/FTC22531-2022-23
 CVE-2019-11358 - https://github.com/ScarlettRobotics/FTC22531-2023-24
 CVE-2019-11358 - https://github.com/Scarsdale-Robotics/2021-2022-Freight-Frenzy
 CVE-2019-11358 - https://github.com/Scarsdale-Robotics/OpenCV-Tutorial
@ -64075,6 +64078,7 @@ CVE-2019-11358 - https://github.com/kyle101206/FtcRobotController-master
 CVE-2019-11358 - https://github.com/laawingnuts/LAAWingnuts
 CVE-2019-11358 - https://github.com/lakeridgeacademy/2022-power-play
 CVE-2019-11358 - https://github.com/lancelarsen/PhoenixForceFreightFrenzy
 CVE-2019-11358 - https://github.com/lancelarsen/PhoenixForceUltimateGoal
 CVE-2019-11358 - https://github.com/largoftc/Firsttech
 CVE-2019-11358 - https://github.com/larrytao05/FtcRobotController
 CVE-2019-11358 - https://github.com/laupetre/FTC-2021
@ -89395,6 +89399,7 @@ CVE-2020-25867 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2020-25867 - https://github.com/thomasfady/CVE-2020-25867
 CVE-2020-25870 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2020-25875 - https://github.com/ARPSyndicate/cvemon
 CVE-2020-25887 - https://github.com/DiRaltvein/memory-corruption-examples
 CVE-2020-2590 - https://github.com/DNTYO/F5_Vulnerability
 CVE-2020-25901 - https://github.com/ARPSyndicate/cvemon
 CVE-2020-25919 - https://github.com/firmianay/security-issues
@ -125082,6 +125087,7 @@ CVE-2022-21724 - https://github.com/SugarP1g/Learning-Program-analysis
 CVE-2022-21724 - https://github.com/VeerMuchandi/s3c-springboot-demo
 CVE-2022-21724 - https://github.com/Whoopsunix/JavaRce
 CVE-2022-21724 - https://github.com/YDCloudSecurity/cloud-security-guides
 CVE-2022-21724 - https://github.com/clj-holmes/clj-watson
 CVE-2022-21724 - https://github.com/fra-dln/DevSecOps-playground-Actions
 CVE-2022-21724 - https://github.com/luelueking/Deserial_Sink_With_JDBC
 CVE-2022-21724 - https://github.com/tanjiti/sec_profile
@ -138912,6 +138918,7 @@ CVE-2022-38053 - https://github.com/ARPSyndicate/cvemon
 CVE-2022-38053 - https://github.com/ohnonoyesyes/CVE-2023-21742
 CVE-2022-38054 - https://github.com/karimhabush/cyberowl
 CVE-2022-3806 - https://github.com/karimhabush/cyberowl
 CVE-2022-38072 - https://github.com/DiRaltvein/memory-corruption-examples
 CVE-2022-38080 - https://github.com/karimhabush/cyberowl
 CVE-2022-38089 - https://github.com/karimhabush/cyberowl
 CVE-2022-38090 - https://github.com/ARPSyndicate/cvemon
@ -146037,6 +146044,7 @@ CVE-2023-24160 - https://github.com/jiceylc/VulnerabilityProjectRecords
 CVE-2023-24161 - https://github.com/ARPSyndicate/cvemon
 CVE-2023-24161 - https://github.com/iceyjchen/VulnerabilityProjectRecords
 CVE-2023-24161 - https://github.com/jiceylc/VulnerabilityProjectRecords
 CVE-2023-24187 - https://github.com/tanjiti/sec_profile
 CVE-2023-24203 - https://github.com/momo1239/CVE-2023-24203-and-CVE-2023-24204
 CVE-2023-24203 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2023-24204 - https://github.com/momo1239/CVE-2023-24203-and-CVE-2023-24204
@ -146776,6 +146784,7 @@ CVE-2023-2640 - https://github.com/0xWhoami35/root-kernel
 CVE-2023-2640 - https://github.com/0xsyr0/OSCP
 CVE-2023-2640 - https://github.com/CVEDB/awesome-cve-repo
 CVE-2023-2640 - https://github.com/Ev3rPalestine/Analytics-HTB-Walkthrough
 CVE-2023-2640 - https://github.com/GhostTroops/TOP
 CVE-2023-2640 - https://github.com/HaxorSecInfec/autoroot.sh
 CVE-2023-2640 - https://github.com/K5LK/CVE-2023-2640-32629
 CVE-2023-2640 - https://github.com/Kiosec/Linux-Exploitation
@ -149064,6 +149073,7 @@ CVE-2023-32629 - https://github.com/0xWhoami35/root-kernel
 CVE-2023-32629 - https://github.com/0xsyr0/OSCP
 CVE-2023-32629 - https://github.com/CVEDB/awesome-cve-repo
 CVE-2023-32629 - https://github.com/Ev3rPalestine/Analytics-HTB-Walkthrough
 CVE-2023-32629 - https://github.com/GhostTroops/TOP
 CVE-2023-32629 - https://github.com/HaxorSecInfec/autoroot.sh
 CVE-2023-32629 - https://github.com/K5LK/CVE-2023-2640-32629
 CVE-2023-32629 - https://github.com/Kiosec/Linux-Exploitation
@ -155277,6 +155287,7 @@ CVE-2023-4956 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2023-49563 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2023-4958 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2023-49580 - https://github.com/tanjiti/sec_profile
 CVE-2023-49582 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2023-49583 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2023-49598 - https://github.com/mute1008/mute1008
 CVE-2023-49598 - https://github.com/mute1997/mute1997
@ -162981,6 +162992,8 @@ CVE-2024-1936 - https://github.com/NaInSec/CVE-LIST
 CVE-2024-1936 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-1938 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-1939 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-1939 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2024-1939 - https://github.com/rycbar77/V8Exploits
 CVE-2024-1941 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-1954 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-1956 - https://github.com/fkie-cad/nvd-json-data-feeds
@ -164814,6 +164827,7 @@ CVE-2024-23692 - https://github.com/enomothem/PenTestNote
 CVE-2024-23692 - https://github.com/jakabakos/CVE-2024-23692-RCE-in-Rejetto-HFS
 CVE-2024-23692 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2024-23692 - https://github.com/onewinner/POCS
 CVE-2024-23692 - https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main
 CVE-2024-23692 - https://github.com/tanjiti/sec_profile
 CVE-2024-23692 - https://github.com/vanboomqi/CVE-2024-23692
 CVE-2024-23692 - https://github.com/wjlin0/poc-doc
@ -165443,6 +165457,7 @@ CVE-2024-24804 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-24806 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-24808 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-24809 - https://github.com/20142995/nuclei-templates
 CVE-2024-24809 - https://github.com/Ostorlab/KEV
 CVE-2024-24810 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-24813 - https://github.com/NaInSec/CVE-LIST
 CVE-2024-24814 - https://github.com/fkie-cad/nvd-json-data-feeds
@ -167769,6 +167784,7 @@ CVE-2024-28868 - https://github.com/NaInSec/CVE-LIST
 CVE-2024-2887 - https://github.com/TrojanAZhen/Self_Back
 CVE-2024-2887 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-2887 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2024-2887 - https://github.com/rycbar77/V8Exploits
 CVE-2024-28871 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-28878 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-28880 - https://github.com/fkie-cad/nvd-json-data-feeds
@ -170611,10 +170627,12 @@ CVE-2024-38856 - https://github.com/RacerZ-fighting/RacerZ-fighting
 CVE-2024-38856 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-38856 - https://github.com/k3ppf0r/2024-PocLib
 CVE-2024-38856 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2024-38856 - https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main
 CVE-2024-38856 - https://github.com/qiuluo-oss/Tiger
 CVE-2024-38856 - https://github.com/tanjiti/sec_profile
 CVE-2024-38856 - https://github.com/wy876/POC
 CVE-2024-38856 - https://github.com/wy876/wiki
 CVE-2024-38859 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-38869 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-3889 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-3891 - https://github.com/fkie-cad/nvd-json-data-feeds
@ -170634,6 +170652,7 @@ CVE-2024-39081 - https://github.com/Amirasaiyad/BLE-TPMS
 CVE-2024-39081 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2024-3909 - https://github.com/LaPhilosophie/IoT-vulnerable
 CVE-2024-39090 - https://github.com/arijitdirghangi/arijitdirghangi
 CVE-2024-39097 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-3910 - https://github.com/LaPhilosophie/IoT-vulnerable
 CVE-2024-3913 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-3914 - https://github.com/fkie-cad/nvd-json-data-feeds
@ -171066,6 +171085,7 @@ CVE-2024-4127 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-4128 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-41301 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2024-41302 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2024-41312 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2024-4133 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-4138 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-4139 - https://github.com/fkie-cad/nvd-json-data-feeds
@ -171138,6 +171158,7 @@ CVE-2024-41833 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-41834 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-41835 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-41840 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-41849 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-41850 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-41851 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-41852 - https://github.com/fkie-cad/nvd-json-data-feeds
@ -171188,8 +171209,12 @@ CVE-2024-42040 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-42041 - https://github.com/actuator/cve
 CVE-2024-42054 - https://github.com/jinsonvarghese/jinsonvarghese
 CVE-2024-42055 - https://github.com/jinsonvarghese/jinsonvarghese
 CVE-2024-42056 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-4207 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-4208 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-42085 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-42090 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-42093 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-4210 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-42152 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-42233 - https://github.com/fkie-cad/nvd-json-data-feeds
@ -171305,6 +171330,9 @@ CVE-2024-42765 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-42766 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-42784 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-42785 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-42786 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-42787 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-42789 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-42834 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2024-42845 - https://github.com/alessio-romano/alessio-romano
 CVE-2024-42845 - https://github.com/nomi-sec/PoC-in-GitHub
@ -171320,6 +171348,7 @@ CVE-2024-4297 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-4298 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-42982 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-4299 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-42992 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-42992 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2024-4300 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-4301 - https://github.com/fkie-cad/nvd-json-data-feeds
@ -171587,6 +171616,9 @@ CVE-2024-43381 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-43398 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-43398 - https://github.com/lifeparticle/Ruby-Cheatsheet
 CVE-2024-4340 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-43442 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-43443 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-43444 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-4345 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-4346 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-4349 - https://github.com/fkie-cad/nvd-json-data-feeds
@ -171624,6 +171656,7 @@ CVE-2024-4367 - https://github.com/spaceraccoon/detect-cve-2024-4367
 CVE-2024-4367 - https://github.com/tanjiti/sec_profile
 CVE-2024-4367 - https://github.com/zgimszhd61/openai-sec-test-cve-quickstart
 CVE-2024-4368 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-43688 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-43688 - https://github.com/kherrick/lobsters
 CVE-2024-4369 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-4370 - https://github.com/fkie-cad/nvd-json-data-feeds
@ -171643,13 +171676,16 @@ CVE-2024-43833 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-43836 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-43837 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-43883 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-43884 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-4389 - https://github.com/20142995/nuclei-templates
 CVE-2024-4389 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-4392 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-4393 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-43966 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-4405 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-4406 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-44073 - https://github.com/brunoerg/bitcoinfuzz
 CVE-2024-44083 - https://github.com/Azvanzed/IdaMeme
 CVE-2024-44083 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2024-4418 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-4433 - https://github.com/fkie-cad/nvd-json-data-feeds
@ -171668,6 +171704,8 @@ CVE-2024-4444 - https://github.com/JohnnyBradvo/CVE-2024-4444
 CVE-2024-4444 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2024-4445 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-4451 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-44556 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-44558 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-4460 - https://github.com/sev-hack/sev-hack
 CVE-2024-4468 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-4473 - https://github.com/fkie-cad/nvd-json-data-feeds
@ -171700,10 +171738,16 @@ CVE-2024-4519 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-4521 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-4522 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-4523 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-45238 - https://github.com/chnzzh/OpenSSL-CVE-lib
 CVE-2024-4524 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-45240 - https://github.com/Ch0pin/related_work
 CVE-2024-45241 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2024-45242 - https://github.com/actuator/cve
 CVE-2024-4525 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-45258 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-4526 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-45264 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2024-45265 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2024-4527 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-4528 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-4536 - https://github.com/fkie-cad/nvd-json-data-feeds
@ -171756,6 +171800,7 @@ CVE-2024-4577 - https://github.com/nitish778191/fitness_app
 CVE-2024-4577 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2024-4577 - https://github.com/ohhhh693/CVE-2024-4577
 CVE-2024-4577 - https://github.com/onewinner/POCS
 CVE-2024-4577 - https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main
 CVE-2024-4577 - https://github.com/princew88/CVE-2024-4577
 CVE-2024-4577 - https://github.com/taida957789/CVE-2024-4577
 CVE-2024-4577 - https://github.com/tanjiti/sec_profile
@ -172182,6 +172227,7 @@ CVE-2024-6192 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-6193 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-6194 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-6195 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-6197 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-6205 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2024-6206 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-6222 - https://github.com/nomi-sec/PoC-in-GitHub
@ -172307,6 +172353,7 @@ CVE-2024-6706 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-6707 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-6710 - https://github.com/20142995/nuclei-templates
 CVE-2024-6711 - https://github.com/20142995/nuclei-templates
 CVE-2024-6715 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-6722 - https://github.com/20142995/nuclei-templates
 CVE-2024-6724 - https://github.com/20142995/nuclei-templates
 CVE-2024-6724 - https://github.com/fkie-cad/nvd-json-data-feeds
@ -172396,6 +172443,7 @@ CVE-2024-7057 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-7060 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-7063 - https://github.com/20142995/nuclei-templates
 CVE-2024-7064 - https://github.com/20142995/nuclei-templates
 CVE-2024-7066 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-7080 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-7081 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-7082 - https://github.com/20142995/nuclei-templates
@ -172683,6 +172731,8 @@ CVE-2024-7979 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-7980 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-7981 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-7986 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-7987 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-7988 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-8011 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-8033 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-8034 - https://github.com/fkie-cad/nvd-json-data-feeds
@ -172695,6 +172745,15 @@ CVE-2024-8120 - https://github.com/20142995/nuclei-templates
 CVE-2024-8128 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-8146 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-8147 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-8161 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-8162 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-8163 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-8164 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-8165 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-8166 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-8167 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-8168 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-8169 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-87654 - https://github.com/runwuf/clickhouse-test
 CVE-2024-98765 - https://github.com/runwuf/clickhouse-test
 CVE-2024-99999 - https://github.com/kolewttd/wtt
--- a/references.txt
+++ b/references.txt
@ -23136,6 +23136,7 @@ CVE-2013-1034 - http://www.cloudscan.me/2013/09/cve-2013-1034-stored-xss-xxe-os-
 CVE-2013-1052 - http://www.ubuntu.com/usn/USN-1766-1
 CVE-2013-1054 - https://launchpad.net/bugs/1175661
 CVE-2013-1055 - https://launchpad.net/bugs/1175691
 CVE-2013-1060 - http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1060.html
 CVE-2013-1060 - http://www.ubuntu.com/usn/USN-1938-1
 CVE-2013-1100 - http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1100
 CVE-2013-1115 - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130904-webex
@ -60203,6 +60204,7 @@ CVE-2019-19887 - https://github.com/rockcarry/ffjpeg/issues/14
 CVE-2019-19888 - https://github.com/rockcarry/ffjpeg/issues/13
 CVE-2019-19889 - https://github.com/V1n1v131r4/HGB10R-2
 CVE-2019-19890 - https://github.com/V1n1v131r4/HGB10R-2
 CVE-2019-19905 - https://github.com/NetHack/NetHack/commit/f001de79542b8c38b1f8e6d7eaefbbd28ab94b47
 CVE-2019-19906 - https://www.openldap.org/its/index.cgi/Incoming?id=9123
 CVE-2019-19912 - http://packetstormsecurity.com/files/156951/codeBeamer-9.5-Cross-Site-Scripting.html
 CVE-2019-19913 - http://packetstormsecurity.com/files/156951/codeBeamer-9.5-Cross-Site-Scripting.html
@ -89008,6 +89010,7 @@ CVE-2023-0512 - http://seclists.org/fulldisclosure/2023/Mar/21
 CVE-2023-0512 - https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74
 CVE-2023-0513 - https://vuldb.com/?id.219334
 CVE-2023-0514 - https://wpscan.com/vulnerability/c6cc400a-9bfb-417d-9206-5582a49d0f05
 CVE-2023-0516 - https://vuldb.com/?id.219336
 CVE-2023-0519 - https://huntr.dev/bounties/891ad0cb-d12f-4c5e-aac8-d7326caf2129
 CVE-2023-0520 - https://wpscan.com/vulnerability/be4f7ff9-af79-477b-9f47-e40e25a3558e
 CVE-2023-0522 - https://wpscan.com/vulnerability/c7984bfb-86a3-4530-90ae-17ab39af1c54
@ -89015,6 +89018,7 @@ CVE-2023-0526 - https://wpscan.com/vulnerability/0ec58310-243d-40c8-9fa6-8753947
 CVE-2023-0527 - http://packetstormsecurity.com/files/172667/Online-Security-Guards-Hiring-System-1.0-Cross-Site-Scripting.html
 CVE-2023-0527 - https://github.com/ctflearner/Vulnerability/blob/main/Online-Security-guard-POC.md
 CVE-2023-0528 - https://vuldb.com/?id.219597
 CVE-2023-0530 - https://vuldb.com/?id.219599
 CVE-2023-0531 - https://vuldb.com/?id.219600
 CVE-2023-0532 - https://vuldb.com/?id.219601
 CVE-2023-0533 - https://vuldb.com/?id.219602
@ -89119,6 +89123,7 @@ CVE-2023-0769 - https://wpscan.com/vulnerability/1d4a2f0e-a371-4e27-98de-528e070
 CVE-2023-0770 - https://huntr.dev/bounties/e0fdeee5-7909-446e-9bd0-db80fd80e8dd
 CVE-2023-0771 - https://huntr.dev/bounties/2493f350-271b-4c38-9e1d-c8fa189c5ce1
 CVE-2023-0772 - https://wpscan.com/vulnerability/28754886-b7b4-44f7-9042-b81c542d3c9c
 CVE-2023-0774 - https://vuldb.com/?id.220558
 CVE-2023-0774 - https://www.youtube.com/watch?v=s3oK5jebx_I
 CVE-2023-0777 - http://packetstormsecurity.com/files/171744/modoboa-2.0.4-Admin-Takeover.html
 CVE-2023-0777 - https://huntr.dev/bounties/a17e7a9f-0fee-4130-a522-5a0466fc17c7
@ -89206,6 +89211,7 @@ CVE-2023-0947 - https://huntr.dev/bounties/7379d702-72ff-4a5d-bc68-007290015496
 CVE-2023-0948 - https://wpscan.com/vulnerability/a78d75b2-85a0-41eb-9720-c726ca2e8718
 CVE-2023-0949 - https://huntr.dev/bounties/ef87be4e-493b-4ee9-9738-44c55b8acc19
 CVE-2023-0955 - https://wpscan.com/vulnerability/18b7e93f-b038-4f28-918b-4015d62f0eb8
 CVE-2023-0960 - https://vuldb.com/?id.221630
 CVE-2023-0961 - https://github.com/navaidzansari/CVE_Demo/blob/main/2023/Music%20Gallery%20Site%20-%20SQL%20Injection%202.md
 CVE-2023-0962 - https://github.com/navaidzansari/CVE_Demo/blob/main/2023/Music%20Gallery%20Site%20-%20SQL%20Injection%203.md
 CVE-2023-0962 - https://vuldb.com/?id.221632
@ -91140,6 +91146,7 @@ CVE-2023-27350 - http://packetstormsecurity.com/files/172022/PaperCut-NG-MG-22.0
 CVE-2023-27350 - http://packetstormsecurity.com/files/172512/PaperCut-NG-MG-22.0.4-Remote-Code-Execution.html
 CVE-2023-27350 - http://packetstormsecurity.com/files/172780/PaperCut-PaperCutNG-Authentication-Bypass.html
 CVE-2023-27350 - https://news.sophos.com/en-us/2023/04/27/increased-exploitation-of-papercut-drawing-blood-around-the-internet/
 CVE-2023-27356 - https://kb.netgear.com/000065618/Security-Advisory-for-Post-authentication-Command-Injection-on-Some-Routers-PSV-2022-0350
 CVE-2023-27372 - http://packetstormsecurity.com/files/171921/SPIP-Remote-Command-Execution.html
 CVE-2023-27372 - http://packetstormsecurity.com/files/173044/SPIP-4.2.1-Remote-Code-Execution.html
 CVE-2023-27379 - https://talosintelligence.com/vulnerability_reports/TALOS-2023-1756
@ -94914,6 +94921,7 @@ CVE-2023-48859 - https://github.com/xieqiang11/security_research/blob/main/TOTOL
 CVE-2023-48860 - https://github.com/xieqiang11/security_research/blob/main/TOTOLINK-N300RT-RCE.md
 CVE-2023-48861 - https://github.com/xieqiang11/POC4/blob/main/README.md
 CVE-2023-48863 - https://gitee.com/NoBlake/cve-2023-48863/
 CVE-2023-48864 - https://gitee.com/NoBlake/cve-2023-48864
 CVE-2023-48866 - https://nitipoom-jar.github.io/CVE-2023-48866/
 CVE-2023-48886 - https://github.com/luxiaoxun/NettyRpc/issues/53
 CVE-2023-48887 - https://github.com/fengjiachun/Jupiter/issues/115
@ -94938,6 +94946,8 @@ CVE-2023-48949 - https://github.com/openlink/virtuoso-opensource/issues/1173
 CVE-2023-48950 - https://github.com/openlink/virtuoso-opensource/issues/1174
 CVE-2023-48951 - https://github.com/openlink/virtuoso-opensource/issues/1177
 CVE-2023-48952 - https://github.com/openlink/virtuoso-opensource/issues/1175
 CVE-2023-48957 - https://latesthackingnews.com/2023/11/13/multiple-vulnerabilities-found-in-purevpn-one-remains-unpatched/
 CVE-2023-48957 - https://www.rafaybaloch.com/2023/11/Multiple%20Critical-Vulnerabilities-in-PureVPN.html?m=1
 CVE-2023-48958 - https://github.com/gpac/gpac/issues/2689
 CVE-2023-48963 - https://github.com/daodaoshao/vul_tenda_i6_1
 CVE-2023-48964 - https://github.com/daodaoshao/vul_tenda_i6_2
@ -97008,6 +97018,7 @@ CVE-2024-2307 - https://bugzilla.redhat.com/show_bug.cgi?id=2268513
 CVE-2024-2309 - https://wpscan.com/vulnerability/a4152818-1e07-46a7-aec4-70f1a1b579a6/
 CVE-2024-23094 - https://github.com/TinkAnet/cve/blob/main/csrf3.md
 CVE-2024-2310 - https://wpscan.com/vulnerability/7a2c173c-19e3-4f48-b3af-14790b5b8e94/
 CVE-2024-2316 - https://vuldb.com/?id.256270
 CVE-2024-2318 - https://gist.github.com/whiteman007/a3b25a7ddf38774329d72930e0cd841a
 CVE-2024-2322 - https://wpscan.com/vulnerability/c740ed3b-d6b8-4afc-8c6b-a1ec37597055/
 CVE-2024-2329 - https://github.com/flyyue2001/cve/blob/main/NS-ASG-sql-list_resource_icon.md
@ -99703,6 +99714,8 @@ CVE-2024-41954 - https://github.com/FOGProject/fogproject/security/advisories/GH
 CVE-2024-41955 - https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-8m9j-2f32-2vx4
 CVE-2024-41957 - https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4
 CVE-2024-41965 - https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f
 CVE-2024-41996 - https://dheatattack.gitlab.io/details/
 CVE-2024-41996 - https://dheatattack.gitlab.io/faq/
 CVE-2024-4201 - https://gitlab.com/gitlab-org/gitlab/-/issues/458229
 CVE-2024-42029 - https://github.com/hyprwm/xdg-desktop-portal-hyprland/issues/242
 CVE-2024-42054 - https://github.com/CervantesSec/cervantes/commit/78631a034d0fb3323a53fb7428b2022b29a0d2cd
@ -99838,6 +99851,8 @@ CVE-2024-43401 - https://jira.xwiki.org/browse/XWIKI-20331
 CVE-2024-43403 - https://github.com/kanisterio/kanister/security/advisories/GHSA-h27c-6xm3-mcqp
 CVE-2024-4348 - https://vuldb.com/?submit.320855
 CVE-2024-4349 - https://github.com/CveSecLook/cve/issues/19
 CVE-2024-43688 - https://www.supernetworks.org/CVE-2024-43688/openbsd-cron-heap-underflow.txt
 CVE-2024-43688 - https://www.supernetworks.org/advisories/CVE-2024-43688-openbsd-cron-heap-underflow.txt
 CVE-2024-4372 - https://wpscan.com/vulnerability/13dcfd8a-e378-44b4-af6f-940bc41539a4/
 CVE-2024-4377 - https://wpscan.com/vulnerability/778cebec-bdbb-4538-9518-c5bd50f76961/
 CVE-2024-4381 - https://wpscan.com/vulnerability/9b3cda9a-17a7-4173-93a2-d552a874fae9/
@ -99875,6 +99890,7 @@ CVE-2024-45187 - https://research.jfrog.com/vulnerabilities/mage-ai-deleted-user
 CVE-2024-45188 - https://research.jfrog.com/vulnerabilities/mage-ai-file-content-request-remote-arbitrary-file-leak-jfsa-2024-001039603/
 CVE-2024-45189 - https://research.jfrog.com/vulnerabilities/mage-ai-git-content-request-remote-arbitrary-file-leak-jfsa-2024-001039604/
 CVE-2024-45190 - https://research.jfrog.com/vulnerabilities/mage-ai-pipeline-interaction-request-remote-arbitrary-file-leak-jfsa-2024-001039605/
 CVE-2024-45256 - https://blog.chebuya.com/posts/unauthenticated-remote-command-execution-on-byob/
 CVE-2024-4528 - https://github.com/yylmm/CVE/blob/main/Prison%20Management%20System/xss2.md
 CVE-2024-4529 - https://wpscan.com/vulnerability/082ff0b8-2ecd-4292-832d-0a79e1ba8cb3/
 CVE-2024-4530 - https://wpscan.com/vulnerability/952f6b5c-7728-4c87-8826-6b493f51a979/
@ -100353,10 +100369,13 @@ CVE-2024-6724 - https://wpscan.com/vulnerability/0cb3158a-263d-4c4a-8029-62b453c
 CVE-2024-6728 - https://github.com/jeery0/cve/issues/1
 CVE-2024-6729 - https://reports-kunull.vercel.app/CVE%20research/2024/cve-2024-6729
 CVE-2024-6729 - https://reports-kunull.vercel.app/CVEs/2024/CVE-2024-6729
 CVE-2024-6729 - https://reports.kunull.net/CVEs/2024/CVE-2024-6729
 CVE-2024-6731 - https://reports-kunull.vercel.app/CVE%20research/2024/cve-2024-6731
 CVE-2024-6731 - https://reports-kunull.vercel.app/CVEs/2024/CVE-2024-6731
 CVE-2024-6731 - https://reports.kunull.net/CVEs/2024/CVE-2024-6731
 CVE-2024-6732 - https://reports-kunull.vercel.app/CVE%20research/2024/cve-2024-6732
 CVE-2024-6732 - https://reports-kunull.vercel.app/CVEs/2024/CVE-2024-6732
 CVE-2024-6732 - https://reports.kunull.net/CVEs/2024/CVE-2024-6732
 CVE-2024-6732 - https://vuldb.com/?submit.374370
 CVE-2024-6733 - https://github.com/jiaoyanshuai/cve/issues/1
 CVE-2024-6734 - https://github.com/jiaoyanshuai/cve/issues/2
@ -100371,13 +100390,16 @@ CVE-2024-6783 - https://www.herodevs.com/vulnerability-directory/cve-2024-6783--
 CVE-2024-6801 - https://github.com/aaajuna/demo/issues/1
 CVE-2024-6802 - https://reports-kunull.vercel.app/CVE%20research/2024/cve-2024-6802
 CVE-2024-6802 - https://reports-kunull.vercel.app/CVEs/2024/CVE-2024-6802
 CVE-2024-6802 - https://reports.kunull.net/CVEs/2024/CVE-2024-6802
 CVE-2024-6803 - https://github.com/hzy11111111/cve/issues/3
 CVE-2024-6807 - https://reports-kunull.vercel.app/CVE%20research/2024/cve-2024-6807
 CVE-2024-6807 - https://reports-kunull.vercel.app/CVEs/2024/CVE-2024-6807
 CVE-2024-6807 - https://reports.kunull.net/CVEs/2024/CVE-2024-6807
 CVE-2024-6808 - https://github.com/qianqiusujiu/cve/issues/1
 CVE-2024-6843 - https://wpscan.com/vulnerability/9a5cb440-065a-445a-9a09-55bd5f782e85/
 CVE-2024-6847 - https://wpscan.com/vulnerability/baa860bb-3b7d-438a-ad54-92bf8e21e851/
 CVE-2024-6848 - https://github.com/BoldGrid/post-and-page-builder/issues/612
 CVE-2024-6879 - https://wpscan.com/vulnerability/4da0b318-03e7-409d-9b02-f108e4232c87/
 CVE-2024-6884 - https://wpscan.com/vulnerability/1768de0c-e4ea-4c98-abf1-7ac805f214b8/
 CVE-2024-6890 - https://korelogic.com/Resources/Advisories/KL-001-2024-007.txt
 CVE-2024-6891 - https://korelogic.com/Resources/Advisories/KL-001-2024-008.txt
@ -100527,6 +100549,7 @@ CVE-2024-7306 - https://gist.github.com/topsky979/0d5ec3fac4f1fc895478344be55215
 CVE-2024-7307 - https://gist.github.com/topsky979/df642bf14cce32c58d4805b6f6cf44e0
 CVE-2024-7308 - https://gist.github.com/topsky979/c11fd2c1b9027831031de2e58cbf5ff3
 CVE-2024-7311 - https://github.com/23588hk/cve/issues/1
 CVE-2024-7313 - https://wpscan.com/vulnerability/83a1bdc6-098e-43d5-89e5-f4202ecd78a1/
 CVE-2024-7314 - https://github.com/vulhub/vulhub/tree/master/aj-report/CNVD-2024-15077
 CVE-2024-7320 - https://github.com/cl4irv0yance/CVEs/issues/3
 CVE-2024-7321 - https://github.com/cl4irv0yance/CVEs/issues/4
@ -100675,6 +100698,8 @@ CVE-2024-7838 - https://github.com/ppp-src/a/issues/1
 CVE-2024-7839 - https://github.com/ppp-src/a/issues/2
 CVE-2024-7841 - https://github.com/qqlove555/cve/blob/main/sql.md
 CVE-2024-7842 - https://github.com/Wsstiger/cve/blob/main/Tracer_info.md
 CVE-2024-7843 - https://github.com/Wsstiger/cve/blob/main/Tracer_info2.md
 CVE-2024-7844 - https://github.com/Wsstiger/cve/blob/main/Tracer_XSS.md
 CVE-2024-7845 - https://github.com/Wsstiger/cve/blob/main/Tracer_sql2.md
 CVE-2024-7849 - https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_create_album.md
 CVE-2024-7851 - https://github.com/Wsstiger/cve/blob/main/Yoga_add.md
@ -100687,6 +100712,24 @@ CVE-2024-7897 - https://gist.github.com/b0rgch3n/bb47a1ed6f66c1e8c7a80f210f4ac8e
 CVE-2024-7898 - https://gist.github.com/b0rgch3n/3136cad95b09e42184fb2d78aae33651
 CVE-2024-7900 - https://github.com/DeepMountains/Mirage/blob/main/CVE16-1.md
 CVE-2024-7900 - https://github.com/DeepMountains/Mirage/blob/main/CVE16-2.md
 CVE-2024-7907 - https://github.com/BeaCox/IoT_vuln/tree/main/totolink/x6000R/setSyslogCfg_injection
 CVE-2024-7908 - https://github.com/BeaCox/IoT_vuln/tree/main/totolink/EX1200L/setDefResponse_bof
 CVE-2024-7909 - https://github.com/BeaCox/IoT_vuln/tree/main/totolink/EX1200L/setLanguageCfg_bof
 CVE-2024-7912 - https://github.com/CYB84/CVE_Writeup/blob/main/Online%20Railway%20Reservation%20System/Directory%20Listing.md
 CVE-2024-7913 - https://github.com/ppp-src/a/issues/4
 CVE-2024-7914 - https://github.com/Wsstiger/cve/blob/main/Yoga_xss2.md
 CVE-2024-7922 - https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_create_playlist.md
 CVE-2024-7922 - https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_get_tracks_list.md
 CVE-2024-7930 - https://github.com/Pingxy/cve/blob/main/sql.md
 CVE-2024-7933 - https://github.com/DeepMountains/zzz/blob/main/CVE3-1.md
 CVE-2024-7934 - https://github.com/DeepMountains/zzz/blob/main/CVE3-2.md
 CVE-2024-7935 - https://github.com/DeepMountains/zzz/blob/main/CVE3-3.md
 CVE-2024-7936 - https://github.com/DeepMountains/zzz/blob/main/CVE3-4.md
 CVE-2024-7937 - https://github.com/DeepMountains/zzz/blob/main/CVE3-5.md
 CVE-2024-7943 - https://github.com/DeepMountains/zzz/blob/main/CVE2-1.md
 CVE-2024-7945 - https://github.com/DeepMountains/zzz/blob/main/CVE2-3.md
 CVE-2024-7946 - https://github.com/a1175165157/cve/issues/1
 CVE-2024-7947 - https://github.com/CveSecLook/cve/issues/60
 CVE-2024-7954 - https://thinkloveshare.com/hacking/spip_preauth_rce_2024_part_1_the_feather/
 CVE-2024-8003 - https://vuldb.com/?submit.393987
 CVE-2024-8072 - https://research.jfrog.com/vulnerabilities/mage-ai-terminal-server-infoleak-jfsa-2024-001039574/