From e8c9fd6e2fdb220d4ea75ca03ae2526db8f15801 Mon Sep 17 00:00:00 2001 From: 0xMarcio Date: Fri, 23 Aug 2024 18:19:28 +0000 Subject: [PATCH] Update CVE sources 2024-08-23 18:19 --- 2001/CVE-2001-0457.md | 17 +++++++++ 2002/CVE-2002-1902.md | 17 +++++++++ 2010/CVE-2010-4476.md | 1 + 2011/CVE-2011-1002.md | 1 + 2012/CVE-2012-1182.md | 1 + 2013/CVE-2013-2446.md | 1 + 2013/CVE-2013-2455.md | 1 + 2017/CVE-2017-0143.md | 1 + 2018/CVE-2018-12030.md | 17 +++++++++ 2019/CVE-2019-11358.md | 1 + 2020/CVE-2020-10735.md | 1 + 2021/CVE-2021-1472.md | 1 + 2021/CVE-2021-23336.md | 2 +- 2021/CVE-2021-3177.md | 1 + 2022/CVE-2022-30525.md | 1 + 2022/CVE-2022-3504.md | 17 +++++++++ 2022/CVE-2022-3664.md | 1 + 2022/CVE-2022-3671.md | 2 +- 2023/CVE-2023-3008.md | 17 +++++++++ 2023/CVE-2023-47131.md | 17 +++++++++ 2024/CVE-2024-22243.md | 1 + 2024/CVE-2024-22257.md | 1 + 2024/CVE-2024-23091.md | 17 +++++++++ 2024/CVE-2024-27764.md | 2 +- 2024/CVE-2024-27765.md | 2 +- 2024/CVE-2024-28000.md | 3 +- 2024/CVE-2024-31319.md | 17 +++++++++ 2024/CVE-2024-3183.md | 1 + 2024/CVE-2024-3282.md | 17 +++++++++ 2024/CVE-2024-34313.md | 2 +- 2024/CVE-2024-36439.md | 17 +++++++++ 2024/CVE-2024-36440.md | 17 +++++++++ 2024/CVE-2024-36441.md | 17 +++++++++ 2024/CVE-2024-36442.md | 17 +++++++++ 2024/CVE-2024-36443.md | 17 +++++++++ 2024/CVE-2024-36444.md | 17 +++++++++ 2024/CVE-2024-36445.md | 17 +++++++++ 2024/CVE-2024-38807.md | 17 +++++++++ 2024/CVE-2024-4067.md | 1 + 2024/CVE-2024-41659.md | 4 +- 2024/CVE-2024-41676.md | 17 +++++++++ 2024/CVE-2024-41802.md | 17 +++++++++ 2024/CVE-2024-41803.md | 17 +++++++++ 2024/CVE-2024-41804.md | 17 +++++++++ 2024/CVE-2024-43022.md | 17 +++++++++ 2024/CVE-2024-43105.md | 17 +++++++++ 2024/CVE-2024-43218.md | 2 +- 2024/CVE-2024-43331.md | 18 +++++++++ 2024/CVE-2024-43398.md | 17 +++++++++ 2024/CVE-2024-43785.md | 17 +++++++++ 2024/CVE-2024-43787.md | 17 +++++++++ 2024/CVE-2024-44073.md | 17 +++++++++ 2024/CVE-2024-5502.md | 17 +++++++++ 2024/CVE-2024-5583.md | 17 +++++++++ 2024/CVE-2024-5932.md | 1 + 2024/CVE-2024-6386.md | 2 +- 2024/CVE-2024-6409.md | 1 + 2024/CVE-2024-6699.md | 17 +++++++++ 2024/CVE-2024-6715.md | 17 +++++++++ 2024/CVE-2024-6800.md | 2 +- 2024/CVE-2024-6870.md | 17 +++++++++ 2024/CVE-2024-6916.md | 18 +++++++++ 2024/CVE-2024-7003.md | 17 +++++++++ 2024/CVE-2024-7127.md | 17 +++++++++ 2024/CVE-2024-7179.md | 2 +- 2024/CVE-2024-7180.md | 2 +- 2024/CVE-2024-7181.md | 2 +- 2024/CVE-2024-7182.md | 2 +- 2024/CVE-2024-7183.md | 2 +- 2024/CVE-2024-7184.md | 2 +- 2024/CVE-2024-7185.md | 2 +- 2024/CVE-2024-7186.md | 2 +- 2024/CVE-2024-7187.md | 2 +- 2024/CVE-2024-7189.md | 2 +- 2024/CVE-2024-7190.md | 2 +- 2024/CVE-2024-7191.md | 2 +- 2024/CVE-2024-7192.md | 17 +++++++++ 2024/CVE-2024-7219.md | 2 +- 2024/CVE-2024-7220.md | 2 +- 2024/CVE-2024-7221.md | 2 +- 2024/CVE-2024-7222.md | 2 +- 2024/CVE-2024-7223.md | 2 +- 2024/CVE-2024-7224.md | 2 +- 2024/CVE-2024-7327.md | 2 +- 2024/CVE-2024-7328.md | 17 +++++++++ 2024/CVE-2024-7384.md | 17 +++++++++ 2024/CVE-2024-7778.md | 1 + 2024/CVE-2024-7836.md | 1 + 2024/CVE-2024-7848.md | 1 + 2024/CVE-2024-7896.md | 1 + 2024/CVE-2024-7897.md | 1 + 2024/CVE-2024-7898.md | 2 +- 2024/CVE-2024-7971.md | 1 + 2024/CVE-2024-8003.md | 17 +++++++++ github.txt | 87 ++++++++++++++++++++++++++++++++++++++++++ references.txt | 24 ++++++++++++ 96 files changed, 849 insertions(+), 31 deletions(-) create mode 100644 2001/CVE-2001-0457.md create mode 100644 2002/CVE-2002-1902.md create mode 100644 2018/CVE-2018-12030.md create mode 100644 2022/CVE-2022-3504.md create mode 100644 2023/CVE-2023-3008.md create mode 100644 2023/CVE-2023-47131.md create mode 100644 2024/CVE-2024-23091.md create mode 100644 2024/CVE-2024-31319.md create mode 100644 2024/CVE-2024-3282.md create mode 100644 2024/CVE-2024-36439.md create mode 100644 2024/CVE-2024-36440.md create mode 100644 2024/CVE-2024-36441.md create mode 100644 2024/CVE-2024-36442.md create mode 100644 2024/CVE-2024-36443.md create mode 100644 2024/CVE-2024-36444.md create mode 100644 2024/CVE-2024-36445.md create mode 100644 2024/CVE-2024-38807.md create mode 100644 2024/CVE-2024-41676.md create mode 100644 2024/CVE-2024-41802.md create mode 100644 2024/CVE-2024-41803.md create mode 100644 2024/CVE-2024-41804.md create mode 100644 2024/CVE-2024-43022.md create mode 100644 2024/CVE-2024-43105.md create mode 100644 2024/CVE-2024-43331.md create mode 100644 2024/CVE-2024-43398.md create mode 100644 2024/CVE-2024-43785.md create mode 100644 2024/CVE-2024-43787.md create mode 100644 2024/CVE-2024-44073.md create mode 100644 2024/CVE-2024-5502.md create mode 100644 2024/CVE-2024-5583.md create mode 100644 2024/CVE-2024-6699.md create mode 100644 2024/CVE-2024-6715.md create mode 100644 2024/CVE-2024-6870.md create mode 100644 2024/CVE-2024-6916.md create mode 100644 2024/CVE-2024-7003.md create mode 100644 2024/CVE-2024-7127.md create mode 100644 2024/CVE-2024-7192.md create mode 100644 2024/CVE-2024-7328.md create mode 100644 2024/CVE-2024-7384.md create mode 100644 2024/CVE-2024-8003.md diff --git a/2001/CVE-2001-0457.md b/2001/CVE-2001-0457.md new file mode 100644 index 000000000..013c2bc0b --- /dev/null +++ b/2001/CVE-2001-0457.md @@ -0,0 +1,17 @@ +### [CVE-2001-0457](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0457) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +man2html before 1.5-22 allows remote attackers to cause a denial of service (memory exhaustion). + +### POC + +#### Reference +- https://exchange.xforce.ibmcloud.com/vulnerabilities/6211 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1902.md b/2002/CVE-2002-1902.md new file mode 100644 index 000000000..22a71a2f8 --- /dev/null +++ b/2002/CVE-2002-1902.md @@ -0,0 +1,17 @@ +### [CVE-2002-1902](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1902) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +CGIForum 1.0 through 1.05 allows remote attackers to cause a denial of service (infinite recursion) by creating a message board post that is a child of an outdated parent. + +### POC + +#### Reference +- http://freshmeat.net/releases/86842/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2010/CVE-2010-4476.md b/2010/CVE-2010-4476.md index 9b5698599..0132ce220 100644 --- a/2010/CVE-2010-4476.md +++ b/2010/CVE-2010-4476.md @@ -18,5 +18,6 @@ The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java S - https://github.com/ARPSyndicate/cvemon - https://github.com/CVEDB/PoC-List - https://github.com/CVEDB/awesome-cve-repo +- https://github.com/STaj-55/Cybersecurity_Incident_Response_Database - https://github.com/grzegorzblaszczyk/CVE-2010-4476-check diff --git a/2011/CVE-2011-1002.md b/2011/CVE-2011-1002.md index 5edc5aa3c..8bbdf76f6 100644 --- a/2011/CVE-2011-1002.md +++ b/2011/CVE-2011-1002.md @@ -18,6 +18,7 @@ No PoCs from references. - https://github.com/EvgeniyaBalanyuk/attacks - https://github.com/Howertx/avahi-dos - https://github.com/NikolayAntipov/DB_13-01 +- https://github.com/avergnaud/thm-notes - https://github.com/berradiginamic/32123BC7-Securite-Informatique - https://github.com/csk/unisecbarber - https://github.com/kaanyeniyol/python-nmap diff --git a/2012/CVE-2012-1182.md b/2012/CVE-2012-1182.md index d7540cb12..a1ee8e8a6 100644 --- a/2012/CVE-2012-1182.md +++ b/2012/CVE-2012-1182.md @@ -22,6 +22,7 @@ The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6. - https://github.com/Kiosec/Windows-Exploitation - https://github.com/Qftm/Information_Collection_Handbook - https://github.com/amishamunjal-az/Week16-Homework +- https://github.com/avergnaud/thm-notes - https://github.com/casohub/multinmap - https://github.com/esteban0477/RedTeamPlaybook - https://github.com/jlashay/Penetration-Testing-1 diff --git a/2013/CVE-2013-2446.md b/2013/CVE-2013-2446.md index f1f5c0a1f..f33f35b91 100644 --- a/2013/CVE-2013-2446.md +++ b/2013/CVE-2013-2446.md @@ -12,6 +12,7 @@ Unspecified vulnerability in the Java Runtime Environment (JRE) component in Ora #### Reference - http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html - http://www.securityfocus.com/bid/60620 +- https://bugzilla.redhat.com/show_bug.cgi?id=975132 #### Github No PoCs found on GitHub currently. diff --git a/2013/CVE-2013-2455.md b/2013/CVE-2013-2455.md index b191921d8..0b6cc9a32 100644 --- a/2013/CVE-2013-2455.md +++ b/2013/CVE-2013-2455.md @@ -12,6 +12,7 @@ Unspecified vulnerability in the Java Runtime Environment (JRE) component in Ora #### Reference - http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html - http://www.securityfocus.com/bid/60619 +- https://bugzilla.redhat.com/show_bug.cgi?id=975139 #### Github No PoCs found on GitHub currently. diff --git a/2017/CVE-2017-0143.md b/2017/CVE-2017-0143.md index df4d77f80..dc1c1ee6d 100644 --- a/2017/CVE-2017-0143.md +++ b/2017/CVE-2017-0143.md @@ -74,6 +74,7 @@ The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 - https://github.com/a1xbit/BlackBoxPenetrationTesting - https://github.com/androidkey/MS17-011 - https://github.com/avboy1337/Vulnerabilities +- https://github.com/avergnaud/thm-notes - https://github.com/aymankhder/AD-attack-defense - https://github.com/bb33bb/Vulnerabilities - https://github.com/bhataasim1/AD-Attack-Defence diff --git a/2018/CVE-2018-12030.md b/2018/CVE-2018-12030.md new file mode 100644 index 000000000..d4793cba2 --- /dev/null +++ b/2018/CVE-2018-12030.md @@ -0,0 +1,17 @@ +### [CVE-2018-12030](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12030) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Chevereto Free before 1.0.13 has XSS. + +### POC + +#### Reference +- https://edricteo.com/chevereto-free-xss-vulnerability-in-version-1.0.12/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2019/CVE-2019-11358.md b/2019/CVE-2019-11358.md index 0b2b659a4..12f2a2096 100644 --- a/2019/CVE-2019-11358.md +++ b/2019/CVE-2019-11358.md @@ -2229,6 +2229,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan - https://github.com/Techarinos/FTC - https://github.com/Techno-Goats-9224/FtcRobotController - https://github.com/Techno-Goats-9224/FtcRobotController-master-9224 +- https://github.com/Techno-Maniacs-16021/CenterStage-RobotController - https://github.com/TechnoMaister/CodNat - https://github.com/TechnoNatura-org/FTC_CENTERSTAGE_KrakenRyu_NusantaraRegional - https://github.com/TechnoTrexes/PowerPlay2023 diff --git a/2020/CVE-2020-10735.md b/2020/CVE-2020-10735.md index be1071496..4fd2126f7 100644 --- a/2020/CVE-2020-10735.md +++ b/2020/CVE-2020-10735.md @@ -15,6 +15,7 @@ A flaw was found in python. In algorithms with quadratic time complexity using n #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/Live-Hack-CVE/CVE-2020-10735 +- https://github.com/Mohit190405/Python-Programming- - https://github.com/NathanielAPawluk/sec-buddy - https://github.com/Vizonex/PyRandom128 diff --git a/2021/CVE-2021-1472.md b/2021/CVE-2021-1472.md index f69f27baf..0897f30ac 100644 --- a/2021/CVE-2021-1472.md +++ b/2021/CVE-2021-1472.md @@ -16,5 +16,6 @@ Multiple vulnerabilities exist in the web-based management interface of Cisco Sm - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/Sohrabian/special-cyber-security-topic +- https://github.com/defronixpro/Defronix-Cybersecurity-Roadmap - https://github.com/zmylml/yangzifun diff --git a/2021/CVE-2021-23336.md b/2021/CVE-2021-23336.md index 598894260..75f7f925f 100644 --- a/2021/CVE-2021-23336.md +++ b/2021/CVE-2021-23336.md @@ -16,5 +16,5 @@ The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.1 - https://www.oracle.com/security-alerts/cpuoct2021.html #### Github -No PoCs found on GitHub currently. +- https://github.com/Mohit190405/Python-Programming- diff --git a/2021/CVE-2021-3177.md b/2021/CVE-2021-3177.md index 024816ec1..4a0c6b88c 100644 --- a/2021/CVE-2021-3177.md +++ b/2021/CVE-2021-3177.md @@ -18,6 +18,7 @@ Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callpro - https://www.oracle.com/security-alerts/cpuoct2021.html #### Github +- https://github.com/Mohit190405/Python-Programming- - https://github.com/TAPAKAH20/python_dos_demo - https://github.com/leveryd/leveryd - https://github.com/tianocore/edk2-edkrepo diff --git a/2022/CVE-2022-30525.md b/2022/CVE-2022-30525.md index 9ec6b40d5..0761c37c8 100644 --- a/2022/CVE-2022-30525.md +++ b/2022/CVE-2022-30525.md @@ -51,6 +51,7 @@ A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) - https://github.com/cbk914/CVE-2022-30525_check - https://github.com/d-rn/vulBox - https://github.com/d4n-sec/d4n-sec.github.io +- https://github.com/defronixpro/Defronix-Cybersecurity-Roadmap - https://github.com/furkanzengin/CVE-2022-30525 - https://github.com/gotr00t0day/valhalla - https://github.com/hktalent/bug-bounty diff --git a/2022/CVE-2022-3504.md b/2022/CVE-2022-3504.md new file mode 100644 index 000000000..39fee5403 --- /dev/null +++ b/2022/CVE-2022-3504.md @@ -0,0 +1,17 @@ +### [CVE-2022-3504](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3504) +![](https://img.shields.io/static/v1?label=Product&message=Sanitization%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-707%20Improper%20Neutralization%20-%3E%20CWE-74%20Injection%20-%3E%20CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in SourceCodester Sanitization Management System and classified as critical. This issue affects some unknown processing of the file /php-sms/?p=services/view_service. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-210839. + +### POC + +#### Reference +- https://vuldb.com/?id.210839 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2022/CVE-2022-3664.md b/2022/CVE-2022-3664.md index 06480055a..23812fcb1 100644 --- a/2022/CVE-2022-3664.md +++ b/2022/CVE-2022-3664.md @@ -11,6 +11,7 @@ A vulnerability classified as critical has been found in Axiomatic Bento4. Affec #### Reference - https://github.com/axiomatic-systems/Bento4/issues/794 +- https://vuldb.com/?id.212004 #### Github No PoCs found on GitHub currently. diff --git a/2022/CVE-2022-3671.md b/2022/CVE-2022-3671.md index 0eef8ca77..85cc0455c 100644 --- a/2022/CVE-2022-3671.md +++ b/2022/CVE-2022-3671.md @@ -10,7 +10,7 @@ A vulnerability classified as critical was found in SourceCodester eLearning Sys ### POC #### Reference -No PoCs from references. +- https://vuldb.com/?id.212014 #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2023/CVE-2023-3008.md b/2023/CVE-2023-3008.md new file mode 100644 index 000000000..a2bfd247d --- /dev/null +++ b/2023/CVE-2023-3008.md @@ -0,0 +1,17 @@ +### [CVE-2023-3008](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3008) +![](https://img.shields.io/static/v1?label=Product&message=Student%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability classified as critical has been found in ningzichun Student Management System 1.0. This affects an unknown part of the file login.php. The manipulation of the argument user/pass leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230355. + +### POC + +#### Reference +- https://github.com/Xor-Gerke/webray.com.cn/blob/main/cve/student-management-system/sql_inject.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-47131.md b/2023/CVE-2023-47131.md new file mode 100644 index 000000000..c3794694f --- /dev/null +++ b/2023/CVE-2023-47131.md @@ -0,0 +1,17 @@ +### [CVE-2023-47131](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47131) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The N-able PassPortal extension before 3.29.2 for Chrome inserts sensitive information into a log file. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Wraient/SIH-2024-Problems + diff --git a/2024/CVE-2024-22243.md b/2024/CVE-2024-22243.md index 43ae5cd8e..5ab7d7c42 100644 --- a/2024/CVE-2024-22243.md +++ b/2024/CVE-2024-22243.md @@ -13,6 +13,7 @@ Applications that use UriComponentsBuilder to parse an externally provided URL No PoCs from references. #### Github +- https://github.com/CllmsyK/YYBaby-Spring_Scan - https://github.com/SeanPesce/CVE-2024-22243 - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/hinat0y/Dataset1 diff --git a/2024/CVE-2024-22257.md b/2024/CVE-2024-22257.md index e45abef4d..dc0ab36af 100644 --- a/2024/CVE-2024-22257.md +++ b/2024/CVE-2024-22257.md @@ -13,6 +13,7 @@ In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versi No PoCs from references. #### Github +- https://github.com/CllmsyK/YYBaby-Spring_Scan - https://github.com/NaInSec/CVE-LIST - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-23091.md b/2024/CVE-2024-23091.md new file mode 100644 index 000000000..b17fe9cd0 --- /dev/null +++ b/2024/CVE-2024-23091.md @@ -0,0 +1,17 @@ +### [CVE-2024-23091](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23091) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Weak password hashing using MD5 in funzioni.php in HotelDruid before 1.32 allows an attacker to obtain plaintext passwords from hash values. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-27764.md b/2024/CVE-2024-27764.md index ca002f62e..449d33ef2 100644 --- a/2024/CVE-2024-27764.md +++ b/2024/CVE-2024-27764.md @@ -10,7 +10,7 @@ An issue in Jeewms v.3.7 and before allows a remote attacker to escalate privile ### POC #### Reference -No PoCs from references. +- https://gitee.com/erzhongxmu/JEEWMS/issues/I8YN90 #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-27765.md b/2024/CVE-2024-27765.md index 7b920d96c..641268773 100644 --- a/2024/CVE-2024-27765.md +++ b/2024/CVE-2024-27765.md @@ -10,7 +10,7 @@ Directory Traversal vulnerability in Jeewms v.3.7 and before allows a remote att ### POC #### Reference -No PoCs from references. +- https://gitee.com/erzhongxmu/JEEWMS/issues/I8YN90 #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-28000.md b/2024/CVE-2024-28000.md index eb4be1ec2..1e4e51536 100644 --- a/2024/CVE-2024-28000.md +++ b/2024/CVE-2024-28000.md @@ -13,5 +13,6 @@ Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed - https://patchstack.com/articles/critical-privilege-escalation-in-litespeed-cache-plugin-affecting-5-million-sites?_s_id=cve #### Github -No PoCs found on GitHub currently. +- https://github.com/20142995/nuclei-templates +- https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-31319.md b/2024/CVE-2024-31319.md new file mode 100644 index 000000000..f4931f66f --- /dev/null +++ b/2024/CVE-2024-31319.md @@ -0,0 +1,17 @@ +### [CVE-2024-31319](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31319) +![](https://img.shields.io/static/v1?label=Product&message=Android&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2014%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Elevation%20of%20privilege&color=brighgreen) + +### Description + +In updateNotificationChannelFromPrivilegedListener of NotificationManagerService.java, there is a possible cross-user data leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-3183.md b/2024/CVE-2024-3183.md index 751e71973..bf120582f 100644 --- a/2024/CVE-2024-3183.md +++ b/2024/CVE-2024-3183.md @@ -25,5 +25,6 @@ A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypt No PoCs from references. #### Github +- https://github.com/dkadev/awesome-stars - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-3282.md b/2024/CVE-2024-3282.md new file mode 100644 index 000000000..8384d71c1 --- /dev/null +++ b/2024/CVE-2024-3282.md @@ -0,0 +1,17 @@ +### [CVE-2024-3282](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3282) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Table%20Builder&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The WP Table Builder WordPress plugin through 1.5.0 does not sanitise and escape some of its Table data, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) + +### POC + +#### Reference +- https://wpscan.com/vulnerability/12bf5e8e-24c9-48b9-b94c-c14ed60d7c15/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-34313.md b/2024/CVE-2024-34313.md index a844b3bc5..027580e78 100644 --- a/2024/CVE-2024-34313.md +++ b/2024/CVE-2024-34313.md @@ -10,7 +10,7 @@ An issue in VPL Jail System up to v4.0.2 allows attackers to execute a directory ### POC #### Reference -No PoCs from references. +- https://github.com/vincentscode/CVE-2024-34313 #### Github - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-36439.md b/2024/CVE-2024-36439.md new file mode 100644 index 000000000..9d4f43499 --- /dev/null +++ b/2024/CVE-2024-36439.md @@ -0,0 +1,17 @@ +### [CVE-2024-36439](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36439) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Swissphone DiCal-RED 4009 devices allow a remote attacker to gain access to the administrative web interface via the device password's hash value, without knowing the actual device password. + +### POC + +#### Reference +- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-038.txt + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-36440.md b/2024/CVE-2024-36440.md new file mode 100644 index 000000000..0865e9dc6 --- /dev/null +++ b/2024/CVE-2024-36440.md @@ -0,0 +1,17 @@ +### [CVE-2024-36440](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36440) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered on Swissphone DiCal-RED 4009 devices. An attacker with access to the file /etc/deviceconfig may recover the administrative device password via password-cracking methods, because unsalted MD5 is used. + +### POC + +#### Reference +- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-037.txt + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-36441.md b/2024/CVE-2024-36441.md new file mode 100644 index 000000000..1ca6ff914 --- /dev/null +++ b/2024/CVE-2024-36441.md @@ -0,0 +1,17 @@ +### [CVE-2024-36441](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36441) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Swissphone DiCal-RED 4009 devices allow an unauthenticated attacker use a port-2101 TCP connection to gain access to operation messages that are received by the device. + +### POC + +#### Reference +- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-042.txt + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-36442.md b/2024/CVE-2024-36442.md new file mode 100644 index 000000000..cc111d412 --- /dev/null +++ b/2024/CVE-2024-36442.md @@ -0,0 +1,17 @@ +### [CVE-2024-36442](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36442) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +cgi-bin/fdmcgiwebv2.cgi on Swissphone DiCal-RED 4009 devices allows an authenticated attacker to gain access to arbitrary files on the device's file system. + +### POC + +#### Reference +- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-039.txt + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-36443.md b/2024/CVE-2024-36443.md new file mode 100644 index 000000000..93c9088e6 --- /dev/null +++ b/2024/CVE-2024-36443.md @@ -0,0 +1,17 @@ +### [CVE-2024-36443](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36443) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Swissphone DiCal-RED 4009 devices allow a remote attacker to gain read access to almost the whole file system via anonymous FTP. + +### POC + +#### Reference +- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-036.txt + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-36444.md b/2024/CVE-2024-36444.md new file mode 100644 index 000000000..bdd38dcdc --- /dev/null +++ b/2024/CVE-2024-36444.md @@ -0,0 +1,17 @@ +### [CVE-2024-36444](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36444) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +cgi-bin/fdmcgiwebv2.cgi on Swissphone DiCal-RED 4009 devices allows an unauthenticated attacker to gain access to device logs. + +### POC + +#### Reference +- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-040.txt + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-36445.md b/2024/CVE-2024-36445.md new file mode 100644 index 000000000..b83e08d3a --- /dev/null +++ b/2024/CVE-2024-36445.md @@ -0,0 +1,17 @@ +### [CVE-2024-36445](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36445) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Swissphone DiCal-RED 4009 devices allow a remote attacker to gain a root shell via TELNET without authentication. + +### POC + +#### Reference +- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-035.txt + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-38807.md b/2024/CVE-2024-38807.md new file mode 100644 index 000000000..b24172e7c --- /dev/null +++ b/2024/CVE-2024-38807.md @@ -0,0 +1,17 @@ +### [CVE-2024-38807](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38807) +![](https://img.shields.io/static/v1?label=Product&message=Spring%20Boot&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=2.7.x%3C%202.7.22%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Applications that use spring-boot-loader or spring-boot-loader-classic and contain custom code that performs signature verification of nested jar files may be vulnerable to signature forgery where content that appears to have been signed by one signer has, in fact, been signed by another. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-4067.md b/2024/CVE-2024-4067.md index be6dde88b..dd8283260 100644 --- a/2024/CVE-2024-4067.md +++ b/2024/CVE-2024-4067.md @@ -11,6 +11,7 @@ The NPM package `micromatch` is vulnerable to Regular Expression Denial of Servi #### Reference - https://github.com/micromatch/micromatch/issues/243 +- https://github.com/micromatch/micromatch/pull/247 #### Github No PoCs found on GitHub currently. diff --git a/2024/CVE-2024-41659.md b/2024/CVE-2024-41659.md index aa6e46a7e..634aa4b8d 100644 --- a/2024/CVE-2024-41659.md +++ b/2024/CVE-2024-41659.md @@ -1,11 +1,11 @@ ### [CVE-2024-41659](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41659) ![](https://img.shields.io/static/v1?label=Product&message=memos&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%3D%200.20.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%200.21.0%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-942%3A%20Permissive%20Cross-domain%20Policy%20with%20Untrusted%20Domains&color=brighgreen) ### Description -memos is a privacy-first, lightweight note-taking service. A CORS misconfiguration exists in memos 0.20.1 and earlier where an arbitrary origin is reflected with Access-Control-Allow-Credentials set to true. This may allow an attacking website to make a cross-origin request, allowing the attacker to read private information or make privileged changes to the system as the vulnerable user account. +memos is a privacy-first, lightweight note-taking service. A CORS misconfiguration exists in memos 0.20.1 and earlier where an arbitrary origin is reflected with Access-Control-Allow-Credentials set to true. This may allow an attacking website to make a cross-origin request, allowing the attacker to read private information or make privileged changes to the system as the vulnerable user account. This vulnerability is fixed in 0.21.0. ### POC diff --git a/2024/CVE-2024-41676.md b/2024/CVE-2024-41676.md new file mode 100644 index 000000000..59a9e2196 --- /dev/null +++ b/2024/CVE-2024-41676.md @@ -0,0 +1,17 @@ +### [CVE-2024-41676](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41676) +![](https://img.shields.io/static/v1?label=Product&message=magento-lts&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%2020.10.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +Magento-lts is a long-term support alternative to Magento Community Edition (CE). This XSS vulnerability affects the design/header/welcome, design/header/logo_src, design/header/logo_src_small, and design/header/logo_alt system configs.They are intended to enable admins to set a text in the two cases, and to define an image url for the other two cases.But because of previously missing escaping allowed to input arbitrary html and as a consequence also arbitrary JavaScript. The problem is patched with Version 20.10.1 or higher. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-41802.md b/2024/CVE-2024-41802.md new file mode 100644 index 000000000..1e5841398 --- /dev/null +++ b/2024/CVE-2024-41802.md @@ -0,0 +1,17 @@ +### [CVE-2024-41802](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41802) +![](https://img.shields.io/static/v1?label=Product&message=xibo-cms&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3D%3E%201.8.0%2C%20%3C%203.3.12%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%3A%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the API routes inside the CMS responsible for Filtering DataSets. This allows an authenticated user to to obtain and modify arbitrary data from the Xibo database by injecting specially crafted values in to the APIs for importing JSON and importing a Layout containing DataSet data.Users should upgrade to version 3.3.12 or 4.0.14 which fix this issue + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-41803.md b/2024/CVE-2024-41803.md new file mode 100644 index 000000000..e9dbc4123 --- /dev/null +++ b/2024/CVE-2024-41803.md @@ -0,0 +1,17 @@ +### [CVE-2024-41803](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41803) +![](https://img.shields.io/static/v1?label=Product&message=xibo-cms&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3D%3E%202.1.0%2C%20%3C%203.3.12%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%3A%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the API routes inside the CMS responsible for Filtering DataSets. This allows an authenticated user to to obtain arbitrary data from the Xibo database by injecting specially crafted values in to the API for viewing DataSet data. Users should upgrade to version 3.3.12 or 4.0.14 which fix this issue. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-41804.md b/2024/CVE-2024-41804.md new file mode 100644 index 000000000..1f0e4da9f --- /dev/null +++ b/2024/CVE-2024-41804.md @@ -0,0 +1,17 @@ +### [CVE-2024-41804](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41804) +![](https://img.shields.io/static/v1?label=Product&message=xibo-cms&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3D%3E%202.1.0%2C%20%3C%203.3.12%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%3A%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the API route inside the CMS responsible for Adding/Editing DataSet Column Formulas. This allows an authenticated user to to obtain and modify arbitrary data from the Xibo database by injecting specially crafted values in to the `formula` parameter. Users should upgrade to version 3.3.12 or 4.0.14 which fix this issue. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43022.md b/2024/CVE-2024-43022.md new file mode 100644 index 000000000..f280f6329 --- /dev/null +++ b/2024/CVE-2024-43022.md @@ -0,0 +1,17 @@ +### [CVE-2024-43022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43022) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in the downloader.php component of TOSEI online store management system v4.02, v4.03, and v4.04 allows attackers to execute a directory traversal. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/b0rgch3n/b0rgch3n + diff --git a/2024/CVE-2024-43105.md b/2024/CVE-2024-43105.md new file mode 100644 index 000000000..d3d0ca186 --- /dev/null +++ b/2024/CVE-2024-43105.md @@ -0,0 +1,17 @@ +### [CVE-2024-43105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43105) +![](https://img.shields.io/static/v1?label=Product&message=Mattermost&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%3A%20Uncontrolled%20Resource%20Consumption&color=brighgreen) + +### Description + +Mattermost Plugin Channel Export versions <=1.0.0 fail to restrict concurrent runs of the /export command which allows a user to consume excessive resource by running the /export command multiple times at once. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43218.md b/2024/CVE-2024-43218.md index 5d65411d9..94152252d 100644 --- a/2024/CVE-2024-43218.md +++ b/2024/CVE-2024-43218.md @@ -1,6 +1,6 @@ ### [CVE-2024-43218](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43218) ![](https://img.shields.io/static/v1?label=Product&message=Mediavine%20Control%20Panel&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%202.10.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) ### Description diff --git a/2024/CVE-2024-43331.md b/2024/CVE-2024-43331.md new file mode 100644 index 000000000..8bd93fa01 --- /dev/null +++ b/2024/CVE-2024-43331.md @@ -0,0 +1,18 @@ +### [CVE-2024-43331](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43331) +![](https://img.shields.io/static/v1?label=Product&message=WP%20SMS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +Missing Authorization vulnerability in VeronaLabs WP SMS.This issue affects WP SMS: from n/a through 6.9.3. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43398.md b/2024/CVE-2024-43398.md new file mode 100644 index 000000000..41512d9b8 --- /dev/null +++ b/2024/CVE-2024-43398.md @@ -0,0 +1,17 @@ +### [CVE-2024-43398](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43398) +![](https://img.shields.io/static/v1?label=Product&message=rexml&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%203.3.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-776%3A%20Improper%20Restriction%20of%20Recursive%20Entity%20References%20in%20DTDs%20('XML%20Entity%20Expansion')&color=brighgreen) + +### Description + +REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability. If you use other parser APIs such as stream parser API and SAX2 parser API, this vulnerability is not affected. The REXML gem 3.3.6 or later include the patch to fix the vulnerability. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43785.md b/2024/CVE-2024-43785.md new file mode 100644 index 000000000..12a597909 --- /dev/null +++ b/2024/CVE-2024-43785.md @@ -0,0 +1,17 @@ +### [CVE-2024-43785](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43785) +![](https://img.shields.io/static/v1?label=Product&message=gitoxide&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%3D%200.41.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-150%3A%20Improper%20Neutralization%20of%20Escape%2C%20Meta%2C%20or%20Control%20Sequences&color=brighgreen) + +### Description + +gitoxide An idiomatic, lean, fast & safe pure Rust implementation of Git. gitoxide-core, which provides most underlying functionality of the gix and ein commands, does not neutralize newlines, backspaces, or control characters—including those that form ANSI escape sequences—that appear in a repository's paths, author and committer names, commit messages, or other metadata. Such text may be written as part of the output of a command, as well as appearing in error messages when an operation fails. This sometimes allows an untrusted repository to misrepresent its contents and to alter or concoct error messages. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43787.md b/2024/CVE-2024-43787.md new file mode 100644 index 000000000..18570ada0 --- /dev/null +++ b/2024/CVE-2024-43787.md @@ -0,0 +1,17 @@ +### [CVE-2024-43787](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43787) +![](https://img.shields.io/static/v1?label=Product&message=hono&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%204.5.8%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%3A%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +Hono is a Web application framework that provides support for any JavaScript runtime. Hono CSRF middleware can be bypassed using crafted Content-Type header. MIME types are case insensitive, but isRequestedByFormElementRe only matches lower-case. As a result, attacker can bypass csrf middleware using upper-case form-like MIME type. This vulnerability is fixed in 4.5.8. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-44073.md b/2024/CVE-2024-44073.md new file mode 100644 index 000000000..16196743c --- /dev/null +++ b/2024/CVE-2024-44073.md @@ -0,0 +1,17 @@ +### [CVE-2024-44073](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44073) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The Miniscript (aka rust-miniscript) library before 12.2.0 for Rust allows stack consumption because it does not properly track tree depth. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/brunoerg/bitcoinfuzz + diff --git a/2024/CVE-2024-5502.md b/2024/CVE-2024-5502.md new file mode 100644 index 000000000..888081f0f --- /dev/null +++ b/2024/CVE-2024-5502.md @@ -0,0 +1,17 @@ +### [CVE-2024-5502](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5502) +![](https://img.shields.io/static/v1?label=Product&message=Piotnet%20Addons%20For%20Elementor&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.4.30%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Accordion, Dual Heading, and Vertical Timeline widgets in all versions up to, and including, 2.4.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-5583.md b/2024/CVE-2024-5583.md new file mode 100644 index 000000000..de19975a0 --- /dev/null +++ b/2024/CVE-2024-5583.md @@ -0,0 +1,17 @@ +### [CVE-2024-5583](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5583) +![](https://img.shields.io/static/v1?label=Product&message=The%20Plus%20Addons%20for%20Elementor%20%E2%80%93%20Elementor%20Addons%2C%20Page%20Templates%2C%20Widgets%2C%20Mega%20Menu%2C%20WooCommerce&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%205.6.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the carousel_direction parameter of testimonials widget in all versions up to, and including, 5.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-5932.md b/2024/CVE-2024-5932.md index 50b37c5ce..a79b71de2 100644 --- a/2024/CVE-2024-5932.md +++ b/2024/CVE-2024-5932.md @@ -14,5 +14,6 @@ The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is #### Github - https://github.com/20142995/nuclei-templates +- https://github.com/Ostorlab/KEV - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-6386.md b/2024/CVE-2024-6386.md index efd1ed5f0..830248376 100644 --- a/2024/CVE-2024-6386.md +++ b/2024/CVE-2024-6386.md @@ -13,5 +13,5 @@ The WPML plugin for WordPress is vulnerable to Remote Code Execution in all vers - https://sec.stealthcopter.com/wpml-rce-via-twig-ssti/ #### Github -No PoCs found on GitHub currently. +- https://github.com/20142995/nuclei-templates diff --git a/2024/CVE-2024-6409.md b/2024/CVE-2024-6409.md index f4cb98937..6e997a59f 100644 --- a/2024/CVE-2024-6409.md +++ b/2024/CVE-2024-6409.md @@ -5,6 +5,7 @@ ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209.0%20Update%20Services%20for%20SAP%20Solutions&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209.2%20Extended%20Update%20Support&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204.13&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204.14&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204.15&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204.16&color=blue) diff --git a/2024/CVE-2024-6699.md b/2024/CVE-2024-6699.md new file mode 100644 index 000000000..23f7b5a12 --- /dev/null +++ b/2024/CVE-2024-6699.md @@ -0,0 +1,17 @@ +### [CVE-2024-6699](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6699) +![](https://img.shields.io/static/v1?label=Product&message=Mikafon%20MA7&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=v3.0%3C%20v3.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mikafon Electronic Inc. Mikafon MA7 allows SQL Injection.This issue affects Mikafon MA7: from v3.0 before v3.1. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-6715.md b/2024/CVE-2024-6715.md new file mode 100644 index 000000000..343e0dc36 --- /dev/null +++ b/2024/CVE-2024-6715.md @@ -0,0 +1,17 @@ +### [CVE-2024-6715](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6715) +![](https://img.shields.io/static/v1?label=Product&message=Ditty&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=3.1.39%3C%203.1.46%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Ditty WordPress plugin before 3.1.46 re-introduced a previously fixed security issue (https://wpscan.com/vulnerability/80a9eb3a-2cb1-4844-9004-ba2554b2d46c/) in v3.1.39 + +### POC + +#### Reference +- https://wpscan.com/vulnerability/19406acc-3441-4d4a-9163-ace8f1dceb78/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-6800.md b/2024/CVE-2024-6800.md index 2e6671bc1..3dc7af067 100644 --- a/2024/CVE-2024-6800.md +++ b/2024/CVE-2024-6800.md @@ -5,7 +5,7 @@ ### Description -An XML signature wrapping vulnerability was present in GitHub Enterprise Server (GHES) when utilizing SAML authentication with specific identity providers. This vulnerability allowed an attacker with direct network access to GitHub Enterprise Server to forge a SAML response to provision and/or gain access to a user with site administrator privileges. Exploitation of this vulnerability would allow unauthorized access to the instance without requiring prior authentication. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.3, 3.12.8, 3.11.14, and 3.10.16. This vulnerability was reported via the GitHub Bug Bounty program. +An XML signature wrapping vulnerability was present in GitHub Enterprise Server (GHES) when using SAML authentication with specific identity providers utilizing publicly exposed signed federation metadata XML. This vulnerability allowed an attacker with direct network access to GitHub Enterprise Server to forge a SAML response to provision and/or gain access to a user with site administrator privileges. Exploitation of this vulnerability would allow unauthorized access to the instance without requiring prior authentication. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.3, 3.12.8, 3.11.14, and 3.10.16. This vulnerability was reported via the GitHub Bug Bounty program. ### POC diff --git a/2024/CVE-2024-6870.md b/2024/CVE-2024-6870.md new file mode 100644 index 000000000..bab3d6a50 --- /dev/null +++ b/2024/CVE-2024-6870.md @@ -0,0 +1,17 @@ +### [CVE-2024-6870](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6870) +![](https://img.shields.io/static/v1?label=Product&message=Responsive%20Lightbox%20%26%20Gallery&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.4.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file uploads in all versions up to, and including, 2.4.7 due to insufficient input sanitization and output escaping affecting the rl_upload_image AJAX endpoint. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the 3gp2 file. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-6916.md b/2024/CVE-2024-6916.md new file mode 100644 index 000000000..86f09bad0 --- /dev/null +++ b/2024/CVE-2024-6916.md @@ -0,0 +1,18 @@ +### [CVE-2024-6916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6916) +![](https://img.shields.io/static/v1?label=Product&message=Zowe%20CLI%20-%20Imperative&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=5.1.0%3C%205.22.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1295%3A%20Debug%20Messages%20Revealing%20Unnecessary%20Information&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-257%3A%20Storing%20Passwords%20in%20a%20Recoverable%20Format&color=brighgreen) + +### Description + +A vulnerability in Zowe CLI allows local, privileged actors to display securely stored properties in cleartext within a terminal using the '--show-inputs-only' flag. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-7003.md b/2024/CVE-2024-7003.md new file mode 100644 index 000000000..4e0f26f57 --- /dev/null +++ b/2024/CVE-2024-7003.md @@ -0,0 +1,17 @@ +### [CVE-2024-7003](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7003) +![](https://img.shields.io/static/v1?label=Product&message=Chrome&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=127.0.6533.72%3C%20127.0.6533.72%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Inappropriate%20implementation&color=brighgreen) + +### Description + +Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) + +### POC + +#### Reference +- https://issues.chromium.org/issues/338233148 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7127.md b/2024/CVE-2024-7127.md new file mode 100644 index 000000000..9ecc9a0db --- /dev/null +++ b/2024/CVE-2024-7127.md @@ -0,0 +1,17 @@ +### [CVE-2024-7127](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7127) +![](https://img.shields.io/static/v1?label=Product&message=Social%20Marketing%20Tool&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation vulnerability in Stackposts Social Marketing Tool allows Cross-site Scripting (XSS) attack. By submitting the payload in the username during registration, it can be executed later in the application panel. This could lead to the unauthorised acquisition of information (e.g. cookies from a logged-in user). After multiple attempts to contact the vendor we did not receive any answer. Our team has confirmed the existence of this vulnerability. We suppose this issue affects Social Marketing Tool in all versions. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-7179.md b/2024/CVE-2024-7179.md index d4576f2e6..1ee357a55 100644 --- a/2024/CVE-2024-7179.md +++ b/2024/CVE-2024-7179.md @@ -13,5 +13,5 @@ A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setParentalRules.md #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-7180.md b/2024/CVE-2024-7180.md index 1ddcccbe6..9bcab14ad 100644 --- a/2024/CVE-2024-7180.md +++ b/2024/CVE-2024-7180.md @@ -13,5 +13,5 @@ A vulnerability classified as critical has been found in TOTOLINK A3600R 4.1.2cu - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setPortForwardRules.md #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-7181.md b/2024/CVE-2024-7181.md index 8a0206cb7..eb66b164a 100644 --- a/2024/CVE-2024-7181.md +++ b/2024/CVE-2024-7181.md @@ -13,5 +13,5 @@ A vulnerability classified as critical was found in TOTOLINK A3600R 4.1.2cu.5182 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setTelnetCfg.md #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-7182.md b/2024/CVE-2024-7182.md index c1ff5d2cf..12b10e8ee 100644 --- a/2024/CVE-2024-7182.md +++ b/2024/CVE-2024-7182.md @@ -13,5 +13,5 @@ A vulnerability, which was classified as critical, has been found in TOTOLINK A3 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setUpgradeFW.md #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-7183.md b/2024/CVE-2024-7183.md index 21a0b6047..2d94fdf44 100644 --- a/2024/CVE-2024-7183.md +++ b/2024/CVE-2024-7183.md @@ -13,5 +13,5 @@ A vulnerability, which was classified as critical, was found in TOTOLINK A3600R - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setUploadSetting.md #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-7184.md b/2024/CVE-2024-7184.md index 7eaeec90b..57cac414d 100644 --- a/2024/CVE-2024-7184.md +++ b/2024/CVE-2024-7184.md @@ -13,5 +13,5 @@ A vulnerability has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102 and cla - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setUrlFilterRules.md #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-7185.md b/2024/CVE-2024-7185.md index f993454bd..444a6a803 100644 --- a/2024/CVE-2024-7185.md +++ b/2024/CVE-2024-7185.md @@ -13,5 +13,5 @@ A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102 and classifi - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setWebWlanIdx.md #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-7186.md b/2024/CVE-2024-7186.md index 15d299f88..a8f3e0de3 100644 --- a/2024/CVE-2024-7186.md +++ b/2024/CVE-2024-7186.md @@ -13,5 +13,5 @@ A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setWiFiAclAddConfig.md #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-7187.md b/2024/CVE-2024-7187.md index 4fde66b2d..b94144684 100644 --- a/2024/CVE-2024-7187.md +++ b/2024/CVE-2024-7187.md @@ -13,5 +13,5 @@ A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/UploadCustomModule.md #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-7189.md b/2024/CVE-2024-7189.md index 00b1a8b3a..3a8f8e0e5 100644 --- a/2024/CVE-2024-7189.md +++ b/2024/CVE-2024-7189.md @@ -13,5 +13,5 @@ A vulnerability classified as critical has been found in itsourcecode Online Foo - https://github.com/L1OudFd8cl09/CVE/blob/main/25_07_2024_a.md #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-7190.md b/2024/CVE-2024-7190.md index a42c0efe9..2237810f2 100644 --- a/2024/CVE-2024-7190.md +++ b/2024/CVE-2024-7190.md @@ -13,5 +13,5 @@ A vulnerability classified as critical was found in itsourcecode Society Managem - https://github.com/DeepMountains/Mirage/blob/main/CVE7-4.md #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-7191.md b/2024/CVE-2024-7191.md index 4cb42432e..fa1b27282 100644 --- a/2024/CVE-2024-7191.md +++ b/2024/CVE-2024-7191.md @@ -13,5 +13,5 @@ A vulnerability, which was classified as critical, has been found in itsourcecod - https://github.com/DeepMountains/Mirage/blob/main/CVE7-5.md #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-7192.md b/2024/CVE-2024-7192.md new file mode 100644 index 000000000..19d276570 --- /dev/null +++ b/2024/CVE-2024-7192.md @@ -0,0 +1,17 @@ +### [CVE-2024-7192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7192) +![](https://img.shields.io/static/v1?label=Product&message=Society%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, was found in itsourcecode Society Management System 1.0. This affects an unknown part of the file /admin/student.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272613 was assigned to this vulnerability. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-7219.md b/2024/CVE-2024-7219.md index 9bc61207e..830ada5f6 100644 --- a/2024/CVE-2024-7219.md +++ b/2024/CVE-2024-7219.md @@ -13,5 +13,5 @@ A vulnerability classified as critical has been found in SourceCodester School L - https://gist.github.com/topsky979/03c7fe20c80455b4884ae9e6c3f3d978 #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-7220.md b/2024/CVE-2024-7220.md index 0850bf1d3..9c83d7838 100644 --- a/2024/CVE-2024-7220.md +++ b/2024/CVE-2024-7220.md @@ -13,5 +13,5 @@ A vulnerability classified as critical was found in SourceCodester School Log Ma - https://gist.github.com/topsky979/5cd0b6a43815a0615b8493cde5c4dacf #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-7221.md b/2024/CVE-2024-7221.md index 338fd19a8..be26bd4aa 100644 --- a/2024/CVE-2024-7221.md +++ b/2024/CVE-2024-7221.md @@ -13,5 +13,5 @@ A vulnerability, which was classified as critical, has been found in SourceCodes - https://gist.github.com/topsky979/1e98c4d1a3ba1ed73aab46d360c1c4b8 #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-7222.md b/2024/CVE-2024-7222.md index 5da3557ac..8d373a329 100644 --- a/2024/CVE-2024-7222.md +++ b/2024/CVE-2024-7222.md @@ -13,5 +13,5 @@ A vulnerability, which was classified as critical, was found in SourceCodester L - https://gist.github.com/topsky979/9f3d490a2bfdb5794dffc2f4aed72250 #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-7223.md b/2024/CVE-2024-7223.md index b353b577b..084d31ae1 100644 --- a/2024/CVE-2024-7223.md +++ b/2024/CVE-2024-7223.md @@ -13,5 +13,5 @@ A vulnerability has been found in SourceCodester Lot Reservation Management Syst - https://gist.github.com/topsky979/4c28743586769e73fe37007ed92cc1a7 #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-7224.md b/2024/CVE-2024-7224.md index 69f62f05c..c84f3d2d0 100644 --- a/2024/CVE-2024-7224.md +++ b/2024/CVE-2024-7224.md @@ -13,5 +13,5 @@ A vulnerability was found in SourceCodester Lot Reservation Management System 1. - https://gist.github.com/topsky979/76bc2c8ce4871ad8bb60c52e47c4fb5b #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-7327.md b/2024/CVE-2024-7327.md index 1b14a6bca..5f5d1b9be 100644 --- a/2024/CVE-2024-7327.md +++ b/2024/CVE-2024-7327.md @@ -13,5 +13,5 @@ A vulnerability classified as critical was found in Xinhu RockOA 2.6.2. This vul - https://vuldb.com/?id.273250 #### Github -No PoCs found on GitHub currently. +- https://github.com/tanjiti/sec_profile diff --git a/2024/CVE-2024-7328.md b/2024/CVE-2024-7328.md new file mode 100644 index 000000000..42f1cbc09 --- /dev/null +++ b/2024/CVE-2024-7328.md @@ -0,0 +1,17 @@ +### [CVE-2024-7328](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7328) +![](https://img.shields.io/static/v1?label=Product&message=YouDianCMS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%207%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Information%20Disclosure&color=brighgreen) + +### Description + +A vulnerability, which was classified as problematic, has been found in YouDianCMS 7. This issue affects some unknown processing of the file /t.php?action=phpinfo. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273251. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-7384.md b/2024/CVE-2024-7384.md new file mode 100644 index 000000000..a74c1bf77 --- /dev/null +++ b/2024/CVE-2024-7384.md @@ -0,0 +1,17 @@ +### [CVE-2024-7384](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7384) +![](https://img.shields.io/static/v1?label=Product&message=AcyMailing%20%E2%80%93%20An%20Ultimate%20Newsletter%20Plugin%20and%20Marketing%20Automation%20Solution%20for%20WordPress&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%209.7.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload%20of%20File%20with%20Dangerous%20Type&color=brighgreen) + +### Description + +The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the acym_extractArchive function in all versions up to, and including, 9.7.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-7778.md b/2024/CVE-2024-7778.md index 495bd7eea..ae3dba586 100644 --- a/2024/CVE-2024-7778.md +++ b/2024/CVE-2024-7778.md @@ -13,5 +13,6 @@ The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Si No PoCs from references. #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-7836.md b/2024/CVE-2024-7836.md index 7c7afd4d2..50800dcb8 100644 --- a/2024/CVE-2024-7836.md +++ b/2024/CVE-2024-7836.md @@ -13,5 +13,6 @@ The Themify Builder plugin for WordPress is vulnerable to unauthorized post dupl No PoCs from references. #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-7848.md b/2024/CVE-2024-7848.md index 003a391d8..484b54185 100644 --- a/2024/CVE-2024-7848.md +++ b/2024/CVE-2024-7848.md @@ -13,5 +13,6 @@ The User Private Files – WordPress File Sharing Plugin plugin for WordPress is No PoCs from references. #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-7896.md b/2024/CVE-2024-7896.md index 5a8e0d7fd..558e7e91a 100644 --- a/2024/CVE-2024-7896.md +++ b/2024/CVE-2024-7896.md @@ -14,5 +14,6 @@ A vulnerability was found in Tosei Online Store Management System ネット店 - https://vuldb.com/?submit.387131 #### Github +- https://github.com/b0rgch3n/b0rgch3n - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-7897.md b/2024/CVE-2024-7897.md index d2268b6f6..0b06dc41a 100644 --- a/2024/CVE-2024-7897.md +++ b/2024/CVE-2024-7897.md @@ -13,5 +13,6 @@ A vulnerability classified as critical has been found in Tosei Online Store Mana - https://gist.github.com/b0rgch3n/bb47a1ed6f66c1e8c7a80f210f4ac8ef #### Github +- https://github.com/b0rgch3n/b0rgch3n - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-7898.md b/2024/CVE-2024-7898.md index 02b8e015a..9263ae5cf 100644 --- a/2024/CVE-2024-7898.md +++ b/2024/CVE-2024-7898.md @@ -13,5 +13,5 @@ A vulnerability classified as critical was found in Tosei Online Store Managemen - https://gist.github.com/b0rgch3n/3136cad95b09e42184fb2d78aae33651 #### Github -No PoCs found on GitHub currently. +- https://github.com/b0rgch3n/b0rgch3n diff --git a/2024/CVE-2024-7971.md b/2024/CVE-2024-7971.md index 3ca3d5bf3..792f92a91 100644 --- a/2024/CVE-2024-7971.md +++ b/2024/CVE-2024-7971.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/tanjiti/sec_profile diff --git a/2024/CVE-2024-8003.md b/2024/CVE-2024-8003.md new file mode 100644 index 000000000..be975cba4 --- /dev/null +++ b/2024/CVE-2024-8003.md @@ -0,0 +1,17 @@ +### [CVE-2024-8003](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8003) +![](https://img.shields.io/static/v1?label=Product&message=gotribe-admin&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%20Deserialization&color=brighgreen) + +### Description + +A vulnerability was found in Go-Tribe gotribe-admin 1.0 and classified as problematic. Affected by this issue is the function InitRoutes of the file internal/app/routes/routes.go of the component Log Handler. The manipulation leads to deserialization. The patch is identified as 45ac90d6d1f82716f77dbcdf8e7309c229080e3c. It is recommended to apply a patch to fix this issue. + +### POC + +#### Reference +- https://vuldb.com/?submit.393987 + +#### Github +No PoCs found on GitHub currently. + diff --git a/github.txt b/github.txt index 49279e220..ad0fad77d 100644 --- a/github.txt +++ b/github.txt @@ -6561,6 +6561,7 @@ CVE-2010-4409 - https://github.com/oneoy/cve- CVE-2010-4476 - https://github.com/ARPSyndicate/cvemon CVE-2010-4476 - https://github.com/CVEDB/PoC-List CVE-2010-4476 - https://github.com/CVEDB/awesome-cve-repo +CVE-2010-4476 - https://github.com/STaj-55/Cybersecurity_Incident_Response_Database CVE-2010-4476 - https://github.com/grzegorzblaszczyk/CVE-2010-4476-check CVE-2010-4478 - https://github.com/ARPSyndicate/cvemon CVE-2010-4478 - https://github.com/DButter/whitehat_public @@ -6885,6 +6886,7 @@ CVE-2011-1002 - https://github.com/DButter/whitehat_public CVE-2011-1002 - https://github.com/EvgeniyaBalanyuk/attacks CVE-2011-1002 - https://github.com/Howertx/avahi-dos CVE-2011-1002 - https://github.com/NikolayAntipov/DB_13-01 +CVE-2011-1002 - https://github.com/avergnaud/thm-notes CVE-2011-1002 - https://github.com/berradiginamic/32123BC7-Securite-Informatique CVE-2011-1002 - https://github.com/csk/unisecbarber CVE-2011-1002 - https://github.com/kaanyeniyol/python-nmap @@ -8433,6 +8435,7 @@ CVE-2012-1182 - https://github.com/Juba0x4355/Blue-Writeup CVE-2012-1182 - https://github.com/Kiosec/Windows-Exploitation CVE-2012-1182 - https://github.com/Qftm/Information_Collection_Handbook CVE-2012-1182 - https://github.com/amishamunjal-az/Week16-Homework +CVE-2012-1182 - https://github.com/avergnaud/thm-notes CVE-2012-1182 - https://github.com/casohub/multinmap CVE-2012-1182 - https://github.com/esteban0477/RedTeamPlaybook CVE-2012-1182 - https://github.com/jlashay/Penetration-Testing-1 @@ -30163,6 +30166,7 @@ CVE-2017-0143 - https://github.com/ZyberPatrol/Active-Directory CVE-2017-0143 - https://github.com/a1xbit/BlackBoxPenetrationTesting CVE-2017-0143 - https://github.com/androidkey/MS17-011 CVE-2017-0143 - https://github.com/avboy1337/Vulnerabilities +CVE-2017-0143 - https://github.com/avergnaud/thm-notes CVE-2017-0143 - https://github.com/aymankhder/AD-attack-defense CVE-2017-0143 - https://github.com/bb33bb/Vulnerabilities CVE-2017-0143 - https://github.com/bhataasim1/AD-Attack-Defence @@ -62841,6 +62845,7 @@ CVE-2019-11358 - https://github.com/Tech-X-CNDV/codCenterStage CVE-2019-11358 - https://github.com/Techarinos/FTC CVE-2019-11358 - https://github.com/Techno-Goats-9224/FtcRobotController CVE-2019-11358 - https://github.com/Techno-Goats-9224/FtcRobotController-master-9224 +CVE-2019-11358 - https://github.com/Techno-Maniacs-16021/CenterStage-RobotController CVE-2019-11358 - https://github.com/TechnoMaister/CodNat CVE-2019-11358 - https://github.com/TechnoNatura-org/FTC_CENTERSTAGE_KrakenRyu_NusantaraRegional CVE-2019-11358 - https://github.com/TechnoTrexes/PowerPlay2023 @@ -79893,6 +79898,7 @@ CVE-2020-10732 - https://github.com/TinyNiko/android_bulletin_notes CVE-2020-10734 - https://github.com/ARPSyndicate/cvemon CVE-2020-10735 - https://github.com/ARPSyndicate/cvemon CVE-2020-10735 - https://github.com/Live-Hack-CVE/CVE-2020-10735 +CVE-2020-10735 - https://github.com/Mohit190405/Python-Programming- CVE-2020-10735 - https://github.com/NathanielAPawluk/sec-buddy CVE-2020-10735 - https://github.com/Vizonex/PyRandom128 CVE-2020-10736 - https://github.com/ARPSyndicate/cvemon @@ -98316,6 +98322,7 @@ CVE-2021-1414 - https://github.com/Z0fhack/Goby_POC CVE-2021-1472 - https://github.com/ARPSyndicate/cvemon CVE-2021-1472 - https://github.com/ARPSyndicate/kenzer-templates CVE-2021-1472 - https://github.com/Sohrabian/special-cyber-security-topic +CVE-2021-1472 - https://github.com/defronixpro/Defronix-Cybersecurity-Roadmap CVE-2021-1472 - https://github.com/zmylml/yangzifun CVE-2021-1473 - https://github.com/20142995/Goby CVE-2021-1473 - https://github.com/ARPSyndicate/cvemon @@ -102147,6 +102154,7 @@ CVE-2021-2333 - https://github.com/deepakdba/cve_checklist CVE-2021-2333 - https://github.com/radtek/cve_checklist CVE-2021-23330 - https://github.com/ARPSyndicate/cvemon CVE-2021-23335 - https://github.com/dellalibera/dellalibera +CVE-2021-23336 - https://github.com/Mohit190405/Python-Programming- CVE-2021-23337 - https://github.com/ARPSyndicate/cvemon CVE-2021-23337 - https://github.com/HotDB-Community/HotDB-Engine CVE-2021-23337 - https://github.com/LSEG-API-Samples/Example.EWA.TypeScript.WebApplication @@ -108471,6 +108479,7 @@ CVE-2021-31762 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2021-31762 - https://github.com/soosmile/POC CVE-2021-31762 - https://github.com/trhacknon/Pocingit CVE-2021-31762 - https://github.com/zecool/cve +CVE-2021-3177 - https://github.com/Mohit190405/Python-Programming- CVE-2021-3177 - https://github.com/TAPAKAH20/python_dos_demo CVE-2021-3177 - https://github.com/leveryd/leveryd CVE-2021-3177 - https://github.com/tianocore/edk2-edkrepo @@ -134702,6 +134711,7 @@ CVE-2022-30525 - https://github.com/bigblackhat/oFx CVE-2022-30525 - https://github.com/cbk914/CVE-2022-30525_check CVE-2022-30525 - https://github.com/d-rn/vulBox CVE-2022-30525 - https://github.com/d4n-sec/d4n-sec.github.io +CVE-2022-30525 - https://github.com/defronixpro/Defronix-Cybersecurity-Roadmap CVE-2022-30525 - https://github.com/furkanzengin/CVE-2022-30525 CVE-2022-30525 - https://github.com/gotr00t0day/valhalla CVE-2022-30525 - https://github.com/hktalent/bug-bounty @@ -154489,6 +154499,7 @@ CVE-2023-47120 - https://github.com/kip93/kip93 CVE-2023-47121 - https://github.com/kip93/kip93 CVE-2023-47129 - https://github.com/Cyber-Wo0dy/CVE-2023-47129 CVE-2023-47129 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2023-47131 - https://github.com/Wraient/SIH-2024-Problems CVE-2023-4714 - https://github.com/Threekiii/Awesome-POC CVE-2023-4714 - https://github.com/d4n-sec/d4n-sec.github.io CVE-2023-47140 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -164128,6 +164139,7 @@ CVE-2024-22238 - https://github.com/kaje11/CVEs CVE-2024-22239 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-22240 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-22241 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-22243 - https://github.com/CllmsyK/YYBaby-Spring_Scan CVE-2024-22243 - https://github.com/SeanPesce/CVE-2024-22243 CVE-2024-22243 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-22243 - https://github.com/hinat0y/Dataset1 @@ -164148,6 +164160,7 @@ CVE-2024-22243 - https://github.com/tanjiti/sec_profile CVE-2024-22252 - https://github.com/crackmapEZec/CVE-2024-22252-POC CVE-2024-22254 - https://github.com/crackmapEZec/CVE-2024-22252-POC CVE-2024-22256 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-22257 - https://github.com/CllmsyK/YYBaby-Spring_Scan CVE-2024-22257 - https://github.com/NaInSec/CVE-LIST CVE-2024-22257 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-22258 - https://github.com/NaInSec/CVE-LIST @@ -164457,6 +164470,7 @@ CVE-2024-2308 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-23080 - https://github.com/vin01/bogus-cves CVE-2024-23081 - https://github.com/vin01/bogus-cves CVE-2024-23082 - https://github.com/vin01/bogus-cves +CVE-2024-23091 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-23094 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-2310 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-23108 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -167157,6 +167171,8 @@ CVE-2024-27996 - https://github.com/NaInSec/CVE-LIST CVE-2024-27997 - https://github.com/NaInSec/CVE-LIST CVE-2024-27998 - https://github.com/NaInSec/CVE-LIST CVE-2024-2800 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-28000 - https://github.com/20142995/nuclei-templates +CVE-2024-28000 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-28003 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-28004 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-28005 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -168931,6 +168947,7 @@ CVE-2024-3131 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-31315 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-31315 - https://github.com/uthrasri/frameworks_base_CVE-2024-31315 CVE-2024-31318 - https://github.com/canyie/canyie +CVE-2024-31319 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-31342 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-31343 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-31345 - https://github.com/Chokopikkk/CVE-2024-31345_exploit @@ -169044,6 +169061,7 @@ CVE-2024-31819 - https://github.com/Chocapikk/Chocapikk CVE-2024-31819 - https://github.com/Chocapikk/My-CVEs CVE-2024-31819 - https://github.com/Jhonsonwannaa/CVE-2024-31819 CVE-2024-31819 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-3183 - https://github.com/dkadev/awesome-stars CVE-2024-3183 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-31839 - https://github.com/chebuya/CVE-2024-30850-chaos-rat-rce-poc CVE-2024-31839 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -170180,6 +170198,10 @@ CVE-2024-36445 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-36448 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3645 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-36510 - https://github.com/martinstnv/martinstnv +CVE-2024-36514 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-36515 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-36516 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-36517 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3652 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-36522 - https://github.com/Threekiii/CVE CVE-2024-36522 - https://github.com/enomothem/PenTestNote @@ -170278,6 +170300,7 @@ CVE-2024-37287 - https://github.com/tanjiti/sec_profile CVE-2024-3729 - https://github.com/chnzzh/OpenSSL-CVE-lib CVE-2024-37305 - https://github.com/chnzzh/OpenSSL-CVE-lib CVE-2024-37309 - https://github.com/chnzzh/OpenSSL-CVE-lib +CVE-2024-37311 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3735 - https://github.com/ahmedvienna/CVEs-and-Vulnerabilities CVE-2024-3737 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-37373 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -170481,6 +170504,7 @@ CVE-2024-38787 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3879 - https://github.com/LaPhilosophie/IoT-vulnerable CVE-2024-38793 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-3880 - https://github.com/LaPhilosophie/IoT-vulnerable +CVE-2024-38807 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-38808 - https://github.com/tanjiti/sec_profile CVE-2024-38809 - https://github.com/ch4n3-yoon/ch4n3-yoon CVE-2024-38809 - https://github.com/tanjiti/sec_profile @@ -170497,6 +170521,7 @@ CVE-2024-38856 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-38856 - https://github.com/tanjiti/sec_profile CVE-2024-38856 - https://github.com/wy876/POC CVE-2024-38856 - https://github.com/wy876/wiki +CVE-2024-38869 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3889 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3891 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3892 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -170919,6 +170944,7 @@ CVE-2024-4113 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4114 - https://github.com/LaPhilosophie/IoT-vulnerable CVE-2024-4114 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4115 - https://github.com/LaPhilosophie/IoT-vulnerable +CVE-2024-41150 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4116 - https://github.com/LaPhilosophie/IoT-vulnerable CVE-2024-41164 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4117 - https://github.com/LaPhilosophie/IoT-vulnerable @@ -170981,6 +171007,7 @@ CVE-2024-41666 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-41667 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4167 - https://github.com/LaPhilosophie/IoT-vulnerable CVE-2024-41672 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-41676 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4168 - https://github.com/LaPhilosophie/IoT-vulnerable CVE-2024-4169 - https://github.com/LaPhilosophie/IoT-vulnerable CVE-2024-4170 - https://github.com/LaPhilosophie/IoT-vulnerable @@ -170995,6 +171022,9 @@ CVE-2024-4172 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-41723 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-41727 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-41774 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-41802 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-41803 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-41804 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-41806 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-41816 - https://github.com/20142995/nuclei-templates CVE-2024-41819 - https://github.com/alessio-romano/Sfoffo-Pentesting-Notes @@ -171052,6 +171082,7 @@ CVE-2024-42035 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-42036 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-42037 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-42038 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42040 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-42041 - https://github.com/actuator/cve CVE-2024-42054 - https://github.com/jinsonvarghese/jinsonvarghese CVE-2024-42055 - https://github.com/jinsonvarghese/jinsonvarghese @@ -171166,11 +171197,15 @@ CVE-2024-42680 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-42739 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-42744 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-42758 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-42764 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42765 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42766 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-42784 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-42785 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-42849 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-42850 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-4286 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42915 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-42919 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-4295 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-4295 - https://github.com/truonghuuphuc/CVE-2024-4295-Poc @@ -171182,11 +171217,13 @@ CVE-2024-4299 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-42992 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-4300 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4301 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-43022 - https://github.com/b0rgch3n/b0rgch3n CVE-2024-43044 - https://github.com/Ostorlab/KEV CVE-2024-43044 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-43044 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-43044 - https://github.com/tanjiti/sec_profile CVE-2024-43045 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-43105 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-43111 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-43116 - https://github.com/20142995/nuclei-templates CVE-2024-43117 - https://github.com/20142995/nuclei-templates @@ -171414,8 +171451,10 @@ CVE-2024-4370 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4373 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4374 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-43770 - https://github.com/netlas-io/netlas-dorks +CVE-2024-43782 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-43785 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-43787 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-43791 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-43807 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-43808 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-43809 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -171424,12 +171463,14 @@ CVE-2024-43828 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-43833 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-43836 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-43837 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-43883 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4389 - https://github.com/20142995/nuclei-templates CVE-2024-4389 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4392 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4393 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4405 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4406 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-44073 - https://github.com/brunoerg/bitcoinfuzz CVE-2024-4418 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4433 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4439 - https://github.com/MielPopsssssss/CVE-2024-4439 @@ -171825,7 +171866,11 @@ CVE-2024-5442 - https://github.com/20142995/nuclei-templates CVE-2024-5450 - https://github.com/20142995/nuclei-templates CVE-2024-5455 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5458 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-5466 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-5467 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5488 - https://github.com/20142995/nuclei-templates +CVE-2024-5490 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-5502 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5503 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5522 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-5522 - https://github.com/truonghuuphuc/CVE-2024-5522-Poc @@ -171835,11 +171880,14 @@ CVE-2024-5535 - https://github.com/chnzzh/OpenSSL-CVE-lib CVE-2024-5542 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5555 - https://github.com/JohnnyBradvo/CVE-2024-5555 CVE-2024-5555 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-5556 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5564 - https://github.com/EGI-Federation/SVG-advisories CVE-2024-5572 - https://github.com/ajmalabubakkr/CVE CVE-2024-5576 - https://github.com/20142995/nuclei-templates +CVE-2024-5583 - https://github.com/20142995/nuclei-templates CVE-2024-5585 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5585 - https://github.com/tianstcht/tianstcht +CVE-2024-5586 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5595 - https://github.com/20142995/nuclei-templates CVE-2024-5599 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5613 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -171903,6 +171951,7 @@ CVE-2024-5893 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5894 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5895 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5932 - https://github.com/20142995/nuclei-templates +CVE-2024-5932 - https://github.com/Ostorlab/KEV CVE-2024-5932 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-5936 - https://github.com/20142995/nuclei-templates CVE-2024-5939 - https://github.com/20142995/nuclei-templates @@ -171978,6 +172027,7 @@ CVE-2024-6347 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6366 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-6384 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6385 - https://github.com/Ostorlab/KEV +CVE-2024-6386 - https://github.com/20142995/nuclei-templates CVE-2024-6387 - https://github.com/0xMarcio/cve CVE-2024-6387 - https://github.com/CVEDB/awesome-cve-repo CVE-2024-6387 - https://github.com/David-M-Berry/openssh-cve-discovery @@ -172058,6 +172108,7 @@ CVE-2024-6666 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-6691 - https://github.com/20142995/nuclei-templates CVE-2024-6692 - https://github.com/20142995/nuclei-templates CVE-2024-6695 - https://github.com/20142995/nuclei-templates +CVE-2024-6699 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6703 - https://github.com/fluentform/fluentform CVE-2024-6706 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6707 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -172107,6 +172158,7 @@ CVE-2024-6859 - https://github.com/20142995/nuclei-templates CVE-2024-6864 - https://github.com/20142995/nuclei-templates CVE-2024-6865 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6869 - https://github.com/20142995/nuclei-templates +CVE-2024-6870 - https://github.com/20142995/nuclei-templates CVE-2024-6883 - https://github.com/20142995/nuclei-templates CVE-2024-6884 - https://github.com/20142995/nuclei-templates CVE-2024-6890 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -172116,6 +172168,7 @@ CVE-2024-6893 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6896 - https://github.com/20142995/nuclei-templates CVE-2024-6911 - https://github.com/wy876/POC CVE-2024-6911 - https://github.com/wy876/wiki +CVE-2024-6916 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6917 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6923 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6924 - https://github.com/20142995/nuclei-templates @@ -172162,6 +172215,7 @@ CVE-2024-7094 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7094 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-7120 - https://github.com/Ostorlab/KEV CVE-2024-7120 - https://github.com/komodoooo/Some-things +CVE-2024-7127 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7134 - https://github.com/20142995/nuclei-templates CVE-2024-7136 - https://github.com/20142995/nuclei-templates CVE-2024-7144 - https://github.com/20142995/nuclei-templates @@ -172178,6 +172232,19 @@ CVE-2024-7166 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7167 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7168 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7169 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7179 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7180 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7181 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7182 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7183 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7184 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7185 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7186 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7187 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7189 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7190 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7191 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7192 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7194 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7195 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7196 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -172190,6 +172257,12 @@ CVE-2024-7213 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7214 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7215 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7216 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7219 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7220 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7221 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7222 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7223 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7224 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7246 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7247 - https://github.com/20142995/nuclei-templates CVE-2024-7247 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -172204,6 +172277,8 @@ CVE-2024-7301 - https://github.com/20142995/nuclei-templates CVE-2024-7313 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-7317 - https://github.com/20142995/nuclei-templates CVE-2024-7317 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7327 - https://github.com/tanjiti/sec_profile +CVE-2024-7328 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7332 - https://github.com/20142995/nuclei-templates CVE-2024-7335 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7336 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -172231,6 +172306,7 @@ CVE-2024-7365 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7366 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7382 - https://github.com/20142995/nuclei-templates CVE-2024-7383 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7384 - https://github.com/20142995/nuclei-templates CVE-2024-7388 - https://github.com/20142995/nuclei-templates CVE-2024-7388 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7390 - https://github.com/20142995/nuclei-templates @@ -172354,6 +172430,7 @@ CVE-2024-7732 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7746 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7775 - https://github.com/20142995/nuclei-templates CVE-2024-7777 - https://github.com/20142995/nuclei-templates +CVE-2024-7778 - https://github.com/20142995/nuclei-templates CVE-2024-7778 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7780 - https://github.com/20142995/nuclei-templates CVE-2024-7782 - https://github.com/20142995/nuclei-templates @@ -172365,14 +172442,19 @@ CVE-2024-7830 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7831 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7832 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7833 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7836 - https://github.com/20142995/nuclei-templates CVE-2024-7836 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7848 - https://github.com/20142995/nuclei-templates CVE-2024-7848 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7850 - https://github.com/20142995/nuclei-templates CVE-2024-7854 - https://github.com/20142995/nuclei-templates CVE-2024-7886 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7887 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7896 - https://github.com/b0rgch3n/b0rgch3n CVE-2024-7896 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7897 - https://github.com/b0rgch3n/b0rgch3n CVE-2024-7897 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7898 - https://github.com/b0rgch3n/b0rgch3n CVE-2024-7904 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7906 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7928 - https://github.com/20142995/nuclei-templates @@ -172385,6 +172467,7 @@ CVE-2024-7967 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7968 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7969 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7971 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7971 - https://github.com/tanjiti/sec_profile CVE-2024-7972 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7973 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7974 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -172395,11 +172478,14 @@ CVE-2024-7978 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7979 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7980 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7981 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7986 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-8033 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-8034 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-8035 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-8071 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-8072 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-8112 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-8113 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-87654 - https://github.com/runwuf/clickhouse-test CVE-2024-98765 - https://github.com/runwuf/clickhouse-test CVE-2024-99999 - https://github.com/kolewttd/wtt @@ -172415,6 +172501,7 @@ CVE-2106-2504 - https://github.com/ndk06/linux-kernel-exploitation CVE-2106-2504 - https://github.com/ndk191/linux-kernel-exploitation CVE-2106-2504 - https://github.com/wkhnh06/linux-kernel-exploitation CVE-2106-2504 - https://github.com/xairy/linux-kernel-exploitation +CVE-2121-33044 - https://github.com/Ostorlab/KEV CVE-2121-44228 - https://github.com/NaInSec/CVE-PoC-in-GitHub CVE-2121-44228 - https://github.com/WhooAmii/POC_to_review CVE-2121-44228 - https://github.com/zecool/cve diff --git a/references.txt b/references.txt index 3337ada65..38f674602 100644 --- a/references.txt +++ b/references.txt @@ -83,6 +83,7 @@ CVE-2001-0428 - http://www.cisco.com/warp/public/707/vpn3k-ipoptions-vuln-pub.sh CVE-2001-0429 - http://www.cisco.com/warp/public/707/cat5k-8021x-vuln-pub.shtml CVE-2001-0441 - http://www.redhat.com/support/errata/RHSA-2001-028.html CVE-2001-0455 - http://www.cisco.com/warp/public/707/Aironet340-pub.shtml +CVE-2001-0457 - https://exchange.xforce.ibmcloud.com/vulnerabilities/6211 CVE-2001-0464 - http://marc.info/?l=bugtraq&m=98761402029302&w=2 CVE-2001-0465 - http://www.turbotax.com/atr/update/ CVE-2001-0486 - http://marc.info/?l=bugtraq&m=98865027328391&w=2 @@ -369,6 +370,7 @@ CVE-2002-1595 - http://www.cisco.com/warp/public/707/SN-multiple-pub.shtml CVE-2002-1596 - http://www.cisco.com/warp/public/707/SN-multiple-pub.shtml CVE-2002-1597 - http://www.cisco.com/warp/public/707/SN-multiple-pub.shtml CVE-2002-1706 - http://www.cisco.com/warp/public/707/cmts-MD5-bypass-pub.shtml +CVE-2002-1902 - http://freshmeat.net/releases/86842/ CVE-2002-1914 - http://www.redhat.com/support/errata/RHSA-2005-583.html CVE-2002-1996 - http://sourceforge.net/tracker/index.php?func=detail&aid=524777&group_id=27927&atid=392228 CVE-2002-20001 - https://dheatattack.com @@ -23687,6 +23689,7 @@ CVE-2013-2445 - http://www.oracle.com/technetwork/topics/security/javacpujun2013 CVE-2013-2445 - http://www.securityfocus.com/bid/60639 CVE-2013-2446 - http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html CVE-2013-2446 - http://www.securityfocus.com/bid/60620 +CVE-2013-2446 - https://bugzilla.redhat.com/show_bug.cgi?id=975132 CVE-2013-2447 - http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html CVE-2013-2447 - http://www.securityfocus.com/bid/60629 CVE-2013-2448 - http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html @@ -23704,6 +23707,7 @@ CVE-2013-2454 - http://www.oracle.com/technetwork/topics/security/javacpujun2013 CVE-2013-2454 - http://www.securityfocus.com/bid/60650 CVE-2013-2455 - http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html CVE-2013-2455 - http://www.securityfocus.com/bid/60619 +CVE-2013-2455 - https://bugzilla.redhat.com/show_bug.cgi?id=975139 CVE-2013-2456 - http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html CVE-2013-2456 - http://www.securityfocus.com/bid/60641 CVE-2013-2457 - http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html @@ -49842,6 +49846,7 @@ CVE-2018-12025 - https://medium.com/secbit-media/bugged-smart-contract-f-e-how-c CVE-2018-12029 - https://pulsesecurity.co.nz/advisories/phusion-passenger-priv-esc CVE-2018-1203 - https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities CVE-2018-1203 - https://www.exploit-db.com/exploits/44039/ +CVE-2018-12030 - https://edricteo.com/chevereto-free-xss-vulnerability-in-version-1.0.12/ CVE-2018-12034 - https://bnbdr.github.io/posts/swisscheese/ CVE-2018-12034 - https://github.com/VirusTotal/yara/issues/891 CVE-2018-12034 - https://github.com/bnbdr/swisscheese @@ -85349,6 +85354,7 @@ CVE-2022-35036 - https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35036.md CVE-2022-35037 - https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35037.md CVE-2022-35038 - https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35038.md CVE-2022-35039 - https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35039.md +CVE-2022-3504 - https://vuldb.com/?id.210839 CVE-2022-35040 - https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35040.md CVE-2022-35041 - https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35041.md CVE-2022-35042 - https://drive.google.com/file/d/1Gj8rA1kD89lxUZVb_t-s3-18-ospJRJC/view?usp=sharing @@ -85830,6 +85836,7 @@ CVE-2022-36637 - https://senzee.net/index.php/2022/07/21/vulnerability-of-garage CVE-2022-36638 - https://senzee.net/index.php/2022/07/21/vulnerability-of-garage-management-system-1-0/ CVE-2022-36639 - https://senzee.net/index.php/2022/07/21/vulnerability-of-garage-management-system-1-0/ CVE-2022-3664 - https://github.com/axiomatic-systems/Bento4/issues/794 +CVE-2022-3664 - https://vuldb.com/?id.212004 CVE-2022-36640 - http://influxdata.com CVE-2022-36640 - http://influxdb.com CVE-2022-36640 - https://www.influxdata.com/ @@ -85854,6 +85861,7 @@ CVE-2022-3669 - https://vuldb.com/?id.212009 CVE-2022-3670 - https://github.com/axiomatic-systems/Bento4/files/9675049/Bug_3_POC.zip CVE-2022-3670 - https://github.com/axiomatic-systems/Bento4/issues/776 CVE-2022-3670 - https://vuldb.com/?id.212010 +CVE-2022-3671 - https://vuldb.com/?id.212014 CVE-2022-36736 - https://github.com/UditChavda/Udit-Chavda-CVE/blob/main/CVE-2022-36736 CVE-2022-36755 - https://www.dlink.com/en/security-bulletin/ CVE-2022-36756 - https://www.dlink.com/en/security-bulletin/ @@ -91702,6 +91710,7 @@ CVE-2023-30056 - https://packetstormsecurity.com/files/172192/FICO-Origination-M CVE-2023-30057 - https://packetstormsecurity.com/files/172192/FICO-Origination-Manager-Decision-Module-4.8.1-XSS-Session-Hijacking.html CVE-2023-30061 - https://github.com/Zarathustra-L/IoT_Vul/tree/main/D-Link/DIR-879 CVE-2023-3007 - https://github.com/Xor-Gerke/webray.com.cn/blob/main/cve/student-management-system/password_reset.md +CVE-2023-3008 - https://github.com/Xor-Gerke/webray.com.cn/blob/main/cve/student-management-system/sql_inject.md CVE-2023-30082 - https://blog.manavparekh.com/2023/06/cve-2023-30082.html CVE-2023-30082 - https://github.com/manavparekh/CVEs/blob/main/CVE-2023-30082/Steps%20to%20reproduce.txt CVE-2023-30083 - https://github.com/libming/libming/issues/266 @@ -97740,6 +97749,8 @@ CVE-2024-27747 - https://github.com/shubham-s-pandey/CVE_POC/blob/main/CVE-2024- CVE-2024-27752 - https://github.com/flyhha/cms/blob/main/1.md CVE-2024-27757 - https://github.com/jubilianite/flusity-CMS/security/advisories/GHSA-5843-5m74-7fqh CVE-2024-27758 - https://gist.github.com/renbou/957f70d27470982994f12a1d70153d09 +CVE-2024-27764 - https://gitee.com/erzhongxmu/JEEWMS/issues/I8YN90 +CVE-2024-27765 - https://gitee.com/erzhongxmu/JEEWMS/issues/I8YN90 CVE-2024-27826 - http://seclists.org/fulldisclosure/2024/Jul/19 CVE-2024-27862 - http://seclists.org/fulldisclosure/2024/Jul/18 CVE-2024-27863 - http://seclists.org/fulldisclosure/2024/Jul/16 @@ -98468,6 +98479,7 @@ CVE-2024-32745 - https://github.com/adiapera/xss_current_page_wondercms_3.4.3 CVE-2024-32746 - https://github.com/adiapera/xss_menu_page_wondercms_3.4.3 CVE-2024-3276 - https://wpscan.com/vulnerability/996d3247-ebdd-49d1-a1a3-ceedcf9f2f95/ CVE-2024-3281 - https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-003.txt +CVE-2024-3282 - https://wpscan.com/vulnerability/12bf5e8e-24c9-48b9-b94c-c14ed60d7c15/ CVE-2024-32866 - https://github.com/edmundhung/conform/security/advisories/GHSA-624g-8qjg-8qxf CVE-2024-32869 - https://github.com/honojs/hono/security/advisories/GHSA-3mpf-rcc7-5347 CVE-2024-32876 - https://github.com/TeamNewPipe/NewPipe/security/advisories/GHSA-wxrm-jhpf-vp6v @@ -98666,6 +98678,7 @@ CVE-2024-34252 - https://github.com/wasm3/wasm3/issues/483 CVE-2024-34257 - https://github.com/ZackSecurity/VulnerReport/blob/cve/totolink/EX1800T/1.md CVE-2024-34273 - https://github.com/chrisandoryan/vuln-advisory/blob/main/nJwt/CVE-2024-34273.md CVE-2024-34308 - https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/totolink%20LR350/README.md +CVE-2024-34313 - https://github.com/vincentscode/CVE-2024-34313 CVE-2024-34332 - https://belong2yourself.github.io/vulnerabilities/docs/SANDRA/Elevation-of-Privileges/readme/ CVE-2024-34340 - https://github.com/Cacti/cacti/security/advisories/GHSA-37x7-mfjv-mm7m CVE-2024-34345 - https://github.com/CycloneDX/cyclonedx-javascript-library/commit/5e5e1e0b9422f47d2de81c7c4064b803a01e7203 @@ -98896,7 +98909,14 @@ CVE-2024-3641 - https://wpscan.com/vulnerability/f4047f1e-d5ea-425f-8def-76dd5e6 CVE-2024-3642 - https://wpscan.com/vulnerability/dc44d85f-afe8-4824-95b0-11b9abfb04d8/ CVE-2024-3643 - https://wpscan.com/vulnerability/698277e6-56f9-4688-9a84-c2fa3ea9f7dc/ CVE-2024-36438 - https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-044.txt +CVE-2024-36439 - https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-038.txt CVE-2024-3644 - https://wpscan.com/vulnerability/10eb712a-d9c3-46c9-be6a-02811396fae8/ +CVE-2024-36440 - https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-037.txt +CVE-2024-36441 - https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-042.txt +CVE-2024-36442 - https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-039.txt +CVE-2024-36443 - https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-036.txt +CVE-2024-36444 - https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-040.txt +CVE-2024-36445 - https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-035.txt CVE-2024-36495 - http://seclists.org/fulldisclosure/2024/Jun/12 CVE-2024-36495 - https://r.sec-consult.com/winselect CVE-2024-36496 - http://seclists.org/fulldisclosure/2024/Jun/12 @@ -99380,6 +99400,7 @@ CVE-2024-40645 - https://github.com/FOGProject/fogproject/security/advisories/GH CVE-2024-4065 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC8/formSetRebootTimer.md CVE-2024-4066 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC8/fromAdvSetMacMtuWan.md CVE-2024-4067 - https://github.com/micromatch/micromatch/issues/243 +CVE-2024-4067 - https://github.com/micromatch/micromatch/pull/247 CVE-2024-4068 - https://github.com/micromatch/braces/issues/35 CVE-2024-4068 - https://github.com/micromatch/braces/pull/37 CVE-2024-40726 - https://github.com/minhquan202/Vuln-Netbox @@ -100272,6 +100293,7 @@ CVE-2024-6695 - https://wpscan.com/vulnerability/4afa5c85-ce27-4ca7-bba2-61fb39c CVE-2024-6706 - https://korelogic.com/Resources/Advisories/KL-001-2024-005.txt CVE-2024-6707 - https://korelogic.com/Resources/Advisories/KL-001-2024-006.txt CVE-2024-6710 - https://wpscan.com/vulnerability/1afcf9d4-c2f9-4d47-8d9e-d7fa6ae2358d/ +CVE-2024-6715 - https://wpscan.com/vulnerability/19406acc-3441-4d4a-9163-ace8f1dceb78/ CVE-2024-6716 - https://gitlab.com/libtiff/libtiff/-/issues/620 CVE-2024-6720 - https://wpscan.com/vulnerability/d1449be1-ae85-46f4-b5ba-390d25b87723/ CVE-2024-6724 - https://wpscan.com/vulnerability/0cb3158a-263d-4c4a-8029-62b453c281cb/ @@ -100326,6 +100348,7 @@ CVE-2024-6963 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/O3 CVE-2024-6966 - https://github.com/HermesCui/CVE/issues/1 CVE-2024-6967 - https://github.com/rtsjx-cve/cve/blob/main/sql.md CVE-2024-6984 - https://github.com/juju/juju/security/advisories/GHSA-6vjm-54vp-mxhx +CVE-2024-7003 - https://issues.chromium.org/issues/338233148 CVE-2024-7007 - https://www.cisa.gov/news-events/ics-advisories/icsa-24-207-02 CVE-2024-7008 - https://starlabs.sg/advisories/24/24-7008/ CVE-2024-7055 - https://ffmpeg.org/ @@ -100597,4 +100620,5 @@ CVE-2024-7897 - https://gist.github.com/b0rgch3n/bb47a1ed6f66c1e8c7a80f210f4ac8e CVE-2024-7898 - https://gist.github.com/b0rgch3n/3136cad95b09e42184fb2d78aae33651 CVE-2024-7900 - https://github.com/DeepMountains/Mirage/blob/main/CVE16-1.md CVE-2024-7900 - https://github.com/DeepMountains/Mirage/blob/main/CVE16-2.md +CVE-2024-8003 - https://vuldb.com/?submit.393987 CVE-2024-8072 - https://research.jfrog.com/vulnerabilities/mage-ai-terminal-server-infoleak-jfsa-2024-001039574/