[{"cve": "CVE-2024-4837", "desc": "In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via a trust boundary violation vulnerability.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-28580", "desc": "Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the ReadData() function when reading images in RAS format.", "poc": ["https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909", "https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-4440", "desc": "The 140+ Widgets | Best Addons For Elementor \u2013 FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-36673", "desc": "Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0 is vulnerable SQL Injection via login.php. This vulnerability stems from inadequate validation of user inputs for the email and password parameters, allowing attackers to inject malicious SQL queries.", "poc": ["https://github.com/CveSecLook/cve/issues/39", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-32290", "desc": "Tenda W30E v1.0 v1.0.1.25(633) firmware has a stack overflow vulnerability via the page parameter in the fromAddressNat function.", "poc": ["https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W30E/fromAddressNat_page.md", "https://github.com/LaPhilosophie/IoT-vulnerable"]}, {"cve": "CVE-2024-32288", "desc": "Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability located via the page parameter in the fromwebExcptypemanFilter function.", "poc": ["https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W30E/fromwebExcptypemanFilter.md", "https://github.com/LaPhilosophie/IoT-vulnerable"]}, {"cve": "CVE-2024-0287", "desc": "A vulnerability was found in Kashipara Food Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file itemBillPdf.php. The manipulation of the argument printid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249848.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-2681", "desc": "A vulnerability was found in Campcodes Online Job Finder System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/employee/index.php. The manipulation of the argument view leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257381 was assigned to this vulnerability.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-26062", "desc": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-34921", "desc": "TOTOLINK X5000R v9.1.0cu.2350_B20230313 was discovered to contain a command injection via the disconnectVPN function.", "poc": ["https://github.com/cainiao159357/x5000r_poc/blob/main/README.md"]}, {"cve": "CVE-2024-24793", "desc": "A use-after-free vulnerability exists in the DICOM Element Parsing as implemented in Imaging Data Commons libdicom 1.0.5. A specially crafted DICOM file can cause premature freeing of memory that is used later. To trigger this vulnerability, an attacker would need to induce the vulnerable application to process a malicious DICOM image.The Use-After-Free happens in the `parse_meta_element_create()` parsing the elements in the File Meta Information header.", "poc": ["https://talosintelligence.com/vulnerability_reports/TALOS-2024-1931", "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1931"]}, {"cve": "CVE-2024-2879", "desc": "The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the ls_get_popup_markup action in versions 7.9.11 and 7.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", "poc": ["https://github.com/JohnNetSouldRU/CVE-2024-2879-POC", "https://github.com/Ostorlab/KEV", "https://github.com/RansomGroupCVE/CVE-2024-22328-POC", "https://github.com/herculeszxc/CVE-2024-2879", "https://github.com/netlas-io/netlas-dorks", "https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/wjlin0/poc-doc", "https://github.com/wy876/POC", "https://github.com/wy876/wiki"]}, {"cve": "CVE-2024-25064", "desc": "Due to insufficient server-side validation, an attacker with login privileges could access certain resources that the attacker should not have access to by changing parameter values.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-22077", "desc": "An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The SQLite database file has weak permissions.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-0965", "desc": "The Simple Page Access Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.21 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's page restriction and view page content.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-29128", "desc": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Post SMTP POST SMTP allows Reflected XSS.This issue affects POST SMTP: from n/a through 2.8.6.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-40394", "desc": "Simple Library Management System Project Using PHP/MySQL v1.0 was discovered to contain an arbitrary file upload vulnerability via the component ajax.php.", "poc": ["https://github.com/CveSecLook/cve/issues/48"]}, {"cve": "CVE-2024-2999", "desc": "A vulnerability classified as critical has been found in Campcodes Online Art Gallery Management System 1.0. This affects an unknown part of the file /admin/adminHome.php. The manipulation of the argument uname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258201 was assigned to this vulnerability.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-32017", "desc": "RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. The size check in the `gcoap_dns_server_proxy_get()` function contains a small typo that may lead to a buffer overflow in the subsequent `strcpy()`. In detail, the length of the `_uri` string is checked instead of the length of the `_proxy` string. The `_gcoap_forward_proxy_copy_options()` function does not implement an explicit size check before copying data to the `cep->req_etag` buffer that is `COAP_ETAG_LENGTH_MAX` bytes long. If an attacker can craft input so that `optlen` becomes larger than `COAP_ETAG_LENGTH_MAX`, they can cause a buffer overflow. If the input above is attacker-controlled and crosses a security boundary, the impact of the buffer overflow vulnerabilities could range from denial of service to arbitrary code execution. This issue has yet to be patched. Users are advised to add manual bounds checking.", "poc": ["https://github.com/0xdea/advisories", "https://github.com/hnsecurity/vulns"]}, {"cve": "CVE-2024-35110", "desc": "A reflected XSS vulnerability has been found in YzmCMS 7.1. The vulnerability exists in yzmphp/core/class/application.class.php: when logged-in users access a malicious link, their cookies can be captured by an attacker.", "poc": ["https://github.com/yzmcms/yzmcms/issues/68"]}, {"cve": "CVE-2024-3189", "desc": "The Gutenberg Blocks by Kadence Blocks \u2013 Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Testimonial', 'Progress Bar', 'Lottie Animations', 'Row Layout', 'Google Maps', and 'Advanced Gallery' blocks in all versions up to, and including, 3.2.37 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-30590", "desc": "Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the schedEndTime parameter of the setSchedWifi function.", "poc": ["https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/setSchedWifi_end.md", "https://github.com/LaPhilosophie/IoT-vulnerable", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-27103", "desc": "Querybook is a Big Data Querying UI. When a user searches for their queries, datadocs, tables and lists, the search result is marked and highlighted, and this feature uses dangerouslySetInnerHTML which means that if the highlighted result has an XSS payload it will trigger. While the input to dangerouslySetInnerHTML is not sanitized for the data inside of queries which leads to an XSS vulnerability. During the \"query auto-suggestion\" the name of the suggested tables are set with innerHTML which leads to the XSS vulnerability. A patch to rectify this issue has been introduced in Querybook version 3.31.2.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-0559", "desc": "The Enhanced Text Widget WordPress plugin before 1.6.6 does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "poc": ["https://research.cleantalk.org/cve-2024-0559/", "https://wpscan.com/vulnerability/b257daf2-9540-4a0f-a560-54b47d2b913f/"]}, {"cve": "CVE-2024-26559", "desc": "An issue in uverif v.2.0 allows a remote attacker to obtain sensitive information.", "poc": ["https://syst1m.cn/2024/01/22/U%E9%AA%8C%E8%AF%81%E7%BD%91%E7%BB%9C%E7%94%A8%E6%88%B7%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9F_%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E/", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/tanjiti/sec_profile"]}, {"cve": "CVE-2024-21098", "desc": "Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", "poc": ["https://www.oracle.com/security-alerts/cpuapr2024.html"]}, {"cve": "CVE-2024-38489", "desc": "Dell iDRAC Service Module version 5.3.0.0 and prior contains Out of bound write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service (partial) event.", "poc": ["https://github.com/chnzzh/iDRAC-CVE-lib"]}, {"cve": "CVE-2024-5087", "desc": "The Minimal Coming Soon \u2013 Coming Soon Page plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the validate_ajax, deactivate_ajax, and save_ajax functions in all versions up to, and including, 2.38. This makes it possible for authenticated attackers, with Subscriber-level access and above, to edit the license key, which could disable features of the plugin.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4112", "desc": "A vulnerability classified as critical has been found in Tenda TX9 22.03.02.10. This affects the function sub_42CB94 of the file /goform/SetVirtualServerCfg. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261855. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/TX9/formSetVirtualSer.md", "https://github.com/LaPhilosophie/IoT-vulnerable", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-33485", "desc": "SQL Injection vulnerability in CASAP Automated Enrollment System using PHP/MySQLi with Source Code V1.0 allows a remote attacker to obtain sensitive information via a crafted payload to the login.php component", "poc": ["https://github.com/CveSecLook/cve/issues/17"]}, {"cve": "CVE-2024-34995", "desc": "svnWebUI v1.8.3 was discovered to contain an arbitrary file deletion vulnerability via the dirTemps parameter under com.cym.controller.UserController#importOver. This vulnerability allows attackers to delete arbitrary files via a crafted POST request.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-22088", "desc": "Lotos WebServer through 0.1.1 (commit 3eb36cc) has a use-after-free in buffer_avail() at buffer.h via a long URI, because realloc is mishandled.", "poc": ["https://github.com/chendotjs/lotos/issues/7", "https://github.com/Halcy0nic/Trophies", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/skinnyrad/Trophies"]}, {"cve": "CVE-2024-33273", "desc": "SQL injection vulnerability in shipup before v.3.3.0 allows a remote attacker to escalate privileges via the getShopID function.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-30807", "desc": "An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a heap-use-after-free in AP4_UnknownAtom::~AP4_UnknownAtom at Ap4Atom.cpp, leading to a Denial of Service (DoS), as demonstrated by mp42ts.", "poc": ["https://github.com/axiomatic-systems/Bento4/issues/937"]}, {"cve": "CVE-2024-40720", "desc": "The specific API in TCBServiSign Windows Version from CHANGING Information Technology does not properly validate server-side input. When a user visits a spoofed website, unauthenticated remote attackers can modify the `HKEY_CURRENT_USER` registry to execute arbitrary commands.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-22100", "desc": "MicroDicom DICOM Viewer versions 2023.3 (Build 9342) and prior are affected by a heap-based buffer overflow vulnerability, which could allow an attacker to execute arbitrary code on affected installations of DICOM Viewer. A user must open a malicious DCM file in order to exploit the vulnerability.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-27764", "desc": "An issue in Jeewms v.3.7 and before allows a remote attacker to escalate privileges via the AuthInterceptor component.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-42358", "desc": "PDFio is a simple C library for reading and writing PDF files. There is a denial of service (DOS) vulnerability in the TTF parser. Maliciously crafted TTF files can cause the program to utilize 100% of the Memory and enter an infinite loop. This can also lead to a heap-buffer-overflow vulnerability. An infinite loop occurs in the read_camp function by nGroups value. The ttf.h library is vulnerable. A value called nGroups is extracted from the file, and by changing that value, you can cause the program to utilize 100% of the Memory and enter an infinite loop. If the value of nGroups in the file is small, an infinite loop will not occur. This library, whether used as a standalone binary or as part of another application, is vulnerable to DOS attacks when parsing certain types of files. Automated systems, including web servers that use this code to convert PDF submissions into plaintext, can be DOSed if an attacker uploads a malicious TTF file. This issue has been addressed in release version 1.3.1. All users are advised to upgrade. There are no known workarounds for this vulnerability.", "poc": ["https://github.com/michaelrsweet/pdfio/security/advisories/GHSA-4hh9-j68x-8353"]}, {"cve": "CVE-2024-3313", "desc": "SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM Server 2021 and Substation Server 2021.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-29400", "desc": "An issue was discovered in RuoYi v4.5.1, allows attackers to obtain sensitive information via the status parameter.", "poc": ["https://github.com/Fr1ezy/RuoYi_info"]}, {"cve": "CVE-2024-28335", "desc": "Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim's web browser accesses an untrusted website that uses JavaScript to send requests to localhost port 5000, and the web browser is running on the same machine as the \"lektor server\" command.", "poc": ["https://packetstormsecurity.com/files/177708/Lektor-Static-CMS-3.3.10-Arbitrary-File-Upload-Remote-Code-Execution.html"]}, {"cve": "CVE-2024-41118", "desc": "streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `url` variable on line 47 of `pages/7_\ud83d\udce6_Web_Map_Service.py` takes user input, which is passed to `get_layers` function, in which `url` is used with `get_wms_layer` method. `get_wms_layer` method creates a request to arbitrary destinations, leading to blind server-side request forgery. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue.", "poc": ["https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/"]}, {"cve": "CVE-2024-41381", "desc": "microweber 2.0.16 was discovered to contain a Cross Site Scripting (XSS) vulnerability via userfiles\\modules\\settings\\admin.php.", "poc": ["https://github.com/microweber/microweber/issues/1110"]}, {"cve": "CVE-2024-25119", "desc": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. The plaintext value of `$GLOBALS['SYS']['encryptionKey']` was displayed in the editing forms of the TYPO3 Install Tool user interface. This allowed attackers to utilize the value to generate cryptographic hashes used for verifying the authenticity of HTTP request parameters. Exploiting this vulnerability requires an administrator-level backend user account with system maintainer permissions. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this vulnerability.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-21084", "desc": "Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Service Gateway). Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. While the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle BI Publisher accessible data. CVSS 3.1 Base Score 5.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N).", "poc": ["https://www.oracle.com/security-alerts/cpuapr2024.html"]}, {"cve": "CVE-2024-33026", "desc": "Transient DOS while parsing probe response and assoc response frame when received frame length is less than max size of timestamp.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-33640", "desc": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LBell Pretty Google Calendar allows Stored XSS.This issue affects Pretty Google Calendar: from n/a through 1.7.2.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-30381", "desc": "An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Juniper Networks Paragon Active Assurance Control Center allows a network-adjacent attacker with root access to a Test Agent Appliance the ability to access sensitive information about downstream devices.The \"netrounds-probe-login\" daemon (also called probe_serviced) exposes functions where the Test Agent (TA) Appliance pushes interface state/config, unregister itself, etc. The remote service accidentally exposes an internal database object that can be used for direct database access on the Paragon Active Assurance Control Center.This issue affects Paragon Active Assurance: 4.1.0, 4.2.0.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-28008", "desc": "Active Debug Code in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary OS command via the internet.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-21845", "desc": "in OpenHarmony v4.0.0 and prior versions allow a local attacker cause heap overflow through integer overflow.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-30859", "desc": "netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/config_ISCGroupSSLCert.php.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-26650", "desc": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-35842", "desc": "In the Linux kernel, the following vulnerability has been resolved:ASoC: mediatek: sof-common: Add NULL check for normal_link stringIt's not granted that all entries of struct sof_conn_stream declarea `normal_link` (a non-SOF, direct link) string, and this is the casefor SoCs that support only SOF paths (hence do not support both directand SOF usecases).For example, in the case of MT8188 there is no normal_link string inany of the sof_conn_stream entries and there will be more driversdoing that in the future.To avoid possible NULL pointer KPs, add a NULL check for `normal_link`.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-7533", "desc": "Use after free in Sharing in Google Chrome on iOS prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-30564", "desc": "An issue inandrei-tatar nora-firebase-common between v.1.0.41 and v.1.12.2 allows a remote attacker to execute arbitrary code via a crafted script to the updateState parameter of the updateStateInternal method.", "poc": ["https://gist.github.com/mestrtee/5dc2c948c2057f98d3de0a9790903c6c", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-42238", "desc": "In the Linux kernel, the following vulnerability has been resolved:firmware: cs_dsp: Return error if block header overflows fileReturn an error from cs_dsp_power_up() if a block header is longerthan the amount of data left in the file.The previous code in cs_dsp_load() and cs_dsp_load_coeff() would loopwhile there was enough data left in the file for a valid region. Thisprotected against overrunning the end of the file data, but it didn'tabort the file processing with an error.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-31848", "desc": "A path traversal vulnerability exists in the Java version of CData API Server < 23.4.8844 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application.", "poc": ["https://www.tenable.com/security/research/tra-2024-09", "https://github.com/Stuub/CVE-2024-31848-PoC", "https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/tanjiti/sec_profile"]}, {"cve": "CVE-2024-0905", "desc": "The Fancy Product Designer WordPress plugin before 6.1.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against unauthenticated and admin-level users", "poc": ["https://wpscan.com/vulnerability/3b9eba0d-29aa-47e4-b17f-4cf4bbf8b690/", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-3515", "desc": "Use after free in Dawn in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4724", "desc": "A vulnerability, which was classified as problematic, was found in Campcodes Legal Case Management System 1.0. Affected is an unknown function of the file /admin/case-type. The manipulation of the argument case_type_name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-263802 is the identifier assigned to this vulnerability.", "poc": ["https://github.com/yylmm/CVE/blob/main/Legal%20Case%20Management%20System/xss_admin_case-type.md"]}, {"cve": "CVE-2024-29461", "desc": "An issue in Floodlight SDN OpenFlow Controller v.1.2 allows a remote attacker to cause a denial of service via the datapath id component.", "poc": ["https://gist.github.com/ErodedElk/399a226905c574efe705e3bff77955e3", "https://github.com/floodlight/floodlight/issues/867", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-27161", "desc": "all the Toshiba printers have programs containing a hardcoded key used to encrypt files. An attacker can decrypt the encrypted files using the hardcoded key. Insecure algorithm is used for the encryption. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the \"Base Score\" of this vulnerability.\u00a0For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL.", "poc": ["http://seclists.org/fulldisclosure/2024/Jul/1"]}, {"cve": "CVE-2024-30237", "desc": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Supsystic Slider by Supsystic.This issue affects Slider by Supsystic: from n/a through 1.8.10.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-22045", "desc": "A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.1 SP1). The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information. This information is also available via the web interface of the product.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-23789", "desc": "Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary OS command on the affected product.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-21052", "desc": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "poc": ["https://www.oracle.com/security-alerts/cpuapr2024.html"]}, {"cve": "CVE-2024-33211", "desc": "Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the PPPOEPassword parameter in ip/goform/QuickIndex.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-22749", "desc": "GPAC v2.3 was detected to contain a buffer overflow via the function gf_isom_new_generic_sample_description function in the isomedia/isom_write.c:4577", "poc": ["https://github.com/gpac/gpac/issues/2713", "https://github.com/hanxuer/crashes/blob/main/gapc/01/readme.md"]}, {"cve": "CVE-2024-32738", "desc": "A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3.\u00a0An unauthenticated remote attacker can leak sensitive information via the \"query_ptask_lean\" function within MCUDBHelper.", "poc": ["https://www.tenable.com/security/research/tra-2024-14"]}, {"cve": "CVE-2024-24097", "desc": "Cross Site Scripting (XSS) vulnerability in Code-projects Scholars Tracking System 1.0 allows attackers to run arbitrary code via the News Feed.", "poc": ["https://github.com/ASR511-OO7/CVE-2024-24097", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-3707", "desc": "Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to enumerate all files in the web tree by accessing a php file.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4616", "desc": "The Widget Bundle WordPress plugin through 2.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users", "poc": ["https://wpscan.com/vulnerability/d203bf3b-aee9-4755-b429-d6bbdd940890/"]}, {"cve": "CVE-2024-33014", "desc": "Transient DOS while parsing ESP IE from beacon/probe response frame.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-5169", "desc": "The Video Widget WordPress plugin through 1.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "poc": ["https://wpscan.com/vulnerability/f0de62e3-5e85-43f3-8e3e-e816dafb1406/"]}, {"cve": "CVE-2024-20849", "desc": "Out-of-bound Write vulnerability in chunk parsing implementation of libsdffextractor prior to SMR Apr-2023 Release 1 allows local attackers to execute arbitrary code.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-5735", "desc": "Full Path Disclosure vulnerability in AdmirorFrames Joomla! extension in afHelper.php script allows an unauthorised attacker to retrieve location of web root folder.\u00a0This issue affects AdmirorFrames: before 5.0.", "poc": ["https://github.com/afine-com/research", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-29301", "desc": "SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Injection via update-admin.php?admin_id=", "poc": ["https://packetstormsecurity.com/files/177737/Task-Management-System-1.0-SQL-Injection.html", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-30715", "desc": "** DISPUTED ** A buffer overflow vulnerability has been discovered in the C++ components of ROS2 Dashing Diademata in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via improper handling of arrays or strings. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/yashpatelphd/CVE-2024-30715"]}, {"cve": "CVE-2024-40738", "desc": "A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-ports/{id}/edit/.", "poc": ["https://github.com/minhquan202/Vuln-Netbox"]}, {"cve": "CVE-2024-6315", "desc": "The Blox Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handleUploadFile' function in all versions up to, and including, 1.0.65. This makes it possible for authenticated attackers, with contributor-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible.", "poc": ["https://github.com/20142995/nuclei-templates"]}, {"cve": "CVE-2024-2799", "desc": "The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Grid & Advanced Text widget HTML tags in all versions up to, and including, 1.3.96 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-29129", "desc": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPLIT Pty Ltd OxyExtras allows Reflected XSS.This issue affects OxyExtras: from n/a through 1.4.4.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-35678", "desc": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BestWebSoft Contact Form to DB by BestWebSoft.This issue affects Contact Form to DB by BestWebSoft: from n/a through 1.7.2.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-6529", "desc": "The Ultimate Classified Listings WordPress plugin before 1.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin", "poc": ["https://wpscan.com/vulnerability/1a346c9a-cc1a-46b1-b27a-a77a38449933/", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-25167", "desc": "Cross Site Scripting vulnerability in eblog v1.0 allows a remote attacker to execute arbitrary code via a crafted script to the argument description parameter when submitting a comment on a post.", "poc": ["https://github.com/biantaibao/eblog_xss/blob/main/report.md"]}, {"cve": "CVE-2024-36535", "desc": "Insecure permissions in meshery v0.7.51 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.", "poc": ["https://gist.github.com/HouqiyuA/2950c3993cdeff23afcbd73ba7a33879"]}, {"cve": "CVE-2024-39008", "desc": "robinweser fast-loops v1.1.3 was discovered to contain a prototype pollution via the function objectMergeDeep. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.", "poc": ["https://gist.github.com/mestrtee/f09a507c8d59fbbb7fd40880cd9b87ed"]}, {"cve": "CVE-2024-26043", "desc": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-1076", "desc": "The SSL Zen WordPress plugin before 4.6.0 only relies on the use of .htaccess to prevent visitors from accessing the site's generated private keys, which allows an attacker to read them if the site runs on a server who doesn't support .htaccess files, like NGINX.", "poc": ["https://wpscan.com/vulnerability/9c3e9c72-3d6c-4e2c-bb8a-f4efce1371d5/"]}, {"cve": "CVE-2024-26229", "desc": "Windows CSC Service Elevation of Privilege Vulnerability", "poc": ["https://github.com/0xMarcio/cve", "https://github.com/GhostTroops/TOP", "https://github.com/RalfHacker/CVE-2024-26229-exploit", "https://github.com/apkc/CVE-2024-26229-BOF", "https://github.com/gmh5225/awesome-game-security", "https://github.com/michredteam/PoC-26229", "https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/tanjiti/sec_profile", "https://github.com/varwara/CVE-2024-26229"]}, {"cve": "CVE-2024-20762", "desc": "Animate versions 24.0, 23.0.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-37081", "desc": "The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo.\u00a0An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server Appliance.", "poc": ["https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/tanjiti/sec_profile"]}, {"cve": "CVE-2024-32761", "desc": "Under certain conditions, a potential data leak may occur in the Traffic Management Microkernels (TMMs) of BIG-IP tenants running on VELOS and rSeries platforms. However, this issue cannot be exploited by an attacker because it is not consistently reproducible and is beyond an attacker's control.\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-2526", "desc": "A vulnerability has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/rooms.php. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256963. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Reflected%20XSS%20-%20rooms.php.md", "https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-7455", "desc": "A vulnerability, which was classified as critical, was found in itsourcecode Tailoring Management System 1.0. This affects an unknown part of the file partedit.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273549 was assigned to this vulnerability.", "poc": ["https://github.com/Wumshi/cve/issues/3", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4180", "desc": "The Events Calendar WordPress plugin before 6.4.0.1 does not properly sanitize user-submitted content when rendering some views via AJAX.", "poc": ["https://wpscan.com/vulnerability/b2a92316-e404-4a5e-8426-f88df6e87550/"]}, {"cve": "CVE-2024-27192", "desc": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scott Reilly Configure SMTP allows Reflected XSS.This issue affects Configure SMTP: from n/a through 3.1.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-28216", "desc": "nGrinder before 3.5.9 allows an attacker to obtain the results of webhook requests due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4840", "desc": "An flaw was found in the OpenStack Platform (RHOSP) director, a toolset for installing and managing a complete RHOSP environment. Plaintext passwords may be stored in log files, which can expose sensitive information to anyone with access to the logs.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-24787", "desc": "On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a \"#cgo LDFLAGS\" directive.", "poc": ["https://github.com/LOURC0D3/CVE-2024-24787-PoC", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-35845", "desc": "In the Linux kernel, the following vulnerability has been resolved:wifi: iwlwifi: dbg-tlv: ensure NUL terminationThe iwl_fw_ini_debug_info_tlv is used as a string, so we mustensure the string is terminated correctly before using it.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-1742", "desc": "Invocation of the sqlplus command with sensitive information in the command line in the mk_oracle Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows the extraction of this information from the process list.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-2174", "desc": "Inappropriate implementation in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "poc": ["https://issues.chromium.org/issues/325866363", "https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-3096", "desc": "In PHP\u00a0 version 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, if\u00a0a password stored with password_hash() starts with a null byte (\\x00), testing a blank string as the password via password_verify() will incorrectly return true.", "poc": ["http://www.openwall.com/lists/oss-security/2024/04/12/11", "https://github.com/php/php-src/security/advisories/GHSA-h746-cjrr-wfmr", "https://github.com/Symbolexe/SHIFU", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-2430", "desc": "The Website Content in Page or Post WordPress plugin before 2024.04.09 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks", "poc": ["https://wpscan.com/vulnerability/990b7d7a-3d7a-46d5-9aeb-740de817e2d9/"]}, {"cve": "CVE-2024-29131", "desc": "Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1.Users are recommended to upgrade to version 2.10.1, which fixes the issue.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-23058", "desc": "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pass parameter in the setTr069Cfg function.", "poc": ["https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/6/TOTOlink%20A3300R%20setTr069Cfg.md", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-29855", "desc": "Hard-coded JWT secret allows authentication bypass in Veeam Recovery Orchestrator", "poc": ["https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-33429", "desc": "Buffer-Overflow vulnerability at pcm_convert.h:513 of phiola v2.0-rc22 allows a remote attacker to execute arbitrary code via a crafted .wav file.", "poc": ["https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/heap-buffer-overflow-2/heap-buffer-overflow-2.assets/image-20240420011116818.png", "https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/heap-buffer-overflow-2/heap-buffer-overflow-2.md", "https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/heap-buffer-overflow-2/poc/", "https://github.com/Helson-S/FuzzyTesting/tree/master/phiola/heap-buffer-overflow-2", "https://github.com/stsaz/phiola/issues/30"]}, {"cve": "CVE-2024-2811", "desc": "A vulnerability was found in Tenda AC15 15.03.20_multi and classified as critical. Affected by this issue is the function formWifiWpsStart of the file /goform/WifiWpsStart. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257666 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formWifiWpsStart.md", "https://github.com/LaPhilosophie/IoT-vulnerable", "https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-25526", "desc": "RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the project_id parameter at /ProjectManage/pm_gatt_inc.aspx.", "poc": ["https://gist.github.com/Mr-xn/bc8261a5c3e35a72768723acf1da358d#pm_gatt_incaspx"]}, {"cve": "CVE-2024-3618", "desc": "A vulnerability, which was classified as critical, was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Affected is an unknown function of the file /control/activate_case.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-260274 is the identifier assigned to this vulnerability.", "poc": ["https://github.com/zyairelai/CVE-submissions/blob/main/kortex-activate_case-sqli.md", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-5472", "desc": "The WP QuickLaTeX WordPress plugin before 3.8.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).", "poc": ["https://wpscan.com/vulnerability/dcddc2de-c32c-4f8c-8490-f3d980b05822/"]}, {"cve": "CVE-2024-31852", "desc": "LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is \"we don't have strong objections for a CVE to be created ... It does seem that the likelihood of this miscompile enabling an exploit remains very low, because the miscompile resulting in this JOP gadget is such that the function is most likely to crash on most valid inputs to the function. So, if this function is covered by any testing, the miscompile is most likely to be discovered before the binary is shipped to production.\"", "poc": ["https://github.com/llvm/llvm-project/issues/80287", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-25407", "desc": "SteVe v3.6.0 was discovered to use predictable transaction ID's when receiving a StartTransaction request. This vulnerability can allow attackers to cause a Denial of Service (DoS) by using the predicted transaction ID's to terminate other transactions.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-27991", "desc": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SupportCandy allows Stored XSS.This issue affects SupportCandy: from n/a through 3.2.3.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-23129", "desc": "A maliciously crafted MODEL 3DM, STP, or SLDASM file, when in opennurbs.dll parsed through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-28848", "desc": "OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The `\u200eCompiledRule::validateExpression` method evaluates an SpEL expression using an `StandardEvaluationContext`, allowing the expression to reach and interact with Java classes such as `java.lang.Runtime`, leading to Remote Code Execution. The `/api/v1/policies/validation/condition/` endpoint passes user-controlled data `CompiledRule::validateExpession` allowing authenticated (non-admin) users to execute arbitrary system commands on the underlaying operating system. In addition, there is a missing authorization check since `Authorizer.authorize()` is never called in the affected path and therefore any authenticated non-admin user is able to trigger this endpoint and evaluate arbitrary SpEL expressions leading to arbitrary command execution. This vulnerability was discovered with the help of CodeQL's Expression language injection (Spring) query and is also tracked as `GHSL-2023-236`. This issue may lead to Remote Code Execution and has been resolved in version 1.2.4. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "poc": ["https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-5xv3-fm7g-865r", "https://github.com/NaInSec/CVE-LIST", "https://github.com/tequilasunsh1ne/OpenMetadata_policies_spel", "https://github.com/wjlin0/poc-doc", "https://github.com/wy876/POC", "https://github.com/wy876/wiki"]}, {"cve": "CVE-2024-5395", "desc": "A vulnerability was found in itsourcecode Online Student Enrollment System 1.0. It has been rated as critical. This issue affects some unknown processing of the file listofinstructor.php. The manipulation of the argument FullName leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-266309 was assigned to this vulnerability.", "poc": ["https://github.com/Lanxiy7th/lx_CVE_report-/issues/8"]}, {"cve": "CVE-2024-36522", "desc": "The default configuration of XSLTResourceStream.java is vulnerable to remote code execution via XSLT injection when processing input from an untrusted source without validation.Users are recommended to upgrade to versions 10.1.0, 9.18.0 or 8.16.0, which fix this issue.", "poc": ["https://github.com/Threekiii/CVE", "https://github.com/enomothem/PenTestNote"]}, {"cve": "CVE-2024-21006", "desc": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "poc": ["https://www.oracle.com/security-alerts/cpuapr2024.html", "https://github.com/20142995/sectool", "https://github.com/momika233/CVE-2024-21006", "https://github.com/netlas-io/netlas-dorks", "https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/tanjiti/sec_profile", "https://github.com/wy876/POC", "https://github.com/wy876/wiki"]}, {"cve": "CVE-2024-23606", "desc": "An out-of-bounds write vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-20953", "desc": "Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Export). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in takeover of Oracle Agile PLM. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-0670", "desc": "Privilege escalation in windows agent plugin in Checkmk before 2.2.0p23, 2.1.0p40 and 2.0.0 (EOL) allows local user to escalate privileges", "poc": ["http://seclists.org/fulldisclosure/2024/Mar/29", "https://checkmk.com/werk/16361", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-24725", "desc": "Gibbon through 26.0.00 allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the modules/System%20Admin/import_run.php&type=externalAssessment&step=4 URI.", "poc": ["https://www.exploit-db.com/exploits/51903", "https://github.com/NaInSec/CVE-LIST", "https://github.com/tanjiti/sec_profile"]}, {"cve": "CVE-2024-21761", "desc": "An improper authorization vulnerability [CWE-285] in FortiPortal version 7.2.0, and versions 7.0.6 and below reports may allow a user to download other organizations reports via modification in the request payload.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/vulsio/go-cve-dictionary"]}, {"cve": "CVE-2024-2866", "desc": "** REJECT ** Accidental reservation. Please use CVE-2024-2509.", "poc": ["https://research.cleantalk.org/cve-2024-2509/", "https://wpscan.com/vulnerability/dec4a632-e04b-4fdd-86e4-48304b892a4f/", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-20687", "desc": "Microsoft AllJoyn API Denial of Service Vulnerability", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-21503", "desc": "Versions of the package black before 24.3.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the lines_with_leading_tabs_expanded function in the strings.py file. An attacker could exploit this vulnerability by crafting a malicious input that causes a denial of service.\nExploiting this vulnerability is possible when running Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings.", "poc": ["https://security.snyk.io/vuln/SNYK-PYTHON-BLACK-6256273", "https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-25503", "desc": "Cross Site Scripting (XSS) vulnerability in Advanced REST Client v.17.0.9 allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted script to the edit details parameter of the New Project function.", "poc": ["https://github.com/EQSTLab/PoC/tree/main/2024/XSS/CVE-2024-25503"]}, {"cve": "CVE-2024-22727", "desc": "Teltonika TRB1-series devices with firmware before TRB1_R_00.07.05.2 allow attackers to exploit a firmware vulnerability via Ethernet LAN or USB.", "poc": ["https://teltonika-networks.com/newsroom/critical-security-update-for-trb1-series-gateways", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-21072", "desc": "Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Data Provider UI). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Installed Base, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Installed Base accessible data as well as unauthorized read access to a subset of Oracle Installed Base accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "poc": ["https://www.oracle.com/security-alerts/cpuapr2024.html"]}, {"cve": "CVE-2024-22026", "desc": "A local privilege escalation vulnerability in EPMM before 12.1.0.0 allows an authenticated local user to bypass shell restriction and execute arbitrary commands on the appliance.", "poc": ["https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/securekomodo/CVE-2024-22026"]}, {"cve": "CVE-2024-3985", "desc": "The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Call to Action widget in all versions up to, and including, 2.6.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-20013", "desc": "In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08471742; Issue ID: ALPS08308608.", "poc": ["https://github.com/Resery/Resery", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-7334", "desc": "A vulnerability was found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. It has been rated as critical. This issue affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273257 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/ruan-uer/create/blob/main/IoT-vulnerable/TOTOLINK/EX1200/UploadCustomModule.md"]}, {"cve": "CVE-2024-30234", "desc": "Missing Authorization vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.1.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-22628", "desc": "Budget and Expense Tracker System v1.0 is vulnerable to SQL Injection via /expense_budget/admin/?page=reports/budget&date_start=2023-12-28&date_end=", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-7444", "desc": "A vulnerability classified as critical was found in itsourcecode Ticket Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file login.php of the component Login Page. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273529 was assigned to this vulnerability.", "poc": ["https://github.com/DeepMountains/Mirage/blob/main/CVE10-1.md", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-2545", "desc": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-1730. Reason: This candidate is a duplicate of CVE-2024-1730. Notes: All CVE users should reference CVE-2024-1730 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-1109", "desc": "The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the init_download() and init() functions in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to export the plugin's tracking data and podcast information.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4525", "desc": "A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /view/student_payment_details4.php. The manipulation of the argument index leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263128.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-21413", "desc": "Microsoft Outlook Remote Code Execution Vulnerability", "poc": ["https://research.checkpoint.com/2024/the-risks-of-the-monikerlink-bug-in-microsoft-outlook-and-the-big-picture/", "https://github.com/0xMarcio/cve", "https://github.com/CMNatic/CVE-2024-21413", "https://github.com/DevAkabari/CVE-2024-21413", "https://github.com/GhostTroops/TOP", "https://github.com/MSeymenD/CVE-2024-21413", "https://github.com/Mdusmandasthaheer/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability", "https://github.com/Ostorlab/KEV", "https://github.com/Threekiii/CVE", "https://github.com/X-Projetion/CVE-2024-21413-Microsoft-Outlook-RCE-Exploit", "https://github.com/ZonghaoLi777/githubTrending", "https://github.com/ahmetkarakayaoffical/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability", "https://github.com/aneasystone/github-trending", "https://github.com/bkzk/cisco-email-filters", "https://github.com/dshabani96/CVE-2024-21413", "https://github.com/duy-31/CVE-2024-21413", "https://github.com/eddmen2812/lab_hacking", "https://github.com/fireinrain/github-trending", "https://github.com/hktalent/bug-bounty", "https://github.com/jafshare/GithubTrending", "https://github.com/johe123qwe/github-trending", "https://github.com/josephalan42/CTFs-Infosec-Witeups", "https://github.com/labesterOct/CVE-2024-21413", "https://github.com/madret/KQL", "https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/r00tb1t/CVE-2024-21413-POC", "https://github.com/sampsonv/github-trending", "https://github.com/securitycipher/daily-bugbounty-writeups", "https://github.com/tanjiti/sec_profile", "https://github.com/th3Hellion/CVE-2024-21413", "https://github.com/tib36/PhishingBook", "https://github.com/xaitax/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability", "https://github.com/xaitax/SploitScan", "https://github.com/zhaoxiaoha/github-trending"]}, {"cve": "CVE-2024-23673", "desc": "Malicious code execution via path traversal in Apache Software Foundation Apache Sling Servlets Resolver.This issue affects all version of Apache Sling Servlets Resolver before 2.11.0. However, whether a system is vulnerable to this attack depends on the exact configuration of the system.If the system is vulnerable, a user with write access to the repository might be able to trick the Sling Servlet Resolver to load a previously uploaded script.\u00a0Users are recommended to upgrade to version 2.11.0, which fixes this issue. It is recommended to upgrade, regardless of whether your system configuration currently allows this attack or not.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-25654", "desc": "Insecure permissions for log files of AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS allow members (with local access to the UMP application server) to access credentials to authenticate to all services, and to decrypt sensitive data stored in the database.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-29135", "desc": "Unrestricted Upload of File with Dangerous Type vulnerability in Tourfic.This issue affects Tourfic: from n/a through 2.11.15.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-30165", "desc": "Amazon AWS Client VPN before 3.9.1 on macOS has a buffer overflow that could potentially allow a local actor to execute arbitrary commands with elevated permissions, a different vulnerability than CVE-2024-30164.", "poc": ["https://github.com/p4yl0ad/p4yl0ad"]}, {"cve": "CVE-2024-24001", "desc": "jshERP v3.3 is vulnerable to SQL Injection. via the com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findallocationDetail() function of jshERP which allows an attacker to construct malicious payload to bypass jshERP's protection mechanism.", "poc": ["https://github.com/jishenghua/jshERP/issues/99"]}, {"cve": "CVE-2024-6836", "desc": "The Funnel Builder for WordPress by FunnelKit \u2013 Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple functions in all versions up to, and including, 3.4.6. This makes it possible for authenticated attackers, with Contributor-level access and above, to update multiple settings, including templates, designs, checkouts, and other plugin settings.", "poc": ["https://github.com/20142995/nuclei-templates"]}, {"cve": "CVE-2024-3629", "desc": "The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack", "poc": ["https://wpscan.com/vulnerability/c1f6ed2c-0f84-4b13-b39e-5cb91443c2b1/"]}, {"cve": "CVE-2024-4801", "desc": "A vulnerability was found in Kashipara College Management System 1.0 and classified as critical. This issue affects some unknown processing of the file submit_new_faculty.php. The manipulation of the argument address leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263921 was assigned to this vulnerability.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-0725", "desc": "A vulnerability was found in ProSSHD 1.2 on Windows. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251548.", "poc": ["https://packetstormsecurity.com/files/176544/ProSSHD-1.2-20090726-Denial-Of-Service.html"]}, {"cve": "CVE-2024-7167", "desc": "A vulnerability was found in SourceCodester School Fees Payment System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /manage_course.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272581 was assigned to this vulnerability.", "poc": ["https://gist.github.com/topsky979/69a797bc0b33fc19144a727a0be31685"]}, {"cve": "CVE-2024-2309", "desc": "The WP STAGING WordPress Backup Plugin WordPress plugin before 3.4.0, wp-staging-pro WordPress plugin before 5.4.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "poc": ["https://wpscan.com/vulnerability/a4152818-1e07-46a7-aec4-70f1a1b579a6/"]}, {"cve": "CVE-2024-23323", "desc": "Envoy is a high-performance edge/middle/service proxy. The regex expression is compiled for every request and can result in high CPU usage and increased request latency when multiple routes are configured with such matchers. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-36598", "desc": "An arbitrary file upload vulnerability in Aegon Life v1.0 allows attackers to execute arbitrary code via uploading a crafted image file.", "poc": ["https://github.com/kaliankhe/CVE-Aslam-mahi/blob/9ec0572c68bfd3708a7d6e089181024131f4e927/vendors/projectworlds.in/AEGON%20LIFE%20v1.0%20Life%20Insurance%20Management%20System/CVE-2024-36598"]}, {"cve": "CVE-2024-26631", "desc": "In the Linux kernel, the following vulnerability has been resolved:ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_workidev->mc_ifc_count can be written over without proper locking.Originally found by syzbot [1], fix this issue by encapsulating callsto mld_ifc_stop_work() (and mld_gq_stop_work() for good measure) withmutex_lock() and mutex_unlock() accordingly as these functionsshould only be called with mc_lock per their declarations.[1]BUG: KCSAN: data-race in ipv6_mc_down / mld_ifc_workwrite to 0xffff88813a80c832 of 1 bytes by task 3771 on cpu 0: mld_ifc_stop_work net/ipv6/mcast.c:1080 [inline] ipv6_mc_down+0x10a/0x280 net/ipv6/mcast.c:2725 addrconf_ifdown+0xe32/0xf10 net/ipv6/addrconf.c:3949 addrconf_notify+0x310/0x980 notifier_call_chain kernel/notifier.c:93 [inline] raw_notifier_call_chain+0x6b/0x1c0 kernel/notifier.c:461 __dev_notify_flags+0x205/0x3d0 dev_change_flags+0xab/0xd0 net/core/dev.c:8685 do_setlink+0x9f6/0x2430 net/core/rtnetlink.c:2916 rtnl_group_changelink net/core/rtnetlink.c:3458 [inline] __rtnl_newlink net/core/rtnetlink.c:3717 [inline] rtnl_newlink+0xbb3/0x1670 net/core/rtnetlink.c:3754 rtnetlink_rcv_msg+0x807/0x8c0 net/core/rtnetlink.c:6558 netlink_rcv_skb+0x126/0x220 net/netlink/af_netlink.c:2545 rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:6576 netlink_unicast_kernel net/netlink/af_netlink.c:1342 [inline] netlink_unicast+0x589/0x650 net/netlink/af_netlink.c:1368 netlink_sendmsg+0x66e/0x770 net/netlink/af_netlink.c:1910 ...write to 0xffff88813a80c832 of 1 bytes by task 22 on cpu 1: mld_ifc_work+0x54c/0x7b0 net/ipv6/mcast.c:2653 process_one_work kernel/workqueue.c:2627 [inline] process_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2700 worker_thread+0x525/0x730 kernel/workqueue.c:2781 ...", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-21049", "desc": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "poc": ["https://www.oracle.com/security-alerts/cpuapr2024.html"]}, {"cve": "CVE-2024-2862", "desc": "This vulnerability allows remote attackers to reset the password of anonymous users without authorization on the affected LG LED Assistant.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-5635", "desc": "A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument txtsearch leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-267091.", "poc": ["https://github.com/L1OudFd8cl09/CVE/blob/main/03_06_2024_a.md"]}, {"cve": "CVE-2024-30924", "desc": "Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the checkin.php component.", "poc": ["https://github.com/Chocapikk/My-CVEs", "https://github.com/Chocapikk/derbynet-research"]}, {"cve": "CVE-2024-28979", "desc": "Dell OpenManage Enterprise, versions prior to 4.1.0, contains an XSS injection vulnerability in UI. A high privileged local attacker could potentially exploit this vulnerability, leading to JavaScript injection.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-30513", "desc": "Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.2.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-6222", "desc": "In Docker Desktop before v4.29.0, an attacker who has gained access to the Docker Desktop VM through a container breakout can further escape to the host by passing extensions and dashboard related IPC messages.Docker Desktop v4.29.0 https://docs.docker.com/desktop/release-notes/#4290 fixes the issue on MacOS, Linux and Windows with Hyper-V backend.As exploitation requires \"Allow only extensions distributed through the Docker Marketplace\" to be disabled, Docker Desktop\u00a0 v4.31.0 https://docs.docker.com/desktop/release-notes/#4310 \u00a0additionally changes the default configuration to enable this setting by default.", "poc": ["https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-30638", "desc": "Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the entrys parameter in the fromAddressNat function.", "poc": ["https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1202/fromAddressNat_entrys.md", "https://github.com/LaPhilosophie/IoT-vulnerable"]}, {"cve": "CVE-2024-27234", "desc": "In fvp_set_target of fvp.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-25359", "desc": "An issue in zuoxingdong lagom v.0.1.2 allows a local attacker to execute arbitrary code via the pickle_load function of the serialize.py file.", "poc": ["https://github.com/bayuncao/bayuncao"]}, {"cve": "CVE-2024-22492", "desc": "A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, which allows remote attackers to inject arbitrary web script or HTML.", "poc": ["https://github.com/cui2shark/security/blob/main/(JFinalcms%20contact%20para)A%20stored%20cross-site%20scripting%20(XSS)%20vulnerability%20was%20discovered%20in%20Jfinalcms%20contact%20para.md", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-25139", "desc": "In TP-Link Omada er605 1.0.1 through (v2.6) 2.2.3, a cloud-brd binary is susceptible to an integer overflow that leads to a heap-based buffer overflow. After heap shaping, an attacker can achieve code execution in the context of the cloud-brd binary that runs at the root level. This is fixed in ER605(UN)_v2_2.2.4 Build 020240119.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/microsoft/Microsoft-TP-Link-Research-Team"]}, {"cve": "CVE-2024-36081", "desc": "Westermo EDW-100 devices through 2024-05-03 allow an unauthenticated user to download a configuration file containing a cleartext password. NOTE: this is a serial-to-Ethernet converter that should not be placed at the edge of the network.", "poc": ["https://www.westermo.com/-/media/Files/Cyber-security/westermo_sa_EDW-100_24-05.pdf"]}, {"cve": "CVE-2024-35555", "desc": "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/share_switch.php?mudi=switch&dataType=newsWeb&fieldName=state&fieldName2=state&tabName=infoWeb&dataID=40.", "poc": ["https://github.com/bearman113/1.md/blob/main/18/csrf.md"]}, {"cve": "CVE-2024-42037", "desc": "Vulnerability of uncaught exceptions in the Graphics moduleImpact: Successful exploitation of this vulnerability may affect service confidentiality.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-36401", "desc": "GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions.The GeoTools library API that GeoServer calls evaluates property/attribute names for feature types in a way that unsafely passes them to the commons-jxpath library which can execute arbitrary code when evaluating XPath expressions. This XPath evaluation is intended to be used only by complex feature types (i.e., Application Schema data stores) but is incorrectly being applied to simple feature types as well which makes this vulnerability apply to **ALL** GeoServer instances. No public PoC is provided but this vulnerability has been confirmed to be exploitable through WFS GetFeature, WFS GetPropertyValue, WMS GetMap, WMS GetFeatureInfo, WMS GetLegendGraphic and WPS Execute requests. This vulnerability can lead to executing arbitrary code.Versions 2.23.6, 2.24.4, and 2.25.2 contain a patch for the issue. A workaround exists by removing the `gt-complex-x.y.jar` file from the GeoServer where `x.y` is the GeoTools version (e.g., `gt-complex-31.1.jar` if running GeoServer 2.25.1). This will remove the vulnerable code from GeoServer but may break some GeoServer functionality or prevent GeoServer from deploying if the gt-complex module is needed.", "poc": ["https://github.com/Warxim/CVE-2022-41852?tab=readme-ov-file#workaround-for-cve-2022-41852", "https://github.com/geoserver/geoserver/security/advisories/GHSA-6jj6-gm7p-fcvv", "https://github.com/geotools/geotools/security/advisories/GHSA-w3pj-wh35-fq8w", "https://github.com/Co5mos/nuclei-tps", "https://github.com/Mr-xn/CVE-2024-36401", "https://github.com/Ostorlab/KEV", "https://github.com/Threekiii/Awesome-POC", "https://github.com/Threekiii/CVE", "https://github.com/TrojanAZhen/Self_Back", "https://github.com/Y4tacker/JavaSec", "https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main", "https://github.com/tanjiti/sec_profile", "https://github.com/wy876/POC", "https://github.com/zgimszhd61/CVE-2024-36401"]}, {"cve": "CVE-2024-24186", "desc": "Jsish v3.5.0 (commit 42c694c) was discovered to contain a stack-overflow via the component IterGetKeysCallback at /jsish/src/jsiValue.c.", "poc": ["https://github.com/pcmacdon/jsish/issues/98", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-26718", "desc": "In the Linux kernel, the following vulnerability has been resolved:dm-crypt, dm-verity: disable taskletsTasklets have an inherent problem with memory corruption. The functiontasklet_action_common calls tasklet_trylock, then it calls the taskletcallback and then it calls tasklet_unlock. If the tasklet callback freesthe structure that contains the tasklet or if it calls some code that mayfree it, tasklet_unlock will write into free memory.The commits 8e14f610159d and d9a02e016aaf try to fix it for dm-crypt, butit is not a sufficient fix and the data corruption can still happen [1].There is no fix for dm-verity and dm-verity will write into free memorywith every tasklet-processed bio.There will be atomic workqueues implemented in the kernel 6.9 [2]. Theywill have better interface and they will not suffer from the memorycorruption problem.But we need something that stops the memory corruption now and that can bebackported to the stable kernels. So, I'm proposing this commit thatdisables tasklets in both dm-crypt and dm-verity. This commit doesn'tremove the tasklet support, because the tasklet code will be reused whenatomic workqueues will be implemented.[1] https://lore.kernel.org/all/d390d7ee-f142-44d3-822a-87949e14608b@suse.de/T/[2] https://lore.kernel.org/lkml/20240130091300.2968534-1-tj@kernel.org/", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-7278", "desc": "A vulnerability was found in itsourcecode Alton Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/team_save.php. The manipulation of the argument team leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273147.", "poc": ["https://github.com/DeepMountains/Mirage/blob/main/CVE8-6.md"]}, {"cve": "CVE-2024-2333", "desc": "A vulnerability classified as critical has been found in CodeAstro Membership Management System 1.0. Affected is an unknown function of the file /add_members.php. The manipulation of the argument fullname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256284.", "poc": ["https://github.com/0x404Ming/CVE_Hunter/blob/main/SQLi-3.md", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/password123456/nvd-cve-database"]}, {"cve": "CVE-2024-3951", "desc": "PTC Codebeamer is vulnerable to a cross site scripting vulnerability that could allow an attacker to inject and execute malicious code.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4367", "desc": "A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.", "poc": ["https://github.com/GhostTroops/TOP", "https://github.com/LOURC0D3/CVE-2024-4367-PoC", "https://github.com/Threekiii/Awesome-POC", "https://github.com/avalahEE/pdfjs_disable_eval", "https://github.com/clarkio/pdfjs-vuln-demo", "https://github.com/google/fishy-pdf", "https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/s4vvysec/CVE-2024-4367-POC", "https://github.com/spaceraccoon/detect-cve-2024-4367", "https://github.com/tanjiti/sec_profile", "https://github.com/zgimszhd61/openai-sec-test-cve-quickstart"]}, {"cve": "CVE-2024-21111", "desc": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Windows hosts only. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "poc": ["https://www.oracle.com/security-alerts/cpuapr2024.html", "https://github.com/10cks/CVE-2024-21111-del", "https://github.com/GhostTroops/TOP", "https://github.com/aneasystone/github-trending", "https://github.com/fireinrain/github-trending", "https://github.com/mansk1es/CVE-2024-21111", "https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/tanjiti/sec_profile", "https://github.com/x0rsys/CVE-2024-21111"]}, {"cve": "CVE-2024-28229", "desc": "In JetBrains YouTrack before 2024.1.25893 user without appropriate permissions could restore issues and articles", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-7506", "desc": "A vulnerability has been found in itsourcecode Tailoring Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /setlogo.php. The manipulation of the argument bgimg leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273649 was assigned to this vulnerability.", "poc": ["https://github.com/CveSecLook/cve/issues/57"]}, {"cve": "CVE-2024-22194", "desc": "cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, cause a program to generate deterministic UUIDs. An information leakage vulnerability is present in `cdo-local-uuid` at version `0.4.0`, and in `case-utils` in unpatched versions (matching the pattern `0.x.0`) at and since `0.5.0`, before `0.15.0`. The vulnerability stems from a Python function, `cdo_local_uuid.local_uuid()`, and its original implementation `case_utils.local_uuid()`.", "poc": ["https://github.com/casework/CASE-Utilities-Python/commit/db428a0745dac4fdd888ced9c52f617695519f9d"]}, {"cve": "CVE-2024-3753", "desc": "The Hostel WordPress plugin before 1.1.5.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin", "poc": ["https://wpscan.com/vulnerability/e140e109-4176-4b26-bf63-198262a31409/"]}, {"cve": "CVE-2024-6755", "desc": "The Social Auto Poster plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the \u2018wpw_auto_poster_quick_delete_multiple\u2019 function in all versions up to, and including, 5.3.14. This makes it possible for unauthenticated attackers to delete arbitrary posts.", "poc": ["https://github.com/20142995/nuclei-templates"]}, {"cve": "CVE-2024-38206", "desc": "An authenticated attacker can bypass Server-Side Request Forgery (SSRF) protection in Microsoft Copilot Studio to leak sensitive information over a network.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-0585", "desc": "The Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery widget in all versions up to, and including, 5.9.4 due to insufficient input sanitization and output escaping on the Image URL. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-23329", "desc": "changedetection.io is an open source tool designed to monitor websites for content changes. In affected versions the API endpoint `/api/v1/watch//history` can be accessed by any unauthorized user. As a result any unauthorized user can check one's watch history. However, because unauthorized party first needs to know a watch UUID, and the watch history endpoint itself returns only paths to the snapshot on the server, an impact on users' data privacy is minimal. This issue has been addressed in version 0.45.13. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "poc": ["https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-hcvp-2cc7-jrwr"]}, {"cve": "CVE-2024-0419", "desc": "A vulnerability was found in Jasper httpdx up to 1.5.4 and classified as problematic. This issue affects some unknown processing of the component HTTP POST Request Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250439.", "poc": ["https://cxsecurity.com/issue/WLB-2024010027", "https://www.youtube.com/watch?v=6dAWGH0-6TY"]}, {"cve": "CVE-2024-2627", "desc": "Use after free in Canvas in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)", "poc": ["https://issues.chromium.org/issues/41493290", "https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-33326", "desc": "A cross-site scripting (XSS) vulnerability in the component XsltResultControllerHtml.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the lumPageID parameter.", "poc": ["http://seclists.org/fulldisclosure/2024/Jul/10"]}, {"cve": "CVE-2024-29808", "desc": "The image_id parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the image_id parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. The attacker must target a an authenticated user with permissions to access this component to exploit this issue.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-21110", "desc": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).", "poc": ["https://www.oracle.com/security-alerts/cpuapr2024.html"]}, {"cve": "CVE-2024-27453", "desc": "In Extreme XOS through 22.6.1.4, a read-only user can escalate privileges to root via a crafted HTTP POST request to the python method of the Machine-to-Machine Interface (MMI).", "poc": ["https://www.exsiliumsecurity.com/CVE-2024-27453.html"]}, {"cve": "CVE-2024-3322", "desc": "A path traversal vulnerability exists in the 'cyber_security/codeguard' native personality of the parisneo/lollms-webui, affecting versions up to 9.5. The vulnerability arises from the improper limitation of a pathname to a restricted directory in the 'process_folder' function within 'lollms-webui/zoos/personalities_zoo/cyber_security/codeguard/scripts/processor.py'. Specifically, the function fails to properly sanitize user-supplied input for the 'code_folder_path', allowing an attacker to specify arbitrary paths using '../' or absolute paths. This flaw leads to arbitrary file read and overwrite capabilities in specified directories without limitations, posing a significant risk of sensitive information disclosure and unauthorized file manipulation.", "poc": ["https://github.com/parisneo/lollms-webui/commit/1e17df01e01d4d33599db2afaafe91d90b6f0189"]}, {"cve": "CVE-2024-5975", "desc": "The CZ Loan Management WordPress plugin through 1.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection", "poc": ["https://wpscan.com/vulnerability/68f81943-b007-49c8-be9c-d0405b2ba4cf/", "https://github.com/20142995/nuclei-templates"]}, {"cve": "CVE-2024-34469", "desc": "Rukovoditel before 3.5.3 allows XSS via user_photo to index.php?module=users/registration&action=save.", "poc": ["https://github.com/Toxich4/CVE-2024-34469", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-2402", "desc": "The Better Comments WordPress plugin before 1.5.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "poc": ["https://wpscan.com/vulnerability/98e050cf-5686-4216-bad1-575decf3eaa7/", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-1036", "desc": "A vulnerability was found in openBI up to 1.0.8 and classified as critical. This issue affects the function uploadIcon of the file /application/index/controller/Screen.php of the component Icon Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252311.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-0638", "desc": "Least privilege violation in the Checkmk agent plugins mk_oracle, mk_oracle.ps1, and mk_oracle_crs before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-28557", "desc": "SQL Injection vulnerability in Sourcecodester php task management system v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to update-admin.php.", "poc": ["https://github.com/xuanluansec/vul/issues/2"]}, {"cve": "CVE-2024-33671", "desc": "An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. The Backup Exec Deduplication Multi-threaded Streaming Agent can be leveraged to perform arbitrary file deletion on protected files.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-3488", "desc": "File Upload vulnerability in unauthenticatedsession found in OpenText\u2122 iManager 3.2.6.0200.\u00a0The vulnerability could allow ant attacker to upload afile without authentication.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-25943", "desc": "iDRAC9, versions prior to 7.00.00.172 for 14th Generation and 7.10.50.00 for 15th and 16th Generations, contains a session hijacking vulnerability in IPMI. A remote attacker could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable application.", "poc": ["https://github.com/chnzzh/iDRAC-CVE-lib"]}, {"cve": "CVE-2024-4526", "desc": "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /view/student_payment_details3.php. The manipulation of the argument month leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263129 was assigned to this vulnerability.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-6270", "desc": "The Community Events WordPress plugin before 1.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "poc": ["https://wpscan.com/vulnerability/3d0a6edc-61e8-42fb-8b93-ef083146bd9c/", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-1012", "desc": "A vulnerability, which was classified as critical, has been found in Wanhu ezOFFICE 11.1.0. This issue affects some unknown processing of the file defaultroot/platform/bpm/work_flow/operate/wf_printnum.jsp. The manipulation of the argument recordId leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252281 was assigned to this vulnerability.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-7484", "desc": "The CRM Perks Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'handle_uploaded_files' function in versions up to, and including, 1.1.3. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible.", "poc": ["https://github.com/20142995/nuclei-templates"]}, {"cve": "CVE-2024-21627", "desc": "PrestaShop is an open-source e-commerce platform. Prior to versions 8.1.3 and 1.7.8.11, some event attributes are not detected by the `isCleanHTML` method. Some modules using the `isCleanHTML` method could be vulnerable to cross-site scripting. Versions 8.1.3 and 1.7.8.11 contain a patch for this issue. The best workaround is to use the `HTMLPurifier` library to sanitize html input coming from users. The library is already available as a dependency in the PrestaShop project. Beware though that in legacy object models, fields of `HTML` type will call `isCleanHTML`.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-1526", "desc": "The Hubbub Lite WordPress plugin before 1.33.1 does not ensure that user have access to password protected post before displaying its content in a meta tag.", "poc": ["https://wpscan.com/vulnerability/1664697e-0ea3-4d09-b2fd-153a104ec255/", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4975", "desc": "A vulnerability, which was classified as problematic, has been found in code-projects Simple Chat System 1.0. This issue affects some unknown processing of the component Message Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264539.", "poc": ["https://github.com/BurakSevben/CVEs/blob/main/Simple%20Chat%20App/Simple%20Chat%20App%20-%20Cross-Site-Scripting-2.md"]}, {"cve": "CVE-2024-5360", "desc": "A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been declared as critical. This vulnerability affects unknown code of the file /admin/foreigner-bwdates-reports-details.php. The manipulation of the argument fromdate leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-266272.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-20376", "desc": "A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a DoS condition. \nThis vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to cause the affected device to reload.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-22912", "desc": "A global-buffer-overflow was found in SWFTools v0.9.2, in the function countline at swf5compiler.flex:327. It allows an attacker to cause code execution.", "poc": ["https://github.com/matthiaskramm/swftools/issues/212"]}, {"cve": "CVE-2024-28275", "desc": "Puwell Cloud Tech Co, Ltd 360Eyes Pro v3.9.5.16(3090516) was discovered to transmit sensitive information in cleartext. This vulnerability allows attackers to intercept and access sensitive information, including users' credentials and password change requests.", "poc": ["https://paste.sr.ht/~edaigle/0b4a037fbd3166c8c72fee18efaa7decaf75b0ab", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-31961", "desc": "A SQL injection vulnerability in unit.php in Sonic Shopfloor.guide before 3.1.3 allows remote attackers to execute arbitrary SQL commands via the level2 parameter.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-20836", "desc": "Out of bounds Read vulnerability in ssmis_get_frm in libsubextractor.so prior to SMR Mar-2024 Release 1 allows local attackers to read out of bounds memory.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-30221", "desc": "Deserialization of Untrusted Data vulnerability in WP Sunshine Sunshine Photo Cart.This issue affects Sunshine Photo Cart: from n/a through 3.1.1.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-0312", "desc": "A malicious insider can uninstall Skyhigh Client Proxy without a valid uninstall password.", "poc": ["https://kcm.trellix.com/corporate/index?page=content&id=SB10418"]}, {"cve": "CVE-2024-31850", "desc": "A path traversal vulnerability exists in the Java version of CData Arc < 23.4.8839 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access to sensitive information and perform limited actions.", "poc": ["https://www.tenable.com/security/research/tra-2024-09", "https://github.com/Stuub/CVE-2024-31848-PoC"]}, {"cve": "CVE-2024-23655", "desc": "Tuta is an encrypted email service. Starting in version 3.118.12 and prior to version 3.119.10, an attacker is able to send a manipulated email so that the user can no longer use the app to get access to received emails. By sending a manipulated email, an attacker could put the app into an unusable state. In this case, a user can no longer access received e-mails. Since the vulnerability affects not only the app, but also the web application, a user in this case has no way to access received emails. This issue was tested with iOS and the web app, but it is possible all clients are affected. Version 3.119.10 fixes this issue.", "poc": ["https://github.com/tutao/tutanota/security/advisories/GHSA-5h47-g927-629g"]}, {"cve": "CVE-2024-30620", "desc": "Tenda AX1803 v1.0.0.1 contains a stack overflow via the serviceName parameter in the function fromAdvSetMacMtuWan.", "poc": ["https://github.com/re1wn/IoT_vuln/blob/main/Tenda_AX1803_v1.0.0.1_contains_a_stack_overflow_via_the_serviceName_parameter_in_the_function_fromAdvSetMacMtuWan.md", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-20870", "desc": "Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.71.8 allows local attackers to write arbitrary files with the privilege of Galaxy Store.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-23656", "desc": "Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex 2.37.0 serves HTTPS with insecure TLS 1.0 and TLS 1.1. `cmd/dex/serve.go` line 425 seemingly sets TLS 1.2 as minimum version, but the whole `tlsConfig` is ignored after `TLS cert reloader` was introduced in v2.37.0. Configured cipher suites are not respected either. This issue is fixed in Dex 2.38.0.", "poc": ["https://github.com/dexidp/dex/pull/2964", "https://github.com/dexidp/dex/security/advisories/GHSA-gr79-9v6v-gc9r"]}, {"cve": "CVE-2024-23809", "desc": "A double-free vulnerability exists in the BrainVision ASCII Header Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .vdhr file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-5364", "desc": "A vulnerability, which was classified as critical, has been found in SourceCodester Best House Rental Management System up to 1.0. Affected by this issue is some unknown functionality of the file manage_tenant.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-266276.", "poc": ["https://github.com/rockersiyuan/CVE/blob/main/SourceCodester_House_Rental_Management_System_Sql_Inject-2.md"]}, {"cve": "CVE-2024-6496", "desc": "The Light Poll WordPress plugin through 1.0.0 does not have CSRF checks when deleting polls, which could allow attackers to make logged in users perform such action via a CSRF attack", "poc": ["https://wpscan.com/vulnerability/d598eabd-a87a-4e3e-be46-a5c5cc3f130e/", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-2222", "desc": "The Advanced Classifieds & Directory Pro plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ajax_callback_delete_attachment function in all versions up to, and including, 3.0.0. This makes it possible for authenticated attackers, with subscriber access or higher, to delete arbitrary media uploads.", "poc": ["https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-33752", "desc": "An arbitrary file upload vulnerability exists in emlog pro 2.3.0 and pro 2.3.2 at admin/views/plugin.php that could be exploited by a remote attacker to submit a special request to upload a malicious file to execute arbitrary code.", "poc": ["https://github.com/Myanemo/Myanemo", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/wjlin0/poc-doc", "https://github.com/wy876/POC", "https://github.com/wy876/wiki"]}, {"cve": "CVE-2024-4369", "desc": "An information disclosure flaw was found in OpenShift's internal image registry operator. The AZURE_CLIENT_SECRET can be exposed through an environment variable defined in the pod definition, but is limited to Azure environments. An attacker controlling an account that has high enough permissions to obtain pod information from the openshift-image-registry namespace could use this obtained client secret to perform actions as the registry operator's Azure service account.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-1569", "desc": "parisneo/lollms-webui is vulnerable to a denial of service (DoS) attack due to uncontrolled resource consumption. Attackers can exploit the `/open_code_in_vs_code` and similar endpoints without authentication by sending repeated HTTP POST requests, leading to the opening of Visual Studio Code or the default folder opener (e.g., File Explorer, xdg-open) multiple times. This can render the host machine unusable by exhausting system resources. The vulnerability is present in the latest version of the software.", "poc": ["https://github.com/timothee-chauvin/eyeballvul"]}, {"cve": "CVE-2024-26065", "desc": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-25936", "desc": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SoundCloud Inc., Lawrie Malen SoundCloud Shortcode allows Stored XSS.This issue affects SoundCloud Shortcode: from n/a through 4.0.1.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-20861", "desc": "Use after free vulnerability in SveService prior to SMR May-2024 Release 1 allows local privileged attackers to cause memory corruption.", "poc": ["https://github.com/dlehgus1023/dlehgus1023", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/l33d0hyun/l33d0hyun"]}, {"cve": "CVE-2024-31213", "desc": "InstantCMS is a free and open source content management system. An open redirect was found in the ICMS2 application version 2.16.2 when being redirected after modifying one's own user profile. An attacker could trick a victim into visiting their web application, thinking they are still present on the ICMS2 application. They could then host a website stating \"To update your profile, please enter your password,\" upon which the user may type their password and send it to the attacker. As of time of publication, a patched version is not available.", "poc": ["https://github.com/instantsoft/icms2/security/advisories/GHSA-6v3c-p92q-prfq", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-2708", "desc": "A vulnerability was found in Tenda AC10U 15.03.06.49 and classified as critical. This issue affects the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257459. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/formexeCommand.md", "https://github.com/LaPhilosophie/IoT-vulnerable", "https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-29239", "desc": "Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Recording.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors.", "poc": ["https://github.com/LOURC0D3/ENVY-gitbook", "https://github.com/LOURC0D3/LOURC0D3"]}, {"cve": "CVE-2024-38427", "desc": "In International Color Consortium DemoIccMAX before 85ce74e, a logic flaw in CIccTagXmlProfileSequenceId::ParseXml in IccXML/IccLibXML/IccTagXml.cpp results in unconditionally returning false.", "poc": ["https://github.com/InternationalColorConsortium/DemoIccMAX/pull/66", "https://github.com/InternationalColorConsortium/DemoIccMAX/pull/66/commits/85ce74ef19fb0751c7e188b06daed22fe74c332c", "https://github.com/xsscx/Commodity-Injection-Signatures"]}, {"cve": "CVE-2024-2606", "desc": "Passing invalid data could have led to invalid wasm values being created, such as arbitrary integers turning into pointer values. This vulnerability affects Firefox < 124.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-21395", "desc": "Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-3770", "desc": "A vulnerability has been found in PHPGurukul Student Record System 3.20 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /manage-courses.php?del=1. The manipulation of the argument del leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260617 was assigned to this vulnerability.", "poc": ["https://github.com/BurakSevben/CVEs/blob/main/Student%20Record%20System%203.20/Student%20Record%20System%20-%20SQL%20Injection%20-%203.md", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-27213", "desc": "In BroadcastSystemMessage of servicemgr.cpp, there is a possible Remote Code Execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-32315", "desc": "Tenda FH1202 v1.2.0.14(408) firmware has a stack overflow vulnerability via the adslPwd parameter in the formWanParameterSetting function.", "poc": ["https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/formWanParameterSetting.md", "https://github.com/LaPhilosophie/IoT-vulnerable"]}, {"cve": "CVE-2024-23767", "desc": "An issue was discovered on HMS Anybus X-Gateway AB7832-F firmware version 3. The HICP protocol allows unauthenticated changes to a device's network configurations.", "poc": ["https://sensepost.com/blog/2024/targeting-an-industrial-protocol-gateway/", "https://github.com/Orange-Cyberdefense/CVE-repository", "https://github.com/claire-lex/anybus-hicp"]}, {"cve": "CVE-2024-21468", "desc": "Memory corruption when there is failed unmap operation in GPU.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-21054", "desc": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "poc": ["https://www.oracle.com/security-alerts/cpuapr2024.html"]}, {"cve": "CVE-2024-2754", "desc": "A vulnerability classified as critical has been found in SourceCodester Complete E-Commerce Site 1.0. Affected is an unknown function of the file /admin/users_photo.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257544.", "poc": ["https://github.com/wkeyi0x1/vul-report/issues/4", "https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-34051", "desc": "A Reflected Cross-site scripting (XSS) vulnerability located in htdocs/compta/paiement/card.php of Dolibarr before 19.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into the facid parameter.", "poc": ["https://blog.smarttecs.com/posts/2024-004-cve-2024-34051/"]}, {"cve": "CVE-2024-27734", "desc": "A Cross Site Scripting vulnerability in CSZ CMS v.1.3.0 allows an attacker to execute arbitrary code via a crafted script to the Site Name fields of the Site Settings component.", "poc": ["https://github.com/sms2056/cms/blob/main/3.md", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-24320", "desc": "Directory Traversal vulnerability in Mgt-commerce CloudPanel v.2.0.0 thru v.2.4.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the service parameter of the load-logfiles function.", "poc": ["https://datack.my/cloudpanel-v2-0-0-v2-4-0-authenticated-user-session-hijacking-cve-2024-24320/"]}, {"cve": "CVE-2024-22734", "desc": "An issue was discovered in AMCS Group Trux Waste Management Software before version 7.19.0018.26912, allows local attackers to obtain sensitive information via a static, hard-coded AES Key-IV pair in the TxUtilities.dll and TruxUser.cfg components.", "poc": ["https://www.redlinecybersecurity.com/blog/cve-2024-22734"]}, {"cve": "CVE-2024-24927", "desc": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UnitedThemes Brooklyn | Creative Multi-Purpose Responsive WordPress Theme allows Reflected XSS.This issue affects Brooklyn | Creative Multi-Purpose Responsive WordPress Theme: from n/a through 4.9.7.6.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-35399", "desc": "TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the password parameter in the function loginAuth", "poc": ["https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/TOTOLINK%20CP900L/loginAuth/README.md"]}, {"cve": "CVE-2024-6961", "desc": "RAIL documents are an XML-based format invented by Guardrails AI to enforce formatting checks on LLM outputs. Guardrails users that consume RAIL documents from external sources are vulnerable to XXE, which may cause leakage of internal file data via the SYSTEM entity.", "poc": ["https://research.jfrog.com/vulnerabilities/guardrails-rail-xxe-jfsa-2024-001035519/"]}, {"cve": "CVE-2024-3967", "desc": "Remote CodeExecution has been discovered inOpenText\u2122 iManager 3.2.6.0200.\u00a0The vulnerability cantrigger remote code execution unisng unsafe java object deserialization.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-23867", "desc": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/statecreate.php, in the stateid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-3892", "desc": "A local code execution vulnerability is possible in Telerik UI for WinForms beginning in v2021.1.122 but prior to v2024.2.514. This vulnerability could allow an untrusted theme assembly to execute arbitrary code on the local Windows system.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-27962", "desc": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Florian 'fkrauthan' Krauthan allows Reflected XSS.This issue affects wp-mpdf: from n/a through 3.7.1.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-27015", "desc": "In the Linux kernel, the following vulnerability has been resolved:netfilter: flowtable: incorrect pppoe tuplepppoe traffic reaching ingress path does not match the flowtable entrybecause the pppoe header is expected to be at the network header offset.This bug causes a mismatch in the flow table lookup, so pppoe packetsenter the classical forwarding path.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-35582", "desc": "A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Department input field.", "poc": ["https://github.com/r04i7/CVE/blob/main/CVE-2024-35582.md", "https://portswigger.net/web-security/cross-site-scripting/stored"]}, {"cve": "CVE-2024-29138", "desc": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DEV Institute Restrict User Access \u2013 Membership Plugin with Force allows Reflected XSS.This issue affects Restrict User Access \u2013 Membership Plugin with Force: from n/a through 2.5.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-25979", "desc": "The URL parameters accepted by forum search were not limited to the allowed parameters.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-29474", "desc": "OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the User Management module.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-30662", "desc": "** DISPUTED ** An issue was discovered in ROS (Robot Operating System) Melodic Morenia in ROS_VERSION 1 and ROS_PYTHON_VERSION 3, where the system transmits messages in plaintext. This flaw exposes sensitive information, making it vulnerable to man-in-the-middle (MitM) attacks, and allowing attackers to easily intercept and access this data. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "poc": ["https://github.com/yashpatelphd/CVE-2024-30662"]}, {"cve": "CVE-2024-24557", "desc": "Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions (most important being HEALTHCHECK and ONBUILD) would not cause a cache miss. An attacker with the knowledge of the Dockerfile someone is using could poison their cache by making them pull a specially crafted image that would be considered as a valid cache candidate for some build steps. 23.0+ users are only affected if they explicitly opted out of Buildkit (DOCKER_BUILDKIT=0 environment variable) or are using the /build API endpoint. All users on versions older than 23.0 could be impacted. Image build API endpoint (/build) and ImageBuild function from github.com/docker/docker/client is also affected as it the uses classic builder by default. Patches are included in 24.0.9 and 25.0.2 releases.", "poc": ["https://github.com/DanielePeruzzi97/rancher-k3s-docker"]}, {"cve": "CVE-2024-30409", "desc": "An Improper Check for Unusual or Exceptional Conditions vulnerability in telemetry processing of Juniper Networks Junos OS and Junos OS Evolved allows a network-based authenticated attacker to cause the forwarding information base telemetry daemon (fibtd) to crash, leading to a limited Denial of Service.\u00a0This issue affects Juniper Networks Junos OS: * from 22.1 before 22.1R1-S2, 22.1R2.Junos OS Evolved:\u00a0 * from 22.1 before 22.1R1-S2-EVO, 22.1R2-EVO.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-0040", "desc": "In setParameter of MtpPacket.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-26263", "desc": "EBM Technologies RISWEB's specific URL path is not properly controlled by permission, allowing attackers to browse specific pages and query sensitive data without login.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-35009", "desc": "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/share_switch.php?mudi=switch&dataType=&fieldName=state&fieldName2=state&tabName=banner&dataID=6.", "poc": ["https://github.com/Thirtypenny77/cms/blob/main/5.md", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-26450", "desc": "An issue exists within Piwigo before v.14.2.0 allowing a malicious user to take over the application. This exploit involves chaining a Cross Site Request Forgery vulnerability to issue a Stored Cross Site Scripting payload stored within an Admin user's dashboard, executing remote JavaScript. This can be used to upload a new PHP file under an administrator and directly call that file from the victim's instance to connect back to a malicious listener.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-24096", "desc": "Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection via BookSBIN.", "poc": ["https://github.com/ASR511-OO7/CVE-2024-24096", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-4518", "desc": "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /view/teacher_salary_invoice.php. The manipulation of the argument desc leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263122 is the identifier assigned to this vulnerability.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-28117", "desc": "Grav is an open-source, flat-file content management system. Prior to version 1.7.45, Grav validates accessible functions through the Utils::isDangerousFunction function, but does not impose restrictions on twig functions like twig_array_map, allowing attackers to bypass the validation and execute arbitrary commands. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. Upgrading to patched version 1.7.45 can mitigate this issue.", "poc": ["https://github.com/getgrav/grav/security/advisories/GHSA-qfv4-q44r-g7rv", "https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-33012", "desc": "Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero value but with end of beacon.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-3359", "desc": "A vulnerability, which was classified as critical, has been found in SourceCodester Online Library System 1.0. This issue affects some unknown processing of the file admin/login.php. The manipulation of the argument user_email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259463.", "poc": ["https://vuldb.com/?id.259463", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-41117", "desc": "streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `vis_params` variable on line 115 in `pages/10_\ud83c\udf0d_Earth_Engine_Datasets.py` takes user input, which is later used in the `eval()` function on line 126, leading to remote code execution. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue.", "poc": ["https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/"]}, {"cve": "CVE-2024-26167", "desc": "Microsoft Edge for Android Spoofing Vulnerability", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4916", "desc": "A vulnerability has been found in Campcodes Online Examination System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file selExamAttemptExe.php. The manipulation of the argument thisId leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264451.", "poc": ["https://github.com/yylmm/CVE/blob/main/Online%20Examination%20System%20With%20Timer/SQL_selExamAttemptExe.md"]}, {"cve": "CVE-2024-20018", "desc": "In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00348479; Issue ID: MSV-1019.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4804", "desc": "A vulnerability was found in Kashipara College Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file edit_user.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263924.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4249", "desc": "A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been classified as critical. Affected is the function formwrlSSIDget of the file /goform/wifiSSIDget. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-262140. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/i/i21/formwrlSSIDget.md", "https://github.com/LaPhilosophie/IoT-vulnerable"]}, {"cve": "CVE-2024-30502", "desc": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel Engine.This issue affects WP Travel Engine: from n/a through 5.7.9.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-1259", "desc": "A vulnerability was found in Juanpao JPShop up to 1.5.02. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/controllers/admin/app/AppController.php of the component API. The manipulation of the argument app_pic_url leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252998 is the identifier assigned to this vulnerability.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-3247", "desc": "In Xpdf 4.05 (and earlier), a PDF object loop in an object stream leads to infinite recursion and a stack overflow.", "poc": ["https://forum.xpdfreader.com/viewtopic.php?t=43597"]}, {"cve": "CVE-2024-7580", "desc": "A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24.00. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/system.html. The manipulation of the argument uploadedFile with the input ;whoami leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/Push3AX/vul/blob/main/Alien%20Technology%20/ALR-F800.md", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-0668", "desc": "The Advanced Database Cleaner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.3 via deserialization of untrusted input in the 'process_bulk_action' function. This makes it possible for authenticated attacker, with administrator access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-27733", "desc": "File Upload vulnerability in Byzro Network Smart s42 Management Platform v.S42 allows a local attacker to execute arbitrary code via the useratte/userattestation.php component.", "poc": ["https://github.com/Sadw11v/cve/blob/main/upload.md", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-23457", "desc": "The anti-tampering functionality of the Zscaler Client Connector can be disabled under certain conditions when an uninstall password is enforced. This affects Zscaler Client Connector on Windows prior to 4.2.0.209", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-24060", "desc": "springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sys/user.", "poc": ["https://github.com/By-Yexing/Vulnerability_JAVA/blob/main/2024/springboot-manager.md#11-stored-cross-site-scripting-sysuser"]}, {"cve": "CVE-2024-29875", "desc": "SQL injection vulnerability in Sentrifugo 3.2, through\u00a0 /sentrifugo/index.php/default/reports/exportactiveuserrpt, 'sort_name' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-22085", "desc": "An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The shadow file is world readable.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-29421", "desc": "xmedcon 0.23.0 and fixed in v.0.24.0 is vulnerable to Buffer Overflow via libs/dicom/basic.c which allows an attacker to execute arbitrary code.", "poc": ["https://github.com/SpikeReply/advisories/blob/530dbd7ce68600a22c47dd1bcbe360220feda1d9/cve/xmedcon/cve-2024-29421.md"]}, {"cve": "CVE-2024-21020", "desc": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "poc": ["https://www.oracle.com/security-alerts/cpuapr2024.html"]}, {"cve": "CVE-2024-1817", "desc": "A vulnerability has been found in Demososo DM Enterprise Website Building System up to 2022.8 and classified as critical. Affected by this vulnerability is the function dmlogin of the file indexDM_load.php of the component Cookie Handler. The manipulation of the argument is_admin with the input y leads to improper authentication. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254605 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-31216", "desc": "The source-controller is a Kubernetes operator, specialised in artifacts acquisition from external sources such as Git, OCI, Helm repositories and S3-compatible buckets. The source-controller implements the source.toolkit.fluxcd.io API and is a core component of the GitOps toolkit. Prior to version 1.2.5, when source-controller was configured to use an Azure SAS token when connecting to Azure Blob Storage, the token was logged along with the Azure URL when the controller encountered a connection error. An attacker with access to the source-controller logs could use the token to gain access to the Azure Blob Storage until the token expires. This vulnerability was fixed in source-controller v1.2.5. There is no workaround for this vulnerability except for using a different auth mechanism such as Azure Workload Identity.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-30989", "desc": "Cross Site Scripting vulnerability in /edit-client-details.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code via the \"cname\", \"comname\", \"state\" and \"city\" parameter.", "poc": ["https://medium.com/@shanunirwan/cve-2024-30989-multiple-stored-cross-site-scripting-vulnerabilities-in-client-management-system-3cfa1c54e4a6"]}, {"cve": "CVE-2024-28583", "desc": "Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the readLine() function when reading images in XPM format.", "poc": ["https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909", "https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-7196", "desc": "A vulnerability was found in SourceCodester Complaints Report Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=login. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272617 was assigned to this vulnerability.", "poc": ["https://gist.github.com/topsky979/7c314add775caa87b4db700e0bef7f35"]}, {"cve": "CVE-2024-4530", "desc": "The Business Card WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as editing card categories via CSRF attacks", "poc": ["https://wpscan.com/vulnerability/952f6b5c-7728-4c87-8826-6b493f51a979/"]}, {"cve": "CVE-2024-2727", "desc": "HTML injection vulnerability affecting the CIGESv2 system, which allows an attacker to inject arbitrary code and modify elements of the website and email confirmation message.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-5973", "desc": "The MasterStudy LMS WordPress Plugin WordPress plugin before 3.3.24 does not prevent students from creating instructor accounts, which could be used to get access to functionalities they shouldn't have.", "poc": ["https://wpscan.com/vulnerability/59abfb7c-d5ea-45f2-ab9a-4391978e3805/", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-27209", "desc": "there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-21056", "desc": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "poc": ["https://www.oracle.com/security-alerts/cpuapr2024.html"]}, {"cve": "CVE-2024-24470", "desc": "Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the update_post.php component.", "poc": ["https://github.com/tang-0717/cms/blob/main/1.md"]}, {"cve": "CVE-2024-31544", "desc": "A stored cross-site scripting (XSS) vulnerability in Computer Laboratory Management System v1.0 allows attackers to execute arbitrary JavaScript code by including malicious payloads into \u201cremarks\u201d, \u201cborrower_name\u201d, \u201cfaculty_department\u201d parameters in /classes/Master.php?f=save_record.", "poc": ["https://github.com/emirhanmtl/vuln-research/blob/main/Stored-XSS-Computer-Laboratory-Management-System-PoC.md", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-1068", "desc": "The 404 Solution WordPress plugin before 2.35.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admins.", "poc": ["https://wpscan.com/vulnerability/25e3c1a1-3c45-41df-ae50-0e20d86c5484/"]}, {"cve": "CVE-2024-5785", "desc": "Command injection vulnerability in Comtrend router WLD71-T1_v2.0.201820, affecting the GRG-4280us version. This vulnerability could allow an authenticated user to execute commands inside the router by making a POST request to the URL \u201c/boaform/admin/formUserTracert\u201d.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-3751", "desc": "The Seriously Simple Podcasting WordPress plugin before 3.3.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "poc": ["https://wpscan.com/vulnerability/1c684b05-2545-4fa5-ba9e-91d8b8f725ac/"]}, {"cve": "CVE-2024-32320", "desc": "Tenda AC500 V2.0.1.9(1307) firmware has a stack overflow vulnerability via the timeZone parameter in the formSetTimeZone function.", "poc": ["https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC500/formSetTimeZone.md", "https://github.com/LaPhilosophie/IoT-vulnerable", "https://github.com/helloyhrr/IoT_vulnerability"]}, {"cve": "CVE-2024-34095", "desc": "Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "poc": ["https://github.com/markyason/markyason.github.io"]}, {"cve": "CVE-2024-27972", "desc": "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Very Good Plugins WP Fusion Lite allows Command Injection.This issue affects WP Fusion Lite: from n/a through 3.41.24.", "poc": ["https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/truonghuuphuc/CVE-2024-27972-Poc"]}, {"cve": "CVE-2024-6130", "desc": "The Form Maker by 10Web WordPress plugin before 1.15.26 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "poc": ["https://wpscan.com/vulnerability/bbed2968-4bd6-49ae-bd61-8a1f751e7041/"]}, {"cve": "CVE-2024-20664", "desc": "Microsoft Message Queuing Information Disclosure Vulnerability", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-6963", "desc": "A vulnerability, which was classified as critical, has been found in Tenda O3 1.0.0.10. This issue affects the function formexeCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272117 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/O3V2.0/formexeCommand.md", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/ibaiw/2024Hvv"]}, {"cve": "CVE-2024-2680", "desc": "A vulnerability was found in Campcodes Online Job Finder System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/user/index.php. The manipulation of the argument view leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257380.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-31457", "desc": "gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. gin-vue-admin pseudoversion 0.0.0-20240407133540-7bc7c3051067, corresponding to version 2.6.1, has a code injection vulnerability in the backend. In the Plugin System -> Plugin Template feature, an attacker can perform directory traversal by manipulating the `plugName` parameter. They can create specific folders such as `api`, `config`, `global`, `model`, `router`, `service`, and `main.go` function within the specified traversal directory. Moreover, the Go files within these folders can have arbitrary code inserted based on a specific PoC parameter. The main reason for the existence of this vulnerability is the controllability of the PlugName field within the struct. Pseudoversion 0.0.0-20240409100909-b1b7427c6ea6, corresponding to commit b1b7427c6ea6c7a027fa188c6be557f3795e732b, contains a patch for the issue. As a workaround, one may manually use a filtering method available in the GitHub Security Advisory to rectify the directory traversal problem.", "poc": ["https://github.com/flipped-aurora/gin-vue-admin/security/advisories/GHSA-gv3w-m57p-3wc4"]}, {"cve": "CVE-2024-32977", "desc": "OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.0 contain a vulnerability that allows an unauthenticated attacker to completely bypass the authentication if the `autologinLocal` option is enabled within `config.yaml`, even if they come from networks that are not configured as `localNetworks`, spoofing their IP via the `X-Forwarded-For` header. If autologin is not enabled, this vulnerability does not have any impact. The vulnerability has been patched in version 1.10.1. Until the patch has been applied, OctoPrint administrators who have autologin enabled on their instances should disable it and/or to make the instance inaccessible from potentially hostile networks like the internet.", "poc": ["https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-2vjq-hg5w-5gm7"]}, {"cve": "CVE-2024-5894", "desc": "A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. This vulnerability affects unknown code of the file manage_product.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-268138 is the identifier assigned to this vulnerability.", "poc": ["https://github.com/Hefei-Coffee/cve/blob/main/sql10.md"]}, {"cve": "CVE-2024-26645", "desc": "In the Linux kernel, the following vulnerability has been resolved:tracing: Ensure visibility when inserting an element into tracing_mapRunning the following two commands in parallel on a multi-processorAArch64 machine can sporadically produce an unexpected warning aboutduplicate histogram entries: $ while true; do echo hist:key=id.syscall:val=hitcount > \\ /sys/kernel/debug/tracing/events/raw_syscalls/sys_enter/trigger cat /sys/kernel/debug/tracing/events/raw_syscalls/sys_enter/hist sleep 0.001 done $ stress-ng --sysbadaddr $(nproc)The warning looks as follows:[ 2911.172474] ------------[ cut here ]------------[ 2911.173111] Duplicates detected: 1[ 2911.173574] WARNING: CPU: 2 PID: 12247 at kernel/trace/tracing_map.c:983 tracing_map_sort_entries+0x3e0/0x408[ 2911.174702] Modules linked in: iscsi_ibft(E) iscsi_boot_sysfs(E) rfkill(E) af_packet(E) nls_iso8859_1(E) nls_cp437(E) vfat(E) fat(E) ena(E) tiny_power_button(E) qemu_fw_cfg(E) button(E) fuse(E) efi_pstore(E) ip_tables(E) x_tables(E) xfs(E) libcrc32c(E) aes_ce_blk(E) aes_ce_cipher(E) crct10dif_ce(E) polyval_ce(E) polyval_generic(E) ghash_ce(E) gf128mul(E) sm4_ce_gcm(E) sm4_ce_ccm(E) sm4_ce(E) sm4_ce_cipher(E) sm4(E) sm3_ce(E) sm3(E) sha3_ce(E) sha512_ce(E) sha512_arm64(E) sha2_ce(E) sha256_arm64(E) nvme(E) sha1_ce(E) nvme_core(E) nvme_auth(E) t10_pi(E) sg(E) scsi_mod(E) scsi_common(E) efivarfs(E)[ 2911.174738] Unloaded tainted modules: cppc_cpufreq(E):1[ 2911.180985] CPU: 2 PID: 12247 Comm: cat Kdump: loaded Tainted: G E 6.7.0-default #2 1b58bbb22c97e4399dc09f92d309344f69c44a01[ 2911.182398] Hardware name: Amazon EC2 c7g.8xlarge/, BIOS 1.0 11/1/2018[ 2911.183208] pstate: 61400005 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)[ 2911.184038] pc : tracing_map_sort_entries+0x3e0/0x408[ 2911.184667] lr : tracing_map_sort_entries+0x3e0/0x408[ 2911.185310] sp : ffff8000a1513900[ 2911.185750] x29: ffff8000a1513900 x28: ffff0003f272fe80 x27: 0000000000000001[ 2911.186600] x26: ffff0003f272fe80 x25: 0000000000000030 x24: 0000000000000008[ 2911.187458] x23: ffff0003c5788000 x22: ffff0003c16710c8 x21: ffff80008017f180[ 2911.188310] x20: ffff80008017f000 x19: ffff80008017f180 x18: ffffffffffffffff[ 2911.189160] x17: 0000000000000000 x16: 0000000000000000 x15: ffff8000a15134b8[ 2911.190015] x14: 0000000000000000 x13: 205d373432323154 x12: 5b5d313131333731[ 2911.190844] x11: 00000000fffeffff x10: 00000000fffeffff x9 : ffffd1b78274a13c[ 2911.191716] x8 : 000000000017ffe8 x7 : c0000000fffeffff x6 : 000000000057ffa8[ 2911.192554] x5 : ffff0012f6c24ec0 x4 : 0000000000000000 x3 : ffff2e5b72b5d000[ 2911.193404] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff0003ff254480[ 2911.194259] Call trace:[ 2911.194626] tracing_map_sort_entries+0x3e0/0x408[ 2911.195220] hist_show+0x124/0x800[ 2911.195692] seq_read_iter+0x1d4/0x4e8[ 2911.196193] seq_read+0xe8/0x138[ 2911.196638] vfs_read+0xc8/0x300[ 2911.197078] ksys_read+0x70/0x108[ 2911.197534] __arm64_sys_read+0x24/0x38[ 2911.198046] invoke_syscall+0x78/0x108[ 2911.198553] el0_svc_common.constprop.0+0xd0/0xf8[ 2911.199157] do_el0_svc+0x28/0x40[ 2911.199613] el0_svc+0x40/0x178[ 2911.200048] el0t_64_sync_handler+0x13c/0x158[ 2911.200621] el0t_64_sync+0x1a8/0x1b0[ 2911.201115] ---[ end trace 0000000000000000 ]---The problem appears to be caused by CPU reordering of writes issued from__tracing_map_insert().The check for the presence of an element with a given key in thisfunction is: val = READ_ONCE(entry->val); if (val && keys_match(key, val->key, map->key_size)) ...The write of a new entry is: elt = get_free_elt(map); memcpy(elt->key, key, map->key_size); entry->val = elt;The \"memcpy(elt->key, key, map->key_size);\" and \"entry->val = elt;\"stores may become visible in the reversed order on another CPU. Thissecond CPU might then incorrectly determine that a new key doesn't matchan already present val->key and subse---truncated---", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-27083", "desc": "Flask-AppBuilder is an application development framework, built on top of Flask. A Cross-Site Scripting (XSS) vulnerability has been discovered on the OAuth login page. An attacker could trick a user to follow a specially crafted URL to the OAuth login page. This URL could inject and execute malicious javascript code that would get executed on the user's browser. This issue was introduced on 4.1.4 and patched on 4.2.1.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-23478", "desc": "SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service, resulting in remote code execution.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-2286", "desc": "The Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wrapper link URL value in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-20338", "desc": "A vulnerability in the ISE Posture (System Scan) module of Cisco Secure Client for Linux could allow an authenticated, local attacker to elevate privileges on an affected device.\nThis vulnerability is due to the use of an uncontrolled search path element. An attacker could exploit this vulnerability by copying a malicious library file to a specific directory in the filesystem and persuading an administrator to restart a specific process. A successful exploit could allow the attacker to execute arbitrary code on an affected device with root privileges.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-2891", "desc": "A vulnerability, which was classified as critical, was found in Tenda AC7 15.03.06.44. Affected is the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257934 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC7/v1/formQuickIndex.md", "https://github.com/LaPhilosophie/IoT-vulnerable", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/helloyhrr/IoT_vulnerability"]}, {"cve": "CVE-2024-20003", "desc": "In Modem NL1, there is a possible system crash due to an improper input validation. This could lead to remote denial of service, if NW sent invalid NR RRC Connection Setup message, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01191612; Issue ID: MOLY01191612 (MSV-981).", "poc": ["https://github.com/Shangzewen/U-Fuzz", "https://github.com/asset-group/5ghoul-5g-nr-attacks", "https://github.com/asset-group/U-Fuzz", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-6165", "desc": "The WANotifier WordPress plugin before 2.6.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "poc": ["https://wpscan.com/vulnerability/b9e6648a-9d19-4e73-ad6c-f727802d8dd5/"]}, {"cve": "CVE-2024-37663", "desc": "Redmi router RB03 v1.0.57 is vulnerable to forged ICMP redirect message attacks. An attacker in the same WLAN as the victim can hijack the traffic between the victim and any remote server by sending out forged ICMP redirect messages.", "poc": ["https://github.com/ouuan/router-vuln-report/blob/master/icmp-redirect/redmi-rb03-redirect.md"]}, {"cve": "CVE-2024-0836", "desc": "The WordPress Review & Structure Data Schema Plugin \u2013 Review Schema plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rtrs_review_edit() function in all versions up to, and including, 2.1.14. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify arbitrary reviews.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-39017", "desc": "agreejs shared v0.0.1 was discovered to contain a prototype pollution via the function mergeInternalComponents. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.", "poc": ["https://gist.github.com/mestrtee/039e3e337642e6bb7f36aeddfde41b8b"]}, {"cve": "CVE-2024-21051", "desc": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "poc": ["https://www.oracle.com/security-alerts/cpuapr2024.html"]}, {"cve": "CVE-2024-20755", "desc": "Bridge versions 13.0.5, 14.0.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-22563", "desc": "openvswitch 2.17.8 was discovered to contain a memory leak via the function xmalloc__ in openvswitch-2.17.8/lib/util.c.", "poc": ["https://github.com/openvswitch/ovs-issues/issues/315"]}, {"cve": "CVE-2024-28613", "desc": "SQL Injection vulnerability in PHP Task Management System v.1.0 allows a remote attacker to escalate privileges and obtain sensitive information via the task_id parameter of the task-details.php, and edit-task.php component.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-33122", "desc": "Roothub v2.6 was discovered to contain a SQL injection vulnerability via the topic parameter in the list() function.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-1512", "desc": "The MasterStudy LMS WordPress Plugin \u2013 for Online Courses and Education plugin for WordPress is vulnerable to union based SQL Injection via the 'user' parameter of the /lms/stm-lms/order/items REST route in all versions up to, and including, 3.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", "poc": ["https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/rat-c/CVE-2024-1512", "https://github.com/wy876/POC"]}, {"cve": "CVE-2024-5736", "desc": "Server Side Request Forgery (SSRF) vulnerability in AdmirorFrames Joomla! extension in afGdStream.php script allows to access local files or server pages available only from localhost.\u00a0This issue affects AdmirorFrames: before 5.0.", "poc": ["https://github.com/afine-com/research", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-26724", "desc": "In the Linux kernel, the following vulnerability has been resolved:net/mlx5: DPLL, Fix possible use after free after delayed work timer triggersI managed to hit following use after free warning recently:[ 2169.711665] ==================================================================[ 2169.714009] BUG: KASAN: slab-use-after-free in __run_timers.part.0+0x179/0x4c0[ 2169.716293] Write of size 8 at addr ffff88812b326a70 by task swapper/4/0[ 2169.719022] CPU: 4 PID: 0 Comm: swapper/4 Not tainted 6.8.0-rc2jiri+ #2[ 2169.720974] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014[ 2169.722457] Call Trace:[ 2169.722756] [ 2169.723024] dump_stack_lvl+0x58/0xb0[ 2169.723417] print_report+0xc5/0x630[ 2169.723807] ? __virt_addr_valid+0x126/0x2b0[ 2169.724268] kasan_report+0xbe/0xf0[ 2169.724667] ? __run_timers.part.0+0x179/0x4c0[ 2169.725116] ? __run_timers.part.0+0x179/0x4c0[ 2169.725570] __run_timers.part.0+0x179/0x4c0[ 2169.726003] ? call_timer_fn+0x320/0x320[ 2169.726404] ? lock_downgrade+0x3a0/0x3a0[ 2169.726820] ? kvm_clock_get_cycles+0x14/0x20[ 2169.727257] ? ktime_get+0x92/0x150[ 2169.727630] ? lapic_next_deadline+0x35/0x60[ 2169.728069] run_timer_softirq+0x40/0x80[ 2169.728475] __do_softirq+0x1a1/0x509[ 2169.728866] irq_exit_rcu+0x95/0xc0[ 2169.729241] sysvec_apic_timer_interrupt+0x6b/0x80[ 2169.729718] [ 2169.729993] [ 2169.730259] asm_sysvec_apic_timer_interrupt+0x16/0x20[ 2169.730755] RIP: 0010:default_idle+0x13/0x20[ 2169.731190] Code: c0 08 00 00 00 4d 29 c8 4c 01 c7 4c 29 c2 e9 72 ff ff ff cc cc cc cc 8b 05 9a 7f 1f 02 85 c0 7e 07 0f 00 2d cf 69 43 00 fb f4 c3 66 66 2e 0f 1f 84 00 00 00 00 00 65 48 8b 04 25 c0 93 04 00[ 2169.732759] RSP: 0018:ffff888100dbfe10 EFLAGS: 00000242[ 2169.733264] RAX: 0000000000000001 RBX: ffff888100d9c200 RCX: ffffffff8241bd62[ 2169.733925] RDX: ffffed109a848b15 RSI: 0000000000000004 RDI: ffffffff8127ac55[ 2169.734566] RBP: 0000000000000004 R08: 0000000000000000 R09: ffffed109a848b14[ 2169.735200] R10: ffff8884d42458a3 R11: 000000000000ba7e R12: ffffffff83d7d3a0[ 2169.735835] R13: 1ffff110201b7fc6 R14: 0000000000000000 R15: ffff888100d9c200[ 2169.736478] ? ct_kernel_exit.constprop.0+0xa2/0xc0[ 2169.736954] ? do_idle+0x285/0x290[ 2169.737323] default_idle_call+0x63/0x90[ 2169.737730] do_idle+0x285/0x290[ 2169.738089] ? arch_cpu_idle_exit+0x30/0x30[ 2169.738511] ? mark_held_locks+0x1a/0x80[ 2169.738917] ? lockdep_hardirqs_on_prepare+0x12e/0x200[ 2169.739417] cpu_startup_entry+0x30/0x40[ 2169.739825] start_secondary+0x19a/0x1c0[ 2169.740229] ? set_cpu_sibling_map+0xbd0/0xbd0[ 2169.740673] secondary_startup_64_no_verify+0x15d/0x16b[ 2169.741179] [ 2169.741686] Allocated by task 1098:[ 2169.742058] kasan_save_stack+0x1c/0x40[ 2169.742456] kasan_save_track+0x10/0x30[ 2169.742852] __kasan_kmalloc+0x83/0x90[ 2169.743246] mlx5_dpll_probe+0xf5/0x3c0 [mlx5_dpll][ 2169.743730] auxiliary_bus_probe+0x62/0xb0[ 2169.744148] really_probe+0x127/0x590[ 2169.744534] __driver_probe_device+0xd2/0x200[ 2169.744973] device_driver_attach+0x6b/0xf0[ 2169.745402] bind_store+0x90/0xe0[ 2169.745761] kernfs_fop_write_iter+0x1df/0x2a0[ 2169.746210] vfs_write+0x41f/0x790[ 2169.746579] ksys_write+0xc7/0x160[ 2169.746947] do_syscall_64+0x6f/0x140[ 2169.747333] entry_SYSCALL_64_after_hwframe+0x46/0x4e[ 2169.748049] Freed by task 1220:[ 2169.748393] kasan_save_stack+0x1c/0x40[ 2169.748789] kasan_save_track+0x10/0x30[ 2169.749188] kasan_save_free_info+0x3b/0x50[ 2169.749621] poison_slab_object+0x106/0x180[ 2169.750044] __kasan_slab_free+0x14/0x50[ 2169.750451] kfree+0x118/0x330[ 2169.750792] mlx5_dpll_remove+0xf5/0x110 [mlx5_dpll][ 2169.751271] auxiliary_bus_remove+0x2e/0x40[ 2169.751694] device_release_driver_internal+0x24b/0x2e0[ 2169.752191] unbind_store+0xa6/0xb0[ 2169.752563] kernfs_fo---truncated---", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-0575", "desc": "A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. It has been classified as critical. This affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250791. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://vuldb.com/?id.250791"]}, {"cve": "CVE-2024-28736", "desc": "An issue in Debezium Community debezium-ui v.2.5 allows a local attacker to execute arbitrary code via the refresh page function.", "poc": ["https://packetstormsecurity.com/files/178794/Debezium-UI-2.5-Credential-Disclosure.html"]}, {"cve": "CVE-2024-21618", "desc": "An Access of Memory Location After End of Buffer vulnerability in the Layer-2 Control Protocols Daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause Denial of Service (DoS).On all Junos OS and Junos OS Evolved platforms, when LLDP is enabled on a specific interface, and a malformed LLDP packet is received, l2cpd crashes and restarts. The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP. Also, if any services depend on LLDP state (like PoE or VoIP device recognition), then these will also be affected.This issue affects:Junos OS: * from 21.4 before 21.4R3-S4,\u00a0 * from 22.1 before 22.1R3-S4,\u00a0 * from 22.2 before 22.2R3-S2,\u00a0 * from 22.3 before 22.3R2-S2, 22.3R3-S1,\u00a0 * from 22.4 before 22.4R3,\u00a0 * from 23.2 before 23.2R2. Junos OS Evolved: * from 21.4-EVO before 21.4R3-S5-EVO,\u00a0 * from 22.1-EVO before 22.1R3-S4-EVO,\u00a0 * from 22.2-EVO before 22.2R3-S2-EVO,\u00a0 * from 22.3-EVO before 22.3R2-S2-EVO, 22.3R3-S1-EVO,\u00a0 * from 22.4-EVO before 22.4R3-EVO,\u00a0 * from 23.2-EVO before 23.2R2-EVO.This issue does not affect: * Junos OS versions prior to 21.4R1; * Junos OS Evolved versions prior to 21.4R1-EVO.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-33120", "desc": "Roothub v2.5 was discovered to contain an arbitrary file upload vulnerability via the customPath parameter in the upload() function. This vulnerability allows attackers to execute arbitrary code via a crafted JSP file.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4513", "desc": "A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. This issue affects some unknown processing of the file /view/timetable_update_form.php. The manipulation of the argument grade leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263117 was assigned to this vulnerability.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-41373", "desc": "ICEcoder 8.1 contains a Path Traversal vulnerability via lib/backup-versions-preview-loader.php.", "poc": ["https://github.com/xjzzzxx/vulFound/blob/main/icecoder/icecoder8.1_PT.md"]}, {"cve": "CVE-2024-3219", "desc": "There is a MEDIUM severity vulnerability affecting CPython.The \u201csocket\u201d module provides a pure-Python fallback to the socket.socketpair() function for platforms that don\u2019t support AF_UNIX, such as Windows. This pure-Python implementation uses AF_INET or AF_INET6 to create a local connected pair of sockets. The connection between the two sockets was not verified before passing the two sockets back to the user, which leaves the server socket vulnerable to a connection race from a malicious local peer.Platforms that support AF_UNIX such as Linux and macOS are not affected by this vulnerability. Versions prior to CPython 3.5 are not affected due to the vulnerable API not being included.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-3758", "desc": "in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through heap buffer overflow.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-28854", "desc": "tls-listener is a rust lang wrapper around a connection listener to support TLS. With the default configuration of tls-listener, a malicious user can open 6.4 `TcpStream`s a second, sending 0 bytes, and can trigger a DoS. The default configuration options make any public service using `TlsListener::new()` vulnerable to a slow-loris DoS attack. This impacts any publicly accessible service using the default configuration of tls-listener in versions prior to 0.10.0. Users are advised to upgrade. Users unable to upgrade may mitigate this by passing a large value, such as `usize::MAX` as the parameter to `Builder::max_handshakes`.", "poc": ["https://en.wikipedia.org/wiki/Slowloris_(computer_security)", "https://github.com/tmccombs/tls-listener/security/advisories/GHSA-2qph-qpvm-2qf7", "https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-1210", "desc": "The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via API. This makes it possible for unauthenticated attackers to obtain access to quizzes.", "poc": ["https://github.com/karlemilnikka/CVE-2024-1208-and-CVE-2024-1210", "https://github.com/karlemilnikka/CVE-2024-1209", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-4034", "desc": "The Virtue theme for WordPress is vulnerable to Stored Cross-Site Scripting via a Post Author's name in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping when the latest posts feature is enabled on the homepage. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-33693", "desc": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Meks Meks Smart Social Widget allows Stored XSS.This issue affects Meks Smart Social Widget: from n/a through 1.6.4.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-26333", "desc": "swftools v0.9.2 was discovered to contain a segmentation violation via the function free_lines at swftools/lib/modules/swfshape.c.", "poc": ["https://github.com/matthiaskramm/swftools/issues/219", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-28198", "desc": "OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. By manually manipulating http requests when using the draw.io integration it is possible to read arbitrary files as the configured system user and SSRF. The problem is fixed in version 18.1.6 and 18.2.2. It is advised to upgrade to the latest version of 18.1.x or 18.2.x. Users unable to upgrade may work around this issue by disabling the Draw.io module or the entire REST API which will secure the system.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-24149", "desc": "A memory leak issue discovered in parseSWF_GLYPHENTRY in libming v0.4.8 allows attackers to cause a denial of service via a crafted SWF file.", "poc": ["https://github.com/libming/libming/issues/310"]}, {"cve": "CVE-2024-24742", "desc": "SAP CRM WebClient UI\u00a0- version S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker with low privileges can cause limited impact to integrity of the application data after successful exploitation. There is no impact on confidentiality and availability.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4818", "desc": "A vulnerability was found in Campcodes Online Laundry Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /index.php. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263939.", "poc": ["https://github.com/yylmm/CVE/blob/main/Online%20Laundry%20Management%20System/LFI.md", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-5897", "desc": "A vulnerability has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=log_visitor. The manipulation of the argument name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-268141 was assigned to this vulnerability.", "poc": ["https://github.com/Hefei-Coffee/cve/blob/main/xss.md"]}, {"cve": "CVE-2024-38449", "desc": "A Directory Traversal vulnerability in KasmVNC 1.3.1.230e50f7b89663316c70de7b0e3db6f6b9340489 and possibly earlier versions allows remote authenticated attackers to browse parent directories and read the content of files outside the scope of the application.", "poc": ["https://kasmweb.atlassian.net/servicedesk/customer/portal/3/topic/30ffee7f-4b85-4783-b118-6ae4fd8b0c52"]}, {"cve": "CVE-2024-2775", "desc": "A vulnerability, which was classified as problematic, has been found in Campcodes Online Marriage Registration System 1.0. This issue affects some unknown processing of the file /user/user-profile.php. The manipulation of the argument lname leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257609 was assigned to this vulnerability.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-4489", "desc": "The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018custom_upload_mimes\u2019 function in versions up to, and including, 1.3.976 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4086", "desc": "The CM Tooltip Glossary \u2013 Powerful Glossary Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.11. This is due to missing or incorrect nonce validation when saving settings. This makes it possible for unauthenticated attackers to change the plugin's settings or reset them via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-7358", "desc": "A vulnerability was found in Point B Ltd Getscreen Agent 2.19.6 on Windows. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file getscreen.msi of the component Installation. The manipulation leads to creation of temporary file with insecure permissions. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-273337 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but was not able to provide a technical response in time.", "poc": ["https://github.com/SaumyajeetDas/Vulnerability/tree/main/GetScreen"]}, {"cve": "CVE-2024-1115", "desc": "A vulnerability was found in openBI up to 1.0.8 and classified as critical. This issue affects the function dlfile of the file /application/websocket/controller/Setting.php. The manipulation of the argument phpPath leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252473 was assigned to this vulnerability.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-25366", "desc": "Buffer Overflow vulnerability in mz-automation.de libiec61859 v.1.4.0 allows a remote attacker to cause a denial of service via the mmsServer_handleGetNameListRequest function to the mms_getnamelist_service component.", "poc": ["https://github.com/mz-automation/libiec61850/issues/492", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-32254", "desc": "Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via tms/admin/create-package.php. When creating a new package, there is no checks for what types of files are uploaded from the image.", "poc": ["https://github.com/jinhaochan/CVE-POC/blob/main/tms/POC.md"]}, {"cve": "CVE-2024-1241", "desc": "Watchdog Antivirus v1.6.415 is vulnerable to a Denial of Service vulnerability by triggering the 0x80002014 IOCTL code of the wsdk-driver.sys driver.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-21100", "desc": "Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Platform). Supported versions that are affected are 11.3.0, 11.3.1 and 11.3.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform. While the vulnerability is in Oracle Commerce Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Commerce Platform accessible data. CVSS 3.1 Base Score 4.0 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N).", "poc": ["https://www.oracle.com/security-alerts/cpuapr2024.html"]}, {"cve": "CVE-2024-1987", "desc": "The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.4.9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-3643", "desc": "The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting list, which could allow attackers to make logged in admins perform such action via a CSRF attack", "poc": ["https://wpscan.com/vulnerability/698277e6-56f9-4688-9a84-c2fa3ea9f7dc/"]}, {"cve": "CVE-2024-27195", "desc": "Cross-Site Request Forgery (CSRF) vulnerability in Sandi Verdev Watermark RELOADED allows Stored XSS.This issue affects Watermark RELOADED: from n/a through 1.3.5.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-29063", "desc": "Azure AI Search Information Disclosure Vulnerability", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-5118", "desc": "A vulnerability has been found in SourceCodester Event Registration System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-265198 is the identifier assigned to this vulnerability.", "poc": ["https://github.com/BurakSevben/CVEs/blob/main/Event%20Registration%20System/Event%20Registration%20System%20-%20SQL%20Injection%20-%201.md"]}, {"cve": "CVE-2024-3823", "desc": "The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack", "poc": ["https://wpscan.com/vulnerability/a138215c-4b8c-4182-978f-d21ce25070d3/", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-37890", "desc": "ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in ws@8.17.1 (e55e510) and backported to ws@7.5.10 (22c2876), ws@6.2.3 (eeb76d3), and ws@5.2.4 (4abd8f6). In vulnerable versions of ws, the issue can be mitigated in the following ways: 1. Reduce the maximum allowed length of the request headers using the --max-http-header-size=size and/or the maxHeaderSize options so that no more headers than the server.maxHeadersCount limit can be sent. 2. Set server.maxHeadersCount to 0 so that no limit is applied.", "poc": ["https://github.com/websockets/ws/issues/2230", "https://github.com/websockets/ws/pull/2231", "https://github.com/websockets/ws/security/advisories/GHSA-3h5v-q93c-6h6q", "https://github.com/Meersalzeis/pingapp"]}, {"cve": "CVE-2024-4059", "desc": "Out of bounds read in V8 API in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to leak cross-site data via a crafted HTML page. (Chromium security severity: High)", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-26482", "desc": "** DISPUTED ** An HTML injection vulnerability exists in the Edit Content Layout module of Kirby CMS v4.1.0. NOTE: the vendor disputes the significance of this report because some HTML formatting (such as with an H1 element) is allowed, but there is backend sanitization such that the reporter's mentioned \"injecting malicious scripts\" would not occur.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-20045", "desc": "In audio, there is a possible out of bounds read due to an incorrect calculation of buffer size. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08024748; Issue ID: ALPS08029526.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-20034", "desc": "In battery, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08488849; Issue ID: ALPS08488849.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-27983", "desc": "An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a TCP connection is abruptly closed by the client triggering the Http2Session destructor while header frames are still being processed (and stored in memory) causing a race condition.", "poc": ["https://github.com/Ampferl/poc_http2-continuation-flood", "https://github.com/DrewskyDev/H2Flood", "https://github.com/Vos68/HTTP2-Continuation-Flood-PoC", "https://github.com/hex0punk/cont-flood-poc", "https://github.com/lirantal/CVE-2024-27983-nodejs-http2", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-29384", "desc": "An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to obtain sensitive information via the content.js and parseCSSRules functions.", "poc": ["https://github.com/mlgualtieri/CSS-Exfil-Protection/issues/41", "https://github.com/randshell/vulnerability-research/tree/main/CVE-2024-29384", "https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/randshell/CSS-Exfil-Protection-POC", "https://github.com/randshell/CVE-2024-29384"]}, {"cve": "CVE-2024-37309", "desc": "CrateDB is a distributed SQL database. A high-risk vulnerability has been identified in versions prior to 5.7.2 where the TLS endpoint (port 4200) permits client-initiated renegotiation. In this scenario, an attacker can exploit this feature to repeatedly request renegotiation of security parameters during an ongoing TLS session. This flaw could lead to excessive consumption of CPU resources, resulting in potential server overload and service disruption. The vulnerability was confirmed using an openssl client where the command `R` initiates renegotiation, followed by the server confirming with `RENEGOTIATING`. This vulnerability allows an attacker to perform a denial of service attack by exhausting server CPU resources through repeated TLS renegotiations. This impacts the availability of services running on the affected server, posing a significant risk to operational stability and security. TLS 1.3 explicitly forbids renegotiation, since it closes a window of opportunity for an attack. Version 5.7.2 of CrateDB contains the fix for the issue.", "poc": ["https://github.com/crate/crate/security/advisories/GHSA-x268-qpg6-w9g2", "https://github.com/chnzzh/OpenSSL-CVE-lib"]}, {"cve": "CVE-2024-26483", "desc": "An arbitrary file upload vulnerability in the Profile Image module of Kirby CMS v4.1.0 allows attackers to execute arbitrary code via a crafted PDF file.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-0849", "desc": "Leanote version 2.7.0 allows obtaining arbitrary local files. This is possiblebecause the application is vulnerable to LFR.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-41123", "desc": "REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, `>]` and `]>`. The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities.", "poc": ["https://github.com/lifeparticle/Ruby-Cheatsheet"]}, {"cve": "CVE-2024-39678", "desc": "Cooked is a recipe plugin for WordPress. The Cooked plugin is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to, and including, 1.7.15.4 due to missing or incorrect nonce validation on the AJAX action handler. This vulnerability could allow an attacker to trick users into performing an action they didn't intend to perform under their current authentication. This issue has been addressed in release version 1.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "poc": ["https://github.com/XjSv/Cooked/security/advisories/GHSA-pp3h-ghxf-r9pc"]}, {"cve": "CVE-2024-5287", "desc": "The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in user change them via a CSRF attack", "poc": ["https://wpscan.com/vulnerability/b4fd535c-a273-419d-9e2e-be1cbd822793/", "https://github.com/20142995/nuclei-templates"]}, {"cve": "CVE-2024-1520", "desc": "An OS Command Injection vulnerability exists in the '/open_code_folder' endpoint of the parisneo/lollms-webui application, due to improper validation of user-supplied input in the 'discussion_id' parameter. Attackers can exploit this vulnerability by injecting malicious OS commands, leading to unauthorized command execution on the underlying operating system. This could result in unauthorized access, data leakage, or complete system compromise.", "poc": ["https://github.com/timothee-chauvin/eyeballvul"]}, {"cve": "CVE-2024-0044", "desc": "In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "poc": ["https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-m7fh-f3w4-r6v2", "https://rtx.meta.security/exploitation/2024/03/04/Android-run-as-forgery.html", "https://github.com/0xMarcio/cve", "https://github.com/GhostTroops/TOP", "https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/pl4int3xt/cve_2024_0044", "https://github.com/scs-labrat/android_autorooter", "https://github.com/tanjiti/sec_profile"]}, {"cve": "CVE-2024-3478", "desc": "The Herd Effects WordPress plugin before 5.2.7 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting effects via CSRF attacks", "poc": ["https://wpscan.com/vulnerability/09f1a696-86ee-47cc-99de-57cfd2a3219d/"]}, {"cve": "CVE-2024-24051", "desc": "Improper input validation of printing files in Monoprice Select Mini V2 V37.115.32 allows attackers to instruct the device's movable parts to destinations that exceed the devices' maximum coordinates via the printing of a malicious .gcode file.", "poc": ["https://github.com/tkruppert/Reported_Vulnerabilities/blob/main/CVE-2024-24051.md"]}, {"cve": "CVE-2024-27997", "desc": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visualcomposer Visual Composer Website Builder allows Stored XSS.This issue affects Visual Composer Website Builder: from n/a through 45.6.0.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-25130", "desc": "Tuleap is an open source suite to improve management of software developments and collaboration. Prior to version 15.5.99.76 of Tuleap Community Edition and prior to versions 15.5-4 and 15.4-7 of Tuleap Enterprise Edition, users with a read access to a tracker where the mass update feature is used might get access to restricted information. Tuleap Community Edition 15.5.99.76, Tuleap Enterprise Edition 15.5-4, and Tuleap Enterprise Edition 15.4-7 contain a patch for this issue.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-5156", "desc": "The Flatsome theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.18.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-23837", "desc": "LibHTP is a security-aware parser for the HTTP protocol. Crafted traffic can cause excessive processing time of HTTP headers, leading to denial of service. This issue is addressed in 0.5.46.", "poc": ["https://redmine.openinfosecfoundation.org/issues/6444", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-1603", "desc": "paddlepaddle/paddle 2.6.0 allows arbitrary file read via paddle.vision.ops.read_file.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-23287", "desc": "A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4. An app may be able to access user-sensitive data.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-1287", "desc": "The pmpro-member-directory WordPress plugin before 1.2.6 does not prevent users with at least the contributor role from leaking other users' sensitive information, including password hashes.", "poc": ["https://wpscan.com/vulnerability/169e5756-4e12-4add-82e9-47471c30f08c/"]}, {"cve": "CVE-2024-33443", "desc": "An issue in onethink v.1.1 allows a remote attacker to execute arbitrary code via a crafted script to the AddonsController.class.php component.", "poc": ["https://gist.github.com/LioTree/a81111fb0c598a920cb49aaf0bd64e58", "https://github.com/liu21st/onethink/issues/40"]}, {"cve": "CVE-2024-26720", "desc": "In the Linux kernel, the following vulnerability has been resolved:mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again(struct dirty_throttle_control *)->thresh is an unsigned long, but ispassed as the u32 divisor argument to div_u64(). On architectures whereunsigned long is 64 bytes, the argument will be implicitly truncated.Use div64_u64() instead of div_u64() so that the value used in the \"isthis a safe division\" check is the same as the divisor.Also, remove redundant cast of the numerator to u64, as that should happenimplicitly.This would be difficult to exploit in memcg domain, given the ratio-basedarithmetic domain_drity_limits() uses, but is much easier in globalwriteback domain with a BDI_CAP_STRICTLIMIT-backing device, using e.g. vm.dirty_bytes=(1<<32)*PAGE_SIZE so that dtc->thresh == (1<<32)", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-0413", "desc": "A vulnerability was found in DeShang DSKMS up to 3.1.2. It has been rated as problematic. This issue affects some unknown processing of the file public/install.php. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250433 was assigned to this vulnerability.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-2188", "desc": "Cross-Site Scripting (XSS) vulnerability stored in TP-Link Archer AX50 affecting firmware version 1.0.11 build 2022052. This vulnerability could allow an unauthenticated attacker to create a port mapping rule via a SOAP request and store a malicious JavaScript payload within that rule, which could result in an execution of the JavaScript payload when the rule is loaded.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-31784", "desc": "An issue in Typora v.1.8.10 and before, allows a local attacker to obtain sensitive information and execute arbitrary code via a crafted payload to the src component.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-0612", "desc": "The Content Views \u2013 Post Grid, Slider, Accordion (Gutenberg Blocks and Shortcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-3687", "desc": "A vulnerability was found in bihell Dice 3.1.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Comment Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-260474 is the identifier assigned to this vulnerability.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-33259", "desc": "Jerryscript commit cefd391 was discovered to contain a segmentation violation via the component scanner_seek at jerry-core/parser/js/js-scanner-util.c.", "poc": ["https://github.com/jerryscript-project/jerryscript/issues/5132", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-28125", "desc": "FitNesse all releases allows a remote authenticated attacker to execute arbitrary OS commands.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-2806", "desc": "A vulnerability classified as critical has been found in Tenda AC15 15.03.05.18/15.03.20_multi. This affects the function addWifiMacFilter of the file /goform/addWifiMacFilter. The manipulation of the argument deviceId/deviceMac leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257661 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/addWifiMacFilter_deviceId.md", "https://vuldb.com/?id.257661", "https://github.com/LaPhilosophie/IoT-vulnerable", "https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-1330", "desc": "The kadence-blocks-pro WordPress plugin before 2.3.8 does not prevent users with at least the contributor role using some of its shortcode's functionalities to leak arbitrary options from the database.", "poc": ["https://wpscan.com/vulnerability/1988815b-7a53-4657-9b1c-1f83c9f9ccfd/"]}, {"cve": "CVE-2024-24567", "desc": "Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Vyper compiler allows passing a value in builtin raw_call even if the call is a delegatecall or a staticcall. But in the context of delegatecall and staticcall the handling of value is not possible due to the semantics of the respective opcodes, and vyper will silently ignore the value= argument. If the semantics of the EVM are unknown to the developer, he could suspect that by specifying the `value` kwarg, exactly the given amount will be sent along to the target. This vulnerability affects 0.3.10 and earlier versions.", "poc": ["https://github.com/brains93/CVE-2024-24576-PoC-Python", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-4865", "desc": "The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018_id\u2019 parameter in all versions up to, and including, 3.10.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-1113", "desc": "A vulnerability, which was classified as critical, was found in openBI up to 1.0.8. This affects the function uploadUnity of the file /application/index/controller/Unity.php. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252471.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-28119", "desc": "Grav is an open-source, flat-file content management system. Prior to version 1.7.45, due to the unrestricted access to twig extension class from grav context, an attacker can redefine the escape function and execute arbitrary commands. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. Version 1.7.45 contains a patch for this issue.", "poc": ["https://github.com/getgrav/grav/security/advisories/GHSA-2m7x-c7px-hp58", "https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-7409", "desc": "A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-26597", "desc": "In the Linux kernel, the following vulnerability has been resolved:net: qualcomm: rmnet: fix global oob in rmnet_policyThe variable rmnet_link_ops assign a *bigger* maxtype which leads to aglobal out-of-bounds read when parsing the netlink attributes. See bugtrace below:==================================================================BUG: KASAN: global-out-of-bounds in validate_nla lib/nlattr.c:386 [inline]BUG: KASAN: global-out-of-bounds in __nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600Read of size 1 at addr ffffffff92c438d0 by task syz-executor.6/84207CPU: 0 PID: 84207 Comm: syz-executor.6 Tainted: G N 6.1.0 #3Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x8b/0xb3 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:284 [inline] print_report+0x172/0x475 mm/kasan/report.c:395 kasan_report+0xbb/0x1c0 mm/kasan/report.c:495 validate_nla lib/nlattr.c:386 [inline] __nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600 __nla_parse+0x3e/0x50 lib/nlattr.c:697 nla_parse_nested_deprecated include/net/netlink.h:1248 [inline] __rtnl_newlink+0x50a/0x1880 net/core/rtnetlink.c:3485 rtnl_newlink+0x64/0xa0 net/core/rtnetlink.c:3594 rtnetlink_rcv_msg+0x43c/0xd70 net/core/rtnetlink.c:6091 netlink_rcv_skb+0x14f/0x410 net/netlink/af_netlink.c:2540 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline] netlink_unicast+0x54e/0x800 net/netlink/af_netlink.c:1345 netlink_sendmsg+0x930/0xe50 net/netlink/af_netlink.c:1921 sock_sendmsg_nosec net/socket.c:714 [inline] sock_sendmsg+0x154/0x190 net/socket.c:734 ____sys_sendmsg+0x6df/0x840 net/socket.c:2482 ___sys_sendmsg+0x110/0x1b0 net/socket.c:2536 __sys_sendmsg+0xf3/0x1c0 net/socket.c:2565 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcdRIP: 0033:0x7fdcf2072359Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48RSP: 002b:00007fdcf13e3168 EFLAGS: 00000246 ORIG_RAX: 000000000000002eRAX: ffffffffffffffda RBX: 00007fdcf219ff80 RCX: 00007fdcf2072359RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003RBP: 00007fdcf20bd493 R08: 0000000000000000 R09: 0000000000000000R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000R13: 00007fffbb8d7bdf R14: 00007fdcf13e3300 R15: 0000000000022000 The buggy address belongs to the variable: rmnet_policy+0x30/0xe0The buggy address belongs to the physical page:page:0000000065bdeb3c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x155243flags: 0x200000000001000(reserved|node=0|zone=2)raw: 0200000000001000 ffffea00055490c8 ffffea00055490c8 0000000000000000raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000page dumped because: kasan: bad access detectedMemory state around the buggy address: ffffffff92c43780: f9 f9 f9 f9 00 00 00 02 f9 f9 f9 f9 00 00 00 07 ffffffff92c43800: f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9 06 f9 f9 f9>ffffffff92c43880: f9 f9 f9 f9 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9 ^ ffffffff92c43900: 00 00 00 00 00 00 00 00 07 f9 f9 f9 f9 f9 f9 f9 ffffffff92c43980: 00 00 00 07 f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9According to the comment of `nla_parse_nested_deprecated`, the maxtypeshould be len(destination array) - 1. Hence use `IFLA_RMNET_MAX` here.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-31666", "desc": "An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via a crafted script to the edit_addon_post.php component.", "poc": ["https://github.com/hapa3/cms"]}, {"cve": "CVE-2024-1750", "desc": "A vulnerability, which was classified as critical, was found in TemmokuMVC up to 2.3. Affected is the function get_img_url/img_replace in the library lib/images_get_down.php of the component Image Download Handler. The manipulation leads to deserialization. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254532. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://vuldb.com/?id.254532", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-2622", "desc": "A vulnerability was found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240318. It has been classified as critical. This affects an unknown part of the file /api/client/editemedia.php. The manipulation of the argument number/enterprise_uuid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257199.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-28228", "desc": "In JetBrains YouTrack before 2024.1.25893 creation comments on behalf of an arbitrary user in HelpDesk was possible", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-31502", "desc": "An issue in Insurance Management System v.1.0.0 and before allows a remote attacker to escalate privileges via a crafted POST request to /admin/core/new_staff.", "poc": ["https://github.com/sahildari/cve/blob/master/CVE-2024-31502.md"]}, {"cve": "CVE-2024-40731", "desc": "A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/rear-ports/{id}/edit/.", "poc": ["https://github.com/minhquan202/Vuln-Netbox"]}, {"cve": "CVE-2024-35238", "desc": "Minder by Stacklok is an open source software supply chain security platform. Minder prior to version 0.0.51 is vulnerable to a denial-of-service (DoS) attack which could allow an attacker to crash the Minder server and deny other users access to it. The root cause of the vulnerability is that Minders sigstore verifier reads an untrusted response entirely into memory without enforcing a limit on the response body. An attacker can exploit this by making Minder make a request to an attacker-controlled endpoint which returns a response with a large body which will crash the Minder server. Specifically, the point of failure is where Minder parses the response from the GitHub attestations endpoint in `getAttestationReply`. Here, Minder makes a request to the `orgs/$owner/attestations/$checksumref` GitHub endpoint (line 285) and then parses the response into the `AttestationReply` (line 295). The way Minder parses the response on line 295 makes it prone to DoS if the response is large enough. Essentially, the response needs to be larger than the machine has available memory. Version 0.0.51 contains a patch for this issue.The content that is hosted at the `orgs/$owner/attestations/$checksumref` GitHub attestation endpoint is controlled by users including unauthenticated users to Minders threat model. However, a user will need to configure their own Minder settings to cause Minder to make Minder send a request to fetch the attestations. The user would need to know of a package whose attestations were configured in such a way that they would return a large response when fetching them. As such, the steps needed to carry out this attack would look as such:1. The attacker adds a package to ghcr.io with attestations that can be fetched via the `orgs/$owner/attestations/$checksumref` GitHub endpoint.2. The attacker registers on Minder and makes Minder fetch the attestations.3. Minder fetches attestations and crashes thereby being denied of service.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-1618", "desc": "A search path or unquoted item vulnerability in Faronics Deep Freeze Server Standard, which affects versions 8.30.020.4627 and earlier. This vulnerability affects the DFServ.exe file.\u00a0An attacker with local user privileges could exploit this vulnerability to replace the legitimate DFServ.exe service executable with a malicious file of the same name and located in a directory that has a higher priority than the legitimate directory.\u00a0Thus, when the service starts, it will run the malicious file instead of the legitimate executable, allowing the attacker to execute arbitrary code, gain unauthorized access to the compromised system or stop the service from running.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-23880", "desc": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxcodelist.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-0348", "desc": "A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been classified as problematic. Affected is an unknown function of the component File Upload Handler. The manipulation leads to resource consumption. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250116.", "poc": ["https://github.com/ahmedvienna/CVEs-and-Vulnerabilities", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-37872", "desc": "SQL injection vulnerability in process.php in Itsourcecode Billing System in PHP 1.0 allows remote attackers to execute arbitrary SQL commands via the username parameter.", "poc": ["https://github.com/TThuyyy/cve1/issues/4"]}, {"cve": "CVE-2024-38041", "desc": "Windows Kernel Information Disclosure Vulnerability", "poc": ["https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-25351", "desc": "SQL Injection vulnerability in /zms/admin/changeimage.php in PHPGurukul Zoo Management System 1.0 allows attackers to run arbitrary SQL commands via the editid parameter.", "poc": ["https://github.com/0xQRx/VulnerabilityResearch/blob/master/2024/ZooManagementSystem-SQL_Injection_Change_Image.md", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-26174", "desc": "Windows Kernel Information Disclosure Vulnerability", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-5670", "desc": "The web services of Softnext's products, Mail SQR Expert and Mail Archiving Expert do not properly validate user input, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the remote server.", "poc": ["https://github.com/tanjiti/sec_profile"]}, {"cve": "CVE-2024-31487", "desc": "A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.0 through 2.4.1 may allows attacker to information disclosure via crafted http requests.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-21034", "desc": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "poc": ["https://www.oracle.com/security-alerts/cpuapr2024.html"]}, {"cve": "CVE-2024-32258", "desc": "The network server of fceux 2.7.0 has a path traversal vulnerability, allowing attackers to overwrite any files on the server without authentication by fake ROM.", "poc": ["https://github.com/TASEmulators/fceux/issues/727", "https://github.com/liyansong2018/CVE-2024-32258", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/liyansong2018/CVE-2024-32258", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-2588", "desc": "Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/admin/index.php, in the 'id'\u00a0parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-33608", "desc": "When IPsec is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-1283", "desc": "Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-34449", "desc": "** DISPUTED ** Vditor 3.10.3 allows XSS via an attribute of an A element. NOTE: the vendor indicates that a user is supposed to mitigate this via sanitize=true.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-22718", "desc": "Cross Site Scripting (XSS) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary code via the client_id parameter in the application URL.", "poc": ["https://hakaisecurity.io/error-404-your-security-not-found-tales-of-web-vulnerabilities/"]}, {"cve": "CVE-2024-37759", "desc": "DataGear v5.0.0 and earlier was discovered to contain a SpEL (Spring Expression Language) expression injection vulnerability via the Data Viewing interface.", "poc": ["https://github.com/crumbledwall/CVE-2024-37759_PoC", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-0015", "desc": "In convertToComponentName of DreamService.java, there is a possible way to launch arbitrary protected activities due to intent redirection. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.", "poc": ["https://github.com/UmVfX1BvaW50/CVE-2024-0015", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-1770", "desc": "The Meta Tag Manager plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.2 via deserialization of untrusted input in the get_post_data function. This makes it possible for authenticated attackers, with contributor access or higher, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-2617", "desc": "A vulnerability exists in the RTU500 that allows for authenticated and authorized users to bypass secure update. If amalicious actor successfully exploits this vulnerability, theycould use it to update the RTU500 with unsigned firmware.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-33792", "desc": "netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary OS commands via a crafted payload to the tracert page.", "poc": ["https://github.com/ymkyu/CVE/tree/main/CVE-2024-33792", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-0350", "desc": "A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. VDB-250118 is the identifier assigned to this vulnerability.", "poc": ["https://github.com/ahmedvienna/CVEs-and-Vulnerabilities"]}, {"cve": "CVE-2024-0156", "desc": "Dell Digital Delivery, versions prior to 5.0.86.0, contain a Buffer Overflow vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to arbitrary code execution and/or privilege escalation.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-26166", "desc": "Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-30724", "desc": "** DISPUTED ** An issue was discovered in ROS Kinetic Kame in ROS_VERSION 1 and ROS_PYTHON_VERSION 3, allows remote attackers to execute arbitrary code, escalate privileges, obtain sensitive information, and gain unauthorized access to multiple ROS nodes. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/yashpatelphd/CVE-2024-30724"]}, {"cve": "CVE-2024-0216", "desc": "The Google Doc Embedder plugin for WordPress is vulnerable to Server Side Request Forgery via the 'gview' shortcode in versions up to, and including, 2.6.4. This can allow authenticated attackers with contributor-level permissions or above to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-37734", "desc": "An issue in OpenEMR 7.0.2 allows a remote attacker to escalate privileges viaa crafted POST request using the noteid parameter.", "poc": ["https://github.com/A3h1nt/CVEs/tree/main/OpenEMR"]}, {"cve": "CVE-2024-1547", "desc": "Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown). This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-32700", "desc": "Unrestricted Upload of File with Dangerous Type vulnerability in Kognetiks Kognetiks Chatbot for WordPress.This issue affects Kognetiks Chatbot for WordPress: from n/a through 2.0.0.", "poc": ["https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-23975", "desc": "SQL injection vulnerability exists in GetDIAE_slogListParameters.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-2902", "desc": "A vulnerability was found in Tenda AC7 15.03.06.44 and classified as critical. This issue affects the function fromSetWifiGusetBasic of the file /goform/WifiGuestSet. The manipulation of the argument shareSpeed leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257945 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC7/v1/fromSetWifiGusetBasic.md", "https://github.com/LaPhilosophie/IoT-vulnerable"]}, {"cve": "CVE-2024-39689", "desc": "Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.05.30 and prior to 2024.07.4 recognized root certificates from `GLOBALTRUST`. Certifi 2024.07.04 removes root certificates from `GLOBALTRUST` from the root store. These are in the process of being removed from Mozilla's trust store. `GLOBALTRUST`'s root certificates are being removed pursuant to an investigation which identified \"long-running and unresolved compliance issues.\"", "poc": ["https://github.com/PBorocz/raindrop-io-py", "https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/roy-aladin/InfraTest"]}, {"cve": "CVE-2024-2490", "desc": "A vulnerability classified as critical was found in Tenda AC18 15.03.05.05. Affected by this vulnerability is the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime/schedEndTime leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256897 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/Emilytutu/IoT-vulnerable/blob/main/Tenda/AC18/setSchedWifi_end.md", "https://github.com/LaPhilosophie/IoT-vulnerable"]}, {"cve": "CVE-2024-3966", "desc": "The Pray For Me WordPress plugin through 1.0.4 does not sanitise and escape some parameters, which could unauthenticated visitors to perform Cross-Site Scripting attacks that trigger when an admin visits the Prayer Requests in the WP Admin", "poc": ["https://wpscan.com/vulnerability/9f0a575f-862d-4f2e-8d25-82c6f58dd11a/"]}, {"cve": "CVE-2024-2929", "desc": "A memory corruption vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory triggering an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-31225", "desc": "RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. The `_on_rd_init()` function does not implement a size check before copying data to the `_result_buf` static buffer. If an attacker can craft a long enough payload, they could cause a buffer overflow. If the unchecked input above is attacker-controlled and crosses a security boundary, the impact of the buffer overflow vulnerability could range from denial of service to arbitrary code execution. This issue has yet to be patched. Users are advised to add manual bounds checking.", "poc": ["https://github.com/0xdea/advisories", "https://github.com/hnsecurity/vulns"]}, {"cve": "CVE-2024-1874", "desc": "In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.", "poc": ["http://www.openwall.com/lists/oss-security/2024/04/12/11", "https://github.com/php/php-src/security/advisories/GHSA-pc52-254m-w9w7", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/michalsvoboda76/batbadbut", "https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/tianstcht/tianstcht"]}, {"cve": "CVE-2024-2268", "desc": "A vulnerability was found in keerti1924 Online-Book-Store-Website 1.0. It has been classified as critical. Affected is an unknown function of the file /product_update.php?update=1. The manipulation of the argument update_image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-256038 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/keerti1924%20Online-Book-Store-Website/File%20Upload/Arbitrary%20FIle%20Upload%20in%20product_update.php%20.md"]}, {"cve": "CVE-2024-7365", "desc": "A vulnerability was found in SourceCodester Tracking Monitoring Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /manage_establishment.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273344.", "poc": ["https://gist.github.com/topsky979/18a15150a99566009476d918d79a0bf9", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-38782", "desc": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MapsMarker.Com e.U. Leaflet Maps Marker allows Stored XSS.This issue affects Leaflet Maps Marker: from n/a through 3.12.9.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-21647", "desc": "Puma is a web server for Ruby/Rack applications built for parallelism. Prior to version 6.4.2, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies in a way that allowed HTTP request smuggling. Fixed versions limits the size of chunk extensions. Without this limit, an attacker could cause unbounded resource (CPU, network bandwidth) consumption. This vulnerability has been fixed in versions 6.4.2 and 5.6.8.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-2452", "desc": "In Eclipse ThreadX NetX Duo before 6.4.0, if an attacker can control parameters of __portable_aligned_alloc() could cause an integer wrap-around and an allocation smaller than expected. This could cause subsequent heap buffer overflows.", "poc": ["https://github.com/0xdea/advisories", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/hnsecurity/vulns"]}, {"cve": "CVE-2024-3891", "desc": "The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML tags in widgets in all versions up to, and including, 3.10.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-24883", "desc": "Missing Authorization vulnerability in BdThemes Prime Slider \u2013 Addons For Elementor.This issue affects Prime Slider \u2013 Addons For Elementor: from n/a through 3.11.10.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-23639", "desc": "Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical of a production application, these attacks may have more impact on a development environment where such endpoints may be flipped on without much thought. A malicious/compromised website can make HTTP requests to `localhost`. Normally, such requests would trigger a CORS preflight check which would prevent the request; however, some requests are \"simple\" and do not require a preflight check. These endpoints, if enabled and not secured, are vulnerable to being triggered. Production environments typically disable unused endpoints and secure/restrict access to needed endpoints. A more likely victim is the developer in their local development host, who has enabled endpoints without security for the sake of easing development. This issue has been addressed in version 3.8.3. Users are advised to upgrade.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-20985", "desc": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-29027", "desc": "Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 6.5.5 and 7.0.0-alpha.29, calling an invalid Parse Server Cloud Function name or Cloud Job name crashes the server and may allow for code injection, internal store manipulation or remote code execution. The patch in versions 6.5.5 and 7.0.0-alpha.29 added string sanitation for Cloud Function name and Cloud Job name. As a workaround, sanitize the Cloud Function name and Cloud Job name before it reaches Parse Server.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-30405", "desc": "An Incorrect Calculation of Buffer Size vulnerability in Juniper Networks Junos OS SRX 5000 Series devices using SPC2 line cards while ALGs are enabled allows an attacker sending specific crafted packets to cause a transit traffic Denial of Service (DoS).Continued receipt and processing of these specific packets will sustain the Denial of Service condition.This issue affects:Juniper Networks Junos OS SRX 5000 Series with SPC2 with ALGs enabled. * All versions earlier than 21.2R3-S7; * 21.4 versions earlier than 21.4R3-S6; * 22.1 versions earlier than 22.1R3-S5; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R2.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-23496", "desc": "A heap-based buffer overflow vulnerability exists in the GGUF library gguf_fread_str functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-1015", "desc": "Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. An attacker could send different commands from the operating system to the system via the web configuration functionality of the device.", "poc": ["https://www.hackplayers.com/2024/01/cve-2024-1014-and-cve-2024-1015.html", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-5811", "desc": "The Simple Video Directory WordPress plugin before 1.4.4 does not sanitise and escape some of its settings, which could allow contributors and higher to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "poc": ["https://wpscan.com/vulnerability/bf6c2e28-51ef-443b-b1c2-d555c7e12f7f/"]}, {"cve": "CVE-2024-34213", "desc": "TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the SetPortForwardRules function.", "poc": ["https://github.com/n0wstr/IOTVuln/tree/main/CP450/SetPortForwardRules"]}, {"cve": "CVE-2024-1420", "desc": "** REJECT ** **REJECT** This is a duplicate of CVE-2024-1049. Please use CVE-2024-1049 instead.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-2329", "desc": "A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/list_resource_icon.php?action=delete. The manipulation of the argument IconId leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256280. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/flyyue2001/cve/blob/main/NS-ASG-sql-list_resource_icon.md", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-20971", "desc": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-3706", "desc": "Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to view a php backup file (controlaccess.php-LAST) where database credentials are stored.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-27144", "desc": "The Toshiba printers provide several ways to upload files using the web interface without authentication. An attacker can overwrite any insecure files. And the Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. The programs can be replaced by malicious programs by any local or remote attacker.\u00a0This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone.\u00a0So, the CVSS score for this vulnerability alone is lower than the score listed in the \"Base Score\" of this vulnerability.\u00a0For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL.", "poc": ["http://seclists.org/fulldisclosure/2024/Jul/1"]}, {"cve": "CVE-2024-30594", "desc": "Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceMac parameter of the addWifiMacFilter function.", "poc": ["https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/addWifiMacFilter_deviceMac.md", "https://github.com/LaPhilosophie/IoT-vulnerable", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-21021", "desc": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "poc": ["https://www.oracle.com/security-alerts/cpuapr2024.html"]}, {"cve": "CVE-2024-24110", "desc": "SQL Injection vulnerability in crmeb_java before v1.3.4 allows attackers to run arbitrary SQL commands via crafted GET request to the component /api/front/spread/people.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-32655", "desc": "Npgsql is the .NET data provider for PostgreSQL. The `WriteBind()` method in `src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs` uses `int` variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This causes Npgsql to write a message size that is too small when constructing a Postgres protocol message to send it over the network to the database. When parsing the message, the database will only read a small number of bytes and treat any following bytes as new messages while they belong to the old message. Attackers can abuse this to inject arbitrary Postgres protocol messages into the connection, leading to the execution of arbitrary SQL statements on the application's behalf. This vulnerability is fixed in 4.0.14, 4.1.13, 5.0.18, 6.0.11, 7.0.7, and 8.0.3.", "poc": ["https://github.com/cdupuis/aspnetapp"]}, {"cve": "CVE-2024-2856", "desc": "A vulnerability, which was classified as critical, has been found in Tenda AC10 16.03.10.13/16.03.10.20. Affected by this issue is the function fromSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument timeZone leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257780. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10/V16.03.10.13/fromSetSysTime.md", "https://github.com/LaPhilosophie/IoT-vulnerable", "https://github.com/NaInSec/CVE-LIST", "https://github.com/Schnaidr/CVE-2024-2856-Stack-overflow-EXP", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/tanjiti/sec_profile"]}, {"cve": "CVE-2024-20844", "desc": "Out-of-bounds write vulnerability while parsing remaining codewords in libsavsac.so prior to SMR Apr-2024 Release 1 allows local attacker to execute arbitrary code.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-38892", "desc": "An issue in Wavlink WN551K1 allows a remote attacker to obtain sensitive information via the ExportAllSettings.sh component.", "poc": ["https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/Wavlink/WN551K1/ExportLogs.sh/README.md"]}, {"cve": "CVE-2024-27268", "desc": "IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 284574.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-25385", "desc": "An issue in flvmeta v.1.2.2 allows a local attacker to cause a denial of service via the flvmeta/src/flv.c:375:21 function in flv_close.", "poc": ["https://github.com/hanxuer/crashes/blob/main/flvmeta/01/readme.md", "https://github.com/noirotm/flvmeta/issues/23", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-29452", "desc": "** DISPUTED ** An insecure deserialization vulnerability has been identified in ROS2 Humble Hawksbill in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code and obtain sensitive information via crafted input to the Data Serialization and Deserialization Components, Inter-Process Communication Mechanisms, and Network Communication Interfaces. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/yashpatelphd/CVE-2024-29452"]}, {"cve": "CVE-2024-21978", "desc": "Improper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to data leakage or data corruption.", "poc": ["https://github.com/Freax13/cve-2024-21978-poc", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-25898", "desc": "A XSS vulnerability was found in the ChurchCRM v.5.5.0 functionality, edit your event, where malicious JS or HTML code can be inserted in the Event Sermon field in EventEditor.php.", "poc": ["https://github.com/ChurchCRM/CRM/issues/6851"]}, {"cve": "CVE-2024-23870", "desc": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stockissuancelist.php, in the delete parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-29866", "desc": "Datalust Seq before 2023.4.11151 and 2024 before 2024.1.11146 has Incorrect Access Control because a Project Owner or Organization Owner can escalate to System privileges.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-3479", "desc": "An improper export vulnerability was reported in the Motorola Enterprise MotoDpms Provider (com.motorola.server.enterprise.MotoDpmsProvider) that could allow a local attacker to read local data.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-37906", "desc": "Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.3.9, there is an SQL Injection in the `/adm_program/modules/ecards/ecard_send.php` source file of the Admidio Application. The SQL Injection results in a compromise of the application's database. The value of `ecard_recipients `POST parameter is being directly concatenated with the SQL query in the source code causing the SQL Injection. The SQL Injection can be exploited by a member user, using blind condition-based, time-based, and Out of band interaction SQL Injection payloads. This vulnerability is fixed in 4.3.9.", "poc": ["https://github.com/Admidio/admidio/security/advisories/GHSA-69wx-xc6j-28v3"]}, {"cve": "CVE-2024-7336", "desc": "A vulnerability classified as critical was found in TOTOLINK EX200 4.0.3c.7646_B20201211. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273259. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/EX200/loginauth.md", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-26882", "desc": "In the Linux kernel, the following vulnerability has been resolved:net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv()Apply the same fix than ones found in :8d975c15c0cd (\"ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()\")1ca1ba465e55 (\"geneve: make sure to pull inner header in geneve_rx()\")We have to save skb->network_header in a temporary variablein order to be able to recompute the network_header pointerafter a pskb_inet_may_pull() call.pskb_inet_may_pull() makes sure the needed headers are in skb->head.syzbot reported:BUG: KMSAN: uninit-value in __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline] BUG: KMSAN: uninit-value in INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline] BUG: KMSAN: uninit-value in IP_ECN_decapsulate include/net/inet_ecn.h:302 [inline] BUG: KMSAN: uninit-value in ip_tunnel_rcv+0xed9/0x2ed0 net/ipv4/ip_tunnel.c:409 __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline] INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline] IP_ECN_decapsulate include/net/inet_ecn.h:302 [inline] ip_tunnel_rcv+0xed9/0x2ed0 net/ipv4/ip_tunnel.c:409 __ipgre_rcv+0x9bc/0xbc0 net/ipv4/ip_gre.c:389 ipgre_rcv net/ipv4/ip_gre.c:411 [inline] gre_rcv+0x423/0x19f0 net/ipv4/ip_gre.c:447 gre_rcv+0x2a4/0x390 net/ipv4/gre_demux.c:163 ip_protocol_deliver_rcu+0x264/0x1300 net/ipv4/ip_input.c:205 ip_local_deliver_finish+0x2b8/0x440 net/ipv4/ip_input.c:233 NF_HOOK include/linux/netfilter.h:314 [inline] ip_local_deliver+0x21f/0x490 net/ipv4/ip_input.c:254 dst_input include/net/dst.h:461 [inline] ip_rcv_finish net/ipv4/ip_input.c:449 [inline] NF_HOOK include/linux/netfilter.h:314 [inline] ip_rcv+0x46f/0x760 net/ipv4/ip_input.c:569 __netif_receive_skb_one_core net/core/dev.c:5534 [inline] __netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5648 netif_receive_skb_internal net/core/dev.c:5734 [inline] netif_receive_skb+0x58/0x660 net/core/dev.c:5793 tun_rx_batched+0x3ee/0x980 drivers/net/tun.c:1556 tun_get_user+0x53b9/0x66e0 drivers/net/tun.c:2009 tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2055 call_write_iter include/linux/fs.h:2087 [inline] new_sync_write fs/read_write.c:497 [inline] vfs_write+0xb6b/0x1520 fs/read_write.c:590 ksys_write+0x20f/0x4c0 fs/read_write.c:643 __do_sys_write fs/read_write.c:655 [inline] __se_sys_write fs/read_write.c:652 [inline] __x64_sys_write+0x93/0xd0 fs/read_write.c:652 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6bUninit was created at: __alloc_pages+0x9a6/0xe00 mm/page_alloc.c:4590 alloc_pages_mpol+0x62b/0x9d0 mm/mempolicy.c:2133 alloc_pages+0x1be/0x1e0 mm/mempolicy.c:2204 skb_page_frag_refill+0x2bf/0x7c0 net/core/sock.c:2909 tun_build_skb drivers/net/tun.c:1686 [inline] tun_get_user+0xe0a/0x66e0 drivers/net/tun.c:1826 tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2055 call_write_iter include/linux/fs.h:2087 [inline] new_sync_write fs/read_write.c:497 [inline] vfs_write+0xb6b/0x1520 fs/read_write.c:590 ksys_write+0x20f/0x4c0 fs/read_write.c:643 __do_sys_write fs/read_write.c:655 [inline] __se_sys_write fs/read_write.c:652 [inline] __x64_sys_write+0x93/0xd0 fs/read_write.c:652 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-0290", "desc": "A vulnerability, which was classified as critical, has been found in Kashipara Food Management System 1.0. This issue affects some unknown processing of the file stock_edit.php. The manipulation of the argument item_type leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249851.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-27989", "desc": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in I Thirteen Web Solution WP Responsive Tabs horizontal vertical and accordion Tabs allows Stored XSS.This issue affects WP Responsive Tabs horizontal vertical and accordion Tabs: from n/a through 1.1.17.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-28734", "desc": "Cross Site Scripting vulnerability in Unit4 Financials by Coda prior to 2023Q4 allows a remote attacker to run arbitrary code via a crafted GET request using the cols parameter.", "poc": ["https://packetstormsecurity.com/files/177619/Financials-By-Coda-Cross-Site-Scripting.html", "https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-1208", "desc": "The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.2 via API. This makes it possible for unauthenticated attackers to obtain access to quiz questions.", "poc": ["https://github.com/Cappricio-Securities/CVE-2024-1208", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/karlemilnikka/CVE-2024-1208-and-CVE-2024-1210", "https://github.com/karlemilnikka/CVE-2024-1209", "https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/tanjiti/sec_profile"]}, {"cve": "CVE-2024-4033", "desc": "The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the aiovg_create_attachment_from_external_image_url function in all versions up to, and including, 3.6.4. This makes it possible for authenticated attackers, with contributor access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-3721", "desc": "A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing of the file /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___. The manipulation of the argument mdb/mdc leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260573 was assigned to this vulnerability.", "poc": ["https://github.com/netsecfish/tbk_dvr_command_injection", "https://vuldb.com/?id.260573"]}, {"cve": "CVE-2024-34273", "desc": "njwt up to v0.4.0 was discovered to contain a prototype pollution in the Parser.prototype.parse method.", "poc": ["https://github.com/chrisandoryan/vuln-advisory/blob/main/nJwt/CVE-2024-34273.md", "https://github.com/chrisandoryan/vuln-advisory", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-1922", "desc": "A vulnerability has been found in SourceCodester Online Job Portal 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /Employer/ManageJob.php of the component Manage Job Page. The manipulation of the argument Qualification/Description leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254857 was assigned to this vulnerability.", "poc": ["https://vuldb.com/?id.254857", "https://github.com/ahmedvienna/CVEs-and-Vulnerabilities", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-1398", "desc": "The Ultimate Bootstrap Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018heading_title_tag\u2019 and \u2019heading_sub_title_tag\u2019 parameters in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-2511", "desc": "Issue summary: Some non-default TLS server configurations can cause unboundedmemory growth when processing TLSv1.3 sessionsImpact summary: An attacker may exploit certain server configurations to triggerunbounded memory growth that would lead to a Denial of ServiceThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option isbeing used (but not if early_data support is also configured and the defaultanti-replay protection is in use). In this case, under certain conditions, thesession cache can get into an incorrect state and it will fail to flush properlyas it fills. The session cache will continue to grow in an unbounded manner. Amalicious client could deliberately create the scenario for this failure toforce a Denial of Service. It may also happen by accident in normal operation.This issue only affects TLS servers supporting TLSv1.3. It does not affect TLSclients.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL1.0.2 is also not affected by this issue.", "poc": ["https://github.com/GrigGM/05-virt-04-docker-hw", "https://github.com/bcgov/jag-cdds", "https://github.com/chnzzh/OpenSSL-CVE-lib", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-23123", "desc": "A maliciously crafted CATPART file, when parsed in CC5Dll.dll and ASMBASE228A.dll through Autodesk applications, can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-6021", "desc": "The Donation Block For PayPal WordPress plugin through 2.1.0 does not sanitise and escape form submissions, leading to a stored cross-site scripting vulnerability", "poc": ["https://wpscan.com/vulnerability/9d83cffd-7dcd-4301-8d4d-3043b14e05b5/"]}, {"cve": "CVE-2024-2572", "desc": "A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /task-details.php. The manipulation leads to execution after redirect. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257075.", "poc": ["https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Employee%20Task%20Management%20System/Execution%20After%20Redirect%20-%20task-details.php.md", "https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-3131", "desc": "A vulnerability was found in SourceCodester Computer Laboratory Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /classes/Master.php?f=save_category. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258874 is the identifier assigned to this vulnerability.", "poc": ["https://github.com/ycxdzj/CVE_Hunter/blob/main/SQL-7.md", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4751", "desc": "The WP Prayer II WordPress plugin through 2.4.7 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack", "poc": ["https://wpscan.com/vulnerability/94f4cc45-4c55-43d4-8ad2-a20c118b589f/"]}, {"cve": "CVE-2024-4126", "desc": "A vulnerability was found in Tenda W15E 15.11.0.14 and classified as critical. This issue affects the function formSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument manualTime leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261869 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formSetSysTime.md", "https://github.com/LaPhilosophie/IoT-vulnerable", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-21008", "desc": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).", "poc": ["https://www.oracle.com/security-alerts/cpuapr2024.html"]}, {"cve": "CVE-2024-27718", "desc": "SQL Injection vulnerability in Baizhuo Network Smart s200 Management Platform v.S200 allows a local attacker to obtain sensitive information and escalate privileges via the /importexport.php component.", "poc": ["https://github.com/tldjgggg/cve/blob/main/sql.md"]}, {"cve": "CVE-2024-23642", "desc": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user's browser when viewed in the WMS GetMap SVG Output Format when the Simple SVG renderer is enabled. Access to the WMS SVG Format is available to all users by default although data and service security may limit users' ability to trigger the XSS. Versions 2.23.4 and 2.24.1 contain a fix for this issue.", "poc": ["https://github.com/geoserver/geoserver/security/advisories/GHSA-fg9v-56hw-g525", "https://osgeo-org.atlassian.net/browse/GEOS-11152", "https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-2762", "desc": "The FooGallery WordPress plugin before 2.4.15, foogallery-premium WordPress plugin before 2.4.15 does not validate and escape some of its Gallery settings before outputting them back in the page, which could allow users with a role as low as Author to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin", "poc": ["https://wpscan.com/vulnerability/92e0f5ca-0184-4e9c-b01a-7656e05dce69/"]}, {"cve": "CVE-2024-1989", "desc": "The Social Sharing Plugin \u2013 Sassy Social Share plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Sassy_Social_Share' shortcode in all versions up to, and including, 3.3.58 due to insufficient input sanitization and output escaping on user supplied attributes such as 'url'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-26031", "desc": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-26198", "desc": "Microsoft Exchange Server Remote Code Execution Vulnerability", "poc": ["https://github.com/MrCyberSec/CVE-2024-26198-Exchange-RCE", "https://github.com/MrSecby/CVE-2024-26198-Exchange-RCE", "https://github.com/NaInSec/CVE-LIST", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-25316", "desc": "Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'eid' parameter in Hotel/admin/usersettingdel.php?eid=2.", "poc": ["https://github.com/tubakvgc/CVEs/blob/main/Hotel%20Managment%20System/Hotel%20Managment%20System%20-%20SQL%20Injection-4.md", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/tubakvgc/CVEs"]}, {"cve": "CVE-2024-5734", "desc": "A vulnerability classified as critical has been found in itsourcecode Online Discussion Forum 1.0. Affected is an unknown function of the file /members/poster.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-267408.", "poc": ["https://github.com/kingshao0312/cve/issues/2", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-21099", "desc": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Data Visualization). The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).", "poc": ["https://www.oracle.com/security-alerts/cpuapr2024.html"]}, {"cve": "CVE-2024-5422", "desc": "An uncontrolled resource consumption of file descriptors in SEH Computertechnik utnserver Pro, SEH Computertechnik utnserver ProMAX, SEH Computertechnik INU-100 allows DoS via HTTP.This issue affects utnserver Pro, utnserver ProMAX, INU-100 version 20.1.22 and below.", "poc": ["http://seclists.org/fulldisclosure/2024/Jun/4", "https://cyberdanube.com/en/en-multiple-vulnerabilities-in-seh-untserver-pro/index.html"]}, {"cve": "CVE-2024-23659", "desc": "SPIP before 4.1.14 and 4.2.x before 4.2.8 allows XSS via the name of an uploaded file. This is related to javascript/bigup.js and javascript/bigup.utils.js.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-28159", "desc": "A missing permission check in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers with Item/Read permission to trigger a build.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-0246", "desc": "A vulnerability classified as problematic has been found in IceWarp 12.0.2.1/12.0.3.1. This affects an unknown part of the file /install/ of the component Utility Download Handler. The manipulation of the argument lang with the input 1%27\"()%26%25 leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249759. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-0890", "desc": "A vulnerability was found in hongmaple octopus 1.0. It has been classified as critical. Affected is an unknown function of the file /system/dept/edit. The manipulation of the argument ancestors leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. VDB-252042 is the identifier assigned to this vulnerability.", "poc": ["https://github.com/biantaibao/octopus_SQL2/blob/main/report.md"]}, {"cve": "CVE-2024-2961", "desc": "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.", "poc": ["https://github.com/EGI-Federation/SVG-advisories", "https://github.com/Threekiii/Awesome-POC", "https://github.com/ZonghaoLi777/githubTrending", "https://github.com/absolutedesignltd/iconvfix", "https://github.com/ambionics/cnext-exploits", "https://github.com/aneasystone/github-trending", "https://github.com/bollwarm/SecToolSet", "https://github.com/exfil0/test_iconv", "https://github.com/johe123qwe/github-trending", "https://github.com/kjdfklha/CVE-2024-2961_poc", "https://github.com/mattaperkins/FIX-CVE-2024-2961", "https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/rvizx/CVE-2024-2961", "https://github.com/sampsonv/github-trending", "https://github.com/tanjiti/sec_profile", "https://github.com/tarlepp/links-of-the-week", "https://github.com/testing-felickz/docker-scout-demo", "https://github.com/tnishiox/cve-2024-2961", "https://github.com/wjlin0/wjlin0", "https://github.com/zhaoxiaoha/github-trending"]}, {"cve": "CVE-2024-24148", "desc": "A memory leak issue discovered in parseSWF_FREECHARACTER in libming v0.4.8 allows attackers to cause a denial of service via a crafted SWF file.", "poc": ["https://github.com/libming/libming/issues/308"]}, {"cve": "CVE-2024-0503", "desc": "A vulnerability was found in code-projects Online FIR System 1.0. It has been classified as problematic. This affects an unknown part of the file registercomplaint.php. The manipulation of the argument Name/Address leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250611.", "poc": ["https://drive.google.com/file/d/1n9Zas-iSOfKVMN3UzPyVGgQgCmig2A5I/view?usp=sharing"]}, {"cve": "CVE-2024-28435", "desc": "The CRM platform Twenty version 0.3.0 is vulnerable to SSRF via file upload.", "poc": ["https://github.com/b-hermes/vulnerability-research/tree/main/CVE-2024-28435", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-2852", "desc": "A vulnerability was found in Tenda AC15 15.03.20_multi. It has been declared as critical. This vulnerability affects the function saveParentControlInfo of the file /goform/saveParentControlInfo. The manipulation of the argument urls leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257776. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/saveParentControlInfo_urls.md", "https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-23295", "desc": "A permissions issue was addressed to help ensure Personas are always protected This issue is fixed in visionOS 1.1. An unauthenticated user may be able to use an unprotected Persona.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-0731", "desc": "A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as problematic. This vulnerability affects unknown code of the component PUT Command Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251554 is the identifier assigned to this vulnerability.", "poc": ["https://fitoxs.com/vuldb/01-PCMan%20v2.0.7-exploit.txt"]}, {"cve": "CVE-2024-26197", "desc": "Windows Standards-Based Storage Management Service Denial of Service Vulnerability", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-23692", "desc": "** UNSUPPPORTED WHEN ASSIGNED ** Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported.", "poc": ["https://github.com/rapid7/metasploit-framework/pull/19240", "https://mohemiv.com/all/rejetto-http-file-server-2-3m-unauthenticated-rce/", "https://github.com/Ostorlab/KEV", "https://github.com/Threekiii/CVE", "https://github.com/TrojanAZhen/Self_Back", "https://github.com/enomothem/PenTestNote", "https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/tanjiti/sec_profile", "https://github.com/wjlin0/poc-doc", "https://github.com/wy876/POC"]}, {"cve": "CVE-2024-34694", "desc": "LNbits is a Lightning wallet and accounts system. Paying invoices in Eclair that do not get settled within the internal timeout (about 30s) lead to a payment being considered failed, even though it may still be in flight. This vulnerability can lead to a total loss of funds for the node backend. This vulnerability is fixed in 0.12.6.", "poc": ["https://github.com/lnbits/lnbits/security/advisories/GHSA-3j4h-h3fp-vwww"]}, {"cve": "CVE-2024-2384", "desc": "The WooCommerce POS plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.4.11. This is due to the plugin not properly verifying the authentication and authorization of the current user This makes it possible for authenticated attackers, with customer-level access and above, to view potentially sensitive information about other users by leveraging their order id", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-33514", "desc": "Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected service.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-5050", "desc": "A vulnerability, which was classified as critical, was found in Wangshen SecGate 3600 up to 20240516. This affects an unknown part of the file /?g=log_import_save. The manipulation of the argument reqfile leads to unrestricted upload. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-264747.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-27775", "desc": "SysAid before version 23.2.14 b18 -\u00a0CWE-918: Server-Side Request Forgery (SSRF) may allow exposing the local OS user's NTLMv2 hash", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4649", "desc": "A vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/student_exam_mark_insert_form1.php. The manipulation of the argument page leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263493 was assigned to this vulnerability.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-0281", "desc": "A vulnerability was found in Kashipara Food Management System up to 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file loginCheck.php. The manipulation of the argument password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249836.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-0781", "desc": "A vulnerability, which was classified as problematic, was found in CodeAstro Internet Banking System 1.0. This affects an unknown part of the file pages_client_signup.php. The manipulation of the argument Client Full Name with the input leads to open redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251697 was assigned to this vulnerability.", "poc": ["https://drive.google.com/drive/folders/1f61RXqelSDY0T92aLjmb8BhgAHt_eeUS", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4083", "desc": "The Easy Restaurant Table Booking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation when saving settings. This makes it possible for unauthenticated attackers to change the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-42356", "desc": "Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6.5.8.13, the `context` variable is injected into almost any Twig Template and allows to access to current language, currency information. The context object allows also to switch for a short time the scope of the Context as a helper with a callable function. The function can be called also from Twig and as the second parameter allows any callable, it's possible to call from Twig any statically callable PHP function/method. It's not possible as customer to provide any Twig code, the attacker would require access to Administration to exploit it using Mail templates or using App Scripts. Update to Shopware 6.6.5.1 or 6.5.8.13 to receive a patch. For older versions of 6.1, 6.2, 6.3 and 6.4 corresponding security measures are also available via a plugin.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4903", "desc": "A vulnerability was found in Tongda OA 2017. It has been declared as critical. This vulnerability affects unknown code of the file /general/meeting/manage/delete.php. The manipulation of the argument M_ID_STR leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264436. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/Hefei-Coffee/cve/blob/main/sql3.md", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-7280", "desc": "A vulnerability was found in SourceCodester Lot Reservation Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/view_reserved.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273149 was assigned to this vulnerability.", "poc": ["https://gist.github.com/topsky979/c4e972f03739833ad2d111493f44138b"]}, {"cve": "CVE-2024-2332", "desc": "A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/maintenance/manage_category.php of the component HTTP GET Request Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256283.", "poc": ["https://github.com/vanitashtml/CVE-Dumps/blob/main/Blind%20SQL%20Injection%20Manage%20Category%20-%20Mobile%20Management%20Store.md", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-28212", "desc": "nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-25214", "desc": "An issue in Employee Managment System v1.0 allows attackers to bypass authentication via injecting a crafted payload into the E-mail and Password parameters at /alogin.html.", "poc": ["https://github.com/BurakSevben/CVEs/blob/main/Employee%20Management%20System/Employee%20Managment%20System%20-%20Authentication%20Bypass.md", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-2998", "desc": "A vulnerability was found in Bdtask Multi-Store Inventory Management System up to 20240320. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Store Update Page. The manipulation of the argument Store Name/Store Address leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258200. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/Srivishnu-p/CVEs-and-Vulnerabilities", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-24100", "desc": "Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection via PublisherID.", "poc": ["https://github.com/ASR511-OO7/CVE-2024-24100", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-3530", "desc": "A vulnerability was found in Campcodes Complete Online Student Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file Marks_view.php. The manipulation of the argument FirstRecord leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259900.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-2444", "desc": "The Inline Related Posts WordPress plugin before 3.5.0 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed", "poc": ["https://wpscan.com/vulnerability/214e5fd7-8684-418a-b67d-60b1dcf11a48/", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-7560", "desc": "The News Flash theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input from the newsflash_post_meta meta value. This makes it possible for authenticated attackers, with Editor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.", "poc": ["https://github.com/20142995/nuclei-templates"]}, {"cve": "CVE-2024-2285", "desc": "A vulnerability, which was classified as problematic, has been found in boyiddha Automated-Mess-Management-System 1.0. Affected by this issue is some unknown functionality of the file /member/member_edit.php. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-256052. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/boyiddha%20utomated-Mess-Management-System/STORED%20XSS%20member-member-edit.php%20.md", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-28154", "desc": "Jenkins MQ Notifier Plugin 1.4.0 and earlier logs potentially sensitive build parameters as part of debug information in build logs by default.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-25392", "desc": "An out-of-bounds access occurs in utilities/var_export/var_export.c in RT-Thread through 5.0.2.", "poc": ["https://github.com/0xdea/advisories", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/hnsecurity/vulns"]}, {"cve": "CVE-2024-22547", "desc": "WayOS IBR-7150 <17.06.23 is vulnerable to Cross Site Scripting (XSS).", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-27822", "desc": "A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sonoma 14.5. An app may be able to gain root privileges.", "poc": ["https://github.com/houjingyi233/macOS-iOS-system-security"]}, {"cve": "CVE-2024-27017", "desc": "In the Linux kernel, the following vulnerability has been resolved:netfilter: nft_set_pipapo: walk over current view on netlink dumpThe generation mask can be updated while netlink dump is in progress.The pipapo set backend walk iterator cannot rely on it to infer whatview of the datastructure is to be used. Add notation to specify if userwants to read/update the set.Based on patch from Florian Westphal.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-3387", "desc": "A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an attacker to perform a meddler-in-the-middle (MitM) attack to capture encrypted traffic between the Panorama management server and the firewalls it manages. With sufficient computing resources, the attacker could break encrypted communication and expose sensitive information that is shared between the management server and the firewalls.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-5362", "desc": "A vulnerability classified as critical has been found in SourceCodester Online Hospital Management System 1.0. Affected is an unknown function of the file departmentDoctor.php. The manipulation of the argument deptid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-266274 is the identifier assigned to this vulnerability.", "poc": ["https://github.com/CveSecLook/cve/issues/41"]}, {"cve": "CVE-2024-28254", "desc": "OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The `\u200eAlertUtil::validateExpression` method evaluates an SpEL expression using `getValue` which by default uses the `StandardEvaluationContext`, allowing the expression to reach and interact with Java classes such as `java.lang.Runtime`, leading to Remote Code Execution. The `/api/v1/events/subscriptions/validation/condition/` endpoint passes user-controlled data `AlertUtil::validateExpession` allowing authenticated (non-admin) users to execute arbitrary system commands on the underlaying operating system. In addition, there is a missing authorization check since `Authorizer.authorize()` is never called in the affected path and, therefore, any authenticated non-admin user is able to trigger this endpoint and evaluate arbitrary SpEL expressions leading to arbitrary command execution. This vulnerability was discovered with the help of CodeQL's Expression language injection (Spring) query and is also tracked as `GHSL-2023-235`. This issue may lead to Remote Code Execution and has been addressed in version 1.2.4. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "poc": ["https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-j86m-rrpr-g8gw", "https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-31745", "desc": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-2002. Reason: This candidate is a duplicate of CVE-2024-2002. Notes: All CVE users should reference CVE-2024-2002 instead of this candidate.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-3495", "desc": "The Country State City Dropdown CF7 plugin for WordPress is vulnerable to SQL Injection via the \u2018cnt\u2019 and 'sid' parameters in versions up to, and including, 2.7.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", "poc": ["https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/tanjiti/sec_profile", "https://github.com/truonghuuphuc/CVE-2024-3495-Poc", "https://github.com/wjlin0/poc-doc", "https://github.com/wy876/POC", "https://github.com/wy876/wiki", "https://github.com/zomasec/CVE-2024-3495-POC"]}, {"cve": "CVE-2024-24112", "desc": "xmall v1.1 was discovered to contain a SQL injection vulnerability via the orderDir parameter.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/tanjiti/sec_profile"]}, {"cve": "CVE-2024-21625", "desc": "SideQuest is a place to get virtual reality applications for Oculus Quest. The SideQuest desktop application uses deep links with a custom protocol (`sidequest://`) to trigger actions in the application from its web contents. Because, prior to version 0.10.35, the deep link URLs were not sanitized properly in all cases, a one-click remote code execution can be achieved in cases when a device is connected, the user is presented with a malicious link and clicks it from within the application. As of version 0.10.35, the custom protocol links within the electron application are now being parsed and sanitized properly.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-32314", "desc": "Tenda AC500 V2.0.1.9(1307) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter.", "poc": ["https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC500/formexecommand_cmdi.md", "https://github.com/LaPhilosophie/IoT-vulnerable"]}, {"cve": "CVE-2024-4388", "desc": "This does not validate a path generated with user input when downloading files, allowing unauthenticated user to download arbitrary files from the server", "poc": ["https://wpscan.com/vulnerability/5c791747-f60a-40a7-94fd-e4b9bb5ea2b0/"]}, {"cve": "CVE-2024-36587", "desc": "Insecure permissions in DNSCrypt-proxy v2.0.0alpha9 to v2.1.5 allows non-privileged attackers to escalate privileges to root via overwriting the binary dnscrypt-proxy.", "poc": ["https://github.com/go-compile/security-advisories"]}, {"cve": "CVE-2024-0701", "desc": "The UserPro plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 5.1.6. This is due to the use of client-side restrictions to enforce the 'Disabled registration' Membership feature within the plugin's General settings. This makes it possible for unauthenticated attackers to register an account even when account registration has been disabled by an administrator.", "poc": ["https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681"]}, {"cve": "CVE-2024-3874", "desc": "A vulnerability was found in Tenda W20E 15.11.0.6. It has been declared as critical. This vulnerability affects the function formSetRemoteWebManage of the file /goform/SetRemoteWebManage. The manipulation of the argument remoteIP leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260908. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W20E/formSetRemoteWebManage.md", "https://github.com/LaPhilosophie/IoT-vulnerable"]}, {"cve": "CVE-2024-41466", "desc": "Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the page parameter at ip/goform/NatStaticSetting.", "poc": ["https://github.com/iotresearch/iot-vuln/blob/main/Tenda/FH1201/NatStaticSetting/README.md", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-20049", "desc": "In flashc, there is a possible information disclosure due to an uncaught exception. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541765; Issue ID: ALPS08541765.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-27905", "desc": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Aurora.An endpoint exposing internals to unauthenticated users can be used as a \"padding oracle\" allowing an anonymous attacker to construct a valid authentication cookie. Potentially this could be combined with vulnerabilities in other components to achieve remote code execution.As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.NOTE: This vulnerability only affects products that are no longer supported by the maintainer.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-3631", "desc": "The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF check when unlinking twitter accounts, which could allow attackers to make logged in admins perform such actions via a CSRF attack", "poc": ["https://wpscan.com/vulnerability/c59a8b49-6f3e-452b-ba9b-50b80c522ee9/"]}, {"cve": "CVE-2024-2496", "desc": "A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. This issue can occur when detaching a host interface while at the same time collecting the list of interfaces via virConnectListAllInterfaces API. This flaw could be used to perform a denial of service attack by causing the libvirt daemon to crash.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-1103", "desc": "A vulnerability was found in CodeAstro Real Estate Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file profile.php of the component Feedback Form. The manipulation of the argument Your Feedback with the input leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252458 is the identifier assigned to this vulnerability.", "poc": ["https://docs.google.com/document/d/18M55HRrxHQ9Jhph6CwWF-d5epAKtOSHt/edit?usp=drive_link&ouid=105609487033659389545&rtpof=true&sd=true"]}, {"cve": "CVE-2024-0170", "desc": "Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cava utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-25731", "desc": "The Elink Smart eSmartCam (com.cn.dq.ipc) application 2.1.5 for Android contains hardcoded AES encryption keys that can be extracted from a binary file. Thus, encryption can be defeated by an attacker who can observe packet data (e.g., over Wi-Fi).", "poc": ["https://github.com/actuator/com.cn.dq.ipc", "https://github.com/actuator/cve", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-26920", "desc": "In the Linux kernel, the following vulnerability has been resolved:tracing/trigger: Fix to return error if failed to alloc snapshotFix register_snapshot_trigger() to return error code if it failed toallocate a snapshot instead of 0 (success). Unless that, it will registersnapshot trigger without an error.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-25578", "desc": "MicroDicom DICOM Viewer versions 2023.3 (Build 9342) and prior contain a lack of proper validation of user-supplied data, which could result in memory corruption within the application.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-23284", "desc": "A logic issue was addressed with improved state management. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-7160", "desc": "A vulnerability classified as critical has been found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Affected is the function setWanCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-272574 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3700R/setWanCfg.md", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-33217", "desc": "Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the page parameter in ip/goform/addressNat.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-35012", "desc": "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoType_deal.php?mudi=add&nohrefStr=close.", "poc": ["https://github.com/Thirtypenny77/cms/blob/main/7.md", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-1859", "desc": "The Slider Responsive Slideshow \u2013 Image slider, Gallery slideshow plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8 via deserialization of untrusted input to the awl_slider_responsive_shortcode function. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-0967", "desc": "A potential vulnerability has been identified in OpenText / Micro Focus ArcSight Enterprise Security Manager (ESM). The vulnerability could be remotely exploited.", "poc": ["https://github.com/Oxdestiny/CVE-2024-0967-exploit", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-5898", "desc": "A vulnerability was found in itsourcecode Payroll Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file print_payroll.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-268142 is the identifier assigned to this vulnerability.", "poc": ["https://github.com/guiyxli/cve/issues/1"]}, {"cve": "CVE-2024-30883", "desc": "Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the aspectRatio parameter in the image cropping function.", "poc": ["https://github.com/jianyan74/rageframe2/issues/114"]}, {"cve": "CVE-2024-32876", "desc": "NewPipe is an Android app for video streaming written in Java. It supports exporting and importing backups, as a way to let users move their data to a new device effortlessly. However, in versions 0.13.4 through 0.26.1, importing a backup file from an untrusted source could have resulted in Arbitrary Code Execution. This is because backups are serialized/deserialized using Java's Object Serialization Stream Protocol, which can allow constructing any class in the app, unless properly restricted.To exploit this vulnerability, an attacker would need to build a backup file containing the exploit, and then persuade a user into importing it. During the import process, the malicious code would be executed, possibly crashing the app, stealing user data from the NewPipe app, performing nasty actions through Android APIs, and attempting Android JVM/Sandbox escapes through vulnerabilities in the Android OS.The attack can take place only if the user imports a malicious backup file, so an attacker would need to trick a user into importing a backup file from a source they can control. The implementation details of the malicious backup file can be independent of the attacked user or the device they are being run on, and do not require additional privileges.All NewPipe versions from 0.13.4 to 0.26.1 are vulnerable. NewPipe version 0.27.0 fixes the issue by doing the following: Restrict the classes that can be deserialized when calling Java's Object Serialization Stream Protocol, by adding a whitelist with only innocuous data-only classes that can't lead to Arbitrary Code Execution; deprecate backups serialized with Java's Object Serialization Stream Protocol; use JSON serialization for all newly created backups (but still include an alternative file serialized with Java's Object Serialization Stream Protocol in the backup zip for backwards compatibility); show a warning to the user when attempting to import a backup where the only available serialization mode is Java's Object Serialization Stream Protocol (note that in the future this serialization mode will be removed completely).", "poc": ["https://github.com/TeamNewPipe/NewPipe/security/advisories/GHSA-wxrm-jhpf-vp6v"]}, {"cve": "CVE-2024-26182", "desc": "Windows Kernel Elevation of Privilege Vulnerability", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-4730", "desc": "A vulnerability classified as problematic has been found in Campcodes Legal Case Management System 1.0. Affected is an unknown function of the file /admin/judge. The manipulation of the argument judge_name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263808.", "poc": ["https://github.com/yylmm/CVE/blob/main/Legal%20Case%20Management%20System/xss_admin_judge.md"]}, {"cve": "CVE-2024-7490", "desc": "** UNSUPPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Microchip Techology Advanced Software Framework example DHCP server can cause remote code execution through a buffer overflow. This vulnerability is associated with program files tinydhcpserver.C and program routines lwip_dhcp_find_option.This issue affects Advanced Software Framework: through 3.52.0.2574.ASF is no longer being supported. Apply provided workaround or migrate to an actively maintained framework.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-3843", "desc": "Insufficient data validation in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-25450", "desc": "imlib2 v1.9.1 was discovered to mishandle memory allocation in the function init_imlib_fonts().", "poc": ["https://github.com/derf/feh/issues/712", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-42234", "desc": "In the Linux kernel, the following vulnerability has been resolved:mm: fix crashes from deferred split racing folio migrationEven on 6.10-rc6, I've been seeing elusive \"Bad page state\"s (often onflags when freeing, yet the flags shown are not bad: PG_locked had beenset and cleared??), and VM_BUG_ON_PAGE(page_ref_count(page) == 0)s fromdeferred_split_scan()'s folio_put(), and a variety of other BUG and WARNsymptoms implying double free by deferred split and large folio migration.6.7 commit 9bcef5973e31 (\"mm: memcg: fix split queue list crash when largefolio migration\") was right to fix the memcg-dependent locking broken in85ce2c517ade (\"memcontrol: only transfer the memcg data for migration\"),but missed a subtlety of deferred_split_scan(): it moves folios to its ownlocal list to work on them without split_queue_lock, during which timefolio->_deferred_list is not empty, but even the \"right\" lock does nothingto secure the folio and the list it is on.Fortunately, deferred_split_scan() is careful to use folio_try_get(): sofolio_migrate_mapping() can avoid the race by folio_undo_large_rmappable()while the old folio's reference count is temporarily frozen to 0 - addingsuch a freeze in the !mapping case too (originally, folio lock andunmapping and no swap cache left an anon folio unreachable, so no freezingwas needed there: but the deferred split queue offers a way to reach it).", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4900", "desc": "The SEOPress WordPress plugin before 7.8 does not validate and escape one of its Post settings, which could allow contributor and above role to perform Open redirect attacks against any user viewing a malicious post", "poc": ["https://wpscan.com/vulnerability/a56ad272-e2ed-4064-9b5d-114a834dd8b3/"]}, {"cve": "CVE-2024-2474", "desc": "The Standout Color Boxes and Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'color-button' shortcode in all versions up to, and including, 0.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-2628", "desc": "Inappropriate implementation in Downloads in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted URL. (Chromium security severity: Medium)", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-23215", "desc": "An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to access user-sensitive data.", "poc": ["https://github.com/eeenvik1/scripts_for_YouTrack"]}, {"cve": "CVE-2024-3385", "desc": "A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online.This affects the following hardware firewall models:- PA-5400 Series firewalls- PA-7000 Series firewalls", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-21002", "desc": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 2.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).", "poc": ["https://www.oracle.com/security-alerts/cpuapr2024.html"]}, {"cve": "CVE-2024-21014", "desc": "Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Simphony. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "poc": ["https://www.oracle.com/security-alerts/cpuapr2024.html"]}, {"cve": "CVE-2024-20012", "desc": "In keyInstall, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08358566; Issue ID: ALPS08358566.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-26262", "desc": "EBM Technologies Uniweb/SoliPACS WebServer's query functionality lacks proper restrictions of user input, allowing remote attackers authenticated as regular user to inject SQL commands for reading, modifying, and deleting database records, as well as executing system commands. Attackers may even leverage the dbo privilege in the database for privilege escalation, elevating their privileges to administrator .", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-7212", "desc": "A vulnerability, which was classified as critical, has been found in TOTOLINK A7000R 9.1.0u.6268_B20220504. This issue affects the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272783. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A7000R/loginauth_password.md", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-24564", "desc": "Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. When using the built-in `extract32(b, start)`, if the `start` index provided has for side effect to update `b`, the byte array to extract `32` bytes from, it could be that some dirty memory is read and returned by `extract32`. This vulnerability affects 0.3.10 and earlier versions.", "poc": ["https://github.com/vyperlang/vyper/security/advisories/GHSA-4hwq-4cpm-8vmx"]}, {"cve": "CVE-2024-0630", "desc": "The WP RSS Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the RSS feed source in all versions up to, and including, 4.23.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-25111", "desc": "Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP Chunked decoder due to an uncontrolled recursion bug. This problem allows a remote attacker to cause Denial of Service when sending a crafted, chunked, encoded HTTP Message. This bug is fixed in Squid version 6.8. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. There is no workaround for this issue.", "poc": ["https://github.com/MegaManSec/Squid-Security-Audit"]}, {"cve": "CVE-2024-4297", "desc": "The system configuration interface of HGiga iSherlock (including MailSherlock, SpamSherlock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability to download arbitrary system files.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-25648", "desc": "A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a ComboBox widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.", "poc": ["https://talosintelligence.com/vulnerability_reports/TALOS-2024-1959", "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1959", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-5475", "desc": "The Responsive video embed WordPress plugin before 0.5.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.", "poc": ["https://wpscan.com/vulnerability/cee66543-b5d6-4205-8f9b-0febd7fee445/"]}, {"cve": "CVE-2024-38997", "desc": "adolph_dudu ratio-swiper v0.0.2 was discovered to contain a prototype pollution via the function extendDefaults. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.", "poc": ["https://gist.github.com/mestrtee/840f5d160aab4151bd0451cfb822e6b5"]}, {"cve": "CVE-2024-39943", "desc": "rejetto HFS (aka HTTP File Server) 3 before 0.52.10 on Linux, UNIX, and macOS allows OS command execution by remote authenticated users (if they have Upload permissions). This occurs because a shell is used to execute df (i.e., with execSync instead of spawnSync in child_process in Node.js).", "poc": ["https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/wy876/POC"]}, {"cve": "CVE-2024-33688", "desc": "Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes Teluro.This issue affects Teluro: from n/a through 1.0.31.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-24092", "desc": "SQL Injection vulnerability in Code-projects.org Scholars Tracking System 1.0 allows attackers to run arbitrary code via login.php.", "poc": ["https://github.com/ASR511-OO7/CVE-2024-24092", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-6408", "desc": "The Slider by 10Web WordPress plugin before 1.2.57 does not sanitise and escape its Slider Title, which could allow high privilege users such as editors and above to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed", "poc": ["https://wpscan.com/vulnerability/31aaeffb-a752-4941-9d0f-1b374fbc7abb/"]}, {"cve": "CVE-2024-0270", "desc": "A vulnerability, which was classified as critical, was found in Kashipara Food Management System up to 1.0. This affects an unknown part of the file item_list_submit.php. The manipulation of the argument item_name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249825 was assigned to this vulnerability.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-2276", "desc": "A vulnerability has been found in Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /Venue_controller/edit_venue/ of the component Edit Venue Page. The manipulation of the argument Venue map leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256045 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/Srivishnu-p/CVEs-and-Vulnerabilities"]}, {"cve": "CVE-2024-1845", "desc": "The VikRentCar Car Rental Management System WordPress plugin before 1.3.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks", "poc": ["https://wpscan.com/vulnerability/a8d7b564-36e0-4f05-9b49-1b441f453d0a/", "https://github.com/20142995/nuclei-templates"]}, {"cve": "CVE-2024-3358", "desc": "A vulnerability classified as problematic was found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument to leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259462 is the identifier assigned to this vulnerability.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4149", "desc": "The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button WordPress plugin before 3.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).", "poc": ["https://wpscan.com/vulnerability/0256ec2a-f1a9-4110-9978-ee88f9e24237/"]}, {"cve": "CVE-2024-29877", "desc": "Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through\u00a0 /sentrifugo/index.php/expenses/expensecategories/edit, 'expense_category_name' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-26521", "desc": "HTML Injection vulnerability in CE Phoenix v1.0.8.20 and before allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted payload to the english.php component.", "poc": ["https://github.com/capture0x/Phoenix", "https://github.com/hackervegas001/CVE-2024-26521", "https://github.com/hackervegas001/CVE-2024-26521", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-22233", "desc": "In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC * Spring Security 6.1.6+ or 6.2.1+ is on the classpathTypically, Spring Boot applications need the org.springframework.boot:spring-boot-starter-web\u00a0and org.springframework.boot:spring-boot-starter-security\u00a0dependencies to meet all conditions.", "poc": ["https://github.com/Ostorlab/KEV", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/hinat0y/Dataset1", "https://github.com/hinat0y/Dataset10", "https://github.com/hinat0y/Dataset11", "https://github.com/hinat0y/Dataset12", "https://github.com/hinat0y/Dataset2", "https://github.com/hinat0y/Dataset3", "https://github.com/hinat0y/Dataset4", "https://github.com/hinat0y/Dataset5", "https://github.com/hinat0y/Dataset6", "https://github.com/hinat0y/Dataset7", "https://github.com/hinat0y/Dataset8", "https://github.com/hinat0y/Dataset9", "https://github.com/muneebaashiq/MBProjects", "https://github.com/tanjiti/sec_profile"]}, {"cve": "CVE-2024-21434", "desc": "Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-25938", "desc": "A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Barcode widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.", "poc": ["https://talosintelligence.com/vulnerability_reports/TALOS-2024-1958", "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1958", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-3483", "desc": "Remote CodeExecution has been discovered inOpenText\u2122 iManager 3.2.6.0200.\u00a0The vulnerability cantrigger command injection and insecure deserialization issues.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-28232", "desc": "Go package IceWhaleTech/CasaOS-UserService provides user management functionalities to CasaOS. The Casa OS Login page has disclosed the username enumeration vulnerability in the login page which was patched in version 0.4.7. This issue in CVE-2024-28232 has been patched in version 0.4.8 but that version has not yet been uploaded to Go's package manager.", "poc": ["https://github.com/IceWhaleTech/CasaOS-UserService/security/advisories/GHSA-hcw2-2r9c-gc6p", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-38394", "desc": "** DISPUTED ** Mismatches in interpreting USB authorization policy between GNOME Settings Daemon (GSD) through 46.0 and the Linux kernel's underlying device matching logic allow a physically proximate attacker to access some unintended Linux kernel USB functionality, such as USB device-specific kernel modules and filesystem implementations. NOTE: the GSD supplier indicates that consideration of a mitigation for this within GSD would be in the context of \"a new feature, not a CVE.\"", "poc": ["https://gitlab.gnome.org/GNOME/gnome-settings-daemon/-/issues/780", "https://gitlab.gnome.org/GNOME/gnome-settings-daemon/-/issues/780#note_2047914", "https://pulsesecurity.co.nz/advisories/usbguard-bypass"]}, {"cve": "CVE-2024-23052", "desc": "An issue in WuKongOpenSource WukongCRM v.72crm_9.0.1_20191202 allows a remote attacker to execute arbitrary code via the parseObject() function in the fastjson component.", "poc": ["https://github.com/WuKongOpenSource/WukongCRM-9.0-JAVA/issues/28", "https://github.com/wjlin0/poc-doc", "https://github.com/wy876/POC", "https://github.com/wy876/wiki"]}, {"cve": "CVE-2024-28242", "desc": "Discourse is an open source platform for community discussion. In affected versions an attacker can learn that secret categories exist when they have backgrounds set. The issue is patched in the latest stable, beta and tests-passed version of Discourse. Users are advised to upgrade. Users unable to upgrade should temporarily remove category backgrounds.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/kip93/kip93"]}, {"cve": "CVE-2024-36967", "desc": "In the Linux kernel, the following vulnerability has been resolved:KEYS: trusted: Fix memory leak in tpm2_key_encode()'scratch' is never freed. Fix this by calling kfree() in the success, andin the error case.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-7267", "desc": "Exposure of Sensitive Information\u00a0vulnerability in Naukowa i Akademicka Sie\u0107 Komputerowa - Pa\u0144stwowy Instytut Badawczy EZD RP allows logged-in user to retrieve information about IP infrastructure and credentials.\u00a0This issue affects EZD RP all versions before 19.6", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-30585", "desc": "Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the saveParentControlInfo function.", "poc": ["https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/saveParentControlInfo_deviceId.md", "https://github.com/LaPhilosophie/IoT-vulnerable", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-29504", "desc": "Cross Site Scripting vulnerability in Summernote v.0.8.18 and before allows a remote attacker to execute arbtirary code via a crafted payload to the codeview parameter.", "poc": ["https://github.com/summernote/summernote/pull/3782"]}, {"cve": "CVE-2024-2843", "desc": "The WooCommerce Customers Manager WordPress plugin before 30.1 does not have CSRF checks in some places, which could allow attackers to make logged in admin users delete users via CSRF attacks", "poc": ["https://wpscan.com/vulnerability/fec4e077-4c4e-4618-bfe8-61fdba59b696/"]}, {"cve": "CVE-2024-35841", "desc": "In the Linux kernel, the following vulnerability has been resolved:net: tls, fix WARNIING in __sk_msg_freeA splice with MSG_SPLICE_PAGES will cause tls code to use thetls_sw_sendmsg_splice path in the TLS sendmsg code to move the userprovided pages from the msg into the msg_pl. This will loop over themsg until msg_pl is full, checked by sk_msg_full(msg_pl). The usercan also set the MORE flag to hint stack to delay sending until receivingmore pages and ideally a full buffer.If the user adds more pages to the msg than can fit in the msg_plscatterlist (MAX_MSG_FRAGS) we should ignore the MORE flag and sendthe buffer anyways.What actually happens though is we abort the msg to msg_pl scatterlistsetup and then because we forget to set 'full record' indicating wecan no longer consume data without a send we fallthrough to the 'continue'path which will check if msg_data_left(msg) has more bytes to send andthen attempts to fit them in the already full msg_pl. Then nextiteration of sender doing send will encounter a full msg_pl and throwthe warning in the syzbot report.To fix simply check if we have a full_record in splice code path andif not send the msg regardless of MORE flag.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-33957", "desc": "SQL injection vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in 'id' in '/admin/orders/controller.php' parameter", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-1223", "desc": "This vulnerability potentially allows unauthorized enumeration of information from the embedded device APIs. An attacker must already have existing knowledge of some combination of valid usernames, device names and an internal system key. For such an attack to be successful the system must be in a specific runtime state.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-34460", "desc": "The Tree Explorer tool from Organizer in Zenario before 9.5.60602 is affected by XSS. (This component was removed in 9.5.60602.)", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-1785", "desc": "The Contests by Rewards Fuel plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.62. This is due to missing or incorrect nonce validation on the ajax_handler() function. This makes it possible for unauthenticated attackers to update the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site's user with the edit_posts capability into performing an action such as clicking on a link.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-32743", "desc": "A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SITE LANGUAGE CONFIG parameter under the Security module.", "poc": ["https://github.com/adiapera/xss_security_wondercms_3.4.3", "https://github.com/adiapera/xss_security_wondercms_3.4.3"]}, {"cve": "CVE-2024-30681", "desc": "** DISPUTED ** An OS command injection vulnerability has been discovered in ROS2 Iron Irwini version ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the command processing or system call components in ROS2. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/yashpatelphd/CVE-2024-30681"]}, {"cve": "CVE-2024-30602", "desc": "Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the schedStartTime parameter of the setSchedWifi function.", "poc": ["https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/setSchedWifi_start.md", "https://github.com/LaPhilosophie/IoT-vulnerable", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-5032", "desc": "The SULly WordPress plugin before 4.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin", "poc": ["https://wpscan.com/vulnerability/4bb92693-23b3-4250-baee-af38b7e615e0/"]}, {"cve": "CVE-2024-23448", "desc": "An issue was discovered whereby APM Server could log at ERROR level, a response from Elasticsearch indicating that indexing the document failed and that response would contain parts of the original document. Depending on the nature of the document that the APM Server attempted to ingest, this could lead to the insertion of sensitive or private information in the APM Server logs.", "poc": ["https://www.elastic.co/community/security", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-34760", "desc": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPBlockart Magazine Blocks allows Stored XSS.This issue affects Magazine Blocks: from n/a through 1.3.6.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-28699", "desc": "A buffer overflow vulnerability in pdf2json v0.70 allows a local attacker to execute arbitrary code via the GString::copy() and ImgOutputDev::ImgOutputDev function.", "poc": ["https://github.com/flexpaper/pdf2json/issues/52", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-5765", "desc": "The WpStickyBar WordPress plugin through 2.1.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection", "poc": ["https://wpscan.com/vulnerability/0b73f84c-611e-4681-b362-35e721478ba4/"]}, {"cve": "CVE-2024-24574", "desc": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\\phpmyfaq\\admin\\attachments.php leads to allowed execution of JavaScript code in client side (XSS). This vulnerability has been patched in version 3.2.5.", "poc": ["https://github.com/thorsten/phpMyFAQ/pull/2827", "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7m8g-fprr-47fx"]}, {"cve": "CVE-2024-21451", "desc": "Microsoft ODBC Driver Remote Code Execution Vulnerability", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-6158", "desc": "The Category Posts Widget WordPress plugin before 4.9.17, term-and-category-based-posts-widget WordPress plugin before 4.9.13 does not validate and escape some of its \"Category Posts\" widget settings before outputting them back in a page/post where the Widget is embed, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "poc": ["https://wpscan.com/vulnerability/8adb219f-f0a6-4e87-8626-db26e300c220/"]}, {"cve": "CVE-2024-22097", "desc": "A double-free vulnerability exists in the BrainVision Header Parsing functionality of The Biosig Project libbiosig Master Branch (ab0ee111) and 2.5.0. A specially crafted .vdhr file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-24808", "desc": "pyLoad is an open-source Download Manager written in pure Python. There is an open redirect vulnerability due to incorrect validation of input values when redirecting users after login. pyLoad is validating URLs via the `get_redirect_url` function when redirecting users at login. This vulnerability has been patched with commit fe94451.", "poc": ["https://github.com/pyload/pyload/security/advisories/GHSA-g3cm-qg2v-2hj5", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-24147", "desc": "A memory leak issue discovered in parseSWF_FILLSTYLEARRAY in libming v0.4.8 allows attackers to cause s denial of service via a crafted SWF file.", "poc": ["https://github.com/libming/libming/issues/311"]}, {"cve": "CVE-2024-4111", "desc": "A vulnerability was found in Tenda TX9 22.03.02.10. It has been rated as critical. Affected by this issue is the function sub_42BD7C of the file /goform/SetLEDCfg. The manipulation of the argument time leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-261854 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/TX9/SetLEDCfg.md", "https://github.com/LaPhilosophie/IoT-vulnerable", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-28192", "desc": "your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version <1.8.0 is vulnerable to NoSQL injection in the public access token processing logic. Attackers can fully bypass the public token authentication mechanism, regardless if a public token has been generated before or not, without any user interaction or prerequisite knowledge. This vulnerability allows an attacker to fully bypass the public token authentication mechanism, regardless if a public token has been generated before or not, without any user interaction or prerequisite knowledge. This issue has been addressed in version 1.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "poc": ["https://github.com/Yooooomi/your_spotify/security/advisories/GHSA-c8wf-wcjc-2pvm", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-33978", "desc": "Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session cookie details via 'category' parameter in '/index.php'.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-1117", "desc": "A vulnerability was found in openBI up to 1.0.8. It has been declared as critical. Affected by this vulnerability is the function index of the file /application/index/controller/Screen.php. The manipulation of the argument fileurl leads to code injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252475.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-3525", "desc": "A vulnerability, which was classified as problematic, was found in Campcodes Online Event Management System 1.0. Affected is an unknown function of the file /views/index.php. The manipulation of the argument msg leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259896.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-25227", "desc": "SQL Injection vulnerability in ABO.CMS version 5.8, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), escalate privileges, and obtain sensitive information via the tb_login parameter in admin login page.", "poc": ["https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/thetrueartist/ABO.CMS-EXPLOIT-Unauthenticated-Login-Bypass-CVE-2024-25227", "https://github.com/thetrueartist/ABO.CMS-Login-SQLi-CVE-2024-25227"]}, {"cve": "CVE-2024-0736", "desc": "A vulnerability classified as problematic has been found in EFS Easy File Sharing FTP 3.6. This affects an unknown part of the component Login. The manipulation of the argument password leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251559.", "poc": ["https://0day.today/exploit/39249"]}, {"cve": "CVE-2024-1035", "desc": "A vulnerability has been found in openBI up to 1.0.8 and classified as critical. This vulnerability affects the function uploadIcon of the file /application/index/controller/Icon.php. The manipulation of the argument image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252310 is the identifier assigned to this vulnerability.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-21115", "desc": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).", "poc": ["https://www.oracle.com/security-alerts/cpuapr2024.html"]}, {"cve": "CVE-2024-4886", "desc": "The contains an IDOR vulnerability that allows a user to comment on a private post by manipulating the ID included in the request", "poc": ["https://wpscan.com/vulnerability/76e8591f-120c-4cd7-b9a2-79f8d4d98aa8/"]}, {"cve": "CVE-2024-1478", "desc": "The Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.0 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page content via API thus bypassing the content protection provided by the plugin.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-21336", "desc": "Microsoft Edge (Chromium-based) Spoofing Vulnerability", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-25312", "desc": "Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'id' parameter at \"School/sub_delete.php?id=5.\"", "poc": ["https://github.com/tubakvgc/CVEs/blob/main/Simple%20School%20Management%20System/Simple%20School%20Managment%20System%20-%20SQL%20Injection%20-5.md", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/tubakvgc/CVEs"]}, {"cve": "CVE-2024-20691", "desc": "Windows Themes Information Disclosure Vulnerability", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-25933", "desc": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pepro Dev. Group PeproDev Ultimate Invoice.This issue affects PeproDev Ultimate Invoice: from n/a through 1.9.7.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-3293", "desc": "The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to blind SQL Injection via the rtmedia_gallery shortcode in all versions up to, and including, 4.6.18 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/tanjiti/sec_profile", "https://github.com/truonghuuphuc/CVE-2024-3293-Poc"]}, {"cve": "CVE-2024-37624", "desc": "Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the /chajian/inputChajian.php. component.", "poc": ["https://github.com/rainrocka/xinhu/issues/6"]}, {"cve": "CVE-2024-38395", "desc": "In iTerm2 before 3.5.2, the \"Terminal may report window title\" setting is not honored, and thus remote code execution might occur but \"is not trivially exploitable.\"", "poc": ["http://www.openwall.com/lists/oss-security/2024/06/17/1", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-7007", "desc": "Positron Broadcast Signal Processor TRA7005 v1.20 is vulnerable to an authentication bypass exploit that could allow an attacker to have unauthorized access to protected areas of the application.", "poc": ["https://www.cisa.gov/news-events/ics-advisories/icsa-24-207-02"]}, {"cve": "CVE-2024-22212", "desc": "Nextcloud Global Site Selector is a tool which allows you to run multiple small Nextcloud instances and redirect users to the right server. A problem in the password verification method allows an attacker to authenticate as another user. It is recommended that the Nextcloud Global Site Selector is upgraded to version 1.4.1, 2.1.2, 2.3.4 or 2.4.5. There are no known workarounds for this issue.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4652", "desc": "A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/show_teacher2.php. The manipulation of the argument month leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263496.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-24840", "desc": "Missing Authorization vulnerability in BdThemes Element Pack Elementor Addons.This issue affects Element Pack Elementor Addons: from n/a through 5.4.11.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-21815", "desc": "Insufficiently protected credentials (CWE-522) for third party DVR integrations to the Command Centre Server are accessible to authenticated but unprivileged users. This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6), \u00a0all version of 8.60 and prior.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-21475", "desc": "Memory corruption when the payload received from firmware is not as per the expected protocol size.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-27518", "desc": "An issue in SUPERAntiSyware Professional X 10.0.1262 and 10.0.1264 allows unprivileged attackers to escalate privileges via a restore of a crafted DLL file into the C:\\Program Files\\SUPERAntiSpyware folder.", "poc": ["https://github.com/secunnix/CVE-2024-27518", "https://www.youtube.com/watch?v=FM5XlZPdvdo", "https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/secunnix/CVE-2024-27518"]}, {"cve": "CVE-2024-28069", "desc": "A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct an information disclosure attack due to improper configuration. A successful exploit could allow an attacker to access sensitive information and potentially conduct unauthorized actions within the vulnerable component.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-39206", "desc": "An issue discovered in MSP360 Backup Agent v7.8.5.15 and v7.9.4.84 allows attackers to obtain network share credentials used in a backup due to enginesettings.list being encrypted with a hard coded key.", "poc": ["https://www.proactivelabs.com.au/2024/06/19/cloudberry.html"]}, {"cve": "CVE-2024-26305", "desc": "There is a buffer overflow vulnerability in the underlying Utility daemon that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.", "poc": ["https://github.com/Roud-Roud-Agency/CVE-2024-26304-RCE-exploits", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-2779", "desc": "A vulnerability was found in Campcodes Online Marriage Registration System 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/application-bwdates-reports-details.php. The manipulation of the argument fromdate leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257613 was assigned to this vulnerability.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-30710", "desc": "** DISPUTED ** An issue was discovered in ROS2 Dashing Diademata in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, where the system transmits messages in plaintext. This flaw exposes sensitive information, making it vulnerable to man-in-the-middle (MitM) attacks, and allowing attackers to easily intercept and access this data. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/yashpatelphd/CVE-2024-30710"]}, {"cve": "CVE-2024-24565", "desc": "CrateDB is a distributed SQL database that makes it simple to store and analyze massive amounts of data in real-time. There is a COPY FROM function in the CrateDB database that is used to import file data into database tables. This function has a flaw, and authenticated attackers can use the COPY FROM function to import arbitrary file content into database tables, resulting in information leakage. This vulnerability is patched in 5.3.9, 5.4.8, 5.5.4, and 5.6.1.", "poc": ["https://github.com/crate/crate/security/advisories/GHSA-475g-vj6c-xf96"]}, {"cve": "CVE-2024-3000", "desc": "A vulnerability classified as critical was found in code-projects Online Book System 1.0. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument username/password/login_username/login_password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258202 is the identifier assigned to this vulnerability.", "poc": ["https://github.com/BurakSevben/CVEs/blob/main/Online%20Book%20System/Online%20Book%20System%20-%20Authentication%20Bypass.md", "https://vuldb.com/?id.258202", "https://github.com/FoxyProxys/CVE-2024-3000", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-23875", "desc": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stockissuancedisplay.php, in the issuanceno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4883", "desc": "In WhatsUp Gold versions released before 2023.1.3, a Remote Code Execution issue exists in Progress WhatsUp Gold. This vulnerability allows an unauthenticated attacker to achieve the RCE as a service account through NmApi.exe.", "poc": ["https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-24133", "desc": "** UNSUPPORTED WHEN ASSIGNED ** Atmail v6.6.0 was discovered to contain a SQL injection vulnerability via the username parameter on the login page.", "poc": ["https://github.com/Hebing123/cve/issues/16", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-3472", "desc": "The Modal Window WordPress plugin before 5.3.10 does not have CSRF check in place when bulk deleting modals, which could allow attackers to make a logged in admin delete them via a CSRF attack", "poc": ["https://wpscan.com/vulnerability/d42f74dd-520f-40aa-9cf0-3544db9562c7/"]}, {"cve": "CVE-2024-21491", "desc": "Versions of the package svix before 1.17.0 are vulnerable to Authentication Bypass due to an issue in the verify function where signatures of different lengths are incorrectly compared. An attacker can bypass signature verification by providing a shorter signature that matches the beginning of the actual signature.\n**Note:**\nThe attacker would need to know a victim uses the Rust library for verification,no easy way to automatically check that; and uses webhooks by a service that uses Svix, and then figure out a way to craft a malicious payload that will actually include all of the correct identifiers needed to trick the receivers to cause actual issues.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-29454", "desc": "** DISPUTED ** An issue discovered in packages or nodes in ROS2 Humble Hawksbill with ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows attackers to execute arbitrary commands potentially leading to unauthorized system control, data breaches, system and network compromise, and operational disruption. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "poc": ["https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/yashpatelphd/CVE-2024-29454"]}, {"cve": "CVE-2024-23291", "desc": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. A malicious app may be able to observe user data in log entries related to accessibility notifications.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-30628", "desc": "Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the page parameter from fromAddressNat function.", "poc": ["https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/fromAddressNat_page.md", "https://github.com/LaPhilosophie/IoT-vulnerable"]}, {"cve": "CVE-2024-32287", "desc": "Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the qos parameter in the fromqossetting function.", "poc": ["https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W30E/fromqossetting.md", "https://github.com/LaPhilosophie/IoT-vulnerable"]}, {"cve": "CVE-2024-7081", "desc": "A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file expcatadd.php. The manipulation of the argument title leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-272366 is the identifier assigned to this vulnerability.", "poc": ["https://github.com/zgg012/cve/issues/1", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-20754", "desc": "Lightroom Desktop versions 7.1.2 and earlier are affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. If the application uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-2051", "desc": "CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists thatcould cause account takeover and unauthorized access to the system when an attackerconducts brute-force attacks against the login form.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-2688", "desc": "The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the EmbedPress document widget in all versions up to, and including, 3.9.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-3838", "desc": "Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed an attacker who convinced a user to install a malicious app to perform UI spoofing via a crafted app. (Chromium security severity: Medium)", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-25801", "desc": "SKINsoft S-Museum 7.02.3 allows XSS via the filename of an uploaded file. Unlike in CVE-2024-25802, the attack payload is in the name (not the content) of a file.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-21025", "desc": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "poc": ["https://www.oracle.com/security-alerts/cpuapr2024.html"]}, {"cve": "CVE-2024-21583", "desc": "Versions of the package github.com/gitpod-io/gitpod/components/server/go/pkg/lib before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/components/ws-proxy/pkg/proxy before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/install/installer/pkg/components/auth before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/install/installer/pkg/components/public-api-server before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/install/installer/pkg/components/server before main-gha.27122; versions of the package @gitpod/gitpod-protocol before 0.1.5-main-gha.27122 are vulnerable to Cookie Tossing due to a missing __Host- prefix on the _gitpod_io_jwt2_ session cookie. This allows an adversary who controls a subdomain to set the value of the cookie on the Gitpod control plane, which can be assigned to an attacker\u2019s own JWT so that specific actions taken by the victim (such as connecting a new Github organization) are actioned by the attackers session.", "poc": ["https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGITPODIOGITPODCOMPONENTSSERVERGOPKGLIB-7452074", "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGITPODIOGITPODCOMPONENTSWSPROXYPKGPROXY-7452075", "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGITPODIOGITPODINSTALLINSTALLERPKGCOMPONENTSAUTH-7452076", "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGITPODIOGITPODINSTALLINSTALLERPKGCOMPONENTSPUBLICAPISERVER-7452077", "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGITPODIOGITPODINSTALLINSTALLERPKGCOMPONENTSSERVER-7452078", "https://security.snyk.io/vuln/SNYK-JS-GITPODGITPODPROTOCOL-7452079"]}, {"cve": "CVE-2024-42399", "desc": "Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-30663", "desc": "** DISPUTED ** An issue was discovered in the default configurations of ROS (Robot Operating System) Melodic Morenia in ROS_VERSION 1 and ROS_PYTHON_VERSION 3. This vulnerability allows unauthenticated attackers to gain access using default credentials, posing a serious threat to the integrity and security of the system. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "poc": ["https://github.com/yashpatelphd/CVE-2024-30663"]}, {"cve": "CVE-2024-26625", "desc": "In the Linux kernel, the following vulnerability has been resolved:llc: call sock_orphan() at release timesyzbot reported an interesting trace [1] caused by a stale sk->sk_wqpointer in a closed llc socket.In commit ff7b11aa481f (\"net: socket: set sock->sk to NULL aftercalling proto_ops::release()\") Eric Biggers hinted that some protocolsare missing a sock_orphan(), we need to perform a full audit.In net-next, I plan to clear sock->sk from sock_orphan() andamend Eric patch to add a warning.[1] BUG: KASAN: slab-use-after-free in list_empty include/linux/list.h:373 [inline] BUG: KASAN: slab-use-after-free in waitqueue_active include/linux/wait.h:127 [inline] BUG: KASAN: slab-use-after-free in sock_def_write_space_wfree net/core/sock.c:3384 [inline] BUG: KASAN: slab-use-after-free in sock_wfree+0x9a8/0x9d0 net/core/sock.c:2468Read of size 8 at addr ffff88802f4fc880 by task ksoftirqd/1/27CPU: 1 PID: 27 Comm: ksoftirqd/1 Not tainted 6.8.0-rc1-syzkaller-00049-g6098d87eaf31 #0Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd9/0x1b0 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:377 [inline] print_report+0xc4/0x620 mm/kasan/report.c:488 kasan_report+0xda/0x110 mm/kasan/report.c:601 list_empty include/linux/list.h:373 [inline] waitqueue_active include/linux/wait.h:127 [inline] sock_def_write_space_wfree net/core/sock.c:3384 [inline] sock_wfree+0x9a8/0x9d0 net/core/sock.c:2468 skb_release_head_state+0xa3/0x2b0 net/core/skbuff.c:1080 skb_release_all net/core/skbuff.c:1092 [inline] napi_consume_skb+0x119/0x2b0 net/core/skbuff.c:1404 e1000_unmap_and_free_tx_resource+0x144/0x200 drivers/net/ethernet/intel/e1000/e1000_main.c:1970 e1000_clean_tx_irq drivers/net/ethernet/intel/e1000/e1000_main.c:3860 [inline] e1000_clean+0x4a1/0x26e0 drivers/net/ethernet/intel/e1000/e1000_main.c:3801 __napi_poll.constprop.0+0xb4/0x540 net/core/dev.c:6576 napi_poll net/core/dev.c:6645 [inline] net_rx_action+0x956/0xe90 net/core/dev.c:6778 __do_softirq+0x21a/0x8de kernel/softirq.c:553 run_ksoftirqd kernel/softirq.c:921 [inline] run_ksoftirqd+0x31/0x60 kernel/softirq.c:913 smpboot_thread_fn+0x660/0xa10 kernel/smpboot.c:164 kthread+0x2c6/0x3a0 kernel/kthread.c:388 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242 Allocated by task 5167: kasan_save_stack+0x33/0x50 mm/kasan/common.c:47 kasan_save_track+0x14/0x30 mm/kasan/common.c:68 unpoison_slab_object mm/kasan/common.c:314 [inline] __kasan_slab_alloc+0x81/0x90 mm/kasan/common.c:340 kasan_slab_alloc include/linux/kasan.h:201 [inline] slab_post_alloc_hook mm/slub.c:3813 [inline] slab_alloc_node mm/slub.c:3860 [inline] kmem_cache_alloc_lru+0x142/0x6f0 mm/slub.c:3879 alloc_inode_sb include/linux/fs.h:3019 [inline] sock_alloc_inode+0x25/0x1c0 net/socket.c:308 alloc_inode+0x5d/0x220 fs/inode.c:260 new_inode_pseudo+0x16/0x80 fs/inode.c:1005 sock_alloc+0x40/0x270 net/socket.c:634 __sock_create+0xbc/0x800 net/socket.c:1535 sock_create net/socket.c:1622 [inline] __sys_socket_create net/socket.c:1659 [inline] __sys_socket+0x14c/0x260 net/socket.c:1706 __do_sys_socket net/socket.c:1720 [inline] __se_sys_socket net/socket.c:1718 [inline] __x64_sys_socket+0x72/0xb0 net/socket.c:1718 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xd3/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6bFreed by task 0: kasan_save_stack+0x33/0x50 mm/kasan/common.c:47 kasan_save_track+0x14/0x30 mm/kasan/common.c:68 kasan_save_free_info+0x3f/0x60 mm/kasan/generic.c:640 poison_slab_object mm/kasan/common.c:241 [inline] __kasan_slab_free+0x121/0x1b0 mm/kasan/common.c:257 kasan_slab_free include/linux/kasan.h:184 [inline] slab_free_hook mm/slub.c:2121 [inlin---truncated---", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-28849", "desc": "follow-redirects is an open source, drop-in replacement for Node's `http` and `https` modules that automatically follows redirects. In affected versions follow-redirects only clears authorization header during cross-domain redirect, but keep the proxy-authentication header which contains credentials too. This vulnerability may lead to credentials leak, but has been addressed in version 1.15.6. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "poc": ["https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp", "https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/nics-tw/sbom2vans"]}, {"cve": "CVE-2024-0279", "desc": "A vulnerability, which was classified as critical, was found in Kashipara Food Management System up to 1.0. Affected is an unknown function of the file item_list_edit.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249834 is the identifier assigned to this vulnerability.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-27229", "desc": "In ss_SendCallBarringPwdRequiredIndMsg of ss_CallBarring.c, there is a possible null pointer deref due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-22370", "desc": "In JetBrains YouTrack before 2023.3.22666 stored XSS via markdown was possible", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-3221", "desc": "A vulnerability classified as critical was found in SourceCodester PHP Task Management System 1.0. This vulnerability affects unknown code of the file attendance-info.php. The manipulation of the argument user_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259066 is the identifier assigned to this vulnerability.", "poc": ["https://vuldb.com/?id.259066"]}, {"cve": "CVE-2024-26294", "desc": "Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.", "poc": ["https://github.com/kaje11/CVEs"]}, {"cve": "CVE-2024-42242", "desc": "In the Linux kernel, the following vulnerability has been resolved:mmc: sdhci: Fix max_seg_size for 64KiB PAGE_SIZEblk_queue_max_segment_size() ensured:\tif (max_size < PAGE_SIZE)\t\tmax_size = PAGE_SIZE;whereas:blk_validate_limits() makes it an error:\tif (WARN_ON_ONCE(lim->max_segment_size < PAGE_SIZE))\t\treturn -EINVAL;The change from one to the other, exposed sdhci which was setting maximumsegment size too low in some circumstances.Fix the maximum segment size when it is too low.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-5033", "desc": "The SULly WordPress plugin before 4.3.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack", "poc": ["https://wpscan.com/vulnerability/dd42765a-1300-453f-9835-6e646c87e496/"]}, {"cve": "CVE-2024-7581", "desc": "A vulnerability classified as critical has been found in Tenda A301 15.13.08.12. This affects the function formWifiBasicSet of the file /goform/WifiBasicSet. The manipulation of the argument security leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/BeaCox/IoT_vuln/tree/main/tenda/A301/WifiBasicSet_bof", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4699", "desc": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DAR-8000-10 up to 20230922. This issue affects some unknown processing of the file /importhtml.php. The manipulation of the argument sql leads to deserialization. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-263747. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.", "poc": ["https://github.com/I-Schnee-I/cev/blob/main/D-LINK-DAR-8000-10_rce_importhtml.md"]}, {"cve": "CVE-2024-0831", "desc": "Vault and Vault Enterprise (\u201cVault\u201d) may expose sensitive information when enabling an audit device which specifies the `log_raw` option, which may log sensitive information to other audit devices, regardless of whether they are configured to use `log_raw`.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-28436", "desc": "Cross Site Scripting vulnerability in D-Link DAP products DAP-2230, DAP-2310, DAP-2330, DAP-2360, DAP-2553, DAP-2590, DAP-2690, DAP-2695, DAP-3520, DAP-3662 allows a remote attacker to execute arbitrary code via the reload parameter in the session_login.php component.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/securitycipher/daily-bugbounty-writeups"]}, {"cve": "CVE-2024-0880", "desc": "A vulnerability was found in Qidianbang qdbcrm 1.1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /user/edit?id=2 of the component Password Reset. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252032. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://vuldb.com/?id.252032"]}, {"cve": "CVE-2024-3897", "desc": "The Popup Box \u2013 Best WordPress Popup Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_pb_create_author AJAX action in all versions up to, and including, 4.3.6. This makes it possible for unauthenticated attackers to enumerate all emails registered on the website.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-28004", "desc": "Missing Authorization vulnerability in ExtendThemes Colibri Page Builder.This issue affects Colibri Page Builder: from n/a through 1.0.248.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-34209", "desc": "TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setIpPortFilterRules function.", "poc": ["https://github.com/n0wstr/IOTVuln/tree/main/CP450/setIpPortFilterRules"]}, {"cve": "CVE-2024-25980", "desc": "Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. By default this only provided additional access to non-editing teachers.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-26105", "desc": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-3210", "desc": "The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content \u2013 ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'reg-single-checkbox' shortcode in all versions up to, and including, 4.15.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-30491", "desc": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8.", "poc": ["https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/truonghuuphuc/CVE-2024-30491-Poc"]}, {"cve": "CVE-2024-28547", "desc": "Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the firewallEn parameter of formSetFirewallCfg function.", "poc": ["https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/formSetFirewallCfg.md", "https://github.com/LaPhilosophie/IoT-vulnerable", "https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/helloyhrr/IoT_vulnerability"]}, {"cve": "CVE-2024-5009", "desc": "In WhatsUp Gold versions released before 2023.1.3,\u00a0an Improper Access Control vulnerability in Wug.UI.Controllers.InstallController.SetAdminPassword allows local attackers to modify admin's password.", "poc": ["https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-29229", "desc": "Missing authorization vulnerability in GetLiveViewPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors.", "poc": ["https://github.com/LOURC0D3/ENVY-gitbook", "https://github.com/LOURC0D3/LOURC0D3"]}, {"cve": "CVE-2024-1861", "desc": "The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the antihacker_truncate_scan_table() function in all versions up to, and including, 4.52. This makes it possible for authenticated attackers, with subscriber-level access and above, to truncate the scan table.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-7439", "desc": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Vivotek CC8160 VVTK-0100d and classified as critical. Affected by this issue is the function read of the component httpd. The manipulation of the argument Content-Length leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273524. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the affected release tree is end-of-life.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-2943", "desc": "A vulnerability has been found in Campcodes Online Examination System 1.0 and classified as critical. This vulnerability affects unknown code of the file /adminpanel/admin/query/deleteExamExe.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258034 is the identifier assigned to this vulnerability.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-3641", "desc": "The Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some parameters, which could allow unauthenticated visitors to perform Cross-Site Scripting attacks against admins", "poc": ["https://wpscan.com/vulnerability/f4047f1e-d5ea-425f-8def-76dd5e6a497e/"]}, {"cve": "CVE-2024-34312", "desc": "Virtual Programming Lab for Moodle up to v4.2.3 was discovered to contain a cross-site scripting (XSS) vulnerability via the component vplide.js.", "poc": ["https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-4433", "desc": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mr Digital Simple Image Popup allows Stored XSS.This issue affects Simple Image Popup: from n/a through 2.4.0.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-23633", "desc": "Label Studio, an open source data labeling tool had a remote import feature allowed users to import data from a remote web source, that was downloaded and could be viewed on the website. Prior to version 1.10.1, this feature could had been abused to download a HTML file that executed malicious JavaScript code in the context of the Label Studio website. Executing arbitrary JavaScript could result in an attacker performing malicious actions on Label Studio users if they visit the crafted avatar image. For an example, an attacker can craft a JavaScript payload that adds a new Django Super Administrator user if a Django administrator visits the image.`data_import/uploader.py` lines 125C5 through 146 showed that if a URL passed the server side request forgery verification checks, the contents of the file would be downloaded using the filename in the URL. The downloaded file path could then be retrieved by sending a request to `/api/projects/{project_id}/file-uploads?ids=[{download_id}]` where `{project_id}` was the ID of the project and `{download_id}` was the ID of the downloaded file. Once the downloaded file path was retrieved by the previous API endpoint, `data_import/api.py`lines 595C1 through 616C62 demonstrated that the `Content-Type` of the response was determined by the file extension, since `mimetypes.guess_type` guesses the `Content-Type` based on the file extension. Since the `Content-Type` was determined by the file extension of the downloaded file, an attacker could import in a `.html` file that would execute JavaScript when visited.Version 1.10.1 contains a patch for this issue. Other remediation strategies are also available. For all user provided files that are downloaded by Label Studio, set the `Content-Security-Policy: sandbox;` response header when viewed on the site. The `sandbox` directive restricts a page's actions to prevent popups, execution of plugins and scripts and enforces a `same-origin` policy. Alternatively, restrict the allowed file extensions that may be downloaded.", "poc": ["https://github.com/HumanSignal/label-studio/security/advisories/GHSA-fq23-g58m-799r"]}, {"cve": "CVE-2024-3845", "desc": "Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass mixed content policy via a crafted HTML page. (Chromium security severity: Low)", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-2465", "desc": "Open redirection vulnerability in CDeX application\u00a0allows to redirect users to arbitrary websites via a specially crafted URL.This issue affects CDeX application versions through 5.7.1.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-5644", "desc": "The Tournamatch WordPress plugin before 4.6.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "poc": ["https://wpscan.com/vulnerability/afe14c7a-95b2-4d3f-901a-e53ecef70d49/"]}, {"cve": "CVE-2024-3142", "desc": "A vulnerability was found in Clavister E10 and E80 up to 14.00.10 and classified as problematic. This issue affects some unknown processing of the component Setting Handler. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 14.00.11 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-258917 was assigned to this vulnerability.", "poc": ["https://github.com/strik3r0x1/Vulns/blob/main/CSRF_Clavister-E80,E10.md"]}, {"cve": "CVE-2024-1022", "desc": "A vulnerability, which was classified as problematic, was found in CodeAstro Simple Student Result Management System 5.6. This affects an unknown part of the file /add_classes.php of the component Add Class Page. The manipulation of the argument Class Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252291.", "poc": ["https://drive.google.com/file/d/1lPZ1yL9UlU-uB03xz17q4OR9338X_1am/view?usp=sharing"]}, {"cve": "CVE-2024-5280", "desc": "The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make non-logged in users execute an XSS payload via a CSRF attack", "poc": ["https://wpscan.com/vulnerability/bbc214ba-4e97-4b3a-a21b-2931a9e36973/"]}, {"cve": "CVE-2024-3977", "desc": "The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "poc": ["https://wpscan.com/vulnerability/25851386-eccf-49cb-afbf-c25286c9b19e/"]}, {"cve": "CVE-2024-24329", "desc": "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setPortForwardRules function.", "poc": ["https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/10/TOTOlink%20A3300R%20setPortForwardRules.md"]}, {"cve": "CVE-2024-4735", "desc": "A vulnerability has been found in Campcodes Legal Case Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/tasks. The manipulation of the argument task_subject leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263821 was assigned to this vulnerability.", "poc": ["https://github.com/yylmm/CVE/blob/main/Legal%20Case%20Management%20System/xss_admin_tasks.md"]}, {"cve": "CVE-2024-29469", "desc": "A stored cross-site scripting (XSS) vulnerability in OneBlog v2.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category List parameter under the Lab module.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-33673", "desc": "An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. Improper access controls allow for DLL Hijacking in the Windows DLL Search path.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-2863", "desc": "This vulnerability allows remote attackers to traverse paths via file upload on the affected LG LED Assistant.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-32394", "desc": "An issue in ruijie.com/cn RG-RSR10-01G-T(WA)-S RSR_3.0(1)B9P2_RSR10-01G-TW-S_07150910 and RG-RSR10-01G-T(WA)-S RSR_3.0(1)B9P2_RSR10-01G-TW-S_07150910 allows a remote attacker to execute arbitrary code via a crafted HTTP request.", "poc": ["https://gist.github.com/Swind1er/7aad5c28e5bdc91d73fa7489b7250c94"]}, {"cve": "CVE-2024-28054", "desc": "Amavis before 2.12.3 and 2.13.x before 2.13.1, in part because of its use of MIME-tools, has an Interpretation Conflict (relative to some mail user agents) when there are multiple boundary parameters in a MIME email message. Consequently, there can be an incorrect check for banned files or malware.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-20021", "desc": "In atf spm, there is a possible way to remap physical memory to virtual memory due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08584568; Issue ID: MSV-1249.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-3914", "desc": "Use after free in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/leesh3288/leesh3288"]}, {"cve": "CVE-2024-22317", "desc": "IBM App Connect Enterprise 11.0.0.1 through 11.0.0.24 and 12.0.1.0 through 12.0.11.0 could allow a remote attacker to obtain sensitive information or cause a denial of service due to improper restriction of excessive authentication attempts. IBM X-Force ID: 279143.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-0295", "desc": "A vulnerability, which was classified as critical, was found in Totolink LR1200GB 9.1.0u.6619_B20230130. This affects the function setWanCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249861 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4399", "desc": "The does not validate a parameter before making a request to it, which could allow unauthenticated users to perform SSRF attack", "poc": ["https://wpscan.com/vulnerability/0690327e-da60-4d71-8b3c-ac9533d82302/"]}, {"cve": "CVE-2024-25655", "desc": "Insecure storage of LDAP passwords in the authentication functionality of AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS allows members (with read access to the application database) to decrypt the LDAP passwords of users who successfully authenticate to web management via LDAP.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-22774", "desc": "An issue in Panoramic Corporation Digital Imaging Software v.9.1.2.7600 allows a local attacker to escalate privileges via the ccsservice.exe component.", "poc": ["https://github.com/Gray-0men/CVE-2024-22774", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-0891", "desc": "A vulnerability was found in hongmaple octopus 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument description with the input leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-252043.", "poc": ["https://github.com/biantaibao/octopus_XSS/blob/main/report.md", "https://vuldb.com/?id.252043"]}, {"cve": "CVE-2024-30633", "desc": "Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the security parameter from the formWifiBasicSet function.", "poc": ["https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/formWifiBasicSet_security.md", "https://github.com/LaPhilosophie/IoT-vulnerable"]}, {"cve": "CVE-2024-27569", "desc": "LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the init_nvram function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.", "poc": ["https://github.com/cvdyfbwa/IoT_LBT_Router/blob/main/init_nvram.md", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-21483", "desc": "A vulnerability has been identified in SENTRON 7KM PAC3120 AC/DC (7KM3120-0BA01-1DA0) (All versions >= V3.2.3 < V3.3.0 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3120 DC (7KM3120-1BA01-1EA0) (All versions >= V3.2.3 < V3.3.0 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3220 AC/DC (7KM3220-0BA01-1DA0) (All versions >= V3.2.3 < V3.3.0 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3220 DC (7KM3220-1BA01-1EA0) (All versions >= V3.2.3 < V3.3.0 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)). The read out protection of the internal flash of affected devices was not properly set at the end of the manufacturing process.\nAn attacker with physical access to the device could read out the data.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-2258", "desc": "The Form Maker by 10Web \u2013 Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name autofilled into forms in all versions up to, and including, 1.15.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-22140", "desc": "Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-21386", "desc": ".NET Denial of Service Vulnerability", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4291", "desc": "A vulnerability was found in Tenda A301 15.13.08.12_multi_TDE01. It has been rated as critical. This issue affects the function formAddMacfilterRule of the file /goform/setBlackRule. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-262223. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/L1ziang/Vulnerability/blob/main/formAddMacfilterRule.md"]}, {"cve": "CVE-2024-4744", "desc": "Missing Authorization vulnerability in Avirtum iPages Flipbook.This issue affects iPages Flipbook: from n/a through 1.5.1.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-24696", "desc": "Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-33692", "desc": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Satrya Smart Recent Posts Widget allows Stored XSS.This issue affects Smart Recent Posts Widget: from n/a through 1.0.3.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-40726", "desc": "A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-ports/{id}/edit/.", "poc": ["https://github.com/minhquan202/Vuln-Netbox"]}, {"cve": "CVE-2024-21082", "desc": "Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in takeover of Oracle BI Publisher. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "poc": ["https://www.oracle.com/security-alerts/cpuapr2024.html"]}, {"cve": "CVE-2024-21492", "desc": "All versions of the package github.com/greenpau/caddy-security are vulnerable to Insufficient Session Expiration due to improper user session invalidation upon clicking the \"Sign Out\" button. User sessions remain valid even after requests are sent to /logout and /oauth2/google/logout. Attackers who gain access to an active but supposedly logged-out session can perform unauthorized actions on behalf of the user.", "poc": ["https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/trailofbits/publications"]}, {"cve": "CVE-2024-22857", "desc": "Heap based buffer flow in zlog v1.1.0 to v1.2.17 in zlog_rule_new().The size of record_name is MAXLEN_PATH(1024) + 1 but file_path may have data upto MAXLEN_CFG_LINE(MAXLEN_PATH*4) + 1. So a check was missing in zlog_rule_new() while copying the record_name from file_path + 1 which caused the buffer overflow. An attacker can exploit this vulnerability to overwrite the zlog_record_fn record_func function pointer to get arbitrary code execution or potentially cause remote code execution (RCE).", "poc": ["https://www.ebryx.com/blogs/arbitrary-code-execution-in-zlog-cve-2024-22857", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-2283", "desc": "A vulnerability classified as critical has been found in boyiddha Automated-Mess-Management-System 1.0. Affected is an unknown function of the file /member/view.php. The manipulation of the argument date leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-256050 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/boyiddha%20utomated-Mess-Management-System/SQL%20Injection%20member-view.php%20.md", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-2592", "desc": "Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/person/pic_show.php, in the 'person_id' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-26268", "desc": "User enumeration vulnerability in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 8, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to determine if an account exist in the application by comparing the request's response time.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-0931", "desc": "A vulnerability classified as critical was found in Tenda AC10U 15.03.06.49_multi_TDE01. This vulnerability affects the function saveParentControlInfo. The manipulation of the argument deviceId/time/urls leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252136. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/saveParentControlInfo_1.md", "https://vuldb.com/?id.252136", "https://github.com/yaoyue123/iot"]}, {"cve": "CVE-2024-29660", "desc": "Cross Site Scripting vulnerability in DedeCMS v.5.7 allows a local attacker to execute arbitrary code via a crafted payload to the stepselect_main.php component.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-21032", "desc": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "poc": ["https://www.oracle.com/security-alerts/cpuapr2024.html"]}, {"cve": "CVE-2024-34722", "desc": "In smp_proc_rand of smp_act.cc, there is a possible authentication bypass during legacy BLE pairing due to incorrect implementation of a protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "poc": ["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/456f705b9acc78d8184536baff3d21b0bc11c957"]}, {"cve": "CVE-2024-0534", "desc": "A vulnerability classified as critical has been found in Tenda A15 15.13.07.13. Affected is an unknown function of the file /goform/SetOnlineDevName of the component Web-based Management Interface. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250704. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/yaoyue123/iot/blob/main/Tenda/A15/SetOnlineDevName.mac.md", "https://github.com/yaoyue123/iot"]}, {"cve": "CVE-2024-1187", "desc": "A vulnerability, which was classified as problematic, has been found in Munsoft Easy Outlook Express Recovery 2.0. This issue affects some unknown processing of the component Registration Key Handler. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-252677 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://fitoxs.com/vuldb/13-exploit-perl.txt"]}, {"cve": "CVE-2024-3487", "desc": "Broken Authentication vulnerability discovered in OpenText\u2122 iManager 3.2.6.0200.\u00a0Thisvulnerability allows an attacker to manipulate certain parameters to bypassauthentication.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-25713", "desc": "yyjson through 0.8.0 has a double free, leading to remote code execution in some cases, because the pool_free function lacks loop checks. (pool_free is part of the pool series allocator, along with pool_malloc and pool_realloc.)", "poc": ["https://github.com/ibireme/yyjson/security/advisories/GHSA-q4m7-9pcm-fpxh", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-39655", "desc": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LiquidPoll LiquidPoll \u2013 Advanced Polls for Creators and Brands.This issue affects LiquidPoll \u2013 Advanced Polls for Creators and Brands: from n/a through 3.3.77.", "poc": ["https://github.com/20142995/nuclei-templates"]}, {"cve": "CVE-2024-1899", "desc": "An issue in the anchors subparser of Showdownjs versions <= 2.1.0 could allow a remote attacker to cause denial of service conditions.", "poc": ["https://www.tenable.com/security/research/tra-2024-05"]}, {"cve": "CVE-2024-21516", "desc": "This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the directory parameter of admin common/filemanager.list route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted to login and redirected again upon authentication with the payload automatically executing. If the attacked user has admin privileges, this vulnerability could be used as the start of a chain of exploits like Zip Slip or arbitrary file write vulnerabilities in the admin functionality.\n**Notes:**\n1) This is only exploitable if the attacker knows the name or path of the admin directory. The name of the directory is \"admin\" by default but there is a pop-up in the dashboard warning users to rename it.\n2) The fix for this vulnerability is incomplete. The redirect is removed so that it is not possible for an attacker to control the redirect post admin login anymore, but it is still possible to exploit this issue in admin if the user is authenticated as an admin already.", "poc": ["https://security.snyk.io/vuln/SNYK-PHP-OPENCARTOPENCART-7266576"]}, {"cve": "CVE-2024-23305", "desc": "An out-of-bounds write vulnerability exists in the BrainVisionMarker Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .vmrk file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-1971", "desc": "A vulnerability has been found in Surya2Developer Online Shopping System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file login.php of the component POST Parameter Handler. The manipulation of the argument password with the input nochizplz'+or+1%3d1+limit+1%23 leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255127.", "poc": ["https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/Surya2Developer%20Online_shopping_-system/SQL%20Injection%20Auth.md"]}, {"cve": "CVE-2024-26750", "desc": "In the Linux kernel, the following vulnerability has been resolved:af_unix: Drop oob_skb ref before purging queue in GC.syzbot reported another task hung in __unix_gc(). [0]The current while loop assumes that all of the left candidateshave oob_skb and calling kfree_skb(oob_skb) releases the remainingcandidates.However, I missed a case that oob_skb has self-referencing fd andanother fd and the latter sk is placed before the former in thecandidate list. Then, the while loop never proceeds, resultingthe task hung.__unix_gc() has the same loop just before purging the collected skb,so we can call kfree_skb(oob_skb) there and let __skb_queue_purge()release all inflight sockets.[0]:Sending NMI from CPU 0 to CPUs 1:NMI backtrace for cpu 1CPU: 1 PID: 2784 Comm: kworker/u4:8 Not tainted 6.8.0-rc4-syzkaller-01028-g71b605d32017 #0Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024Workqueue: events_unbound __unix_gcRIP: 0010:__sanitizer_cov_trace_pc+0x0/0x70 kernel/kcov.c:200Code: 89 fb e8 23 00 00 00 48 8b 3d 84 f5 1a 0c 48 89 de 5b e9 43 26 57 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1e fa 48 8b 04 24 65 48 8b 0d 90 52 70 7e 65 8b 15 91 52 70RSP: 0018:ffffc9000a17fa78 EFLAGS: 00000287RAX: ffffffff8a0a6108 RBX: ffff88802b6c2640 RCX: ffff88802c0b3b80RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000RBP: ffffc9000a17fbf0 R08: ffffffff89383f1d R09: 1ffff1100ee5ff84R10: dffffc0000000000 R11: ffffed100ee5ff85 R12: 1ffff110056d84eeR13: ffffc9000a17fae0 R14: 0000000000000000 R15: ffffffff8f47b840FS: 0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033CR2: 00007ffef5687ff8 CR3: 0000000029b34000 CR4: 00000000003506f0DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400Call Trace: __unix_gc+0xe69/0xf40 net/unix/garbage.c:343 process_one_work kernel/workqueue.c:2633 [inline] process_scheduled_works+0x913/0x1420 kernel/workqueue.c:2706 worker_thread+0xa5f/0x1000 kernel/workqueue.c:2787 kthread+0x2ef/0x390 kernel/kthread.c:388 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1b/0x30 arch/x86/entry/entry_64.S:242 ", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-2603", "desc": "The Salon booking system WordPress plugin through 9.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin (or editor depending on Salon booking system WordPress plugin through 9.6.5 configuration) to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "poc": ["https://wpscan.com/vulnerability/b4186c03-99ee-4297-85c0-83b7053afc1c/", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-3512", "desc": "** REJECT ** **DUPLICATE*** Please use CVE-2024-2583 instead.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-30631", "desc": "Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the schedStartTime parameter from setSchedWifi function.", "poc": ["https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/setSchedWifi_start.md", "https://github.com/LaPhilosophie/IoT-vulnerable"]}, {"cve": "CVE-2024-30592", "desc": "Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the page parameter of the fromAddressNat function.", "poc": ["https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/fromAddressNat_page.md", "https://github.com/LaPhilosophie/IoT-vulnerable", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-40627", "desc": "Fastapi OPA is an opensource fastapi middleware which includes auth flow. HTTP `OPTIONS` requests are always allowed by `OpaMiddleware`, even when they lack authentication, and are passed through directly to the application. `OpaMiddleware` allows all HTTP `OPTIONS` requests without evaluating it against any policy. If an application provides different responses to HTTP `OPTIONS` requests based on an entity existing (such as to indicate whether an entity is writable on a system level), an unauthenticated attacker could discover which entities exist within an application. This issue has been addressed in release version 2.0.1. All users are advised to upgrade. There are no known workarounds for this vulnerability.", "poc": ["https://github.com/busykoala/fastapi-opa/security/advisories/GHSA-5f5c-8rvc-j8wf"]}, {"cve": "CVE-2024-27757", "desc": "flusity CMS through 2.45 allows tools/addons_model.php Gallery Name XSS. The reporter indicates that this product \"ceased its development as of February 2024.\"", "poc": ["https://github.com/jubilianite/flusity-CMS/security/advisories/GHSA-5843-5m74-7fqh", "https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-2677", "desc": "A vulnerability has been found in Campcodes Online Job Finder System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/category/controller.php. The manipulation of the argument CATEGORYID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257377 was assigned to this vulnerability.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-0853", "desc": "curl inadvertently kept the SSL session ID for connections in its cache even when the verify status (*OCSP stapling*) test failed. A subsequent transfer tothe same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/paulgibert/gryft"]}, {"cve": "CVE-2024-31420", "desc": "A NULL pointer dereference flaw was found in KubeVirt. This flaw allows an attacker who has access to a virtual machine guest on a node with DownwardMetrics enabled to cause a denial of service by issuing a high number of calls to vm-dump-metrics --virtio and then deleting the virtual machine.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-29116", "desc": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IconicWP WooThumbs for WooCommerce by Iconic allows Reflected XSS.This issue affects WooThumbs for WooCommerce by Iconic: from n/a through 5.5.3.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-24579", "desc": "stereoscope is a go library for processing container images and simulating a squash filesystem. Prior to version 0.0.1, it is possible to craft an OCI tar archive that, when stereoscope attempts to unarchive the contents, will result in writing to paths outside of the unarchive temporary directory. Specifically, use of `github.com/anchore/stereoscope/pkg/file.UntarToDirectory()` function, the `github.com/anchore/stereoscope/pkg/image/oci.TarballImageProvider` struct, or the higher level `github.com/anchore/stereoscope/pkg/image.Image.Read()` function express this vulnerability. As a workaround, if you are using the OCI archive as input into stereoscope then you can switch to using an OCI layout by unarchiving the tar archive and provide the unarchived directory to stereoscope.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-27225", "desc": "In sendHciCommand of bluetooth_hci.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4920", "desc": "A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file registerH.php. The manipulation of the argument ima leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264455.", "poc": ["https://github.com/CveSecLook/cve/issues/27"]}, {"cve": "CVE-2024-1263", "desc": "A vulnerability, which was classified as critical, was found in Juanpao JPShop up to 1.5.02. Affected is the function actionUpdate of the file /api/controllers/merchant/shop/PosterController.php of the component API. The manipulation of the argument pic_url leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-253002 is the identifier assigned to this vulnerability.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-30088", "desc": "Windows Kernel Elevation of Privilege Vulnerability", "poc": ["https://github.com/0xsyr0/OSCP", "https://github.com/GhostTroops/TOP", "https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/tanjiti/sec_profile", "https://github.com/youcannotseemeagain/ele"]}, {"cve": "CVE-2024-25645", "desc": "Under certain condition\u00a0SAP\u00a0NetWeaver (Enterprise Portal) - version 7.50\u00a0allows an attacker to access information which would otherwise be restricted causing low impact on confidentiality of the application and with no impact on Integrity and Availability of the application.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-37621", "desc": "StrongShop v1.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the component /shippingOptionConfig/index.blade.php.", "poc": ["https://github.com/Hebing123/cve/issues/47"]}, {"cve": "CVE-2024-2574", "desc": "A vulnerability classified as critical was found in SourceCodester Employee Task Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit-task.php. The manipulation of the argument task_id leads to authorization bypass. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257077 was assigned to this vulnerability.", "poc": ["https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Employee%20Task%20Management%20System/IDOR%20-%20edit-task.php.md", "https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-27235", "desc": "In plugin_extern_func of , there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4758", "desc": "The Muslim Prayer Time BD WordPress plugin through 2.4 does not have CSRF check in place when reseting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack", "poc": ["https://wpscan.com/vulnerability/64ec57a5-35d8-4c69-bdba-096c2245a0db/"]}, {"cve": "CVE-2024-35737", "desc": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Loopus WP Visitors Tracker allows Reflected XSS.This issue affects WP Visitors Tracker: from n/a through 2.3.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-29889", "desc": "GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability in the saved searches feature to alter another user account data take control of it. This vulnerability is fixed in 10.0.15.", "poc": ["https://github.com/PhDLeToanThang/itil-helpdesk", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-22041", "desc": "A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions), Cerberus PRO EN Fire Panel FC72x IP6 (All versions), Cerberus PRO EN Fire Panel FC72x IP7 (All versions), Cerberus PRO EN Fire Panel FC72x IP8 (All versions < IP8 SR4), Cerberus PRO EN X200 Cloud Distribution IP7 (All versions), Cerberus PRO EN X200 Cloud Distribution IP8 (All versions < V4.3.5618), Cerberus PRO EN X300 Cloud Distribution IP7 (All versions), Cerberus PRO EN X300 Cloud Distribution IP8 (All versions < V4.3.5617), Cerberus PRO UL Compact Panel FC922/924 (All versions < MP4), Cerberus PRO UL Engineering Tool (All versions < MP4), Cerberus PRO UL X300 Cloud Distribution (All versions < V4.3.0001), Desigo Fire Safety UL Compact Panel FC2025/2050 (All versions < MP4), Desigo Fire Safety UL Engineering Tool (All versions < MP4), Desigo Fire Safety UL X300 Cloud Distribution (All versions < V4.3.0001), Sinteso FS20 EN Engineering Tool (All versions), Sinteso FS20 EN Fire Panel FC20 MP6 (All versions), Sinteso FS20 EN Fire Panel FC20 MP7 (All versions), Sinteso FS20 EN Fire Panel FC20 MP8 (All versions < MP8 SR4), Sinteso FS20 EN X200 Cloud Distribution MP7 (All versions), Sinteso FS20 EN X200 Cloud Distribution MP8 (All versions < V4.3.5618), Sinteso FS20 EN X300 Cloud Distribution MP7 (All versions), Sinteso FS20 EN X300 Cloud Distribution MP8 (All versions < V4.3.5617), Sinteso Mobile (All versions). The network communication library in affected systems improperly handles memory buffers when parsing X.509 certificates.\nThis could allow an unauthenticated remote attacker to crash the network service.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4913", "desc": "A vulnerability classified as critical was found in Campcodes Online Examination System 1.0. This vulnerability affects unknown code of the file exam.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264448.", "poc": ["https://github.com/yylmm/CVE/blob/main/Online%20Examination%20System%20With%20Timer/SQL_exam.md"]}, {"cve": "CVE-2024-41110", "desc": "Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low.Using a specially-crafted API request, an Engine API client could make the daemon forward the request or response to an authorization plugin without the body. In certain circumstances, the authorization plugin may allow a request which it would have otherwise denied if the body had been forwarded to it.A security issue was discovered In 2018, where an attacker could bypass AuthZ plugins using a specially crafted API request. This could lead to unauthorized actions, including privilege escalation. Although this issue was fixed in Docker Engine v18.09.1 in January 2019, the fix was not carried forward to later major versions, resulting in a regression. Anyone who depends on authorization plugins that introspect the request and/or response body to make access control decisions is potentially impacted.Docker EE v19.03.x and all versions of Mirantis Container Runtime are not vulnerable.docker-ce v27.1.1 containes patches to fix the vulnerability. Patches have also been merged into the master, 19.03, 20.0, 23.0, 24.0, 25.0, 26.0, and 26.1 release branches. If one is unable to upgrade immediately, avoid using AuthZ plugins and/or restrict access to the Docker API to trusted parties, following the principle of least privilege.", "poc": ["https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/tanjiti/sec_profile"]}, {"cve": "CVE-2024-34102", "desc": "Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.", "poc": ["https://github.com/Mr-xn/Penetration_Testing_POC", "https://github.com/Ostorlab/KEV", "https://github.com/f0ur0four/Insecure-Deserialization", "https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/redwaysecurity/CVEs"]}, {"cve": "CVE-2024-28097", "desc": "Calendar functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-27559", "desc": "Stupid Simple CMS v1.2.4 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /save_settings.php", "poc": ["https://github.com/kilooooo/cms/blob/main/1.md", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-33786", "desc": "An arbitrary file upload vulnerability in Zhongcheng Kexin Ticketing Management Platform 20.04 allows attackers to execute arbitrary code via uploading a crafted file.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-23888", "desc": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stocktransactionslist.php, in the itemidy parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-26881", "desc": "In the Linux kernel, the following vulnerability has been resolved:net: hns3: fix kernel crash when 1588 is received on HIP08 devicesThe HIP08 devices does not register the ptp devices, so thehdev->ptp is NULL, but the hardware can receive 1588 messages,and set the HNS3_RXD_TS_VLD_B bit, so, if match this case, theaccess of hdev->ptp->flags will cause a kernel crash:[ 5888.946472] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000018[ 5888.946475] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000018...[ 5889.266118] pc : hclge_ptp_get_rx_hwts+0x40/0x170 [hclge][ 5889.272612] lr : hclge_ptp_get_rx_hwts+0x34/0x170 [hclge][ 5889.279101] sp : ffff800012c3bc50[ 5889.283516] x29: ffff800012c3bc50 x28: ffff2040002be040[ 5889.289927] x27: ffff800009116484 x26: 0000000080007500[ 5889.296333] x25: 0000000000000000 x24: ffff204001c6f000[ 5889.302738] x23: ffff204144f53c00 x22: 0000000000000000[ 5889.309134] x21: 0000000000000000 x20: ffff204004220080[ 5889.315520] x19: ffff204144f53c00 x18: 0000000000000000[ 5889.321897] x17: 0000000000000000 x16: 0000000000000000[ 5889.328263] x15: 0000004000140ec8 x14: 0000000000000000[ 5889.334617] x13: 0000000000000000 x12: 00000000010011df[ 5889.340965] x11: bbfeff4d22000000 x10: 0000000000000000[ 5889.347303] x9 : ffff800009402124 x8 : 0200f78811dfbb4d[ 5889.353637] x7 : 2200000000191b01 x6 : ffff208002a7d480[ 5889.359959] x5 : 0000000000000000 x4 : 0000000000000000[ 5889.366271] x3 : 0000000000000000 x2 : 0000000000000000[ 5889.372567] x1 : 0000000000000000 x0 : ffff20400095c080[ 5889.378857] Call trace:[ 5889.382285] hclge_ptp_get_rx_hwts+0x40/0x170 [hclge][ 5889.388304] hns3_handle_bdinfo+0x324/0x410 [hns3][ 5889.394055] hns3_handle_rx_bd+0x60/0x150 [hns3][ 5889.399624] hns3_clean_rx_ring+0x84/0x170 [hns3][ 5889.405270] hns3_nic_common_poll+0xa8/0x220 [hns3][ 5889.411084] napi_poll+0xcc/0x264[ 5889.415329] net_rx_action+0xd4/0x21c[ 5889.419911] __do_softirq+0x130/0x358[ 5889.424484] irq_exit+0x134/0x154[ 5889.428700] __handle_domain_irq+0x88/0xf0[ 5889.433684] gic_handle_irq+0x78/0x2c0[ 5889.438319] el1_irq+0xb8/0x140[ 5889.442354] arch_cpu_idle+0x18/0x40[ 5889.446816] default_idle_call+0x5c/0x1c0[ 5889.451714] cpuidle_idle_call+0x174/0x1b0[ 5889.456692] do_idle+0xc8/0x160[ 5889.460717] cpu_startup_entry+0x30/0xfc[ 5889.465523] secondary_start_kernel+0x158/0x1ec[ 5889.470936] Code: 97ffab78 f9411c14 91408294 f9457284 (f9400c80)[ 5889.477950] SMP: stopping secondary CPUs[ 5890.514626] SMP: failed to stop secondary CPUs 0-69,71-95[ 5890.522951] Starting crashdump kernel...", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-28824", "desc": "Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-29039", "desc": "tpm2 is the source repository for the Trusted Platform Module (TPM2.0) tools. This vulnerability allows attackers to manipulate tpm2_checkquote outputs by altering the TPML_PCR_SELECTION in the PCR input file. As a result, digest values are incorrectly mapped to PCR slots and banks, providing a misleading picture of the TPM state. This issue has been patched in version 5.7.", "poc": ["https://github.com/tpm2-software/tpm2-tools/security/advisories/GHSA-8rjm-5f5f-h4q6"]}, {"cve": "CVE-2024-5772", "desc": "A vulnerability, which was classified as critical, has been found in Netentsec NS-ASG Application Security Gateway 6.3. This issue affects some unknown processing of the file /protocol/iscuser/deleteiscuser.php. The manipulation of the argument messagecontent leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-267455. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/charliecatsec/cve1/blob/main/NS-ASG-sql-deleteiscuser.md", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-3537", "desc": "A vulnerability was found in Campcodes Church Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/admin_user.php. The manipulation of the argument firstname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259907.", "poc": ["https://vuldb.com/?id.259907", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-28735", "desc": "Unit4 Financials by Coda versions prior to 2023Q4 suffer from an incorrect access control authorization bypass vulnerability which allows an authenticated user to modify the password of any user of the application via a crafted request.", "poc": ["https://packetstormsecurity.com/files/177620/Financials-By-Coda-Authorization-Bypass.html", "https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-22590", "desc": "The TLS engine in Kwik commit 745fd4e2 does not track the current state of the connection. This vulnerability can allow Client Hello messages to be overwritten at any time, including after a connection has been established.", "poc": ["https://github.com/QUICTester/QUICTester"]}, {"cve": "CVE-2024-3526", "desc": "A vulnerability has been found in Campcodes Online Event Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument msg leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259897 was assigned to this vulnerability.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-2460", "desc": "The GamiPress \u2013 Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gamipress_button' shortcode in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-22221", "desc": "Dell Unity, versions prior to 5.4, contains SQL Injection vulnerability. An authenticated attacker could potentially exploit this vulnerability, leading to exposure of sensitive information.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-6932", "desc": "A vulnerability was found in ClassCMS 4.5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/?action=home&do=shop:index&keyword=&kind=all. The manipulation of the argument order leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271987.", "poc": ["https://github.com/Hebing123/cve/issues/42"]}, {"cve": "CVE-2024-27085", "desc": "Discourse is an open source platform for community discussion. In affected versions users that are allowed to invite others can inject arbitrarily large data in parameters used in the invite route. The problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should disable invites or restrict access to them using the `invite allowed groups` site setting.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/kip93/kip93"]}, {"cve": "CVE-2024-4808", "desc": "A vulnerability, which was classified as critical, was found in Kashipara College Management System 1.0. Affected is an unknown function of the file delete_faculty.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263928.", "poc": ["https://vuldb.com/?id.263928", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-6366", "desc": "The User Profile Builder WordPress plugin before 3.11.8 does not have proper authorisation, allowing unauthenticated users to upload media files via the async upload functionality of WP.", "poc": ["https://wpscan.com/vulnerability/5b90cbdd-52cc-4e7b-bf39-bea0dd59e19e/", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-34341", "desc": "Trix is a rich text editor. The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from improper sanitization of pasted content, allowing an attacker to embed malicious scripts which are executed within the context of the application. Users should upgrade to Trix editor version 2.1.1 or later, which incorporates proper sanitization of input from copied content.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-38514", "desc": "NextChat is a cross-platform ChatGPT/Gemini UI. There is a Server-Side Request Forgery (SSRF) vulnerability due to a lack of validation of the `endpoint` GET parameter on the WebDav API endpoint. This SSRF can be used to perform arbitrary HTTPS request from the vulnerable instance (MKCOL, PUT and GET methods supported), or to target NextChat users and make them execute arbitrary JavaScript code in their browser. This vulnerability has been patched in version 2.12.4.", "poc": ["https://github.com/ChatGPTNextWeb/ChatGPT-Next-Web/security/advisories/GHSA-gph5-rx77-3pjg"]}, {"cve": "CVE-2024-30870", "desc": "netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/address_interpret.php.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-0597", "desc": "The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 12.3.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-24931", "desc": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in swadeshswain Before After Image Slider WP allows Stored XSS.This issue affects Before After Image Slider WP: from n/a through 2.2.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-2778", "desc": "A vulnerability was found in Campcodes Online Marriage Registration System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/search.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257612.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4133", "desc": "The ARMember \u2013 Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 4.0.30. This is due to insufficient validation on the redirect url supplied via the redirect_to parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-27351", "desc": "In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/ch4n3-yoon/ch4n3-yoon", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/mdisec/mdisec-twitch-yayinlari"]}, {"cve": "CVE-2024-2639", "desc": "A vulnerability was found in Bdtask Wholesale Inventory Management System up to 20240311. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to session fixiation. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257245 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-0959", "desc": "A vulnerability was found in StanfordVL GibsonEnv 0.3.1. It has been classified as critical. Affected is the function cloudpickle.load of the file gibson\\utils\\pposgd_fuse.py. The manipulation leads to deserialization. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252204.", "poc": ["https://github.com/bayuncao/bayuncao", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-20998", "desc": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "poc": ["https://www.oracle.com/security-alerts/cpuapr2024.html"]}, {"cve": "CVE-2024-29844", "desc": "Default credentials on the Web Interface of Evolution Controller 2.x (123 and 123) allows anyone to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the password. There is no warning or prompt to ask the user to change the default password.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-20028", "desc": "In da, there is a possible out of bounds write due to lack of valudation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541632; Issue ID: ALPS08541687.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-36858", "desc": "An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file.", "poc": ["https://github.com/HackAllSec/CVEs/tree/main/Jan%20Arbitrary%20File%20Upload%20vulnerability"]}, {"cve": "CVE-2024-26632", "desc": "In the Linux kernel, the following vulnerability has been resolved:block: Fix iterating over an empty bio with bio_for_each_folio_allIf the bio contains no data, bio_first_folio() calls page_folio() on aNULL pointer and oopses. Move the test that we've reached the end ofthe bio from bio_next_folio() to bio_first_folio().[axboe: add unlikely() to error case]", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-25832", "desc": "F-logic DataCube3 v1.0 is vulnerable to unrestricted file upload, which could allow an authenticated malicious actor to upload a file of dangerous type by manipulating the filename extension.", "poc": ["https://neroteam.com/blog/f-logic-datacube3-vulnerability-report", "https://github.com/0xNslabs/CVE-2024-25832-PoC", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/wjlin0/poc-doc", "https://github.com/wy876/POC"]}, {"cve": "CVE-2024-28182", "desc": "nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability.", "poc": ["https://github.com/Ampferl/poc_http2-continuation-flood", "https://github.com/DrewskyDev/H2Flood", "https://github.com/TimoTielens/TwT.Docker.Aspnet", "https://github.com/TimoTielens/httpd-security", "https://github.com/Vos68/HTTP2-Continuation-Flood-PoC", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/lockness-Ko/CVE-2024-27316"]}, {"cve": "CVE-2024-27913", "desc": "ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1 allows remote attackers to cause a denial of service (ospfd daemon crash) via a malformed OSPF LSA packet, because of an attempted access to a missing attribute field.", "poc": ["https://github.com/AimiP02/OSPF_BooFuzzer"]}, {"cve": "CVE-2024-31840", "desc": "An issue was discovered in Italtel Embrace 1.6.4. The web application inserts cleartext passwords in the HTML source code. An authenticated user is able to edit the configuration of the email server. Once the user access the edit function, the web application fills the edit form with the current credentials for the email account, including the cleartext password.", "poc": ["https://www.gruppotim.it/it/footer/red-team.html"]}, {"cve": "CVE-2024-24806", "desc": "libuv is a multi-platform support library with a focus on asynchronous I/O. The `uv_getaddrinfo` function in `src/unix/getaddrinfo.c` (and its windows counterpart `src/win/getaddrinfo.c`), truncates hostnames to 256 characters before calling `getaddrinfo`. This behavior can be exploited to create addresses like `0x00007f000001`, which are considered valid by `getaddrinfo` and could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks. The vulnerability arises due to how the `hostname_ascii` variable (with a length of 256 bytes) is handled in `uv_getaddrinfo` and subsequently in `uv__idna_toascii`. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result attackers may be able to access internal APIs or for websites (similar to MySpace) that allows users to have `username.example.com` pages. Internal services that crawl or cache these user pages can be exposed to SSRF attacks if a malicious user chooses a long vulnerable username. This issue has been addressed in release version 1.48.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "poc": ["http://www.openwall.com/lists/oss-security/2024/02/08/2", "https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-1104", "desc": "An unauthenticated remote attacker can bypass the brute force prevention mechanism and disturb the webservice for all users.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-2059", "desc": "A vulnerability was found in SourceCodester Petrol Pump Management Software 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/app/service_crud.php. The manipulation of the argument photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-255374 is the identifier assigned to this vulnerability.", "poc": ["https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Petrol%20pump%20management%20software/service_crud.php%20Unauthenticated%20Arbitrary%20File%20Upload.md"]}, {"cve": "CVE-2024-22404", "desc": "Nextcloud files Zip app is a tool to create zip archives from one or multiple files from within Nextcloud. In affected versions users can download \"view-only\" files by zipping the complete folder. It is recommended that the Files ZIP app is upgraded to 1.2.1, 1.4.1, or 1.5.0. Users unable to upgrade should disable the file zip app.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-0240", "desc": "A memory leak in the Silicon Labs' Bluetooth stack for EFR32 products may cause memory to be exhausted when sending notifications to multiple clients, this results in all Bluetooth operations, such as advertising and scanning, to stop.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-2118", "desc": "The Social Media Share Buttons & Social Sharing Icons WordPress plugin before 2.8.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "poc": ["https://wpscan.com/vulnerability/e9d53cb9-a5cb-49f5-bcba-295ae6fa44c3/"]}, {"cve": "CVE-2024-21663", "desc": "Discord-Recon is a Discord bot created to automate bug bounty recon, automated scans and information gathering via a discord server. Discord-Recon is vulnerable to remote code execution. An attacker is able to execute shell commands in the server without having an admin role. This vulnerability has been fixed in version 0.0.8.", "poc": ["https://github.com/DEMON1A/Discord-Recon/issues/23", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-0057", "desc": "NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-21085", "desc": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", "poc": ["https://www.oracle.com/security-alerts/cpuapr2024.html", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-21109", "desc": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).", "poc": ["https://www.oracle.com/security-alerts/cpuapr2024.html"]}, {"cve": "CVE-2024-20974", "desc": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-25146", "desc": "Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 18, and older unsupported versions returns with different responses depending on whether a site does not exist or if the user does not have permission to access the site, which allows remote attackers to discover the existence of sites by enumerating URLs. This vulnerability occurs if locale.prepend.friendly.url.style=2 and if a custom 404 page is used.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-7177", "desc": "A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been classified as critical. Affected is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument langType leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-272598 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setLanguageCfg.md"]}, {"cve": "CVE-2024-26151", "desc": "The `mjml` PyPI package, found at the `FelixSchwarz/mjml-python` GitHub repo, is an unofficial Python port of MJML, a markup language created by Mailjet. All users of `FelixSchwarz/mjml-python` who insert untrusted data into mjml templates unless that data is checked in a very strict manner. User input like `<script>` would be rendered as ` leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249818 is the identifier assigned to this vulnerability.", "poc": ["https://github.com/ahmedvienna/CVEs-and-Vulnerabilities", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-25304", "desc": "Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'apass' parameter at \"School/index.php.\"", "poc": ["https://github.com/tubakvgc/CVEs/blob/main/Simple%20School%20Management%20System/Simple%20School%20Managment%20System%20-%20SQL%20Injection%20-2.md", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/tubakvgc/CVEs"]}, {"cve": "CVE-2024-3692", "desc": "The Gutenverse WordPress plugin before 1.9.1 does not validate the htmlTag option in various of its block before outputting it back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks", "poc": ["https://wpscan.com/vulnerability/6f100f85-3a76-44be-8092-06eb8595b0c9/"]}, {"cve": "CVE-2024-0617", "desc": "The Category Discount Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpcd_save_discount() function in all versions up to, and including, 4.12. This makes it possible for unauthenticated attackers to modify product category discounts that could lead to loss of revenue.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-30737", "desc": "** DISPUTED ** An issue was discovered in ROS Kinetic Kame in ROS_VERSION 1 and ROS_PYTHON_VERSION 3, allows remote attackers to execute arbitrary code via packages or nodes within the ROS system. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/yashpatelphd/CVE-2024-30737"]}, {"cve": "CVE-2024-7536", "desc": "Use after free in WebAudio in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-5745", "desc": "A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/modules/product/controller.php?action=add. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-267414 is the identifier assigned to this vulnerability.", "poc": ["https://github.com/L1OudFd8cl09/CVE/blob/main/07_06_2024_a.md", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-39672", "desc": "Memory request logic vulnerability in the memory module.Impact: Successful exploitation of this vulnerability will affect integrity and availability.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-25592", "desc": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPMU DEV Broken Link Checker allows Stored XSS.This issue affects Broken Link Checker: from n/a through 2.2.3.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-34230", "desc": "A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the System Information parameter.", "poc": ["https://github.com/Amrita2000/CVES/blob/main/CVE-2024-34230.md"]}, {"cve": "CVE-2024-21633", "desc": "Apktool is a tool for reverse engineering Android APK files. In versions 2.9.1 and prior, Apktool infers resource files' output path according to their resource names which can be manipulated by attacker to place files at desired location on the system Apktool runs on. Affected environments are those in which an attacker may write/overwrite any file that user has write access, and either user name is known or cwd is under user folder. Commit d348c43b24a9de350ff6e5bd610545a10c1fc712 contains a patch for this issue.", "poc": ["https://github.com/iBotPeaches/Apktool/commit/d348c43b24a9de350ff6e5bd610545a10c1fc712", "https://github.com/iBotPeaches/Apktool/security/advisories/GHSA-2hqv-2xv4-5h5w", "https://github.com/0x33c0unt/CVE-2024-21633", "https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/tanjiti/sec_profile"]}, {"cve": "CVE-2024-4723", "desc": "A vulnerability, which was classified as problematic, has been found in Campcodes Legal Case Management System 1.0. This issue affects some unknown processing of the file /admin/case-status. The manipulation of the argument case_status leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263801 was assigned to this vulnerability.", "poc": ["https://github.com/yylmm/CVE/blob/main/Legal%20Case%20Management%20System/xss_admin_case-status.md"]}, {"cve": "CVE-2024-4236", "desc": "A vulnerability, which was classified as critical, has been found in Tenda AX1803 1.0.0.1. This issue affects the function formSetSysToolDDNS of the file /goform/SetDDNSCfg. The manipulation of the argument serverName/ddnsUser/ddnsPwd/ddnsDomain leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-262127. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AX/AX1803/formSetSysToolDDNS.md", "https://github.com/LaPhilosophie/IoT-vulnerable", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/helloyhrr/IoT_vulnerability"]}, {"cve": "CVE-2024-31873", "desc": "IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains hard-coded credentials which it uses for its own inbound authentication that could be obtained by a malicious actor. IBM X-Force ID: 287317.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-1033", "desc": "A vulnerability, which was classified as problematic, has been found in openBI up to 1.0.8. Affected by this issue is the function agent of the file /application/index/controller/Datament.php. The manipulation of the argument api leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252308.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-31777", "desc": "File Upload vulnerability in openeclass v.3.15 and before allows an attacker to execute arbitrary code via a crafted file to the certbadge.php endpoint.", "poc": ["https://github.com/FreySolarEye/Exploit-CVE-2024-31777", "https://github.com/FreySolarEye/Exploit-CVE-2024-31777", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-1085", "desc": "A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.The nft_setelem_catchall_deactivate() function checks whether the catch-all set element is active in the current generation instead of the next generation before freeing it, but only flags it inactive in the next generation, making it possible to free the element multiple times, leading to a double free vulnerability.We recommend upgrading past commit b1db244ffd041a49ecc9618e8feb6b5c1afcdaa7.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-20872", "desc": "Improper handling of insufficient privileges vulnerability in TalkbackSE prior to version Android 14 allows local attackers to modify setting value of TalkbackSE.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-35752", "desc": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Enea Overclokk Stellissimo Text Box allows Stored XSS.This issue affects Stellissimo Text Box: from n/a through 1.1.4.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-22422", "desc": "AnythingLLM is an application that turns any document, resource, or piece of content into context that any LLM can use as references during chatting. In versions prior to commit `08d33cfd8` an unauthenticated API route (file export) can allow attacker to crash the server resulting in a denial of service attack. The \u201cdata-export\u201d endpoint is used to export files using the filename parameter as user input. The endpoint takes the user input, filters it to avoid directory traversal attacks, fetches the file from the server, and afterwards deletes it. An attacker can trick the input filter mechanism to point to the current directory, and while attempting to delete it the server will crash as there is no error-handling wrapper around it. Moreover, the endpoint is public and does not require any form of authentication, resulting in an unauthenticated Denial of Service issue, which crashes the instance using a single HTTP packet. This issue has been addressed in commit `08d33cfd8`. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "poc": ["https://github.com/Mintplex-Labs/anything-llm/security/advisories/GHSA-xmj6-g32r-fc5q"]}, {"cve": "CVE-2024-6707", "desc": "Attacker controlled files can be uploaded to arbitrary locations on the web server's filesystem by abusing a path traversal vulnerability.", "poc": ["https://korelogic.com/Resources/Advisories/KL-001-2024-006.txt", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-3524", "desc": "A vulnerability, which was classified as problematic, has been found in Campcodes Online Event Management System 1.0. This issue affects some unknown processing of the file /views/process.php. The manipulation of the argument name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259895.", "poc": ["https://vuldb.com/?id.259895", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-7279", "desc": "A vulnerability was found in SourceCodester Lot Reservation Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/ajax.php?action=login. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273148.", "poc": ["https://gist.github.com/topsky979/8eb5a3711f4802b2b05ae3702addb61e"]}, {"cve": "CVE-2024-22148", "desc": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Smart Editor JoomUnited allows Reflected XSS.This issue affects JoomUnited: from n/a through 1.3.3.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-20007", "desc": "In mp3 decoder, there is a possible out of bounds write due to a race condition. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08441369; Issue ID: ALPS08441369.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-3427", "desc": "A vulnerability, which was classified as problematic, was found in SourceCodester Online Courseware 1.0. This affects an unknown part of the file addq.php. The manipulation of the argument id leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259599.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-3535", "desc": "A vulnerability, which was classified as critical, was found in Campcodes Church Management System 1.0. This affects an unknown part of the file /admin/index.php. The manipulation of the argument password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259905 was assigned to this vulnerability.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-2247", "desc": "JFrog Artifactory versions below 7.77.7, 7.82.1, are vulnerable to DOM-based cross-site scripting due to improper handling of the import override mechanism.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-23313", "desc": "An integer underflow vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to an out-of-bounds write which in turn can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-21733", "desc": "Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43.Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue.", "poc": ["http://packetstormsecurity.com/files/176951/Apache-Tomcat-8.5.63-9.0.43-HTTP-Response-Smuggling.html", "https://github.com/1N3/1N3", "https://github.com/Marco-zcl/POC", "https://github.com/Ostorlab/KEV", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/versio-io/product-lifecycle-security-api", "https://github.com/wjlin0/poc-doc", "https://github.com/wy876/POC"]}, {"cve": "CVE-2024-23188", "desc": "Maliciously crafted E-Mail attachment names could be used to temporarily execute script code in the context of the users browser session. Common user interaction is required for the vulnerability to trigger. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. We now use safer methods of handling external content when embedding attachment information to the web interface. No publicly available exploits are known.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4224", "desc": "An authenticated stored cross-site scripting (XSS) exists in the TP-Link TL-SG1016DE affecting version TL-SG1016DE(UN) V7.6_1.0.0 Build 20230616, which could allow an adversary to run JavaScript in an administrator's browser. This issue was fixed in\u00a0TL-SG1016DE(UN) V7_1.0.1 Build 20240628.", "poc": ["https://takeonme.org/cves/CVE-2024-4224.html"]}, {"cve": "CVE-2024-4317", "desc": "Missing authorization in PostgreSQL built-in views pg_stats_ext and pg_stats_ext_exprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. The most common values may reveal column values the eavesdropper could not otherwise read or results of functions they cannot execute. Installing an unaffected version only fixes fresh PostgreSQL installations, namely those that are created with the initdb utility after installing that version. Current PostgreSQL installations will remain vulnerable until they follow the instructions in the release notes. Within major versions 14-16, minor versions before PostgreSQL 16.3, 15.7, and 14.12 are affected. Versions before PostgreSQL 14 are unaffected.", "poc": ["https://github.com/wiltondb/wiltondb"]}, {"cve": "CVE-2024-4933", "desc": "A vulnerability has been found in SourceCodester Simple Online Bidding System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /simple-online-bidding-system/admin/index.php?page=manage_product. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264469 was assigned to this vulnerability.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-39643", "desc": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in RegistrationMagic Forms RegistrationMagic allows Stored XSS.This issue affects RegistrationMagic: from n/a through 6.0.0.1.", "poc": ["https://github.com/20142995/nuclei-templates"]}, {"cve": "CVE-2024-25964", "desc": "Dell PowerScale OneFS 9.5.0.x through 9.7.0.x contain a covert timing channel vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-20835", "desc": "Improper access control vulnerability in CustomFrequencyManagerService prior to SMR Mar-2024 Release 1 allows local attackers to execute privileged behaviors.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-26588", "desc": "In the Linux kernel, the following vulnerability has been resolved:LoongArch: BPF: Prevent out-of-bounds memory accessThe test_tag test triggers an unhandled page fault: # ./test_tag [ 130.640218] CPU 0 Unable to handle kernel paging request at virtual address ffff80001b898004, era == 9000000003137f7c, ra == 9000000003139e70 [ 130.640501] Oops[#3]: [ 130.640553] CPU: 0 PID: 1326 Comm: test_tag Tainted: G D O 6.7.0-rc4-loong-devel-gb62ab1a397cf #47 61985c1d94084daa2432f771daa45b56b10d8d2a [ 130.640764] Hardware name: QEMU QEMU Virtual Machine, BIOS unknown 2/2/2022 [ 130.640874] pc 9000000003137f7c ra 9000000003139e70 tp 9000000104cb4000 sp 9000000104cb7a40 [ 130.641001] a0 ffff80001b894000 a1 ffff80001b897ff8 a2 000000006ba210be a3 0000000000000000 [ 130.641128] a4 000000006ba210be a5 00000000000000f1 a6 00000000000000b3 a7 0000000000000000 [ 130.641256] t0 0000000000000000 t1 00000000000007f6 t2 0000000000000000 t3 9000000004091b70 [ 130.641387] t4 000000006ba210be t5 0000000000000004 t6 fffffffffffffff0 t7 90000000040913e0 [ 130.641512] t8 0000000000000005 u0 0000000000000dc0 s9 0000000000000009 s0 9000000104cb7ae0 [ 130.641641] s1 00000000000007f6 s2 0000000000000009 s3 0000000000000095 s4 0000000000000000 [ 130.641771] s5 ffff80001b894000 s6 ffff80001b897fb0 s7 9000000004090c50 s8 0000000000000000 [ 130.641900] ra: 9000000003139e70 build_body+0x1fcc/0x4988 [ 130.642007] ERA: 9000000003137f7c build_body+0xd8/0x4988 [ 130.642112] CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE) [ 130.642261] PRMD: 00000004 (PPLV0 +PIE -PWE) [ 130.642353] EUEN: 00000003 (+FPE +SXE -ASXE -BTE) [ 130.642458] ECFG: 00071c1c (LIE=2-4,10-12 VS=7) [ 130.642554] ESTAT: 00010000 [PIL] (IS= ECode=1 EsubCode=0) [ 130.642658] BADV: ffff80001b898004 [ 130.642719] PRID: 0014c010 (Loongson-64bit, Loongson-3A5000) [ 130.642815] Modules linked in: [last unloaded: bpf_testmod(O)] [ 130.642924] Process test_tag (pid: 1326, threadinfo=00000000f7f4015f, task=000000006499f9fd) [ 130.643062] Stack : 0000000000000000 9000000003380724 0000000000000000 0000000104cb7be8 [ 130.643213] 0000000000000000 25af8d9b6e600558 9000000106250ea0 9000000104cb7ae0 [ 130.643378] 0000000000000000 0000000000000000 9000000104cb7be8 90000000049f6000 [ 130.643538] 0000000000000090 9000000106250ea0 ffff80001b894000 ffff80001b894000 [ 130.643685] 00007ffffb917790 900000000313ca94 0000000000000000 0000000000000000 [ 130.643831] ffff80001b894000 0000000000000ff7 0000000000000000 9000000100468000 [ 130.643983] 0000000000000000 0000000000000000 0000000000000040 25af8d9b6e600558 [ 130.644131] 0000000000000bb7 ffff80001b894048 0000000000000000 0000000000000000 [ 130.644276] 9000000104cb7be8 90000000049f6000 0000000000000090 9000000104cb7bdc [ 130.644423] ffff80001b894000 0000000000000000 00007ffffb917790 90000000032acfb0 [ 130.644572] ... [ 130.644629] Call Trace: [ 130.644641] [<9000000003137f7c>] build_body+0xd8/0x4988 [ 130.644785] [<900000000313ca94>] bpf_int_jit_compile+0x228/0x4ec [ 130.644891] [<90000000032acfb0>] bpf_prog_select_runtime+0x158/0x1b0 [ 130.645003] [<90000000032b3504>] bpf_prog_load+0x760/0xb44 [ 130.645089] [<90000000032b6744>] __sys_bpf+0xbb8/0x2588 [ 130.645175] [<90000000032b8388>] sys_bpf+0x20/0x2c [ 130.645259] [<9000000003f6ab38>] do_syscall+0x7c/0x94 [ 130.645369] [<9000000003121c5c>] handle_syscall+0xbc/0x158 [ 130.645507] [ 130.645539] Code: 380839f6 380831f9 28412bae <24000ca6> 004081ad 0014cb50 004083e8 02bff34c 58008e91 [ 130.645729] [ 130.646418] ---[ end trace 0000000000000000 ]---On my machine, which has CONFIG_PAGE_SIZE_16KB=y, the test failed atloading a BPF prog with 2039 instructions: prog = (struct bpf_prog *)ffff80001b894000 insn = (struct bpf_insn *)(prog->insnsi)fff---truncated---", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-26176", "desc": "Windows Kernel Elevation of Privilege Vulnerability", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-0623", "desc": "The VK Block Patterns plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.31.1.1. This is due to missing or incorrect nonce validation on the vbp_clear_patterns_cache() function. This makes it possible for unauthenticated attackers to clear the patterns cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-20943", "desc": "Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Knowledge Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Knowledge Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Knowledge Management accessible data as well as unauthorized read access to a subset of Oracle Knowledge Management accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-2864", "desc": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KaineLabs Youzify - Buddypress Moderation.This issue affects Youzify - Buddypress Moderation: from n/a through 1.2.5.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-27168", "desc": "It appears that some hardcoded keys are used for authentication to internal API. Knowing these private keys may allow attackers to bypass authentication and reach administrative interfaces. As for the affected products/models/versions, see the reference URL.", "poc": ["http://seclists.org/fulldisclosure/2024/Jul/1"]}, {"cve": "CVE-2024-23187", "desc": "Content-ID based embedding of resources in E-Mails could be abused to trigger client-side script code when using the \"show more\" option. Attackers could perform malicious API requests or extract information from the users account. Exploiting the vulnerability requires user interaction. Please deploy the provided updates and patch releases. CID replacement has been hardened to omit invalid identifiers. No publicly available exploits are known.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-22264", "desc": "VMware Avi Load Balancer contains a privilege escalation vulnerability.\u00a0A malicious actor with admin privileges on VMware Avi Load Balancer can create, modify, execute and delete files as a root user on the host system.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-2274", "desc": "A vulnerability, which was classified as problematic, has been found in Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0. This issue affects some unknown processing of the file /Home/Index of the component Prescription Dashboard. The manipulation of the argument Title leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256043. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/Srivishnu-p/CVEs-and-Vulnerabilities", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-21666", "desc": "The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management, segmentation, personalization and marketing automation. An authenticated and unauthorized user can access the list of potential duplicate users and see their data. Permissions are enforced when reaching the `/admin/customermanagementframework/duplicates/list` endpoint allowing an authenticated user without the permissions to access the endpoint and query the data available there. Unauthorized user(s) can access PII data from customers. This vulnerability has been patched in version 4.0.6.", "poc": ["https://github.com/pimcore/customer-data-framework/security/advisories/GHSA-c38c-c8mh-vq68", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-31846", "desc": "An issue was discovered in Italtel Embrace 1.6.4. The web application does not restrict or incorrectly restricts access to a resource from an unauthorized actor.", "poc": ["https://www.gruppotim.it/it/footer/red-team.html"]}, {"cve": "CVE-2024-34393", "desc": "libxmljs2 is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking a function on the result of attrs() that was called on a parsed node. This vulnerability might lead to denial of service (on both 32-bit systems and 64-bit systems), data leak, infinite loop and remote code execution (on 32-bit systems with the XML_PARSE_HUGE flag enabled).", "poc": ["https://github.com/marudor/libxmljs2/issues/204", "https://research.jfrog.com/vulnerabilities/libxmljs2-attrs-type-confusion-rce-jfsa-2024-001034097/"]}, {"cve": "CVE-2024-28423", "desc": "Airflow-Diagrams v2.1.0 was discovered to contain an arbitrary file upload vulnerability in the unsafe_load function at cli.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted YML file.", "poc": ["https://github.com/bayuncao/bayuncao"]}, {"cve": "CVE-2024-25144", "desc": "The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack 19, and older unsupported versions does not check the URL of the IFrame, which allows remote authenticated users to cause a denial-of-service (DoS) via a self referencing IFrame.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-1932", "desc": "Unrestricted Upload of File with Dangerous Type in freescout-helpdesk/freescout", "poc": ["https://huntr.com/bounties/fefd711e-3bf0-4884-9acc-167649c1f9a2"]}, {"cve": "CVE-2024-25438", "desc": "A cross-site scripting (XSS) vulnerability in the Submission module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function.", "poc": ["https://github.com/machisri/CVEs-and-Vulnerabilities/blob/main/CVE-2024-25438%20-%3E%20Stored%20XSS%20in%20input%20Subject%20of%20the%20Add%20Discussion%20Component%20under%20Submissions", "https://github.com/Srivishnu-p/CVEs-and-Vulnerabilities", "https://github.com/machisri/CVEs-and-Vulnerabilities"]}, {"cve": "CVE-2024-5172", "desc": "The Expert Invoice WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "poc": ["https://wpscan.com/vulnerability/65d84e69-0548-4c7d-bcde-5777d72da555/"]}, {"cve": "CVE-2024-35738", "desc": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kognetiks Kognetiks Chatbot for WordPress allows Stored XSS.This issue affects Kognetiks Chatbot for WordPress: from n/a through 1.9.8.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-6964", "desc": "A vulnerability, which was classified as critical, was found in Tenda O3 1.0.0.10. Affected is the function fromDhcpSetSer. The manipulation of the argument dhcpEn/startIP/endIP/preDNS/altDNS/mask/gateway leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-272118 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-3167", "desc": "The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018twitter_username\u2019 parameter in versions up to, and including, 2.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4172", "desc": "A vulnerability classified as problematic was found in idcCMS 1.35. Affected by this vulnerability is an unknown functionality of the file /admin/admin_cl.php?mudi=revPwd. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261991.", "poc": ["https://github.com/bigbigbigbaby/cms2/blob/main/1.md", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-33305", "desc": "SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via \"Middle Name\" parameter in Create User.", "poc": ["https://github.com/Mohitkumar0786/CVE/blob/main/CVE-2024-33305.md", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-21016", "desc": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "poc": ["https://www.oracle.com/security-alerts/cpuapr2024.html"]}, {"cve": "CVE-2024-2828", "desc": "A vulnerability, which was classified as critical, was found in lakernote EasyAdmin up to 20240315. Affected is the function thumbnail of the file src/main/java/com/laker/admin/module/sys/controller/IndexController.java. The manipulation of the argument url leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 23165d8cb569048c531150f194fea39f8800b8d5. It is recommended to apply a patch to fix this issue. VDB-257718 is the identifier assigned to this vulnerability.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-36120", "desc": "javascript-deobfuscator removes common JavaScript obfuscation techniques. In affected versions crafted payloads targeting expression simplification can lead to code execution. This issue has been patched in version 1.1.0. Users are advised to update. Users unable to upgrade should disable the expression simplification feature.", "poc": ["https://github.com/SteakEnthusiast/My-CTF-Challenges"]}, {"cve": "CVE-2024-2494", "desc": "A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-22724", "desc": "An issue was discovered in osCommerce v4, allows local attackers to bypass file upload restrictions and execute arbitrary code via administrator profile photo upload feature.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-43199", "desc": "Nagios NDOUtils before 2.1.4 allows privilege escalation from nagios to root because certain executable files are owned by the nagios user.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-33343", "desc": "D-Link DIR-822+ V1.0.5 was found to contain a command injection in ChgSambaUserSettings function of prog.cgi, which allows remote attackers to execute arbitrary commands via shell.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-20055", "desc": "In imgsys, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation Patch ID: ALPS08518692; Issue ID: MSV-1012.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-37253", "desc": "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in WpDirectoryKit WP Directory Kit allows Code Injection.This issue affects WP Directory Kit: from n/a through 1.3.6.", "poc": ["https://github.com/20142995/nuclei-templates"]}, {"cve": "CVE-2024-33303", "desc": "SourceCodester Product Show Room 1.0 is vulnerable to Cross Site Scripting (XSS) via \"First Name\" under Add Users.", "poc": ["https://github.com/Mohitkumar0786/CVE/blob/main/CVE-2024-33303.md", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-38886", "desc": "An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Traffic Injection attack due to improper verification of the source of a communication channel.", "poc": ["https://packetstormsecurity.com/files/179892/Caterease-Software-SQL-Injection-Command-Injection-Bypass.html"]}, {"cve": "CVE-2024-4587", "desc": "A vulnerability was found in DedeCMS 5.7 and classified as problematic. This issue affects some unknown processing of the file /src/dede/tpl.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263309 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/Hckwzh/cms/blob/main/18.md", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-38786", "desc": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BurgerThemes CoziPress allows Stored XSS.This issue affects CoziPress: from n/a through 1.0.30.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-7273", "desc": "A vulnerability classified as critical was found in itsourcecode Alton Management System 1.0. This vulnerability affects unknown code of the file search.php. The manipulation of the argument rcode leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273142 is the identifier assigned to this vulnerability.", "poc": ["https://github.com/DeepMountains/Mirage/blob/main/CVE8-1.md"]}, {"cve": "CVE-2024-34340", "desc": "Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, Cacti calls `compat_password_hash` when users set their password. `compat_password_hash` use `password_hash` if there is it, else use `md5`. When verifying password, it calls `compat_password_verify`. In `compat_password_verify`, `password_verify` is called if there is it, else use `md5`. `password_verify` and `password_hash` are supported on PHP < 5.5.0, following PHP manual. The vulnerability is in `compat_password_verify`. Md5-hashed user input is compared with correct password in database by `$md5 == $hash`. It is a loose comparison, not `===`. It is a type juggling vulnerability. Version 1.2.27 contains a patch for the issue.", "poc": ["https://github.com/Cacti/cacti/security/advisories/GHSA-37x7-mfjv-mm7m"]}, {"cve": "CVE-2024-1564", "desc": "The wp-schema-pro WordPress plugin before 2.7.16 does not validate post access allowing a contributor user to access custom fields on any post regardless of post type or status via a shortcode", "poc": ["https://wpscan.com/vulnerability/ecb1e36f-9c6e-4754-8878-03c97194644d/", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-27301", "desc": "Support App is an opensource application specialized in managing Apple devices. It's possible to abuse a vulnerability inside the postinstall installer script to make the installer execute arbitrary code as root. The cause of the vulnerability is the fact that the shebang `#!/bin/zsh` is being used. When the installer is executed it asks for the users password to be executed as root. However, it'll still be using the $HOME of the user and therefore loading the file `$HOME/.zshenv` when the `postinstall` script is executed.An attacker could add malicious code to `$HOME/.zshenv` and it will be executed when the app is installed. An attacker may leverage this vulnerability to escalate privilege on the system. This issue has been addressed in version 2.5.1 Rev 2. All users are advised to upgrade. There are no known workarounds for this vulnerability.", "poc": ["https://github.com/root3nl/SupportApp/security/advisories/GHSA-jr78-247f-rhqc"]}, {"cve": "CVE-2024-31510", "desc": "An issue in Open Quantum Safe liboqs v.10.0 allows a remote attacker to escalate privileges via the crypto_sign_signature parameter in the /pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/sign.c component.", "poc": ["https://github.com/liang-junkai/Fault-injection-of-ML-DSA", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/liang-junkai/Fault-injection-of-ML-DSA"]}, {"cve": "CVE-2024-22107", "desc": "An issue was discovered in GTB Central Console 15.17.1-30814.NG. The method systemSettingsDnsDataAction at /opt/webapp/src/AppBundle/Controller/React/SystemSettingsController.php is vulnerable to command injection via the /old/react/v1/api/system/dns/data endpoint. An authenticated attacker can abuse it to inject an arbitrary command and compromise the platform.", "poc": ["https://adepts.of0x.cc/gtbcc-pwned/", "https://x-c3ll.github.io/cves.html"]}, {"cve": "CVE-2024-28745", "desc": "Improper export of Android application components issue exists in 'ABEMA' App for Android prior to 10.65.0 allowing another app installed on the user's device to access an arbitrary URL on 'ABEMA' App for Android via Intent. If this vulnerability is exploited, an arbitrary website may be displayed on the app, and as a result, the user may become a victim of a phishing attack.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-30980", "desc": "SQL Injection vulnerability in phpgurukul Cyber Cafe Management System Using PHP & MySQL 1.0 allows attackers to run arbitrary SQL commands via the Computer Location parameter in manage-computer.php page.", "poc": ["https://medium.com/@shanunirwan/cve-2024-30980-sql-injection-vulnerability-in-cyber-cafe-management-system-using-php-mysql-v1-0-30bffd26dab7"]}, {"cve": "CVE-2024-35843", "desc": "In the Linux kernel, the following vulnerability has been resolved:iommu/vt-d: Use device rbtree in iopf reporting pathThe existing I/O page fault handler currently locates the PCI device bycalling pci_get_domain_bus_and_slot(). This function searches the listof all PCI devices until the desired device is found. To improve lookupefficiency, replace it with device_rbtree_find() to search the devicewithin the probed device rbtree.The I/O page fault is initiated by the device, which does not have anysynchronization mechanism with the software to ensure that the devicestays in the probed device tree. Theoretically, a device could be releasedby the IOMMU subsystem after device_rbtree_find() and beforeiopf_get_dev_fault_param(), which would cause a use-after-free problem.Add a mutex to synchronize the I/O page fault reporting path and the IOMMUrelease device path. This lock doesn't introduce any performance overhead,as the conflict between I/O page fault reporting and device releasing isvery rare.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4919", "desc": "A vulnerability was found in Campcodes Online Examination System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /adminpanel/admin/query/addCourseExe.php. The manipulation of the argument course_name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-264454 is the identifier assigned to this vulnerability.", "poc": ["https://github.com/yylmm/CVE/blob/main/Online%20Examination%20System%20With%20Timer/SQL_addCourseExe.md"]}, {"cve": "CVE-2024-25294", "desc": "An SSRF issue in REBUILD v.3.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the FileDownloader.java, proxyDownload,URL parameters.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-41827", "desc": "In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or expiration", "poc": ["https://github.com/tanjiti/sec_profile"]}, {"cve": "CVE-2024-25916", "desc": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joseph C Dolson My Calendar allows Stored XSS.This issue affects My Calendar: from n/a through 3.4.23.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-5393", "desc": "A vulnerability was found in itsourcecode Online Student Enrollment System 1.0. It has been classified as critical. This affects an unknown part of the file listofcourse.php. The manipulation of the argument idno leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-266307.", "poc": ["https://github.com/Lanxiy7th/lx_CVE_report-/issues/6"]}, {"cve": "CVE-2024-1709", "desc": "ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.", "poc": ["https://github.com/rapid7/metasploit-framework/pull/18870", "https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc", "https://techcrunch.com/2024/02/21/researchers-warn-high-risk-connectwise-flaw-under-attack-is-embarrassingly-easy-to-exploit/", "https://www.bleepingcomputer.com/news/security/connectwise-urges-screenconnect-admins-to-patch-critical-rce-flaw/", "https://www.horizon3.ai/attack-research/red-team/connectwise-screenconnect-auth-bypass-deep-dive/", "https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass", "https://www.huntress.com/blog/detection-guidance-for-connectwise-cwe-288-2", "https://www.huntress.com/blog/vulnerability-reproduced-immediately-patch-screenconnect-23-9-8", "https://www.securityweek.com/connectwise-confirms-screenconnect-flaw-under-active-exploitation/", "https://github.com/GhostTroops/TOP", "https://github.com/HussainFathy/CVE-2024-1709", "https://github.com/Juan921030/sploitscan", "https://github.com/Ostorlab/KEV", "https://github.com/W01fh4cker/ScreenConnect-AuthBypass-RCE", "https://github.com/cjybao/CVE-2024-1709-and-CVE-2024-1708", "https://github.com/codeb0ss/CVE-2024-1709-PoC", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/myseq/vcheck-cli", "https://github.com/nitish778191/fitness_app", "https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/securitycipher/daily-bugbounty-writeups", "https://github.com/sxyrxyy/CVE-2024-1709-ConnectWise-ScreenConnect-Authentication-Bypass", "https://github.com/tr1pl3ight/CVE-2024-21762-POC", "https://github.com/tr1pl3ight/CVE-2024-23113-POC", "https://github.com/tr1pl3ight/POCv2.0-for-CVE-2024-1709", "https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc", "https://github.com/xaitax/SploitScan"]}, {"cve": "CVE-2024-34002", "desc": "In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore feedback modules and direct access to the web server outside of the Moodle webroot could execute a local file include.", "poc": ["https://github.com/cli-ish/cli-ish"]}, {"cve": "CVE-2024-2687", "desc": "A vulnerability was found in Campcodes Online Job Finder System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/applicants/index.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257387.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-24722", "desc": "An unquoted service path vulnerability in the 12d Synergy Server and File Replication Server components may allow an attacker to gain elevated privileges via the 12d Synergy Server and/or 12d Synergy File Replication Server executable service path. This is fixed in 4.3.10.192, 5.1.5.221, and 5.1.6.235.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-1064", "desc": "A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a remote, unauthenticated attacker to trigger a Denial of Service (DoS) condition via a modified host header", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4036", "desc": "The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the style parameter in all versions up to, and including, 1.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-24707", "desc": "Improper Control of Generation of Code ('Code Injection') vulnerability in Cwicly Builder, SL. Cwicly allows Code Injection.This issue affects Cwicly: from n/a through 1.4.0.2.", "poc": ["https://snicco.io/vulnerability-disclosure/cwicly/remote-code-execution-cwicly-1-4-0-2?_s_id=cve"]}, {"cve": "CVE-2024-3286", "desc": "A buffer overflow vulnerability was identified in some Lenovo printers that could allow an unauthenticated user to trigger a device restart by sending a specially crafted web request.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-20680", "desc": "Windows Message Queuing Client (MSMQC) Information Disclosure", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-0222", "desc": "Use after free in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/tanjiti/sec_profile"]}, {"cve": "CVE-2024-38881", "desc": "An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Rainbow Table Password cracking attack due to the use of one-way hashes without salts when storing user passwords.", "poc": ["https://packetstormsecurity.com/files/179892/Caterease-Software-SQL-Injection-Command-Injection-Bypass.html"]}, {"cve": "CVE-2024-39119", "desc": "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/info_deal.php?mudi=rev&nohrefStr=close.", "poc": ["https://github.com/2477231995/cms/blob/main/1.md"]}, {"cve": "CVE-2024-20823", "desc": "Implicit intent hijacking vulnerability in SamsungAccount of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-7371", "desc": "A vulnerability was found in SourceCodester Simple Realtime Quiz System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /quiz_view.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273355.", "poc": ["https://gist.github.com/topsky979/e45c2b283d29bc0a2f3551ca9cb45999"]}, {"cve": "CVE-2024-29182", "desc": "Collabora Online is a collaborative online office suite based on LibreOffice. A stored cross-site scripting vulnerability was found in Collabora Online. An attacker could create a document with an XSS payload in document text referenced by field which, if hovered over to produce a tooltip, could be executed by the user's browser. Users should upgrade to Collabora Online 23.05.10.1 or higher. Earlier series of Collabora Online, 22.04, 21.11, etc. are unaffected.", "poc": ["https://github.com/cyllective/CVEs", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-34241", "desc": "A cross-site scripting (XSS) vulnerability in Rocketsoft Rocket LMS 1.9 allows an administrator to store a JavaScript payload using the admin web interface when creating new courses and new course notifications.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-27350", "desc": "Amazon Fire OS 7 before 7.6.6.9 and 8 before 8.1.0.3 allows Fire TV applications to establish local ADB (Android Debug Bridge) connections. NOTE: some third parties dispute whether this has security relevance, because an ADB connection is only possible after the (non-default) ADB Debugging option is enabled, and after the initiator of that specific connection attempt has been approved via a full-screen prompt.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-2939", "desc": "A vulnerability classified as problematic has been found in Campcodes Online Examination System 1.0. Affected is an unknown function of the file /adminpanel/admin/facebox_modal/updateExaminee.php. The manipulation of the argument id leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258030 is the identifier assigned to this vulnerability.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-23517", "desc": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Start Booking Scheduling Plugin \u2013 Online Booking for WordPress allows Stored XSS.This issue affects Scheduling Plugin \u2013 Online Booking for WordPress: from n/a through 3.5.10.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4547", "desc": "A SQLi vulnerability exists in\u00a0Delta Electronics\u00a0DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateScript' message, which is splitted into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field", "poc": ["https://www.tenable.com/security/research/tra-2024-13", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-29916", "desc": "The dormakaba Saflok system before the November 2023 software update allows an attacker to unlock arbitrary doors at a property via forged keycards, if the attacker has obtained one active or expired keycard for the specific property, aka the \"Unsaflok\" issue. This occurs, in part, because the key derivation function relies only on a UID. This affects, for example, Saflok MT, and the Confidant, Quantum, RT, and Saffire series.", "poc": ["https://unsaflok.com", "https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-23180", "desc": "Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute arbitrary code by uploading a specially crafted SVG file.", "poc": ["https://github.com/mute1008/mute1008", "https://github.com/mute1997/mute1997"]}, {"cve": "CVE-2024-0230", "desc": "A session management issue was addressed with improved checks. This issue is fixed in Magic Keyboard Firmware Update 2.0.6. An attacker with physical access to the accessory may be able to extract its Bluetooth pairing key and monitor Bluetooth traffic.", "poc": ["https://github.com/H4lo/awesome-IoT-security-article", "https://github.com/gato001k1/helt", "https://github.com/keldnorman/cve-2024-0230-blue", "https://github.com/marcnewlin/hi_my_name_is_keyboard", "https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/shirin-ehtiram/hi_my_name_is_keyboard"]}, {"cve": "CVE-2024-2739", "desc": "The Advanced Search WordPress plugin through 1.1.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks", "poc": ["https://wpscan.com/vulnerability/5b84145b-f94e-4ea7-84d5-56cf776817a2/", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4029", "desc": "A vulnerability was found in Wildfly\u2019s management interface. Due to the lack of limitation of sockets for the management interface, it may be possible to cause a denial of service hitting the nofile limit as there is no possibility to configure or set a maximum number of connections.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-34488", "desc": "OFPMultipartReply in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via b.length=0.", "poc": ["https://github.com/faucetsdn/ryu/issues/191", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-6729", "desc": "A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /control/add_act.php. The manipulation of the argument aname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-271402 is the identifier assigned to this vulnerability.", "poc": ["https://reports-kunull.vercel.app/CVE%20research/2024/cve-2024-6729", "https://reports-kunull.vercel.app/CVEs/2024/CVE-2024-6729"]}, {"cve": "CVE-2024-33513", "desc": "Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected service.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-0928", "desc": "A vulnerability was found in Tenda AC10U 15.03.06.49_multi_TDE01. It has been declared as critical. Affected by this vulnerability is the function fromDhcpListClient. The manipulation of the argument page/listN leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252133 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/fromDhcpListClient_1.md", "https://github.com/yaoyue123/iot"]}, {"cve": "CVE-2024-1385", "desc": "The WP-Stateless \u2013 Google Cloud Storage plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the dismiss_notices() function in all versions up to, and including, 3.4.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary option values to the current time, which may completely take a site offline.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-27626", "desc": "A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in Dotclear version 2.29. The flaw exists within the Search functionality of the Admin Panel.", "poc": ["https://packetstormsecurity.com/files/177239/Dotclear-2.29-Cross-Site-Scripting.html", "https://github.com/capture0x/My-CVE", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-26595", "desc": "In the Linux kernel, the following vulnerability has been resolved:mlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in error pathWhen calling mlxsw_sp_acl_tcam_region_destroy() from an error path afterfailing to attach the region to an ACL group, we hit a NULL pointerdereference upon 'region->group->tcam' [1].Fix by retrieving the 'tcam' pointer using mlxsw_sp_acl_to_tcam().[1]BUG: kernel NULL pointer dereference, address: 0000000000000000[...]RIP: 0010:mlxsw_sp_acl_tcam_region_destroy+0xa0/0xd0[...]Call Trace: mlxsw_sp_acl_tcam_vchunk_get+0x88b/0xa20 mlxsw_sp_acl_tcam_ventry_add+0x25/0xe0 mlxsw_sp_acl_rule_add+0x47/0x240 mlxsw_sp_flower_replace+0x1a9/0x1d0 tc_setup_cb_add+0xdc/0x1c0 fl_hw_replace_filter+0x146/0x1f0 fl_change+0xc17/0x1360 tc_new_tfilter+0x472/0xb90 rtnetlink_rcv_msg+0x313/0x3b0 netlink_rcv_skb+0x58/0x100 netlink_unicast+0x244/0x390 netlink_sendmsg+0x1e4/0x440 ____sys_sendmsg+0x164/0x260 ___sys_sendmsg+0x9a/0xe0 __sys_sendmsg+0x7a/0xc0 do_syscall_64+0x40/0xe0 entry_SYSCALL_64_after_hwframe+0x63/0x6b", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-3867", "desc": "The archive-tainacan-collection theme for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in version 2.7.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", "poc": ["https://github.com/c4cnm/CVE-2024-3867", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-21751", "desc": "Missing Authorization vulnerability in RabbitLoader.This issue affects RabbitLoader: from n/a through 2.19.13.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4542", "desc": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-3548. Reason: This candidate was issued in error. Please use CVE-2024-3548 instead.", "poc": ["https://research.cleantalk.org/cve-2024-3548/", "https://wpscan.com/vulnerability/9eef8b29-2c62-4daa-ae90-467ff9be18d8/", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-1760", "desc": "The Appointment Booking Calendar \u2014 Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.6.20. This is due to missing or incorrect nonce validation on the ssa_factory_reset() function. This makes it possible for unauthenticated attackers to reset the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-3772", "desc": "Regular expression denial of service in Pydanic < 2.4.0, < 1.10.13 allows remote attackers to cause denial of service via a crafted email string.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/seal-community/patches"]}, {"cve": "CVE-2024-34771", "desc": "A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 2). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-35560", "desc": "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ca_deal.php?mudi=del&dataType=&dataTypeCN.", "poc": ["https://github.com/bearman113/1.md/blob/main/25/csrf.md"]}, {"cve": "CVE-2024-33831", "desc": "A stored cross-site scripting (XSS) vulnerability in the Advanced Expectation - Response module of yapi v1.10.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the body field.", "poc": ["https://github.com/YMFE/yapi/issues/2745"]}, {"cve": "CVE-2024-0649", "desc": "A vulnerability was found in ZhiHuiYun up to 4.4.13 and classified as critical. This issue affects the function download_network_image of the file /app/Http/Controllers/ImageController.php of the component Search. The manipulation of the argument url leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251375.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4217", "desc": "The shortcodes-ultimate-pro WordPress plugin before 7.1.5 does not properly escape some of its shortcodes' settings, making it possible for attackers with a Contributor account to conduct Stored XSS attacks.", "poc": ["https://wpscan.com/vulnerability/55cb43bf-7c8f-4df7-b4de-bf2bb1c2766d/"]}, {"cve": "CVE-2024-28181", "desc": "turbo_boost-commands is a set of commands to help you build robust reactive applications with Rails & Hotwire. TurboBoost Commands has existing protections in place to guarantee that only public methods on Command classes can be invoked; however, the existing checks aren't as robust as they should be. It's possible for a sophisticated attacker to invoke more methods than should be permitted depending on the the strictness of authorization checks that individual applications enforce. Being able to call some of these methods can have security implications. Commands verify that the class must be a `Command` and that the method requested is defined as a public method; however, this isn't robust enough to guard against all unwanted code execution. The library should more strictly enforce which methods are considered safe before allowing them to be executed. This issue has been addressed in versions 0.1.3, and 0.2.2. Users are advised to upgrade. Users unable to upgrade should see the repository GHSA for workaround advice.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-26201", "desc": "Microsoft Intune Linux Agent Elevation of Privilege Vulnerability", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-1531", "desc": "A vulnerability exists in the stb-language file handling that affects the RTU500 series product versions listed below. A malicious actor could print random memory content in the RTU500 system log, if an authorized user uploads a specially crafted stb-language file.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-24188", "desc": "Jsish v3.5.0 was discovered to contain a heap-buffer-overflow in ./src/jsiUtils.c.", "poc": ["https://github.com/pcmacdon/jsish/issues/100", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-22917", "desc": "SQL injection vulnerability in Dynamic Lab Management System Project in PHP v.1.0 allows a remote attacker to execute arbitrary code via a crafted script.", "poc": ["https://github.com/ASR511-OO7/CVE-2024-22917", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-27963", "desc": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crisp allows Stored XSS.This issue affects Crisp: from n/a through 0.44.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-24817", "desc": "Discourse Calendar adds the ability to create a dynamic calendar in the first post of a topic on the open-source discussion platform Discourse. Prior to version 0.4, event invitees created in topics in private categories or PMs (private messages) can be retrieved by anyone, even if they're not logged in. This problem is resolved in version 0.4 of the discourse-calendar plugin. While no known workaround is available, putting the site behind `login_required` will disallow this endpoint to be used by anonymous users, but logged in users can still get the list of invitees in the private topics.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-22313", "desc": "IBM Storage Defender - Resiliency Service 2.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 278749.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-26165", "desc": "Visual Studio Code Elevation of Privilege Vulnerability", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-22017", "desc": "setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid().This allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid().This vulnerability affects all users using version greater or equal than Node.js 18.18.0, Node.js 20.4.0 and Node.js 21.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-7299", "desc": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Bolt CMS 3.7.1. It has been rated as problematic. This issue affects some unknown processing of the file /preview/page of the component Entry Preview Handler. The manipulation of the argument body leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273167. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the affected release tree is end-of-life.", "poc": ["https://vuldb.com/?id.273167", "https://vuldb.com/?submit.379971"]}, {"cve": "CVE-2024-4524", "desc": "A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/student_payment_invoice.php. The manipulation of the argument desc leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263127.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-30225", "desc": "Deserialization of Untrusted Data vulnerability in WPENGINE, INC. WP Migrate.This issue affects WP Migrate: from n/a through 2.6.10.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-7287", "desc": "A vulnerability was found in SourceCodester Establishment Billing Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273156.", "poc": ["https://gist.github.com/topsky979/d4684a6cf3ca446bb7c71c51ff6152ba"]}, {"cve": "CVE-2024-4894", "desc": "ITPison OMICARD EDM fails to properly filter specific URL parameter, allowing unauthenticated remote attackers to modify the parameters and conduct Server-Side Request Forgery (SSRF) attacks. This vulnerability enables attackers to probe internal network information.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4875", "desc": "The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress is vulnerable to unauthorized modification of data|loss of data due to a missing capability check on the 'ajax_dismiss' function in versions up to, and including, 2.5.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update options such as users_can_register, which can lead to unauthorized user registration.", "poc": ["https://github.com/RandomRobbieBF/CVE-2024-4875", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-36840", "desc": "SQL Injection vulnerability in Boelter Blue System Management v.1.3 allows a remote attacker to execute arbitrary code and obtain sensitive information via the id parameter to news_details.php and location_details.php; and the section parameter to services.php.", "poc": ["http://seclists.org/fulldisclosure/2024/Jun/0", "https://infosec-db.github.io/CyberDepot/vuln_boelter_blue/", "https://packetstormsecurity.com/files/178978/Boelter-Blue-System-Management-1.3-SQL-Injection.html", "https://sploitus.com/exploit?id=PACKETSTORM:178978"]}, {"cve": "CVE-2024-37407", "desc": "Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled. This occurs in slurp_central_directory in archive_read_support_format_zip.c.", "poc": ["https://github.com/libarchive/libarchive/pull/2145", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-31819", "desc": "An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker to execute arbitrary code via the systemRootPath parameter of the submitIndex.php component.", "poc": ["https://chocapikk.com/posts/2024/cve-2024-31819/", "https://github.com/Chocapikk/CVE-2024-31819", "https://github.com/Chocapikk/CVE-2024-31819", "https://github.com/Chocapikk/Chocapikk", "https://github.com/Chocapikk/My-CVEs", "https://github.com/Jhonsonwannaa/CVE-2024-31819", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-3882", "desc": "A vulnerability was found in Tenda W30E 1.0.1.25(633). It has been classified as critical. Affected is the function fromRouteStatic of the file /goform/fromRouteStatic. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260916. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W30E/fromRouteStatic.md", "https://vuldb.com/?id.260916", "https://github.com/LaPhilosophie/IoT-vulnerable"]}, {"cve": "CVE-2024-6271", "desc": "The Community Events WordPress plugin before 1.5 does not have CSRF check in place when deleting events, which could allow attackers to make a logged in admin delete arbitrary events via a CSRF attack", "poc": ["https://wpscan.com/vulnerability/44d9d085-34cb-490f-a3f5-f9eafae85ab8/", "https://github.com/Jokergazaa/zero-click-exploits", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-29195", "desc": "The azure-c-shared-utility is a C library for AMQP/MQTT communication to Azure Cloud Services. This library may be used by the Azure IoT C SDK for communication between IoT Hub and IoT Hub devices. An attacker can cause an integer wraparound or under-allocation or heap buffer overflow due to vulnerabilities in parameter checking mechanism, by exploiting the buffer length parameter in Azure C SDK, which may lead to remote code execution. Requirements for RCE are 1. Compromised Azure account allowing malformed payloads to be sent to the device via IoT Hub service, 2. By passing IoT hub service max message payload limit of 128KB, and 3. Ability to overwrite code space with remote code. Fixed in commit https://github.com/Azure/azure-c-shared-utility/commit/1129147c38ac02ad974c4c701a1e01b2141b9fe2.", "poc": ["https://github.com/0xdea/advisories", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-2899", "desc": "A vulnerability, which was classified as critical, has been found in Tenda AC7 15.03.06.44. Affected by this issue is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257942 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC7/v1/fromSetWirelessRepeat.md", "https://github.com/LaPhilosophie/IoT-vulnerable"]}, {"cve": "CVE-2024-32975", "desc": "Envoy is a cloud-native, open source edge and service proxy. There is a crash at `QuicheDataReader::PeekVarInt62Length()`. It is caused by integer underflow in the `QuicStreamSequencerBuffer::PeekRegion()` implementation.", "poc": ["https://github.com/envoyproxy/envoy/security/advisories/GHSA-g9mq-6v96-cpqc"]}, {"cve": "CVE-2024-2021", "desc": "A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. Affected is an unknown function of the file /admin/list_localuser.php. The manipulation of the argument ResId leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255300. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/dtxharry/cve/blob/main/cve.md", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4946", "desc": "A vulnerability was found in SourceCodester Online Art Gallery Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file admin/adminHome.php. The manipulation of the argument sliderpic leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264481 was assigned to this vulnerability.", "poc": ["https://github.com/CveSecLook/cve/issues/29"]}, {"cve": "CVE-2024-37904", "desc": "Minder is an open source Software Supply Chain Security Platform. Minder's Git provider is vulnerable to a denial of service from a maliciously configured GitHub repository. The Git provider clones users repositories using the `github.com/go-git/go-git/v5` library on lines `L55-L89`. The Git provider does the following on the lines `L56-L62`. First, it sets the `CloneOptions`, specifying the url, the depth etc. It then validates the options. It then sets up an in-memory filesystem, to which it clones and Finally, it clones the repository. The `(g *Git) Clone()` method is vulnerable to a DoS attack: A Minder user can instruct Minder to clone a large repository which will exhaust memory and crash the Minder server. The root cause of this vulnerability is a combination of the following conditions: 1. Users can control the Git URL which Minder clones, 2. Minder does not enforce a size limit to the repository, 3. Minder clones the entire repository into memory. This issue has been addressed in commit `7979b43` which has been included in release version v0.0.52. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "poc": ["https://github.com/stacklok/minder/security/advisories/GHSA-hpcg-xjq5-g666"]}, {"cve": "CVE-2024-0236", "desc": "The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve the settings of arbitrary virtual events, including any meeting password set (for example for Zoom)", "poc": ["https://wpscan.com/vulnerability/09aeb6f2-6473-4de7-8598-e417049896d7/", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-2284", "desc": "A vulnerability classified as problematic was found in boyiddha Automated-Mess-Management-System 1.0. Affected by this vulnerability is an unknown functionality of the file /member/chat.php of the component Chat Book. The manipulation of the argument msg leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256051. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/boyiddha%20utomated-Mess-Management-System/STORED%20XSS%20member-chat.php%20.md", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-32338", "desc": "A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE TITLE parameter under the Current Page module.", "poc": ["https://github.com/adiapera/xss_current_page_wondercms_3.4.3", "https://github.com/adiapera/xss_current_page_wondercms_3.4.3"]}, {"cve": "CVE-2024-35469", "desc": "A SQL injection vulnerability in /hrm/user/ in SourceCodester Human Resource Management System 1.0 allows attackers to execute arbitrary SQL commands via the password parameter.", "poc": ["https://github.com/dovankha/CVE-2024-35469", "https://github.com/dovankha/CVE-2024-35469", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-7450", "desc": "A vulnerability has been found in itsourcecode Placement Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /resume_upload.php of the component Image Handler. The manipulation of the argument fileToUpload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273541 was assigned to this vulnerability.", "poc": ["https://github.com/DeepMountains/Mirage/blob/main/CVE11-2.md", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-21018", "desc": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "poc": ["https://www.oracle.com/security-alerts/cpuapr2024.html"]}, {"cve": "CVE-2024-32105", "desc": "Cross-Site Request Forgery (CSRF) vulnerability in ELEXtensions ELEX WooCommerce Dynamic Pricing and Discounts.This issue affects ELEX WooCommerce Dynamic Pricing and Discounts: from n/a through 2.1.2.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-29028", "desc": "memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/httpmeta that allows unauthenticated users to enumerate the internal network and receive limited html values in json form. This vulnerability is fixed in 0.16.1.", "poc": ["https://securitylab.github.com/advisories/GHSL-2023-154_GHSL-2023-156_memos"]}, {"cve": "CVE-2024-25528", "desc": "RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklog_template_show.aspx.", "poc": ["https://gist.github.com/Mr-xn/bc8261a5c3e35a72768723acf1da358d#wf_work_stat_settingaspx", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-20027", "desc": "In da, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541632; Issue ID: ALPS08541633.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-35236", "desc": "Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.10.0, opening an ebook with malicious scripts inside leads to code execution inside the browsing context. Attacking a user with high privileges (upload, creation of libraries) can lead to remote code execution (RCE) in the worst case. This was tested on version 2.9.0 on Windows, but an arbitrary file write is powerful enough as is and should easily lead to RCE on Linux, too. Version 2.10.0 contains a patch for the vulnerability.", "poc": ["https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-7j99-76cj-q9pg"]}, {"cve": "CVE-2024-31458", "desc": "Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `form_save()` function in `graph_template_inputs.php` is not thoroughly checked and is used to concatenate the SQL statement in `draw_nontemplated_fields_graph_item()` function from `lib/html_form_templates.php` , finally resulting in SQL injection. Version 1.2.27 contains a patch for the issue.", "poc": ["https://github.com/Cacti/cacti/security/advisories/GHSA-jrxg-8wh8-943x"]}, {"cve": "CVE-2024-42245", "desc": "In the Linux kernel, the following vulnerability has been resolved:Revert \"sched/fair: Make sure to try to detach at least one movable task\"This reverts commit b0defa7ae03ecf91b8bfd10ede430cff12fcbd06.b0defa7ae03ec changed the load balancing logic to ignore env.max_loop ifall tasks examined to that point were pinned. The goal of the patch wasto make it more likely to be able to detach a task buried in a long listof pinned tasks. However, this has the unfortunate side effect ofcreating an O(n) iteration in detach_tasks(), as we now must fullyiterate every task on a cpu if all or most are pinned. Since this loadbalance code is done with rq lock held, and often in softirq context, itis very easy to trigger hard lockups. We observed such hard lockups witha user who affined O(10k) threads to a single cpu.When I discussed this with Vincent he initially suggested that we keepthe limit on the number of tasks to detach, but increase the number oftasks we can search. However, after some back and forth on the mailinglist, he recommended we instead revert the original patch, as it seemslikely no one was actually getting hit by the original issue.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-25200", "desc": "Espruino 2v20 (commit fcc9ba4) was discovered to contain a Stack Overflow via the jspeFactorFunctionCall at src/jsparse.c.", "poc": ["https://github.com/espruino/Espruino/issues/2457", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-3154", "desc": "A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system.", "poc": ["https://github.com/cri-o/cri-o/security/advisories/GHSA-2cgq-h8xw-2v5j", "https://github.com/cdxiaodong/CVE-2024-3154-communication", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-3288", "desc": "The Logo Slider WordPress plugin before 4.0.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks", "poc": ["https://wpscan.com/vulnerability/4ef99f54-68df-4353-8fc0-9b09ac0df7ba/", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-5114", "desc": "A vulnerability classified as critical has been found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/teacher_attendance_history1.php. The manipulation of the argument index leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265104.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-25893", "desc": "ChurchCRM 5.5.0 FRCertificates.php is vulnerable to Blind SQL Injection (Time-based) via the CurrentFundraiser GET parameter.", "poc": ["https://github.com/ChurchCRM/CRM/issues/6856"]}, {"cve": "CVE-2024-26209", "desc": "Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability", "poc": ["https://github.com/EvanMcBroom/pocs", "https://github.com/T-RN-R/PatchDiffWednesday"]}, {"cve": "CVE-2024-4820", "desc": "A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /classes/SystemSettings.php?f=update_settings. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263941 was assigned to this vulnerability.", "poc": ["https://github.com/jxm68868/cve/blob/main/upload.md", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4950", "desc": "Inappropriate implementation in Downloads in Google Chrome prior to 125.0.6422.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)", "poc": ["https://issues.chromium.org/issues/40065403"]}, {"cve": "CVE-2024-0280", "desc": "A vulnerability has been found in Kashipara Food Management System up to 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file item_type_submit.php. The manipulation of the argument type_name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249835.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4494", "desc": "A vulnerability has been found in Tenda i21 1.0.0.14(4656) and classified as critical. Affected by this vulnerability is the function formSetUplinkInfo of the file /goform/setUplinkInfo. The manipulation of the argument pingHostIp2 leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263083. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/i/i21/formSetUplinkInfo.md", "https://github.com/LaPhilosophie/IoT-vulnerable", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-40734", "desc": "A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/front-ports/add/.", "poc": ["https://github.com/minhquan202/Vuln-Netbox"]}, {"cve": "CVE-2024-2634", "desc": "A Cross-Site Scripting Vulnerability has been found on Meta4 HR affecting version 819.001.022 and earlier. The endpoint '/sse_generico/generico_login.jsp' is vulnerable to XSS attack via 'lang' query, i.e. '/sse_generico/generico_login.jsp?lang=%27%3balert(%27BLEUSS%27)%2f%2f¶ms='.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4245", "desc": "A vulnerability, which was classified as critical, has been found in Tenda i21 1.0.0.14(4656). Affected by this issue is the function formQosManageDouble_user. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack may be launched remotely. The identifier of this vulnerability is VDB-262136. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/i/i21/formQosManageDouble_auto.md", "https://github.com/LaPhilosophie/IoT-vulnerable"]}, {"cve": "CVE-2024-1823", "desc": "A vulnerability classified as critical was found in CodeAstro Simple Voting System 1.0. Affected by this vulnerability is an unknown functionality of the file users.php of the component Backend. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254611.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-5187", "desc": "A vulnerability in the `download_model_with_test_data` function of the onnx/onnx framework, version 1.16.0, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability enables attackers to overwrite any file on the system, potentially leading to remote code execution, deletion of system, personal, or application files, thus impacting the integrity and availability of the system. The issue arises from the function's handling of tar file extraction without performing security checks on the paths within the tar file, as demonstrated by the ability to overwrite the `/home/kali/.ssh/authorized_keys` file by specifying an absolute path in the malicious tar file.", "poc": ["https://github.com/sunriseXu/sunriseXu"]}, {"cve": "CVE-2024-1195", "desc": "A vulnerability classified as critical was found in iTop VPN up to 4.0.0.1. Affected by this vulnerability is an unknown functionality in the library ITopVpnCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The identifier VDB-252685 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://vuldb.com/?id.252685", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-32472", "desc": "excalidraw is an open source virtual hand-drawn style whiteboard. A stored XSS vulnerability in Excalidraw's web embeddable component. This allows arbitrary JavaScript to be run in the context of the domain where the editor is hosted. There were two vectors. One rendering untrusted string as iframe's `srcdoc` without properly sanitizing against HTML injection. Second by improperly sanitizing against attribute HTML injection. This in conjunction with allowing `allow-same-origin` sandbox flag (necessary for several embeds) resulted in the XSS. This vulnerability is fixed in 0.17.6 and 0.16.4.", "poc": ["https://github.com/excalidraw/excalidraw/security/advisories/GHSA-m64q-4jqh-f72f"]}, {"cve": "CVE-2024-34224", "desc": "Cross Site Scripting vulnerability in /php-lms/classes/Users.php?f=save in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote attackers to inject arbitrary web script or HTML via the firstname, middlename, lastname parameters.", "poc": ["https://github.com/dovankha/CVE-2024-34224", "https://github.com/dovankha/CVE-2024-34224", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-36971", "desc": "In the Linux kernel, the following vulnerability has been resolved:net: fix __dst_negative_advice() race__dst_negative_advice() does not enforce proper RCU rules whensk->dst_cache must be cleared, leading to possible UAF.RCU rules are that we must first clear sk->sk_dst_cache,then call dst_release(old_dst).Note that sk_dst_reset(sk) is implementing this protocol correctly,while __dst_negative_advice() uses the wrong order.Given that ip6_negative_advice() has special logicagainst RTF_CACHE, this means each of the three ->negative_advice()existing methods must perform the sk_dst_reset() themselves.Note the check against NULL dst is centralized in__dst_negative_advice(), there is no need to duplicateit in various callbacks.Many thanks to Clement Lecigne for tracking this issue.This old bug became visible after the blamed commit, using UDP sockets.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/tanjiti/sec_profile"]}, {"cve": "CVE-2024-2937", "desc": "Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r41p0 through r49p0; Valhall GPU Kernel Driver: from r41p0 through r49p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r49p0.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-25978", "desc": "Insufficient file size checks resulted in a denial of service risk in the file picker's unzip functionality.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-34808", "desc": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samuel Marshall JCH Optimize.This issue affects JCH Optimize: from n/a through 4.2.0.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-2269", "desc": "A vulnerability was found in keerti1924 Online-Book-Store-Website 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /search.php. The manipulation of the argument search leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256039. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/keerti1924%20Online-Book-Store-Website/SQL%20Injection%20Search/SQL%20Injection%20in%20search.php%20.md"]}, {"cve": "CVE-2024-35732", "desc": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YITH YITH Custom Login allows Stored XSS.This issue affects YITH Custom Login: from n/a through 1.7.0.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-28234", "desc": "Contao is an open source content management system. Starting in version 2.0.0 and prior to versions 4.13.40 and 5.3.4, it is possible to inject CSS styles via BBCode in comments. Installations are only affected if BBCode is enabled. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. As a workaround, disable BBCode for comments.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-6753", "desc": "The Social Auto Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018mapTypes\u2019 parameter in the 'wpw_auto_poster_map_wordpress_post_type' AJAX function in all versions up to, and including, 5.3.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "poc": ["https://github.com/20142995/nuclei-templates"]}, {"cve": "CVE-2024-22852", "desc": "D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buffer overflow via the function genacgi_main. This vulnerability allows attackers to enable telnet service via a specially crafted payload.", "poc": ["https://github.com/Beckaf/vunl/blob/main/D-Link/AC750/1/1.md", "https://www.dlink.com/en/security-bulletin/"]}, {"cve": "CVE-2024-1508", "desc": "The Prime Slider \u2013 Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'settings['title_tags']' attribute of the Mercury widget in all versions up to, and including, 3.13.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-31610", "desc": "File Upload vulnerability in the function for employees to upload avatars in Code-Projects Simple School Management System v1.0 allows attackers to run arbitrary code via upload of crafted file.", "poc": ["https://github.com/ss122-0ss/School/blob/main/readme.md"]}, {"cve": "CVE-2024-26598", "desc": "In the Linux kernel, the following vulnerability has been resolved:KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cacheThere is a potential UAF scenario in the case of an LPI translationcache hit racing with an operation that invalidates the cache, suchas a DISCARD ITS command. The root of the problem is thatvgic_its_check_cache() does not elevate the refcount on the vgic_irqbefore dropping the lock that serializes refcount changes.Have vgic_its_check_cache() raise the refcount on the returned vgic_irqand add the corresponding decrement after queueing the interrupt.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-33976", "desc": "Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted JavaScript payload to an authenticated user and partially take over their browser session via\u00a0'id' parameter in '/admin/user/index.php'.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-25164", "desc": "iA Path Traversal vulnerability exists in iDURAR v2.0.0, that allows unauthenticated attackers to expose sensitive files via the download functionality.", "poc": ["https://github.com/u32i/cve/tree/main/CVE-2024-25164"]}, {"cve": "CVE-2024-7451", "desc": "A vulnerability was found in itsourcecode Placement Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file apply_now.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-273542 is the identifier assigned to this vulnerability.", "poc": ["https://github.com/DeepMountains/Mirage/blob/main/CVE11-3.md", "https://vuldb.com/?submit.383864", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-26603", "desc": "In the Linux kernel, the following vulnerability has been resolved:x86/fpu: Stop relying on userspace for info to fault in xsave bufferBefore this change, the expected size of the user space buffer wastaken from fx_sw->xstate_size. fx_sw->xstate_size can be changedfrom user-space, so it is possible construct a sigreturn frame where: * fx_sw->xstate_size is smaller than the size required by valid bits in fx_sw->xfeatures. * user-space unmaps parts of the sigrame fpu buffer so that not all of the buffer required by xrstor is accessible.In this case, xrstor tries to restore and accesses the unmapped areawhich results in a fault. But fault_in_readable succeeds because buf +fx_sw->xstate_size is within the still mapped area, so it goes back andtries xrstor again. It will spin in this loop forever.Instead, fault in the maximum size which can be touched by XRSTOR (takenfrom fpstate->user_size).[ dhansen: tweak subject / changelog ]", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-30861", "desc": "netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/configguide/ipsec_guide_1.php.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-25223", "desc": "Simple Admin Panel App v1.0 was discovered to contain a SQL injection vulnerability via the orderID parameter at /adminView/viewEachOrder.php.", "poc": ["https://github.com/BurakSevben/CVEs/blob/main/Simple%20Admin%20Panel%20App/Simple%20Admin%20Panel%20App%20-%20SQL%20Injection.md", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-0879", "desc": "Authentication bypass in vector-admin allows a user to register to a vector-admin server while \u201cdomain restriction\u201d is active, even when not owning an authorized email address.", "poc": ["https://research.jfrog.com/vulnerabilities/vector-admin-filter-bypass/"]}, {"cve": "CVE-2024-24831", "desc": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS.This issue affects Premium Addons for Elementor: from n/a through 4.10.16.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-37891", "desc": "urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3's proxy support, it's possible to accidentally configure the `Proxy-Authorization` header even though it won't have any effect as the request is not using a forwarding proxy or a tunneling proxy. In those cases, urllib3 doesn't treat the `Proxy-Authorization` HTTP header as one carrying authentication material and thus doesn't strip the header on cross-origin redirects. Because this is a highly unlikely scenario, we believe the severity of this vulnerability is low for almost all users. Out of an abundance of caution urllib3 will automatically strip the `Proxy-Authorization` header during cross-origin redirects to avoid the small chance that users are doing this on accident. Users should use urllib3's proxy support or disable automatic redirects to achieve safe processing of the `Proxy-Authorization` header, but we still decided to strip the header by default in order to further protect users who aren't using the correct approach. We believe the number of usages affected by this advisory is low. It requires all of the following to be true to be exploited: 1. Setting the `Proxy-Authorization` header without using urllib3's built-in proxy support. 2. Not disabling HTTP redirects. 3. Either not using an HTTPS origin server or for the proxy or target origin to redirect to a malicious origin. Users are advised to update to either version 1.26.19 or version 2.2.2. Users unable to upgrade may use the `Proxy-Authorization` header with urllib3's `ProxyManager`, disable HTTP redirects using `redirects=False` when sending requests, or not user the `Proxy-Authorization` header as mitigations.", "poc": ["https://github.com/PBorocz/raindrop-io-py"]}, {"cve": "CVE-2024-4085", "desc": "The Tabellen von faustball.com plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-3089", "desc": "A vulnerability has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/manage-ambulance.php of the component Manage Ambulance Page. The manipulation of the argument del leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258682 is the identifier assigned to this vulnerability.", "poc": ["https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/eahp_csrf.md", "https://vuldb.com/?submit.306963"]}, {"cve": "CVE-2024-24309", "desc": "In the module \"Survey TMA\" (ecomiz_survey_tma) up to version 2.0.0 from Ecomiz for PrestaShop, a guest can download personal information without restriction.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-23208", "desc": "The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to execute arbitrary code with kernel privileges.", "poc": ["https://github.com/fmyyss/XNU_KERNEL_RESEARCH", "https://github.com/hrtowii/CVE-2024-23208-test", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-3416", "desc": "A vulnerability classified as critical was found in SourceCodester Online Courseware 1.0. This vulnerability affects unknown code of the file admin/editt.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259588.", "poc": ["https://vuldb.com/?id.259588", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-22019", "desc": "A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service (DoS). The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk extension bytes. The issue can cause CPU and network bandwidth exhaustion, bypassing standard safeguards like timeouts and body size limits.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-25913", "desc": "Unrestricted Upload of File with Dangerous Type vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-3824", "desc": "The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack", "poc": ["https://wpscan.com/vulnerability/749ae334-b1d1-421e-a04c-35464c961a4a/", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-25099", "desc": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David de Boer Paytium: Mollie payment forms & donations allows Stored XSS.This issue affects Paytium: Mollie payment forms & donations: from n/a through 4.4.2.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-29989", "desc": "Azure Monitor Agent Elevation of Privilege Vulnerability", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-26711", "desc": "In the Linux kernel, the following vulnerability has been resolved:iio: adc: ad4130: zero-initialize clock init dataThe clk_init_data struct does not have all its membersinitialized, causing issues when trying to expose the internalclock on the CLK pin.Fix this by zero-initializing the clk_init_data struct.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-25629", "desc": "c-ares is a C library for asynchronous DNS requests. `ares__read_line()` is used to parse local configuration files such as `/etc/resolv.conf`, `/etc/nsswitch.conf`, the `HOSTALIASES` file, and if using a c-ares version prior to 1.27.0, the `/etc/hosts` file. If any of these configuration files has an embedded `NULL` character as the first character in a new line, it can lead to attempting to read memory prior to the start of the given buffer which may result in a crash. This issue is fixed in c-ares 1.27.0. No known workarounds exist.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-27237", "desc": "In wipe_ns_memory of nsmemwipe.c, there is a possible incorrect size calculation due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-31705", "desc": "An issue in Infotel Conseil GLPI v.10.X.X and after allows a remote attacker to execute arbitrary code via the insufficient validation of user-supplied input.", "poc": ["https://github.com/V3locidad/GLPI_POC_Plugins_Shell", "https://seclists.org/fulldisclosure/2024/Apr/23", "https://github.com/V3locidad/V3locidad"]}, {"cve": "CVE-2024-30203", "desc": "In Emacs before 29.3, Gnus treats inline MIME contents as trusted.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-5220", "desc": "The ND Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's upload feature in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-2002", "desc": "A double-free vulnerability was found in libdwarf. In a multiply-corrupted DWARF object, libdwarf may try to dealloc(free) an allocation twice, potentially causing unpredictable and various results.", "poc": ["https://github.com/davea42/libdwarf-code/blob/main/bugxml/data.txt", "https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-31771", "desc": "Insecure Permission vulnerability in TotalAV v.6.0.740 allows a local attacker to escalate privileges via a crafted file", "poc": ["https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/restdone/CVE-2024-31771"]}, {"cve": "CVE-2024-0415", "desc": "A vulnerability classified as critical was found in DeShang DSMall up to 6.1.0. Affected by this vulnerability is an unknown functionality of the file application/home/controller/TaobaoExport.php of the component Image URL Handler. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250435.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-21000", "desc": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N).", "poc": ["https://www.oracle.com/security-alerts/cpuapr2024.html"]}, {"cve": "CVE-2024-23384", "desc": "Memory corruption when the mapped pages in VBO are still mapped after reclaiming by shrinker.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-27456", "desc": "rack-cors (aka Rack CORS Middleware) 2.0.1 has 0666 permissions for the .rb files.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-29042", "desc": "Translate is a package that allows users to convert text to different languages on Node.js and the browser. Prior to version 3.0.0, an attacker controlling the second variable of the `translate` function is able to perform a cache poisoning attack. They can change the outcome of translation requests made by subsequent users. The `opt.id` parameter allows the overwriting of the cache key. If an attacker sets the `id` variable to the cache key that would be generated by another user, they can choose the response that user gets served. Version 3.0.0 fixes this issue.", "poc": ["https://github.com/franciscop/translate/security/advisories/GHSA-882j-4vj5-7vmj", "https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-3686", "desc": "A vulnerability has been found in DedeCMS 5.7.112-UTF8 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file update_guide.php. The manipulation of the argument files leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260473 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-27081", "desc": "ESPHome is a system to control your ESP8266/ESP32. A security misconfiguration in the edit configuration file API in the dashboard component of ESPHome version 2023.12.9 (command line installation) allows authenticated remote attackers to read and write arbitrary files under the configuration directory rendering remote code execution possible. This vulnerability is patched in 2024.2.1.", "poc": ["https://github.com/esphome/esphome/security/advisories/GHSA-8p25-3q46-8q2p", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-2535", "desc": "A vulnerability has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/users.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256972. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Reflected%20XSS%20-%20users.php.md", "https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-5134", "desc": "A vulnerability was found in SourceCodester Electricity Consumption Monitoring Tool 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /endpoint/delete-bill.php. The manipulation of the argument bill leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-265210 is the identifier assigned to this vulnerability.", "poc": ["https://github.com/BurakSevben/CVEs/blob/main/Electricity%20Consumption%20Monitoring%20Tool/Electricity%20Consumption%20Monitoring%20Tool%20-%20SQL%20Injection.md"]}, {"cve": "CVE-2024-7582", "desc": "A vulnerability classified as critical was found in Tenda i22 1.0.0.3(4687). This vulnerability affects the function formApPortalAccessCodeAuth of the file /goform/apPortalAccessCodeAuth. The manipulation of the argument accessCode/data/acceInfo leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/BeaCox/IoT_vuln/tree/main/tenda/i22/ApPortalAccessCodeAuth"]}, {"cve": "CVE-2024-4645", "desc": "A vulnerability was found in SourceCodester Prison Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /Admin/changepassword.php. The manipulation of the argument txtold_password/txtnew_password/txtconfirm_password leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263489 was assigned to this vulnerability.", "poc": ["https://github.com/yylmm/CVE/blob/main/Prison%20Management%20System/xss4.md", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-28669", "desc": "DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/freelist_edit.php.", "poc": ["https://github.com/777erp/cms/blob/main/10.md", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-2014", "desc": "A vulnerability classified as critical was found in Panabit Panalog 202103080942. This vulnerability affects unknown code of the file /Maintain/sprog_upstatus.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255268. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/mashroompc0527/CVE/blob/main/vul.md", "https://github.com/ibaiw/2024Hvv"]}, {"cve": "CVE-2024-6244", "desc": "The PZ Frontend Manager WordPress plugin before 1.0.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks", "poc": ["https://wpscan.com/vulnerability/73ba55a5-6cff-40fc-9686-30c50f060732/", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-32236", "desc": "An issue in CmsEasy v.7.7 and before allows a remote attacker to obtain sensitive information via the update function in the index.php component.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-29859", "desc": "In MISP before 2.4.187, add_misp_export in app/Controller/EventsController.php does not properly check for a valid file upload.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-1262", "desc": "A vulnerability, which was classified as critical, has been found in Juanpao JPShop up to 1.5.02. This issue affects the function actionUpdate of the file /api/controllers/merchant/design/MaterialController.php of the component API. The manipulation of the argument pic_url leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-253001 was assigned to this vulnerability.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-26035", "desc": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-22202", "desc": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. phpMyFAQ's user removal page allows an attacker to spoof another user's detail, and in turn make a compelling phishing case for removing another user's account. The front-end of this page doesn't allow changing the form details, an attacker can utilize a proxy to intercept this request and submit other data. Upon submitting this form, an email is sent to the administrator informing them that this user wants to delete their account. An administrator has no way of telling the difference between the actual user wishing to delete their account or the attacker issuing this for an account they do not control. This issue has been patched in version 3.2.5.", "poc": ["https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6648-6g96-mg35"]}, {"cve": "CVE-2024-2532", "desc": "A vulnerability classified as critical was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/update-users.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256969 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/SQL%20Injection%20-%20update-users.php.md", "https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-31156", "desc": "A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user.\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-20653", "desc": "Microsoft Common Log File System Elevation of Privilege Vulnerability", "poc": ["https://github.com/5angjun/5angjun", "https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-4590", "desc": "A vulnerability was found in DedeCMS 5.7. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /src/dede/sys_info.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263312. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/Hckwzh/cms/blob/main/21.md", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-24803", "desc": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPoperation Ultra Companion \u2013 Companion plugin for WPoperation Themes allows Stored XSS.This issue affects Ultra Companion \u2013 Companion plugin for WPoperation Themes: from n/a through 1.1.9.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-3157", "desc": "Out of bounds memory access in Compositing in Google Chrome prior to 123.0.6312.122 allowed a remote attacker who had compromised the GPU process to potentially perform a sandbox escape via specific UI gestures. (Chromium security severity: High)", "poc": ["https://issues.chromium.org/issues/331237485", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-21463", "desc": "Memory corruption while processing Codec2 during v13k decoder pitch synthesis.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-21683", "desc": "This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server.This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction.\u00a0Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions. See the release notes https://confluence.atlassian.com/doc/confluence-release-notes-327.htmlYou can download the latest version of Confluence Data Center and Server from the download center https://www.atlassian.com/software/confluence/download-archives.This vulnerability was found internally.", "poc": ["https://github.com/0xMarcio/cve", "https://github.com/Arbeys/CVE-2024-21683-PoC", "https://github.com/GhostTroops/TOP", "https://github.com/Threekiii/CVE", "https://github.com/W01fh4cker/CVE-2024-21683-RCE", "https://github.com/ZonghaoLi777/githubTrending", "https://github.com/absholi7ly/-CVE-2024-21683-RCE-in-Confluence-Data-Center-and-Server", "https://github.com/aneasystone/github-trending", "https://github.com/enomothem/PenTestNote", "https://github.com/fireinrain/github-trending", "https://github.com/ibaiw/2024Hvv", "https://github.com/jafshare/GithubTrending", "https://github.com/johe123qwe/github-trending", "https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/phucrio/CVE-2024-21683-RCE", "https://github.com/r00t7oo2jm/-CVE-2024-21683-RCE-in-Confluence-Data-Center-and-Server", "https://github.com/sampsonv/github-trending", "https://github.com/tanjiti/sec_profile", "https://github.com/wjlin0/poc-doc", "https://github.com/wy876/POC", "https://github.com/wy876/wiki", "https://github.com/xh4vm/CVE-2024-21683", "https://github.com/zhaoxiaoha/github-trending"]}, {"cve": "CVE-2024-26298", "desc": "Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.", "poc": ["https://github.com/kaje11/CVEs"]}, {"cve": "CVE-2024-35727", "desc": "Missing Authorization vulnerability in actpro Extra Product Options for WooCommerce.This issue affects Extra Product Options for WooCommerce: from n/a through 3.0.6.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-21114", "desc": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).", "poc": ["https://www.oracle.com/security-alerts/cpuapr2024.html"]}, {"cve": "CVE-2024-2716", "desc": "A vulnerability was found in Campcodes Complete Online DJ Booking System 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/contactus.php. The manipulation of the argument email leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257469 was assigned to this vulnerability.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-21387", "desc": "Microsoft Edge for Android Spoofing Vulnerability", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-34832", "desc": "Directory Traversal vulnerability in CubeCart v.6.5.5 and before allows an attacker to execute arbitrary code via a crafted file uploaded to the _g and node parameters.", "poc": ["https://github.com/julio-cfa/CVE-2024-34832", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-33101", "desc": "A stored cross-site scripting (XSS) vulnerability in the component /action/anti.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the word parameter.", "poc": ["https://github.com/thinksaas/ThinkSAAS/issues/34"]}, {"cve": "CVE-2024-31082", "desc": "A heap-based buffer over-read vulnerability was found in the X.org server's ProcAppleDRICreatePixmap() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-28868", "desc": "Umbraco is an ASP.NET content management system. Umbraco 10 prior to 10.8.4 with access to the native login screen is vulnerable to a possible user enumeration attack. This issue was fixed in version 10.8.5. As a workaround, one may disable the native login screen by exclusively using external logins.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-2124", "desc": "The Translate WordPress and go Multilingual \u2013 Weglot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget/block in all versions up to, and including, 4.2.5 due to insufficient input sanitization and output escaping on user supplied attributes such as 'className'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-7615", "desc": "A vulnerability was found in Tenda FH1206 1.2.0.8. It has been declared as critical. Affected by this vulnerability is the function fromSafeClientFilter/fromSafeMacFilter/fromSafeUrlFilter. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/BeaCox/IoT_vuln/tree/main/tenda/FH1206/Safe_Client_or_Url_or_Mac_Filter_bof"]}, {"cve": "CVE-2024-1557", "desc": "Memory safety bugs present in Firefox 122. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 123.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-32311", "desc": "Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability via the adslPwd parameter in the formWanParameterSetting function.", "poc": ["https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/formWanParameterSetting.md", "https://github.com/LaPhilosophie/IoT-vulnerable"]}, {"cve": "CVE-2024-31299", "desc": "Cross-Site Request Forgery (CSRF) vulnerability in Reservation Diary ReDi Restaurant Reservation allows Cross-Site Scripting (XSS).This issue affects ReDi Restaurant Reservation: from n/a through 24.0128.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-1323", "desc": "The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Type Grid Widget Title in all versions up to, and including, 2.10.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-38903", "desc": "H3C Magic R230 V100R002's udpserver opens port 9034, allowing attackers to execute arbitrary commands.", "poc": ["https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/H3C/Magic%20R230/UDPserver_97F/README.md"]}, {"cve": "CVE-2024-6783", "desc": "A vulnerability has been discovered in Vue, that allows an attacker to perform XSS via prototype pollution. The attacker could change the prototype chain of some properties such as `Object.prototype.staticClass` or `Object.prototype.staticStyle` to execute arbitrary JavaScript code.", "poc": ["https://www.herodevs.com/vulnerability-directory/cve-2024-6783---vue-client-side-xss"]}, {"cve": "CVE-2024-30885", "desc": "Reflected Cross-Site Scripting (XSS) vulnerability in HadSky v7.6.3, allows remote attackers to execute arbitrary code and obtain sensitive information via the chklogin.php component .", "poc": ["https://github.com/Hebing123/cve/issues/29"]}, {"cve": "CVE-2024-35187", "desc": "Stalwart Mail Server is an open-source mail server. Prior to version 0.8.0, attackers who achieved Arbitrary Code Execution as the stalwart-mail user (including web interface admins) can gain complete root access to the system. Usually, system services are run as a separate user (not as root) to isolate an attacker with Arbitrary Code Execution to the current service. Therefore, other system services and the system itself remains protected in case of a successful attack. stalwart-mail runs as a separate user, but it can give itself full privileges again in a simple way, so this protection is practically ineffective. Server admins who handed out the admin credentials to the mail server, but didn't want to hand out complete root access to the system, as well as any attacked user when the attackers gained Arbitrary Code Execution using another vulnerability, may be vulnerable. Version 0.8.0 contains a patch for the issue.", "poc": ["https://github.com/stalwartlabs/mail-server/security/advisories/GHSA-rwp5-f854-ppg6", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-22902", "desc": "Vinchin Backup & Recovery v7.2 was discovered to be configured with default root credentials.", "poc": ["https://blog.leakix.net/2024/01/vinchin-backup-rce-chain/", "https://github.com/Chocapikk/CVE-2024-22899-to-22903-ExploitChain", "https://github.com/Chocapikk/My-CVEs"]}, {"cve": "CVE-2024-24336", "desc": "A multiple Cross-site scripting (XSS) vulnerability in the '/members/moremember.pl', and \u2018/members/members-home.pl\u2019 endpoints within Koha Library Management System version 23.05.05 and earlier allows malicious staff users to carry out CSRF attacks, including unauthorized changes to usernames and passwords of users visiting the affected page, via the 'Circulation note' and \u2018Patrons Restriction\u2019 components.", "poc": ["https://nitipoom-jar.github.io/CVE-2024-24336/", "https://github.com/NaInSec/CVE-LIST", "https://github.com/nitipoom-jar/CVE-2024-24336", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-23651", "desc": "BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessible to the build container. The issue has been fixed in v0.12.5. Workarounds include, avoiding using BuildKit frontend from an untrusted source or building an untrusted Dockerfile containing cache mounts with --mount=type=cache,source=... options.", "poc": ["https://github.com/mightysai1997/leaky-vessels-dynamic-detector", "https://github.com/snyk/leaky-vessels-dynamic-detector", "https://github.com/snyk/leaky-vessels-static-detector"]}, {"cve": "CVE-2024-22641", "desc": "TCPDF version 6.6.5 and before is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted SVG file.", "poc": ["https://github.com/zunak/CVE-2024-22641", "https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/zunak/CVE-2024-22641"]}, {"cve": "CVE-2024-21058", "desc": "Vulnerability in the Unified Audit component of Oracle Database Server. Supported versions that are affected are 19.3-19.22 and 21.3-21.13. Easily exploitable vulnerability allows high privileged attacker having SYSDBA privilege with network access via Oracle Net to compromise Unified Audit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Unified Audit accessible data. CVSS 3.1 Base Score 4.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N).", "poc": ["https://www.oracle.com/security-alerts/cpuapr2024.html"]}, {"cve": "CVE-2024-36801", "desc": "A SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the lgid parameter in Download.php.", "poc": ["https://github.com/want1997/SEMCMS_VUL/blob/main/Download_sql_vul_2.md"]}, {"cve": "CVE-2024-21001", "desc": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: BI Platform Security). The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).", "poc": ["https://www.oracle.com/security-alerts/cpuapr2024.html"]}, {"cve": "CVE-2024-7442", "desc": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Vivotek SD9364 VVTK-0103f. It has been rated as critical. This issue affects the function getenv of the file upload_file.cgi. The manipulation of the argument QUERY_STRING leads to command injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-273527. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the affected release tree is end-of-life.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-30264", "desc": "Typebot is an open-source chatbot builder. A reflected cross-site scripting (XSS) in the sign-in page of typebot.io prior to version 2.24.0 may allow an attacker to hijack a user's account. The sign-in page takes the `redirectPath` parameter from the URL. If a user clicks on a link where the `redirectPath` parameter has a javascript scheme, the attacker that crafted the link may be able to execute arbitrary JavaScript with the privileges of the user. Version 2.24.0 contains a patch for this issue.", "poc": ["https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-mx2f-9mcr-8j73"]}, {"cve": "CVE-2024-0485", "desc": "A vulnerability, which was classified as critical, was found in code-projects Fighting Cock Information System 1.0. Affected is an unknown function of the file admin/pages/tables/add_con.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250590 is the identifier assigned to this vulnerability.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-22058", "desc": "A buffer overflow allows a low privilege user on the local machine that has the EPM Agent installed to execute arbitrary code with elevated permissions in Ivanti EPM 2021.1 and older.", "poc": ["https://github.com/H4lo/awesome-IoT-security-article"]}, {"cve": "CVE-2024-40332", "desc": "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/moneyRecord_deal.php?mudi=delRecord", "poc": ["https://github.com/Tank992/cms/blob/main/65/csrf.md"]}, {"cve": "CVE-2024-2075", "desc": "A vulnerability was found in SourceCodester Daily Habit Tracker 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /endpoint/update-tracker.php. The manipulation of the argument day leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255391.", "poc": ["https://github.com/vanitashtml/CVE-Dumps/blob/main/Stored%20XSS%20Daily%20Habit%20Tracker.md", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-36424", "desc": "K7RKScan.sys in K7 Ultimate Security before 17.0.2019 allows local users to cause a denial of service (BSOD) because of a NULL pointer dereference.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-29054", "desc": "Microsoft Defender for IoT Elevation of Privilege Vulnerability", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-27927", "desc": "RSSHub is an open source RSS feed generator. Prior to version 1.0.0-master.a429472, RSSHub allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network or conduct Denial-of-Service (DoS) attacks. The attacker can send malicious requests to a RSSHub server, to make the server send HTTP GET requests to arbitrary destinations and see partial responses. This may lead to leak the server IP address, which could be hidden behind a CDN; retrieving information in the internal network, e.g. which addresses/ports are accessible, the titles and meta descriptions of HTML pages; and denial of service amplification. The attacker could request the server to download some large files, or chain several SSRF requests in a single attacker request.", "poc": ["https://github.com/DIYgod/RSSHub/security/advisories/GHSA-3p3p-cgj7-vgw3"]}, {"cve": "CVE-2024-26218", "desc": "Windows Kernel Elevation of Privilege Vulnerability", "poc": ["https://github.com/GhostTroops/TOP", "https://github.com/aneasystone/github-trending", "https://github.com/exploits-forsale/CVE-2024-26218", "https://github.com/fireinrain/github-trending", "https://github.com/jafshare/GithubTrending", "https://github.com/johe123qwe/github-trending", "https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/tanjiti/sec_profile"]}, {"cve": "CVE-2024-26327", "desc": "An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c mishandles the situation where a guest writes NumVFs greater than TotalVFs, leading to a buffer overflow in VF implementations.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-20287", "desc": "A vulnerability in the web-based management interface of the Cisco WAP371 Wireless-AC/N Dual Radio Access Point (AP) with Single Point Setup could allow an authenticated, remote attacker to perform command injection attacks against an affected device. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit this vulnerability, the attacker must have valid administrative credentials for the device.", "poc": ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-bHStWgXO"]}, {"cve": "CVE-2024-32888", "desc": "The Amazon JDBC Driver for Redshift is a Type 4 JDBC driver that provides database connectivity through the standard JDBC application program interfaces (APIs) available in the Java Platform, Enterprise Editions. Prior to version 2.1.0.28, SQL injection is possible when using the non-default connection property `preferQueryMode=simple` in combination with application code which has a vulnerable SQL that negates a parameter value. There is no vulnerability in the driver when using the default, extended query mode. Note that `preferQueryMode` is not a supported parameter in Redshift JDBC driver, and is inherited code from Postgres JDBC driver. Users who do not override default settings to utilize this unsupported query mode are not affected. This issue is patched in driver version 2.1.0.28. As a workaround, do not use the connection property `preferQueryMode=simple`. (NOTE: Those who do not explicitly specify a query mode use the default of extended query mode and are not affected by this issue.)", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/zgimszhd61/openai-sec-test-cve-quickstart"]}, {"cve": "CVE-2024-2887", "desc": "Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4970", "desc": "The Widget Bundle WordPress plugin through 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "poc": ["https://wpscan.com/vulnerability/4a9fc352-7ec2-4992-9cda-7bdca4f42788/"]}, {"cve": "CVE-2024-26038", "desc": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-0014", "desc": "In startInstall of UpdateFetcher.java, there is a possible way to trigger a malicious config update due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-30886", "desc": "A stored cross-site scripting (XSS) vulnerability in the remotelink function of HadSky v7.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter.", "poc": ["https://github.com/Hebing123/cve/issues/30"]}, {"cve": "CVE-2024-7438", "desc": "A vulnerability has been found in SimpleMachines SMF 2.1.4 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php?action=profile;u=2;area=showalerts;do=read of the component User Alert Read Status Handler. The manipulation of the argument aid leads to improper control of resource identifiers. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273523. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/Fewword/Poc/blob/main/smf/smf-poc2.md"]}, {"cve": "CVE-2024-30613", "desc": "Tenda AC15 v15.03.05.18 has a stack overflow vulnerability in the time parameter from the setSmartPowerManagement function.", "poc": ["https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/setSmartPowerManagement.md", "https://github.com/LaPhilosophie/IoT-vulnerable"]}, {"cve": "CVE-2024-1687", "desc": "The Thank You Page Customizer for WooCommerce \u2013 Increase Your Sales plugin for WordPress is vulnerable to unauthorized execution of shortcodes due to a missing capability check on the get_text_editor_content() function in all versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to execute arbitrary shortcodes.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-25642", "desc": "Due to improper validation of certificate in SAP Cloud Connector - version 2.0, attacker can impersonate the genuine servers to interact with SCC breaking the mutual authentication. Hence, the attacker can intercept the request to view/modify sensitive information. There is no impact on the availability of the system.", "poc": ["http://seclists.org/fulldisclosure/2024/May/26", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-2527", "desc": "A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/rooms.php. The manipulation of the argument room_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256964. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/SQL%20Injection%20-%20rooms.php.md", "https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-2278", "desc": "Themify WordPress plugin before 1.4.4 does not sanitise and escape some of its Filters settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "poc": ["https://wpscan.com/vulnerability/2cbabde8-1e3e-4205-8a5c-b889447236a0/", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-1998", "desc": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-1795. Reason: This candidate is a reservation duplicate of CVE-2024-1795. Notes: All CVE users should reference CVE-2024-1795 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4521", "desc": "A vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/teacher_salary_details2.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263124.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-2713", "desc": "A vulnerability, which was classified as critical, was found in Campcodes Complete Online DJ Booking System 1.0. Affected is an unknown function of the file /admin/booking-search.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257466 is the identifier assigned to this vulnerability.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-3973", "desc": "The House Manager WordPress plugin through 1.0.8.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin", "poc": ["https://wpscan.com/vulnerability/8c6ce66e-091a-41da-a13d-5f80cadb499a/"]}, {"cve": "CVE-2024-29990", "desc": "Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-2564", "desc": "A vulnerability was found in PandaXGO PandaX up to 20240310 and classified as critical. This issue affects the function ExportUser of the file /apps/system/api/user.go. The manipulation of the argument filename leads to path traversal: '../filedir'. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257063.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-38537", "desc": "Fides is an open-source privacy engineering platform. `fides.js`, a client-side script used to interact with the consent management features of Fides, used the `polyfill.io` domain in a very limited edge case, when it detected a legacy browser such as IE11 that did not support the fetch standard. Therefore it was possible for users of legacy, pre-2017 browsers who navigate to a page serving `fides.js` to download and execute malicious scripts from the `polyfill.io` domain when the domain was compromised and serving malware. No exploitation of `fides.js` via `polyfill.io` has been identified as of time of publication.The vulnerability has been patched in Fides version `2.39.1`. Users are advised to upgrade to this version or later to secure their systems against this threat. On Thursday, June 27, 2024, Cloudflare and Namecheap intervened at a domain level to ensure `polyfill.io` and its subdomains could not resolve to the compromised service, rendering this vulnerability unexploitable. Prior to the domain level intervention, there were no server-side workarounds and the confidentiality, integrity, and availability impacts of this vulnerability were high. Clients could ensure they were not affected by using a modern browser that supported the fetch standard.", "poc": ["https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-32699", "desc": "Cross-Site Request Forgery (CSRF) vulnerability in YITH YITH WooCommerce Compare.This issue affects YITH WooCommerce Compare: from n/a through 2.37.0.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-6193", "desc": "A vulnerability, which was classified as critical, has been found in itsourcecode Vehicle Management System 1.0. This issue affects some unknown processing of the file driverprofile.php. The manipulation of the argument driverid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-269165 was assigned to this vulnerability.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-5383", "desc": "A vulnerability classified as problematic has been found in lakernote EasyAdmin up to 20240324. This affects an unknown part of the file /sys/file/upload. The manipulation of the argument file leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The identifier of the patch is 9c8a836ace17a93c45e5ad52a2340788b7795030. It is recommended to apply a patch to fix this issue. The identifier VDB-266301 was assigned to this vulnerability.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-35196", "desc": "Sentry is a developer-first error tracking and performance monitoring platform. Sentry's Slack integration incorrectly records the incoming request body in logs. This request data can contain sensitive information, including the deprecated Slack verification token. With this verification token, it is possible under specific configurations, an attacker can forge requests and act as the Slack integration. The request body is leaked in log entries matching `event == \"slack.*\" && name == \"sentry.integrations.slack\" && request_data == *`. The deprecated slack verification token, will be found in the `request_data.token` key. **SaaS users** do not need to take any action. **Self-hosted users** should upgrade to version 24.5.0 or higher, rotate their Slack verification token, and use the Slack Signing Secret instead of the verification token. For users only using the `slack.signing-secret` in their self-hosted configuration, the legacy verification token is not used to verify the webhook payload. It is ignored. Users unable to upgrade should either set the `slack.signing-secret` instead of `slack.verification-token`. The signing secret is Slack's recommended way of authenticating webhooks. By having `slack.singing-secret` set, Sentry self-hosted will no longer use the verification token for authentication of the webhooks, regardless of whether `slack.verification-token` is set or not. Alternatively if the self-hosted instance is unable to be upgraded or re-configured to use the `slack.signing-secret`, the logging configuration can be adjusted to not generate logs from the integration. The default logging configuration can be found in `src/sentry/conf/server.py`. **Services should be restarted once the configuration change is saved.**", "poc": ["https://github.com/getsentry/sentry/blob/17d2b87e39ccd57e11da4deed62971ff306253d1/src/sentry/conf/server.py#L1307"]}, {"cve": "CVE-2024-26484", "desc": "** DISPUTED ** A stored cross-site scripting (XSS) vulnerability in the Edit Content Layout module of Kirby CMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link field. NOTE: the vendor's position is that this issue did not affect any version of Kirby CMS. The only effect was on the trykirby.com demo site, which is not customer-controlled.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-29833", "desc": "The image upload component allows SVG files and the regular expression used to remove script tags can be bypassed by using a Cross Site Scripting payload which does not match the regular expression; one example of this is the inclusion of whitespace within the script tag. An attacker must target an authenticated user with permissions to access this feature, however once uploaded the payload is also accessible to unauthenticated users.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-23834", "desc": "Discourse is an open-source discussion platform. Improperly sanitized user input could lead to an XSS vulnerability in some situations. This vulnerability only affects Discourse instances which have disabled the default Content Security Policy. The vulnerability is patched in 3.1.5 and 3.2.0.beta5. As a workaround, ensure Content Security Policy is enabled and does not include `unsafe-inline`.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-26059", "desc": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-4372", "desc": "The Carousel Slider WordPress plugin before 2.2.11 does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks", "poc": ["https://wpscan.com/vulnerability/13dcfd8a-e378-44b4-af6f-940bc41539a4/"]}, {"cve": "CVE-2024-21183", "desc": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "poc": ["https://github.com/tanjiti/sec_profile"]}, {"cve": "CVE-2024-7008", "desc": "Unsanitized user-input in Calibre <= 7.15.0 allow attackers to perform reflected cross-site scripting.", "poc": ["https://starlabs.sg/advisories/24/24-7008/", "https://github.com/20142995/nuclei-templates"]}, {"cve": "CVE-2024-23131", "desc": "A maliciously crafted STP file, when parsed in ASMIMPORT229A.dll, ASMKERN228A.dll, ASMkern229A.dll or ASMDATAX228A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-0030", "desc": "In btif_to_bta_response of btif_gatt_util.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-32136", "desc": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xenioushk BWL Advanced FAQ Manager.This issue affects BWL Advanced FAQ Manager: from n/a through 2.0.3.", "poc": ["https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/xbz0n/CVE-2024-32136"]}, {"cve": "CVE-2024-28029", "desc": "Privileges are not fully verified server-side, which can be abused by a user with limited privileges to bypass authorization and access privileged functionality.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-20019", "desc": "In wlan driver, there is a possible memory leak due to improper input handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00351241; Issue ID: MSV-1173.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4538", "desc": "IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could allow a remote user to obtain a user's event ticket by creating a specific request with the ticket reference ID, leading to the exposure of sensitive user data.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-2294", "desc": "The Backuply \u2013 Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.7 via the backup_name parameter in the backuply_download_backup function. This makes it possible for attackers to have an account with only activate_plugins capability to access arbitrary files on the server, which can contain sensitive information. This only impacts sites hosted on Windows servers.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4603", "desc": "Issue summary: Checking excessively long DSA keys or parameters may be veryslow.Impact summary: Applications that use the functions EVP_PKEY_param_check()or EVP_PKEY_public_check() to check a DSA public key or DSA parameters mayexperience long delays. Where the key or parameters that are being checkedhave been obtained from an untrusted source this may lead to a Denial ofService.The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() performvarious checks on DSA parameters. Some of those computations take a long timeif the modulus (`p` parameter) is too large.Trying to use a very large modulus is slow and OpenSSL will not allow usingpublic keys with a modulus which is over 10,000 bits in length for signatureverification. However the key and parameter check functions do not limitthe modulus size when performing the checks.An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()and supplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.These functions are not called by OpenSSL itself on untrusted DSA keys soonly applications that directly call these functions may be vulnerable.Also vulnerable are the OpenSSL pkey and pkeyparam command line applicationswhen using the `-check` option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.", "poc": ["https://github.com/bcgov/jag-cdds", "https://github.com/chnzzh/OpenSSL-CVE-lib", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-37889", "desc": "MyFinances is a web application for managing finances. MyFinances has a way to access other customer invoices while signed in as a user. This method allows an actor to access PII and financial information from another account. The vulnerability is fixed in 0.4.6.", "poc": ["https://github.com/TreyWW/MyFinances/security/advisories/GHSA-4884-3gvp-3wj2", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-31506", "desc": "Sourcecodester Online Graduate Tracer System v1.0 is vulnerable to SQL Injection via the \"id\" parameter in admin/admin_cs.php.", "poc": ["https://github.com/CveSecLook/cve/issues/4"]}, {"cve": "CVE-2024-3426", "desc": "A vulnerability, which was classified as problematic, has been found in SourceCodester Online Courseware 1.0. Affected by this issue is some unknown functionality of the file editt.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-259598 is the identifier assigned to this vulnerability.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-1638", "desc": "The documentation specifies that the BT_GATT_PERM_READ_LESC and BT_GATT_PERM_WRITE_LESC defines for a Bluetooth characteristic: Attribute read/write permission with LE Secure Connection encryption. If set, requires that LE Secure Connections is used for read/write access, however this is only true when it is combined with other permissions, namely BT_GATT_PERM_READ_ENCRYPT/BT_GATT_PERM_READ_AUTHEN (for read) or BT_GATT_PERM_WRITE_ENCRYPT/BT_GATT_PERM_WRITE_AUTHEN (for write), if these additional permissions are not set (even in secure connections only mode) then the stack does not perform any permission checks on these characteristics and they can be freely written/read.", "poc": ["https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p6f3-f63q-5mc2"]}, {"cve": "CVE-2024-28577", "desc": "Null Pointer Dereference vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the jpeg_read_exif_profile_raw() function when reading images in JPEG format.", "poc": ["https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909", "https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-25309", "desc": "Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'pass' parameter at School/teacher_login.php.", "poc": ["https://github.com/tubakvgc/CVEs/blob/main/Simple%20School%20Management%20System/Simple%20School%20Managment%20System%20-%20SQL%20Injection%20-7.md", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/tubakvgc/CVEs"]}, {"cve": "CVE-2024-35742", "desc": "Missing Authorization vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through 6.9.0.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-21028", "desc": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "poc": ["https://www.oracle.com/security-alerts/cpuapr2024.html"]}, {"cve": "CVE-2024-24757", "desc": "open-irs is an issue response robot that reponds to issues in the installed repository. The `.env` file was accidentally uploaded when working with git actions. This problem is fixed in 1.0.1. Discontinuing all sensitive keys and turning into secrets.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-20698", "desc": "Windows Kernel Elevation of Privilege Vulnerability", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/RomanRybachek/CVE-2024-20698", "https://github.com/RomanRybachek/RomanRybachek", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-39132", "desc": "A NULL Pointer Dereference vulnerability in DumpTS v0.1.0-nightly allows attackers to cause a denial of service via the function VerifyCommandLine() at /src/DumpTS.cpp.", "poc": ["https://github.com/wangf1978/DumpTS/issues/22"]}, {"cve": "CVE-2024-21092", "desc": "Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Product Quality Management). The supported version that is affected is 6.2.4.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile Product Lifecycle Management for Process. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Agile Product Lifecycle Management for Process accessible data as well as unauthorized access to critical data or complete access to all Oracle Agile Product Lifecycle Management for Process accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "poc": ["https://www.oracle.com/security-alerts/cpuapr2024.html"]}, {"cve": "CVE-2024-1261", "desc": "A vulnerability classified as critical was found in Juanpao JPShop up to 1.5.02. This vulnerability affects the function actionIndex of the file /api/controllers/merchant/app/ComboController.php of the component API. The manipulation of the argument pic_url leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-253000.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-1179", "desc": "TP-Link Omada ER605 DHCPv6 Client Options Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of DHCP options. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22420.", "poc": ["https://github.com/tanjiti/sec_profile", "https://github.com/z1r00/z1r00"]}, {"cve": "CVE-2024-6890", "desc": "Password reset tokens are generated using an insecure source of randomness. Attackers who know the username of the Journyx installation user can bruteforce the password reset and change the administrator password.", "poc": ["https://korelogic.com/Resources/Advisories/KL-001-2024-007.txt", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-5756", "desc": "The Email Subscribers by Icegram Express \u2013 Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the db parameter in all versions up to, and including, 5.7.23 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-1755", "desc": "The NPS computy WordPress plugin through 2.7.5 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks", "poc": ["https://wpscan.com/vulnerability/481a376b-55be-4afa-94f5-c3cf8a88b8d1/", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-6362", "desc": "The Ultimate Blocks WordPress plugin before 3.2.0 does not validate and escape some of its post-grid block attributes before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks", "poc": ["https://wpscan.com/vulnerability/d2e2d06b-0f07-40b9-9b87-3373f62ae1a9/"]}, {"cve": "CVE-2024-25527", "desc": "RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklog_template_show.aspx.", "poc": ["https://gist.github.com/Mr-xn/bc8261a5c3e35a72768723acf1da358d#worklog_template_showaspx", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-3239", "desc": "The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.0.2 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks", "poc": ["https://wpscan.com/vulnerability/dfa1421b-41b0-4b25-95ef-0843103e1f5e/"]}, {"cve": "CVE-2024-0272", "desc": "A vulnerability was found in Kashipara Food Management System up to 1.0 and classified as critical. This issue affects some unknown processing of the file addmaterialsubmit.php. The manipulation of the argument material_name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249827.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-36496", "desc": "The configuration file is encrypted with a static key derived from a static five-character password which allows an attacker to decrypt this file.\u00a0The application hashes this five-character password with the outdated and broken MD5 algorithm (no salt) and uses the first five bytes as the key for RC4. The configuration file is then encrypted with these parameters.", "poc": ["http://seclists.org/fulldisclosure/2024/Jun/12", "https://r.sec-consult.com/winselect"]}, {"cve": "CVE-2024-32884", "desc": "gitoxide is a pure Rust implementation of Git. `gix-transport` does not check the username part of a URL for text that the external `ssh` program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious clone URL is used by an application whose current working directory contains a malicious file, arbitrary code execution occurs. This is related to the patched vulnerability GHSA-rrjw-j4m2-mf34, but appears less severe due to a greater attack complexity. This issue has been patched in versions 0.35.0, 0.42.0 and 0.62.0.", "poc": ["https://github.com/Byron/gitoxide/security/advisories/GHSA-98p4-xjmm-8mfh", "https://rustsec.org/advisories/RUSTSEC-2024-0335.html", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-24396", "desc": "Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the search bar component.", "poc": ["https://cves.at/posts/cve-2024-24396/writeup/", "https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/trustcves/CVE-2024-24396"]}, {"cve": "CVE-2024-25908", "desc": "Missing Authorization vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-33517", "desc": "An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Radio Frequency Manager service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected service.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-30162", "desc": "Invision Community through 4.7.16 allows remote code execution via the applications/core/modules/admin/editor/toolbar.php IPS\\core\\modules\\admin\\editor\\_toolbar::addPlugin() method. This method handles uploaded ZIP files that are extracted into the applications/core/interface/ckeditor/ckeditor/plugins/ directory without properly verifying their content. This can be exploited by admin users (with the toolbar_manage permission) to write arbitrary PHP files into that directory, leading to execution of arbitrary PHP code in the context of the web server user.", "poc": ["http://seclists.org/fulldisclosure/2024/Apr/21"]}, {"cve": "CVE-2024-21865", "desc": "HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may connect to the product via SSH and use a shell.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-36399", "desc": "Kanboard is project management software that focuses on the Kanban methodology. The vuln is in app/Controller/ProjectPermissionController.php function addUser(). The users permission to add users to a project only get checked on the URL parameter project_id. If the user is authorized to add users to this project the request gets processed. The users permission for the POST BODY parameter project_id does not get checked again while processing. An attacker with the 'Project Manager' on a single project may take over any other project. The vulnerability is fixed in 1.2.37.", "poc": ["https://github.com/kanboard/kanboard/security/advisories/GHSA-x8v7-3ghx-65cv"]}, {"cve": "CVE-2024-7340", "desc": "The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin.", "poc": ["https://research.jfrog.com/vulnerabilities/wandb-weave-server-remote-arbitrary-file-leak-jfsa-2024-001039248/", "https://github.com/20142995/nuclei-templates"]}, {"cve": "CVE-2024-33153", "desc": "J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the commentList() function.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4057", "desc": "The Gutenberg Blocks with AI by Kadence WP WordPress plugin before 3.2.37 does not validate and escape some of its block attributes before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks", "poc": ["https://wpscan.com/vulnerability/da4d4d87-07b3-4f7d-bcbd-d29968a30b4f/"]}, {"cve": "CVE-2024-34477", "desc": "configureNFS in lib/common/functions.sh in FOG through 1.5.10 allows local users to gain privileges by mounting a crafted NFS share (because of no_root_squash and insecure). In order to exploit the vulnerability, someone needs to mount an NFS share in order to add an executable file as root. In addition, the SUID bit must be added to this file.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-27096", "desc": "GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can exploit a SQL injection vulnerability in the search engine to extract data from the database. This issue has been patched in version 10.0.13.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-0951", "desc": "The Advanced Social Feeds Widget & Shortcode WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "poc": ["https://wpscan.com/vulnerability/88b2e479-eb15-4213-9df8-3d353074974e/", "https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-39682", "desc": "Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to HTML Injection in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers with contributor-level access and above to inject arbitrary HTML in pages that will be shown whenever a user accesses a compromised page. This issue has been addressed in release version 1.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "poc": ["https://github.com/XjSv/Cooked/security/advisories/GHSA-fx69-f77x-84gr"]}, {"cve": "CVE-2024-2586", "desc": "Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/index.php, in the 'username' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-0657", "desc": "The Internal Link Juicer: SEO Auto Linker for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings such as 'ilj_settings_field_links_per_page' in all versions up to, and including, 2.23.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-3958", "desc": "An issue has been discovered in GitLab CE/EE affecting all versions before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. An issue was found that allows someone to abuse a discrepancy between the Web application display and the git command line interface to social engineer victims into cloning non-trusted code.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-7335", "desc": "A vulnerability classified as critical has been found in TOTOLINK EX200 4.0.3c.7646_B20201211. Affected is the function getSaveConfig of the file /cgi-bin/cstecgi.cgi?action=save&setting. The manipulation of the argument http_host leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-273258 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/EX200/getSaveConfig.md", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-34063", "desc": "vodozemac is an implementation of Olm and Megolm in pure Rust. Versions 0.5.0 and 0.5.1 of vodozemac have degraded secret zeroization capabilities, due to changes in third-party cryptographic dependencies (the Dalek crates), which moved secret zeroization capabilities behind a feature flag and defaulted this feature to off. The degraded zeroization capabilities could result in the production of more memory copies of encryption secrets and secrets could linger in memory longer than necessary. This marginally increases the risk of sensitive data exposure. This issue has been addressed in version 0.6.0 and users are advised to upgrade. There are no known workarounds for this vulnerability.", "poc": ["https://github.com/matrix-org/vodozemac/commit/297548cad4016ce448c4b5007c54db7ee39489d9"]}, {"cve": "CVE-2024-39069", "desc": "An issue in ifood Order Manager v3.35.5 'Gestor de Peddios.exe' allows attackers to execute arbitrary code via a DLL hijacking attack.", "poc": ["https://github.com/AungSoePaing/CVE-2024-39069", "https://youtu.be/oMIobV2M0T8", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-2326", "desc": "The Pretty Links \u2013 Affiliate Links, Link Branding, Link Tracking & Marketing Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.3. This is due to missing or incorrect nonce validation when saving plugin settings. This makes it possible for unauthenticated attackers to change the plugin's configuration including stripe integration via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-0711", "desc": "The Buttons Shortcode and Widget WordPress plugin through 1.16 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.", "poc": ["https://wpscan.com/vulnerability/8e286c04-ef32-4af0-be78-d978999b2a90/", "https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-32752", "desc": "Under certain circumstances communications between the ICU tool and an iSTAR Pro door controller is susceptible to Machine-in-the-Middle attacks which could impact door control and configuration.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-1112", "desc": "Heap-based buffer overflow vulnerability in Resource Hacker, developed by Angus Johnson, affecting version 3.6.0.92. This vulnerability could allow an attacker to execute arbitrary code via a long filename argument.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-34982", "desc": "An arbitrary file upload vulnerability in the component /include/file.php of lylme_spage v1.9.5 allows attackers to execute arbitrary code via uploading a crafted file.", "poc": ["https://github.com/tanjiti/sec_profile"]}, {"cve": "CVE-2024-2448", "desc": "An OS command injection vulnerability has been identified in LoadMaster.\u00a0 An authenticated UI user with any permission settings may be able to inject commands into a UI component using a shell command resulting in OS command injection.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/RhinoSecurityLabs/CVEs"]}, {"cve": "CVE-2024-29489", "desc": "Jerryscript 2.4.0 has SEGV at ./jerry-core/ecma/base/ecma-helpers.c:238:58 in ecma_get_object_type.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/gandalf4a/crash_report"]}, {"cve": "CVE-2024-25218", "desc": "A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Project Name parameter /TaskManager/Projects.php.", "poc": ["https://github.com/BurakSevben/CVEs/blob/main/Task%20Manager%20App/Task%20Manager%20App%20-%20Cross-Site-Scripting%20-1.md", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-5276", "desc": "A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify application data.\u00a0 Likely impacts include creation of administrative users and deletion or modification of data in the application database. Data exfiltration via SQL injection is not possible using this vulnerability. Successful unauthenticated exploitation requires a Workflow system with anonymous access enabled, otherwise an authenticated user is required.\u00a0This issue affects all versions of FileCatalyst Workflow from 5.1.6 Build 135 and earlier.", "poc": ["https://www.tenable.com/security/research/tra-2024-25"]}, {"cve": "CVE-2024-28318", "desc": "gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain a out of boundary write vulnerability via swf_get_string at scene_manager/swf_parse.c:325", "poc": ["https://github.com/gpac/gpac/issues/2764", "https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-3113", "desc": "The FormFlow: WhatsApp Social and Advanced Form Builder with Easy Lead Collection WordPress plugin before 2.12.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "poc": ["https://wpscan.com/vulnerability/ad85c5c7-f4d1-4374-b3b7-8ee022d27d34/"]}, {"cve": "CVE-2024-2408", "desc": "The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817 (rsa_pkcs1_implicit_rejection). These changes are part of OpenSSL 3.2 and have also been backported to stable versions of various Linux distributions, as well as to the PHP builds provided for Windows since the previous release. All distributors and builders should ensure that this version is used to prevent PHP from being vulnerable.PHP Windows builds for the versions\u00a08.1.29,\u00a08.2.20 and\u00a08.3.8 and above include OpenSSL patches that fix the vulnerability.", "poc": ["https://github.com/php/php-src/security/advisories/GHSA-hh26-4ppw-5864", "https://github.com/chnzzh/OpenSSL-CVE-lib", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4661", "desc": "The WP Reset plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_ajax function in all versions up to, and including, 2.02. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify the value fo the 'License Key' field for the 'Activate Pro License' setting.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-6243", "desc": "The HTML Forms WordPress plugin before 1.3.33 does not sanitize and escape the form message inputs, allowing high-privilege users, such as administrators, to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disabled.", "poc": ["https://wpscan.com/vulnerability/f4097877-ba19-4738-a994-9593b9a5a635/", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-2951", "desc": "Cross-Site Request Forgery (CSRF) vulnerability in Metagauss RegistrationMagic.This issue affects RegistrationMagic: from n/a through 5.3.0.0.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-33672", "desc": "An issue was discovered in Veritas NetBackup before 10.4. The Multi-Threaded Agent used in NetBackup can be leveraged to perform arbitrary file deletion on protected files.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-0962", "desc": "A vulnerability was found in obgm libcoap 4.3.4. It has been rated as critical. Affected by this issue is the function get_split_entry of the file src/coap_oscore.c of the component Configuration File Handler. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-252206 is the identifier assigned to this vulnerability.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-33024", "desc": "Transient DOS while parsing the ML IE when a beacon with length field inside the common info of ML IE greater than the ML IE length.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4208", "desc": "The Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the typer effect in the advanced heading widget in all versions up to, and including, 3.2.37 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4898", "desc": "The InstaWP Connect \u2013 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary option updates due to a missing authorization checks on the REST API calls in all versions up to, and including, 0.1.0.38. This makes it possible for unauthenticated attackers to connect the site to InstaWP API, edit arbitrary site options and create administrator accounts.", "poc": ["https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-24003", "desc": "jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findInOutMaterialCount() function of jshERP does not filter `column` and `order` parameters well enough, and an attacker can construct malicious payload to bypass jshERP's protection mechanism in `safeSqlParse` method for sql injection.", "poc": ["https://github.com/jishenghua/jshERP/issues/99"]}, {"cve": "CVE-2024-33525", "desc": "A Stored Cross-site Scripting (XSS) vulnerability in the \"Import of organizational units and title of organizational unit\" feature in ILIAS 7.20 to 7.29 and ILIAS 8.4 to 8.10 as well as ILIAS 9.0 allows remote authenticated attackers with administrative privileges to inject arbitrary web script or HTML via XML file upload.", "poc": ["https://insinuator.net/2024/05/security-advisory-achieving-php-code-execution-in-ilias-elearning-lms-before-v7-30-v8-11-v9-1/"]}, {"cve": "CVE-2024-31390", "desc": ": Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Breakdance allows : Code Injection.This issue affects Breakdance: from n/a through 1.7.2.", "poc": ["https://patchstack.com/articles/unpatched-authenticated-rce-in-oxygen-and-breakdance-builder?_s_id=cve", "https://snicco.io/vulnerability-disclosure/breakdance/client-mode-remote-code-execution-breakdance-1-7-0?_s_id=cve", "https://www.youtube.com/watch?v=9glx54-LfRE", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-25306", "desc": "Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'aname' parameter at \"School/index.php\".", "poc": ["https://github.com/tubakvgc/CVEs/blob/main/Simple%20School%20Management%20System/Simple%20School%20Managment%20System%20-%20SQL%20Injection%20-1.md", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/tubakvgc/CVEs"]}, {"cve": "CVE-2024-21412", "desc": "Internet Shortcut Files Security Feature Bypass Vulnerability", "poc": ["https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections", "https://github.com/GarethPullen/Powershell-Scripts", "https://github.com/Sploitus/CVE-2024-29988-exploit", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/lsr00ter/CVE-2024-21412_Water-Hydra", "https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/wr00t/CVE-2024-21412_Water-Hydra"]}, {"cve": "CVE-2024-34478", "desc": "btcd before 0.24.0 does not correctly implement the consensus rules outlined in BIP 68 and BIP 112, making it susceptible to consensus failures. Specifically, it uses the transaction version as a signed integer when it is supposed to be treated as unsigned. There can be a chain split and loss of funds.", "poc": ["https://delvingbitcoin.org/t/disclosure-btcd-consensus-bugs-due-to-usage-of-signed-transaction-version/455"]}, {"cve": "CVE-2024-4593", "desc": "A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7. This issue affects some unknown processing of the file /src/dede/sys_multiserv.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263315. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/Hckwzh/cms/blob/main/24.md", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-25393", "desc": "A stack buffer overflow occurs in net/at/src/at_server.c in RT-Thread through 5.0.2.", "poc": ["https://github.com/0xdea/advisories", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/hnsecurity/vulns"]}, {"cve": "CVE-2024-21320", "desc": "Windows Themes Spoofing Vulnerability", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/tomerpeled92/CVE"]}, {"cve": "CVE-2024-32291", "desc": "Tenda W30E v1.0 firmware v1.0.1.25(633) has a stack overflow vulnerability via the page parameter in the fromNatlimit function.", "poc": ["https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W30E/fromNatlimit.md"]}, {"cve": "CVE-2024-23674", "desc": "The Online-Ausweis-Funktion eID scheme in the German National Identity card through 2024-02-15 allows authentication bypass by spoofing. A man-in-the-middle attacker can assume a victim's identify for access to government, medical, and financial resources, and can also extract personal data from the card, aka the \"sPACE (Spoofing Password Authenticated Connection Establishment)\" issue. This occurs because of a combination of factors, such as insecure PIN entry (for basic readers) and eid:// deeplinking. The victim must be using a modified eID kernel, which may occur if the victim is tricked into installing a fake version of an official app. NOTE: the BSI position is \"ensuring a secure operational environment at the client side is an obligation of the ID card owner.\"", "poc": ["https://ctrlalt.medium.com/space-attack-spoofing-eids-password-authenticated-connection-establishment-11561e5657b1"]}, {"cve": "CVE-2024-36650", "desc": "TOTOLINK AC1200 Wireless Dual Band Gigabit Router firmware A3100R V4.1.2cu.5247_B20211129, in the cgi function `setNoticeCfg` of the file `/lib/cste_modules/system.so`, the length of the user input string `NoticeUrl` is not checked. This can lead to a buffer overflow, allowing attackers to construct malicious HTTP or MQTT requests to cause a denial-of-service attack.", "poc": ["https://gist.github.com/Swind1er/f442fcac520a48c05c744c7b72362483"]}, {"cve": "CVE-2024-5072", "desc": "Improper input validation in PAM JIT elevation feature in Devolutions Server 2024.1.11.0 and earlier allows an authenticated user with access to the PAM JIT elevation feature to manipulate the LDAP filter query via a specially crafted request.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-26581", "desc": "In the Linux kernel, the following vulnerability has been resolved:netfilter: nft_set_rbtree: skip end interval element from gcrbtree lazy gc on insert might collect an end interval element that hasbeen just added in this transactions, skip end interval elements thatare not yet active.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-23297", "desc": "The issue was addressed with improved checks. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4. A malicious application may be able to access private information.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-20663", "desc": "Windows Message Queuing Client (MSMQC) Information Disclosure", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-3476", "desc": "The Side Menu Lite WordPress plugin before 4.2.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks", "poc": ["https://wpscan.com/vulnerability/46f74493-9082-48b2-90bc-2c1d1db64ccd/"]}, {"cve": "CVE-2024-2197", "desc": "The Chirp Access app contains a hard-coded password, BEACON_PASSWORD. An attacker within Bluetooth range could change configuration settings within the Bluetooth beacon, effectively disabling the application's ability to notify users when they are near a Beacon-enabled access point. This variable cannot be used to change the configuration settings of the door readers or locksets and does not affect the ability for authorized users of the mobile application to lock or unlock access points.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-22284", "desc": "Deserialization of Untrusted Data vulnerability in Thomas Belser Asgaros Forum.This issue affects Asgaros Forum: from n/a through 2.7.2.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-3616", "desc": "A vulnerability classified as problematic was found in SourceCodester Warehouse Management System 1.0. This vulnerability affects unknown code of the file pengguna.php. The manipulation of the argument admin_user/admin_nama/admin_alamat/admin_telepon leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260272.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-37153", "desc": "Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. There is an issue with how to liquid stake using Safe which itself is a contract. The bug only appears when there is a local state change together with an ICS20 transfer in the same function and uses the contract's balance, that is using the contract address as the sender parameter in an ICS20 transfer using the ICS20 precompile. This is in essence the \"infinite money glitch\" allowing contracts to double the supply of Evmos after each transaction.The issue has been patched in versions >=V18.1.0.", "poc": ["https://github.com/evmos/evmos/security/advisories/GHSA-xgr7-jgq3-mhmc"]}, {"cve": "CVE-2024-28859", "desc": "Symfony1 is a community fork of symfony 1.4 with DIC, form enhancements, latest Swiftmailer, better performance, composer compatible and PHP 8 support. Symfony 1 has a gadget chain due to vulnerable Swift Mailer dependency that would enable an attacker to get remote code execution if a developer unserialize user input in his project. This vulnerability present no direct threat but is a vector that will enable remote code execution if a developper deserialize user untrusted data. Symfony 1 depends on Swift Mailer which is bundled by default in vendor directory in the default installation since 1.3.0. Swift Mailer classes implement some `__destruct()` methods. These methods are called when php destroys the object in memory. However, it is possible to include any object type in `$this->_keys` to make PHP access to another array/object properties than intended by the developer. In particular, it is possible to abuse the array access which is triggered on foreach($this->_keys ...) for any class implementing ArrayAccess interface. This may allow an attacker to execute any PHP command which leads to remote code execution. This issue has been addressed in version 1.5.18. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "poc": ["https://github.com/FriendsOfSymfony1/symfony1/security/advisories/GHSA-wjv8-pxr6-5f4r", "https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-33149", "desc": "J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the myProcessList function.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-32002", "desc": "Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.", "poc": ["https://github.com/0xMarcio/cve", "https://github.com/10cks/CVE-2024-32002-EXP", "https://github.com/10cks/CVE-2024-32002-POC", "https://github.com/10cks/CVE-2024-32002-hulk", "https://github.com/10cks/CVE-2024-32002-linux-hulk", "https://github.com/10cks/CVE-2024-32002-linux-submod", "https://github.com/10cks/CVE-2024-32002-submod", "https://github.com/10cks/hook", "https://github.com/1mxml/CVE-2024-32002-poc", "https://github.com/431m/rcetest", "https://github.com/AD-Appledog/CVE-2024-32002", "https://github.com/AD-Appledog/wakuwaku", "https://github.com/Basyaact/CVE-2024-32002-PoC_Chinese", "https://github.com/CrackerCat/CVE-2024-32002_EXP", "https://github.com/GhostTroops/TOP", "https://github.com/Goplush/CVE-2024-32002-git-rce", "https://github.com/Hector65432/cve-2024-32002-1", "https://github.com/Hector65432/cve-2024-32002-2", "https://github.com/JJoosh/CVE-2024-32002-Reverse-Shell", "https://github.com/JakobTheDev/cve-2024-32002-poc-aw", "https://github.com/JakobTheDev/cve-2024-32002-poc-rce", "https://github.com/JakobTheDev/cve-2024-32002-submodule-aw", "https://github.com/JakobTheDev/cve-2024-32002-submodule-rce", "https://github.com/M507/CVE-2024-32002", "https://github.com/Roronoawjd/git_rce", "https://github.com/Roronoawjd/hook", "https://github.com/WOOOOONG/CVE-2024-32002", "https://github.com/WOOOOONG/hook", "https://github.com/WOOOOONG/submod", "https://github.com/YuanlooSec/CVE-2024-32002-poc", "https://github.com/Zhang-Yiiliin/test_cve_2024_32002", "https://github.com/Zombie-Kaiser/Zombie-Kaiser", "https://github.com/aitorcastel/poc_CVE-2024-32002", "https://github.com/aitorcastel/poc_CVE-2024-32002_submodule", "https://github.com/ak-phyo/gitrce_poc", "https://github.com/alimuhammedkose/CVE-2024-32002-linux-smash", "https://github.com/amalmurali47/demo_git_rce", "https://github.com/amalmurali47/demo_hook", "https://github.com/amalmurali47/git_rce", "https://github.com/amalmurali47/hook", "https://github.com/aneasystone/github-trending", "https://github.com/bfengj/CVE-2024-32002-Exploit", "https://github.com/bfengj/CVE-2024-32002-hook", "https://github.com/bfengj/Security-Paper-Learing", "https://github.com/coffeescholar/ReplaceAllGit", "https://github.com/cojoben/git_rce", "https://github.com/dzx825/32002", "https://github.com/fadhilthomas/hook", "https://github.com/fadhilthomas/poc-cve-2024-32002", "https://github.com/jafshare/GithubTrending", "https://github.com/jerrydotlam/cve-2024-32002-1", "https://github.com/jerrydotlam/cve-2024-32002-2", "https://github.com/jerrydotlam/cve-2024-32002-3", "https://github.com/johe123qwe/github-trending", "https://github.com/jweny/CVE-2024-32002_EXP", "https://github.com/jweny/CVE-2024-32002_HOOK", "https://github.com/kun-g/Scraping-Github-trending", "https://github.com/markuta/CVE-2024-32002", "https://github.com/markuta/hooky", "https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/p1tsi/misc", "https://github.com/pkjmesra/PKScreener", "https://github.com/safebuffer/CVE-2024-32002", "https://github.com/sampsonv/github-trending", "https://github.com/seekerzz/MyRSSSync", "https://github.com/tanjiti/sec_profile", "https://github.com/testing-felickz/docker-scout-demo", "https://github.com/tobelight/cve_2024_32002", "https://github.com/tobelight/cve_2024_32002_hook", "https://github.com/vincepsh/CVE-2024-32002", "https://github.com/vincepsh/CVE-2024-32002-hook", "https://github.com/wjlin0/poc-doc", "https://github.com/wy876/POC", "https://github.com/wy876/wiki", "https://github.com/ycdxsb/CVE-2024-32002-hulk", "https://github.com/ycdxsb/CVE-2024-32002-submod", "https://github.com/zgimszhd61/openai-sec-test-cve-quickstart", "https://github.com/zhaoxiaoha/github-trending"]}, {"cve": "CVE-2024-5274", "desc": "Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)", "poc": ["https://github.com/kip93/kip93", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-4271", "desc": "The SVGator WordPress plugin through 1.2.6 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks.", "poc": ["https://wpscan.com/vulnerability/c1fe0bc7-a340-428e-a549-1e37291bea1c/"]}, {"cve": "CVE-2024-36540", "desc": "Insecure permissions in external-secrets v0.9.16 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.", "poc": ["https://gist.github.com/HouqiyuA/a4834f3c8450f9d89e2bc4d5c4beef6a"]}, {"cve": "CVE-2024-30666", "desc": "** DISPUTED ** A buffer overflow vulnerability has been discovered in the C++ components of ROS (Robot Operating System) Melodic Morenia in ROS_VERSION 1 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code via improper handling of arrays or strings within these components. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "poc": ["https://github.com/yashpatelphd/CVE-2024-30666"]}, {"cve": "CVE-2024-28890", "desc": "Forminator prior to 1.29.0 contains an unrestricted upload of file with dangerous type vulnerability. If this vulnerability is exploited, a remote attacker may obtain sensitive information by accessing files on the server, alter the site that uses the plugin, and cause a denial-of-service (DoS) condition.", "poc": ["https://github.com/Ostorlab/KEV", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-34693", "desc": "Improper Input Validation vulnerability in Apache Superset, allows for an authenticated attacker to create a MariaDB connection with local_infile enabled. If both the MariaDB server (off by default) and the local mysql client on the web server are set to allow for local infile, it's possible for the attacker to execute a specific MySQL/MariaDB SQL command that is able to read files from the server and insert their content on a MariaDB database table.This issue affects Apache Superset: before 3.1.3 and version 4.0.0Users are recommended to upgrade to version 4.0.1 or 3.1.3, which fixes the issue.", "poc": ["https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-0874", "desc": "A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-5199", "desc": "The Spotify Play Button WordPress plugin through 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.", "poc": ["https://wpscan.com/vulnerability/a2cb8d7d-6d7c-42e9-b3db-cb3959bfd41b/"]}, {"cve": "CVE-2024-0204", "desc": "Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.", "poc": ["http://packetstormsecurity.com/files/176683/GoAnywhere-MFT-Authentication-Bypass.html", "http://packetstormsecurity.com/files/176974/Fortra-GoAnywhere-MFT-Unauthenticated-Remote-Code-Execution.html", "https://github.com/Mr-xn/Penetration_Testing_POC", "https://github.com/Ostorlab/KEV", "https://github.com/Threekiii/CVE", "https://github.com/adminlove520/CVE-2024-0204", "https://github.com/cbeek-r7/CVE-2024-0204", "https://github.com/gobysec/Goby", "https://github.com/horizon3ai/CVE-2024-0204", "https://github.com/lions2012/Penetration_Testing_POC", "https://github.com/m-cetin/CVE-2024-0204", "https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/toxyl/lscve"]}, {"cve": "CVE-2024-21493", "desc": "All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Validation of Array Index when parsing a Caddyfile. Multiple parsing functions in the affected library do not validate whether their input values are nil before attempting to access elements, which can lead to a panic (index out of range). Panics during the parsing of a configuration file may introduce ambiguity and vulnerabilities, hindering the correct interpretation and configuration of the web server.", "poc": ["https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/", "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-5961078", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/trailofbits/publications"]}, {"cve": "CVE-2024-36588", "desc": "An issue in Annonshop.app DecentralizeJustice/ anonymousLocker commit 2b2b4 allows attackers to send messages erroneously attributed to arbitrary users via a crafted HTTP request.", "poc": ["https://github.com/go-compile/security-advisories"]}, {"cve": "CVE-2024-30311", "desc": "Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "poc": ["https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1946"]}, {"cve": "CVE-2024-2886", "desc": "Use after free in WebCodecs in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)", "poc": ["https://issues.chromium.org/issues/330575496", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/leesh3288/leesh3288"]}, {"cve": "CVE-2024-26160", "desc": "Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-27124", "desc": "An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.We have already fixed the vulnerability in the following versions:QTS 5.1.3.2578 build 20231110 and laterQTS 4.5.4.2627 build 20231225 and laterQuTS hero h5.1.3.2578 build 20231110 and laterQuTS hero h4.5.4.2626 build 20231225 and laterQuTScloud c5.1.5.2651 and later", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-6710", "desc": "The Ditty WordPress plugin before 3.1.45 does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks.", "poc": ["https://wpscan.com/vulnerability/1afcf9d4-c2f9-4d47-8d9e-d7fa6ae2358d/"]}, {"cve": "CVE-2024-39671", "desc": "Access control vulnerability in the security verification module.Impact: Successful exploitation of this vulnerability may affect service confidentiality.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-0659", "desc": "The Easy Digital Downloads \u2013 Sell Digital Files (eCommerce Store & Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the variable pricing option title in all versions up to, and including, 3.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with shop manger-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-21745", "desc": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Laybuy Laybuy Payment Extension for WooCommerce allows Stored XSS.This issue affects Laybuy Payment Extension for WooCommerce: from n/a through 5.3.9.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-22206", "desc": "Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth() in the App Router or getAuth() in the Pages Router. This vulnerability was patched in version 4.29.3.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-29745", "desc": "there is a possible Information Disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/toxyl/lscve"]}, {"cve": "CVE-2024-0037", "desc": "In applyCustomDescription of SaveUi.java, there is a possible way to view images belonging to a different user due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-33695", "desc": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeNcode Fan Page Widget by ThemeNcode allows Stored XSS.This issue affects Fan Page Widget by ThemeNcode: from n/a through 2.0.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-28741", "desc": "Cross Site Scripting vulnerability in EginDemirbilek NorthStar C2 v1 allows a remote attacker to execute arbitrary code via the login.php component.", "poc": ["https://blog.chebuya.com/posts/discovering-cve-2024-28741-remote-code-execution-on-northstar-c2-agents-via-pre-auth-stored-xss/", "https://packetstormsecurity.com/files/177542/NorthStar-C2-Agent-1.0-Cross-Site-Scripting-Remote-Command-Execution.html", "https://github.com/chebuya/CVE-2024-28741-northstar-agent-rce-poc", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-26308", "desc": "Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26.Users are recommended to upgrade to version 1.26, which fixes the issue.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/ytono/gcp-arcade"]}, {"cve": "CVE-2024-27447", "desc": "pretix before 2024.1.1 mishandles file validation.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-35722", "desc": "Missing Authorization vulnerability in A WP Life Slider Responsive Slideshow \u2013 Image slider, Gallery slideshow.This issue affects Slider Responsive Slideshow \u2013 Image slider, Gallery slideshow: from n/a through 1.4.0.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-28151", "desc": "Jenkins HTML Publisher Plugin 1.32 and earlier archives invalid symbolic links in report directories on agents and recreates them on the controller, allowing attackers with Item/Configure permission to determine whether a path on the Jenkins controller file system exists, without being able to access it.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-21050", "desc": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "poc": ["https://www.oracle.com/security-alerts/cpuapr2024.html"]}, {"cve": "CVE-2024-36127", "desc": "apko is an apk-based OCI image builder. apko exposures HTTP basic auth credentials from repository and keyring URLs in log output. This vulnerability is fixed in v0.14.5.", "poc": ["https://github.com/chainguard-dev/apko/security/advisories/GHSA-v6mg-7f7p-qmqp"]}, {"cve": "CVE-2024-24822", "desc": "Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Prior to version 1.3.3, an attacker can create, delete etc. tags without having the permission to do so. A fix is available in version 1.3.3. As a workaround, one may apply the patch manually.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-2194", "desc": "The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL search parameter in all versions up to, and including, 14.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "poc": ["https://github.com/Ostorlab/KEV"]}, {"cve": "CVE-2024-21661", "desc": "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.8.13, 2.9.9, and 2.10.4, an attacker can exploit a critical flaw in the application to initiate a Denial of Service (DoS) attack, rendering the application inoperable and affecting all users. The issue arises from unsafe manipulation of an array in a multi-threaded environment. The vulnerability is rooted in the application's code, where an array is being modified while it is being iterated over. This is a classic programming error but becomes critically unsafe when executed in a multi-threaded environment. When two threads interact with the same array simultaneously, the application crashes. This is a Denial of Service (DoS) vulnerability. Any attacker can crash the application continuously, making it impossible for legitimate users to access the service. The issue is exacerbated because it does not require authentication, widening the pool of potential attackers. Versions 2.8.13, 2.9.9, and 2.10.4 contain a patch for this issue.", "poc": ["https://github.com/argoproj/argo-cd/security/advisories/GHSA-6v85-wr92-q4p7", "https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-2954", "desc": "The Action Network plugin for WordPress is vulnerable to SQL Injection via the 'bulk-action' parameter in version 1.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", "poc": ["https://blog.sth.sh/wordpress-action-network-1-4-3-authenticated-sql-injection-0-day-01fcd6e89e96"]}, {"cve": "CVE-2024-0589", "desc": "Cross-site scripting (XSS) vulnerability in the entry overview tab in Devolutions Remote Desktop Manager 2023.3.36 and earlier on Windows allows an attacker with access to a data source to inject a malicious script via a specially crafted input in an entry.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-1562", "desc": "The WooCommerce Google Sheet Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the execute_post_data function in all versions up to, and including, 1.3.11. This makes it possible for unauthenticated attackers to update plugin settings.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-34397", "desc": "An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.", "poc": ["https://gitlab.gnome.org/GNOME/glib/-/issues/3268"]}, {"cve": "CVE-2024-2184", "desc": "Buffer overflow in identifier field of WSD probe request process of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*:Satera MF740C Series/Satera MF640C Series/Satera LBP660C Series/Satera LBP620C Series firmware v12.07 and earlier, and Satera MF750C Series/Satera LBP670C Series firmware v03.09 and earlier sold in Japan.Color imageCLASS MF740C Series/Color imageCLASS MF640C Series/Color imageCLASS X MF1127C/Color imageCLASS LBP664Cdw/Color imageCLASS LBP622Cdw/Color imageCLASS X LBP1127C firmware v12.07 and earlier, and Color imageCLASS MF750C Series/Color imageCLASS X MF1333C/Color imageCLASS LBP674Cdw/Color imageCLASS X LBP1333C firmware v03.09 and earlier sold in US.i-SENSYS MF740C Series/i-SENSYS MF640C Series/C1127i Series/i-SENSYS LBP660C Series/i-SENSYS LBP620C Series/C1127P firmware v12.07 and earlier, and i-SENSYS MF750C Series/C1333i Series/i-SENSYS LBP673Cdw/C1333P firmware v03.09 and earlier sold in Europe.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-28740", "desc": "Cross Site Scripting vulnerability in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via the additonal-contents.pl component.", "poc": ["https://febin0x4e4a.wordpress.com/2023/01/11/xss-vulnerability-in-koha-integrated-library-system/", "https://febin0x4e4a.wordpress.com/2024/03/07/xss-to-one-click-rce-in-koha-ils/"]}, {"cve": "CVE-2024-31380", "desc": "Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Oxygen Builder allows Code Injection.This issue affects Oxygen Builder: from n/a through 4.8.3.", "poc": ["https://patchstack.com/articles/unpatched-authenticated-rce-in-oxygen-and-breakdance-builder?_s_id=cve", "https://snicco.io/vulnerability-disclosure/oxygen/client-control-remote-code-execution-oxygen-4-8-1", "https://snicco.io/vulnerability-disclosure/oxygen/client-control-remote-code-execution-oxygen-4-8-1?_s_id=cve", "https://github.com/Chokopik/CVE-2024-31380-POC", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-2980", "desc": "A vulnerability, which was classified as critical, has been found in Tenda FH1202 1.2.0.14(408). This issue affects the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258149 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/formexeCommand.md", "https://github.com/LaPhilosophie/IoT-vulnerable", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-26470", "desc": "A host header injection vulnerability in the forgot password function of FullStackHero's WebAPI Boilerplate v1.0.0 and v1.0.1 allows attackers to leak the password reset token via a crafted request.", "poc": ["https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2024-26470", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-1622", "desc": "Due to a mistake in error checking, Routinator will terminate when an incoming RTR connection is reset by the peer too quickly after opening.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-1226", "desc": "The software does not neutralize or incorrectly neutralizes certain characters before the data is included in outgoing HTTP headers. The inclusion of invalidated data in an HTTP header allows an attacker to specify the full HTTP response represented by the browser. An attacker could control the response and craft attacks such as cross-site scripting and cache poisoning attacks.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-1646", "desc": "parisneo/lollms-webui is vulnerable to authentication bypass due to insufficient protection over sensitive endpoints. The application checks if the host parameter is not '0.0.0.0' to restrict access, which is inadequate when the application is bound to a specific interface, allowing unauthorized access to endpoints such as '/restart_program', '/update_software', '/check_update', '/start_recording', and '/stop_recording'. This vulnerability can lead to denial of service, unauthorized disabling or overriding of recordings, and potentially other impacts if certain features are enabled in the configuration.", "poc": ["https://github.com/timothee-chauvin/eyeballvul"]}, {"cve": "CVE-2024-1067", "desc": "Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations.\u00a0On Armv8.0 cores, there are certain combinations of the Linux Kernel and Mali GPU kernel driver configurations that would allow the GPU operations to affect the userspace memory of other processes.This issue affects Bifrost GPU Kernel Driver: from r41p0 through r47p0; Valhall GPU Kernel Driver: from r41p0 through r47p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r47p0.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-1550", "desc": "A malicious website could have used a combination of exiting fullscreen mode and `requestPointerLock` to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting permissions they did not intend to grant. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-29094", "desc": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HT Easy GA4 ( Google Analytics 4 ) allows Stored XSS.This issue affects HT Easy GA4 ( Google Analytics 4 ): from n/a through 1.1.7.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-5075", "desc": "The wp-eMember WordPress plugin before 10.6.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin", "poc": ["https://wpscan.com/vulnerability/b47d93d6-5511-451a-853f-c8b0fba20969/", "https://github.com/20142995/nuclei-templates"]}, {"cve": "CVE-2024-28195", "desc": "your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify versions < 1.9.0 do not protect the API and login flow against Cross-Site Request Forgery (CSRF). Attackers can use this to execute CSRF attacks on victims, allowing them to retrieve, modify or delete data on the affected YourSpotify instance. Using repeated CSRF attacks, it is also possible to create a new user on the victim instance and promote the new user to instance administrator if a legitimate administrator visits a website prepared by an attacker. Note: Real-world exploitability of this vulnerability depends on the browser version and browser settings in use by the victim. This issue has been addressed in version 1.9.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "poc": ["https://github.com/Yooooomi/your_spotify/security/advisories/GHSA-hfgf-99p3-6fjj"]}, {"cve": "CVE-2024-2469", "desc": "An attacker with an Administrator role in GitHub Enterprise Server could gain SSH root access via remote code execution.\u00a0This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.17, 3.9.12, 3.10.9, 3.11.7 and 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4019", "desc": "A vulnerability classified as critical has been found in Byzoro Smart S80 Management Platform up to 20240411. Affected is an unknown function of the file /importhtml.php. The manipulation of the argument sql leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-261666 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/scausoft/cve/blob/main/rce.md"]}, {"cve": "CVE-2024-2070", "desc": "A vulnerability classified as problematic was found in SourceCodester FAQ Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /endpoint/add-faq.php. The manipulation of the argument question/answer leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255385 was assigned to this vulnerability.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-28155", "desc": "Jenkins AppSpider Plugin 1.0.16 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about available scan config names, engine group names, and client names.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-20814", "desc": "Out-of-bounds Read in padmd_vld_ac_prog_refine of libpadm.so prior to SMR Feb-2024 Release 1 allows local attackers access unauthorized information.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4313", "desc": "The Table Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018_id\u2019 parameter in all versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-2352", "desc": "A vulnerability, which was classified as critical, has been found in 1Panel up to 1.10.1-lts. Affected by this issue is the function baseApi.UpdateDeviceSwap of the file /api/v1/toolbox/device/update/swap. The manipulation of the argument Path with the input 123123123\\nopen -a Calculator leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-256304.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-20326", "desc": "A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system.This vulnerability is due to improper authorization enforcement when specific CLI commands are used. An attacker could exploit this vulnerability by executing an affected CLI command with crafted arguments. A successful exploit could allow the attacker to read or write arbitrary files on the underlying operating system with the privileges of the root user.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-29108", "desc": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leevio Happy Addons for Elementor allows Stored XSS.This issue affects Happy Addons for Elementor: from n/a through 3.10.1.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-32646", "desc": "Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the `slice` builtin can result in a double eval vulnerability when the buffer argument is either `msg.data`, `self.code` or `
.code` and either the `start` or `length` arguments have side-effects. It can be easily triggered only with the versions `<0.3.4` as `0.3.4` introduced the unique symbol fence. No vulnerable production contracts were found. Additionally, double evaluation of side-effects should be easily discoverable in client tests. As such, the impact is low. As of time of publication, no fixed versions are available.", "poc": ["https://github.com/vyperlang/vyper/security/advisories/GHSA-r56x-j438-vw5m"]}, {"cve": "CVE-2024-7308", "desc": "A vulnerability was found in SourceCodester Establishment Billing Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /view_bill.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273200.", "poc": ["https://gist.github.com/topsky979/c11fd2c1b9027831031de2e58cbf5ff3"]}, {"cve": "CVE-2024-29870", "desc": "SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/index/getdepartments/format/html, 'business_id' parameter./sentrifugo/index.php/index/getdepartments/format/html, 'business_id' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-0292", "desc": "A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected is the function setOpModeCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249858 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-22287", "desc": "Cross-Site Request Forgery (CSRF) vulnerability in Lud\u011bk Melichar Better Anchor Links allows Cross-Site Scripting (XSS).This issue affects Better Anchor Links: from n/a through 1.7.5.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-22491", "desc": "A Stored Cross Site Scripting (XSS) vulnerability in beetl-bbs 2.0 allows attackers to run arbitrary code via the post/save content parameter.", "poc": ["https://github.com/cui2shark/security/blob/main/A%20stored%20cross-site%20scripting%20(XSS)%20vulnerability%20was%20discovered%20in%20beetl-bbs%20post%20save.md"]}, {"cve": "CVE-2024-22336", "desc": "IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279976.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-26642", "desc": "In the Linux kernel, the following vulnerability has been resolved:netfilter: nf_tables: disallow anonymous set with timeout flagAnonymous sets are never used with timeout from userspace, reject this.Exception to this rule is NFT_SET_EVAL to ensure legacy meters still work.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4145", "desc": "The Search & Replace WordPress plugin before 3.2.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks (such as within a multi-site network).", "poc": ["https://wpscan.com/vulnerability/7d5b8764-c82d-4969-a707-f38b63bcadca/"]}, {"cve": "CVE-2024-43045", "desc": "Jenkins 2.470 and earlier, LTS 2.452.3 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to access other users' \"My Views\".", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-23079", "desc": "** DISPUTED ** JGraphT Core v1.5.2 was discovered to contain a NullPointerException via the component org.jgrapht.alg.util.ToleranceDoubleComparator::compare(Double, Double). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-1731", "desc": "The Auto Refresh Single Page plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1 via deserialization of untrusted input from the arsp_options post meta option. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-21045", "desc": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "poc": ["https://www.oracle.com/security-alerts/cpuapr2024.html"]}, {"cve": "CVE-2024-23686", "desc": "DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file.", "poc": ["https://github.com/advisories/GHSA-qqhq-8r2c-c3f5", "https://github.com/jeremylong/DependencyCheck/security/advisories/GHSA-qqhq-8r2c-c3f5"]}, {"cve": "CVE-2024-40729", "desc": "A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/interfaces/add/.", "poc": ["https://github.com/minhquan202/Vuln-Netbox"]}, {"cve": "CVE-2024-1791", "desc": "The CodeMirror Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Code Mirror block in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-1661", "desc": "A vulnerability classified as problematic was found in Totolink X6000R 9.4.0cu.852_B20230719. Affected by this vulnerability is an unknown functionality of the file /etc/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254179. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/WoodManGitHub/MyCVEs/blob/main/2024-Totolink/X6000R-Hardcoded-Password.md", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-27746", "desc": "SQL Injection vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the email address parameter in the index.php component.", "poc": ["https://github.com/shubham-s-pandey/CVE_POC/blob/main/CVE-2024-27746.md"]}, {"cve": "CVE-2024-25219", "desc": "A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Task Name parameter /TaskManager/Task.php.", "poc": ["https://github.com/BurakSevben/CVEs/blob/main/Task%20Manager%20App/Task%20Manager%20App%20-%20Cross-Site-Scripting%20-%202.md", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-39018", "desc": "harvey-woo cat5th/key-serializer v0.2.5 was discovered to contain a prototype pollution via the function \"query\". This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.", "poc": ["https://gist.github.com/mestrtee/be75c60307b2292884cc03cebd361f3f"]}, {"cve": "CVE-2024-25511", "desc": "RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/address_public_new.aspx.", "poc": ["https://gist.github.com/Mr-xn/bc8261a5c3e35a72768723acf1da358d#address_public_newaspx"]}, {"cve": "CVE-2024-28553", "desc": "Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the entrys parameter fromAddressNat function.", "poc": ["https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/fromAddressNat_entrys.md", "https://github.com/LaPhilosophie/IoT-vulnerable", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-33696", "desc": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Broadstreet XPRESS WordPress Ad Widget allows Stored XSS.This issue affects WordPress Ad Widget: from n/a through 2.20.0.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-25711", "desc": "diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/id_rsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-20667", "desc": "Azure DevOps Server Remote Code Execution Vulnerability", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-24495", "desc": "SQL Injection vulnerability in delete-tracker.php in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via crafted GET request.", "poc": ["https://github.com/0xQRx/VulnerabilityResearch/blob/master/2024/DailyHabitTracker-SQL_Injection.md", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-1916", "desc": "Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4340", "desc": "Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError.", "poc": ["https://github.com/advisories/GHSA-2m57-hf25-phgg", "https://research.jfrog.com/vulnerabilities/sqlparse-stack-exhaustion-dos-jfsa-2024-001031292/", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-1701", "desc": "A vulnerability has been found in keerti1924 PHP-MYSQL-User-Login-System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /edit.php. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254389 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/omarexala/PHP-MYSQL-User-Login-System---Broken-Access-Control", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-20686", "desc": "Win32k Elevation of Privilege Vulnerability", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-33147", "desc": "J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the authRoleList function.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-1279", "desc": "The Paid Memberships Pro WordPress plugin before 2.12.9 does not prevent user with at least the contributor role from leaking other users' sensitive metadata.", "poc": ["https://wpscan.com/vulnerability/4c537264-0c23-428e-9a11-7a9e74fb6b69/"]}, {"cve": "CVE-2024-5281", "desc": "The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin", "poc": ["https://wpscan.com/vulnerability/3c0bdb0f-a06a-47a8-9198-a2bf2678b8f1/"]}, {"cve": "CVE-2024-3744", "desc": "A security issue was discovered in azure-file-csi-driver where an actor with access to the driver logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vault solutions. Tokens are only logged when TokenRequests is configured in the CSIDriver object and the driver is set to run at log level 2 or greater via the -v flag.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-21310", "desc": "Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-24868", "desc": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager: from n/a through 4.69.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4127", "desc": "A vulnerability was found in Tenda W15E 15.11.0.14. It has been classified as critical. Affected is the function guestWifiRuleRefresh. The manipulation of the argument qosGuestDownstream leads to stack-based buffer overflow. It is possible to launch the attack remotely. VDB-261870 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/guestWifiRuleRefresh.md", "https://github.com/LaPhilosophie/IoT-vulnerable", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-28575", "desc": "Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_read_mct() function when reading images in J2K format.", "poc": ["https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909", "https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-2726", "desc": "Stored Cross-Site Scripting (Stored-XSS) vulnerability affecting the CIGESv2 system, allowing an attacker to execute and store malicious javascript code in the application form without prior registration.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-22022", "desc": "Vulnerability CVE-2024-22022 allows a Veeam Recovery Orchestrator user that has been assigned a low-privileged role to access the NTLM hash of the service account used by the Veeam Orchestrator Server Service.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-34090", "desc": "An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting (XSS) vulnerability. The login banner in the Archer Control Panel (ACP) did not previously escape content appropriately. 6.14 P3 (6.14.0.3) is also a fixed release.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-2595", "desc": "Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability\u00a0through /amssplus/modules/book/main/bookdetail_khet_person.php, in the 'b_id' parameter. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-40334", "desc": "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/serverFile_deal.php?mudi=upFileDel&dataID=3", "poc": ["https://github.com/Tank992/cms/blob/main/69/csrf.md"]}, {"cve": "CVE-2024-7551", "desc": "A vulnerability was found in juzaweb CMS up to 3.4.2. It has been classified as problematic. Affected is an unknown function of the file /admin-cp/theme/editor/default of the component Theme Editor. The manipulation leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273696. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/DeepMountains/Mirage/blob/main/CVE9-1.md"]}, {"cve": "CVE-2024-34004", "desc": "In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore wiki modules and direct access to the web server outside of the Moodle webroot could execute a local file include.", "poc": ["https://github.com/cli-ish/cli-ish"]}, {"cve": "CVE-2024-25988", "desc": "In SAEMM_DiscloseGuti of SAEMM_RadioMessageCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-0832", "desc": "In Telerik Reporting versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component.\u00a0 In an environment where an existing Telerik Reporting install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-28184", "desc": "WeasyPrint helps web developers to create PDF documents. Since version 61.0, there's a vulnerability which allows attaching content of arbitrary files and URLs to a generated PDF document, even if `url_fetcher` is configured to prevent access to files and URLs. This vulnerability has been patched in version 61.2.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-0957", "desc": "The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Customer Notes field in all versions up to, and including, 4.4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected invoice for printing.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-20389", "desc": "A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system.This vulnerability is due to improper authorization enforcement when specific CLI commands are used. An attacker could exploit this vulnerability by executing an affected CLI command with crafted arguments. A successful exploit could allow the attacker to read or write arbitrary files on the underlying operating system with the privileges of the root user.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-25318", "desc": "Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'pid' parameter in Hotel/admin/print.php?pid=2.", "poc": ["https://github.com/tubakvgc/CVEs/blob/main/Hotel%20Managment%20System/Hotel%20Managment%20System%20-%20SQL%20Injection-3.md", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/tubakvgc/CVEs"]}, {"cve": "CVE-2024-24905", "desc": "Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-24866", "desc": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Biteship Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo allows Reflected XSS.This issue affects Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo: from n/a through 2.2.24.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-28175", "desc": "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Due to the improper URL protocols filtering of links specified in the `link.argocd.argoproj.io` annotations in the application summary component, an attacker can achieve cross-site scripting with elevated permissions. All unpatched versions of Argo CD starting with v1.0.0 are vulnerable to a cross-site scripting (XSS) bug allowing a malicious user to inject a javascript: link in the UI. When clicked by a victim user, the script will execute with the victim's permissions (up to and including admin). This vulnerability allows an attacker to perform arbitrary actions on behalf of the victim via the API, such as creating, modifying, and deleting Kubernetes resources. A patch for this vulnerability has been released in Argo CD versions v2.10.3 v2.9.8, and v2.8.12. There are no completely-safe workarounds besides upgrading. The safest alternative, if upgrading is not possible, would be to create a Kubernetes admission controller to reject any resources with an annotation starting with link.argocd.argoproj.io or reject the resource if the value use an improper URL protocol. This validation will need to be applied in all clusters managed by ArgoCD.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-26649", "desc": "In the Linux kernel, the following vulnerability has been resolved:drm/amdgpu: Fix the null pointer when load rlc firmwareIf the RLC firmware is invalid because of wrong header size,the pointer to the rlc firmware is released in functionamdgpu_ucode_request. There will be a null pointer errorin subsequent use. So skip validation to fix it.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-22433", "desc": "Dell Data Protection Search 19.2.0 and above contain an exposed password opportunity in plain text when using LdapSettings.get_ldap_info in DP Search. A remote unauthorized unauthenticated attacker could potentially exploit this vulnerability leading to a loss of Confidentiality, Integrity, Protection, and remote takeover of the system. This is a high-severity vulnerability as it allows an attacker to take complete control of DP Search to affect downstream protected devices.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-20764", "desc": "Animate versions 24.0, 23.0.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-21623", "desc": "OTCLient is an alternative tibia client for otserv. Prior to commit db560de0b56476c87a2f967466407939196dd254, the /mehah/otclient \"`Analysis - SonarCloud`\" workflow is vulnerable to an expression injection in Actions, allowing an attacker to run commands remotely on the runner, leak secrets, and alter the repository using this workflow. Commit db560de0b56476c87a2f967466407939196dd254 contains a fix for this issue.", "poc": ["https://securitylab.github.com/research/github-actions-untrusted-input/", "https://github.com/Sim4n6/Sim4n6", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-2068", "desc": "A vulnerability was found in SourceCodester Computer Inventory System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /endpoint/update-computer.php. The manipulation of the argument model leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255383.", "poc": ["https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Computer%20Inventory%20System%20Using%20PHP/STORED%20XSS%20upadte-computer.php%20.md", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-36448", "desc": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** Server-Side Request Forgery (SSRF) vulnerability in Apache IoTDB Workbench.This issue affects Apache IoTDB Workbench: from 0.13.0.As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.NOTE: This vulnerability only affects products that are no longer supported by the maintainer.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-25574", "desc": "SQL injection vulnerability exists in GetDIAE_usListParameters.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-34950", "desc": "D-Link DIR-822+ v1.0.5 was discovered to contain a stack-based buffer overflow vulnerability in the SetNetworkTomographySettings module.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-24479", "desc": "** DISPUTED ** A Buffer Overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the wsutil/to_str.c, and format_fractional_part_nsecs components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-22901", "desc": "Vinchin Backup & Recovery v7.2 was discovered to use default MYSQL credentials.", "poc": ["https://blog.leakix.net/2024/01/vinchin-backup-rce-chain/", "https://github.com/Chocapikk/CVE-2024-22899-to-22903-ExploitChain", "https://github.com/Chocapikk/My-CVEs", "https://github.com/komodoooo/Some-things"]}, {"cve": "CVE-2024-25301", "desc": "Redaxo v5.15.1 was discovered to contain a remote code execution (RCE) vulnerability via the component /pages/templates.php.", "poc": ["https://github.com/WoodManGitHub/MyCVEs/blob/main/2024-REDAXO/RCE.md", "https://github.com/evildrummer/MyOwnCVEs/tree/main/CVE-2021-39459", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-22039", "desc": "A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions < IP8), Cerberus PRO EN Fire Panel FC72x IP6 (All versions < IP6 SR3), Cerberus PRO EN Fire Panel FC72x IP7 (All versions < IP7 SR5), Cerberus PRO EN X200 Cloud Distribution IP7 (All versions < V3.0.6602), Cerberus PRO EN X200 Cloud Distribution IP8 (All versions < V4.0.5016), Cerberus PRO EN X300 Cloud Distribution IP7 (All versions < V3.2.6601), Cerberus PRO EN X300 Cloud Distribution IP8 (All versions < V4.2.5015), Cerberus PRO UL Compact Panel FC922/924 (All versions < MP4), Cerberus PRO UL Engineering Tool (All versions < MP4), Cerberus PRO UL X300 Cloud Distribution (All versions < V4.3.0001), Desigo Fire Safety UL Compact Panel FC2025/2050 (All versions < MP4), Desigo Fire Safety UL Engineering Tool (All versions < MP4), Desigo Fire Safety UL X300 Cloud Distribution (All versions < V4.3.0001), Sinteso FS20 EN Engineering Tool (All versions < MP8), Sinteso FS20 EN Fire Panel FC20 MP6 (All versions < MP6 SR3), Sinteso FS20 EN Fire Panel FC20 MP7 (All versions < MP7 SR5), Sinteso FS20 EN X200 Cloud Distribution MP7 (All versions < V3.0.6602), Sinteso FS20 EN X200 Cloud Distribution MP8 (All versions < V4.0.5016), Sinteso FS20 EN X300 Cloud Distribution MP7 (All versions < V3.2.6601), Sinteso FS20 EN X300 Cloud Distribution MP8 (All versions < V4.2.5015), Sinteso Mobile (All versions < V3.0.0). The network communication library in affected systems does not validate the length of certain X.509 certificate attributes which might result in a stack-based buffer overflow.\nThis could allow an unauthenticated remote attacker to execute code on the underlying operating system with root privileges.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-29890", "desc": "DataLens is a business intelligence and data visualization system. A specifically crafted request allowed the creation of a special chart type with the ability to pass custom javascript code that would later be executed in an unprotected sandbox on subsequent requests to that chart. The problem was fixed in the datalens-ui version `0.1449.0`. Restricting access to the API for creating or modifying charts (`/charts/api/charts/v1/`) would mitigate the issue.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-7215", "desc": "A vulnerability was found in TOTOLINK LR1200 9.3.1cu.2832 and classified as critical. Affected by this issue is the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument host_time leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-272786 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/LR1200/NTPSyncWithHost.md", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-2357", "desc": "The Libreswan Project was notified of an issue causing libreswan to restart under some IKEv2 retransmit scenarios when a connection is configured to use PreSharedKeys (authby=secret) and the connection cannot find a matching configured secret. When such a connection is automatically added on startup using the auto= keyword, it can cause repeated crashes leading to a Denial of Service.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-28066", "desc": "In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a hardcoded root password).", "poc": ["https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-008.txt"]}, {"cve": "CVE-2024-22859", "desc": "** DISPUTED ** Cross-Site Request Forgery (CSRF) vulnerability in livewire before v3.0.4, allows remote attackers to execute arbitrary code getCsrfToken function. NOTE: the vendor disputes this because the 5d88731 commit fixes a usability problem (HTTP 419 status codes for legitimate client activity), not a security problem.", "poc": ["https://github.com/github/advisory-database/pull/3490"]}, {"cve": "CVE-2024-0365", "desc": "The Fancy Product Designer WordPress plugin before 6.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by adminstrators.", "poc": ["https://wpscan.com/vulnerability/4b8b9638-d52a-40bc-b298-ae1c74788c18/", "https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-27020", "desc": "In the Linux kernel, the following vulnerability has been resolved:netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()nft_unregister_expr() can concurrent with __nft_expr_type_get(),and there is not any protection when iterate over nf_tables_expressionslist in __nft_expr_type_get(). Therefore, there is potential data-raceof nf_tables_expressions list entry.Use list_for_each_entry_rcu() to iterate over nf_tables_expressionslist in __nft_expr_type_get(), and use rcu_read_lock() in the callernft_expr_type_get() to protect the entire type query process.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-30952", "desc": "A stored cross-site scripting (XSS) vulnerability in PESCMS-TEAM v2.3.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the domain input field under /youdoamin/?g=Team&m=Setting&a=action.", "poc": ["https://github.com/CrownZTX/vulnerabilities/blob/main/pescms/stored_xss.md"]}, {"cve": "CVE-2024-7161", "desc": "A vulnerability classified as problematic was found in SeaCMS 13.0. Affected by this vulnerability is an unknown functionality of the file /member.php?action=chgpwdsubmit of the component Password Change Handler. The manipulation of the argument newpwd/newpwd2 leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272575.", "poc": ["https://github.com/HuaQiPro/seacms/issues/30"]}, {"cve": "CVE-2024-2080", "desc": "The LiquidPoll \u2013 Polls, Surveys, NPS and Feedback Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.76 via the poller_list shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to extract information from polls that may be private.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-35432", "desc": "ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Cross Site Scripting (XSS) via an Audio File. An authenticated user can injection malicious JavaScript code to trigger a Cross Site Scripting.", "poc": ["https://github.com/mrojz/ZKT-Bio-CVSecurity/blob/main/CVE-2024-35432.md"]}, {"cve": "CVE-2024-25710", "desc": "Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0.Users are recommended to upgrade to version 1.26.0 which fixes the issue.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/ytono/gcp-arcade"]}, {"cve": "CVE-2024-4121", "desc": "A vulnerability classified as critical has been found in Tenda W15E 15.11.0.14. Affected is the function formQOSRuleDel. The manipulation of the argument qosIndex leads to stack-based buffer overflow. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-261864. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formQOSRuleDel.md", "https://github.com/LaPhilosophie/IoT-vulnerable"]}, {"cve": "CVE-2024-4269", "desc": "The SVG Block WordPress plugin before 1.1.20 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks.", "poc": ["https://wpscan.com/vulnerability/8aae7aa1-6170-45d8-903f-8520913276da/"]}, {"cve": "CVE-2024-1733", "desc": "The Word Replacer Pro plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the word_replacer_ultra() function in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to update arbitrary content on the affected WordPress site.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-7583", "desc": "A vulnerability, which was classified as critical, has been found in Tenda i22 1.0.0.3(4687). This issue affects the function formApPortalOneKeyAuth of the file /goform/apPortalOneKeyAuth. The manipulation of the argument data leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/BeaCox/IoT_vuln/tree/main/tenda/i22/ApPortalOneKeyAuth"]}, {"cve": "CVE-2024-37308", "desc": "The Cooked Pro recipe plugin for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the `_recipe_settings[post_title]` parameter in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses a compromised page. A patch is available at commit 8cf88f334ccbf11134080bbb655c66f1cfe77026 and will be part of version 1.8.0.", "poc": ["https://github.com/XjSv/Cooked/security/advisories/GHSA-9vfv-c966-jwrv"]}, {"cve": "CVE-2024-31613", "desc": "BOSSCMS v3.10 is vulnerable to Cross Site Request Forgery (CSRF) in name=\"head_code\" or name=\"foot_code.\"", "poc": ["https://github.com/ss122-0ss/BOSSCMS/blob/main/bosscms%20csrf.md"]}, {"cve": "CVE-2024-22591", "desc": "FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/user/group_save.", "poc": ["https://github.com/ysuzhangbin/cms2/blob/main/1.md"]}, {"cve": "CVE-2024-36788", "desc": "Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 does not properly set the HTTPOnly flag for cookies. This allows attackers to possibly intercept and access sensitive communications between the router and connected devices.", "poc": ["https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-netgear-wnr614-router/"]}, {"cve": "CVE-2024-5326", "desc": "The Post Grid Gutenberg Blocks and WordPress Blog Plugin \u2013 PostX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'postx_presets_callback' function in all versions up to, and including, 4.1.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to change arbitrary options on affected sites. This can be used to enable new user registration and set the default role for new users to Administrator.", "poc": ["https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/truonghuuphuc/CVE-2024-5326-Poc"]}, {"cve": "CVE-2024-22460", "desc": "Dell PowerProtect DM5500 version 5.15.0.0 and prior contains an insecure deserialization Vulnerability. A remote attacker with high privileges could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable application.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-0881", "desc": "The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not prevent password protected posts from being displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to read such posts", "poc": ["https://wpscan.com/vulnerability/e460e926-6e9b-4e9f-b908-ba5c9c7fb290/", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-23653", "desc": "BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask BuildKit to run a container with elevated privileges. Normally, running such containers is only allowed if special `security.insecure` entitlement is enabled both by buildkitd configuration and allowed by the user initializing the build request. The issue has been fixed in v0.12.5 . Avoid using BuildKit frontends from untrusted sources.", "poc": ["https://github.com/mightysai1997/leaky-vessels-dynamic-detector", "https://github.com/snyk/leaky-vessels-dynamic-detector", "https://github.com/snyk/leaky-vessels-static-detector"]}, {"cve": "CVE-2024-26710", "desc": "In the Linux kernel, the following vulnerability has been resolved:powerpc/kasan: Limit KASAN thread size increase to 32KBKASAN is seen to increase stack usage, to the point that it was reportedto lead to stack overflow on some 32-bit machines (see link).To avoid overflows the stack size was doubled for KASAN builds incommit 3e8635fb2e07 (\"powerpc/kasan: Force thread size increase withKASAN\").However with a 32KB stack size to begin with, the doubling leads to a64KB stack, which causes build errors: arch/powerpc/kernel/switch.S:249: Error: operand out of range (0x000000000000fe50 is not between 0xffffffffffff8000 and 0x0000000000007fff)Although the asm could be reworked, in practice a 32KB stack seemssufficient even for KASAN builds - the additional usage seems to be inthe 2-3KB range for a 64-bit KASAN build.So only increase the stack for KASAN if the stack size is < 32KB.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-24879", "desc": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yannick Lefebvre Link Library allows Reflected XSS.This issue affects Link Library: from n/a through 7.5.13.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-28012", "desc": "Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary command with the root privilege via the internet.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-26507", "desc": "An issue in FinalWire AIRDA Extreme, AIDA64 Engineer, AIDA64 Business, AIDA64 Network Audit v.7.00.6700 and before allows a local attacker to escalate privileges via the DeviceIoControl call associated with MmMapIoSpace, IoAllocateMdl, MmBuildMdlForNonPagedPool, or MmMapLockedPages components.", "poc": ["https://belong2yourself.github.io/vulnerabilities/docs/AIDA/Elevation-of-Privileges/readme/"]}, {"cve": "CVE-2024-24816", "desc": "CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability vulnerability has been discovered in versions prior to 4.24.0-lts in samples that use the `preview` feature. All integrators that use these samples in the production code can be affected. The vulnerability allows an attacker to execute JavaScript code by abusing the misconfigured preview feature. It affects all users using the CKEditor 4 at version < 4.24.0-lts with affected samples used in a production environment. A fix is available in version 4.24.0-lts.", "poc": ["https://github.com/afine-com/CVE-2024-24816", "https://github.com/afine-com/research", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-26134", "desc": "cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) (RFC 8949) serialization format. Starting in version 5.5.1 and prior to version 5.6.2, an attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object. Version 5.6.2 contains a patch for this issue.", "poc": ["https://github.com/agronholm/cbor2/security/advisories/GHSA-375g-39jq-vq7m"]}, {"cve": "CVE-2024-5246", "desc": "NETGEAR ProSAFE Network Management System Tomcat Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability.The specific flaw exists within the product installer. The issue results from the use of a vulnerable version of Apache Tomcat. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-22868.", "poc": ["https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-34471", "desc": "An issue was discovered in HSC Mailinspector 5.2.17-3. A Path Traversal vulnerability (resulting in file deletion) exists in the mliRealtimeEmails.php file. The filename parameter in the export HTML functionality does not properly validate the file location, allowing an attacker to read and delete arbitrary files on the server. This was observed when the mliRealtimeEmails.php file itself was read and subsequently deleted, resulting in a 404 error for the file and disruption of email information loading.", "poc": ["https://github.com/osvaldotenorio/CVE-2024-34471", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/osvaldotenorio/CVE-2024-34471"]}, {"cve": "CVE-2024-27163", "desc": "Toshiba printers will display the password of the admin user in clear-text and additional passwords when sending 2 specific HTTP requests to the internal API. An attacker stealing the cookie of an admin or abusing a XSS vulnerability can recover this password in clear-text and compromise the printer. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the \"Base Score\" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL.", "poc": ["http://seclists.org/fulldisclosure/2024/Jul/1"]}, {"cve": "CVE-2024-35729", "desc": "Missing Authorization vulnerability in Tickera.This issue affects Tickera: from n/a through 3.5.2.6.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-33527", "desc": "A Stored Cross-site Scripting (XSS) vulnerability in the \"Import of Users and login name of user\" feature in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with administrative privileges to inject arbitrary web script or HTML via XML file upload.", "poc": ["https://insinuator.net/2024/05/security-advisory-achieving-php-code-execution-in-ilias-elearning-lms-before-v7-30-v8-11-v9-1/"]}, {"cve": "CVE-2024-37393", "desc": "Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. An unauthenticated remote attacker could exfiltrate data from Active Directory through blind LDAP injection attacks against the DESKTOP service exposed on the /secserver HTTP endpoint. This may include ms-Mcs-AdmPwd, which has a cleartext password for the Local Administrator Password Solution (LAPS) feature.", "poc": ["https://www.optistream.io/blogs/tech/securenvoy-cve-2024-37393", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-35556", "desc": "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/vpsSys_deal.php?mudi=infoSet.", "poc": ["https://github.com/bearman113/1.md/blob/main/26/csrf.md"]}, {"cve": "CVE-2024-42398", "desc": "Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-24765", "desc": "CasaOS-UserService provides user management functionalities to CasaOS. Prior to version 0.4.7, path filtering of the URL for user avatar image files was not strict, making it possible to get any file on the system. This could allow an unauthorized actor to access, for example, the CasaOS user database, and possibly obtain system root privileges. Version 0.4.7 fixes this issue.", "poc": ["https://github.com/IceWhaleTech/CasaOS-UserService/security/advisories/GHSA-h5gf-cmm8-cg7c", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-29440", "desc": "** DISPUTED ** An unauthorized access vulnerability has been discovered in ROS2 Humble Hawksbill versions where ROS_VERSION is 2 and ROS_PYTHON_VERSION is 3. This vulnerability could potentially allow a malicious user to gain unauthorized access to multiple ROS2 nodes remotely. Unauthorized access to these nodes could result in compromised system integrity, the execution of arbitrary commands, and disclosure of sensitive information. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "poc": ["https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/yashpatelphd/CVE-2024-29440"]}, {"cve": "CVE-2024-30257", "desc": "1Panel is an open source Linux server operation and maintenance management panel. The password verification in the source code uses the != symbol instead hmac.Equal. This may lead to a timing attack vulnerability. This vulnerability is fixed in 1.10.3-lts.", "poc": ["https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-6m9h-2pr2-9j8f"]}, {"cve": "CVE-2024-0271", "desc": "A vulnerability has been found in Kashipara Food Management System up to 1.0 and classified as critical. This vulnerability affects unknown code of the file addmaterial_edit.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249826 is the identifier assigned to this vulnerability.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-28551", "desc": "Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the ssid parameter of form_fast_setting_wifi_set function.", "poc": ["https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/form_fast_setting_wifi_set.md", "https://github.com/LaPhilosophie/IoT-vulnerable"]}, {"cve": "CVE-2024-27288", "desc": "1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.10.1-lts, users can use Burp to obtain unauthorized access to the console page. The vulnerability has been fixed in v1.10.1-lts. There are no known workarounds.", "poc": ["https://github.com/seyrenus/trace-release", "https://github.com/tanjiti/sec_profile"]}, {"cve": "CVE-2024-22011", "desc": "In ss_ProcessRejectComponent of ss_MmConManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-2741", "desc": "Cross-Site Request Forgery (CSRF) vulnerability in Planet IGS-4215-16T2S, affecting firmware version 1.305b210528. This vulnerability could allow a remote attacker to trick some authenticated users into performing actions in their session, such as adding or updating accounts through the Switch web interface.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-22916", "desc": "In D-LINK Go-RT-AC750 v101b03, the sprintf function in the sub_40E700 function within the cgibin is susceptible to stack overflow.", "poc": ["https://kee02p.github.io/2024/01/13/CVE-2024-22916/", "https://www.dlink.com/en/security-bulletin/"]}, {"cve": "CVE-2024-34062", "desc": "tqdm is an open source progress bar for Python and CLI. Any optional non-boolean CLI arguments (e.g. `--delim`, `--buf-size`, `--manpath`) are passed through python's `eval`, allowing arbitrary code execution. This issue is only locally exploitable and had been addressed in release version 4.66.3. All users are advised to upgrade. There are no known workarounds for this vulnerability.", "poc": ["https://github.com/CopperEagle/CopperEagle"]}, {"cve": "CVE-2024-2921", "desc": "Improper access control in PAM vault permissions in Devolutions Server 2024.1.10.0 and earlier allows an authenticated user with access to the PAM to access unauthorized PAM entries via a specific set of permissions.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-26042", "desc": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable web pages. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable script. This could result in arbitrary code execution in the context of the victim's browser.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-37620", "desc": "PHPVOD v4.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the id parameter at /view/admin/view.php.", "poc": ["https://github.com/Hebing123/cve/issues/46"]}, {"cve": "CVE-2024-4984", "desc": "The Yoast SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018display_name\u2019 author meta in all versions up to, and including, 22.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-37763", "desc": "MachForm up to version 19 is affected by an unauthenticated stored cross-site scripting which affects users with valid sessions whom can view compiled forms results.", "poc": ["https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-35657", "desc": "Cross-Site Request Forgery (CSRF) vulnerability in Plechev Andrey WP-Recall.This issue affects WP-Recall: from n/a through 16.26.6.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-36404", "desc": "GeoTools is an open source Java library that provides tools for geospatial data. Prior to versions 31.2, 30.4, and 29.6, Remote Code Execution (RCE) is possible if an application uses certain GeoTools functionality to evaluate XPath expressions supplied by user input. Versions 31.2, 30.4, and 29.6 contain a fix for this issue. As a workaround, GeoTools can operate with reduced functionality by removing the `gt-complex` jar from one's application. As an example of the impact, application schema `datastore` would not function without the ability to use XPath expressions to query complex content. Alternatively, one may utilize a drop-in replacement GeoTools jar from SourceForge for versions 31.1, 30.3, 30.2, 29.2, 28.2, 27.5, 27.4, 26.7, 26.4, 25.2, and 24.0. These jars are for download only and are not available from maven central, intended to quickly provide a fix to affected applications.", "poc": ["https://github.com/Warxim/CVE-2022-41852?tab=readme-ov-file#workaround-for-cve-2022-41852", "https://github.com/geotools/geotools/security/advisories/GHSA-w3pj-wh35-fq8w"]}, {"cve": "CVE-2024-29234", "desc": "Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Group.Save webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors.", "poc": ["https://github.com/LOURC0D3/ENVY-gitbook", "https://github.com/LOURC0D3/LOURC0D3"]}, {"cve": "CVE-2024-3756", "desc": "The MF Gig Calendar WordPress plugin through 1.2.1 does not have CSRF checks in some places, which could allow attackers to make logged in Contributors and above delete arbitrary events via a CSRF attack", "poc": ["https://wpscan.com/vulnerability/b28d0dca-2df1-4925-be81-dd9c46859c38/"]}, {"cve": "CVE-2024-6094", "desc": "The WP ULike WordPress plugin before 4.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).", "poc": ["https://wpscan.com/vulnerability/019b3f34-7b85-4728-8dd7-ca472d6b2d06/"]}, {"cve": "CVE-2024-37880", "desc": "The Kyber reference implementation before 9b8d306, when compiled by LLVM Clang through 18.x with some common optimization options, has a timing side channel that allows attackers to recover an ML-KEM 512 secret key in minutes. This occurs because poly_frommsg in poly.c does not prevent Clang from emitting a vulnerable secret-dependent branch.", "poc": ["https://github.com/antoonpurnal/clangover", "https://pqshield.com/pqshield-plugs-timing-leaks-in-kyber-ml-kem-to-improve-pqc-implementation-maturity/", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-23609", "desc": "An improper error handling vulnerability in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-29064", "desc": "Windows Hyper-V Denial of Service Vulnerability", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-0023", "desc": "In ConvertRGBToPlanarYUV of Codec2BufferUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "poc": ["https://android.googlesource.com/platform/frameworks/av/+/30b1b34cfd5abfcfee759e7d13167d368ac6c268", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-26181", "desc": "Windows Kernel Denial of Service Vulnerability", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-20026", "desc": "In da, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541632; Issue ID: ALPS08541632.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-1256", "desc": "A vulnerability was found in Jspxcms 10.2.0 and classified as problematic. This issue affects some unknown processing of the file /ext/collect/filter_text.do. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252995.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-20993", "desc": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "poc": ["https://www.oracle.com/security-alerts/cpuapr2024.html"]}, {"cve": "CVE-2024-25201", "desc": "Espruino 2v20 (commit fcc9ba4) was discovered to contain an Out-of-bounds Read via jsvStringIteratorPrintfCallback at src/jsvar.c.", "poc": ["https://github.com/espruino/Espruino/issues/2456", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-32302", "desc": "Tenda FH1202 v1.2.0.14(408) firmware has a stack overflow vulnerability via the PPW parameter in the fromWizardHandle function.", "poc": ["https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/fromWizardHandle.md", "https://github.com/LaPhilosophie/IoT-vulnerable"]}, {"cve": "CVE-2024-25603", "desc": "Stored cross-site scripting (XSS) vulnerability in the Dynamic Data Mapping module's DDMForm in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML via the instanceId parameter.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-22133", "desc": "SAP Fiori Front End Server - version 605, allows altering of approver details on the read-only field when sending leave request information. This could lead to creation of request with incorrect approver causing low impact on Confidentiality and Integrity with no impact on\u00a0Availability of the application.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-21908", "desc": "TinyMCE versions before 5.9.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4170", "desc": "A vulnerability was found in Tenda 4G300 1.01.42. It has been rated as critical. This issue affects the function sub_429A30. The manipulation of the argument list1 leads to stack-based buffer overflow. The attack may be initiated remotely. The identifier VDB-261989 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/G3/4G300/sub_429A30.md", "https://github.com/LaPhilosophie/IoT-vulnerable"]}, {"cve": "CVE-2024-4119", "desc": "A vulnerability was found in Tenda W15E 15.11.0.14. It has been declared as critical. This vulnerability affects the function formIPMacBindDel of the file /goform/delIpMacBind. The manipulation of the argument IPMacBindIndex leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-261862 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formIPMacBindDel.md", "https://vuldb.com/?id.261862", "https://github.com/LaPhilosophie/IoT-vulnerable"]}, {"cve": "CVE-2024-3542", "desc": "A vulnerability classified as problematic was found in Campcodes Church Management System 1.0. This vulnerability affects unknown code of the file /admin/add_visitor.php. The manipulation of the argument mobile leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259912.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-5733", "desc": "A vulnerability was found in itsourcecode Online Discussion Forum 1.0. It has been rated as critical. This issue affects some unknown processing of the file register_me.php. The manipulation of the argument eaddress leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-267407.", "poc": ["https://github.com/kingshao0312/cve/issues/1", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-0669", "desc": "A Cross-Frame Scripting vulnerability has been found on Plone CMS affecting verssion below 6.0.5. An attacker could store a malicious URL to be opened by an administrator and execute a malicios iframe element.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-32487", "desc": "less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.", "poc": ["https://github.com/marklogic/marklogic-docker"]}, {"cve": "CVE-2024-29196", "desc": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web root. This vulnerability is fixed in 3.2.6.", "poc": ["https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-mmh6-5cpf-2c72", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-1143", "desc": "Central Dogma versions prior to 0.64.1 is vulnerable to Cross-Site Scripting (XSS), which could allow for the leakage of user sessions and subsequent authentication bypass.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-7372", "desc": "A vulnerability was found in SourceCodester Simple Realtime Quiz System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /quiz_board.php. The manipulation of the argument quiz leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273356.", "poc": ["https://gist.github.com/topsky979/6437f7c2f86d309ca000d0a33885d7bc"]}, {"cve": "CVE-2024-40722", "desc": "The specific API in TCBServiSign Windows Version from CHANGING Information Technology does does not properly validate the length of server-side input. When a user visits a spoofed website, unauthenticated remote attackers can cause a stack-based buffer overflow in the TCBServiSign, temporarily disrupting its service.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-35396", "desc": "TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password for telnet in /web_cste/cgi-bin/product.ini, which allows attackers to log in as root.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-2054", "desc": "The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the \"www-data\" user.", "poc": ["http://seclists.org/fulldisclosure/2024/Mar/12", "https://korelogic.com/Resources/Advisories/KL-001-2024-002.txt", "https://github.com/Madan301/CVE-2024-2054", "https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/tanjiti/sec_profile"]}, {"cve": "CVE-2024-26261", "desc": "The functionality for file download in HGiga OAKlouds' certain modules contains an Arbitrary File Read and Delete vulnerability. Attackers can put file path in specific request parameters, allowing them to download the file without login. Furthermore, the file will be deleted after being downloaded.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-35039", "desc": "idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/tplSys_deal.php?mudi=area.", "poc": ["https://github.com/ywf7678/cms/blob/main/1.md", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-25552", "desc": "A local attacker can gain administrative privileges by inserting an executable file in the path of the affected product.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-22919", "desc": "swftools0.9.2 was discovered to contain a global-buffer-overflow vulnerability via the function parseExpression at swftools/src/swfc.c:2587.", "poc": ["https://github.com/matthiaskramm/swftools/issues/209", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-23855", "desc": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxcodemodify.php, in multiple parameters. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-20841", "desc": "Improper Handling of Insufficient Privileges in Samsung Account prior to version 14.8.00.3 allows local attackers to access data.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-0297", "desc": "A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. This issue affects the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249863. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-30009", "desc": "Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability", "poc": ["https://github.com/angelov-1080/CVE_Checker"]}, {"cve": "CVE-2024-0686", "desc": "** REJECT ** Incorrect assignment", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-33559", "desc": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 8theme XStore allows SQL Injection.This issue affects XStore: from n/a through 9.3.5.", "poc": ["https://github.com/absholi7ly/WordPress-XStore-theme-SQL-Injection", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-25291", "desc": "Deskfiler v1.2.3 allows attackers to execute arbitrary code via uploading a crafted plugin.", "poc": ["https://github.com/ji-zzang/EQST-PoC/tree/main/2024/RCE/CVE-2024-25291"]}, {"cve": "CVE-2024-28070", "desc": "A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient input validation. A successful exploit could allow an attacker to access sensitive information and gain unauthorized access.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-7445", "desc": "A vulnerability, which was classified as critical, has been found in itsourcecode Ticket Reservation System 1.0. Affected by this issue is some unknown functionality of the file checkout_ticket_save.php. The manipulation of the argument data leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-273530 is the identifier assigned to this vulnerability.", "poc": ["https://github.com/DeepMountains/Mirage/blob/main/CVE10-2.md", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-25226", "desc": "A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter under the Add Category function.", "poc": ["https://github.com/BurakSevben/CVEs/blob/main/Supplier%20Managment%20System/Supplier%20Managment%20System%20-%20SQL%20Injection.md", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-39021", "desc": "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/vpsApiData_deal.php?mudi=del", "poc": ["https://github.com/da271133/cms2/blob/main/45/csrf.md"]}, {"cve": "CVE-2024-0195", "desc": "A vulnerability, which was classified as critical, was found in spider-flow 0.4.3. Affected is the function FunctionService.saveFunction of the file src/main/java/org/spiderflow/controller/FunctionController.java. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249510 is the identifier assigned to this vulnerability.", "poc": ["https://github.com/Marco-zcl/POC", "https://github.com/Tropinene/Yscanner", "https://github.com/d4n-sec/d4n-sec.github.io", "https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/tanjiti/sec_profile", "https://github.com/wjlin0/poc-doc", "https://github.com/wy876/POC", "https://github.com/wy876/wiki", "https://github.com/xingchennb/POC-"]}, {"cve": "CVE-2024-30661", "desc": "** DISPUTED ** An unauthorized access vulnerability has been discovered in ROS Melodic Morenia versions where ROS_VERSION is 1 and ROS_PYTHON_VERSION is 3. This vulnerability could potentially allow a malicious user to gain unauthorized information access to multiple ROS nodes remotely. Unauthorized information access to these nodes could result in compromised system integrity, the execution of arbitrary commands, and disclosure of sensitive information. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "poc": ["https://github.com/yashpatelphd/CVE-2024-30661"]}, {"cve": "CVE-2024-0191", "desc": "A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/uploads/. The manipulation leads to file and directory information exposure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249504.", "poc": ["https://github.com/ahmedvienna/CVEs-and-Vulnerabilities"]}, {"cve": "CVE-2024-23742", "desc": "** DISPUTED ** An issue in Loom on macOS version 0.196.1 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. NOTE: the vendor disputes this because it requires local access to a victim's machine.", "poc": ["https://github.com/V3x0r/CVE-2024-23742", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/giovannipajeu1/CVE-2024-23742", "https://github.com/giovannipajeu1/giovannipajeu1", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-28041", "desc": "HGW BL1500HM Ver 002.001.013 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary command.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-0185", "desc": "A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file dasboard_teacher.php of the component Avatar Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249443.", "poc": ["https://github.com/ahmedvienna/CVEs-and-Vulnerabilities", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-27623", "desc": "CMS Made Simple version 2.2.19 is vulnerable to Server-Side Template Injection (SSTI). The vulnerability exists within the Design Manager, particularly when editing the Breadcrumbs.", "poc": ["https://github.com/capture0x/My-CVE", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-21652", "desc": "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.8.13, 2.9.9, and 2.10.4, an attacker can exploit a chain of vulnerabilities, including a Denial of Service (DoS) flaw and in-memory data storage weakness, to effectively bypass the application's brute force login protection. This is a critical security vulnerability that allows attackers to bypass the brute force login protection mechanism. Not only can they crash the service affecting all users, but they can also make unlimited login attempts, increasing the risk of account compromise. Versions 2.8.13, 2.9.9, and 2.10.4 contain a patch for this issue.", "poc": ["https://github.com/argoproj/argo-cd/security/advisories/GHSA-x32m-mvfj-52xv", "https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-4300", "desc": "E-WEBInformationCo. FS-EZViewer(Web) exposes sensitive information in the service. A remote attacker can obtain the database configuration file path through the webpage source code without login. Accessing this path allows attacker to obtain the database credential with the highest privilege and database host IP address. With this information, attackers can connect to the database and perform actions such as adding, modifying, or deleting database contents.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-0690", "desc": "An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-3931", "desc": "A vulnerability was found in Totara LMS 18.0.1 Build 20231128.01. It has been rated as problematic. Affected by this issue is some unknown functionality of the file admin/roles/check.php of the component Profile Handler. The manipulation of the argument ID Number leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261368. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/2lambda123/cisagov-vulnrichment", "https://github.com/cisagov/vulnrichment", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/storbeck/vulnrichment-cli"]}, {"cve": "CVE-2024-4651", "desc": "A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. This issue affects some unknown processing of the file /view/student_attendance_history1.php. The manipulation of the argument year leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263495.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4232", "desc": "This vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L; Firmware version : v3.2.02) due to lack of encryption or hashing in storing of passwords within the router's firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext passwords on the vulnerable system.Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the targeted system.", "poc": ["https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-1917", "desc": "Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-0985", "desc": "Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The victim is a superuser or member of one of the attacker's roles. The attack requires luring the victim into running REFRESH MATERIALIZED VIEW CONCURRENTLY on the attacker's materialized view. Versions before PostgreSQL 16.2, 15.6, 14.11, 13.14, and 12.18 are affected.", "poc": ["https://saites.dev/projects/personal/postgres-cve-2024-0985/", "https://github.com/NaInSec/CVE-LIST", "https://github.com/marklogic/marklogic-kubernetes"]}, {"cve": "CVE-2024-23196", "desc": "A race condition was found in the Linux kernel's sound/hda device driver in snd_hdac_regmap_sync() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-5116", "desc": "A vulnerability, which was classified as critical, has been found in SourceCodester Online Examination System 1.0. Affected by this issue is some unknown functionality of the file save.php. The manipulation of the argument vote leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265196.", "poc": ["https://github.com/polaris0x1/CVE/issues/3"]}, {"cve": "CVE-2024-23243", "desc": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.4 and iPadOS 17.4. An app may be able to read sensitive location information.", "poc": ["https://github.com/iCMDdev/iCMDdev"]}, {"cve": "CVE-2024-28978", "desc": "Dell OpenManage Enterprise, versions 3.10 and 4.0, contains an Improper Access Control vulnerability. A high privileged remote attacker could potentially exploit this vulnerability, leading to unauthorized access to resources.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-30889", "desc": "Cross Site Scripting vulnerability in audimex audimexEE v.15.1.2 and fixed in 15.1.3.9 allows a remote attacker to execute arbitrary code via the service, method, widget_type, request_id, payload parameters.", "poc": ["https://github.com/robymontyz/pocs/blob/main/AudimexEE/ReflectedXSS.md"]}, {"cve": "CVE-2024-34957", "desc": "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/sysImages_deal.php?mudi=infoSet.", "poc": ["https://github.com/Gr-1m/cms/blob/main/1.md", "https://github.com/Gr-1m/CVE-2024-34958", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-1925", "desc": "A vulnerability was found in Ctcms 2.1.2. It has been declared as critical. This vulnerability affects unknown code of the file ctcms/apps/controllers/admin/Upsys.php. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254860.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-20291", "desc": "A vulnerability in the access control list (ACL) programming for port channel subinterfaces of Cisco Nexus 3000 and 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to send traffic that should be blocked through an affected device.\nThis vulnerability is due to incorrect hardware programming that occurs when configuration changes are made to port channel member ports. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to access network resources that should be protected by an ACL that was applied on port channel subinterfaces.", "poc": ["https://github.com/BetterCzz/CVE-2024-20291-POC", "https://github.com/Instructor-Team8/CVE-2024-20291-POC", "https://github.com/greandfather/CVE-2024-20291-POC", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-34217", "desc": "TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the addWlProfileClientMode function.", "poc": ["https://github.com/n0wstr/IOTVuln/tree/main/CP450/addWlProfileClientMode"]}, {"cve": "CVE-2024-7492", "desc": "The MainWP Child Reports plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2. This is due to missing or incorrect nonce validation on the network_options_action() function. This makes it possible for unauthenticated attackers to update arbitrary options that can be leveraged for privilege escalation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This is only exploitable on multisite instances.", "poc": ["https://github.com/20142995/nuclei-templates"]}, {"cve": "CVE-2024-4535", "desc": "The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks", "poc": ["https://wpscan.com/vulnerability/d4980886-da10-4bbc-a84a-fe071ab3b755/"]}, {"cve": "CVE-2024-3777", "desc": "The password reset feature of Ai3 QbiBot lacks proper access control, allowing unauthenticated remote attackers to reset any user's password.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-29231", "desc": "Improper validation of array index vulnerability in UserPrivilege.Enum webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to bypass security constraints via unspecified vectors.", "poc": ["https://github.com/LOURC0D3/ENVY-gitbook", "https://github.com/LOURC0D3/LOURC0D3"]}, {"cve": "CVE-2024-1753", "desc": "A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-23080", "desc": "** DISPUTED ** Joda Time v2.12.5 was discovered to contain a NullPointerException via the component org.joda.time.format.PeriodFormat::wordBased(Locale). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.", "poc": ["https://github.com/vin01/bogus-cves"]}, {"cve": "CVE-2024-1088", "desc": "The Password Protected Store for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9 via the REST API. This makes it possible for unauthenticated attackers to extract sensitive data including post titles and content.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-24717", "desc": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark Kinchin Beds24 Online Booking allows Stored XSS.This issue affects Beds24 Online Booking: from n/a through 2.0.23.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-34474", "desc": "Clario through 2024-04-11 for Desktop has weak permissions for %PROGRAMDATA%\\Clario and tries to load DLLs from there as SYSTEM.", "poc": ["https://github.com/Alaatk/CVE-2024-34474", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-35362", "desc": "Ecshop 3.6 is vulnerable to Cross Site Scripting (XSS) via ecshop/article_cat.php.", "poc": ["https://github.com/shopex/ecshop/issues/6"]}, {"cve": "CVE-2024-22894", "desc": "An issue fixed in AIT-Deutschland Alpha Innotec Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later and Novelan Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later, allows remote attackers to execute arbitrary code via the password component in the shadow file.", "poc": ["https://github.com/Jaarden/AlphaInnotec-Password-Vulnerability", "https://github.com/Jaarden/CVE-2024-22894", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-2202", "desc": "The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the legacy Image widget in all versions up to, and including, 2.29.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-27357", "desc": "An issue was discovered in WithSecure Elements Agent through 23.x for macOS, WithSecure Elements Client Security through 23.x for macOS, and WithSecure MDR through 23.x for macOS. Local Privilege Escalation can occur during installations or updates by admins.", "poc": ["https://github.com/p4yl0ad/p4yl0ad"]}, {"cve": "CVE-2024-1253", "desc": "A vulnerability, which was classified as critical, has been found in Byzoro Smart S40 Management Platform up to 20240126. Affected by this issue is some unknown functionality of the file /useratte/web.php of the component Import Handler. The manipulation of the argument file_upload leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252992. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/b51s77/cve/blob/main/upload.md", "https://github.com/tanjiti/sec_profile"]}, {"cve": "CVE-2024-23525", "desc": "The Spreadsheet::ParseXLSX package before 0.30 for Perl allows XXE attacks because it neglects to use the no_xxe option of XML::Twig.", "poc": ["https://gist.github.com/phvietan/d1c95a88ab6e17047b0248d6bf9eac4a", "https://metacpan.org/release/NUDDLEGG/Spreadsheet-ParseXLSX-0.30/changes", "https://security.metacpan.org/2024/02/10/vulnerable-spreadsheet-parsing-modules.html", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-2538", "desc": "The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_save_permalink' function in all versions up to, and including, 2.4.3.1. This makes it possible for authenticated attackers, with author access and above, to modify the permalinks of arbitrary posts.", "poc": ["https://gist.github.com/Xib3rR4dAr/b1eec00e844932c6f2f30a63024b404e", "https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-2263", "desc": "Themify WordPress plugin before 1.4.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin", "poc": ["https://wpscan.com/vulnerability/ec092ed9-eb3e-40a7-a878-ab854104e290/", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-28185", "desc": "Judge0 is an open-source online code execution system. The application does not account for symlinks placed inside the sandbox directory, which can be leveraged by an attacker to write to arbitrary files and gain code execution outside of the sandbox. When executing a submission, Judge0 writes a `run_script` to the sandbox directory. The security issue is that an attacker can create a symbolic link (symlink) at the path `run_script` before this code is executed, resulting in the `f.write` writing to an arbitrary file on the unsandboxed system. An attacker can leverage this vulnerability to overwrite scripts on the system and gain code execution outside of the sandbox.", "poc": ["https://github.com/judge0/judge0/security/advisories/GHSA-h9g2-45c8-89cf"]}, {"cve": "CVE-2024-21067", "desc": "Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Host Management). The supported version that is affected is 13.5.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Enterprise Manager Base Platform executes to compromise Oracle Enterprise Manager Base Platform. While the vulnerability is in Oracle Enterprise Manager Base Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).", "poc": ["https://www.oracle.com/security-alerts/cpuapr2024.html"]}, {"cve": "CVE-2024-27489", "desc": "An issue in the DelFile() function of WMCMS v4.4 allows attackers to delete arbitrary files via a crafted POST request.", "poc": ["https://gist.github.com/yyyyy7777777/a36541cb60d9e55628f78f2a68968212"]}, {"cve": "CVE-2024-4094", "desc": "The Simple Share Buttons Adder WordPress plugin before 8.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed", "poc": ["https://wpscan.com/vulnerability/04b2feba-e009-4fce-8539-5dfdb4300433/"]}, {"cve": "CVE-2024-21508", "desc": "Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution (RCE) via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values.", "poc": ["https://security.snyk.io/vuln/SNYK-JS-MYSQL2-6591085", "https://github.com/Geniorio01/CVE-2024-21508-mysql2-RCE", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-35197", "desc": "gitoxide is a pure Rust implementation of Git. On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repository, when cloned, to cause indefinite blocking or the production of arbitrary message that appear to have come from the application, and potentially other harmful effects under limited circumstances. If Windows is not used, or untrusted repositories are not cloned or otherwise used, then there is no impact. A minor degradation in availability may also be possible, such as with a very large file named `CON`, though the user could interrupt the application.", "poc": ["https://github.com/Byron/gitoxide/security/advisories/GHSA-49jc-r788-3fc9"]}, {"cve": "CVE-2024-31989", "desc": "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It has been discovered that an unprivileged pod in a different namespace on the same cluster could connect to the Redis server on port 6379. Despite having installed the latest version of the VPC CNI plugin on the EKS cluster, it requires manual enablement through configuration to enforce network policies. This raises concerns that many clients might unknowingly have open access to their Redis servers. This vulnerability could lead to Privilege Escalation to the level of cluster controller, or to information leakage, affecting anyone who does not have strict access controls on their Redis instance. This issue has been patched in version(s) 2.8.19, 2.9.15 and 2.10.10.", "poc": ["https://github.com/argoproj/argo-cd/security/advisories/GHSA-9766-5277-j5hr", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-0854", "desc": "URL redirection to untrusted site ('Open Redirect') vulnerability in file access component in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 allows remote authenticated users to conduct phishing attacks via unspecified vectors.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-20981", "desc": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-5773", "desc": "A vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. Affected is an unknown function of the file /protocol/firewall/deletemacbind.php. The manipulation of the argument messagecontent leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-267456. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/L1OudFd8cl09/CVE/issues/3", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-22240", "desc": "Aria Operations for Networks contains a local file read vulnerability.\u00a0A malicious actor with admin privileges may exploit this vulnerability leading to unauthorized access to sensitive information.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-24256", "desc": "SQL Injection vulnerability in Yonyou space-time enterprise information integration platform v.9.0 and before allows an attacker to obtain sensitive information via the gwbhAIM parameter in the saveMove.jsp in the hr_position directory.", "poc": ["https://github.com/l8l1/killl.github.io/blob/main/3.md"]}, {"cve": "CVE-2024-37672", "desc": "Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the idactivity parameter.", "poc": ["https://github.com/MohamedAzizMSALLEMI/Docubase_Security/blob/main/CVE-2024-37672.md"]}, {"cve": "CVE-2024-31865", "desc": "Improper Input Validation vulnerability in Apache Zeppelin.The attackers can call updating cron API with invalid or improper privileges so that the notebook can run with the privileges.This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1.Users are recommended to upgrade to version 0.11.1, which fixes the issue.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-21397", "desc": "Microsoft Azure File Sync Elevation of Privilege Vulnerability", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-32003", "desc": "wn-dusk-plugin (Dusk plugin) is a plugin which integrates Laravel Dusk browser testing into Winter CMS. The Dusk plugin provides some special routes as part of its testing framework to allow a browser environment (such as headless Chrome) to act as a user in the Backend or User plugin without having to go through authentication. This route is `[[URL]]/_dusk/login/[[USER ID]]/[[MANAGER]]` - where `[[URL]]` is the base URL of the site, `[[USER ID]]` is the ID of the user account and `[[MANAGER]]` is the authentication manager (either `backend` for Backend, or `user` for the User plugin). If a configuration of a site using the Dusk plugin is set up in such a way that the Dusk plugin is available publicly and the test cases in Dusk are run with live data, this route may potentially be used to gain access to any user account in either the Backend or User plugin without authentication. As indicated in the `README`, this plugin should only be used in development and should *NOT* be used in a production instance. It is specifically recommended that the plugin be installed as a development dependency only in Composer. In order to remediate this issue, the special routes used above will now no longer be registered unless the `APP_ENV` environment variable is specifically set to `dusk`. Since Winter by default does not use this environment variable and it is not populated by default, it will only exist if Dusk's automatic configuration is used (which won't exhibit this vulnerability) or if a developer manually specifies it in their configuration. The automatic configuration performed by the Dusk plugin has also been hardened by default to use sane defaults and not allow external environment variables to leak into this configuration. This will only affect users in which the Winter CMS installation meets ALL the following criteria: 1. The Dusk plugin is installed in the Winter CMS instance. 2. The application is in production mode (ie. the `debug` config value is set to `true` in `config/app.php`). 3. The Dusk plugin's automatic configuration has been overridden, either by providing a custom `.env.dusk` file or by providing custom configuration in the `config/dusk` folder, or by providing configuration environment variables externally. 4. The environment has been configured to use production data in the database for testing, and not the temporary SQLite database that Dusk uses by default. 5. The application is connectable via the web. This issue has been fixed in version 2.1.0. Users are advised to upgrade.", "poc": ["https://github.com/JohnNetSouldRU/CVE-2024-32003-POC"]}, {"cve": "CVE-2024-25468", "desc": "An issue in TOTOLINK X5000R V.9.1.0u.6369_B20230113 allows a remote attacker to cause a denial of service via the host_time parameter of the NTPSyncWithHost component.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-22927", "desc": "Cross Site Scripting (XSS) vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.", "poc": ["https://github.com/weng-xianhu/eyoucms/issues/57"]}, {"cve": "CVE-2024-27298", "desc": "parse-server is a Parse Server for Node.js / Express. This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. The vulnerability has been fixed in 6.5.0 and 7.0.0-alpha.20.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-33832", "desc": "OneNav v0.9.35-20240318 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /index.php?c=api&method=get_link_info.", "poc": ["https://github.com/helloxz/onenav/issues/186"]}, {"cve": "CVE-2024-1459", "desc": "A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-7222", "desc": "A vulnerability, which was classified as critical, was found in SourceCodester Lot Reservation Management System 1.0. Affected is an unknown function of the file /home.php. The manipulation of the argument type leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-272802 is the identifier assigned to this vulnerability.", "poc": ["https://gist.github.com/topsky979/9f3d490a2bfdb5794dffc2f4aed72250"]}, {"cve": "CVE-2024-2610", "desc": "Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-7290", "desc": "A vulnerability classified as critical has been found in SourceCodester Establishment Billing Management System 1.0. This affects an unknown part of the file /manage_tenant.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273159.", "poc": ["https://gist.github.com/topsky979/e40f691866138ea1abf3ca452c4ae3ac"]}, {"cve": "CVE-2024-35222", "desc": "Tauri is a framework for building binaries for all major desktop platforms. Remote origin iFrames in Tauri applications can access the Tauri IPC endpoints without being explicitly allowed in the `dangerousRemoteDomainIpcAccess` in v1 and in the `capabilities` in v2. Valid commands with potentially unwanted consequences (\"delete project\", \"transfer credits\", etc.) could be invoked by an attacker that controls the content of an iframe running inside a Tauri app. This vulnerability has been patched in versions 1.6.7 and 2.0.0-beta.19.", "poc": ["https://github.com/tauri-apps/tauri/security/advisories/GHSA-57fm-592m-34r7"]}, {"cve": "CVE-2024-20711", "desc": "Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-1743", "desc": "The WooCommerce Customers Manager WordPress plugin before 29.8 does not sanitise and escape various parameters before outputting them back in pages and attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin", "poc": ["https://wpscan.com/vulnerability/3cb1f707-6093-42a7-a778-2b296bdf1735/", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-34220", "desc": "Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the 'leave' parameter.", "poc": ["https://github.com/dovankha/CVE-2024-34220", "https://github.com/dovankha/CVE-2024-34220", "https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/tanjiti/sec_profile"]}, {"cve": "CVE-2024-0868", "desc": "The coreActivity: Activity Logging plugin for WordPress plugin before 2.1 retrieved IP addresses of requests via headers such X-FORWARDED to log them, allowing users to spoof them by providing an arbitrary value", "poc": ["https://wpscan.com/vulnerability/bb7c2d2b-cdfe-433b-96cf-714e71d12b22/"]}, {"cve": "CVE-2024-21081", "desc": "Vulnerability in the Oracle Partner Management product of Oracle E-Business Suite (component: Attribute Admin Setup). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Partner Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Partner Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Partner Management accessible data. CVSS 3.1 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).", "poc": ["https://www.oracle.com/security-alerts/cpuapr2024.html"]}, {"cve": "CVE-2024-2277", "desc": "A vulnerability was found in Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /Setting/change_password_save of the component Password Reset Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-256046 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://vuldb.com/?id.256046", "https://github.com/Srivishnu-p/CVEs-and-Vulnerabilities"]}, {"cve": "CVE-2024-25619", "desc": "Mastodon is a free, open-source social network server based on ActivityPub. When an OAuth Application is destroyed, the streaming server wasn't being informed that the Access Tokens had also been destroyed, this could have posed security risks to users by allowing an application to continue listening to streaming after the application had been destroyed. Essentially this comes down to the fact that when Doorkeeper sets up the relationship between Applications and Access Tokens, it uses a `dependent: delete_all` configuration, which means the `after_commit` callback setup on `AccessTokenExtension` didn't actually fire, since `delete_all` doesn't trigger ActiveRecord callbacks. To mitigate, we need to add a `before_destroy` callback to `ApplicationExtension` which announces to streaming that all the Application's Access Tokens are being \"killed\". Impact should be negligible given the affected application had to be owned by the user. None the less this issue has been addressed in versions 4.2.6, 4.1.14, 4.0.14, and 3.5.18. Users are advised to upgrade. There are no known workaround for this vulnerability.", "poc": ["https://github.com/mastodon/mastodon/security/advisories/GHSA-7w3c-p9j8-mq3x"]}, {"cve": "CVE-2024-25413", "desc": "A XSLT Server Side injection vulnerability in the Import Jobs function of FireBear Improved Import And Export v3.8.6 allows attackers to execute arbitrary commands via a crafted XSLT file.", "poc": ["https://github.com/capture0x/Magento-ver.-2.4.6", "https://packetstormsecurity.com/files/175801/FireBear-Improved-Import-And-Export-3.8.6-XSLT-Server-Side-Injection.html", "https://github.com/capture0x/My-CVE", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-31857", "desc": "Forminator prior to 1.15.4 contains a cross-site scripting vulnerability. If this vulnerability is exploited, a remote attacker may obtain user information etc. and alter the page contents on the user's web browser.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-34534", "desc": "A SQL injection vulnerability in Cybrosys Techno Solutions Text Commander module (aka text_commander) 16.0 through 16.0.1 allows a remote attacker to gain privileges via the data parameter to models/ir_model.py:IrModel::chech_model.", "poc": ["https://github.com/luvsn/OdZoo/tree/main/exploits/text_commander"]}, {"cve": "CVE-2024-28074", "desc": "It was discovered that a previous vulnerability was not completely fixed with SolarWinds Access Rights Manager. While some controls were implemented the researcher was able to bypass these and use a different method to exploit the vulnerability.", "poc": ["https://github.com/tanjiti/sec_profile"]}, {"cve": "CVE-2024-30965", "desc": "DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /src/dede/member_scores.php.", "poc": ["https://github.com/Fishkey1/cms/commit/e9d294951ab2dd85709f1d12ad4747f25d326b1b", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-25447", "desc": "An issue in the imlib_load_image_with_error_return function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image.", "poc": ["https://github.com/derf/feh/issues/709", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-32976", "desc": "Envoy is a cloud-native, open source edge and service proxy. Envoyproxy with a Brotli filter can get into an endless loop during decompression of Brotli data with extra input.", "poc": ["https://github.com/envoyproxy/envoy/security/advisories/GHSA-7wp5-c2vq-4f8m"]}, {"cve": "CVE-2024-1201", "desc": "Search path or unquoted item vulnerability in HDD Health affecting versions 4.2.0.112 and earlier. This vulnerability could allow a local attacker to store a malicious executable file within the unquoted search path, resulting in privilege escalation.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-0010", "desc": "A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of a user\u2019s browser) if a user clicks on a malicious link, allowing phishing attacks that could lead to credential theft.", "poc": ["https://github.com/afine-com/research"]}, {"cve": "CVE-2024-28276", "desc": "Sourcecodester School Task Manager 1.0 is vulnerable to Cross Site Scripting (XSS) via add-task.php?task_name=.", "poc": ["https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/unrealjbr/CVE-2024-28276"]}, {"cve": "CVE-2024-33339", "desc": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.", "poc": ["https://github.com/balckgu1/Poc", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-21524", "desc": "All versions of the package node-stringbuilder are vulnerable to Out-of-bounds Read due to incorrect memory length calculation, by calling ToBuffer, ToString, or CharAt on a StringBuilder object with a non-empty string value input. It's possible to return previously allocated memory, for example, by providing negative indexes, leading to an Information Disclosure.", "poc": ["https://gist.github.com/dellalibera/0bb022811224f81d998fa61c3175ee67", "https://security.snyk.io/vuln/SNYK-JS-NODESTRINGBUILDER-6421617", "https://github.com/dellalibera/dellalibera"]}, {"cve": "CVE-2024-4803", "desc": "A vulnerability was found in Kashipara College Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file submit_admin.php. The manipulation of the argument phone leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263923.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-27170", "desc": "It was observed that all the Toshiba printers contain credentials used for WebDAV access in the readable file. Then, it is possible to get a full access with WebDAV to the printer. As for the affected products/models/versions, see the reference URL.", "poc": ["http://seclists.org/fulldisclosure/2024/Jul/1"]}, {"cve": "CVE-2024-29801", "desc": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Petri Damst\u00e9n Fullscreen Galleria allows Stored XSS.This issue affects Fullscreen Galleria: from n/a through 1.6.11.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-30511", "desc": "Insertion of Sensitive Information into Log File vulnerability in Fr\u00e9d\u00e9ric GILLES FG PrestaShop to WooCommerce.This issue affects FG PrestaShop to WooCommerce: from n/a through 4.45.1.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-25625", "desc": "Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. A potential security vulnerability has been discovered in `pimcore/admin-ui-classic-bundle` prior to version 1.3.4. The vulnerability involves a Host Header Injection in the `invitationLinkAction` function of the UserController, specifically in the way `$loginUrl` trusts user input. The host header from incoming HTTP requests is used unsafely when generating URLs. An attacker can manipulate the HTTP host header in requests to the /admin/user/invitationlink endpoint, resulting in the generation of URLs with the attacker's domain. In fact, if a host header is injected in the POST request, the $loginURL parameter is constructed with this unvalidated host header. It is then used to send an invitation email to the provided user. This vulnerability can be used to perform phishing attacks by making the URLs in the invitation links emails point to an attacker-controlled domain. Version 1.3.4 contains a patch for the vulnerability. The maintainers recommend validating the host header and ensuring it matches the application's domain. It would also be beneficial to use a default trusted host or hostname if the incoming host header is not recognized or is absent.", "poc": ["https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-3qpq-6w89-f7mx", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/v0lck3r/SecurityResearch"]}, {"cve": "CVE-2024-4728", "desc": "A vulnerability was found in Campcodes Legal Case Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/court. The manipulation of the argument court_name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263806 is the identifier assigned to this vulnerability.", "poc": ["https://github.com/yylmm/CVE/blob/main/Legal%20Case%20Management%20System/xss_admin_court.md"]}, {"cve": "CVE-2024-1257", "desc": "A vulnerability was found in Jspxcms 10.2.0. It has been classified as problematic. Affected is an unknown function of the file /ext/collect/find_text.do. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252996.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-35740", "desc": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Theme Freesia Pixgraphy allows Stored XSS.This issue affects Pixgraphy: from n/a through 1.3.8.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-20970", "desc": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-30612", "desc": "Tenda AC10U v15.03.06.48 has a stack overflow vulnerability in the deviceId, limitSpeed, limitSpeedUp parameter from formSetClientState function.", "poc": ["https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.48/more/formSetClientState.md", "https://github.com/LaPhilosophie/IoT-vulnerable", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-26638", "desc": "In the Linux kernel, the following vulnerability has been resolved:nbd: always initialize struct msghdr completelysyzbot complains that msg->msg_get_inq value can be uninitialized [1]struct msghdr got many new fields recently, we should always makesure their values is zero by default.[1] BUG: KMSAN: uninit-value in tcp_recvmsg+0x686/0xac0 net/ipv4/tcp.c:2571 tcp_recvmsg+0x686/0xac0 net/ipv4/tcp.c:2571 inet_recvmsg+0x131/0x580 net/ipv4/af_inet.c:879 sock_recvmsg_nosec net/socket.c:1044 [inline] sock_recvmsg+0x12b/0x1e0 net/socket.c:1066 __sock_xmit+0x236/0x5c0 drivers/block/nbd.c:538 nbd_read_reply drivers/block/nbd.c:732 [inline] recv_work+0x262/0x3100 drivers/block/nbd.c:863 process_one_work kernel/workqueue.c:2627 [inline] process_scheduled_works+0x104e/0x1e70 kernel/workqueue.c:2700 worker_thread+0xf45/0x1490 kernel/workqueue.c:2781 kthread+0x3ed/0x540 kernel/kthread.c:388 ret_from_fork+0x66/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242Local variable msg created at: __sock_xmit+0x4c/0x5c0 drivers/block/nbd.c:513 nbd_read_reply drivers/block/nbd.c:732 [inline] recv_work+0x262/0x3100 drivers/block/nbd.c:863CPU: 1 PID: 7465 Comm: kworker/u5:1 Not tainted 6.7.0-rc7-syzkaller-00041-gf016f7547aee #0Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023Workqueue: nbd5-recv recv_work", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-6120", "desc": "The Sparkle Demo Importer plugin for WordPress is vulnerable to unauthorized database reset and demo data import due to a missing capability check on the multiple functions in all versions up to and including 1.4.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete all posts, pages, and uploaded files, as well as download and install a limited set of demo plugins.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4203", "desc": "The Premium Addons Pro for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the maps widget in all versions up to, and including, 4.10.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Please note this only affects sites running the premium version of the plugin.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-31574", "desc": "Cross Site Scripting vulnerability in TWCMS v.2.6 allows a local attacker to execute arbitrary code via a crafted script", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-31844", "desc": "An issue was discovered in Italtel Embrace 1.6.4. The server does not properly handle application errors. In some cases, this leads to a disclosure of information about the server. An unauthenticated user is able craft specific requests in order to make the application generate an error. Inside an error message, some information about the server is revealed, such as the absolute path of the source code of the application. This kind of information can help an attacker to perform other attacks against the system. This can be exploited without authentication.", "poc": ["https://www.gruppotim.it/it/footer/red-team.html"]}, {"cve": "CVE-2024-3769", "desc": "A vulnerability, which was classified as critical, was found in PHPGurukul Student Record System 3.20. Affected is an unknown function of the file /login.php. The manipulation of the argument id/password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260616.", "poc": ["https://github.com/BurakSevben/CVEs/blob/main/Student%20Record%20System%203.20/Student%20Record%20System%20-%20Authentication%20Bypass.md", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-2671", "desc": "A vulnerability was found in Campcodes Online Job Finder System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/user/index.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257371.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-7065", "desc": "A vulnerability was found in Spina CMS up to 2.18.0. It has been classified as problematic. Affected is an unknown function of the file /admin/pages/. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-272346 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/topsky979/Security-Collections/blob/main/1700810/README.md"]}, {"cve": "CVE-2024-38950", "desc": "Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attackers to crash the application via crafted payload to __interceptor_memcpy function.", "poc": ["https://github.com/strukturag/libde265/issues/460"]}, {"cve": "CVE-2024-4199", "desc": "The Bulk Posts Editing For WordPress plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on the plugin's AJAX actions in all versions up to, and including, 4.2.3. This makes it possible for authenticated attackers, with subscriber access and higher, to invoke their corresponding functions. This may lead to post creation and duplication, post content retrieval, post taxonomy manipulation.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-31214", "desc": "Traccar is an open source GPS tracking system. Traccar versions 5.1 through 5.12 allow arbitrary files to be uploaded through the device image upload API. Attackers have full control over the file contents, full control over the directory where the file is stored, full control over the file extension, and partial control over the file name. While it's not for an attacker to overwrite an existing file, an attacker can create new files with certain names and attacker-controlled extensions anywhere on the file system. This can potentially lead to remote code execution, XSS, DOS, etc. The default install of Traccar makes this vulnerability more severe. Self-registration is enabled by default, allowing anyone to create an account to exploit this vulnerability. Traccar also runs by default with root/system privileges, allowing files to be placed anywhere on the file system. Version 6.0 contains a fix for the issue. One may also turn off self-registration by default, as that would make most vulnerabilities in the application much harder to exploit by default and reduce the severity considerably.", "poc": ["https://github.com/traccar/traccar/security/advisories/GHSA-3gxq-f2qj-c8v9", "https://github.com/nvn1729/advisories"]}, {"cve": "CVE-2024-34352", "desc": "1Panel is an open source Linux server operation and maintenance management panel. Prior to v1.10.3-lts, there are many command injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. The mirror configuration write symbol `>` can be used to achieve arbitrary file writing. This vulnerability is fixed in v1.10.3-lts.", "poc": ["https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-f8ch-w75v-c847"]}, {"cve": "CVE-2024-21313", "desc": "Windows TCP/IP Information Disclosure Vulnerability", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-22876", "desc": "StrangeBee TheHive 5.1.0 to 5.1.9 and 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting (XSS) in the case attachment functionality which enables an attacker to upload a malicious HTML file with Javascript code that will be executed in the context of the The Hive application using a specific URL. The vulnerability can be used to coerce a victim account to perform specific actions on the application as helping an analyst becoming administrator.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-29118", "desc": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scrollsequence allows Stored XSS.This issue affects Scrollsequence: from n/a through 1.5.4.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-31207", "desc": "Vite (French word for \"quick\", pronounced /vit/, like \"veet\") is a frontend build tooling to improve the frontend development experience.`server.fs.deny` does not deny requests for patterns with directories. This vulnerability has been patched in version(s) 5.2.6, 5.1.7, 5.0.13, 4.5.3, 3.2.10 and 2.9.18.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/nics-tw/sbom2vans"]}, {"cve": "CVE-2024-1303", "desc": "Incorrectly limiting the path to a restricted directory vulnerability in Badger Meter Monitool that affects versions up to 4.6.3 and earlier. This vulnerability allows an authenticated attacker to retrieve any file from the device using the download-file functionality.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/guillermogm4/CVE-2024-1303---Badgermeter-moni-tool-Path-Traversal", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-2331", "desc": "A vulnerability was found in SourceCodester Tourist Reservation System 1.0. It has been declared as critical. This vulnerability affects the function ad_writedata of the file System.cpp. The manipulation of the argument ad_code leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-256282 is the identifier assigned to this vulnerability.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-28109", "desc": "veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution (RCE) vulnerability. This vulnerability is fixed in 1.24.2.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-5770", "desc": "The WP Force SSL & HTTPS SSL Redirect plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_save_setting' function in versions up to, and including, 1.66. This makes it possible for authenticated attackers, subscriber-level permissions and above, to update the plugin settings.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-36123", "desc": "Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The page `MediaWiki:Tagline` has its contents used unescaped, so custom HTML (including Javascript) can be injected by someone with the ability to edit the MediaWiki namespace (typically those with the `editinterface` permission, or sysops). This vulnerability is fixed in 2.16.0.", "poc": ["https://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-jhm6-qjhq-5mf9"]}, {"cve": "CVE-2024-25169", "desc": "An issue in Mezzanine v6.0.0 allows attackers to bypass access control mechanisms in the admin panel via a crafted request.", "poc": ["https://github.com/shenhav12/CVE-2024-25169-Mezzanine-v6.0.0", "https://github.com/AppThreat/vulnerability-db", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/shenhav12/CVE-2024-25169-Mezzanine-v6.0.0"]}, {"cve": "CVE-2024-23717", "desc": "In access_secure_service_from_temp_bond of btm_sec.cc, there is a possible way to achieve keystroke injection due to improper input validation. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "poc": ["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/c5c528beb6e1cfed3ec93a3a264084df32ce83c2"]}, {"cve": "CVE-2024-4474", "desc": "The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack", "poc": ["https://wpscan.com/vulnerability/71954c60-6a5b-4cac-9920-6d9b787ead9c/"]}, {"cve": "CVE-2024-34466", "desc": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-34467. Reason: This candidate is a reservation duplicate of CVE-2024-34467. Notes: All CVE users should reference CVE-2024-34467 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-29896", "desc": "Astro-Shield is a library to compute the subresource integrity hashes for your JS scripts and CSS stylesheets. When automated CSP headers generation for SSR content is enabled and the web application serves content that can be partially controlled by external users, then it is possible that the CSP headers generation feature might be \"allow-listing\" malicious injected resources like inlined JS, or references to external malicious scripts. The fix is available in version 1.3.0.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-27571", "desc": "LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the makeCurRemoteApList function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.", "poc": ["https://github.com/cvdyfbwa/IoT_LBT_Router/blob/main/makeCurRemoteApList.md", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4653", "desc": "A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1 and classified as critical. Affected by this issue is some unknown functionality of the file /xds/outIndex.php. The manipulation of the argument name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-263498 is the identifier assigned to this vulnerability.", "poc": ["https://github.com/Hefei-Coffee/cve/blob/main/sql.md", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-23836", "desc": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to versions 6.0.16 and 7.0.3, an attacker can craft traffic to cause Suricata to use far more CPU and memory for processing the traffic than needed, which can lead to extreme slow downs and denial of service. This vulnerability is patched in 6.0.16 or 7.0.3. Workarounds include disabling the affected protocol app-layer parser in the yaml and reducing the `stream.reassembly.depth` value helps reduce the severity of the issue.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-41628", "desc": "Directory Traversal vulnerability in Severalnines Cluster Control 1.9.8 before 1.9.8-9778, 2.0.0 before 2.0.0-9779, and 2.1.0 before 2.1.0-9780 allows a remote attacker to include and display file content in an HTTP request via the CMON API.", "poc": ["https://github.com/20142995/nuclei-templates", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-0817", "desc": "Command injection in IrGraph.draw in paddlepaddle/paddle 2.6.0", "poc": ["https://huntr.com/bounties/44d5cbd9-a046-417b-a8d4-bea6fda9cbe3", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-0337", "desc": "The Travelpayouts: All Travel Brands in One Place WordPress plugin through 1.1.15 is vulnerable to Open Redirect due to insufficient validation on the travelpayouts_redirect variable. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.", "poc": ["https://wpscan.com/vulnerability/2f17a274-8676-4f4e-989f-436030527890/", "https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-24388", "desc": "Cross-site scripting (XSS) vulnerability in XunRuiCMS versions v4.6.2 and before, allows remote attackers to obtain sensitive information via crafted malicious requests to the background login.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-37870", "desc": "SQL injection vulnerability in processscore.php in Learning Management System Project In PHP With Source Code 1.0 allows attackers to execute arbitrary SQL commands via the id parameter.", "poc": ["https://github.com/TThuyyy/cve1/issues/3"]}, {"cve": "CVE-2024-25151", "desc": "The Calendar module in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not escape user supplied data in the default notification email template, which allows remote authenticated users to inject arbitrary web script or HTML via the title of a calendar event or the user's name. This may lead to a content spoofing or cross-site scripting (XSS) attacks depending on the capability of the receiver's mail client.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-26073", "desc": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-6518", "desc": "The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "poc": ["https://github.com/fluentform/fluentform"]}, {"cve": "CVE-2024-32404", "desc": "Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1, allows remote attackers to execute arbitrary code via a crafted payload to the Markup Sandbox feature.", "poc": ["https://packetstormsecurity.com/2404-exploits/rlts-sstexec.txt", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-20671", "desc": "Microsoft Defender Security Feature Bypass Vulnerability", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-3745", "desc": "MSI Afterburner v4.6.6.16381 Beta 3 is vulnerable to an ACL Bypass vulnerability in the RTCore64.sys driver, which leads to triggering vulnerabilities like CVE-2024-1443 and CVE-2024-1460 from a low privileged user.", "poc": ["https://fluidattacks.com/advisories/gershwin/", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-20048", "desc": "In flashc, there is a possible information disclosure due to an uncaught exception. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541769; Issue ID: ALPS08541769.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-3710", "desc": "The Image Photo Gallery Final Tiles Grid WordPress plugin before 3.6.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin", "poc": ["https://wpscan.com/vulnerability/bde10913-4f7e-4590-86eb-33bfa904f95f/"]}, {"cve": "CVE-2024-0289", "desc": "A vulnerability classified as critical was found in Kashipara Food Management System 1.0. This vulnerability affects unknown code of the file stock_entry_submit.php. The manipulation of the argument itemype leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249850 is the identifier assigned to this vulnerability.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-0208", "desc": "GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-21046", "desc": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "poc": ["https://www.oracle.com/security-alerts/cpuapr2024.html"]}, {"cve": "CVE-2024-23773", "desc": "An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An Arbitrary file delete vulnerability exists in the KSchedulerSvc.exe component. Local attackers can delete any file of their choice with NT Authority\\SYSTEM privileges.", "poc": ["https://github.com/Verrideo/CVE-2024-23773", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-34394", "desc": "libxmljs2 is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking the namespaces() function (which invokes XmlNode::get_local_namespaces()) on a grand-child of a node that refers to an entity. This vulnerability can lead to denial of service and remote code execution.", "poc": ["https://github.com/marudor/libxmljs2/issues/205", "https://research.jfrog.com/vulnerabilities/libxmljs2-namespaces-type-confusion-rce-jfsa-2024-001034098/"]}, {"cve": "CVE-2024-34219", "desc": "TOTOLINK CP450 V4.1.0cu.747_B20191224 was discovered to contain a vulnerability in the SetTelnetCfg function, which allows attackers to log in through telnet.", "poc": ["https://github.com/n0wstr/IOTVuln/tree/main/CP450/SetTelnetCfg"]}, {"cve": "CVE-2024-26265", "desc": "The Image Uploader module in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions relies on a request parameter to limit the size of files that can be uploaded, which allows remote authenticated users to upload arbitrarily large files to the system's temp folder by modifying the `maxFileSize` parameter.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-0726", "desc": "A vulnerability was found in Project Worlds Student Project Allocation System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file admin_login.php of the component Admin Login Module. The manipulation of the argument msg with the input test%22%3Cscript%3Ealert(%27Torada%27)%3C/script%3E leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251549 was assigned to this vulnerability.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-36426", "desc": "In TARGIT Decision Suite 23.2.15007.0 before Autumn 2023, the session token is part of the URL and may be sent in a cleartext HTTP session.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4618", "desc": "The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Team Member widget in all versions up to, and including, 2.6.9.6 due to insufficient input sanitization and output escaping on user supplied 'url' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-28835", "desc": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "poc": ["https://github.com/GitHubForSnap/ssmtp-gael", "https://github.com/GrigGM/05-virt-04-docker-hw", "https://github.com/NaInSec/CVE-LIST", "https://github.com/trailofbits/publications"]}, {"cve": "CVE-2024-21024", "desc": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "poc": ["https://www.oracle.com/security-alerts/cpuapr2024.html"]}, {"cve": "CVE-2024-7114", "desc": "A vulnerability was found in Tianchoy Blog up to 1.8.8. It has been classified as critical. This affects an unknown part of the file /so.php. The manipulation of the argument search leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272445 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/topsky979/Security-Collections/tree/main/cve5"]}, {"cve": "CVE-2024-5590", "desc": "A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been declared as critical. This vulnerability affects unknown code of the file /protocol/iscuser/uploadiscuser.php of the component JSON Content Handler. The manipulation of the argument messagecontent leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-266848. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/flyyue2001/cve/blob/main/NS-ASG-sql-uploadiscuser.md"]}, {"cve": "CVE-2024-2022", "desc": "A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/list_ipAddressPolicy.php. The manipulation of the argument GroupId leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255301 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/tanjiti/sec_profile", "https://github.com/wjlin0/poc-doc", "https://github.com/wy876/POC", "https://github.com/wy876/wiki"]}, {"cve": "CVE-2024-34350", "desc": "Next.js is a React framework that can provide building blocks to create web applications. Prior to 13.5.1, an inconsistent interpretation of a crafted HTTP request meant that requests are treated as both a single request, and two separate requests by Next.js, leading to desynchronized responses. This led to a response queue poisoning vulnerability in the affected Next.js versions. For a request to be exploitable, the affected route also had to be making use of the [rewrites](https://nextjs.org/docs/app/api-reference/next-config-js/rewrites) feature in Next.js. The vulnerability is resolved in Next.js `13.5.1` and newer.", "poc": ["https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-30690", "desc": "** DISPUTED ** An unauthorized node injection vulnerability has been identified in ROS2 Galactic Geochelone versions where ROS_VERSION is 2 and ROS_PYTHON_VERSION is 3, allows remote attackers to escalate privileges. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "poc": ["https://github.com/yashpatelphd/CVE-2024-30690"]}, {"cve": "CVE-2024-21112", "desc": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).", "poc": ["https://www.oracle.com/security-alerts/cpuapr2024.html"]}, {"cve": "CVE-2024-22145", "desc": "Improper Privilege Management vulnerability in InstaWP Team InstaWP Connect allows Privilege Escalation.This issue affects InstaWP Connect: from n/a through 0.1.0.8.", "poc": ["https://github.com/RandomRobbieBF/CVE-2024-22145", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-2560", "desc": "A vulnerability classified as problematic was found in Tenda AC18 15.03.05.05. Affected by this vulnerability is the function fromSysToolRestoreSet of the file /goform/SysToolRestoreSet. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257059. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/fromSysToolRestoreSet.md", "https://github.com/LaPhilosophie/IoT-vulnerable", "https://github.com/NaInSec/CVE-LIST", "https://github.com/helloyhrr/IoT_vulnerability"]}, {"cve": "CVE-2024-2581", "desc": "A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. This issue affects the function fromSetRouteStatic of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257081 was assigned to this vulnerability.", "poc": ["https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10/V16.03.10.13/fromSetRouteStatic.md", "https://github.com/LaPhilosophie/IoT-vulnerable", "https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/helloyhrr/IoT_vulnerability"]}, {"cve": "CVE-2024-39661", "desc": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ExtendThemes Kubio AI Page Builder.This issue affects Kubio AI Page Builder: from n/a through 2.2.4.", "poc": ["https://github.com/20142995/nuclei-templates"]}, {"cve": "CVE-2024-0735", "desc": "A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been rated as critical. Affected by this issue is the function exec of the file admin/operations/expense.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-251558 is the identifier assigned to this vulnerability.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-3983", "desc": "The WooCommerce Customers Manager WordPress plugin before 30.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting customers via CSRF attacks", "poc": ["https://wpscan.com/vulnerability/e4059d66-07b9-4f1a-a461-d6e8f0e98eec/"]}, {"cve": "CVE-2024-22663", "desc": "TOTOLINK_A3700R_V9.1.2u.6165_20211012has a command Injection vulnerability via setOpModeCfg", "poc": ["https://github.com/Covteam/iot_vuln/tree/main/setOpModeCfg2", "https://github.com/Joe1sn/Joe1sn"]}, {"cve": "CVE-2024-27988", "desc": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WEN Themes WEN Responsive Columns allows Stored XSS.This issue affects WEN Responsive Columns: from n/a through 1.3.2.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-1977", "desc": "The Restaurant Solutions \u2013 Checklist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Checklist points in version 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.", "poc": ["https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2022-004"]}, {"cve": "CVE-2024-33275", "desc": "SQL injection vulnerability in Webbax supernewsletter v.1.4.21 and before allows a remote attacker to escalate privileges via the Super Newsletter module in the product_search.php components.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-40039", "desc": "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userGroup_deal.php?mudi=del", "poc": ["https://github.com/pangchunyuhack/cms/blob/main/62/csrf.md"]}, {"cve": "CVE-2024-39701", "desc": "Directus is a real-time API and App dashboard for managing SQL database content. Directus >=9.23.0, <=v10.5.3 improperly handles _in, _nin operators. It evaluates empty arrays as valid so expressions like {\"role\": {\"_in\": $CURRENT_USER.some_field}} would evaluate to true allowing the request to pass. This results in Broken Access Control because the rule fails to do what it was intended to do: Pass rule if **field** matches any of the **values**. This vulnerability is fixed in 10.6.0.", "poc": ["https://github.com/directus/directus/security/advisories/GHSA-hxgm-ghmv-xjjm"]}, {"cve": "CVE-2024-24786", "desc": "The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.", "poc": ["https://github.com/DanielePeruzzi97/rancher-k3s-docker", "https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/nics-tw/sbom2vans", "https://github.com/ytono/gcp-arcade"]}, {"cve": "CVE-2024-5136", "desc": "A vulnerability classified as problematic has been found in PHPGurukul Directory Management System 1.0. Affected is an unknown function of the file /admin/search-directory.php.. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265212.", "poc": ["https://github.com/BurakSevben/CVEs/blob/main/Directory%20Management%20System/Directory%20Management%20System%20-%20Cross-Site-Scripting%20-%201.md"]}, {"cve": "CVE-2024-30504", "desc": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel Engine.This issue affects WP Travel Engine: from n/a through 5.7.9.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-0672", "desc": "The Pz-LinkCard WordPress plugin through 2.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin", "poc": ["https://wpscan.com/vulnerability/eceb6585-5969-4aa6-9908-b6bfb578190a/"]}, {"cve": "CVE-2024-21326", "desc": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-33655", "desc": "The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service (resource consumption) by arranging for DNS queries to be accumulated for seconds, such that responses are later sent in a pulsing burst (which can be considered traffic amplification in some cases), aka the \"DNSBomb\" issue.", "poc": ["https://gitlab.isc.org/isc-projects/bind9/-/issues/4398", "https://meterpreter.org/researchers-uncover-dnsbomb-a-new-pdos-attack-exploiting-legitimate-dns-features/"]}, {"cve": "CVE-2024-5676", "desc": "The Paradox IP150 Internet Module in version 1.40.00 is vulnerable to Cross-Site Request Forgery (CSRF) attacks due to a lack of countermeasures and the use of the HTTP method `GET` to introduce changes in the system.", "poc": ["http://seclists.org/fulldisclosure/2024/Jun/8", "https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240321-01_Paradox_Cross_Site_Request_Forgery"]}, {"cve": "CVE-2024-26585", "desc": "In the Linux kernel, the following vulnerability has been resolved:tls: fix race between tx work scheduling and socket closeSimilarly to previous commit, the submitting thread (recvmsg/sendmsg)may exit as soon as the async crypto handler calls complete().Reorder scheduling the work before calling complete().This seems more logical in the first place, as it'sthe inverse order of what the submitting thread will do.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-24506", "desc": "Cross Site Scripting (XSS) vulnerability in Lime Survey Community Edition Version v.5.3.32+220817, allows remote attackers to execute arbitrary code via the Administrator email address parameter in the General Setting function.", "poc": ["https://bugs.limesurvey.org/bug_relationship_graph.php?bug_id=19364&graph=relation", "https://www.exploit-db.com/exploits/51926"]}, {"cve": "CVE-2024-22428", "desc": "Dell iDRAC Service Module, versions 5.2.0.0 and prior, contain an Incorrect Default Permissions vulnerability.\u00a0It may allow a local unprivileged user to escalate privileges and execute arbitrary code on the affected system. Dell recommends customers upgrade at the earliest opportunity.", "poc": ["https://github.com/chnzzh/iDRAC-CVE-lib"]}, {"cve": "CVE-2024-3148", "desc": "A vulnerability, which was classified as critical, has been found in DedeCMS 5.7.112. This issue affects some unknown processing of the file dede/makehtml_archives_action.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258923. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://vuldb.com/?id.258923", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/tanjiti/sec_profile"]}, {"cve": "CVE-2024-5606", "desc": "The Quiz and Survey Master (QSM) WordPress plugin before 9.0.2 is vulnerable does not validate and escape the question_id parameter in the qsm_bulk_delete_question_from_database AJAX action, leading to a SQL injection exploitable by Contributors and above role", "poc": ["https://wpscan.com/vulnerability/e3eee6bc-1f69-4be1-b323-0c9b5fe7535e/"]}, {"cve": "CVE-2024-37629", "desc": "SummerNote 0.8.18 is vulnerable to Cross Site Scripting (XSS) via the Code View Function.", "poc": ["https://github.com/summernote/summernote/issues/4642"]}, {"cve": "CVE-2024-32049", "desc": "BIG-IP Next Central Manager (CM) may allow an unauthenticated, remote attacker to obtain the BIG-IP Next LTM/WAF instance credentials.\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-3880", "desc": "A vulnerability has been found in Tenda W30E 1.0.1.25(633) and classified as critical. This vulnerability affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-260914 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W30E/formWriteFacMac.md", "https://github.com/LaPhilosophie/IoT-vulnerable"]}, {"cve": "CVE-2024-26548", "desc": "An issue in vivotek Network Camera v.FD8166A-VVTK-0204j allows a remote attacker to execute arbitrary code via a crafted payload to the upload_file.cgi component.", "poc": ["https://github.com/cwh031600/vivotek/blob/main/vivotek-FD8166A-uploadfile-dos/vivotek-FD8166A-uploadfile-analysis.md"]}, {"cve": "CVE-2024-3116", "desc": "pgAdmin <= 8.4 is affected by a Remote Code Execution (RCE) vulnerability through the validate binary path API. This vulnerability allows attackers to execute arbitrary code on the server hosting PGAdmin, posing a severe risk to the database management system's integrity and the security of the underlying data.", "poc": ["https://github.com/FoxyProxys/CVE-2024-3116", "https://github.com/TechieNeurons/CVE-2024-3116_RCE_in_pgadmin_8.4", "https://github.com/enomothem/PenTestNote", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/tanjiti/sec_profile"]}, {"cve": "CVE-2024-26045", "desc": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-21514", "desc": "This affects versions of the package opencart/opencart from 0.0.0. An SQL Injection issue was identified in the Divido payment extension for OpenCart, which is included by default in version 3.0.3.9. As an anonymous unauthenticated user, if the Divido payment module is installed (it does not have to be enabled), it is possible to exploit SQL injection to gain unauthorised access to the backend database. For any site which is vulnerable, any unauthenticated user could exploit this to dump the entire OpenCart database, including customer PII data.", "poc": ["https://security.snyk.io/vuln/SNYK-PHP-OPENCARTOPENCART-7266565", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-4065", "desc": "A vulnerability was found in Tenda AC8 16.03.34.09. It has been rated as critical. This issue affects the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261791. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC8/formSetRebootTimer.md", "https://github.com/LaPhilosophie/IoT-vulnerable"]}, {"cve": "CVE-2024-22223", "desc": "Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_cbr utility. An authenticated malicious user with local access could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-7350", "desc": "The Appointment Booking Calendar Plugin and Online Scheduling Plugin \u2013 BookingPress plugin for WordPress is vulnerable to authentication bypass in versions 1.1.6 to 1.1.7. This is due to the plugin not properly verifying a user's identity prior to logging them in when completing a booking. This makes it possible for unauthenticated attackers to log in as registered users, including administrators, if they have access to that user's email. This is only exploitable when the 'Auto login user after successful booking' setting is enabled.", "poc": ["https://github.com/20142995/nuclei-templates"]}, {"cve": "CVE-2024-36405", "desc": "liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. A control-flow timing lean has been identified in the reference implementation of the Kyber key encapsulation mechanism when it is compiled with Clang 15-18 for `-Os`, `-O1`, and other compilation options. A proof-of-concept local attack on the reference implementation leaks the entire ML-KEM 512 secret key in ~10 minutes using end-to-end decapsulation timing measurements. The issue has been fixed in version 0.10.1. As a possible workaround, some compiler options may produce vectorized code that does not leak secret information, however relying on these compiler options as a workaround may not be reliable.", "poc": ["https://github.com/open-quantum-safe/liboqs/security/advisories/GHSA-f2v9-5498-2vpp", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-6930", "desc": "The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute within the plugin's bookingform shortcode in all versions up to, and including, 10.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "poc": ["https://github.com/20142995/nuclei-templates"]}, {"cve": "CVE-2024-21055", "desc": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "poc": ["https://www.oracle.com/security-alerts/cpuapr2024.html"]}, {"cve": "CVE-2024-36572", "desc": "Prototype pollution in allpro form-manager 0.7.4 allows attackers to run arbitrary code and cause other impacts via the functions setDefaults, mergeBranch, and Object.setObjectValue.", "poc": ["https://gist.github.com/mestrtee/1771ab4fba733ca898b6e2463dc6ed19", "https://github.com/allpro/form-manager/issues/1"]}, {"cve": "CVE-2024-30601", "desc": "Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the time parameter of the saveParentControlInfo function.", "poc": ["https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/saveParentControlInfo_time.md", "https://github.com/LaPhilosophie/IoT-vulnerable", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-38100", "desc": "Windows File Explorer Elevation of Privilege Vulnerability", "poc": ["https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/tanjiti/sec_profile"]}, {"cve": "CVE-2024-2605", "desc": "An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-26990", "desc": "In the Linux kernel, the following vulnerability has been resolved:KVM: x86/mmu: Write-protect L2 SPTEs in TDP MMU when clearing dirty statusCheck kvm_mmu_page_ad_need_write_protect() when deciding whether towrite-protect or clear D-bits on TDP MMU SPTEs, so that the TDP MMUaccounts for any role-specific reasons for disabling D-bit dirty logging.Specifically, TDP MMU SPTEs must be write-protected when the TDP MMU isbeing used to run an L2 (i.e. L1 has disabled EPT) and PML is enabled.KVM always disables PML when running L2, even when L1 and L2 GPAs are inthe some domain, so failing to write-protect TDP MMU SPTEs will causewrites made by L2 to not be reflected in the dirty log.[sean: massage shortlog and changelog, tweak ternary op formatting]", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-23769", "desc": "Improper privilege control for the named pipe in Samsung Magician PC Software 8.0.0 (for Windows) allows a local attacker to read privileged data.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-38469", "desc": "zhimengzhe iBarn v1.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the $search parameter at /pay.php.", "poc": ["https://github.com/zhimengzhe/iBarn/issues/20"]}, {"cve": "CVE-2024-21381", "desc": "Microsoft Azure Active Directory B2C Spoofing Vulnerability", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-27207", "desc": "Exported broadcast receivers allowing malicious apps to bypass broadcast protection.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-27152", "desc": "The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference URL.", "poc": ["http://seclists.org/fulldisclosure/2024/Jul/1"]}, {"cve": "CVE-2024-2129", "desc": "The WPBITS Addons For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's heading widget in all versions up to, and including, 1.3.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-21382", "desc": "Microsoft Edge for Android Information Disclosure Vulnerability", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-33911", "desc": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar School Management Pro.This issue affects School Management Pro: from n/a through 10.3.4.", "poc": ["https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/xbz0n/CVE-2024-33911"]}, {"cve": "CVE-2024-22339", "desc": "IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 is vulnerable to a sensitive information due to insufficient obfuscation of sensitive values from some log files. IBM X-Force ID: 279979.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-7374", "desc": "A vulnerability classified as critical was found in SourceCodester Simple Realtime Quiz System 1.0. This vulnerability affects unknown code of the file /manage_user.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273358 is the identifier assigned to this vulnerability.", "poc": ["https://gist.github.com/topsky979/94ae61ff3fc760ac985dcd5e64da06c4"]}, {"cve": "CVE-2024-25580", "desc": "An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-3026", "desc": "The WordPress Button Plugin MaxButtons WordPress plugin before 9.7.8 does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks", "poc": ["https://wpscan.com/vulnerability/aba9d8a5-20a7-49e5-841c-9cfcb9bc6144/"]}, {"cve": "CVE-2024-7116", "desc": "A vulnerability was found in MD-MAFUJUL-HASAN Online-Payroll-Management-System up to 20230911. It has been rated as critical. This issue affects some unknown processing of the file /branch_viewmore.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-272447. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/topsky979/Security-Collections/tree/main/cve7"]}, {"cve": "CVE-2024-25154", "desc": "Improper URL validation leads to path traversal in FileCatalyst Direct 3.8.8 and earlier allowing an encoded payload to cause the web server to return files located outside of the web root which may lead to data leakage.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-0743", "desc": "An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.9, and Thunderbird < 115.9.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-33891", "desc": "Delinea Secret Server before 11.7.000001 allows attackers to bypass authentication via the SOAP API in SecretServer/webservices/SSWebService.asmx. This is related to a hardcoded key, the use of the integer 2 for the Admin user, and removal of the oauthExpirationId attribute.", "poc": ["https://straightblast.medium.com/all-your-secrets-are-belong-to-us-a-delinea-secret-server-authn-authz-bypass-adc26c800ad3"]}, {"cve": "CVE-2024-24105", "desc": "SQL Injection vulnerability in Code-projects Computer Science Time Table System 1.0 allows attackers to run arbitrary code via adminFormvalidation.php.", "poc": ["https://github.com/ASR511-OO7/CVE-2024-24105", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-22005", "desc": "there is a possible Authentication Bypass due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-24919", "desc": "Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.", "poc": ["https://github.com/0nin0hanz0/CVE-2024-24919-PoC", "https://github.com/0x3f3c/CVE-2024-24919", "https://github.com/0xans/CVE-2024-24919", "https://github.com/3UR/CVE-2024-24919", "https://github.com/B1naryo/CVE-2024-24919-POC", "https://github.com/Bytenull00/CVE-2024-24919", "https://github.com/Cappricio-Securities/CVE-2024-24919", "https://github.com/Expl0itD0g/CVE-2024-24919---Poc", "https://github.com/GlobalsecureAcademy/CVE-2024-24919", "https://github.com/GoatSecurity/CVE-2024-24919", "https://github.com/GuayoyoCyber/CVE-2024-24919", "https://github.com/J4F9S5D2Q7/CVE-2024-24919", "https://github.com/J4F9S5D2Q7/CVE-2024-24919-CHECKPOINT", "https://github.com/LucasKatashi/CVE-2024-24919", "https://github.com/MohamedWagdy7/CVE-2024-24919", "https://github.com/Ostorlab/KEV", "https://github.com/Praison001/CVE-2024-24919-Check-Point-Remote-Access-VPN", "https://github.com/RevoltSecurities/CVE-2024-24919", "https://github.com/Rug4lo/CVE-2024-24919-Exploit", "https://github.com/Threekiii/CVE", "https://github.com/Tim-Hoekstra/CVE-2024-24919", "https://github.com/Vulnpire/CVE-2024-24919", "https://github.com/YN1337/CVE-2024-24919", "https://github.com/am-eid/CVE-2024-24919", "https://github.com/bigb0x/CVE-2024-24919-Sniper", "https://github.com/birdlex/cve-2024-24919-checker", "https://github.com/c3rrberu5/CVE-2024-24919", "https://github.com/cp-ibmcloud/checkpoint-iaas-gw-ibm-vpc", "https://github.com/cp-ibmcloud/checkpoint-iaas-mgmt-ibm-vpc", "https://github.com/defronixpro/Defronix-Cybersecurity-Roadmap", "https://github.com/emanueldosreis/CVE-2024-24919", "https://github.com/enomothem/PenTestNote", "https://github.com/eoslvs/CVE-2024-24919", "https://github.com/fernandobortotti/CVE-2024-24919", "https://github.com/gurudattch/CVE-2024-24919", "https://github.com/hendprw/CVE-2024-24919", "https://github.com/ibaiw/2024Hvv", "https://github.com/ifconfig-me/CVE-2024-24919-Bulk-Scanner", "https://github.com/lirantal/cve-cvss-calculator", "https://github.com/mr-kasim-mehar/CVE-2024-24919-Exploit", "https://github.com/netlas-io/netlas-dorks", "https://github.com/nexblade12/CVE-2024-24919", "https://github.com/nitish778191/fitness_app", "https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/nullcult/CVE-2024-24919-Exploit", "https://github.com/numencyber/Vulnerability_PoC", "https://github.com/pewc0/CVE-2024-24919", "https://github.com/protonnegativo/CVE-2024-24919", "https://github.com/r4p3c4/CVE-2024-24919-Checkpoint-Firewall-VPN-Check", "https://github.com/r4p3c4/CVE-2024-24919-Exploit-PoC-Checkpoint-Firewall-VPN", "https://github.com/satchhacker/cve-2024-24919", "https://github.com/satriarizka/CVE-2024-24919", "https://github.com/seed1337/CVE-2024-24919-POC", "https://github.com/sep2limited/CheckPoint_Query_Py", "https://github.com/shilpaverma2/NEW-CHECKPOINT-CVE", "https://github.com/smackerdodi/CVE-2024-24919-nuclei-templater", "https://github.com/starlox0/CVE-2024-24919-POC", "https://github.com/tanjiti/sec_profile", "https://github.com/un9nplayer/CVE-2024-24919", "https://github.com/verylazytech/CVE-2024-24919", "https://github.com/wjlin0/poc-doc", "https://github.com/wy876/POC", "https://github.com/wy876/wiki", "https://github.com/zam89/CVE-2024-24919"]}, {"cve": "CVE-2024-21436", "desc": "Windows Installer Elevation of Privilege Vulnerability", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-33148", "desc": "J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the list function.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-30986", "desc": "Cross Site Scripting vulnerability in /edit-services-details.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code and via \"price\" and \"sname\" parameter.", "poc": ["https://medium.com/@shanunirwan/cve-2024-30986-multiple-stored-cross-site-scripting-vulnerabilities-in-client-management-system-3fb702d9d510"]}, {"cve": "CVE-2024-36966", "desc": "In the Linux kernel, the following vulnerability has been resolved:erofs: reliably distinguish block based and fscache modeWhen erofs_kill_sb() is called in block dev based mode, s_bdev may nothave been initialised yet, and if CONFIG_EROFS_FS_ONDEMAND is enabled,it will be mistaken for fscache mode, and then attempt to free an anon_devthat has never been allocated, triggering the following warning:============================================ida_free called for id=0 which is not allocated.WARNING: CPU: 14 PID: 926 at lib/idr.c:525 ida_free+0x134/0x140Modules linked in:CPU: 14 PID: 926 Comm: mount Not tainted 6.9.0-rc3-dirty #630RIP: 0010:ida_free+0x134/0x140Call Trace: erofs_kill_sb+0x81/0x90 deactivate_locked_super+0x35/0x80 get_tree_bdev+0x136/0x1e0 vfs_get_tree+0x2c/0xf0 do_new_mount+0x190/0x2f0 [...]============================================Now when erofs_kill_sb() is called, erofs_sb_info must have beeninitialised, so use sbi->fsid to distinguish between the two modes.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-20024", "desc": "In flashc, there is a possible out of bounds write due to lack of valudation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541635; Issue ID: ALPS08541635.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4755", "desc": "The Google CSE WordPress plugin through 1.0.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "poc": ["https://wpscan.com/vulnerability/adc6ea6d-29d8-4ad0-b0db-2540e8b3f9a9/"]}, {"cve": "CVE-2024-20817", "desc": "Out-of-bounds Write vulnerabilities in svc1td_vld_slh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-39158", "desc": "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/userSys_deal.php?mudi=infoSet.", "poc": ["https://github.com/Thirtypenny77/cms2/blob/main/58/csrf.md"]}, {"cve": "CVE-2024-24593", "desc": "A cross-site request forgery (CSRF) vulnerability in all versions up to 1.14.1 of the api server component of Allegro AI\u2019s ClearML platform allows a remote attacker to impersonate a user by sending API requests via maliciously crafted html. Exploitation of the vulnerability allows an attacker to compromise confidential workspaces and files, leak sensitive information, and target instances of the ClearML platform within closed off networks.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-0056", "desc": "Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-33835", "desc": "Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the remoteIp parameter from formSetSafeWanWebMan function.", "poc": ["https://github.com/isBigChen/iot/blob/main/tenda/formSetSafeWanWebMan.md"]}, {"cve": "CVE-2024-0775", "desc": "A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel. This flaw allows a local user to cause an information leak problem while freeing the old quota file names before a potential failure, leading to a use-after-free.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-21439", "desc": "Windows Telephony Server Elevation of Privilege Vulnerability", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-33788", "desc": "Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the PinCode parameter at /API/info form endpoint.", "poc": ["https://github.com/ymkyu/CVE/tree/main/CVE-2024-33788", "https://github.com/H4lo/awesome-IoT-security-article", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-2950", "desc": "The BoldGrid Easy SEO \u2013 Simple and Effective SEO plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.6.14 via meta information (og:description) This makes it possible for unauthenticated attackers to view the first 130 characters of a password protected post which can contain sensitive information.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-25310", "desc": "Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'id' parameter at \"School/delete.php?id=5.\"", "poc": ["https://github.com/tubakvgc/CVEs/blob/main/Simple%20School%20Management%20System/Simple%20School%20Managment%20System%20-%20SQL%20Injection%20-3.md", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/tubakvgc/CVEs"]}, {"cve": "CVE-2024-22014", "desc": "An issue discovered in 360 Total Security Antivirus through 11.0.0.1061 for Windows allows attackers to gain escalated privileges via Symbolic Link Follow to Arbitrary File Delete.", "poc": ["https://github.com/mansk1es/CVE_360TS"]}, {"cve": "CVE-2024-21890", "desc": "The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example:``` --allow-fs-read=/home/node/.ssh/*.pub```will ignore `pub` and give access to everything after `.ssh/`.This misleading documentation affects all users using the experimental permission model in Node.js 20 and Node.js 21.Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-35231", "desc": "rack-contrib provides contributed rack middleware and utilities for Rack, a Ruby web server interface. Versions of rack-contrib prior to 2.5.0 are vulnerable to denial of service due to the fact that the user controlled data `profiler_runs` was not constrained to any limitation. This would lead to allocating resources on the server side with no limitation and a potential denial of service by remotely user-controlled data. Version 2.5.0 contains a patch for the issue.", "poc": ["https://github.com/rack/rack-contrib/security/advisories/GHSA-8c8q-2xw3-j869", "https://github.com/Sim4n6/Sim4n6"]}, {"cve": "CVE-2024-26996", "desc": "In the Linux kernel, the following vulnerability has been resolved:usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport errorWhen ncm function is working and then stop usb0 interface for link down,eth_stop() is called. At this piont, accidentally if usb transport errorshould happen in usb_ep_enable(), 'in_ep' and/or 'out_ep' may not be enabled.After that, ncm_disable() is called to disable for ncm unbindbut gether_disconnect() is never called since 'in_ep' is not enabled.As the result, ncm object is released in ncm unbindbut 'dev->port_usb' associated to 'ncm->port' is not NULL.And when ncm bind again to recover netdev, ncm object is reallocatedbut usb0 interface is already associated to previous released ncm object.Therefore, once usb0 interface is up and eth_start_xmit() is called,released ncm object is dereferrenced and it might cause use-after-free memory.[function unlink via configfs] usb0: eth_stop dev->port_usb=ffffff9b179c3200 --> error happens in usb_ep_enable(). NCM: ncm_disable: ncm=ffffff9b179c3200 --> no gether_disconnect() since ncm->port.in_ep->enabled is false. NCM: ncm_unbind: ncm unbind ncm=ffffff9b179c3200 NCM: ncm_free: ncm free ncm=ffffff9b179c3200 <-- released ncm[function link via configfs] NCM: ncm_alloc: ncm alloc ncm=ffffff9ac4f8a000 NCM: ncm_bind: ncm bind ncm=ffffff9ac4f8a000 NCM: ncm_set_alt: ncm=ffffff9ac4f8a000 alt=0 usb0: eth_open dev->port_usb=ffffff9b179c3200 <-- previous released ncm usb0: eth_start dev->port_usb=ffffff9b179c3200 <-- eth_start_xmit() --> dev->wrap() Unable to handle kernel paging request at virtual address dead00000000014fThis patch addresses the issue by checking if 'ncm->netdev' is not NULL atncm_disable() to call gether_disconnect() to deassociate 'dev->port_usb'.It's more reasonable to check 'ncm->netdev' to call gether_connect/disconnectrather than check 'ncm->port.in_ep->enabled' since it might not be enabledbut the gether connection might be established.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-2468", "desc": "The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the EmbedPress widget 'embedpress_pro_twitch_theme ' attribute in all versions up to, and including, 3.9.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-36541", "desc": "Insecure permissions in logging-operator v4.6.0 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.", "poc": ["https://gist.github.com/HouqiyuA/f972d1c152f3b8127af01206f7c2af0d"]}, {"cve": "CVE-2024-0546", "desc": "A vulnerability, which was classified as problematic, has been found in EasyFTP 1.7.0. This issue affects some unknown processing of the component LIST Command Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250715.", "poc": ["https://packetstormsecurity.com/files/94905/EasyFTP-1.7.0.x-Denial-Of-Service.html"]}, {"cve": "CVE-2024-3274", "desc": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DNS-320L, DNS-320LW and DNS-327L up to 20240403 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/info.cgi of the component HTTP GET Request Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259285 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-0719", "desc": "The Tabs Shortcode and Widget WordPress plugin through 1.17 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks", "poc": ["https://wpscan.com/vulnerability/6e67bf7f-07e6-432b-a8f4-aa69299aecaf/", "https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-1697", "desc": "The Custom WooCommerce Checkout Fields Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the save_wcfe_options function in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-24511", "desc": "Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an attacker to execute arbitrary code via the Input Title component.", "poc": ["https://github.com/machisri/CVEs-and-Vulnerabilities/blob/main/CVE-2024-24511%20-%3E%20Stored%20XSS%20in%20input%20Title%20of%20the%20Component", "https://github.com/Srivishnu-p/CVEs-and-Vulnerabilities", "https://github.com/machisri/CVEs-and-Vulnerabilities"]}, {"cve": "CVE-2024-34490", "desc": "In Maxima through 5.47.0 before 51704c, the plotting facilities make use of predictable names under /tmp. Thus, the contents may be controlled by a local attacker who can create files in advance with these names. This affects, for example, plot2d.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-3714", "desc": "The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'give_form' shortcode when used with a legacy form in all versions up to, and including, 3.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-1522", "desc": "A Cross-Site Request Forgery (CSRF) vulnerability in the parisneo/lollms-webui project allows remote attackers to execute arbitrary code on a victim's system. The vulnerability stems from the `/execute_code` API endpoint, which does not properly validate requests, enabling an attacker to craft a malicious webpage that, when visited by a victim, submits a form to the victim's local lollms-webui instance to execute arbitrary OS commands. This issue allows attackers to take full control of the victim's system without requiring direct network access to the vulnerable application.", "poc": ["https://github.com/timothee-chauvin/eyeballvul"]}, {"cve": "CVE-2024-25250", "desc": "SQL Injection vulnerability in code-projects Agro-School Management System 1.0 allows attackers to run arbitrary code via the Login page.", "poc": ["https://github.com/ASR511-OO7/CVE-2024-25250.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-2997", "desc": "A vulnerability was found in Bdtask Multi-Store Inventory Management System up to 20240320. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument Category Name/Model Name/Brand Name/Unit Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258199. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/Srivishnu-p/CVEs-and-Vulnerabilities", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-21488", "desc": "Versions of the package network before 0.7.0 are vulnerable to Arbitrary Command Injection due to use of the child_process exec function without input sanitization. If (attacker-controlled) user input is given to the mac_address_for function of the package, it is possible for the attacker to execute arbitrary commands on the operating system that this package is being run on.", "poc": ["https://gist.github.com/icemonster/282ab98fb68fc22aac7c576538f6369c", "https://security.snyk.io/vuln/SNYK-JS-NETWORK-6184371"]}, {"cve": "CVE-2024-25723", "desc": "ZenML Server in the ZenML machine learning package before 0.46.7 for Python allows remote privilege escalation because the /api/v1/users/{user_name_or_id}/activate REST API endpoint allows access on the basis of a valid username along with a new password in the request body. These are also patched versions: 0.44.4, 0.43.1, and 0.42.2.", "poc": ["https://github.com/david-botelho-mariano/exploit-CVE-2024-25723", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/wjlin0/poc-doc", "https://github.com/wy876/POC", "https://github.com/wy876/wiki"]}, {"cve": "CVE-2024-28007", "desc": "Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary command with the root privilege via the internet.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-5113", "desc": "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /view/student_profile1.php. The manipulation of the argument std_index leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-265103.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-34454", "desc": "Nintendo Wii U OS 5.5.5 allows man-in-the-middle attackers to forge SSL certificates as though they came from a Root CA, because there is a secondary verification mechanism that only checks whether a CA is known and ignores the CA details and signature (and because * is accepted as a Common Name).", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4784", "desc": "An issue was discovered in GitLab EE starting from version 16.7 before 17.0.6, version 17.1 before 17.1.4 and 17.2 before 17.2.2 that allowed bypassing the password re-entry requirement to approve a policy.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-39157", "desc": "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ipRecord_deal.php?mudi=del&dataType=&dataID=1.", "poc": ["https://github.com/Thirtypenny77/cms2/blob/main/57/csrf.md"]}, {"cve": "CVE-2024-3251", "desc": "A vulnerability was found in SourceCodester Computer Laboratory Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/?page=borrow/view_borrow. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259100.", "poc": ["https://github.com/0xAlmighty/Vulnerability-Research/blob/main/SourceCodester/CLMS/SourceCodester-CLMS-SQLi.md"]}, {"cve": "CVE-2024-41492", "desc": "A stack overflow in Tenda AX1806 v1.0.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.", "poc": ["https://gist.github.com/Swind1er/4176fdc25e415296904c9fb19e2f8293"]}, {"cve": "CVE-2024-5519", "desc": "A vulnerability classified as critical was found in ItsourceCode Learning Management System Project In PHP 1.0. This vulnerability affects unknown code of the file login.php. The manipulation of the argument user_email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-266590 is the identifier assigned to this vulnerability.", "poc": ["https://github.com/L1OudFd8cl09/CVE/issues/2"]}, {"cve": "CVE-2024-21079", "desc": "Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Campaign LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "poc": ["https://www.oracle.com/security-alerts/cpuapr2024.html"]}, {"cve": "CVE-2024-22395", "desc": "Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office portal, which in specific conditions could potentially enable a remote authenticated attacker to associate another user's MFA mobile application.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-35554", "desc": "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoWeb_deal.php?mudi=del&dataType=newsWeb&dataTypeCN.", "poc": ["https://github.com/bearman113/1.md/blob/main/19/csrf.md"]}, {"cve": "CVE-2024-1832", "desc": "A vulnerability has been found in SourceCodester Complete File Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/ of the component Admin Login Form. The manipulation of the argument username with the input torada%27+or+%271%27+%3D+%271%27+--+- leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254623.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-3140", "desc": "A vulnerability, which was classified as problematic, was found in SourceCodester Computer Laboratory Management System 1.0. This affects an unknown part of the file /classes/Users.php?f=save. The manipulation of the argument middlename leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258915.", "poc": ["https://github.com/Sospiro014/zday1/blob/main/xss_1.md"]}, {"cve": "CVE-2024-37386", "desc": "An issue was discovered in Stormshield Network Security (SNS) 4.0.0 through 4.3.25, 4.4.0 through 4.7.5, and 4.8.0. Certain manipulations allow restarting in single-user mode despite the activation of secure boot. The following versions fix this: 4.3.27, 4.7.6, and 4.8.2.", "poc": ["https://advisories.stormshield.eu/2024-017"]}, {"cve": "CVE-2024-23640", "desc": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.3 and 2.24.0 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in uploaded style/legend resources or in a specially crafted datastore file that will execute in the context of another user's browser when viewed in the Style Publisher. Access to the Style Publisher is available to all users although data security may limit users' ability to trigger the XSS. Versions 2.23.3 and 2.24.0 contain a fix for this issue.", "poc": ["https://github.com/geoserver/geoserver/security/advisories/GHSA-9rfr-pf2x-g4xf", "https://osgeo-org.atlassian.net/browse/GEOS-11149", "https://osgeo-org.atlassian.net/browse/GEOS-11155", "https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-7307", "desc": "A vulnerability has been found in SourceCodester Establishment Billing Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /manage_billing.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273199.", "poc": ["https://gist.github.com/topsky979/df642bf14cce32c58d4805b6f6cf44e0"]}, {"cve": "CVE-2024-21498", "desc": "All versions of the package github.com/greenpau/caddy-security are vulnerable to Server-side Request Forgery (SSRF) via X-Forwarded-Host header manipulation. An attacker can expose sensitive information, interact with internal services, or exploit other vulnerabilities within the network by exploiting this vulnerability.", "poc": ["https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/", "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-6249862", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/trailofbits/publications"]}, {"cve": "CVE-2024-30879", "desc": "Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the boxId parameter in the image cropping function.", "poc": ["https://github.com/jianyan74/rageframe2/issues/114"]}, {"cve": "CVE-2024-2692", "desc": "SiYuan version 3.0.3 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to Server Side XSS.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-35723", "desc": "Missing Authorization vulnerability in Andrew Rapps Dashboard To-Do List.This issue affects Dashboard To-Do List: from n/a through 1.2.0.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-25802", "desc": "SKINsoft S-Museum 7.02.3 allows Unrestricted File Upload via the Add Media function. Unlike in CVE-2024-25801, the attack payload is the file content.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-3939", "desc": "The Ditty WordPress plugin before 3.1.36 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "poc": ["https://wpscan.com/vulnerability/80a9eb3a-2cb1-4844-9004-ba2554b2d46c/"]}, {"cve": "CVE-2024-35468", "desc": "A SQL injection vulnerability in /hrm/index.php in SourceCodester Human Resource Management System 1.0 allows attackers to execute arbitrary SQL commands via the password parameter.", "poc": ["https://github.com/dovankha/CVE-2024-35468", "https://github.com/dovankha/CVE-2024-35468", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-1066", "desc": "An issue has been discovered in GitLab EE affecting all versions from 13.3.0 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows an attacker to do a resource exhaustion using GraphQL `vulnerabilitiesCountByDay`", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-22226", "desc": "Dell Unity, versions prior to 5.4, contain a path traversal vulnerability in its svc_supportassist utility. An authenticated attacker could potentially exploit this vulnerability, to gain unauthorized write access to the files stored on the server filesystem, with elevated privileges.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-1224", "desc": "This vulnerability exists in USB Pratirodh due to the usage of a weaker cryptographic algorithm (hash) SHA1 in user login component. A local attacker with administrative privileges could exploit this vulnerability to obtain the password of USB Pratirodh on the targeted system.Successful exploitation of this vulnerability could allow the attacker to take control of the application and modify the access control of registered users or devices on the targeted system.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-20997", "desc": "Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Simphony. While the vulnerability is in Oracle Hospitality Simphony, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Simphony. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).", "poc": ["https://www.oracle.com/security-alerts/cpuapr2024.html"]}, {"cve": "CVE-2024-31343", "desc": "Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 4.10.1.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-1527", "desc": "Unrestricted file upload vulnerability in CMS Made Simple, affecting version 2.2.14. This vulnerability allows an authenticated user to bypass the security measures of the upload functionality and potentially create a remote execution of commands via webshell.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-32310", "desc": "Tenda F1203 V2.0.1.6 firmware has a stack overflow vulnerability located in the PPW parameter of the fromWizardHandle function.", "poc": ["https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1203/fromWizardHandle.md", "https://github.com/LaPhilosophie/IoT-vulnerable"]}, {"cve": "CVE-2024-0936", "desc": "A vulnerability classified as critical was found in van_der_Schaar LAB TemporAI 0.0.3. Affected by this vulnerability is the function load_from_file of the component PKL File Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252181 was assigned to this vulnerability. NOTE: The vendor was contacted early and confirmed immediately the existence of the issue. A patch is planned to be released in February 2024.", "poc": ["https://github.com/bayuncao/vul-cve-5", "https://github.com/bayuncao/vul-cve-5/blob/main/poc.py", "https://github.com/bayuncao/bayuncao"]}, {"cve": "CVE-2024-23641", "desc": "SvelteKit is a web development kit. In SvelteKit 2, sending a GET request with a body eg `{}` to a built and previewed/hosted sveltekit app throws `Request with GET/HEAD method cannot have body.` and crashes the preview/hosting. After this happens, one must manually restart the app. `TRACE` requests will also cause the app to crash. Prerendered pages and SvelteKit 1 apps are not affected. `@sveltejs/adapter-node` versions 2.1.2, 3.0.3, and 4.0.1 and `@sveltejs/kit` version 2.4.3 contain a patch for this issue.", "poc": ["https://github.com/sveltejs/kit/security/advisories/GHSA-g5m6-hxpp-fc49"]}, {"cve": "CVE-2024-4621", "desc": "The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "poc": ["https://wpscan.com/vulnerability/33a366d9-6c81-4957-a101-768487aae735/", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-28354", "desc": "There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2.10B01. An attacker can inject commands into the post request parameters usapps.@smb[%d].username in the apply.cgi interface, thereby gaining root shell privileges.", "poc": ["https://github.com/yj94/Yj_learning"]}, {"cve": "CVE-2024-28128", "desc": "Cross-site scripting vulnerability exists in FitNesse releases prior to 20220319, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with a specially crafted certain parameter.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-21812", "desc": "An integer overflow vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to an out-of-bounds write which in turn can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-6289", "desc": "The WPS Hide Login WordPress plugin before 1.9.16.4 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page.", "poc": ["https://wpscan.com/vulnerability/fd6d0362-df1d-4416-b8b5-6e5d0ce84793/"]}, {"cve": "CVE-2024-0261", "desc": "A vulnerability has been found in Sentex FTPDMIN 0.96 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component RNFR Command Handler. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249817 was assigned to this vulnerability.", "poc": ["https://packetstormsecurity.com/files/176342/FTPDMIN-0.96-Denial-Of-Service.html", "https://vuldb.com/?id.249817", "https://www.youtube.com/watch?v=q-CVJfYdd-g", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-20029", "desc": "In wlan firmware, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08477406; Issue ID: MSV-1010.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-21816", "desc": "in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through improper preservation of permissions.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-22291", "desc": "Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi Browser Theme Color.This issue affects Browser Theme Color: from n/a through 1.3.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-6703", "desc": "The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018description\u2019 and 'btn_txt' parameters in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it possible for attackers with the Form Manager permissions and Subscriber+ user role, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "poc": ["https://github.com/fluentform/fluentform"]}, {"cve": "CVE-2024-0715", "desc": "Expression Language Injection vulnerability in Hitachi Global Link Manager on Windows allows Code Injection.This issue affects Hitachi Global Link Manager: before 8.8.7-03.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-28571", "desc": "Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the fill_input_buffer() function when reading images in JPEG format.", "poc": ["https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909", "https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-4562", "desc": "In WhatsUp Gold versions released before 2023.1.2 , an SSRF vulnerability exists in Whatsup Gold's Issue exists in the HTTP Monitoring functionality.\u00a0 Due to the lack of proper authorization, any authenticated user can access the HTTP monitoring functionality, what leads to the Server Side Request Forgery.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-6967", "desc": "A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. It has been classified as critical. This affects an unknown part of the file /employee_gatepass/admin/?page=employee/manage_employee. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272121 was assigned to this vulnerability.", "poc": ["https://github.com/rtsjx-cve/cve/blob/main/sql.md", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4586", "desc": "A vulnerability has been found in DedeCMS 5.7 and classified as problematic. This vulnerability affects unknown code of the file /src/dede/shops_delivery.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263308. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/Hckwzh/cms/blob/main/17.md", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-24886", "desc": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Acowebs Product Labels For Woocommerce (Sale Badges) allows Stored XSS.This issue affects Product Labels For Woocommerce (Sale Badges): from n/a through 1.5.3.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-22079", "desc": "An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Directory traversal can occur via the system logs download mechanism.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-3366", "desc": "A vulnerability classified as problematic was found in Xuxueli xxl-job up to 2.4.1. This vulnerability affects the function deserialize of the file com/xxl/job/core/util/JdkSerializeTool.java of the component Template Handler. The manipulation leads to injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259480.", "poc": ["https://github.com/xuxueli/xxl-job/issues/3391"]}, {"cve": "CVE-2024-33434", "desc": "An issue in tiagorlampert CHAOS before 1b451cf62582295b7225caf5a7b506f0bad56f6b and 24c9e109b5be34df7b2bce8368eae669c481ed5e allows a remote attacker to execute arbitrary code via the unsafe concatenation of the `filename` argument into the `buildStr` string without any sanitization or filtering.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-28009", "desc": "Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary command with the root privilege via the internet.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-2554", "desc": "A vulnerability has been found in SourceCodester Employee Task Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file update-employee.php. The manipulation of the argument admin_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257053 was assigned to this vulnerability.", "poc": ["https://github.com/Peanut886/Vulnerability/blob/main/webray.com.cn/2024/Task%20Management%20System%20-%20multiple%20vulnerabilities.md#3sql-injection-vulnerability-in-update-employeephp", "https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-24389", "desc": "A cross-site scripting (XSS) vulnerability in XunRuiCMS up to v4.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Column Name parameter.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-24524", "desc": "Cross Site Request Forgery (CSRF) vulnerability in flusity-CMS v.2.33, allows remote attackers to execute arbitrary code via the add_menu.php component.", "poc": ["https://github.com/harryrabbit5651/cms/blob/main/1.md", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-29802", "desc": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Antoine Hurkmans Football Pool allows Stored XSS.This issue affects Football Pool: from n/a through 2.11.3.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-30387", "desc": "A\u00a0Missing Synchronization vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on ACX5448 and ACX710 allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).If an interface flaps while the system gathers statistics on that interface, two processes simultaneously access a shared resource which leads to a PFE crash and restart.This issue affects Junos OS: * All versions before 20.4R3-S9, * 21.2 versions before 21.2R3-S5,\u00a0 * 21.3 versions before 21.3R3-S5,\u00a0 * 21.4 versions before 21.4R3-S4, * 22.1 versions before 22.1R3-S2, * 22.2 versions before 22.2R3-S2, * 22.3 versions before 22.3R2-S2, 22.3R3, * 22.4 versions before 22.4R2.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-22603", "desc": "FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/links/add_link", "poc": ["https://github.com/ljw11e/cms/blob/main/4.md"]}, {"cve": "CVE-2024-26267", "desc": "In Liferay Portal 7.2.0 through 7.4.3.25, and older unsupported versions, and Liferay DXP 7.4 before update 26, 7.3 before update 5, 7.2 before fix pack 19, and older unsupported versions the default value of the portal property `http.header.version.verbosity` is set to `full`, which allows remote attackers to easily identify the version of the application that is running and the vulnerabilities that affect that version via 'Liferay-Portal` response header.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-1748", "desc": "A vulnerability classified as critical was found in van_der_Schaar LAB AutoPrognosis 0.1.21. This vulnerability affects the function load_model_from_file of the component Release Note Handler. The manipulation leads to deserialization. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. VDB-254530 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/bayuncao/bayuncao", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-3580", "desc": "The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "poc": ["https://wpscan.com/vulnerability/31f401c4-735a-4efb-b81f-ab98c00c526b/"]}, {"cve": "CVE-2024-35373", "desc": "Mocodo Mocodo Online 4.2.6 and below is vulnerable to Remote Code Execution via /web/rewrite.php.", "poc": ["https://chocapikk.com/posts/2024/mocodo-vulnerabilities/", "https://github.com/Chocapikk/My-CVEs"]}, {"cve": "CVE-2024-21476", "desc": "Memory corruption when the channel ID passed by user is not validated and further used.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-35340", "desc": "Tenda FH1206 V1.2.0.8(8155) was discovered to contain a command injection vulnerability via the cmdinput parameter at ip/goform/formexeCommand.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-1549", "desc": "If a website set a large custom cursor, portions of the cursor could have overlapped with the permission dialog, potentially resulting in user confusion and unexpected granted permissions. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-7272", "desc": "A vulnerability, which was classified as critical, was found in FFmpeg up to 5.1.5. This affects the function fill_audiodata of the file /libswresample/swresample.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. This issue was fixed in version 6.0 by 9903ba28c28ab18dc7b7b6fb8571cc8b5caae1a6 but a backport for 5.1 was forgotten. The exploit has been disclosed to the public and may be used. Upgrading to version 5.1.6 and 6.0 9903ba28c28ab18dc7b7b6fb8571cc8b5caae1a6 is able to address this issue. It is recommended to upgrade the affected component.", "poc": ["https://ffmpeg.org/", "https://github.com/CookedMelon/ReportCVE/tree/main/FFmpeg/poc5", "https://github.com/CookedMelon/ReportCVE/tree/main/FFmpeg/poc6"]}, {"cve": "CVE-2024-3283", "desc": "A vulnerability in mintplex-labs/anything-llm allows users with manager roles to escalate their privileges to admin roles through a mass assignment issue. The '/admin/system-preferences' API endpoint improperly authorizes manager-level users to modify the 'multi_user_mode' system variable, enabling them to access the '/api/system/enable-multi-user' endpoint and create a new admin user. This issue results from the endpoint accepting a full JSON object in the request body without proper validation of modifiable fields, leading to unauthorized modification of system settings and subsequent privilege escalation.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-21418", "desc": "Software for Open Networking in the Cloud (SONiC) Elevation of Privilege Vulnerability", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-4798", "desc": "A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this issue is some unknown functionality of the file /admin/maintenance/manage_brand.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-263918 is the identifier assigned to this vulnerability.", "poc": ["https://github.com/Hefei-Coffee/cve/blob/main/sql5.md"]}, {"cve": "CVE-2024-36527", "desc": "puppeteer-renderer v.3.2.0 and before is vulnerable to Directory Traversal. Attackers can exploit the URL parameter using the file protocol to read sensitive information from the server.", "poc": ["https://gist.github.com/7a6163/25fef08f75eed219c8ca21e332d6e911", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-6043", "desc": "A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. This affects the function login of the file admin_class.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268767.", "poc": ["https://github.com/yezzzo/y3/blob/main/SourceCodester%20Best%20house%20rental%20management%20system%20project%20in%20php%201.0%20SQL%20Injection.md"]}, {"cve": "CVE-2024-29402", "desc": "cskefu v7 suffers from Insufficient Session Expiration, which allows attackers to exploit the old session for malicious activity.", "poc": ["https://gist.github.com/menghaining/8d424faebfe869c80eadaea12bbdd158"]}, {"cve": "CVE-2024-27439", "desc": "An error in the evaluation of the fetch metadata headers could allow a bypass of the CSRF protection in Apache Wicket.This issue affects Apache Wicket: from 9.1.0 through 9.16.0, and the milestone releases for the 10.0 series.Apache Wicket 8.x does not support CSRF protection via the fetch metadata headers and as such is not affected.Users are recommended to upgrade to version 9.17.0 or 10.0.0, which fixes the issue.", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-25873", "desc": "Enhavo v0.13.1 was discovered to contain an HTML injection vulnerability in the Author text field under the Blockquote module. This vulnerability allows attackers to execute arbitrary code via a crafted payload.", "poc": ["https://github.com/dd3x3r/enhavo/blob/main/html-injection-page-content-blockquote-author-v0.13.1.md", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-6190", "desc": "A vulnerability was found in itsourcecode Farm Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php of the component Login. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-269162 is the identifier assigned to this vulnerability.", "poc": ["https://github.com/HryspaHodor/CVE/issues/2", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-30809", "desc": "An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a heap-use-after-free in Ap4Sample.h in AP4_Sample::GetOffset() const, leading to a Denial of Service (DoS), as demonstrated by mp42ts.", "poc": ["https://github.com/axiomatic-systems/Bento4/issues/937"]}, {"cve": "CVE-2024-2857", "desc": "The Simple Buttons Creator WordPress plugin through 1.04 does not have any authorisation as well as CSRF in its add button function, allowing unauthenticated users to call them either directly or via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also allow them to perform Stored Cross-Site Scripting attacks against logged in admins.", "poc": ["https://wpscan.com/vulnerability/b7a35c5b-474a-444a-85ee-c50782c7a6c2/", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4656", "desc": "The Import and export users and customers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user agent header in all versions up to, and including, 1.26.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator access and higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-28252", "desc": "CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. If you have a NetFraming based CoreWCF service, extra system resources could be consumed by connections being left established instead of closing or aborting them. There are two scenarios when this can happen. When a client established a connection to the service and sends no data, the service will wait indefinitely for the client to initiate the NetFraming session handshake. Additionally, once a client has established a session, if the client doesn't send any requests for the period of time configured in the binding ReceiveTimeout, the connection is not properly closed as part of the session being aborted. The bindings affected by this behavior are NetTcpBinding, NetNamedPipeBinding, and UnixDomainSocketBinding. Only NetTcpBinding has the ability to accept non local connections. The currently supported versions of CoreWCF are v1.4.x and v1.5.x. The fix can be found in v1.4.2 and v1.5.2 of the CoreWCF packages. Users are advised to upgrade. There are no workarounds for this issue.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-22514", "desc": "An issue discovered in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to run arbitrary files by restoring a crafted backup file.", "poc": ["https://github.com/Orange-418/CVE-2024-22514-Remote-Code-Execution", "https://github.com/Orange-418/AgentDVR-5.1.6.0-File-Upload-and-Remote-Code-Execution", "https://github.com/Orange-418/CVE-2024-22514-Remote-Code-Execution", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-4186", "desc": "The Build App Online plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.0.5. This is due to the 'eb_user_email_verification_key' default value is empty, and the not empty check is missing in the 'eb_user_email_verify' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. This can only be exploited if the 'Email Verification' setting is enabled.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-35387", "desc": "TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth.", "poc": ["https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/totolink%20LR350/loginAuth_http_host/README.md"]}, {"cve": "CVE-2024-20690", "desc": "Windows Nearby Sharing Spoofing Vulnerability", "poc": ["https://github.com/NaInSec/CVE-LIST", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-24785", "desc": "If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/testing-felickz/docker-scout-demo"]}, {"cve": "CVE-2024-22010", "desc": "In dvfs_plugin_caller of fvp.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-2768", "desc": "A vulnerability was found in Campcodes Complete Online Beauty Parlor Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/edit-services.php. The manipulation of the argument editid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257604.", "poc": ["https://github.com/NaInSec/CVE-LIST"]}, {"cve": "CVE-2024-28434", "desc": "The CRM platform Twenty is vulnerable to stored cross site scripting via file upload in version 0.3.0. A crafted svg file can trigger the execution of the javascript code.", "poc": ["https://github.com/b-hermes/vulnerability-research/tree/main/CVE-2024-28434", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-6716", "desc": "A flaw was found in the libtiff library. An out-of-memory issue in the TIFFReadEncodedStrip function can be triggered when processing a crafted TIFF file, allowing attackers to perform memory allocation of arbitrary sizes, resulting in a denial of service.", "poc": ["https://gitlab.com/libtiff/libtiff/-/issues/620"]}, {"cve": "CVE-2024-23893", "desc": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/costcentermodify.php, in the costcenterid\u00a0parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-29901", "desc": "The AuthKit library for Next.js provides helpers for authentication and session management using WorkOS & AuthKit with Next.js.A user can reuse an expired session by controlling the `x-workos-session` header. The vulnerability is patched in v0.4.2.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-2858", "desc": "The Simple Buttons Creator WordPress plugin through 1.04 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks", "poc": ["https://wpscan.com/vulnerability/43297210-17a6-4b51-b8ca-32ceef9fc09a/", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-42355", "desc": "Shopware, an open ecommerce platform, has a new Twig Tag `sw_silent_feature_call` which silences deprecation messages while triggered in this tag. Prior to versions 6.6.5.1 and 6.5.8.13, it accepts as parameter a string the feature flag name to silence, but this parameter is not escaped properly and allows execution of code. Update to Shopware 6.6.5.1 or 6.5.8.13 to receive a patch. For older versions of 6.2, 6.3, and 6.4, corresponding security measures are also available via a plugin.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-41113", "desc": "streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `vis_params` variable on line 383 or line 390 in `pages/1_\ud83d\udcf7_Timelapse.py` takes user input, which is later used in the `eval()` function on line 395, leading to remote code execution. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue.", "poc": ["https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/1_%F0%9F%93%B7_Timelapse.py#L383-L388", "https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/1_%F0%9F%93%B7_Timelapse.py#L390-L393", "https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/1_%F0%9F%93%B7_Timelapse.py#L395", "https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/"]}, {"cve": "CVE-2024-3645", "desc": "The Essential Addons for Elementor Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Counter widget in all versions up to, and including, 5.8.11 due to insufficient input sanitization and output escaping on user supplied attributes such as 'title_html_tag'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-25753", "desc": "Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the formSetDeviceName function.", "poc": ["https://github.com/TimeSeg/IOT_CVE/blob/main/tenda/AC9V3/0218/formSetDeviceName.md", "https://github.com/codeb0ss/CVE-2024-25735-PoC", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-6023", "desc": "The ContentLock WordPress plugin through 1.0.3 does not have CSRF check in place when adding emails, which could allow attackers to make a logged in admin perform such action via a CSRF attack", "poc": ["https://wpscan.com/vulnerability/6e812189-2980-453d-931d-1f785e8dbcc0/"]}, {"cve": "CVE-2024-29650", "desc": "An issue in @thi.ng/paths v.5.1.62 and before allows a remote attacker to execute arbitrary code via the mutIn and mutInManyUnsafe components.", "poc": ["https://gist.github.com/tariqhawis/1bc340ca5ea6ae115c9ab9665cfd5921", "https://learn.snyk.io/lesson/prototype-pollution/#a0a863a5-fd3a-539f-e1ed-a0769f6c6e3b", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-20767", "desc": "ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to sensitive files and perform arbitrary file system write. Exploitation of this issue does not require user interaction.", "poc": ["https://github.com/Chocapikk/CVE-2024-20767", "https://github.com/Hatcat123/my_stars", "https://github.com/NaInSec/CVE-LIST", "https://github.com/Ostorlab/KEV", "https://github.com/Praison001/CVE-2024-20767-Adobe-ColdFusion", "https://github.com/XRSec/AWVS-Update", "https://github.com/huyqa/cve-2024-20767", "https://github.com/ibaiw/2024Hvv", "https://github.com/m-cetin/CVE-2024-20767", "https://github.com/netlas-io/netlas-dorks", "https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/tanjiti/sec_profile", "https://github.com/trganda/starrlist", "https://github.com/wjlin0/poc-doc", "https://github.com/wy876/POC", "https://github.com/wy876/wiki", "https://github.com/yoryio/CVE-2024-20767"]}, {"cve": "CVE-2024-24754", "desc": "Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a `RequestHandlerInterface`, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed and its content added in the `$files` or `$parsedBody` arrays. The conversion process produces a different output compared to the one of plain PHP when keys ending with and open square bracket ([) are used. Based on the application logic the difference in the body parsing might lead to vulnerabilities and/or undefined behaviors. This vulnerability is patched in 2.1.13.", "poc": ["https://github.com/brefphp/bref/security/advisories/GHSA-82vx-mm6r-gg8w"]}, {"cve": "CVE-2024-24095", "desc": "Code-projects Simple Stock System 1.0 is vulnerable to SQL Injection.", "poc": ["https://github.com/ASR511-OO7/CVE-2024-24095", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-3999", "desc": "The EazyDocs WordPress plugin before 2.5.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "poc": ["https://wpscan.com/vulnerability/6a8a1deb-6836-40f1-856b-7b3e4ba867d6/"]}, {"cve": "CVE-2024-29399", "desc": "An issue was discovered in GNU Savane v.3.13 and before, allows a remote attacker to execute arbitrary code and escalate privileges via a crafted file to the upload.php component.", "poc": ["https://github.com/ally-petitt/CVE-2024-29399", "https://github.com/ally-petitt/CVE-2024-29399", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-26492", "desc": "An issue in Online Diagnostic Lab Management System 1.0 allows a remote attacker to gain control of a 'Staff' user account via a crafted POST request using the id, email, password, and cpass parameters.", "poc": ["https://packetstormsecurity.com/files/165555/Online-Diagnostic-Lab-Management-System-1.0-Missing-Access-Control.html", "https://www.exploit-db.com/exploits/50660", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-4517", "desc": "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /view/teacher_salary_invoice1.php. The manipulation of the argument date leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263121 was assigned to this vulnerability.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-28456", "desc": "Cross Site Scripting vulnerability in Campcodes Online Marriage Registration System v.1.0 allows a remote attacker to execute arbitrary code via the text fields in the marriage registration request form.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-28558", "desc": "SQL Injection vulnerability in sourcecodester Petrol pump management software v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to admin/app/web_crud.php.", "poc": ["https://github.com/xuanluansec/vul/issues/3#issue-2243633522"]}, {"cve": "CVE-2024-33646", "desc": "Cross-Site Request Forgery (CSRF) vulnerability in Toast Plugins Sticky Anything allows Cross-Site Scripting (XSS).This issue affects Sticky Anything: from n/a through 2.1.5.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-26566", "desc": "An issue in Cute Http File Server v.3.1 allows a remote attacker to escalate privileges via the password verification component.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-23739", "desc": "An issue in Discord for macOS version 0.0.291 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.", "poc": ["https://github.com/V3x0r/CVE-2024-23739", "https://github.com/V3x0r/CVE-2024-23740", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/giovannipajeu1/CVE-2024-23739", "https://github.com/giovannipajeu1/CVE-2024-23740", "https://github.com/giovannipajeu1/giovannipajeu1", "https://github.com/nomi-sec/PoC-in-GitHub"]}, {"cve": "CVE-2024-3566", "desc": "A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/michalsvoboda76/batbadbut"]}, {"cve": "CVE-2024-21886", "desc": "A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding environments.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-21750", "desc": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scribit Shortcodes Finder allows Reflected XSS.This issue affects Shortcodes Finder: from n/a through 1.5.5.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-37485", "desc": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Vinny Alves (UseStrict Consulting) bbPress Notify allows Reflected XSS.This issue affects bbPress Notify: from n/a through 2.18.3.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-3125", "desc": "A vulnerability classified as problematic was found in Zebra ZTC GK420d 1.0. This vulnerability affects unknown code of the file /settings of the component Alert Setup Page. The manipulation of the argument Address leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258868. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://github.com/strik3r0x1/Vulns/blob/main/ZTC_GK420d-SXSS.md", "https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-25189", "desc": "libjwt 1.15.3 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-0695", "desc": "A vulnerability, which was classified as problematic, has been found in EFS Easy Chat Server 3.1. Affected by this issue is some unknown functionality of the component HTTP GET Request Handler. The manipulation of the argument USERNAME leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251480. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "poc": ["https://packetstormsecurity.com/files/176381/Easy-Chat-Server-3.1-Denial-Of-Service.html", "https://vuldb.com/?id.251480", "https://www.exploitalert.com/view-details.html?id=40072", "https://www.youtube.com/watch?v=nGyS2Rp5aEo"]}, {"cve": "CVE-2024-24303", "desc": "SQL Injection vulnerability in HiPresta \"Gift Wrapping Pro\" (hiadvancedgiftwrapping) module for PrestaShop before version 1.4.1, allows remote attackers to escalate privileges and obtain sensitive information via the HiAdvancedGiftWrappingGiftWrappingModuleFrontController::addGiftWrappingCartValue() method.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-30505", "desc": "Missing Authorization vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.18.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-20839", "desc": "Improper access control in Samsung Voice Recorder prior to versions 21.5.16.01 in Android 12 and Android 13, 21.4.51.02 in Android 14 allows physical attackers to access recording files on the lock screen.", "poc": ["https://github.com/fkie-cad/nvd-json-data-feeds"]}, {"cve": "CVE-2024-21527", "desc": "Versions of the package github.com/gotenberg/gotenberg/v8/pkg/gotenberg before 8.1.0; versions of the package github.com/gotenberg/gotenberg/v8/pkg/modules/chromium before 8.1.0; versions of the package github.com/gotenberg/gotenberg/v8/pkg/modules/webhook before 8.1.0 are vulnerable to Server-side Request Forgery (SSRF) via the /convert/html endpoint when a request is made to a file via localhost, such as