Update CVE sources 2025-09-29 16:08

2026-02-12 18:42:46 +00:00 · 2025-09-29 16:08:36 +00:00
parent ce83aa47b8
commit 1fb02038e8
5706 changed files with 80551 additions and 629 deletions
--- a/2024/CVE-2024-0001.md
+++ b/2024/CVE-2024-0001.md
@@ -0,0 +1,34 @@
+### [CVE-2024-0001](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0001)
+![](https://img.shields.io/static/v1?label=Product&message=FlashArray&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=6.3.0%3C%3D%206.3.14%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1188%20Insecure%20Default%20Initialization%20of%20Resource&color=brighgreen)
+
+### Description
+
+A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor to gain elevated privileges.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/ADA-XiaoYao/ADA-XiaoYao-ADA-ZeroDay-Framework-CLI
+- https://github.com/GerriaLeSure/cybersecurity-risk-assessment-platform
+- https://github.com/Harrywang12/lockdown
+- https://github.com/Mahdi-Assadi/Text_Clustering
+- https://github.com/ProjectZeroDays/AI-Driven-Zero-Click-Exploit-Deployment-Framework
+- https://github.com/RobloxSecurityResearcher/RobloxVulnerabilityCVE-2024-0001
+- https://github.com/SV-ZeroOne/cyber-ai-info
+- https://github.com/Victorkib/vulnscope
+- https://github.com/allensuvorov/vuln-scan-query
+- https://github.com/arshiyaazizi/Unique-Vulnerability-Identification-API-
+- https://github.com/bendrorr/vulnerability-management
+- https://github.com/jiupta/CVE-2024-0001-EXP
+- https://github.com/mauvehed/kevvy
+- https://github.com/miketigerblue/chroma-curator
+- https://github.com/nomi-sec/PoC-in-GitHub
+- https://github.com/pgdn-network/pgdn-cve
+- https://github.com/shashwat12304/cyber-graph-viz
+- https://github.com/zefparis/zero-click-benji
+
--- a/2024/CVE-2024-0002.md
+++ b/2024/CVE-2024-0002.md
@@ -0,0 +1,19 @@
+### [CVE-2024-0002](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0002)
+![](https://img.shields.io/static/v1?label=Product&message=FlashArray&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=5.3.17%3C%3D%205.3.21%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-287%20Improper%20Authentication&color=brighgreen)
+
+### Description
+
+A condition exists in FlashArray Purity whereby an attacker can employ a privileged account allowing remote access to the array.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/ProjectZeroDays/AI-Driven-Zero-Click-Exploit-Deployment-Framework
+- https://github.com/Victorkib/vulnscope
+- https://github.com/zefparis/zero-click-benji
+
--- a/2024/CVE-2024-0003.md
+++ b/2024/CVE-2024-0003.md
@@ -0,0 +1,19 @@
+### [CVE-2024-0003](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0003)
+![](https://img.shields.io/static/v1?label=Product&message=FlashArray&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=5.3.17%3C%3D%205.3.21%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-269%20Improper%20Privilege%20Management&color=brighgreen)
+
+### Description
+
+A condition exists in FlashArray Purity whereby a malicious user could use a remote administrative service to create an account on the array allowing privileged access.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/ProjectZeroDays/AI-Driven-Zero-Click-Exploit-Deployment-Framework
+- https://github.com/Victorkib/vulnscope
+- https://github.com/zefparis/zero-click-benji
+
--- a/2024/CVE-2024-0004.md
+++ b/2024/CVE-2024-0004.md
@@ -0,0 +1,18 @@
+### [CVE-2024-0004](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0004)
+![](https://img.shields.io/static/v1?label=Product&message=FlashArray&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=5.0.0%3C%3D%205.0.11%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%20Improper%20Control%20of%20Generation%20of%20Code%20('Code%20Injection')&color=brighgreen)
+
+### Description
+
+A condition exists in FlashArray Purity whereby an user with array admin role can execute arbitrary commands remotely to escalate privilege on the array.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/ProjectZeroDays/AI-Driven-Zero-Click-Exploit-Deployment-Framework
+- https://github.com/zefparis/zero-click-benji
+
--- a/2024/CVE-2024-0005.md
+++ b/2024/CVE-2024-0005.md
@@ -0,0 +1,20 @@
+### [CVE-2024-0005](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0005)
+![](https://img.shields.io/static/v1?label=Product&message=FlashArray&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=FlashBlade&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=3.0.0%3C%3D%203.0.9%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Version&message=5.0.0%3C%3D%205.0.11%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-77%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20a%20Command%20('Command%20Injection')&color=brighgreen)
+
+### Description
+
+A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/ProjectZeroDays/AI-Driven-Zero-Click-Exploit-Deployment-Framework
+- https://github.com/zefparis/zero-click-benji
+
--- a/2024/CVE-2024-0010.md
+++ b/2024/CVE-2024-0010.md
@@ -15,5 +15,6 @@ A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect portal
 No PoCs from references.

 #### Github
+- https://github.com/Manisha-03/XSS_Vulnerability
 - https://github.com/afine-com/research

--- a/2024/CVE-2024-0012.md
+++ b/2024/CVE-2024-0012.md
@@ -0,0 +1,42 @@
+### [CVE-2024-0012](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0012)
+![](https://img.shields.io/static/v1?label=Product&message=Cloud%20NGFW&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=PAN-OS&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Prisma%20Access&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-306%20Missing%20Authentication%20for%20Critical%20Function&color=brighgreen)
+
+### Description
+
+An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like  CVE-2024-9474 https://security.paloaltonetworks.com/CVE-2024-9474 .The risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended  best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, PAN-OS 11.1, and PAN-OS 11.2 software.Cloud NGFW and Prisma Access are not impacted by this vulnerability.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/0xjessie21/CVE-2024-0012
+- https://github.com/Mattb709/HELLCAT-Practical-Initial-Access-Guide-for-Red-Teams
+- https://github.com/Ostorlab/KEV
+- https://github.com/Regent8SH/PanOsExploitMultitool
+- https://github.com/Sachinart/CVE-2024-0012-POC
+- https://github.com/TalatumLabs/CVE-2024-0012_CVE-2024-9474_PoC
+- https://github.com/Threekiii/CVE
+- https://github.com/XiaomingX/awesome-cve-exp-poc
+- https://github.com/XiaomingX/cve-2024-0012-poc
+- https://github.com/aratane/CVE-2024-9474
+- https://github.com/crosswk/paloalto-cve-parser
+- https://github.com/dcollaoa/cve-2024-0012-gui-poc
+- https://github.com/greaselovely/CVE-2024-0012
+- https://github.com/iSee857/CVE-2024-0012-poc
+- https://github.com/k4nfr3/CVE-2024-9474
+- https://github.com/nomi-sec/PoC-in-GitHub
+- https://github.com/packetinside/CISA_BOT
+- https://github.com/plzheheplztrying/cve_monitor
+- https://github.com/punitdarji/Paloalto-CVE-2024-0012
+- https://github.com/rxerium/stars
+- https://github.com/tylzars/awesome-vrre-writeups
+- https://github.com/watchtowrlabs/palo-alto-panos-cve-2024-0012
+- https://github.com/zentrybox/worker-orchestator
+- https://github.com/zero16sec/panos-security-advisor
+
--- a/2024/CVE-2024-0023.md
+++ b/2024/CVE-2024-0023.md
@@ -13,5 +13,6 @@ In ConvertRGBToPlanarYUV of Codec2BufferUtils.cpp, there is a possible out of bo
 - https://android.googlesource.com/platform/frameworks/av/+/30b1b34cfd5abfcfee759e7d13167d368ac6c268

 #### Github
+- https://github.com/AbrarKhan/G3_Frameworks_av_CVE-2024-0023
 - https://github.com/nomi-sec/PoC-in-GitHub

--- a/2024/CVE-2024-0030.md
+++ b/2024/CVE-2024-0030.md
@@ -15,4 +15,5 @@ No PoCs from references.
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
 - https://github.com/nomi-sec/PoC-in-GitHub
+- https://github.com/uthrasri/system_bt_CVE-2024-0030

--- a/2024/CVE-2024-0039.md
+++ b/2024/CVE-2024-0039.md
@@ -14,5 +14,6 @@ No PoCs from references.

 #### Github
 - https://github.com/41yn14/CVE-2024-0039-Exploit
+- https://github.com/MssGmz99/fix-02-failure-CVE-2024-31319-CVE-2024-0039
 - https://github.com/nomi-sec/PoC-in-GitHub

--- a/2024/CVE-2024-0040.md
+++ b/2024/CVE-2024-0040.md
@@ -15,4 +15,5 @@ No PoCs from references.
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
 - https://github.com/nomi-sec/PoC-in-GitHub
+- https://github.com/uthrasri/frameworks_av_CVE-2024-0040

--- a/2024/CVE-2024-0044.md
+++ b/2024/CVE-2024-0044.md
@@ -1,6 +1,6 @@
 ### [CVE-2024-0044](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0044)
 ![](https://img.shields.io/static/v1?label=Product&message=Android&color=blue)
-![](https://img.shields.io/static/v1?label=Version&message=%3D%2014%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%2015%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=Elevation%20of%20privilege&color=brighgreen)

 ### Description
@@ -14,10 +14,30 @@ In createSessionInternal of PackageInstallerService.java, there is a possible ru
 - https://rtx.meta.security/exploitation/2024/03/04/Android-run-as-forgery.html

 #### Github
+- https://github.com/007CRIPTOGRAFIA/c-CVE-2024-0044
 - https://github.com/0xMarcio/cve
+- https://github.com/0xbinder/CVE-2024-0044
+- https://github.com/Andromeda254/cve
+- https://github.com/Ankitkushwaha90/trysanityapp
+- https://github.com/BlackTom900131/awesome-game-security
+- https://github.com/Dit-Developers/CVE-2024-0044-
 - https://github.com/GhostTroops/TOP
+- https://github.com/JackBlack818/Evil-Droid
+- https://github.com/Kai2er/CVE-2024-0044-EXP
+- https://github.com/MrW0l05zyn/cve-2024-0044
+- https://github.com/Re13orn/CVE-2024-0044-EXP
+- https://github.com/a-roshbaik/cve_2024_0044
+- https://github.com/canyie/CVE-2024-0044
+- https://github.com/canyie/canyie
+- https://github.com/fboaventura/awesome-starts
+- https://github.com/gmh5225/awesome-game-security
+- https://github.com/hunter24x24/cve_2024_0044
+- https://github.com/l1ackernishan/CVE-2024-0044
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/pl4int3xt/cve_2024_0044
 - https://github.com/scs-labrat/android_autorooter
+- https://github.com/sridhar-sec/EvilDroid
 - https://github.com/tanjiti/sec_profile
+- https://github.com/trevor0106/game-security
+- https://github.com/xdavidhu/awesome-google-vrp-writeups

--- a/2024/CVE-2024-0054.md
+++ b/2024/CVE-2024-0054.md
@@ -1,7 +1,7 @@
 ### [CVE-2024-0054](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0054)
 ![](https://img.shields.io/static/v1?label=Product&message=AXIS%20OS&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=%3D%20AXIS%20OS%206.50%20-%2011.8%20&color=brighgreen)
-![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-155%3A%20Improper%20Neutralization%20of%20Wildcards%20or%20Matching%20Symbols&color=brighgreen)

 ### Description

--- a/2024/CVE-2024-0055.md
+++ b/2024/CVE-2024-0055.md
@@ -1,7 +1,7 @@
 ### [CVE-2024-0055](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0055)
 ![](https://img.shields.io/static/v1?label=Product&message=AXIS%20OS&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=%3D%20AXIS%20OS%2010.12%20-%2011.8%20&color=brighgreen)
-![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-155%3A%20Improper%20Neutralization%20of%20Wildcards%20or%20Matching%20Symbols&color=brighgreen)

 ### Description

--- a/2024/CVE-2024-0056.md
+++ b/2024/CVE-2024-0056.md
@@ -44,6 +44,7 @@ Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Fe
 No PoCs from references.

 #### Github
+- https://github.com/EDemerzel/NuGetInspector
 - https://github.com/NaInSec/CVE-LIST
 - https://github.com/nomi-sec/PoC-in-GitHub

--- a/2024/CVE-2024-0057.md
+++ b/2024/CVE-2024-0057.md
@@ -55,4 +55,5 @@ No PoCs from references.

 #### Github
 - https://github.com/NaInSec/CVE-LIST
+- https://github.com/leoambrus/artefactswithoutCVEonGitHubAdvisoryDatabase

--- a/2024/CVE-2024-0132.md
+++ b/2024/CVE-2024-0132.md
@@ -0,0 +1,26 @@
+### [CVE-2024-0132](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0132)
+![](https://img.shields.io/static/v1?label=Product&message=Container%20Toolkit&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=GPU%20Operator&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20up%20to%20and%20including%2024.6.1%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20up%20to%20and%20including%20v1.16.1%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-367%20Time-of-check%20Time-of-use%20(TOCTOU)%20Race%20Condition&color=brighgreen)
+
+### Description
+
+NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/EGI-Federation/SVG-advisories
+- https://github.com/ctrsploit/ctrsploit
+- https://github.com/lgturatti/techdrops
+- https://github.com/nomi-sec/PoC-in-GitHub
+- https://github.com/r0binak/CVE-2024-0132
+- https://github.com/ssst0n3/docker_archive
+- https://github.com/ssst0n3/poc-cve-2024-0132
+- https://github.com/zhanpengliu-tencent/medium-cve
+
--- a/2024/CVE-2024-0135.md
+++ b/2024/CVE-2024-0135.md
@@ -0,0 +1,19 @@
+### [CVE-2024-0135](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0135)
+![](https://img.shields.io/static/v1?label=Product&message=NVIDIA%20Container%20Toolkit&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=NVIDIA%20GPU%20Operator&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20up%20to%20and%20including%2024.9.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20up%20to%20and%20including%20v1.17.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-653&color=brighgreen)
+
+### Description
+
+NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to modification of a host binary. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/EGI-Federation/SVG-advisories
+
--- a/2024/CVE-2024-0195.md
+++ b/2024/CVE-2024-0195.md
@@ -13,10 +13,31 @@ A vulnerability, which was classified as critical, was found in spider-flow 0.4.
 No PoCs from references.

 #### Github
+- https://github.com/0day404/HV-2024-POC
+- https://github.com/12442RF/POC
+- https://github.com/AboSteam/POPC
+- https://github.com/Cappricio-Securities/CVE-2024-0195
+- https://github.com/DMW11525708/wiki
+- https://github.com/Lern0n/Lernon-POC
+- https://github.com/Linxloop/fork_POC
 - https://github.com/Marco-zcl/POC
+- https://github.com/Michael-Meade/Links-Repository
 - https://github.com/Tropinene/Yscanner
+- https://github.com/WhosGa/MyWiki
+- https://github.com/Yuan08o/pocs
+- https://github.com/admin772/POC
+- https://github.com/adminlove520/pocWiki
+- https://github.com/adysec/POC
+- https://github.com/cisp-pte/POC-20241008-sec-fork
 - https://github.com/d4n-sec/d4n-sec.github.io
+- https://github.com/eeeeeeeeee-code/POC
+- https://github.com/gh-ost00/CVE-2024-0195-SpiderFlow
+- https://github.com/greenberglinken/2023hvv_1
+- https://github.com/hack-with-rohit/CVE-2024-0195-SpiderFlow
+- https://github.com/iemotion/POC
+- https://github.com/laoa1573/wy876
 - https://github.com/nomi-sec/PoC-in-GitHub
+- https://github.com/oLy0/Vulnerability
 - https://github.com/tanjiti/sec_profile
 - https://github.com/wjlin0/poc-doc
 - https://github.com/wy876/POC
--- a/2024/CVE-2024-0200.md
+++ b/2024/CVE-2024-0200.md
@@ -0,0 +1,19 @@
+### [CVE-2024-0200](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0200)
+![](https://img.shields.io/static/v1?label=Product&message=Enterprise%20Server&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-470%20Use%20of%20Externally-Controlled%20Input%20to%20Select%20Classes%20or%20Code%20('Unsafe%20Reflection')&color=brighgreen)
+
+### Description
+
+An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the GHES instance with the organization owner role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.13, 3.9.8, 3.10.5, and 3.11.3. This vulnerability was reported via the GitHub Bug Bounty program.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/convisolabs/CVE-2024-0507_CVE-2024-0200-github
+- https://github.com/nomi-sec/PoC-in-GitHub
+- https://github.com/tylzars/awesome-vrre-writeups
+
--- a/2024/CVE-2024-0204.md
+++ b/2024/CVE-2024-0204.md
@@ -14,15 +14,31 @@ Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauth
 - http://packetstormsecurity.com/files/176974/Fortra-GoAnywhere-MFT-Unauthenticated-Remote-Code-Execution.html

 #### Github
+- https://github.com/Acurtos01/PPS-Unidad2Actividad1-AdrianCurtoSanchez
+- https://github.com/Clealg01/PPS-Unidad2Actividad1-Cristian
+- https://github.com/EfstratiosLontzetidis/blogs_advisories_reports_papers
 - https://github.com/Mr-xn/Penetration_Testing_POC
+- https://github.com/Ospalus/PPS-Unidad2-Actividad1
 - https://github.com/Ostorlab/KEV
+- https://github.com/SergioMP04/PPS-Unidad2Actividad1-SergioMorato
 - https://github.com/Threekiii/CVE
 - https://github.com/adminlove520/CVE-2024-0204
 - https://github.com/cbeek-r7/CVE-2024-0204
 - https://github.com/gobysec/Goby
 - https://github.com/horizon3ai/CVE-2024-0204
+- https://github.com/ibrahmsql/CVE-2024-0204
+- https://github.com/ibrahmsql/CyberSecurity101-Roadmap
+- https://github.com/jmtatop01/PPS-Unidad2Actividad1-JulioManuel
 - https://github.com/lions2012/Penetration_Testing_POC
 - https://github.com/m-cetin/CVE-2024-0204
 - https://github.com/nomi-sec/PoC-in-GitHub
+- https://github.com/plzheheplztrying/cve_monitor
 - https://github.com/toxyl/lscve
+- https://github.com/vjp-albertoVG/PPS-Unidad2Actividad1-albertoVG
+- https://github.com/vjp-angelPB/PPS-Unidad2Actividad1-Angel
+- https://github.com/vjp-davidLC/vjp-davidLC-PPS-Unidad2Actividad1-David
+- https://github.com/vjp-ignacioBM/PPS-Unidad2Actividad1-Ignacio
+- https://github.com/vjp-mansurSY/PPS-Unidad2Actividad1-MansurSY
+- https://github.com/vjp-pabloGG/PPS-Unidad2Actividad1-PabloGilGalapero
+- https://github.com/vjp-raulAP/PPS-Unidad2Actividad1-Raul_Albalat_Perez

--- a/2024/CVE-2024-0208.md
+++ b/2024/CVE-2024-0208.md
@@ -1,7 +1,7 @@
 ### [CVE-2024-0208](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0208)
 ![](https://img.shields.io/static/v1?label=Product&message=Wireshark&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=4.2.0%3C%204.2.1%20&color=brighgreen)
-![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-674%3A%20Uncontrolled%20Recursion&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-230%3A%20Improper%20Handling%20of%20Missing%20Values&color=brighgreen)

 ### Description

--- a/2024/CVE-2024-0220.md
+++ b/2024/CVE-2024-0220.md
@@ -3,9 +3,8 @@
 ![](https://img.shields.io/static/v1?label=Product&message=Technology%20Guarding&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=1.0.0%3C%201.4.0%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Version&message=4.0%3C%204.6%20&color=brighgreen)
-![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-311%20Missing%20Encryption%20of%20Sensitive%20Data&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1240%3A%20Use%20of%20a%20Cryptographic%20Primitive%20with%20a%20Risky%20Implementation&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-319%20Cleartext%20Transmission%20of%20Sensitive%20Information&color=brighgreen)
-![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-326%20Inadequate%20Encryption%20Strength&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%20Improper%20Control%20of%20Generation%20of%20Code%20('Code%20Injection')&color=brighgreen)

 ### Description
--- a/2024/CVE-2024-0229.md
+++ b/2024/CVE-2024-0229.md
@@ -14,7 +14,7 @@
 ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209.0%20Extended%20Update%20Support&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209.2%20Extended%20Update%20Support&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
-![](https://img.shields.io/static/v1?label=Vulnerability&message=Access%20of%20Memory%20Location%20After%20End%20of%20Buffer&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Out-of-bounds%20Write&color=brighgreen)

 ### Description

--- a/2024/CVE-2024-0230.md
+++ b/2024/CVE-2024-0230.md
@@ -13,10 +13,15 @@ A session management issue was addressed with improved checks. This issue is fix
 No PoCs from references.

 #### Github
+- https://github.com/0xor0ne/awesome-list
+- https://github.com/CerberusMrX/Advanced-Bluetooth-Penetration-Testing-Tool
 - https://github.com/H4lo/awesome-IoT-security-article
+- https://github.com/Jalexander798/JA_Tools-Cybersecurity-Resource-2
+- https://github.com/bachkhoasoft/awesome-list-ks
 - https://github.com/gato001k1/helt
 - https://github.com/keldnorman/cve-2024-0230-blue
 - https://github.com/marcnewlin/hi_my_name_is_keyboard
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/shirin-ehtiram/hi_my_name_is_keyboard
+- https://github.com/xG3nesis/RustyInjector

--- a/2024/CVE-2024-0235.md
+++ b/2024/CVE-2024-0235.md
@@ -14,6 +14,7 @@ The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7

 #### Github
 - https://github.com/Cappricio-Securities/CVE-2024-0235
+- https://github.com/Nxploited/CVE-2024-0235-PoC
 - https://github.com/fkie-cad/nvd-json-data-feeds
 - https://github.com/nomi-sec/PoC-in-GitHub

--- a/2024/CVE-2024-0241.md
+++ b/2024/CVE-2024-0241.md
@@ -0,0 +1,17 @@
+### [CVE-2024-0241](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0241)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%20Uncontrolled%20Resource%20Consumption&color=brighgreen)
+
+### Description
+
+encoded_id-rails versions before 1.0.0.beta2 are affected by an uncontrolled resource consumption vulnerability. A remote and unauthenticated attacker might cause a denial of service condition by sending an HTTP request with an extremely long "id" parameter.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/leoambrus/artefactswithoutCVEonGitHubAdvisoryDatabase
+
--- a/2024/CVE-2024-0247.md
+++ b/2024/CVE-2024-0247.md
@@ -10,7 +10,7 @@ A vulnerability classified as critical was found in CodeAstro Online Food Orderi
 ### POC

 #### Reference
-No PoCs from references.
+- https://vuldb.com/?id.249778

 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
--- a/2024/CVE-2024-0249.md
+++ b/2024/CVE-2024-0249.md
@@ -0,0 +1,17 @@
+### [CVE-2024-0249](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0249)
+![](https://img.shields.io/static/v1?label=Product&message=Advanced%20Schedule%20Posts&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen)
+
+### Description
+
+The Advanced Schedule Posts WordPress plugin through 2.1.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admins.
+
+### POC
+
+#### Reference
+- https://wpscan.com/vulnerability/e7ee3e73-1086-421f-b586-d415a45a6c8e/
+
+#### Github
+No PoCs found on GitHub currently.
+
--- a/2024/CVE-2024-0253.md
+++ b/2024/CVE-2024-0253.md
@@ -14,4 +14,5 @@ No PoCs from references.

 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
+- https://github.com/minhgalaxy/CVE

--- a/2024/CVE-2024-0261.md
+++ b/2024/CVE-2024-0261.md
@@ -15,5 +15,6 @@ A vulnerability has been found in Sentex FTPDMIN 0.96 and classified as problema
 - https://www.youtube.com/watch?v=q-CVJfYdd-g

 #### Github
+- https://github.com/cnetsec/south-america-cve-hall
 - https://github.com/fkie-cad/nvd-json-data-feeds

--- a/2024/CVE-2024-0263.md
+++ b/2024/CVE-2024-0263.md
@@ -14,5 +14,6 @@ A vulnerability was found in ACME Ultra Mini HTTPd 1.21. It has been classified
 - https://packetstormsecurity.com/files/176333/Ultra-Mini-HTTPd-1.21-Denial-Of-Service.html

 #### Github
+- https://github.com/cnetsec/south-america-cve-hall
 - https://github.com/fkie-cad/nvd-json-data-feeds

--- a/2024/CVE-2024-0269.md
+++ b/2024/CVE-2024-0269.md
@@ -14,4 +14,5 @@ No PoCs from references.

 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
+- https://github.com/minhgalaxy/CVE

--- a/2024/CVE-2024-0305.md
+++ b/2024/CVE-2024-0305.md
@@ -13,13 +13,30 @@ A vulnerability was found in Guangzhou Yingke Electronic Technology Ncast up to
 No PoCs from references.

 #### Github
+- https://github.com/0day404/HV-2024-POC
+- https://github.com/12442RF/POC
 - https://github.com/20142995/pocsuite3
+- https://github.com/AboSteam/POPC
+- https://github.com/DMW11525708/wiki
+- https://github.com/Lern0n/Lernon-POC
+- https://github.com/Linxloop/fork_POC
 - https://github.com/Marco-zcl/POC
 - https://github.com/Tropinene/Yscanner
+- https://github.com/WhosGa/MyWiki
+- https://github.com/Yuan08o/pocs
+- https://github.com/admin772/POC
+- https://github.com/adminlove520/pocWiki
+- https://github.com/adysec/POC
+- https://github.com/cisp-pte/POC-20241008-sec-fork
 - https://github.com/d4n-sec/d4n-sec.github.io
 - https://github.com/dddinmx/POC-Pocsuite3
+- https://github.com/eeeeeeeeee-code/POC
+- https://github.com/greenberglinken/2023hvv_1
+- https://github.com/iemotion/POC
 - https://github.com/jidle123/cve-2024-0305exp
+- https://github.com/laoa1573/wy876
 - https://github.com/nomi-sec/PoC-in-GitHub
+- https://github.com/oLy0/Vulnerability
 - https://github.com/tanjiti/sec_profile
 - https://github.com/wjlin0/poc-doc
 - https://github.com/wy876/POC
--- a/2024/CVE-2024-0311.md
+++ b/2024/CVE-2024-0311.md
@@ -13,5 +13,6 @@ A malicious insider can bypass the existing policy of Skyhigh Client Proxy witho
 - https://kcm.trellix.com/corporate/index?page=content&id=SB10418

 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/calligraf0/CVE-2024-0311
+- https://github.com/nomi-sec/PoC-in-GitHub

--- a/2024/CVE-2024-0323.md
+++ b/2024/CVE-2024-0323.md
@@ -1,7 +1,7 @@
 ### [CVE-2024-0323](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0323)
 ![](https://img.shields.io/static/v1?label=Product&message=Automation%20Runtime&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=14.0%3C%2014.93%20&color=brighgreen)
-![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-327%20Use%20of%20a%20Broken%20or%20Risky%20Cryptographic%20Algorithm&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1240%3A%20Use%20of%20a%20Cryptographic%20Primitive%20with%20a%20Risky%20Implementation&color=brighgreen)

 ### Description

--- a/2024/CVE-2024-0324.md
+++ b/2024/CVE-2024-0324.md
@@ -0,0 +1,18 @@
+### [CVE-2024-0324](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0324)
+![](https://img.shields.io/static/v1?label=Product&message=User%20Profile%20Builder%20%E2%80%93%20Beautiful%20User%20Registration%20Forms%2C%20User%20Profiles%20%26%20User%20Role%20Editor&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%203.10.8%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%20Improper%20Access%20Control&color=brighgreen)
+
+### Description
+
+The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wppb_two_factor_authentication_settings_update' function in all versions up to, and including, 3.10.8. This makes it possible for unauthenticated attackers to enable or disable the 2FA functionality present in the Premium version of the plugin for arbitrary user roles.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/kodaichodai/CVE-2024-0324
+- https://github.com/nomi-sec/PoC-in-GitHub
+
--- a/2024/CVE-2024-0352.md
+++ b/2024/CVE-2024-0352.md
@@ -13,6 +13,7 @@ A vulnerability classified as critical was found in Likeshop up to 2.5.7.2021031
 No PoCs from references.

 #### Github
+- https://github.com/Cappricio-Securities/CVE-2024-0352
 - https://github.com/Tropinene/Yscanner
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/tanjiti/sec_profile
--- a/2024/CVE-2024-0360.md
+++ b/2024/CVE-2024-0360.md
@@ -0,0 +1,17 @@
+### [CVE-2024-0360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0360)
+![](https://img.shields.io/static/v1?label=Product&message=Hospital%20Management%20System&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen)
+
+### Description
+
+A vulnerability was found in PHPGurukul Hospital Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/edit-doctor-specialization.php. The manipulation of the argument doctorspecilization leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250127.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/KadinFisher/CVE_LLM_Testing
+
--- a/2024/CVE-2024-0365.md
+++ b/2024/CVE-2024-0365.md
@@ -14,4 +14,5 @@ The Fancy Product Designer WordPress plugin before 6.1.5 does not properly sanit

 #### Github
 - https://github.com/NaInSec/CVE-LIST
+- https://github.com/xbz0n/xbz0n

--- a/2024/CVE-2024-0368.md
+++ b/2024/CVE-2024-0368.md
@@ -0,0 +1,18 @@
+### [CVE-2024-0368](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0368)
+![](https://img.shields.io/static/v1?label=Product&message=Hustle%20%E2%80%93%20Email%20Marketing%2C%20Lead%20Generation%2C%20Optins%2C%20Popups&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%207.8.3%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-522%20Insufficiently%20Protected%20Credentials&color=brighgreen)
+
+### Description
+
+The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.8.3 via hardcoded API Keys. This makes it possible for unauthenticated attackers to extract sensitive data including PII.
+
+### POC
+
+#### Reference
+- https://developers.hubspot.com/docs/api/webhooks#manage-settings-via-api
+- https://developers.hubspot.com/docs/api/webhooks#scopes
+
+#### Github
+No PoCs found on GitHub currently.
+
--- a/2024/CVE-2024-0379.md
+++ b/2024/CVE-2024-0379.md
@@ -0,0 +1,18 @@
+### [CVE-2024-0379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0379)
+![](https://img.shields.io/static/v1?label=Product&message=Custom%20Twitter%20Feeds%20%E2%80%93%20A%20Tweets%20Widget%20or%20X%20Feed%20Widget&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.2.1%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen)
+
+### Description
+
+The Custom Twitter Feeds – A Tweets Widget or X Feed Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the ctf_auto_save_tokens function. This makes it possible for unauthenticated attackers to update the site's twitter API token and secret via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/kodaichodai/CVE-2024-0379
+- https://github.com/nomi-sec/PoC-in-GitHub
+
--- a/2024/CVE-2024-0399.md
+++ b/2024/CVE-2024-0399.md
@@ -15,4 +15,5 @@ The WooCommerce Customers Manager WordPress plugin before 29.7 does not properly
 #### Github
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/xbz0n/CVE-2024-0399
+- https://github.com/xbz0n/xbz0n

--- a/2024/CVE-2024-0402.md
+++ b/2024/CVE-2024-0402.md
@@ -15,6 +15,8 @@ No PoCs from references.
 #### Github
 - https://github.com/0xfschott/CVE-search
 - https://github.com/ch4nui/CVE-2024-0402-RCE
+- https://github.com/doyensec/malicious-devfile-registry
 - https://github.com/nomi-sec/PoC-in-GitHub
+- https://github.com/plzheheplztrying/cve_monitor
 - https://github.com/tanjiti/sec_profile

--- a/2024/CVE-2024-0405.md
+++ b/2024/CVE-2024-0405.md
@@ -0,0 +1,17 @@
+### [CVE-2024-0405](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0405)
+![](https://img.shields.io/static/v1?label=Product&message=Burst%20Statistics%20%E2%80%93%20Privacy-Friendly%20Analytics%20for%20WordPress&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.5.3%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen)
+
+### Description
+
+The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin, version 1.5.3, is vulnerable to Post-Authenticated SQL Injection via multiple JSON parameters in the /wp-json/burst/v1/data/compare endpoint. Affected parameters include 'browser', 'device', 'page_id', 'page_url', 'platform', and 'referrer'. This vulnerability arises due to insufficient escaping of user-supplied parameters and the lack of adequate preparation in SQL queries. As a result, authenticated attackers with editor access or higher can append additional SQL queries into existing ones, potentially leading to unauthorized access to sensitive information from the database.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/xbz0n/xbz0n
+
--- a/2024/CVE-2024-0406.md
+++ b/2024/CVE-2024-0406.md
@@ -1,7 +1,7 @@
 ### [CVE-2024-0406](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0406)
 ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Advanced%20Cluster%20Security%203&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Advanced%20Cluster%20Security%204&color=blue)
-![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204.18&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen)

@@ -16,4 +16,8 @@ No PoCs from references.

 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
+- https://github.com/nomi-sec/PoC-in-GitHub
+- https://github.com/plzheheplztrying/cve_monitor
+- https://github.com/veissa/Desires
+- https://github.com/walidpyh/CVE-2024-0406-POC

--- a/2024/CVE-2024-0418.md
+++ b/2024/CVE-2024-0418.md
@@ -13,5 +13,6 @@ A vulnerability has been found in iSharer and upRedSun File Sharing Wizard up to
 - https://cxsecurity.com/issue/WLB-2024010023

 #### Github
+- https://github.com/cnetsec/south-america-cve-hall
 - https://github.com/fkie-cad/nvd-json-data-feeds

--- a/2024/CVE-2024-0419.md
+++ b/2024/CVE-2024-0419.md
@@ -14,5 +14,5 @@ A vulnerability was found in Jasper httpdx up to 1.5.4 and classified as problem
 - https://www.youtube.com/watch?v=6dAWGH0-6TY

 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/cnetsec/south-america-cve-hall

--- a/2024/CVE-2024-0443.md
+++ b/2024/CVE-2024-0443.md
@@ -0,0 +1,21 @@
+### [CVE-2024-0443](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0443)
+![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%206&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209.2%20Extended%20Update%20Support&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Transmission%20of%20Private%20Resources%20into%20a%20New%20Sphere%20('Resource%20Leak')&color=brighgreen)
+
+### Description
+
+A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. When a cgroup is being destroyed, cgroup_rstat_flush() is only called at css_release_work_fn(), which is called when the blkcg reference count reaches 0. This circular dependency will prevent blkcg and some blkgs from being freed after they are made offline. This issue may allow an attacker with a local access to cause system instability, such as an out of memory error.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/ARPSyndicate/cve-scores
+
--- a/2024/CVE-2024-0446.md
+++ b/2024/CVE-2024-0446.md
@@ -1,11 +1,19 @@
 ### [CVE-2024-0446](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0446)
-![](https://img.shields.io/static/v1?label=Product&message=Autodesk%20applications&color=blue)
-![](https://img.shields.io/static/v1?label=Version&message=%3D%202024%2C%202023%2C%202022%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Product&message=Advance%20Steel&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Architecture&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Electrical&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20MAP%203D&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20MEP&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Mechanical&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Plant%203D&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=AutoCAD&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Civil%203D&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=2025%3C%202025.0.1%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-787%20Out-of-bounds%20Write&color=brighgreen)

 ### Description

-A maliciously crafted STP, CATPART or MODEL file when parsed in ASMKERN228A.dll and ASMdatax229A.dll through Autodesk applications can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
+A maliciously crafted STP, CATPART or MODEL file, when parsed in ASMKERN228A.dll and ASMdatax229A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

 ### POC

--- a/2024/CVE-2024-0448.md
+++ b/2024/CVE-2024-0448.md
@@ -0,0 +1,17 @@
+### [CVE-2024-0448](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0448)
+![](https://img.shields.io/static/v1?label=Product&message=Elementor%20Addons%20by%20Livemesh&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%208.3.1%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget URL parameters in all versions up to, and including, 8.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/CyberSecAI/cve_dedup
+
--- a/2024/CVE-2024-0456.md
+++ b/2024/CVE-2024-0456.md
@@ -1,7 +1,7 @@
 ### [CVE-2024-0456](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0456)
 ![](https://img.shields.io/static/v1?label=Product&message=GitLab&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=14.0%3C%2016.6.6%20&color=brighgreen)
-![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-285%3A%20Improper%20Authorization&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-425%3A%20Direct%20Request%20('Forced%20Browsing')&color=brighgreen)

 ### Description

--- a/2024/CVE-2024-0507.md
+++ b/2024/CVE-2024-0507.md
@@ -0,0 +1,19 @@
+### [CVE-2024-0507](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0507)
+![](https://img.shields.io/static/v1?label=Product&message=Enterprise%20Server&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=3.8.0%3C%3D%203.8.12%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%20Improper%20Input%20Validation&color=brighgreen)
+
+### Description
+
+An attacker with access to a Management Console user account with the editor role could escalate privileges through a command injection vulnerability in the Management Console. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.11.3, 3.10.5, 3.9.8, and 3.8.13 This vulnerability was reported via the GitHub Bug Bounty program.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/convisolabs/CVE-2024-0507_CVE-2024-0200-github
+- https://github.com/nomi-sec/PoC-in-GitHub
+- https://github.com/tylzars/awesome-vrre-writeups
+
--- a/2024/CVE-2024-0509.md
+++ b/2024/CVE-2024-0509.md
@@ -0,0 +1,18 @@
+### [CVE-2024-0509](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0509)
+![](https://img.shields.io/static/v1?label=Product&message=WP%20404%20Auto%20Redirect%20to%20Similar%20Post&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.0.3%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+The WP 404 Auto Redirect to Similar Post plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘request’ parameter in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/kodaichodai/CVE-2024-0509
+- https://github.com/nomi-sec/PoC-in-GitHub
+
--- a/2024/CVE-2024-0517.md
+++ b/2024/CVE-2024-0517.md
@@ -13,9 +13,18 @@ Out of bounds write in V8 in Google Chrome prior to 120.0.6099.224 allowed a rem
 No PoCs from references.

 #### Github
+- https://github.com/0xor0ne/awesome-list
+- https://github.com/Jalexander798/JA_Tools-Cybersecurity-Resource-2
 - https://github.com/Uniguri/CVE-1day
 - https://github.com/Uniguri/CVE-nday
+- https://github.com/bachkhoasoft/awesome-list-ks
+- https://github.com/gmh5225/vulnjs
+- https://github.com/mwlik/v8-resources
 - https://github.com/ret2eax/exploits
 - https://github.com/rycbar77/V8Exploits
 - https://github.com/sploitem/v8-writeups
+- https://github.com/sploitem/v8pwn
+- https://github.com/wh1ant/vulnjs
+- https://github.com/worthdoingbadly/chrome-118-tools
+- https://github.com/xv0nfers/V8-sbx-bypass-collection

--- a/2024/CVE-2024-0519.md
+++ b/2024/CVE-2024-0519.md
@@ -13,9 +13,12 @@ Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allow
 No PoCs from references.

 #### Github
+- https://github.com/DEORE1001/Task-3
 - https://github.com/JohnHormond/CVE-2024-0519-Chrome-exploit
 - https://github.com/Ostorlab/KEV
 - https://github.com/Oxdestiny/CVE-2024-0519-Chrome-exploit
 - https://github.com/Threekiii/CVE
+- https://github.com/gmh5225/vulnjs
 - https://github.com/nomi-sec/PoC-in-GitHub
+- https://github.com/wh1ant/vulnjs

--- a/2024/CVE-2024-0520.md
+++ b/2024/CVE-2024-0520.md
@@ -0,0 +1,18 @@
+### [CVE-2024-0520](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0520)
+![](https://img.shields.io/static/v1?label=Product&message=mlflow%2Fmlflow&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%202.9.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-23%20Relative%20Path%20Traversal&color=brighgreen)
+
+### Description
+
+A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command ('Command Injection') within the `mlflow.data.http_dataset_source.py` module. Specifically, when loading a dataset from a source URL with an HTTP scheme, the filename extracted from the `Content-Disposition` header or the URL path is used to generate the final file path without proper sanitization. This flaw enables an attacker to control the file path fully by utilizing path traversal or absolute path techniques, such as '../../tmp/poc.txt' or '/tmp/poc.txt', leading to arbitrary file write. Exploiting this vulnerability could allow a malicious user to execute commands on the vulnerable machine, potentially gaining access to data and model information. The issue is fixed in version 2.9.0.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/chan-068/CVE-2024-0520_try
+- https://github.com/nomi-sec/PoC-in-GitHub
+
--- a/2024/CVE-2024-0522.md
+++ b/2024/CVE-2024-0522.md
@@ -13,5 +13,6 @@ A vulnerability was found in Allegro RomPager 4.01. It has been classified as pr
 No PoCs from references.

 #### Github
+- https://github.com/cnetsec/south-america-cve-hall
 - https://github.com/fkie-cad/nvd-json-data-feeds

--- a/2024/CVE-2024-0532.md
+++ b/2024/CVE-2024-0532.md
@@ -1,11 +1,12 @@
 ### [CVE-2024-0532](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0532)
 ![](https://img.shields.io/static/v1?label=Product&message=A15&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=%3D%2015.13.07.13%20&color=brighgreen)
-![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%20Stack-based%20Buffer%20Overflow&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Memory%20Corruption&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Stack-based%20Buffer%20Overflow&color=brighgreen)

 ### Description

-A vulnerability was found in Tenda A15 15.13.07.13. It has been declared as critical. This vulnerability affects unknown code of the file /goform/WifiExtraSet of the component Web-based Management Interface. The manipulation of the argument wpapsk_crypto2_4g leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250702 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
+A vulnerability was found in Tenda A15 15.13.07.13. It has been declared as critical. This vulnerability affects the function set_repeat5 of the file /goform/WifiExtraSet of the component Web-based Management Interface. The manipulation of the argument wpapsk_crypto2_4g/wpapsk_crypto5g leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

 ### POC

--- a/2024/CVE-2024-0535.md
+++ b/2024/CVE-2024-0535.md
@@ -0,0 +1,17 @@
+### [CVE-2024-0535](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0535)
+![](https://img.shields.io/static/v1?label=Product&message=PA6&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0.1.21%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%20Stack-based%20Buffer%20Overflow&color=brighgreen)
+
+### Description
+
+A vulnerability classified as critical was found in Tenda PA6 1.0.1.21. Affected by this vulnerability is the function cgiPortMapAdd of the file /portmap of the component httpd. The manipulation of the argument groupName leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250705 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/attilaszia/linux-iot-cves
+
--- a/2024/CVE-2024-0546.md
+++ b/2024/CVE-2024-0546.md
@@ -13,5 +13,5 @@ A vulnerability, which was classified as problematic, has been found in EasyFTP
 - https://packetstormsecurity.com/files/94905/EasyFTP-1.7.0.x-Denial-Of-Service.html

 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/cnetsec/south-america-cve-hall

--- a/2024/CVE-2024-0547.md
+++ b/2024/CVE-2024-0547.md
@@ -13,5 +13,5 @@ A vulnerability has been found in Ability FTP Server 2.34 and classified as prob
 - https://packetstormsecurity.com/files/163079/Ability-FTP-Server-2.34-Denial-Of-Service.html

 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/cnetsec/south-america-cve-hall

--- a/2024/CVE-2024-0548.md
+++ b/2024/CVE-2024-0548.md
@@ -13,5 +13,5 @@ A vulnerability was found in FreeFloat FTP Server 1.0 and classified as problema
 - https://packetstormsecurity.com/files/163038/FreeFloat-FTP-Server-1.0-Denial-Of-Service.html

 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/cnetsec/south-america-cve-hall

--- a/2024/CVE-2024-0564.md
+++ b/2024/CVE-2024-0564.md
@@ -4,7 +4,7 @@
 ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
-![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Observable%20Discrepancy&color=brighgreen)

 ### Description

@@ -13,7 +13,7 @@ A flaw was found in the Linux kernel's memory deduplication mechanism. The max p
 ### POC

 #### Reference
-No PoCs from references.
+- https://wisa.or.kr/accepted

 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
--- a/2024/CVE-2024-0566.md
+++ b/2024/CVE-2024-0566.md
@@ -16,4 +16,5 @@ The Smart Manager WordPress plugin before 8.28.0 does not properly sanitise and
 - https://github.com/fkie-cad/nvd-json-data-feeds
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/xbz0n/CVE-2024-0566
+- https://github.com/xbz0n/xbz0n

--- a/2024/CVE-2024-0582.md
+++ b/2024/CVE-2024-0582.md
@@ -17,17 +17,33 @@ No PoCs from references.

 #### Github
 - https://github.com/0ptyx/cve-2024-0582
+- https://github.com/0xAtharv/kernel-POCs
+- https://github.com/0xor0ne/awesome-list
 - https://github.com/0xsyr0/OSCP
+- https://github.com/101010zyl/CVE-2024-0582-dataonly
+- https://github.com/AMatheusFeitosaM/OSCP-Cheat
+- https://github.com/Faizan-Khanx/OSCP
 - https://github.com/Forsaken0129/CVE-2024-0582
 - https://github.com/Forsaken0129/UltimateLinuxPrivilage
 - https://github.com/FoxyProxys/CVE-2024-0582
 - https://github.com/GhostTroops/TOP
+- https://github.com/PsychoH4x0r/Unknown1337-Auto-Root-
+- https://github.com/ReflectedThanatos/OSCP-cheatsheet
+- https://github.com/SantoriuHen/NotesHck
+- https://github.com/VishuGahlyan/OSCP
 - https://github.com/aneasystone/github-trending
+- https://github.com/arttnba3/D3CTF2025_d3kshrm
 - https://github.com/exfilt/CheatSheet
+- https://github.com/fazilbaig1/oscp
 - https://github.com/fireinrain/github-trending
+- https://github.com/geniuszly/CVE-2024-0582
 - https://github.com/jafshare/GithubTrending
 - https://github.com/johe123qwe/github-trending
+- https://github.com/kuzeyardabulut/CVE-2024-0582
+- https://github.com/mowenroot/Kernel
 - https://github.com/nomi-sec/PoC-in-GitHub
+- https://github.com/plzheheplztrying/cve_monitor
+- https://github.com/pwnmonk/io_uring-n-day
 - https://github.com/xairy/linux-kernel-exploitation
 - https://github.com/ysanatomic/io_uring_LPE-CVE-2024-0582

--- a/2024/CVE-2024-0588.md
+++ b/2024/CVE-2024-0588.md
@@ -0,0 +1,18 @@
+### [CVE-2024-0588](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0588)
+![](https://img.shields.io/static/v1?label=Product&message=Paid%20Memberships%20Pro%20%E2%80%93%20Content%20Restriction%2C%20User%20Registration%2C%20%26%20Paid%20Subscriptions&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.12.10%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen)
+
+### Description
+
+The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.10. This is due to missing nonce validation on the pmpro_lifter_save_streamline_option() function. This makes it possible for unauthenticated attackers to enable the streamline setting with Lifter LMS via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/kodaichodai/CVE-2024-0588
+- https://github.com/nomi-sec/PoC-in-GitHub
+
--- a/2024/CVE-2024-0589.md
+++ b/2024/CVE-2024-0589.md
@@ -10,7 +10,7 @@ Cross-site scripting (XSS) vulnerability in the entry overview tab in Devolution
 ### POC

 #### Reference
-No PoCs from references.
+- https://devolutions.net/security/advisories/DEVO-2024-0001/

 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
--- a/2024/CVE-2024-0590.md
+++ b/2024/CVE-2024-0590.md
@@ -0,0 +1,18 @@
+### [CVE-2024-0590](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0590)
+![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Clarity&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%200.9.3%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen)
+
+### Description
+
+The Microsoft Clarity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9.3. This is due to missing nonce validation on the edit_clarity_project_id() function. This makes it possible for unauthenticated attackers to change the project id and add malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/kodaichodai/CVE-2024-0590
+- https://github.com/nomi-sec/PoC-in-GitHub
+
--- a/2024/CVE-2024-0605.md
+++ b/2024/CVE-2024-0605.md
@@ -0,0 +1,17 @@
+### [CVE-2024-0605](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0605)
+![](https://img.shields.io/static/v1?label=Product&message=Focus%20for%20iOS&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%20122%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=JavaScript%20URI%20running%20on%20top%20origin%20sites&color=brighgreen)
+
+### Description
+
+Using a javascript: URI with a setTimeout race condition, an attacker can execute unauthorized scripts on top origin sites in urlbar. This bypasses security measures, potentially leading to arbitrary code execution or unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS < 122.
+
+### POC
+
+#### Reference
+- https://bugzilla.mozilla.org/show_bug.cgi?id=1855575
+
+#### Github
+No PoCs found on GitHub currently.
+
--- a/2024/CVE-2024-0606.md
+++ b/2024/CVE-2024-0606.md
@@ -0,0 +1,17 @@
+### [CVE-2024-0606](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0606)
+![](https://img.shields.io/static/v1?label=Product&message=Focus%20for%20iOS&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%20122%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=UXSS%20attack%20with%20window.open()&color=brighgreen)
+
+### Description
+
+An attacker could execute unauthorized script on a legitimate site through UXSS using window.open() by opening a javascript URI leading to unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS < 122.
+
+### POC
+
+#### Reference
+- https://bugzilla.mozilla.org/show_bug.cgi?id=1855030
+
+#### Github
+No PoCs found on GitHub currently.
+
--- a/2024/CVE-2024-0623.md
+++ b/2024/CVE-2024-0623.md
@@ -14,4 +14,6 @@ No PoCs from references.

 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
+- https://github.com/kodaichodai/CVE-2024-0623
+- https://github.com/nomi-sec/PoC-in-GitHub

--- a/2024/CVE-2024-0624.md
+++ b/2024/CVE-2024-0624.md
@@ -14,4 +14,6 @@ No PoCs from references.

 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
+- https://github.com/kodaichodai/CVE-2024-0624
+- https://github.com/nomi-sec/PoC-in-GitHub

--- a/2024/CVE-2024-0646.md
+++ b/2024/CVE-2024-0646.md
@@ -16,7 +16,7 @@
 ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209.2%20Extended%20Update%20Support&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Virtualization%204%20for%20Red%20Hat%20Enterprise%20Linux%208&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
-![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Out-of-bounds%20Write&color=brighgreen)

 ### Description

@@ -30,4 +30,5 @@ An out-of-bounds memory write flaw was found in the Linux kernel’s Transport L
 #### Github
 - https://github.com/NaInSec/CVE-LIST
 - https://github.com/fkie-cad/nvd-json-data-feeds
+- https://github.com/ndouglas-cloudsmith/exploit-check

--- a/2024/CVE-2024-0654.md
+++ b/2024/CVE-2024-0654.md
@@ -13,6 +13,7 @@ A vulnerability, which was classified as problematic, was found in DeepFaceLab p
 No PoCs from references.

 #### Github
+- https://github.com/TrustAI-laboratory/TrustAI-laboratory
 - https://github.com/bayuncao/bayuncao
 - https://github.com/fkie-cad/nvd-json-data-feeds

--- a/2024/CVE-2024-0683.md
+++ b/2024/CVE-2024-0683.md
@@ -0,0 +1,18 @@
+### [CVE-2024-0683](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0683)
+![](https://img.shields.io/static/v1?label=Product&message=Bulgarisation%20for%20WooCommerce&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%203.0.14%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen)
+
+### Description
+
+The Bulgarisation for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions in all versions up to, and including, 3.0.14. This makes it possible for unauthenticated and authenticated attackers, with subscriber-level access and above, to generate and delete labels.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/3474458191/CVE-2024-0683
+- https://github.com/nomi-sec/PoC-in-GitHub
+
--- a/2024/CVE-2024-0692.md
+++ b/2024/CVE-2024-0692.md
@@ -13,6 +13,7 @@ The SolarWinds Security Event Manager was susceptible to Remote Code Execution V
 No PoCs from references.

 #### Github
+- https://github.com/1diot9/MyJavaSecStudy
 - https://github.com/Ostorlab/KEV
 - https://github.com/f0ur0four/Insecure-Deserialization

--- a/2024/CVE-2024-0693.md
+++ b/2024/CVE-2024-0693.md
@@ -15,5 +15,5 @@ A vulnerability classified as problematic was found in EFS Easy File Sharing FTP
 - https://www.youtube.com/watch?v=Rcl6VWg_bPY

 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/cnetsec/south-america-cve-hall

--- a/2024/CVE-2024-0695.md
+++ b/2024/CVE-2024-0695.md
@@ -16,5 +16,5 @@ A vulnerability, which was classified as problematic, has been found in EFS Easy
 - https://www.youtube.com/watch?v=nGyS2Rp5aEo

 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/cnetsec/south-america-cve-hall

--- a/2024/CVE-2024-0708.md
+++ b/2024/CVE-2024-0708.md
@@ -0,0 +1,17 @@
+### [CVE-2024-0708](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0708)
+![](https://img.shields.io/static/v1?label=Product&message=Landing%20Page%20Cat%20%E2%80%93%20Coming%20Soon%20Page%2C%20Maintenance%20Page%20%26%20Squeeze%20Pages&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.7.2%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Information%20Exposure&color=brighgreen)
+
+### Description
+
+The Landing Page Cat – Coming Soon Page, Maintenance Page & Squeeze Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.2. This makes it possible for unauthenticated attackers to access landing pages that may not be public.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/calysteon/calysteon
+
--- a/2024/CVE-2024-0723.md
+++ b/2024/CVE-2024-0723.md
@@ -13,5 +13,5 @@ A vulnerability was found in freeSSHd 1.0.9 on Windows. It has been classified a
 - https://packetstormsecurity.com/files/176545/freeSSHd-1.0.9-Denial-Of-Service.html

 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/cnetsec/south-america-cve-hall

--- a/2024/CVE-2024-0725.md
+++ b/2024/CVE-2024-0725.md
@@ -13,5 +13,5 @@ A vulnerability was found in ProSSHD 1.2 on Windows. It has been declared as pro
 - https://packetstormsecurity.com/files/176544/ProSSHD-1.2-20090726-Denial-Of-Service.html

 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/cnetsec/south-america-cve-hall

--- a/2024/CVE-2024-0727.md
+++ b/2024/CVE-2024-0727.md
@@ -1,7 +1,7 @@
 ### [CVE-2024-0727](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0727)
 ![](https://img.shields.io/static/v1?label=Product&message=OpenSSL&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=3.2.0%3C%203.2.1%20&color=brighgreen)
-![](https://img.shields.io/static/v1?label=Vulnerability&message=NULL%20Pointer%20Dereference&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-476%20NULL%20Pointer%20Dereference&color=brighgreen)

 ### Description

@@ -14,8 +14,12 @@ No PoCs from references.

 #### Github
 - https://github.com/GrigGM/05-virt-04-docker-hw
+- https://github.com/akaganeite/CVE4PP
 - https://github.com/chnzzh/OpenSSL-CVE-lib
 - https://github.com/denoslab/ensf400-lab10-ssc
 - https://github.com/fokypoky/places-list
+- https://github.com/jtgorny/cve-scanning
+- https://github.com/mmbazm/secure_license_server
+- https://github.com/runlilong/tigergraph_openssl
 - https://github.com/seal-community/patches

--- a/2024/CVE-2024-0731.md
+++ b/2024/CVE-2024-0731.md
@@ -13,5 +13,5 @@ A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as probl
 - https://fitoxs.com/vuldb/01-PCMan%20v2.0.7-exploit.txt

 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/cnetsec/south-america-cve-hall

--- a/2024/CVE-2024-0732.md
+++ b/2024/CVE-2024-0732.md
@@ -13,5 +13,5 @@ A vulnerability was found in PCMan FTP Server 2.0.7 and classified as problemati
 - https://fitoxs.com/vuldb/02-PCMan%20v2.0.7-exploit.txt

 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/cnetsec/south-america-cve-hall

--- a/2024/CVE-2024-0736.md
+++ b/2024/CVE-2024-0736.md
@@ -13,5 +13,5 @@ A vulnerability classified as problematic has been found in EFS Easy File Sharin
 - https://0day.today/exploit/39249

 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/cnetsec/south-america-cve-hall

--- a/2024/CVE-2024-0737.md
+++ b/2024/CVE-2024-0737.md
@@ -13,5 +13,6 @@ A vulnerability classified as problematic was found in Xlightftpd Xlight FTP Ser
 - https://packetstormsecurity.com/files/176553/LightFTP-1.1-Denial-Of-Service.html

 #### Github
+- https://github.com/cnetsec/south-america-cve-hall
 - https://github.com/fkie-cad/nvd-json-data-feeds

--- a/2024/CVE-2024-0741.md
+++ b/2024/CVE-2024-0741.md
@@ -16,6 +16,7 @@ An out of bounds write in ANGLE could have allowed an attacker to corrupt memory
 - https://bugzilla.mozilla.org/show_bug.cgi?id=1864587

 #### Github
+- https://github.com/HyHy100/Firefox-ANGLE-CVE-2024-0741
 - https://github.com/fkie-cad/nvd-json-data-feeds
 - https://github.com/nomi-sec/PoC-in-GitHub

--- a/2024/CVE-2024-0744.md
+++ b/2024/CVE-2024-0744.md
@@ -13,6 +13,8 @@ In some circumstances, JIT compiled code could have dereferenced a wild pointer
 No PoCs from references.

 #### Github
+- https://github.com/5211-yx/javascript_fuzzer
+- https://github.com/TimerIzaya/izayailli
 - https://github.com/googleprojectzero/fuzzilli
 - https://github.com/zhangjiahui-buaa/MasterThesis

--- a/2024/CVE-2024-0748.md
+++ b/2024/CVE-2024-0748.md
@@ -0,0 +1,17 @@
+### [CVE-2024-0748](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0748)
+![](https://img.shields.io/static/v1?label=Product&message=Firefox&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%20122%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Compromised%20content%20process%20could%20modify%20document%20URI&color=brighgreen)
+
+### Description
+
+A compromised content process could have updated the document URI. This could have allowed an attacker to set an arbitrary URI in the address bar or history. This vulnerability affects Firefox < 122.
+
+### POC
+
+#### Reference
+- https://bugzilla.mozilla.org/show_bug.cgi?id=1783504
+
+#### Github
+No PoCs found on GitHub currently.
+
--- a/2024/CVE-2024-0760.md
+++ b/2024/CVE-2024-0760.md
@@ -0,0 +1,19 @@
+### [CVE-2024-0760](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0760)
+![](https://img.shields.io/static/v1?label=Product&message=BIND%209&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=9.18.1%3C%3D%209.18.27%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while the attack is in progress. The server may recover after the attack ceases. Use of ACLs will not mitigate the attack. This issue affects BIND 9 versions 9.18.1 through 9.18.27, 9.19.0 through 9.19.24, and 9.18.11-S1 through 9.18.27-S1.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/SpiralBL0CK/CVE-2024-0760
+- https://github.com/nomi-sec/PoC-in-GitHub
+- https://github.com/plzheheplztrying/cve_monitor
+
--- a/2024/CVE-2024-0762.md
+++ b/2024/CVE-2024-0762.md
@@ -0,0 +1,35 @@
+### [CVE-2024-0762](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0762)
+![](https://img.shields.io/static/v1?label=Product&message=SecureCore%E2%84%A2%20for%20Intel%20Alder%20Lake&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=SecureCore%E2%84%A2%20for%20Intel%20Coffee%20Lake&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=SecureCore%E2%84%A2%20for%20Intel%20Comet%20Lake&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=SecureCore%E2%84%A2%20for%20Intel%20Ice%20Lake&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=SecureCore%E2%84%A2%20for%20Intel%20Jasper%20Lake&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=SecureCore%E2%84%A2%20for%20Intel%20Kaby%20Lake&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=SecureCore%E2%84%A2%20for%20Intel%20Meteor%20Lake&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=SecureCore%E2%84%A2%20for%20Intel%20Raptor%20Lake&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=SecureCore%E2%84%A2%20for%20Intel%20Tiger%20Lake&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=4.0.1.1%3C%204.0.1.998%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Version&message=4.1.0.1%3C%204.1.0.562%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Version&message=4.2.0.1%3C%204.2.0.323%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Version&message=4.2.1.1%3C%204.2.1.287%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Version&message=4.3.0.1%3C%204.3.0.236%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Version&message=4.3.1.1%3C%204.3.1.184%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Version&message=4.4.0.1%3C%204.4.0.269%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Version&message=4.5.0.1%3C%204.5.0.218%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Version&message=4.5.1.1%3C%204.5.1.15%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for select Intel platformsThis issue affects:Phoenix SecureCore™ for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998;Phoenix SecureCore™ for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562;Phoenix SecureCore™ for Intel Ice Lake: from 4.2.0.1 before 4.2.0.323;Phoenix SecureCore™ for Intel Comet Lake: from 4.2.1.1 before 4.2.1.287;Phoenix SecureCore™ for Intel Tiger Lake: from 4.3.0.1 before 4.3.0.236;Phoenix SecureCore™ for Intel Jasper Lake: from 4.3.1.1 before 4.3.1.184;Phoenix SecureCore™ for Intel Alder Lake: from 4.4.0.1 before 4.4.0.269;Phoenix SecureCore™ for Intel Raptor Lake: from 4.5.0.1 before 4.5.0.218;Phoenix SecureCore™ for Intel Meteor Lake: from 4.5.1.1 before 4.5.1.15.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/abandon1337/CVE-2024-0762
+- https://github.com/nomi-sec/PoC-in-GitHub
+- https://github.com/tadash10/Detect-CVE-2024-0762
+
--- a/2024/CVE-2024-0763.md
+++ b/2024/CVE-2024-0763.md
@@ -13,5 +13,5 @@ Any user can delete an arbitrary folder (recursively) on a remote server due to
 - https://huntr.com/bounties/25a2f487-5a9c-4c7f-a2d3-b0527db73ea5

 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/raltheo/raltheo

--- a/2024/CVE-2024-0769.md
+++ b/2024/CVE-2024-0769.md
@@ -15,4 +15,5 @@

 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
+- https://github.com/packetinside/CISA_BOT

--- a/2024/CVE-2024-0771.md
+++ b/2024/CVE-2024-0771.md
@@ -0,0 +1,17 @@
+### [CVE-2024-0771](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0771)
+![](https://img.shields.io/static/v1?label=Product&message=Product%20Key%20Explorer&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%204.0.9%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-119%20Memory%20Corruption&color=brighgreen)
+
+### Description
+
+A vulnerability has been found in Nsasoft Product Key Explorer 4.0.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Registration Handler. The manipulation of the argument Name/Key leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251671. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/cnetsec/south-america-cve-hall
+
--- a/2024/CVE-2024-0772.md
+++ b/2024/CVE-2024-0772.md
@@ -13,5 +13,6 @@ A vulnerability was found in Nsasoft ShareAlarmPro 2.1.4 and classified as probl
 - https://youtu.be/WIeWeuXbkiY

 #### Github
+- https://github.com/cnetsec/south-america-cve-hall
 - https://github.com/fkie-cad/nvd-json-data-feeds

--- a/2024/CVE-2024-0774.md
+++ b/2024/CVE-2024-0774.md
@@ -13,5 +13,6 @@ A vulnerability was found in Any-Capture Any Sound Recorder 2.93. It has been de
 No PoCs from references.

 #### Github
+- https://github.com/cnetsec/south-america-cve-hall
 - https://github.com/fkie-cad/nvd-json-data-feeds

--- a/2024/CVE-2024-0783.md
+++ b/2024/CVE-2024-0783.md
@@ -16,4 +16,5 @@ A vulnerability was found in Project Worlds Online Admission System 1.0 and clas
 #### Github
 - https://github.com/keru6k/Online-Admission-System-RCE-PoC
 - https://github.com/nomi-sec/PoC-in-GitHub
+- https://github.com/pwnpwnpur1n/Online-Admission-System-RCE-PoC

--- a/2024/CVE-2024-0795.md
+++ b/2024/CVE-2024-0795.md
@@ -13,5 +13,5 @@ If an attacked was given access to an instance with the admin or manager role th
 - https://huntr.com/bounties/f69e3307-7b44-4776-ac60-2990990723ec

 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/raltheo/raltheo

--- a/2024/CVE-2024-0815.md
+++ b/2024/CVE-2024-0815.md
@@ -14,4 +14,5 @@ Command injection in paddle.utils.download._wget_download (bypass filter) in pad

 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
+- https://github.com/kagesensei/SimpleSpacy

--- a/Show More
+++ b/Show More