diff --git a/2006/CVE-2006-4660.md b/2006/CVE-2006-4660.md new file mode 100644 index 0000000000..5838d67b89 --- /dev/null +++ b/2006/CVE-2006-4660.md @@ -0,0 +1,17 @@ +### [CVE-2006-4660](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4660) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Multiple cross-site scripting (XSS) vulnerabilities in the RSS Feed module in AOL ICQ Toolbar 1.3 for Internet Explorer (toolbaru.dll) allow remote attackers to process arbitrary web script or HTML in the Feeds interface context via the (1) title and (2) description elements within an item element in an RSS feed. + +### POC + +#### Reference +- http://securityreason.com/securityalert/1523 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-4661.md b/2006/CVE-2006-4661.md new file mode 100644 index 0000000000..4a3bfaa350 --- /dev/null +++ b/2006/CVE-2006-4661.md @@ -0,0 +1,17 @@ +### [CVE-2006-4661](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4661) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +AOL ICQ Toolbar 1.3 for Internet Explorer (toolbaru.dll) does not properly validate the origin of the configuration web page (options2.html), which allows user-assisted remote attackers to provide a web page that contains disguised checkboxes that trick the user into reconfiguring the toolbar. + +### POC + +#### Reference +- http://securityreason.com/securityalert/1523 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-5051.md b/2006/CVE-2006-5051.md index a6705b77a1..87ae5e7973 100644 --- a/2006/CVE-2006-5051.md +++ b/2006/CVE-2006-5051.md @@ -18,11 +18,13 @@ Signal handler race condition in OpenSSH before 4.4 allows remote attackers to c - https://github.com/Passyed/regreSSHion-Fix - https://github.com/TAM-K592/CVE-2024-6387 - https://github.com/ThemeHackers/CVE-2024-6387 +- https://github.com/almogopp/OpenSSH-CVE-2024-6387-Fix - https://github.com/azurejoga/CVE-2024-6387-how-to-fix - https://github.com/bigb0x/CVE-2024-6387 - https://github.com/giterlizzi/secdb-feeds - https://github.com/invaderslabs/regreSSHion-CVE-2024-6387- - https://github.com/kalvin-net/NoLimit-Secu-RegreSSHion - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/s1d6point7bugcrowd/CVE-2024-6387-Race-Condition-in-Signal-Handling-for-OpenSSH - https://github.com/sardine-web/CVE-2024-6387_Check diff --git a/2008/CVE-2008-4109.md b/2008/CVE-2008-4109.md index 8c559e5584..4a5171a831 100644 --- a/2008/CVE-2008-4109.md +++ b/2008/CVE-2008-4109.md @@ -17,8 +17,10 @@ A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 o - https://github.com/David-M-Berry/openssh-cve-discovery - https://github.com/Passyed/regreSSHion-Fix - https://github.com/TAM-K592/CVE-2024-6387 +- https://github.com/almogopp/OpenSSH-CVE-2024-6387-Fix - https://github.com/azurejoga/CVE-2024-6387-how-to-fix - https://github.com/bigb0x/CVE-2024-6387 - https://github.com/invaderslabs/regreSSHion-CVE-2024-6387- - https://github.com/kalvin-net/NoLimit-Secu-RegreSSHion +- https://github.com/s1d6point7bugcrowd/CVE-2024-6387-Race-Condition-in-Signal-Handling-for-OpenSSH diff --git a/2010/CVE-2010-2075.md b/2010/CVE-2010-2075.md index 6daeae166e..843acf3de0 100644 --- a/2010/CVE-2010-2075.md +++ b/2010/CVE-2010-2075.md @@ -22,6 +22,7 @@ No PoCs from references. - https://github.com/Glumgam/UnrealiRCd-3.2.8.1-exploit-python - https://github.com/JoseLRC97/UnrealIRCd-3.2.8.1-Backdoor-Command-Execution - https://github.com/MFernstrom/OffensivePascal-CVE-2010-2075 +- https://github.com/Mr-Tree-S/POC_EXP - https://github.com/Okarn/TP_securite_EDOU_JACQUEMONT - https://github.com/Patrick122333/4240project - https://github.com/Sh4dowX404/UnrealIRCD-3.2.8.1-Backdoor diff --git a/2013/CVE-2013-0156.md b/2013/CVE-2013-0156.md index 664918f880..ff26bb5de0 100644 --- a/2013/CVE-2013-0156.md +++ b/2013/CVE-2013-0156.md @@ -34,6 +34,7 @@ active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0. - https://github.com/hktalent/TOP - https://github.com/jbmihoub/all-poc - https://github.com/josal/crack-0.1.8-fixed +- https://github.com/localeapp/localeapp - https://github.com/mengdaya/Web-CTF-Cheatsheet - https://github.com/michenriksen/nmap-scripts - https://github.com/mitaku/rails_cve_2013_0156_patch diff --git a/2019/CVE-2019-11080.md b/2019/CVE-2019-11080.md index e20291ac63..ebc0b89848 100644 --- a/2019/CVE-2019-11080.md +++ b/2019/CVE-2019-11080.md @@ -11,6 +11,7 @@ Sitecore Experience Platform (XP) prior to 9.1.1 is vulnerable to remote code ex #### Reference - http://packetstormsecurity.com/files/153274/Sitecore-8.x-Deserialization-Remote-Code-Execution.html +- https://dev.sitecore.net/Downloads/Sitecore%20Experience%20Platform/91/Sitecore%20Experience%20Platform%2091%20Update1/Release%20Notes #### Github No PoCs found on GitHub currently. diff --git a/2019/CVE-2019-11358.md b/2019/CVE-2019-11358.md index 131de06fea..256eaa5d8b 100644 --- a/2019/CVE-2019-11358.md +++ b/2019/CVE-2019-11358.md @@ -1848,6 +1848,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan - https://github.com/QuantumRoboticsFTC/freightfrenzy-app - https://github.com/QuantumRoboticsFTC/powerplay-app - https://github.com/QuantumRoboticsFTC/ultimategoal-app +- https://github.com/R-Tacoz/FTC14607_23-24RC - https://github.com/R3Vipers/test - https://github.com/RCGV1/testingFTC - https://github.com/RDasari7304/PurePursuitController diff --git a/2022/CVE-2022-3997.md b/2022/CVE-2022-3997.md new file mode 100644 index 0000000000..0e99c7109a --- /dev/null +++ b/2022/CVE-2022-3997.md @@ -0,0 +1,17 @@ +### [CVE-2022-3997](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3997) +![](https://img.shields.io/static/v1?label=Product&message=scm&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-707%20Improper%20Neutralization%20-%3E%20CWE-74%20Injection%20-%3E%20CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, has been found in MonikaBrzica scm. Affected by this issue is some unknown functionality of the file upis_u_bazu.php. The manipulation of the argument email/lozinka/ime/id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-213698 is the identifier assigned to this vulnerability. + +### POC + +#### Reference +- https://vuldb.com/?id.213698 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2022/CVE-2022-48020.md b/2022/CVE-2022-48020.md new file mode 100644 index 0000000000..8c9635d072 --- /dev/null +++ b/2022/CVE-2022-48020.md @@ -0,0 +1,17 @@ +### [CVE-2022-48020](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48020) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Vinteo VCC v2.36.4 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the conference parameter. This vulnerability allows attackers to inject arbitrary code which will be executed by the victim user's browser. + +### POC + +#### Reference +- https://www.linkedin.com/in/dmitry-kiryukhin-b5741421b/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2022/CVE-2022-4891.md b/2022/CVE-2022-4891.md index 543208c267..0b4ccee31b 100644 --- a/2022/CVE-2022-4891.md +++ b/2022/CVE-2022-4891.md @@ -13,5 +13,5 @@ A vulnerability has been found in Sisimai up to 4.25.14p11 and classified as pro - https://vuldb.com/?id.218452 #### Github -No PoCs found on GitHub currently. +- https://github.com/sisimai/rb-sisimai diff --git a/2023/CVE-2023-2290.md b/2023/CVE-2023-2290.md new file mode 100644 index 0000000000..1a63b2833b --- /dev/null +++ b/2023/CVE-2023-2290.md @@ -0,0 +1,17 @@ +### [CVE-2023-2290](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2290) +![](https://img.shields.io/static/v1?label=Product&message=ThinkPad%20&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20various%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-119%20Improper%20Restriction%20of%20Operations%20within%20the%20Bounds%20of%20a%20Memory%20Buffer&color=brighgreen) + +### Description + +A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute arbitrary code. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/tadghh/Dell-unlock-undervolting + diff --git a/2023/CVE-2023-29384.md b/2023/CVE-2023-29384.md new file mode 100644 index 0000000000..a4098ad638 --- /dev/null +++ b/2023/CVE-2023-29384.md @@ -0,0 +1,17 @@ +### [CVE-2023-29384](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29384) +![](https://img.shields.io/static/v1?label=Product&message=WordPress%20Job%20Board%20and%20Recruitment%20Plugin%20%E2%80%93%20JobWP&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload%20of%20File%20with%20Dangerous%20Type&color=brighgreen) + +### Description + +Unrestricted Upload of File with Dangerous Type vulnerability in HM Plugin WordPress Job Board and Recruitment Plugin – JobWP.This issue affects WordPress Job Board and Recruitment Plugin – JobWP: from n/a through 2.0. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2023/CVE-2023-4542.md b/2023/CVE-2023-4542.md index 8347ec2ff3..859de0b0eb 100644 --- a/2023/CVE-2023-4542.md +++ b/2023/CVE-2023-4542.md @@ -14,6 +14,7 @@ A vulnerability was found in D-Link DAR-8000-10 up to 20230809. It has been clas #### Github - https://github.com/20142995/sectool +- https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/tanjiti/sec_profile - https://github.com/wjlin0/poc-doc - https://github.com/wy876/POC diff --git a/2023/CVE-2023-4590.md b/2023/CVE-2023-4590.md new file mode 100644 index 0000000000..783a18fc41 --- /dev/null +++ b/2023/CVE-2023-4590.md @@ -0,0 +1,17 @@ +### [CVE-2023-4590](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4590) +![](https://img.shields.io/static/v1?label=Product&message=Frhed%20&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.6.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-120%20Buffer%20Copy%20without%20Checking%20Size%20of%20Input%20('Classic%20Buffer%20Overflow')&color=brighgreen) + +### Description + +Buffer overflow vulnerability in Frhed hex editor, affecting version 1.6.0. This vulnerability could allow an attacker to execute arbitrary code via a long filename argument through the Structured Exception Handler (SEH) registers. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2023/CVE-2023-48251.md b/2023/CVE-2023-48251.md new file mode 100644 index 0000000000..06a0173147 --- /dev/null +++ b/2023/CVE-2023-48251.md @@ -0,0 +1,36 @@ +### [CVE-2023-48251](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48251) +![](https://img.shields.io/static/v1?label=Product&message=Nexo%20cordless%20nutrunner%20NXA011S-36V%20(0608842011)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Nexo%20cordless%20nutrunner%20NXA011S-36V-B%20(0608842012)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Nexo%20cordless%20nutrunner%20NXA015S-36V%20(0608842001)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Nexo%20cordless%20nutrunner%20NXA015S-36V-B%20(0608842006)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Nexo%20cordless%20nutrunner%20NXA030S-36V%20(0608842002)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Nexo%20cordless%20nutrunner%20NXA030S-36V-B%20(0608842007)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Nexo%20cordless%20nutrunner%20NXA050S-36V%20(0608842003)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Nexo%20cordless%20nutrunner%20NXA050S-36V-B%20(0608842008)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Nexo%20cordless%20nutrunner%20NXA065S-36V%20(0608842013)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Nexo%20cordless%20nutrunner%20NXA065S-36V-B%20(0608842014)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Nexo%20cordless%20nutrunner%20NXP012QD-36V%20(0608842005)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Nexo%20cordless%20nutrunner%20NXP012QD-36V-B%20(0608842010)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Nexo%20cordless%20nutrunner%20NXV012T-36V%20(0608842015)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Nexo%20cordless%20nutrunner%20NXV012T-36V-B%20(0608842016)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Nexo%20special%20cordless%20nutrunner%20(0608PE2272)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Nexo%20special%20cordless%20nutrunner%20(0608PE2301)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Nexo%20special%20cordless%20nutrunner%20(0608PE2514)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Nexo%20special%20cordless%20nutrunner%20(0608PE2515)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Nexo%20special%20cordless%20nutrunner%20(0608PE2666)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Nexo%20special%20cordless%20nutrunner%20(0608PE2673)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=NEXO-OS%20V1000-Release%3C%3D%20NEXO-OS%20V1500-SP2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-798%20Use%20of%20Hard-coded%20Credentials&color=brighgreen) + +### Description + +The vulnerability allows a remote attacker to authenticate to the SSH service with root privileges through a hidden hard-coded account. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/oxagast/oxasploits + diff --git a/2023/CVE-2023-50100.md b/2023/CVE-2023-50100.md new file mode 100644 index 0000000000..1f1993047c --- /dev/null +++ b/2023/CVE-2023-50100.md @@ -0,0 +1,17 @@ +### [CVE-2023-50100](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50100) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via carousel image editing. + +### POC + +#### Reference +- https://github.com/Jarvis-616/cms/blob/master/There%20is%20a%20storage%20type%20XSS%20for%20carousel%20image%20editing.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-5029.md b/2023/CVE-2023-5029.md new file mode 100644 index 0000000000..30f10d4103 --- /dev/null +++ b/2023/CVE-2023-5029.md @@ -0,0 +1,17 @@ +### [CVE-2023-5029](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5029) +![](https://img.shields.io/static/v1?label=Product&message=mccms&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%202.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, was found in mccms 2.6. This affects an unknown part of the file /category/order/hits/copyright/46/finish/1/list/1. The manipulation with the input '"1 leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239871. + +### POC + +#### Reference +- https://vuldb.com/?id.239871 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-5587.md b/2023/CVE-2023-5587.md new file mode 100644 index 0000000000..f9af1bc537 --- /dev/null +++ b/2023/CVE-2023-5587.md @@ -0,0 +1,17 @@ +### [CVE-2023-5587](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5587) +![](https://img.shields.io/static/v1?label=Product&message=Free%20Hospital%20Management%20System%20for%20Small%20Practices&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in SourceCodester Free Hospital Management System for Small Practices 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /vm/admin/doctors.php of the component Parameter Handler. The manipulation of the argument search leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-242186 is the identifier assigned to this vulnerability. + +### POC + +#### Reference +- https://vuldb.com/?id.242186 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-5681.md b/2023/CVE-2023-5681.md index aca6bd3e4b..1bcd0a50e1 100644 --- a/2023/CVE-2023-5681.md +++ b/2023/CVE-2023-5681.md @@ -11,6 +11,7 @@ A vulnerability, which was classified as critical, was found in Netentsec NS-ASG #### Reference - https://github.com/Wsecpro/cve1/blob/main/NS-ASG-sql-list_addr_fwresource_ip.md +- https://vuldb.com/?id.243057 #### Github No PoCs found on GitHub currently. diff --git a/2023/CVE-2023-5919.md b/2023/CVE-2023-5919.md new file mode 100644 index 0000000000..374551a2ba --- /dev/null +++ b/2023/CVE-2023-5919.md @@ -0,0 +1,17 @@ +### [CVE-2023-5919](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5919) +![](https://img.shields.io/static/v1?label=Product&message=Company%20Website%20CMS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload&color=brighgreen) + +### Description + +A vulnerability was found in SourceCodester Company Website CMS 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /dashboard/createblog of the component Create Blog Page. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-244310 is the identifier assigned to this vulnerability. + +### POC + +#### Reference +- https://vuldb.com/?id.244310 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-20746.md b/2024/CVE-2024-20746.md index 5ee13bd147..d025cc40f3 100644 --- a/2024/CVE-2024-20746.md +++ b/2024/CVE-2024-20746.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/NaInSec/CVE-LIST - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-22526.md b/2024/CVE-2024-22526.md index 5fb4451e97..4f8e227d2d 100644 --- a/2024/CVE-2024-22526.md +++ b/2024/CVE-2024-22526.md @@ -13,5 +13,5 @@ Buffer Overflow vulnerability in bandisoft bandiview v7.0, allows local attacker - https://gist.github.com/GAP-dev/c33276a151c824300d68aecc317082a3 #### Github -No PoCs found on GitHub currently. +- https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-23339.md b/2024/CVE-2024-23339.md index 232f497a93..355de18bd9 100644 --- a/2024/CVE-2024-23339.md +++ b/2024/CVE-2024-23339.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/d3ng03/PP-Auto-Detector +- https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-25582.md b/2024/CVE-2024-25582.md new file mode 100644 index 0000000000..df302f5a9e --- /dev/null +++ b/2024/CVE-2024-25582.md @@ -0,0 +1,17 @@ +### [CVE-2024-25582](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25582) +![](https://img.shields.io/static/v1?label=Product&message=OX%20App%20Suite&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%207.10.6-rev42%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +Module savepoints could be abused to inject references to malicious code delivered through the same domain. Attackers could perform malicious API requests or extract information from the users account. Exploiting this vulnerability requires temporary access to an account or successful social engineering to make a user follow a prepared link to a malicious account. Please deploy the provided updates and patch releases. The savepoint module path has been restricted to modules that provide the feature, excluding any arbitrary or non-existing modules. No publicly available exploits are known. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-26585.md b/2024/CVE-2024-26585.md index 54111268cc..737282ede9 100644 --- a/2024/CVE-2024-26585.md +++ b/2024/CVE-2024-26585.md @@ -1,6 +1,6 @@ ### [CVE-2024-26585](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26585) ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=a42055e8d2c3%3C%20196f198ca6fc%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=a42055e8d2c3%3C%20dd32621f1924%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description diff --git a/2024/CVE-2024-27088.md b/2024/CVE-2024-27088.md index 6ceec629ca..27f1bbb0b5 100644 --- a/2024/CVE-2024-27088.md +++ b/2024/CVE-2024-27088.md @@ -15,4 +15,5 @@ es5-ext contains ECMAScript 5 extensions. Passing functions with very long names #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-27609.md b/2024/CVE-2024-27609.md new file mode 100644 index 0000000000..81e88649f6 --- /dev/null +++ b/2024/CVE-2024-27609.md @@ -0,0 +1,17 @@ +### [CVE-2024-27609](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27609) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Bonita before 2023.2-u2 allows stored XSS via a UI screen in the administration panel. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/mohammedatary/mohammedatary + diff --git a/2024/CVE-2024-28087.md b/2024/CVE-2024-28087.md index d7d62e7638..299477848c 100644 --- a/2024/CVE-2024-28087.md +++ b/2024/CVE-2024-28087.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/mohammedatary/mohammedatary diff --git a/2024/CVE-2024-3000.md b/2024/CVE-2024-3000.md index f724c46f7e..6dae56b5b9 100644 --- a/2024/CVE-2024-3000.md +++ b/2024/CVE-2024-3000.md @@ -12,6 +12,7 @@ A vulnerability classified as critical was found in code-projects Online Book Sy #### Reference - https://github.com/BurakSevben/CVEs/blob/main/Online%20Book%20System/Online%20Book%20System%20-%20Authentication%20Bypass.md - https://vuldb.com/?id.258202 +- https://vuldb.com/?submit.305052 #### Github - https://github.com/FoxyProxys/CVE-2024-3000 diff --git a/2024/CVE-2024-33644.md b/2024/CVE-2024-33644.md new file mode 100644 index 0000000000..9083aaeaca --- /dev/null +++ b/2024/CVE-2024-33644.md @@ -0,0 +1,17 @@ +### [CVE-2024-33644](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33644) +![](https://img.shields.io/static/v1?label=Product&message=Customify%20Site%20Library&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%200.0.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%20Improper%20Control%20of%20Generation%20of%20Code%20('Code%20Injection')&color=brighgreen) + +### Description + +Improper Control of Generation of Code ('Code Injection') vulnerability in WPCustomify Customify Site Library allows Code Injection.This issue affects Customify Site Library: from n/a through 0.0.9. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-36111.md b/2024/CVE-2024-36111.md index 51c11136a5..113d9093c9 100644 --- a/2024/CVE-2024-36111.md +++ b/2024/CVE-2024-36111.md @@ -15,4 +15,5 @@ KubePi is a K8s panel. Starting in version 1.6.3 and prior to version 1.8.0, the #### Github - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/wy876/POC +- https://github.com/wy876/wiki diff --git a/2024/CVE-2024-38189.md b/2024/CVE-2024-38189.md index 39207182ae..d0bf7a36e9 100644 --- a/2024/CVE-2024-38189.md +++ b/2024/CVE-2024-38189.md @@ -19,4 +19,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-38856.md b/2024/CVE-2024-38856.md index 55f297b103..0203916410 100644 --- a/2024/CVE-2024-38856.md +++ b/2024/CVE-2024-38856.md @@ -22,4 +22,5 @@ No PoCs from references. - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/tanjiti/sec_profile - https://github.com/wy876/POC +- https://github.com/wy876/wiki diff --git a/2024/CVE-2024-39472.md b/2024/CVE-2024-39472.md index 14661bc8ed..e9056ca2fe 100644 --- a/2024/CVE-2024-39472.md +++ b/2024/CVE-2024-39472.md @@ -1,6 +1,6 @@ ### [CVE-2024-39472](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472) ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=0c771b99d6c9%3C%2057835c0e7152%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0c771b99d6c9%3C%20f754591b17d0%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description diff --git a/2024/CVE-2024-41042.md b/2024/CVE-2024-41042.md index 67ecf11f34..e5d234675d 100644 --- a/2024/CVE-2024-41042.md +++ b/2024/CVE-2024-41042.md @@ -1,6 +1,6 @@ ### [CVE-2024-41042](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41042) ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=20a69341f2d0%3C%20b6b6e430470e%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=20a69341f2d0%3C%201947e4c3346f%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description diff --git a/2024/CVE-2024-41468.md b/2024/CVE-2024-41468.md index 68f3fd7435..f410f8dba3 100644 --- a/2024/CVE-2024-41468.md +++ b/2024/CVE-2024-41468.md @@ -15,4 +15,5 @@ Tenda FH1201 v1.2.0.14 was discovered to contain a command injection vulnerabili #### Github - https://github.com/ibaiw/2024Hvv - https://github.com/wy876/POC +- https://github.com/wy876/wiki diff --git a/2024/CVE-2024-41473.md b/2024/CVE-2024-41473.md index 68618067f1..dc67e7da35 100644 --- a/2024/CVE-2024-41473.md +++ b/2024/CVE-2024-41473.md @@ -15,4 +15,5 @@ Tenda FH1201 v1.2.0.14 was discovered to contain a command injection vulnerabili #### Github - https://github.com/ibaiw/2024Hvv - https://github.com/wy876/POC +- https://github.com/wy876/wiki diff --git a/2024/CVE-2024-42259.md b/2024/CVE-2024-42259.md index 8b424ca71a..aa41014003 100644 --- a/2024/CVE-2024-42259.md +++ b/2024/CVE-2024-42259.md @@ -1,6 +1,6 @@ ### [CVE-2024-42259](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42259) ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=c58305af1835%3C%204b09513ce93b%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=c58305af1835%3C%203e06073d2480%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description diff --git a/2024/CVE-2024-42299.md b/2024/CVE-2024-42299.md index a72cb5a35e..5c41876063 100644 --- a/2024/CVE-2024-42299.md +++ b/2024/CVE-2024-42299.md @@ -1,6 +1,6 @@ ### [CVE-2024-42299](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42299) ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=b46acd6a6a62%3C%20b90ceffdc975%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=b46acd6a6a62%3C%200484adcb5fbc%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description diff --git a/2024/CVE-2024-42301.md b/2024/CVE-2024-42301.md index 929eefcf50..a7c2f9c565 100644 --- a/2024/CVE-2024-42301.md +++ b/2024/CVE-2024-42301.md @@ -1,6 +1,6 @@ ### [CVE-2024-42301](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42301) ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f4%3C%207f4da759092a%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f4%3C%20166a0bddcc27%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description diff --git a/2024/CVE-2024-42302.md b/2024/CVE-2024-42302.md index 4fa06008bd..0b47e020bf 100644 --- a/2024/CVE-2024-42302.md +++ b/2024/CVE-2024-42302.md @@ -1,6 +1,6 @@ ### [CVE-2024-42302](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42302) ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=189f856e76f5%3C%20f63df70b439b%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=d0292124bb57%3C%20c52f9e1a9eb4%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description diff --git a/2024/CVE-2024-42304.md b/2024/CVE-2024-42304.md index 17f20baa4b..df7e1791b6 100644 --- a/2024/CVE-2024-42304.md +++ b/2024/CVE-2024-42304.md @@ -1,6 +1,6 @@ ### [CVE-2024-42304](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42304) ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=4e19d6b65fb4%3C%20b609753cbbd3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=3a17ca864baf%3C%20d81d7e347d1f%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description diff --git a/2024/CVE-2024-42305.md b/2024/CVE-2024-42305.md index a18b822673..2b69cf6102 100644 --- a/2024/CVE-2024-42305.md +++ b/2024/CVE-2024-42305.md @@ -1,6 +1,6 @@ ### [CVE-2024-42305](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42305) ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=ac27a0ec112a%3C%20abb411ac9918%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=ac27a0ec112a%3C%20b80575ffa98b%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description diff --git a/2024/CVE-2024-42306.md b/2024/CVE-2024-42306.md index 49e2c1f180..e86786f5f9 100644 --- a/2024/CVE-2024-42306.md +++ b/2024/CVE-2024-42306.md @@ -1,6 +1,6 @@ ### [CVE-2024-42306](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42306) ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=6ac8f2c8362a%3C%20271cab2ca006%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=7648ea9896b3%3C%20cae9e59cc416%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description diff --git a/2024/CVE-2024-42308.md b/2024/CVE-2024-42308.md index 3c3b1ecaed..20d0c3c4ee 100644 --- a/2024/CVE-2024-42308.md +++ b/2024/CVE-2024-42308.md @@ -1,6 +1,6 @@ ### [CVE-2024-42308](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42308) ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f4%3C%20f068494430d1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f4%3C%2071dbf9535934%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description diff --git a/2024/CVE-2024-42309.md b/2024/CVE-2024-42309.md index 61030aeb56..d4166ff4e3 100644 --- a/2024/CVE-2024-42309.md +++ b/2024/CVE-2024-42309.md @@ -1,6 +1,6 @@ ### [CVE-2024-42309](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42309) ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=89c78134cc54%3C%20f70ffeca5464%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=89c78134cc54%3C%2013b5f3ee94bd%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description diff --git a/2024/CVE-2024-42310.md b/2024/CVE-2024-42310.md index 8c62bc745e..4645f7746e 100644 --- a/2024/CVE-2024-42310.md +++ b/2024/CVE-2024-42310.md @@ -1,6 +1,6 @@ ### [CVE-2024-42310](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42310) ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=6a227d5fd6c4%3C%20e74eb5e80894%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6a227d5fd6c4%3C%20f392c36cebf4%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description diff --git a/2024/CVE-2024-42311.md b/2024/CVE-2024-42311.md index a9a4f81f15..5f60c21355 100644 --- a/2024/CVE-2024-42311.md +++ b/2024/CVE-2024-42311.md @@ -1,6 +1,6 @@ ### [CVE-2024-42311](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42311) ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f4%3C%2058d83fc16050%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f4%3C%20f7316b2b2f11%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description diff --git a/2024/CVE-2024-42312.md b/2024/CVE-2024-42312.md index 3ad8f7161c..c7b5ef20ee 100644 --- a/2024/CVE-2024-42312.md +++ b/2024/CVE-2024-42312.md @@ -1,6 +1,6 @@ ### [CVE-2024-42312](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42312) ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=5ec27ec735ba%3C%201deae34db9f4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=5ec27ec735ba%3C%20b2591c89a6e2%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description diff --git a/2024/CVE-2024-42313.md b/2024/CVE-2024-42313.md index 3629ed9d76..ef891bfe9e 100644 --- a/2024/CVE-2024-42313.md +++ b/2024/CVE-2024-42313.md @@ -1,6 +1,6 @@ ### [CVE-2024-42313](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42313) ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=af2c3834c8ca%3C%20da55685247f4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=af2c3834c8ca%3C%20ad8cf035baf2%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description diff --git a/2024/CVE-2024-42318.md b/2024/CVE-2024-42318.md index c4aa661540..e570084d79 100644 --- a/2024/CVE-2024-42318.md +++ b/2024/CVE-2024-42318.md @@ -1,6 +1,6 @@ ### [CVE-2024-42318](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42318) ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=385975dca53e%3C%200d74fd54db0b%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=385975dca53e%3C%20916c648323fa%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description diff --git a/2024/CVE-2024-42675.md b/2024/CVE-2024-42675.md new file mode 100644 index 0000000000..d3c3eafd77 --- /dev/null +++ b/2024/CVE-2024-42675.md @@ -0,0 +1,17 @@ +### [CVE-2024-42675](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42675) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue) + +### Description + +** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43145.md b/2024/CVE-2024-43145.md new file mode 100644 index 0000000000..7319bbf064 --- /dev/null +++ b/2024/CVE-2024-43145.md @@ -0,0 +1,17 @@ +### [CVE-2024-43145](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43145) +![](https://img.shields.io/static/v1?label=Product&message=GeoDirectory&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AyeCode Ltd GeoDirectory.This issue affects GeoDirectory: from n/a through 2.3.61. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43207.md b/2024/CVE-2024-43207.md new file mode 100644 index 0000000000..e1a79343de --- /dev/null +++ b/2024/CVE-2024-43207.md @@ -0,0 +1,17 @@ +### [CVE-2024-43207](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43207) +![](https://img.shields.io/static/v1?label=Product&message=Unite%20Gallery%20Lite&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.7.62%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Valiano Unite Gallery Lite.This issue affects Unite Gallery Lite: from n/a through 1.7.62. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43238.md b/2024/CVE-2024-43238.md new file mode 100644 index 0000000000..235758e71e --- /dev/null +++ b/2024/CVE-2024-43238.md @@ -0,0 +1,17 @@ +### [CVE-2024-43238](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43238) +![](https://img.shields.io/static/v1?label=Product&message=weMail&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in weDevs weMail allows Reflected XSS.This issue affects weMail: from n/a through 1.14.5. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43276.md b/2024/CVE-2024-43276.md new file mode 100644 index 0000000000..edb9c6e89b --- /dev/null +++ b/2024/CVE-2024-43276.md @@ -0,0 +1,17 @@ +### [CVE-2024-43276](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43276) +![](https://img.shields.io/static/v1?label=Product&message=Child%20Theme%20Creator&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Svetoslav Marinov (Slavi) Child Theme Creator allows Reflected XSS.This issue affects Child Theme Creator: from n/a through 1.5.4. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43291.md b/2024/CVE-2024-43291.md new file mode 100644 index 0000000000..15fcd2bc57 --- /dev/null +++ b/2024/CVE-2024-43291.md @@ -0,0 +1,17 @@ +### [CVE-2024-43291](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43291) +![](https://img.shields.io/static/v1?label=Product&message=Void%20Contact%20Form%207%20Widget%20For%20Elementor%20Page%20Builder&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in voidCoders Void Contact Form 7 Widget For Elementor Page Builder allows Stored XSS.This issue affects Void Contact Form 7 Widget For Elementor Page Builder: from n/a through 2.4.1. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43294.md b/2024/CVE-2024-43294.md new file mode 100644 index 0000000000..7fd9c714e7 --- /dev/null +++ b/2024/CVE-2024-43294.md @@ -0,0 +1,17 @@ +### [CVE-2024-43294](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43294) +![](https://img.shields.io/static/v1?label=Product&message=Bold%20Timeline%20Lite&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BoldThemes Bold Timeline Lite allows Stored XSS.This issue affects Bold Timeline Lite: from n/a through 1.2.0. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43304.md b/2024/CVE-2024-43304.md new file mode 100644 index 0000000000..5ebf095543 --- /dev/null +++ b/2024/CVE-2024-43304.md @@ -0,0 +1,17 @@ +### [CVE-2024-43304](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43304) +![](https://img.shields.io/static/v1?label=Product&message=Cryptocurrency%20Widgets%20%E2%80%93%20Price%20Ticker%20%26%20Coins%20List&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Cool Plugins Cryptocurrency Widgets – Price Ticker & Coins List allows Reflected XSS.This issue affects Cryptocurrency Widgets – Price Ticker & Coins List: from n/a through 2.8.0. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43305.md b/2024/CVE-2024-43305.md new file mode 100644 index 0000000000..d87ae538ff --- /dev/null +++ b/2024/CVE-2024-43305.md @@ -0,0 +1,18 @@ +### [CVE-2024-43305](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43305) +![](https://img.shields.io/static/v1?label=Product&message=Custom%20Layouts%20%E2%80%93%20Post%20%2B%20Product%20grids%20made%20easy&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Code Amp Custom Layouts – Post + Product grids made easy allows Stored XSS.This issue affects Custom Layouts – Post + Product grids made easy: from n/a through 1.4.11. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43306.md b/2024/CVE-2024-43306.md new file mode 100644 index 0000000000..7bdbf11061 --- /dev/null +++ b/2024/CVE-2024-43306.md @@ -0,0 +1,17 @@ +### [CVE-2024-43306](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43306) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP-Lister Lite for eBay allows Reflected XSS.This issue affects WP-Lister Lite for eBay: from n/a through 3.6.0. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43307.md b/2024/CVE-2024-43307.md new file mode 100644 index 0000000000..970c41b9bc --- /dev/null +++ b/2024/CVE-2024-43307.md @@ -0,0 +1,17 @@ +### [CVE-2024-43307](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43307) +![](https://img.shields.io/static/v1?label=Product&message=Structured%20Content&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gordon Böhme, Antonio Leutsch Structured Content allows Stored XSS.This issue affects Structured Content: from n/a through 1.6.2. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43308.md b/2024/CVE-2024-43308.md new file mode 100644 index 0000000000..aeaaa4dbd6 --- /dev/null +++ b/2024/CVE-2024-43308.md @@ -0,0 +1,17 @@ +### [CVE-2024-43308](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43308) +![](https://img.shields.io/static/v1?label=Product&message=Gutentor%20-%20Gutenberg%20Blocks%20-%20Page%20Builder%20for%20Gutenberg%20Editor&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gutentor Gutentor - Gutenberg Blocks - Page Builder for Gutenberg Editor allows Stored XSS.This issue affects Gutentor - Gutenberg Blocks - Page Builder for Gutenberg Editor: from n/a through 3.3.5. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43309.md b/2024/CVE-2024-43309.md new file mode 100644 index 0000000000..279c4c752d --- /dev/null +++ b/2024/CVE-2024-43309.md @@ -0,0 +1,17 @@ +### [CVE-2024-43309](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43309) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Telegram%20Widget%20and%20Join%20Link&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Socio WP Telegram Widget and Join Link allows Stored XSS.This issue affects WP Telegram Widget and Join Link: from n/a through 2.1.27. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43313.md b/2024/CVE-2024-43313.md new file mode 100644 index 0000000000..e979e6c086 --- /dev/null +++ b/2024/CVE-2024-43313.md @@ -0,0 +1,17 @@ +### [CVE-2024-43313](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43313) +![](https://img.shields.io/static/v1?label=Product&message=FormFacade&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in FormFacade allows Reflected XSS.This issue affects FormFacade: from n/a through 1.3.2. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43315.md b/2024/CVE-2024-43315.md new file mode 100644 index 0000000000..36374bd4f7 --- /dev/null +++ b/2024/CVE-2024-43315.md @@ -0,0 +1,17 @@ +### [CVE-2024-43315](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43315) +![](https://img.shields.io/static/v1?label=Product&message=Stripe%20Payments%20For%20WooCommerce%20by%20Checkout&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-639%20Authorization%20Bypass%20Through%20User-Controlled%20Key&color=brighgreen) + +### Description + +Authorization Bypass Through User-Controlled Key vulnerability in Checkout Plugins Stripe Payments For WooCommerce by Checkout.This issue affects Stripe Payments For WooCommerce by Checkout: from n/a through 1.9.1. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43318.md b/2024/CVE-2024-43318.md new file mode 100644 index 0000000000..de42bc3b74 --- /dev/null +++ b/2024/CVE-2024-43318.md @@ -0,0 +1,17 @@ +### [CVE-2024-43318](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43318) +![](https://img.shields.io/static/v1?label=Product&message=e2pdf&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in E2Pdf.Com allows Stored XSS.This issue affects e2pdf: from n/a through 1.25.05. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43320.md b/2024/CVE-2024-43320.md new file mode 100644 index 0000000000..0aa2bf5c18 --- /dev/null +++ b/2024/CVE-2024-43320.md @@ -0,0 +1,18 @@ +### [CVE-2024-43320](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43320) +![](https://img.shields.io/static/v1?label=Product&message=Livemesh%20Addons%20for%20WPBakery%20Page%20Builder&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Livemesh Livemesh Addons for WPBakery Page Builder addons-for-visual-composer allows Stored XSS.This issue affects Livemesh Addons for WPBakery Page Builder: from n/a through 3.9. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43321.md b/2024/CVE-2024-43321.md new file mode 100644 index 0000000000..977dc8be8f --- /dev/null +++ b/2024/CVE-2024-43321.md @@ -0,0 +1,17 @@ +### [CVE-2024-43321](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43321) +![](https://img.shields.io/static/v1?label=Product&message=Team%20Showcase&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins Team Showcase allows Stored XSS.This issue affects Team Showcase: from n/a through 1.22.23. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43324.md b/2024/CVE-2024-43324.md new file mode 100644 index 0000000000..9dad1816e8 --- /dev/null +++ b/2024/CVE-2024-43324.md @@ -0,0 +1,18 @@ +### [CVE-2024-43324](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43324) +![](https://img.shields.io/static/v1?label=Product&message=Clever%20Addons%20for%20Elementor&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CleverSoft Clever Addons for Elementor allows Stored XSS.This issue affects Clever Addons for Elementor: from n/a through 2.2.0. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43327.md b/2024/CVE-2024-43327.md new file mode 100644 index 0000000000..01876a2bbc --- /dev/null +++ b/2024/CVE-2024-43327.md @@ -0,0 +1,17 @@ +### [CVE-2024-43327](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43327) +![](https://img.shields.io/static/v1?label=Product&message=Invite%20Anyone&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Boone Gorges Invite Anyone allows Reflected XSS.This issue affects Invite Anyone: from n/a through 1.4.7. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43329.md b/2024/CVE-2024-43329.md new file mode 100644 index 0000000000..05c24651e5 --- /dev/null +++ b/2024/CVE-2024-43329.md @@ -0,0 +1,18 @@ +### [CVE-2024-43329](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43329) +![](https://img.shields.io/static/v1?label=Product&message=Allegiant&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.2.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Chill Allegiant allegiant allows Stored XSS.This issue affects Allegiant: from n/a through 1.2.7. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43330.md b/2024/CVE-2024-43330.md new file mode 100644 index 0000000000..132af0afdc --- /dev/null +++ b/2024/CVE-2024-43330.md @@ -0,0 +1,18 @@ +### [CVE-2024-43330](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43330) +![](https://img.shields.io/static/v1?label=Product&message=PowerPack%20for%20Beaver%20Builder&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in IdeaBox Creations PowerPack for Beaver Builder allows Reflected XSS.This issue affects PowerPack for Beaver Builder: from n/a before 2.37.4. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43335.md b/2024/CVE-2024-43335.md new file mode 100644 index 0000000000..76e37ac723 --- /dev/null +++ b/2024/CVE-2024-43335.md @@ -0,0 +1,17 @@ +### [CVE-2024-43335](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43335) +![](https://img.shields.io/static/v1?label=Product&message=Responsive%20Blocks%20%E2%80%93%20WordPress%20Gutenberg%20Blocks&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CyberChimps Responsive Blocks – WordPress Gutenberg Blocks allows Stored XSS.This issue affects Responsive Blocks – WordPress Gutenberg Blocks: from n/a through 1.8.8. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43342.md b/2024/CVE-2024-43342.md new file mode 100644 index 0000000000..201172ebce --- /dev/null +++ b/2024/CVE-2024-43342.md @@ -0,0 +1,17 @@ +### [CVE-2024-43342](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43342) +![](https://img.shields.io/static/v1?label=Product&message=Ultimate%20Store%20Kit%20Elementor%20Addons&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BdThemes Ultimate Store Kit Elementor Addons allows Stored XSS.This issue affects Ultimate Store Kit Elementor Addons: from n/a through 1.6.4. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43344.md b/2024/CVE-2024-43344.md new file mode 100644 index 0000000000..7d93c7af3b --- /dev/null +++ b/2024/CVE-2024-43344.md @@ -0,0 +1,17 @@ +### [CVE-2024-43344](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43344) +![](https://img.shields.io/static/v1?label=Product&message=Icegram&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Icegram allows Stored XSS.This issue affects Icegram: from n/a through 3.1.25. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43346.md b/2024/CVE-2024-43346.md new file mode 100644 index 0000000000..e956bf09ae --- /dev/null +++ b/2024/CVE-2024-43346.md @@ -0,0 +1,17 @@ +### [CVE-2024-43346](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43346) +![](https://img.shields.io/static/v1?label=Product&message=Modal%20Window&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wow-Company Modal Window allows Stored XSS.This issue affects Modal Window: from n/a through 6.0.3. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43347.md b/2024/CVE-2024-43347.md new file mode 100644 index 0000000000..97314f54ff --- /dev/null +++ b/2024/CVE-2024-43347.md @@ -0,0 +1,18 @@ +### [CVE-2024-43347](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43347) +![](https://img.shields.io/static/v1?label=Product&message=Button%20contact%20VR&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%204.7.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in VirusTran Button contact VR allows Stored XSS.This issue affects Button contact VR: from n/a through 4.7.3. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43348.md b/2024/CVE-2024-43348.md new file mode 100644 index 0000000000..dc61797c9c --- /dev/null +++ b/2024/CVE-2024-43348.md @@ -0,0 +1,17 @@ +### [CVE-2024-43348](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43348) +![](https://img.shields.io/static/v1?label=Product&message=Purity%20Of%20Soul&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Iznyn Purity Of Soul allows Reflected XSS.This issue affects Purity Of Soul: from n/a through 1.9. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43349.md b/2024/CVE-2024-43349.md new file mode 100644 index 0000000000..f8f23af1ad --- /dev/null +++ b/2024/CVE-2024-43349.md @@ -0,0 +1,18 @@ +### [CVE-2024-43349](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43349) +![](https://img.shields.io/static/v1?label=Product&message=All%20Bootstrap%20Blocks&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.3.19%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AREOI All Bootstrap Blocks allows Stored XSS.This issue affects All Bootstrap Blocks: from n/a through 1.3.19. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43351.md b/2024/CVE-2024-43351.md new file mode 100644 index 0000000000..d3ef4c5cad --- /dev/null +++ b/2024/CVE-2024-43351.md @@ -0,0 +1,18 @@ +### [CVE-2024-43351](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43351) +![](https://img.shields.io/static/v1?label=Product&message=Bravada&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.1.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Bravada bravada allows Stored XSS.This issue affects Bravada: from n/a through 1.1.2. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43352.md b/2024/CVE-2024-43352.md new file mode 100644 index 0000000000..6707d00022 --- /dev/null +++ b/2024/CVE-2024-43352.md @@ -0,0 +1,17 @@ +### [CVE-2024-43352](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43352) +![](https://img.shields.io/static/v1?label=Product&message=GivingPress%20Lite&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.8.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Organic Themes GivingPress Lite allows Stored XSS.This issue affects GivingPress Lite: from n/a through 1.8.6. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43381.md b/2024/CVE-2024-43381.md index a6ffabd2cf..36c35be377 100644 --- a/2024/CVE-2024-43381.md +++ b/2024/CVE-2024-43381.md @@ -11,7 +11,7 @@ reNgine is an automated reconnaissance framework for web applications. Versions ### POC #### Reference -No PoCs from references. +- https://github.com/yogeshojha/rengine/security/advisories/GHSA-96q4-fj2m-jqf7 #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-44067.md b/2024/CVE-2024-44067.md new file mode 100644 index 0000000000..901f358c77 --- /dev/null +++ b/2024/CVE-2024-44067.md @@ -0,0 +1,17 @@ +### [CVE-2024-44067](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44067) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The T-Head XuanTie C910 CPU in the TH1520 SoC and the T-Head XuanTie C920 CPU in the SOPHON SG2042 have instructions that allow unprivileged attackers to write to arbitrary physical memory locations, aka GhostWrite. + +### POC + +#### Reference +- https://ghostwriteattack.com + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-5372.md b/2024/CVE-2024-5372.md new file mode 100644 index 0000000000..449ebd05bf --- /dev/null +++ b/2024/CVE-2024-5372.md @@ -0,0 +1,17 @@ +### [CVE-2024-5372](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5372) +![](https://img.shields.io/static/v1?label=Product&message=College%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability classified as problematic was found in Kashipara College Management System 1.0. This vulnerability affects unknown code of the file submit_extracurricular_activity.php. The manipulation of the argument activity_contact leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-266284. + +### POC + +#### Reference +- https://vuldb.com/?submit.343452 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-6330.md b/2024/CVE-2024-6330.md new file mode 100644 index 0000000000..a9fa6b6b7e --- /dev/null +++ b/2024/CVE-2024-6330.md @@ -0,0 +1,17 @@ +### [CVE-2024-6330](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6330) +![](https://img.shields.io/static/v1?label=Product&message=GEO%20my%20WP&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.5.0.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%20Improper%20Control%20of%20Generation%20of%20Code%20('Code%20Injection')&color=brighgreen) + +### Description + +The GEO my WP WordPress plugin before 4.5.0.2 does not prevent unauthenticated attackers from including arbitrary files in PHP's execution context, which leads to Remote Code Execution. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/95b532e0-1ffb-421e-b9c0-de03f89491d7/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-6387.md b/2024/CVE-2024-6387.md index 886a2d544a..bd5871fe1f 100644 --- a/2024/CVE-2024-6387.md +++ b/2024/CVE-2024-6387.md @@ -43,6 +43,7 @@ A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). - https://github.com/ThemeHackers/CVE-2024-6387 - https://github.com/Threekiii/CVE - https://github.com/TrojanAZhen/Self_Back +- https://github.com/almogopp/OpenSSH-CVE-2024-6387-Fix - https://github.com/azurejoga/CVE-2024-6387-how-to-fix - https://github.com/beac0n/ruroco - https://github.com/bigb0x/CVE-2024-6387 @@ -55,6 +56,7 @@ A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). - https://github.com/maycon/stars - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/rxerium/stars +- https://github.com/s1d6point7bugcrowd/CVE-2024-6387-Race-Condition-in-Signal-Handling-for-OpenSSH - https://github.com/sardine-web/CVE-2024-6387_Check - https://github.com/tanjiti/sec_profile - https://github.com/teamos-hub/regreSSHion diff --git a/2024/CVE-2024-6451.md b/2024/CVE-2024-6451.md new file mode 100644 index 0000000000..a7c8dbb7cb --- /dev/null +++ b/2024/CVE-2024-6451.md @@ -0,0 +1,17 @@ +### [CVE-2024-6451](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6451) +![](https://img.shields.io/static/v1?label=Product&message=AI%20Engine&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.5.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%20Improper%20Control%20of%20Generation%20of%20Code%20('Code%20Injection')&color=brighgreen) + +### Description + +AI Engine < 2.4.3 is susceptible to remote-code-execution (RCE) via Log Poisoning. The AI Engine WordPress plugin before 2.5.1 fails to validate the file extension of "logs_path", allowing Administrators to change log filetypes from .log to .php. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/fc06d413-a227-470c-a5b7-cdab57aeab34/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-6781.md b/2024/CVE-2024-6781.md index 12ca40fdc5..4cea9e55a4 100644 --- a/2024/CVE-2024-6781.md +++ b/2024/CVE-2024-6781.md @@ -15,4 +15,5 @@ Path traversal in Calibre <= 7.14.0 allow unauthenticated attackers to achieve a #### Github - https://github.com/20142995/nuclei-templates - https://github.com/wy876/POC +- https://github.com/wy876/wiki diff --git a/2024/CVE-2024-6782.md b/2024/CVE-2024-6782.md index 73459df531..12736597dc 100644 --- a/2024/CVE-2024-6782.md +++ b/2024/CVE-2024-6782.md @@ -16,4 +16,5 @@ Improper access control in Calibre 6.9.0 ~ 7.14.0 allow unauthenticated attacker - https://github.com/20142995/nuclei-templates - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/wy876/POC +- https://github.com/wy876/wiki diff --git a/2024/CVE-2024-6843.md b/2024/CVE-2024-6843.md new file mode 100644 index 0000000000..ed1a31ea44 --- /dev/null +++ b/2024/CVE-2024-6843.md @@ -0,0 +1,17 @@ +### [CVE-2024-6843](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6843) +![](https://img.shields.io/static/v1?label=Product&message=Chatbot%20with%20ChatGPT%20WordPress&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.4.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not sanitise and escape user inputs, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks against admins + +### POC + +#### Reference +- https://wpscan.com/vulnerability/9a5cb440-065a-445a-9a09-55bd5f782e85/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-6911.md b/2024/CVE-2024-6911.md index 79a1083841..1d67082fe7 100644 --- a/2024/CVE-2024-6911.md +++ b/2024/CVE-2024-6911.md @@ -15,4 +15,5 @@ Files on the Windows system are accessible without authentication to external pa #### Github - https://github.com/wy876/POC +- https://github.com/wy876/wiki diff --git a/2024/CVE-2024-7896.md b/2024/CVE-2024-7896.md index 1650e4d704..5a8e0d7fd6 100644 --- a/2024/CVE-2024-7896.md +++ b/2024/CVE-2024-7896.md @@ -11,6 +11,7 @@ A vulnerability was found in Tosei Online Store Management System ネット店 #### Reference - https://gist.github.com/b0rgch3n/4788c7c429d49095915d84161a157295 +- https://vuldb.com/?submit.387131 #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-7906.md b/2024/CVE-2024-7906.md new file mode 100644 index 0000000000..32172a9bdd --- /dev/null +++ b/2024/CVE-2024-7906.md @@ -0,0 +1,17 @@ +### [CVE-2024-7906](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7906) +![](https://img.shields.io/static/v1?label=Product&message=DedeBIZ&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%206.3.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload&color=brighgreen) + +### Description + +A vulnerability classified as critical was found in DedeBIZ 6.3.0. This vulnerability affects the function get_mime_type of the file /admin/dialog/select_images_post.php of the component Attachment Settings. The manipulation of the argument upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/github.txt b/github.txt index 8cf786aa5f..9d1f6dbff6 100644 --- a/github.txt +++ b/github.txt @@ -1801,12 +1801,14 @@ CVE-2006-5051 - https://github.com/David-M-Berry/openssh-cve-discovery CVE-2006-5051 - https://github.com/Passyed/regreSSHion-Fix CVE-2006-5051 - https://github.com/TAM-K592/CVE-2024-6387 CVE-2006-5051 - https://github.com/ThemeHackers/CVE-2024-6387 +CVE-2006-5051 - https://github.com/almogopp/OpenSSH-CVE-2024-6387-Fix CVE-2006-5051 - https://github.com/azurejoga/CVE-2024-6387-how-to-fix CVE-2006-5051 - https://github.com/bigb0x/CVE-2024-6387 CVE-2006-5051 - https://github.com/giterlizzi/secdb-feeds CVE-2006-5051 - https://github.com/invaderslabs/regreSSHion-CVE-2024-6387- CVE-2006-5051 - https://github.com/kalvin-net/NoLimit-Secu-RegreSSHion CVE-2006-5051 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2006-5051 - https://github.com/s1d6point7bugcrowd/CVE-2024-6387-Race-Condition-in-Signal-Handling-for-OpenSSH CVE-2006-5051 - https://github.com/sardine-web/CVE-2024-6387_Check CVE-2006-5156 - https://github.com/trend-anz/Deep-Security-CVE-to-IPS-Mapper CVE-2006-5178 - https://github.com/Whissi/realpath_turbo @@ -3050,10 +3052,12 @@ CVE-2008-4109 - https://github.com/CVEDB/awesome-cve-repo CVE-2008-4109 - https://github.com/David-M-Berry/openssh-cve-discovery CVE-2008-4109 - https://github.com/Passyed/regreSSHion-Fix CVE-2008-4109 - https://github.com/TAM-K592/CVE-2024-6387 +CVE-2008-4109 - https://github.com/almogopp/OpenSSH-CVE-2024-6387-Fix CVE-2008-4109 - https://github.com/azurejoga/CVE-2024-6387-how-to-fix CVE-2008-4109 - https://github.com/bigb0x/CVE-2024-6387 CVE-2008-4109 - https://github.com/invaderslabs/regreSSHion-CVE-2024-6387- CVE-2008-4109 - https://github.com/kalvin-net/NoLimit-Secu-RegreSSHion +CVE-2008-4109 - https://github.com/s1d6point7bugcrowd/CVE-2024-6387-Race-Condition-in-Signal-Handling-for-OpenSSH CVE-2008-4114 - https://github.com/RodrigoVarasLopez/Download-Scanners-from-Nessus-8.7-using-the-API CVE-2008-4163 - https://github.com/ARPSyndicate/cvemon CVE-2008-4163 - https://github.com/DButter/whitehat_public @@ -5251,6 +5255,7 @@ CVE-2010-2075 - https://github.com/FredBrave/CVE-2010-2075-UnrealIRCd-3.2.8.1 CVE-2010-2075 - https://github.com/Glumgam/UnrealiRCd-3.2.8.1-exploit-python CVE-2010-2075 - https://github.com/JoseLRC97/UnrealIRCd-3.2.8.1-Backdoor-Command-Execution CVE-2010-2075 - https://github.com/MFernstrom/OffensivePascal-CVE-2010-2075 +CVE-2010-2075 - https://github.com/Mr-Tree-S/POC_EXP CVE-2010-2075 - https://github.com/Okarn/TP_securite_EDOU_JACQUEMONT CVE-2010-2075 - https://github.com/Patrick122333/4240project CVE-2010-2075 - https://github.com/Sh4dowX404/UnrealIRCD-3.2.8.1-Backdoor @@ -9488,6 +9493,7 @@ CVE-2013-0156 - https://github.com/heroku/heroku-CVE-2013-0156 CVE-2013-0156 - https://github.com/hktalent/TOP CVE-2013-0156 - https://github.com/jbmihoub/all-poc CVE-2013-0156 - https://github.com/josal/crack-0.1.8-fixed +CVE-2013-0156 - https://github.com/localeapp/localeapp CVE-2013-0156 - https://github.com/mengdaya/Web-CTF-Cheatsheet CVE-2013-0156 - https://github.com/michenriksen/nmap-scripts CVE-2013-0156 - https://github.com/mitaku/rails_cve_2013_0156_patch @@ -62434,6 +62440,7 @@ CVE-2019-11358 - https://github.com/QASMT-FTC/FTC-13626-Team2 CVE-2019-11358 - https://github.com/QuantumRoboticsFTC/freightfrenzy-app CVE-2019-11358 - https://github.com/QuantumRoboticsFTC/powerplay-app CVE-2019-11358 - https://github.com/QuantumRoboticsFTC/ultimategoal-app +CVE-2019-11358 - https://github.com/R-Tacoz/FTC14607_23-24RC CVE-2019-11358 - https://github.com/R3Vipers/test CVE-2019-11358 - https://github.com/RCGV1/testingFTC CVE-2019-11358 - https://github.com/RDasari7304/PurePursuitController @@ -122889,6 +122896,7 @@ CVE-2022-1195 - https://github.com/ARPSyndicate/cvemon CVE-2022-1203 - https://github.com/RandomRobbieBF/CVE-2022-1203 CVE-2022-1203 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2022-1204 - https://github.com/ARPSyndicate/cvemon +CVE-2022-1206 - https://github.com/20142995/nuclei-templates CVE-2022-1207 - https://github.com/ARPSyndicate/cvemon CVE-2022-1208 - https://github.com/ARPSyndicate/cvemon CVE-2022-1210 - https://github.com/ARPSyndicate/cvemon @@ -142819,6 +142827,7 @@ CVE-2022-48702 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2022-48703 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2022-4883 - https://github.com/1g-v/DevSec_Docker_lab CVE-2022-4883 - https://github.com/L-ivan7/-.-DevSec_Docker +CVE-2022-4891 - https://github.com/sisimai/rb-sisimai CVE-2022-4896 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2022-4896 - https://github.com/sapellaniz/CVE-2022-4896 CVE-2022-4897 - https://github.com/ARPSyndicate/cvemon @@ -145179,6 +145188,7 @@ CVE-2023-22894 - https://github.com/Saboor-Hakimi/CVE-2023-22894 CVE-2023-22894 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2023-22897 - https://github.com/ARPSyndicate/cvemon CVE-2023-22897 - https://github.com/MrTuxracer/advisories +CVE-2023-2290 - https://github.com/tadghh/Dell-unlock-undervolting CVE-2023-22903 - https://github.com/go-compile/security-advisories CVE-2023-22906 - https://github.com/abrahim7112/Vulnerability-checking-program-for-Android CVE-2023-22906 - https://github.com/nomi-sec/PoC-in-GitHub @@ -147858,6 +147868,7 @@ CVE-2023-29383 - https://github.com/GrigGM/05-virt-04-docker-hw CVE-2023-29383 - https://github.com/adegoodyer/kubernetes-admin-toolkit CVE-2023-29383 - https://github.com/fokypoky/places-list CVE-2023-29383 - https://github.com/tl87/container-scanner +CVE-2023-29384 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2023-29385 - https://github.com/hackintoanetwork/hackintoanetwork CVE-2023-29389 - https://github.com/1-tong/vehicle_cves CVE-2023-29389 - https://github.com/Vu1nT0tal/Vehicle-Security @@ -153629,6 +153640,7 @@ CVE-2023-45386 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-4539 - https://github.com/defragmentator/mitmsqlproxy CVE-2023-4540 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-4542 - https://github.com/20142995/sectool +CVE-2023-4542 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2023-4542 - https://github.com/tanjiti/sec_profile CVE-2023-4542 - https://github.com/wjlin0/poc-doc CVE-2023-4542 - https://github.com/wy876/POC @@ -153817,6 +153829,7 @@ CVE-2023-45866 - https://github.com/vs4vijay/exploits CVE-2023-45866 - https://github.com/zhaoxiaoha/github-trending CVE-2023-4587 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-45887 - https://github.com/MikeIsAStar/DS-Wireless-Communication-Remote-Code-Execution +CVE-2023-4590 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2023-4591 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-4591 - https://github.com/tanjiti/sec_profile CVE-2023-45918 - https://github.com/GrigGM/05-virt-04-docker-hw @@ -154588,6 +154601,7 @@ CVE-2023-48201 - https://github.com/mechaneus/mechaneus.github.io CVE-2023-48202 - https://github.com/mechaneus/mechaneus.github.io CVE-2023-4822 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-48226 - https://github.com/mbiesiad/security-hall-of-fame-mb +CVE-2023-48251 - https://github.com/oxagast/oxasploits CVE-2023-48268 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-4827 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-48291 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -163006,6 +163020,7 @@ CVE-2024-20745 - https://github.com/NaInSec/CVE-LIST CVE-2024-20745 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-20746 - https://github.com/NaInSec/CVE-LIST CVE-2024-20746 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-20746 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-2075 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-20750 - https://github.com/vulsio/go-cve-dictionary CVE-2024-20752 - https://github.com/NaInSec/CVE-LIST @@ -164120,6 +164135,7 @@ CVE-2024-22515 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-22519 - https://github.com/Drone-Lab/opendroneid-vulnerability CVE-2024-22520 - https://github.com/Drone-Lab/Dronetag-vulnerability CVE-2024-22523 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-22526 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-22530 - https://github.com/luelueking/luelueking CVE-2024-22532 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-22532 - https://github.com/nomi-sec/PoC-in-GitHub @@ -164453,6 +164469,7 @@ CVE-2024-23334 - https://github.com/z3rObyte/CVE-2024-23334-PoC CVE-2024-23335 - https://github.com/CP04042K/CVE CVE-2024-23336 - https://github.com/CP04042K/CVE CVE-2024-23339 - https://github.com/d3ng03/PP-Auto-Detector +CVE-2024-23339 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-23342 - https://github.com/memphis-tools/dummy_fastapi_flask_blog_app CVE-2024-23343 - https://github.com/Sim4n6/Sim4n6 CVE-2024-23349 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -165662,6 +165679,7 @@ CVE-2024-25579 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-2558 - https://github.com/LaPhilosophie/IoT-vulnerable CVE-2024-2558 - https://github.com/NaInSec/CVE-LIST CVE-2024-25580 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-25582 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-2559 - https://github.com/LaPhilosophie/IoT-vulnerable CVE-2024-2559 - https://github.com/NaInSec/CVE-LIST CVE-2024-2559 - https://github.com/helloyhrr/IoT_vulnerability @@ -166468,6 +166486,7 @@ CVE-2024-27085 - https://github.com/NaInSec/CVE-LIST CVE-2024-27085 - https://github.com/kip93/kip93 CVE-2024-27087 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-27088 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-27088 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-2709 - https://github.com/LaPhilosophie/IoT-vulnerable CVE-2024-2709 - https://github.com/NaInSec/CVE-LIST CVE-2024-2709 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -166786,6 +166805,7 @@ CVE-2024-2758 - https://github.com/Vos68/HTTP2-Continuation-Flood-PoC CVE-2024-2759 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-27593 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-2760 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-27609 - https://github.com/mohammedatary/mohammedatary CVE-2024-27612 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-27613 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-27619 - https://github.com/ioprojecton/dir-3040_dos @@ -167039,6 +167059,7 @@ CVE-2024-28085 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-28085 - https://github.com/skyler-ferrante/CVE-2024-28085 CVE-2024-28085 - https://github.com/testing-felickz/docker-scout-demo CVE-2024-28087 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-28087 - https://github.com/mohammedatary/mohammedatary CVE-2024-28088 - https://github.com/levpachmanov/cve-2024-28088-poc CVE-2024-28088 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-28088 - https://github.com/seal-community/patches @@ -169352,6 +169373,7 @@ CVE-2024-33612 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-33633 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-33640 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-33643 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-33644 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-33645 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-33646 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-33648 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -169818,6 +169840,7 @@ CVE-2024-35522 - https://github.com/AnixPasBesoin/AnixPasBesoin CVE-2024-35523 - https://github.com/AnixPasBesoin/AnixPasBesoin CVE-2024-35524 - https://github.com/AnixPasBesoin/AnixPasBesoin CVE-2024-35537 - https://github.com/aaravavi/TVS-Connect-Application-VAPT +CVE-2024-35538 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-35548 - https://github.com/bytyme/MybatisPlusSQLInjection CVE-2024-35570 - https://github.com/ibaiw/2024Hvv CVE-2024-35591 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -169915,6 +169938,7 @@ CVE-2024-36104 - https://github.com/wy876/wiki CVE-2024-36105 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-36111 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-36111 - https://github.com/wy876/POC +CVE-2024-36111 - https://github.com/wy876/wiki CVE-2024-36120 - https://github.com/SteakEnthusiast/My-CTF-Challenges CVE-2024-36136 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3614 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -170175,6 +170199,7 @@ CVE-2024-38166 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3817 - https://github.com/dellalibera/dellalibera CVE-2024-3817 - https://github.com/otms61/vex_dir CVE-2024-38189 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-38189 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-38202 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-38206 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3822 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -170271,6 +170296,7 @@ CVE-2024-38856 - https://github.com/k3ppf0r/2024-PocLib CVE-2024-38856 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-38856 - https://github.com/tanjiti/sec_profile CVE-2024-38856 - https://github.com/wy876/POC +CVE-2024-38856 - https://github.com/wy876/wiki CVE-2024-3889 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3891 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3892 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -170728,8 +170754,10 @@ CVE-2024-41465 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-41466 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-41468 - https://github.com/ibaiw/2024Hvv CVE-2024-41468 - https://github.com/wy876/POC +CVE-2024-41468 - https://github.com/wy876/wiki CVE-2024-41473 - https://github.com/ibaiw/2024Hvv CVE-2024-41473 - https://github.com/wy876/POC +CVE-2024-41473 - https://github.com/wy876/wiki CVE-2024-41476 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-41550 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-41551 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -170928,6 +170956,7 @@ CVE-2024-4257 - https://github.com/wy876/wiki CVE-2024-4265 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-42657 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-42658 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-42675 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-42676 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-42677 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-42678 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -170939,6 +170968,7 @@ CVE-2024-42758 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-42849 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-42850 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-4286 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42919 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-4295 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-4295 - https://github.com/truonghuuphuc/CVE-2024-4295-Poc CVE-2024-4296 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -171061,7 +171091,22 @@ CVE-2024-43236 - https://github.com/20142995/nuclei-templates CVE-2024-43238 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4324 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-43276 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-43277 - https://github.com/20142995/nuclei-templates CVE-2024-4328 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-43285 - https://github.com/20142995/nuclei-templates +CVE-2024-43287 - https://github.com/20142995/nuclei-templates +CVE-2024-43290 - https://github.com/20142995/nuclei-templates +CVE-2024-43291 - https://github.com/20142995/nuclei-templates +CVE-2024-43293 - https://github.com/20142995/nuclei-templates +CVE-2024-43294 - https://github.com/20142995/nuclei-templates +CVE-2024-43295 - https://github.com/20142995/nuclei-templates +CVE-2024-43297 - https://github.com/20142995/nuclei-templates +CVE-2024-43298 - https://github.com/20142995/nuclei-templates +CVE-2024-43299 - https://github.com/20142995/nuclei-templates +CVE-2024-43301 - https://github.com/20142995/nuclei-templates +CVE-2024-43302 - https://github.com/20142995/nuclei-templates +CVE-2024-43304 - https://github.com/20142995/nuclei-templates +CVE-2024-43305 - https://github.com/20142995/nuclei-templates CVE-2024-43305 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-43306 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-43307 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -171069,25 +171114,51 @@ CVE-2024-43308 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-43309 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4331 - https://github.com/angelov-1080/CVE_Checker CVE-2024-4331 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-43310 - https://github.com/20142995/nuclei-templates +CVE-2024-43312 - https://github.com/20142995/nuclei-templates CVE-2024-43313 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-43314 - https://github.com/20142995/nuclei-templates +CVE-2024-43315 - https://github.com/20142995/nuclei-templates +CVE-2024-43316 - https://github.com/20142995/nuclei-templates +CVE-2024-43317 - https://github.com/20142995/nuclei-templates CVE-2024-43318 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-43320 - https://github.com/20142995/nuclei-templates CVE-2024-43320 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-43321 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-43323 - https://github.com/20142995/nuclei-templates +CVE-2024-43324 - https://github.com/20142995/nuclei-templates CVE-2024-43324 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-43325 - https://github.com/20142995/nuclei-templates +CVE-2024-43326 - https://github.com/20142995/nuclei-templates CVE-2024-43327 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-43329 - https://github.com/20142995/nuclei-templates CVE-2024-43329 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4333 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-43330 - https://github.com/20142995/nuclei-templates CVE-2024-43330 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-43331 - https://github.com/20142995/nuclei-templates +CVE-2024-43332 - https://github.com/20142995/nuclei-templates CVE-2024-43335 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-43336 - https://github.com/20142995/nuclei-templates +CVE-2024-43337 - https://github.com/20142995/nuclei-templates +CVE-2024-43339 - https://github.com/20142995/nuclei-templates CVE-2024-4334 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-43340 - https://github.com/20142995/nuclei-templates +CVE-2024-43341 - https://github.com/20142995/nuclei-templates CVE-2024-43342 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-43343 - https://github.com/20142995/nuclei-templates CVE-2024-43344 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-43346 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-43347 - https://github.com/20142995/nuclei-templates CVE-2024-43347 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-43348 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-43349 - https://github.com/20142995/nuclei-templates CVE-2024-43349 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-43351 - https://github.com/20142995/nuclei-templates CVE-2024-43351 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-43352 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-43355 - https://github.com/20142995/nuclei-templates +CVE-2024-43356 - https://github.com/20142995/nuclei-templates CVE-2024-43358 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-43359 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-43360 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -171546,6 +171617,7 @@ CVE-2024-5542 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5555 - https://github.com/JohnnyBradvo/CVE-2024-5555 CVE-2024-5555 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-5572 - https://github.com/ajmalabubakkr/CVE +CVE-2024-5576 - https://github.com/20142995/nuclei-templates CVE-2024-5585 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5585 - https://github.com/tianstcht/tianstcht CVE-2024-5595 - https://github.com/20142995/nuclei-templates @@ -171583,6 +171655,7 @@ CVE-2024-5744 - https://github.com/20142995/nuclei-templates CVE-2024-5745 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5756 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5758 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-5763 - https://github.com/20142995/nuclei-templates CVE-2024-5765 - https://github.com/20142995/nuclei-templates CVE-2024-5766 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5770 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -171608,7 +171681,11 @@ CVE-2024-5861 - https://github.com/20142995/nuclei-templates CVE-2024-5893 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5894 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5895 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-5932 - https://github.com/20142995/nuclei-templates CVE-2024-5936 - https://github.com/20142995/nuclei-templates +CVE-2024-5939 - https://github.com/20142995/nuclei-templates +CVE-2024-5940 - https://github.com/20142995/nuclei-templates +CVE-2024-5941 - https://github.com/20142995/nuclei-templates CVE-2024-5947 - https://github.com/komodoooo/Some-things CVE-2024-5947 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-5961 - https://github.com/nomi-sec/PoC-in-GitHub @@ -171688,6 +171765,7 @@ CVE-2024-6387 - https://github.com/TAM-K592/CVE-2024-6387 CVE-2024-6387 - https://github.com/ThemeHackers/CVE-2024-6387 CVE-2024-6387 - https://github.com/Threekiii/CVE CVE-2024-6387 - https://github.com/TrojanAZhen/Self_Back +CVE-2024-6387 - https://github.com/almogopp/OpenSSH-CVE-2024-6387-Fix CVE-2024-6387 - https://github.com/azurejoga/CVE-2024-6387-how-to-fix CVE-2024-6387 - https://github.com/beac0n/ruroco CVE-2024-6387 - https://github.com/bigb0x/CVE-2024-6387 @@ -171700,6 +171778,7 @@ CVE-2024-6387 - https://github.com/lukibahr/stars CVE-2024-6387 - https://github.com/maycon/stars CVE-2024-6387 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-6387 - https://github.com/rxerium/stars +CVE-2024-6387 - https://github.com/s1d6point7bugcrowd/CVE-2024-6387-Race-Condition-in-Signal-Handling-for-OpenSSH CVE-2024-6387 - https://github.com/sardine-web/CVE-2024-6387_Check CVE-2024-6387 - https://github.com/tanjiti/sec_profile CVE-2024-6387 - https://github.com/teamos-hub/regreSSHion @@ -171734,6 +171813,7 @@ CVE-2024-6553 - https://github.com/20142995/nuclei-templates CVE-2024-6558 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6562 - https://github.com/20142995/nuclei-templates CVE-2024-6571 - https://github.com/20142995/nuclei-templates +CVE-2024-6575 - https://github.com/20142995/nuclei-templates CVE-2024-6589 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6629 - https://github.com/20142995/nuclei-templates CVE-2024-6639 - https://github.com/20142995/nuclei-templates @@ -171773,9 +171853,11 @@ CVE-2024-6768 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-6779 - https://github.com/leesh3288/leesh3288 CVE-2024-6781 - https://github.com/20142995/nuclei-templates CVE-2024-6781 - https://github.com/wy876/POC +CVE-2024-6781 - https://github.com/wy876/wiki CVE-2024-6782 - https://github.com/20142995/nuclei-templates CVE-2024-6782 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-6782 - https://github.com/wy876/POC +CVE-2024-6782 - https://github.com/wy876/wiki CVE-2024-6797 - https://github.com/20142995/nuclei-templates CVE-2024-6798 - https://github.com/20142995/nuclei-templates CVE-2024-6802 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -171789,6 +171871,7 @@ CVE-2024-6853 - https://github.com/20142995/nuclei-templates CVE-2024-6855 - https://github.com/20142995/nuclei-templates CVE-2024-6856 - https://github.com/20142995/nuclei-templates CVE-2024-6859 - https://github.com/20142995/nuclei-templates +CVE-2024-6864 - https://github.com/20142995/nuclei-templates CVE-2024-6865 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6869 - https://github.com/20142995/nuclei-templates CVE-2024-6884 - https://github.com/20142995/nuclei-templates @@ -171798,6 +171881,7 @@ CVE-2024-6893 - https://github.com/20142995/nuclei-templates CVE-2024-6893 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6896 - https://github.com/20142995/nuclei-templates CVE-2024-6911 - https://github.com/wy876/POC +CVE-2024-6911 - https://github.com/wy876/wiki CVE-2024-6917 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6923 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6924 - https://github.com/20142995/nuclei-templates @@ -171824,6 +171908,7 @@ CVE-2024-6990 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7008 - https://github.com/20142995/nuclei-templates CVE-2024-7027 - https://github.com/20142995/nuclei-templates CVE-2024-7047 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7054 - https://github.com/20142995/nuclei-templates CVE-2024-7057 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7060 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7063 - https://github.com/20142995/nuclei-templates @@ -172004,10 +172089,12 @@ CVE-2024-7630 - https://github.com/20142995/nuclei-templates CVE-2024-7646 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-7648 - https://github.com/20142995/nuclei-templates CVE-2024-7649 - https://github.com/20142995/nuclei-templates +CVE-2024-7689 - https://github.com/20142995/nuclei-templates CVE-2024-7690 - https://github.com/20142995/nuclei-templates CVE-2024-7691 - https://github.com/20142995/nuclei-templates CVE-2024-7692 - https://github.com/20142995/nuclei-templates CVE-2024-7697 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7702 - https://github.com/20142995/nuclei-templates CVE-2024-7703 - https://github.com/20142995/nuclei-templates CVE-2024-7703 - https://github.com/lfillaz/CVE-2024-7703 CVE-2024-7703 - https://github.com/nomi-sec/PoC-in-GitHub @@ -172021,19 +172108,26 @@ CVE-2024-7728 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7729 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7731 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7732 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7775 - https://github.com/20142995/nuclei-templates +CVE-2024-7777 - https://github.com/20142995/nuclei-templates +CVE-2024-7780 - https://github.com/20142995/nuclei-templates +CVE-2024-7782 - https://github.com/20142995/nuclei-templates CVE-2024-7790 - https://github.com/JoshuaMart/JoshuaMart CVE-2024-7790 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7827 - https://github.com/20142995/nuclei-templates CVE-2024-7829 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7830 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7831 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7832 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7833 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7850 - https://github.com/20142995/nuclei-templates CVE-2024-7886 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7887 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7896 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7897 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7904 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7906 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7928 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-87654 - https://github.com/runwuf/clickhouse-test CVE-2024-98765 - https://github.com/runwuf/clickhouse-test CVE-2024-99999 - https://github.com/kolewttd/wtt diff --git a/references.txt b/references.txt index 66da2cebd1..c62c586e64 100644 --- a/references.txt +++ b/references.txt @@ -4812,6 +4812,8 @@ CVE-2006-4647 - https://www.exploit-db.com/exploits/2309 CVE-2006-4648 - https://www.exploit-db.com/exploits/2312 CVE-2006-4655 - http://securityreason.com/securityalert/1545 CVE-2006-4656 - https://www.exploit-db.com/exploits/2317 +CVE-2006-4660 - http://securityreason.com/securityalert/1523 +CVE-2006-4661 - http://securityreason.com/securityalert/1523 CVE-2006-4662 - http://securityreason.com/securityalert/1530 CVE-2006-4662 - http://www.securityfocus.com/archive/1/445513/100/0/threaded CVE-2006-4664 - https://www.exploit-db.com/exploits/2311 @@ -56687,6 +56689,7 @@ CVE-2019-11074 - https://how2itsec.blogspot.com/2019/10/security-fixes-in-prtg-1 CVE-2019-11074 - https://sensepost.com/blog/2019/being-stubborn-pays-off-pt.-1-cve-2018-19204/ CVE-2019-11076 - https://github.com/livehybrid/poc-cribl-rce CVE-2019-11080 - http://packetstormsecurity.com/files/153274/Sitecore-8.x-Deserialization-Remote-Code-Execution.html +CVE-2019-11080 - https://dev.sitecore.net/Downloads/Sitecore%20Experience%20Platform/91/Sitecore%20Experience%20Platform%2091%20Update1/Release%20Notes CVE-2019-11085 - https://usn.ubuntu.com/4068-1/ CVE-2019-11085 - https://usn.ubuntu.com/4118-1/ CVE-2019-11091 - https://seclists.org/bugtraq/2019/Jun/28 @@ -86481,6 +86484,7 @@ CVE-2022-3989 - https://wpscan.com/vulnerability/1bd20329-f3a5-466d-81b0-e4ff0ca CVE-2022-3993 - https://huntr.dev/bounties/bebd0cd6-18ec-469c-b6ca-19ffa9db0699 CVE-2022-3994 - https://wpscan.com/vulnerability/802a2139-ab48-4281-888f-225e6e3134aa CVE-2022-39960 - https://gist.github.com/CveCt0r/ca8c6e46f536e9ae69fc6061f132463e +CVE-2022-3997 - https://vuldb.com/?id.213698 CVE-2022-39974 - https://github.com/wasm3/wasm3/issues/379 CVE-2022-3998 - https://github.com/MonikaBrzica/scm/issues/1 CVE-2022-39983 - https://www.swascan.com/it/vulnerability-report-instant-developer/ @@ -88552,6 +88556,7 @@ CVE-2022-48012 - https://github.com/Sakura-501/Opencats-0.9.7-Vulnerabilities/bl CVE-2022-48013 - https://github.com/Sakura-501/Opencats-0.9.7-Vulnerabilities/blob/main/Opencats-0.9.7-Stored%20XSS%20in%20Calendar-Add-Event.md CVE-2022-48019 - https://github.com/kkent030315/CVE-2022-42046 CVE-2022-4802 - https://huntr.dev/bounties/d47d4a94-92e3-4400-b012-a8577cbd7956 +CVE-2022-48020 - https://www.linkedin.com/in/dmitry-kiryukhin-b5741421b/ CVE-2022-4803 - https://huntr.dev/bounties/0fba72b9-db10-4d9f-a707-2acf2004a286 CVE-2022-4805 - https://huntr.dev/bounties/b03f6a9b-e49b-42d6-a318-1d7afd985873 CVE-2022-4806 - https://huntr.dev/bounties/2c7101bc-e6d8-4cd0-9003-bc8d86f4e4be @@ -95133,6 +95138,7 @@ CVE-2023-50089 - https://github.com/NoneShell/Vulnerabilities/blob/main/NETGEAR/ CVE-2023-50094 - https://github.com/yogeshojha/rengine/security/advisories/GHSA-fx7f-f735-vgh4 CVE-2023-50094 - https://www.mattz.io/posts/cve-2023-50094/ CVE-2023-50096 - https://github.com/elttam/publications/blob/master/writeups/CVE-2023-50096.md +CVE-2023-50100 - https://github.com/Jarvis-616/cms/blob/master/There%20is%20a%20storage%20type%20XSS%20for%20carousel%20image%20editing.md CVE-2023-50110 - https://github.com/TestLinkOpenSourceTRMS/testlink-code/pull/357 CVE-2023-50120 - https://github.com/gpac/gpac/issues/2698 CVE-2023-50123 - https://www.secura.com/services/iot/consumer-products/security-concerns-in-popular-smart-home-devices @@ -95173,6 +95179,7 @@ CVE-2023-50265 - https://securitylab.github.com/advisories/GHSL-2023-192_GHSL-20 CVE-2023-50266 - https://securitylab.github.com/advisories/GHSL-2023-192_GHSL-2023-194_bazarr/ CVE-2023-5027 - https://vuldb.com/?id.239869 CVE-2023-5028 - https://vuldb.com/?id.239870 +CVE-2023-5029 - https://vuldb.com/?id.239871 CVE-2023-5030 - https://github.com/husterdjx/cve/blob/main/sql1.md CVE-2023-5033 - https://vuldb.com/?id.239877 CVE-2023-50358 - https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2024/2024-213941-1032 @@ -95583,6 +95590,7 @@ CVE-2023-5572 - https://huntr.dev/bounties/db649f1b-8578-4ef0-8df3-d320ab33f1be CVE-2023-5573 - https://huntr.dev/bounties/46a2bb2c-712a-4008-a147-b862e3af7d72 CVE-2023-5585 - https://vuldb.com/?id.242170 CVE-2023-5586 - https://huntr.dev/bounties/d2a6ea71-3555-47a6-9b18-35455d103740 +CVE-2023-5587 - https://vuldb.com/?id.242186 CVE-2023-5590 - https://huntr.dev/bounties/e268cd68-4f34-49bd-878b-82b96dcc0c99 CVE-2023-5591 - https://huntr.dev/bounties/54813d42-5b93-440e-b9b1-c179d2cbf090 CVE-2023-5595 - https://huntr.dev/bounties/0064cf76-ece1-495d-82b4-e4a1bebeb28e @@ -95610,6 +95618,7 @@ CVE-2023-5672 - https://wpscan.com/vulnerability/7c1dff5b-bed3-49f8-96cc-1bc9abe CVE-2023-5673 - https://wpscan.com/vulnerability/231f72bf-9ad0-417e-b7a0-3555875749e9 CVE-2023-5674 - https://wpscan.com/vulnerability/32a23d0d-7ece-4870-a99d-f3f344be2d67 CVE-2023-5681 - https://github.com/Wsecpro/cve1/blob/main/NS-ASG-sql-list_addr_fwresource_ip.md +CVE-2023-5681 - https://vuldb.com/?id.243057 CVE-2023-5682 - https://github.com/Godfather-onec/cve/blob/main/sql.md CVE-2023-5684 - https://github.com/Chef003/cve/blob/main/rce.md CVE-2023-5686 - https://huntr.com/bounties/bbfe1f76-8fa1-4a8c-909d-65b16e970be0 @@ -95690,6 +95699,7 @@ CVE-2023-5905 - https://wpscan.com/vulnerability/f94e91ef-1773-476c-9945-37e89ce CVE-2023-5906 - https://wpscan.com/vulnerability/911d495c-3867-4259-a73a-572cd4fccdde CVE-2023-5907 - https://wpscan.com/vulnerability/f250226f-4a05-4d75-93c4-5444a4ce919e CVE-2023-5911 - https://wpscan.com/vulnerability/dde0767d-1dff-4261-adbe-1f3fdf2d9aae +CVE-2023-5919 - https://vuldb.com/?id.244310 CVE-2023-5922 - https://wpscan.com/vulnerability/debd8498-5770-4270-9ee1-1503e675ef34/ CVE-2023-5931 - https://wpscan.com/vulnerability/3d6889e3-a01b-4e7f-868f-af7cc8c7531a CVE-2023-5939 - https://wpscan.com/vulnerability/db5d41fc-bcd3-414f-aa99-54d5537007bc @@ -98070,6 +98080,7 @@ CVE-2024-29975 - https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/ CVE-2024-29976 - https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/ CVE-2024-3000 - https://github.com/BurakSevben/CVEs/blob/main/Online%20Book%20System/Online%20Book%20System%20-%20Authentication%20Bypass.md CVE-2024-3000 - https://vuldb.com/?id.258202 +CVE-2024-3000 - https://vuldb.com/?submit.305052 CVE-2024-3001 - https://github.com/BurakSevben/CVEs/blob/main/Online%20Book%20System/Online%20Book%20System-%20SQL%20Injection%20-%203.md CVE-2024-3002 - https://github.com/BurakSevben/CVEs/blob/main/Online%20Book%20System/Online%20Book%20System-%20SQL%20Injection%20-%204.md CVE-2024-3003 - https://github.com/BurakSevben/CVEs/blob/main/Online%20Book%20System/Online%20Book%20System-%20SQL%20Injection%20-%205.md @@ -99747,6 +99758,7 @@ CVE-2024-43168 - https://github.com/NLnetLabs/unbound/issues/1039 CVE-2024-43360 - https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-9cmr-7437-v9fj CVE-2024-43373 - https://github.com/j4k0xb/webcrack/security/advisories/GHSA-ccqh-278p-xq6w CVE-2024-43374 - https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw +CVE-2024-43381 - https://github.com/yogeshojha/rengine/security/advisories/GHSA-96q4-fj2m-jqf7 CVE-2024-4340 - https://github.com/advisories/GHSA-2m57-hf25-phgg CVE-2024-4340 - https://research.jfrog.com/vulnerabilities/sqlparse-stack-exhaustion-dos-jfsa-2024-001031292/ CVE-2024-4348 - https://vuldb.com/?submit.320855 @@ -99759,6 +99771,7 @@ CVE-2024-4384 - https://wpscan.com/vulnerability/ad714196-2590-4dc9-b5b9-50808e9 CVE-2024-4388 - https://wpscan.com/vulnerability/5c791747-f60a-40a7-94fd-e4b9bb5ea2b0/ CVE-2024-4395 - https://khronokernel.com/macos/2024/05/01/CVE-2024-4395.html CVE-2024-4399 - https://wpscan.com/vulnerability/0690327e-da60-4d71-8b3c-ac9533d82302/ +CVE-2024-44067 - https://ghostwriteattack.com CVE-2024-4469 - https://wpscan.com/vulnerability/d6b1270b-52c0-471d-a5fb-507e21b46310/ CVE-2024-4474 - https://wpscan.com/vulnerability/71954c60-6a5b-4cac-9920-6d9b787ead9c/ CVE-2024-4475 - https://wpscan.com/vulnerability/f0c7fa00-da6e-4f07-875f-7b85759a54b3/ @@ -99996,6 +100009,7 @@ CVE-2024-5363 - https://github.com/rockersiyuan/CVE/blob/main/SourceCodester_Hou CVE-2024-5364 - https://github.com/rockersiyuan/CVE/blob/main/SourceCodester_House_Rental_Management_System_Sql_Inject-2.md CVE-2024-5365 - https://github.com/rockersiyuan/CVE/blob/main/SourceCodester_House_Rental_Management_System_Sql_Inject-3.md CVE-2024-5366 - https://github.com/rockersiyuan/CVE/blob/main/SourceCodester_House_Rental_Management_System_Sql_Inject-4.md +CVE-2024-5372 - https://vuldb.com/?submit.343452 CVE-2024-5377 - https://github.com/yuyuliq/cve/issues/1 CVE-2024-5378 - https://github.com/GAO-UNO/cve/blob/main/sql2.md CVE-2024-5379 - https://gitee.com/heyewei/JFinalcms/issues/I8VHGR @@ -100167,6 +100181,7 @@ CVE-2024-6273 - https://docs.google.com/document/d/14ExrgXqPQlgvjw2poqNzYzAOi-C5 CVE-2024-6273 - https://github.com/sgr-xd/CVEs/blob/main/CVE-2024-6273.md CVE-2024-6289 - https://wpscan.com/vulnerability/fd6d0362-df1d-4416-b8b5-6e5d0ce84793/ CVE-2024-6308 - https://github.com/L1OudFd8cl09/CVE/blob/main/25_06_2024_a.md +CVE-2024-6330 - https://wpscan.com/vulnerability/95b532e0-1ffb-421e-b9c0-de03f89491d7/ CVE-2024-6334 - https://wpscan.com/vulnerability/6c09083c-6960-4369-8c5c-ad20e34aaa8b/ CVE-2024-6362 - https://wpscan.com/vulnerability/d2e2d06b-0f07-40b9-9b87-3373f62ae1a9/ CVE-2024-6366 - https://wpscan.com/vulnerability/5b90cbdd-52cc-4e7b-bf39-bea0dd59e19e/ @@ -100184,6 +100199,7 @@ CVE-2024-6408 - https://wpscan.com/vulnerability/31aaeffb-a752-4941-9d0f-1b374fb CVE-2024-6412 - https://wpscan.com/vulnerability/9eb0dad6-3c19-4fe4-a20d-d45b51410444/ CVE-2024-6417 - https://github.com/xyj123a/cve/blob/main/sql.md CVE-2024-6420 - https://wpscan.com/vulnerability/dfda6577-81aa-4397-a2d6-1d736f9ebd44/ +CVE-2024-6451 - https://wpscan.com/vulnerability/fc06d413-a227-470c-a5b7-cdab57aeab34/ CVE-2024-6459 - https://wpscan.com/vulnerability/330359fa-d085-4923-b5a8-c0e2e5267247/ CVE-2024-6460 - https://wpscan.com/vulnerability/ba2f53e0-30be-4f37-91bc-5fa151f1eee7/ CVE-2024-6477 - https://wpscan.com/vulnerability/346c855a-4d42-4a87-aac9-e5bfc2242b16/ @@ -100232,6 +100248,7 @@ CVE-2024-6802 - https://reports-kunull.vercel.app/CVEs/2024/CVE-2024-6802 CVE-2024-6807 - https://reports-kunull.vercel.app/CVE%20research/2024/cve-2024-6807 CVE-2024-6807 - https://reports-kunull.vercel.app/CVEs/2024/CVE-2024-6807 CVE-2024-6808 - https://github.com/qianqiusujiu/cve/issues/1 +CVE-2024-6843 - https://wpscan.com/vulnerability/9a5cb440-065a-445a-9a09-55bd5f782e85/ CVE-2024-6884 - https://wpscan.com/vulnerability/1768de0c-e4ea-4c98-abf1-7ac805f214b8/ CVE-2024-6890 - https://korelogic.com/Resources/Advisories/KL-001-2024-007.txt CVE-2024-6891 - https://korelogic.com/Resources/Advisories/KL-001-2024-008.txt @@ -100524,6 +100541,7 @@ CVE-2024-7852 - https://github.com/Wsstiger/cve/blob/main/Yoga_xss.md CVE-2024-7868 - https://www.xpdfreader.com/security-bug/CVE-2024-7868.html CVE-2024-7887 - https://github.com/Hebing123/cve/issues/67 CVE-2024-7896 - https://gist.github.com/b0rgch3n/4788c7c429d49095915d84161a157295 +CVE-2024-7896 - https://vuldb.com/?submit.387131 CVE-2024-7897 - https://gist.github.com/b0rgch3n/bb47a1ed6f66c1e8c7a80f210f4ac8ef CVE-2024-7898 - https://gist.github.com/b0rgch3n/3136cad95b09e42184fb2d78aae33651 CVE-2024-7900 - https://github.com/DeepMountains/Mirage/blob/main/CVE16-1.md