Update CVE sources 2024-08-15 18:54

2026-05-23 19:04:02 +02:00 · 2024-08-15 18:54:34 +00:00
parent a2b22a8831
commit d4008b737b
174 changed files with 1730 additions and 15 deletions
@@ -0,0 +1,17 @@
+### [CVE-2005-1202](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1202)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Multiple cross-site scripting (XSS) vulnerabilities in eGroupware before 1.0.0.007 allow remote attackers to inject arbitrary web script or HTML via the (1) ab_id, (2) page, (3) type, or (4) lang parameter to index.php or (5) category_id parameter.
+
+### POC
+
+#### Reference
+- http://sourceforge.net/project/shownotes.php?release_id=320768
+
+#### Github
+No PoCs found on GitHub currently.
+
@@ -0,0 +1,17 @@
+### [CVE-2005-1203](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1203)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Multiple SQL injection vulnerabilities in index.php in eGroupware before 1.0.0.007 allow remote attackers to execute arbitrary SQL commands via the (1) filter or (2) cats_app parameter.
+
+### POC
+
+#### Reference
+- http://sourceforge.net/project/shownotes.php?release_id=320768
+
+#### Github
+No PoCs found on GitHub currently.
+
@@ -14,5 +14,5 @@ libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote at
 - http://www.coresecurity.com/content/vlc-vulnerabilities-amv-nsv-files

 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/JohnSomanza/Qualys-Vulnerability-Management

@@ -153,6 +153,7 @@ The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not p
 - https://github.com/Muhammd/Awesome-Payloads
 - https://github.com/Muhammd/Awesome-Pentest
 - https://github.com/MyKings/docker-vulnerability-environment
+- https://github.com/N3rdyN3xus/CVE-2014-0160_Heartbleed
 - https://github.com/NCSU-DANCE-Research-Group/CDL
 - https://github.com/Nicolasbcrrl/h2_Goat
 - https://github.com/Nieuport/Awesome-Security
@@ -14,5 +14,6 @@ Cross-site scripting (XSS) vulnerability in classes/controller/error.php in Open

 #### Github
 - https://github.com/pxcs/CVE-29343-Sysmon-list
+- https://github.com/pxcs/CVE-Report
 - https://github.com/pxcs/CVE_Sysmon_Report

@@ -14,4 +14,5 @@ Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the

 #### Github
 - https://github.com/ARPSyndicate/kenzer-templates
+- https://github.com/north-vuln-intel/nuclei-nvi

@@ -53,6 +53,7 @@ The expandArguments function in the database abstraction API in Drupal core 7.x
 - https://github.com/smartFlash/pySecurity
 - https://github.com/superfish9/pt
 - https://github.com/superlink996/chunqiuyunjingbachang
+- https://github.com/t0ffe/CybSec_Course_Project_II
 - https://github.com/t0m4too/t0m4to
 - https://github.com/vshaliii/DC-1-Vulnhub-Walkthrough
 - https://github.com/xinyisleep/pocscan
@@ -430,6 +430,7 @@ GNU Bash through 4.3 processes trailing strings after function definitions in th
 - https://github.com/jeholliday/shellshock
 - https://github.com/jerryxk/awesome-hacking
 - https://github.com/jj1bdx/bash-3.2-osx-fix
+- https://github.com/jli149/Incident-handling-with-Splunk
 - https://github.com/jmedeng/suriya73-exploits
 - https://github.com/jottama/pentesting
 - https://github.com/justone0127/Red-Hat-Advanced-Cluster-Security-for-Kubernetes-Operator-Installation
@@ -445,6 +446,7 @@ GNU Bash through 4.3 processes trailing strings after function definitions in th
 - https://github.com/kk98kk0/Payloads
 - https://github.com/kowshik-sundararajan/CVE-2014-6271
 - https://github.com/kraloveckey/venom
+- https://github.com/krillavilla/CryptoV4ULT-Enterprise-Security-Assessment
 - https://github.com/ksw9722/PayloadsAllTheThings
 - https://github.com/kxcode/kbash
 - https://github.com/lethanhtrung22/Awesome-Hacking
@@ -591,6 +593,7 @@ GNU Bash through 4.3 processes trailing strings after function definitions in th
 - https://github.com/sulsseo/BSY-report
 - https://github.com/sunnyjiang/shellshocker-android
 - https://github.com/sv3nbeast/Attack-Notes
+- https://github.com/t0ffe/CybSec_Course_Project_II
 - https://github.com/t0m4too/t0m4to
 - https://github.com/takuzoo3868/laputa
 - https://github.com/tanjiti/sec_profile
@@ -659,6 +662,7 @@ GNU Bash through 4.3 processes trailing strings after function definitions in th
 - https://github.com/yojiwatanabe/NetworkAlarm
 - https://github.com/yukitsukai47/PenetrationTesting_cheatsheet
 - https://github.com/yumoL/cybersecurity-project2
+- https://github.com/yveeranki5566/LogData-Analysis
 - https://github.com/zalalov/CVE-2014-6271
 - https://github.com/zeroch1ll/CodePathWeek9
 - https://github.com/zgimszhd61/awesome-security
@@ -22,6 +22,8 @@ HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Wind
 - https://github.com/Cappricio-Securities/CVE-2015-1635
 - https://github.com/H3xL00m/CVE-2015-1635
 - https://github.com/H3xL00m/CVE-2015-1635-POC
+- https://github.com/N3rdyN3xus/CVE-2015-1635
+- https://github.com/N3rdyN3xus/CVE-2015-1635-POC
 - https://github.com/Olysyan/MSS
 - https://github.com/Ostorlab/KEV
 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
@@ -18,6 +18,7 @@ The Job Manager plugin before 0.7.25 allows remote attackers to read arbitrary C
 - https://github.com/G01d3nW01f/CVE-2015-6668
 - https://github.com/H3xL00m/CVE-2015-6668
 - https://github.com/Ki11i0n4ir3/CVE-2015-6668
+- https://github.com/N3rdyN3xus/CVE-2015-6668
 - https://github.com/Sp3c73rSh4d0w/CVE-2015-6668
 - https://github.com/c0d3cr4f73r/CVE-2015-6668
 - https://github.com/crypticdante/CVE-2015-6668
@@ -22,6 +22,7 @@
 - https://github.com/faisalfs10x/faisalfs10x
 - https://github.com/ide0x90/cve-2016-1555
 - https://github.com/ker2x/DearDiary
+- https://github.com/north-vuln-intel/nuclei-nvi
 - https://github.com/padresvater/Mobile-Internet-Security
 - https://github.com/zyw-200/EQUAFL_setup

@@ -42,6 +42,7 @@ Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before
 - https://github.com/huimzjty/vulwiki
 - https://github.com/ilmila/J2EEScan
 - https://github.com/jweny/pocassistdb
+- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0
 - https://github.com/mustblade/solr_hacktool
 - https://github.com/p4d0rn/Siren
 - https://github.com/password520/RedTeamer
@@ -76,6 +76,7 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar
 - https://github.com/lonehand/Oracle-WebLogic-CVE-2017-10271-master
 - https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet
 - https://github.com/nihaohello/N-MiddlewareScan
+- https://github.com/north-vuln-intel/nuclei-nvi
 - https://github.com/openx-org/BLEN
 - https://github.com/password520/RedTeamer
 - https://github.com/peterpeter228/Oracle-WebLogic-CVE-2017-10271
@@ -28,6 +28,7 @@ No PoCs from references.
 - https://github.com/OFD5/R3d-Teaming-Automation
 - https://github.com/SamuelYtsejaM/Herramientas-Red-Team
 - https://github.com/TheJoyOfHacking/rasta-mouse-Sherlock
+- https://github.com/errorwiki/AttacksToolkit
 - https://github.com/garyweller020/Red-Teams-Tools
 - https://github.com/marklindsey11/OSINT1
 - https://github.com/nmvuonginfosec/redteam_tool
@@ -36,6 +36,7 @@ The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before versi
 - https://github.com/merlinepedra/nuclei-templates
 - https://github.com/merlinepedra25/nuclei-templates
 - https://github.com/murksombra/rmap
+- https://github.com/north-vuln-intel/nuclei-nvi
 - https://github.com/pen4uin/awesome-vulnerability-research
 - https://github.com/pen4uin/vulnerability-research
 - https://github.com/pen4uin/vulnerability-research-list
@@ -15,4 +15,5 @@ No PoCs from references.
 #### Github
 - https://github.com/ARPSyndicate/kenzer-templates
 - https://github.com/dnr6419/CVE-2018-16167
+- https://github.com/north-vuln-intel/nuclei-nvi

@@ -0,0 +1,17 @@
+### [CVE-2018-21177](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21177)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
+
+### POC
+
+#### Reference
+- https://kb.netgear.com/000055181/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2622
+
+#### Github
+No PoCs found on GitHub currently.
+
@@ -0,0 +1,17 @@
+### [CVE-2018-2444](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2444)
+![](https://img.shields.io/static/v1?label=Product&message=SAP%20BusinessObjects%20Financial%20Consolidation&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=10.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross-Site%20Scripting&color=brighgreen)
+
+### Description
+
+SAP BusinessObjects Financial Consolidation, versions 10.0, 10.1, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
+
+### POC
+
+#### Reference
+- https://launchpad.support.sap.com/#/notes/2621395
+
+#### Github
+No PoCs found on GitHub currently.
+
@@ -10,7 +10,7 @@ A vulnerability, which was classified as critical, was found in Blue Yonder post
 ### POC

 #### Reference
-No PoCs from references.
+- https://vuldb.com/?ctiid.234246

 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
@@ -46,6 +46,7 @@ A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier
 - https://github.com/huimzjty/vulwiki
 - https://github.com/jaychouzzk/-
 - https://github.com/jbmihoub/all-poc
+- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0
 - https://github.com/onewinner/VulToolsKit
 - https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main
 - https://github.com/purple-WL/Jenkins_CVE-2019-1003000
@@ -51,6 +51,7 @@ mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints
 - https://github.com/lovechinacoco/https-github.com-mai-lang-chai-Middleware-Vulnerability-detection
 - https://github.com/lp008/CVE-2019-10758
 - https://github.com/masahiro331/CVE-2019-10758
+- https://github.com/north-vuln-intel/nuclei-nvi
 - https://github.com/ossf-cve-benchmark/CVE-2019-10758
 - https://github.com/password520/Penetration_PoC
 - https://github.com/pentration/gongkaishouji
@@ -27,6 +27,7 @@ No PoCs from references.
 - https://github.com/amcai/myscan
 - https://github.com/bigblackhat/oFx
 - https://github.com/d4n-sec/d4n-sec.github.io
+- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0
 - https://github.com/openx-org/BLEN
 - https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main
 - https://github.com/sobinge/nuclei-templates
@@ -54,12 +54,14 @@ Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution
 - https://github.com/hectorgie/PoC-in-GitHub
 - https://github.com/hktalent/TOP
 - https://github.com/hktalent/bug-bounty
+- https://github.com/huan-cdm/secure_tools_link
 - https://github.com/huike007/penetration_poc
 - https://github.com/huimzjty/vulwiki
 - https://github.com/jbmihoub/all-poc
 - https://github.com/koala2099/GitHub-Chinese-Top-Charts
 - https://github.com/lions2012/Penetration_Testing_POC
 - https://github.com/merlinepedra/nuclei-templates
+- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0
 - https://github.com/merlinepedra25/nuclei-templates
 - https://github.com/mustblade/solr_hacktool
 - https://github.com/neilzhang1/Chinese-Charts
@@ -0,0 +1,17 @@
+### [CVE-2019-18193](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18193)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+In Unisys Stealth (core) 3.4.108.0, 3.4.209.x, 4.0.027.x and 4.0.114, key material inadvertently logged under certain conditions. Fixed included in 3.4.109, 4.0.027.13, 4.0.125 and 5.0.013.0.
+
+### POC
+
+#### Reference
+- https://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=52
+
+#### Github
+No PoCs found on GitHub currently.
+
@@ -17,4 +17,5 @@ Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle F
 - https://github.com/ARPSyndicate/kenzer-templates
 - https://github.com/Ostorlab/KEV
 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
+- https://github.com/north-vuln-intel/nuclei-nvi

@@ -55,6 +55,7 @@ Some field types do not properly sanitize data from non-form sources in Drupal 8
 - https://github.com/hktalent/TOP
 - https://github.com/hktalent/bug-bounty
 - https://github.com/honeybot/wtf-plugin-honeybot-cve_2019_6340
+- https://github.com/huan-cdm/secure_tools_link
 - https://github.com/itsamirac1e/Offensive_Security_CTF_Rekall
 - https://github.com/jas502n/CVE-2019-6340
 - https://github.com/jbmihoub/all-poc
@@ -57,6 +57,7 @@ Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).
 - https://github.com/hasee2018/Penetration_Testing_POC
 - https://github.com/hectorgie/PoC-in-GitHub
 - https://github.com/hktalent/TOP
+- https://github.com/huan-cdm/secure_tools_link
 - https://github.com/hugosg97/CVE-2020-10199-Nexus-3.21.01
 - https://github.com/huike007/penetration_poc
 - https://github.com/huike007/poc
@@ -51,6 +51,7 @@ Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution.
 - https://github.com/hectorgie/PoC-in-GitHub
 - https://github.com/hktalent/TOP
 - https://github.com/hktalent/bug-bounty
+- https://github.com/huan-cdm/secure_tools_link
 - https://github.com/huike007/penetration_poc
 - https://github.com/huike007/poc
 - https://github.com/jas502n/CVE-2020-10199
@@ -16,6 +16,7 @@ An issue was discovered in Open Source Social Network (OSSN) through 5.3. A user
 - https://github.com/0xT11/CVE-POC
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/LucidUnicorn/CVE-2020-10560-Key-Recovery
+- https://github.com/alex-seymour/CVE-2020-10560-Key-Recovery
 - https://github.com/developer3000S/PoC-in-GitHub
 - https://github.com/hectorgie/PoC-in-GitHub
 - https://github.com/jandersoncampelo/InfosecBookmarks
@@ -36,6 +36,7 @@ Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect A
 - https://github.com/developer3000S/PoC-in-GitHub
 - https://github.com/hectorgie/PoC-in-GitHub
 - https://github.com/hktalent/TOP
+- https://github.com/huan-cdm/secure_tools_link
 - https://github.com/jas502n/CVE-2020-10199
 - https://github.com/jbmihoub/all-poc
 - https://github.com/koala2099/GitHub-Chinese-Top-Charts
@@ -42,6 +42,7 @@ Affected versions of Atlassian Jira Server and Data Center allow an unauthentica
 - https://github.com/imhunterand/JiraCVE
 - https://github.com/jweny/pocassistdb
 - https://github.com/merlinepedra/nuclei-templates
+- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0
 - https://github.com/merlinepedra25/nuclei-templates
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main
@@ -132,6 +132,7 @@ When using the Apache JServ Protocol (AJP), care must be taken when trusting inc
 - https://github.com/hectorgie/PoC-in-GitHub
 - https://github.com/hktalent/TOP
 - https://github.com/hktalent/bug-bounty
+- https://github.com/huan-cdm/secure_tools_link
 - https://github.com/huike007/penetration_poc
 - https://github.com/huike007/poc
 - https://github.com/huimzjty/vulwiki
@@ -46,6 +46,7 @@ No PoCs from references.
 - https://github.com/fishykz/2530L-analyze
 - https://github.com/jorhelp/Ingram
 - https://github.com/lovechinacoco/https-github.com-mai-lang-chai-Middleware-Vulnerability-detection
+- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main
 - https://github.com/pen4uin/awesome-vulnerability-research
@@ -108,6 +108,7 @@ Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (compo
 - https://github.com/hktalent/CVE_2020_2546
 - https://github.com/hktalent/TOP
 - https://github.com/hktalent/bug-bounty
+- https://github.com/huan-cdm/secure_tools_link
 - https://github.com/huike007/penetration_poc
 - https://github.com/huike007/poc
 - https://github.com/hungslab/awd-tools
@@ -80,6 +80,7 @@ Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware
 - https://github.com/hktalent/CVE_2020_2546
 - https://github.com/hktalent/TOP
 - https://github.com/hktalent/bug-bounty
+- https://github.com/huan-cdm/secure_tools_link
 - https://github.com/huike007/penetration_poc
 - https://github.com/huike007/poc
 - https://github.com/hungslab/awd-tools
@@ -52,4 +52,5 @@ DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.
 - https://github.com/trhacknon/CVE-2020-8515-PoC
 - https://github.com/trhacknon/nmap_draytek_rce
 - https://github.com/truerandom/nmap_draytek_rce
+- https://github.com/yveeranki5566/LogData-Analysis

@@ -23,4 +23,5 @@ Guangzhou 1GE ONU V2801RW 1.9.1-181203 through 2.9.0-181024 and V2804RGW 1.9.1-1
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/qurbat/CVE-2020-8958
 - https://github.com/soosmile/POC
+- https://github.com/yveeranki5566/LogData-Analysis

@@ -47,6 +47,7 @@ XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scriptin
 - https://github.com/g33xter/CVE-2020-9496
 - https://github.com/hectorgie/PoC-in-GitHub
 - https://github.com/merlinepedra/nuclei-templates
+- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0
 - https://github.com/merlinepedra25/nuclei-templates
 - https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet
 - https://github.com/nomi-sec/PoC-in-GitHub
@@ -44,6 +44,7 @@ No PoCs from references.
 - https://github.com/lions2012/Penetration_Testing_POC
 - https://github.com/lovechinacoco/https-github.com-mai-lang-chai-Middleware-Vulnerability-detection
 - https://github.com/manas3c/CVE-POC
+- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0
 - https://github.com/mintoolkit/mint
 - https://github.com/mmk-1/kubernetes-poc
 - https://github.com/n1sh1th/CVE-POC
@@ -119,6 +119,7 @@ The vSphere Client (HTML5) contains a remote code execution vulnerability in a v
 - https://github.com/mamba-2021/fscan-POC
 - https://github.com/manas3c/CVE-POC
 - https://github.com/mdisec/mdisec-twitch-yayinlari
+- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0
 - https://github.com/milo2012/CVE-2021-21972
 - https://github.com/mstxq17/SecurityArticleLogger
 - https://github.com/murataydemir/CVE-2021-21972
@@ -66,6 +66,7 @@ The vCenter Server contains an arbitrary file upload vulnerability in the Analyt
 - https://github.com/mamba-2021/EXP-POC
 - https://github.com/mamba-2021/fscan-POC
 - https://github.com/manas3c/CVE-POC
+- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0
 - https://github.com/nday-ldgz/ZoomEye-dork
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/onewinner/VulToolsKit
@@ -92,6 +92,7 @@ An issue has been discovered in GitLab CE/EE affecting all versions starting fro
 - https://github.com/kh4sh3i/Gitlab-CVE
 - https://github.com/lions2012/Penetration_Testing_POC
 - https://github.com/manas3c/CVE-POC
+- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0
 - https://github.com/momika233/cve-2021-22205-GitLab-13.10.2---Remote-Code-Execution-RCE-Unauthenticated-
 - https://github.com/mr-r3bot/Gitlab-CVE-2021-22205
 - https://github.com/nomi-sec/PoC-in-GitHub
@@ -77,6 +77,7 @@ On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before
 - https://github.com/lovechinacoco/https-github.com-mai-lang-chai-Middleware-Vulnerability-detection
 - https://github.com/luck-ying/Library-POC
 - https://github.com/manas3c/CVE-POC
+- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0
 - https://github.com/microvorld/CVE-2021-22986
 - https://github.com/n1sh1th/CVE-POC
 - https://github.com/nomi-sec/PoC-in-GitHub
@@ -138,6 +138,7 @@ In affected versions of Confluence Server and Data Center, an OGNL injection vul
 - https://github.com/maskerTUI/CVE-2021-26084
 - https://github.com/mdisec/mdisec-twitch-yayinlari
 - https://github.com/merlinepedra/Pentest-Tools
+- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0
 - https://github.com/merlinepedra25/Pentest-Tools
 - https://github.com/merlinepedra25/Pentest-Tools-1
 - https://github.com/nahcusira/CVE-2021-26084
@@ -57,6 +57,7 @@ Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated at
 - https://github.com/lovechinacoco/https-github.com-mai-lang-chai-Middleware-Vulnerability-detection
 - https://github.com/ltfafei/my_POC
 - https://github.com/manas3c/CVE-POC
+- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0
 - https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main
@@ -33,6 +33,7 @@ No PoCs from references.
 - https://github.com/bigblackhat/oFx
 - https://github.com/d4n-sec/d4n-sec.github.io
 - https://github.com/daedalus/CVE-2021-30461
+- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/openx-org/BLEN
 - https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main
@@ -35,5 +35,6 @@ For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs ca
 - https://github.com/nu1r/yak-module-Nu
 - https://github.com/openx-org/BLEN
 - https://github.com/soosmile/POC
+- https://github.com/t0ffe/CybSec_Course_Project_II
 - https://github.com/whoami13apt/files2

@@ -38,6 +38,7 @@ No PoCs from references.
 - https://github.com/huimzjty/vulwiki
 - https://github.com/langligelang/langligelang
 - https://github.com/lions2012/Penetration_Testing_POC
+- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main
 - https://github.com/pen4uin/awesome-vulnerability-research
@@ -229,6 +229,7 @@ A flaw was found in a change made to path normalization in Apache HTTP Server 2.
 - https://github.com/mauricelambert/CVE-2021-42013
 - https://github.com/mauricelambert/mauricelambert.github.io
 - https://github.com/merlinepedra/RedTeam_toolkit
+- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0
 - https://github.com/merlinepedra25/RedTeam_toolkit
 - https://github.com/mightysai1997/CVE-2021-41773-L-
 - https://github.com/mightysai1997/CVE-2021-41773-PoC
@@ -132,6 +132,7 @@ It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was in
 - https://github.com/ltfafei/my_POC
 - https://github.com/mauricelambert/CVE-2021-42013
 - https://github.com/mauricelambert/mauricelambert.github.io
+- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0
 - https://github.com/metecicek/Advent-of-Cyber-3-2021-
 - https://github.com/mightysai1997/-apache_2.4.50
 - https://github.com/mightysai1997/cve-2021-42013
@@ -108,6 +108,7 @@ Grafana is an open-source platform for monitoring and observability. Grafana ver
 - https://github.com/lfz97/CVE-2021-43798-Grafana-File-Read
 - https://github.com/light-Life/CVE-2021-43798
 - https://github.com/mauricelambert/LabAutomationCVE-2021-43798
+- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0
 - https://github.com/n1sh1th/CVE-POC
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/nuker/CVE-2021-43798
@@ -50,6 +50,7 @@ No PoCs from references.
 - https://github.com/jxpsx/CVE-2021-45232-RCE
 - https://github.com/leveryd/leveryd
 - https://github.com/lions2012/Penetration_Testing_POC
+- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/openx-org/BLEN
 - https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main
@@ -0,0 +1,17 @@
+### [CVE-2022-1101](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1101)
+![](https://img.shields.io/static/v1?label=Product&message=Royale%20Event%20Management%20System&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-287%20Improper%20Authentication&color=brighgreen)
+
+### Description
+
+A vulnerability was found in SourceCodester Royale Event Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /royal_event/userregister.php. The manipulation leads to improper authentication. The attack may be initiated remotely. The identifier VDB-195785 was assigned to this vulnerability.
+
+### POC
+
+#### Reference
+- https://vuldb.com/?id.195785
+
+#### Github
+No PoCs found on GitHub currently.
+
@@ -148,6 +148,7 @@ On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.
 - https://github.com/luck-ying/Library-POC
 - https://github.com/manas3c/CVE-POC
 - https://github.com/merlinepedra/RedTeam_toolkit
+- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0
 - https://github.com/merlinepedra25/RedTeam_toolkit
 - https://github.com/mr-vill4in/CVE-2022-1388
 - https://github.com/nico989/CVE-2022-1388
@@ -149,6 +149,7 @@ In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are v
 - https://github.com/mamba-2021/fscan-POC
 - https://github.com/manas3c/CVE-POC
 - https://github.com/march0s1as/CVE-2022-22947
+- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0
 - https://github.com/metaStor/SpringScan
 - https://github.com/michaelklaan/CVE-2022-22947-Spring-Cloud
 - https://github.com/mieeA/SpringWebflux-MemShell
@@ -97,6 +97,7 @@ VMware Workspace ONE Access and Identity Manager contain a remote code execution
 - https://github.com/mamba-2021/EXP-POC
 - https://github.com/mamba-2021/fscan-POC
 - https://github.com/manas3c/CVE-POC
+- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0
 - https://github.com/mhurts/CVE-2022-22954-POC
 - https://github.com/mumu2020629/-CVE-2022-22954-scanner
 - https://github.com/nguyenv1nK/CVE-2022-22954
@@ -131,6 +131,7 @@ In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, w
 - https://github.com/manas3c/CVE-POC
 - https://github.com/me2nuk/CVE-2022-22963
 - https://github.com/mebibite/springhound
+- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0
 - https://github.com/metaStor/SpringScan
 - https://github.com/murchie85/twitterCyberMonitor
 - https://github.com/nBp1Ng/FrameworkAndComponentVulnerabilities
@@ -247,6 +247,7 @@ A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable t
 - https://github.com/matheuscezar/spring4shell-massive-scan
 - https://github.com/me2nuk/CVE-2022-22965
 - https://github.com/mebibite/springhound
+- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0
 - https://github.com/metaStor/SpringScan
 - https://github.com/mikaelkall/Spring4Shell
 - https://github.com/mirsaes/cyao2pdf
@@ -68,6 +68,7 @@ No PoCs from references.
 - https://github.com/kh4sh3i/CVE-2022-23131
 - https://github.com/lions2012/Penetration_Testing_POC
 - https://github.com/manas3c/CVE-POC
+- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0
 - https://github.com/murchie85/twitterCyberMonitor
 - https://github.com/nirsarkar/Nuclei-Templates-Collection
 - https://github.com/nomi-sec/PoC-in-GitHub
@@ -172,6 +172,7 @@ In affected versions of Confluence Server and Data Center, an OGNL injection vul
 - https://github.com/loobug/stools
 - https://github.com/mamba-2021/EXP-POC
 - https://github.com/manas3c/CVE-POC
+- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0
 - https://github.com/murataydemir/CVE-2022-26134
 - https://github.com/nitishbadole/oscp-note-3
 - https://github.com/nomi-sec/PoC-in-GitHub
@@ -94,6 +94,7 @@ Certain WSO2 products allow unrestricted file upload with resultant remote code
 - https://github.com/lonnyzhang423/github-hot-hub
 - https://github.com/lowkey0808/cve-2022-29464
 - https://github.com/manas3c/CVE-POC
+- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0
 - https://github.com/mr-r3bot/WSO2-CVE-2022-29464
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/oppsec/WSOB
@@ -63,6 +63,7 @@ A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W)
 - https://github.com/lions2012/Penetration_Testing_POC
 - https://github.com/luck-ying/Library-POC
 - https://github.com/manas3c/CVE-POC
+- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main
 - https://github.com/savior-only/CVE-2022-30525
@@ -22,6 +22,7 @@ pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execute arbitrar
 - https://github.com/Knownasjohnn/RCE
 - https://github.com/Madliife0/CVE-2022-31814
 - https://github.com/NaInSec/CVE-PoC-in-GitHub
+- https://github.com/Ostorlab/KEV
 - https://github.com/SYRTI/POC_to_review
 - https://github.com/TheUnknownSoul/CVE-2022-31814
 - https://github.com/WhooAmii/POC_to_review
@@ -16,5 +16,6 @@ No PoCs from references.
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/Wh04m1001/SysmonEoP
 - https://github.com/pxcs/CVE-29343-Sysmon-list
+- https://github.com/pxcs/CVE-Report
 - https://github.com/pxcs/CVE_Sysmon_Report

@@ -16,5 +16,6 @@ No PoCs from references.
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/Wh04m1001/SysmonEoP
 - https://github.com/pxcs/CVE-29343-Sysmon-list
+- https://github.com/pxcs/CVE-Report
 - https://github.com/pxcs/CVE_Sysmon_Report

@@ -0,0 +1,17 @@
+### [CVE-2023-1681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1681)
+![](https://img.shields.io/static/v1?label=Product&message=CMS&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%204.61%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Information%20Disclosure&color=brighgreen)
+
+### Description
+
+A vulnerability, which was classified as problematic, was found in Xunrui CMS 4.61. Affected is an unknown function of the file /config/myfield/test.php. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-224238 is the identifier assigned to this vulnerability.
+
+### POC
+
+#### Reference
+- https://vuldb.com/?id.224238
+
+#### Github
+No PoCs found on GitHub currently.
+
@@ -0,0 +1,17 @@
+### [CVE-2023-2039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2039)
+![](https://img.shields.io/static/v1?label=Product&message=novel-plus&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%203.6.2%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen)
+
+### Description
+
+A vulnerability was found in novel-plus 3.6.2. It has been rated as critical. This issue affects some unknown processing of the file /author/list?limit=10&offset=0&order=desc. The manipulation of the argument sort leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225917 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
+
+### POC
+
+#### Reference
+- https://vuldb.com/?id.225917
+
+#### Github
+No PoCs found on GitHub currently.
+
@@ -10,7 +10,7 @@ A vulnerability was found in SourceCodester Vehicle Service Management System 1.
 ### POC

 #### Reference
-No PoCs from references.
+- https://vuldb.com/?id.226104

 #### Github
 - https://github.com/1-tong/vehicle_cves
@@ -0,0 +1,17 @@
+### [CVE-2023-2346](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2346)
+![](https://img.shields.io/static/v1?label=Product&message=Service%20Provider%20Management%20System&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen)
+
+### Description
+
+A vulnerability was found in SourceCodester Service Provider Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/inquiries/view_inquiry.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227589 was assigned to this vulnerability.
+
+### POC
+
+#### Reference
+- https://vuldb.com/?id.227589
+
+#### Github
+No PoCs found on GitHub currently.
+
@@ -0,0 +1,17 @@
+### [CVE-2023-2862](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2862)
+![](https://img.shields.io/static/v1?label=Product&message=CMS&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%207.2.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen)
+
+### Description
+
+A vulnerability, which was classified as problematic, was found in SiteServer CMS up to 7.2.1. Affected is an unknown function of the file /api/stl/actions/search. The manipulation of the argument ajaxDivId leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-229818 is the identifier assigned to this vulnerability.
+
+### POC
+
+#### Reference
+- https://vuldb.com/?id.229818
+
+#### Github
+No PoCs found on GitHub currently.
+
@@ -11,6 +11,7 @@ A vulnerability classified as critical was found in Tenda AC6 US_AC6V1.0BR_V15.0

 #### Reference
 - https://github.com/GleamingEyes/vul/blob/main/1.md
+- https://vuldb.com/?id.230077

 #### Github
 No PoCs found on GitHub currently.
@@ -5,7 +5,7 @@

 ### Description

-reNgine through 2.0.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/waf_detector/?url= string. The commands are executed as root via subprocess.check_output.
+reNgine before 2.1.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/waf_detector/?url= string. The commands are executed as root via subprocess.check_output.

 ### POC

@@ -17,6 +17,7 @@ Generation of Error Message Containing Sensitive Information vulnerability in Ap
 - https://github.com/Marco-zcl/POC
 - https://github.com/Ostorlab/KEV
 - https://github.com/fkie-cad/nvd-json-data-feeds
+- https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/versio-io/product-lifecycle-security-api
 - https://github.com/wjlin0/poc-doc
 - https://github.com/wy876/POC
@@ -13,5 +13,5 @@ In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a hardcoded r
 - https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-008.txt

 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/fkie-cad/nvd-json-data-feeds

@@ -5,7 +5,7 @@

 ### Description

-SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing.  However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available.
+SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing.  However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available.

 ### POC

@@ -0,0 +1,29 @@
+### [CVE-2024-3183](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3183)
+![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208.2%20Advanced%20Update%20Support&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208.4%20Advanced%20Mission%20Critical%20Update%20Support&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208.4%20Telecommunications%20Update%20Service&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208.4%20Update%20Services%20for%20SAP%20Solutions&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208.6%20Advanced%20Mission%20Critical%20Update%20Support&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208.6%20Telecommunications%20Update%20Service&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208.6%20Update%20Services%20for%20SAP%20Solutions&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208.8%20Extended%20Update%20Support&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209.0%20Extended%20Update%20Support&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209.2%20Extended%20Update%20Support&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Use%20of%20Password%20Hash%20With%20Insufficient%20Computational%20Effort&color=brighgreen)
+
+### Description
+
+A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user principals, this key is a hash of a public per-principal randomly-generated salt and the user’s password.

If a principal is compromised it means the attacker would be able to retrieve tickets encrypted to any principal, all of them being encrypted by their own key directly. By taking these tickets and salts offline, the attacker could run brute force attacks to find character strings able to decrypt tickets when combined to a principal salt (i.e. find the principal’s password).
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/nomi-sec/PoC-in-GitHub
+
@@ -0,0 +1,17 @@
+### [CVE-2024-32901](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32901)
+![](https://img.shields.io/static/v1?label=Product&message=Android&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20Android%20kernel%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Elevation%20of%20privilege&color=brighgreen)
+
+### Description
+
+In v4l2_smfc_qbuf of smfc-v4l2-ioctls.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
@@ -0,0 +1,17 @@
+### [CVE-2024-33228](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33228)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+An issue in the component segwindrvx64.sys of Insyde Software Corp SEG Windows Driver v100.00.07.02 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
@@ -0,0 +1,19 @@
+### [CVE-2024-33960](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33960)
+![](https://img.shields.io/static/v1?label=Product&message=Janobe%20Credit%20Card&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Janobe%20Debit%20Card%20Payment&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Janobe%20PayPal&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen)
+
+### Description
+
+SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'end' in '/admin/mod_reports/printreport.php' parameter.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
@@ -23,6 +23,7 @@ GeoServer is an open source server that allows users to share and edit geospatia
 - https://github.com/TrojanAZhen/Self_Back
 - https://github.com/Y4tacker/JavaSec
 - https://github.com/ahisec/nuclei-tps
+- https://github.com/bigblackhat/oFx
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/onewinner/POCS
 - https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main
@@ -13,5 +13,5 @@ An arbitrary file upload vulnerability in the /v1/app/appendFileSync interface o
 - https://github.com/HackAllSec/CVEs/tree/main/Jan%20Arbitrary%20File%20Upload%20vulnerability

 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/fkie-cad/nvd-json-data-feeds

@@ -13,5 +13,5 @@ A SQL Injection vulnerability in itsourcecode Billing System 1.0 allows a local
 - https://github.com/ganzhi-qcy/cve/issues/3

 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/fkie-cad/nvd-json-data-feeds

@@ -52,5 +52,7 @@ Windows TCP/IP Remote Code Execution Vulnerability
 No PoCs from references.

 #### Github
+- https://github.com/being1943/my_rss_reader
 - https://github.com/kherrick/hacker-news
+- https://github.com/zhaoolee/garss

@@ -0,0 +1,17 @@
+### [CVE-2024-39397](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39397)
+![](https://img.shields.io/static/v1?label=Product&message=Adobe%20Commerce&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Unrestricted%20Upload%20of%20File%20with%20Dangerous%20Type%20(CWE-434)&color=brighgreen)
+
+### Description
+
+Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution by an attacker. An attacker could exploit this vulnerability by uploading a malicious file which can then be executed on the server. Exploitation of this issue does not require user interaction, but attack complexity is high and scope is changed.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
@@ -0,0 +1,17 @@
+### [CVE-2024-39398](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39398)
+![](https://img.shields.io/static/v1?label=Product&message=Adobe%20Commerce&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Restriction%20of%20Excessive%20Authentication%20Attempts%20(CWE-307)&color=brighgreen)
+
+### Description
+
+Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Restriction of Excessive Authentication Attempts vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to perform brute force attacks and potentially gain unauthorized access to accounts. Exploitation of this issue does not require user interaction, but attack complexity is high.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
@@ -0,0 +1,17 @@
+### [CVE-2024-39399](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39399)
+![](https://img.shields.io/static/v1?label=Product&message=Adobe%20Commerce&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')%20(CWE-22)&color=brighgreen)
+
+### Description
+
+Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. A low-privileged attacker could exploit this vulnerability to gain access to files and directories that are outside the restricted directory. Exploitation of this issue does not require user interaction and scope is changed.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
@@ -0,0 +1,17 @@
+### [CVE-2024-39400](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39400)
+![](https://img.shields.io/static/v1?label=Product&message=Adobe%20Commerce&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross-site%20Scripting%20(DOM-based%20XSS)%20(CWE-79)&color=brighgreen)
+
+### Description
+
+Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an admin attacker to inject and execute arbitrary JavaScript code within the context of the user's browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a malicious link. Confidentiality and integrity impact is high as it affects other admin accounts.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
@@ -0,0 +1,17 @@
+### [CVE-2024-39401](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39401)
+![](https://img.shields.io/static/v1?label=Product&message=Adobe%20Commerce&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20OS%20Command%20('OS%20Command%20Injection')%20(CWE-78)&color=brighgreen)
+
+### Description
+
+Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue requires user interaction and scope is changed.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
@@ -0,0 +1,17 @@
+### [CVE-2024-39402](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39402)
+![](https://img.shields.io/static/v1?label=Product&message=Adobe%20Commerce&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20OS%20Command%20('OS%20Command%20Injection')%20(CWE-78)&color=brighgreen)
+
+### Description
+
+Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue requires user interaction and scope is changed.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
@@ -0,0 +1,17 @@
+### [CVE-2024-39403](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39403)
+![](https://img.shields.io/static/v1?label=Product&message=Adobe%20Commerce&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross-site%20Scripting%20(Stored%20XSS)%20(CWE-79)&color=brighgreen)
+
+### Description
+
+Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Confidentiality impact is high due to the attacker being able to exfiltrate sensitive information.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
@@ -0,0 +1,17 @@
+### [CVE-2024-39404](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39404)
+![](https://img.shields.io/static/v1?label=Product&message=Adobe%20Commerce&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Authorization%20(CWE-285)&color=brighgreen)
+
+### Description
+
+Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
@@ -0,0 +1,17 @@
+### [CVE-2024-39405](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39405)
+![](https://img.shields.io/static/v1?label=Product&message=Adobe%20Commerce&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Authorization%20(CWE-285)&color=brighgreen)
+
+### Description
+
+Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
@@ -0,0 +1,17 @@
+### [CVE-2024-39406](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39406)
+![](https://img.shields.io/static/v1?label=Product&message=Adobe%20Commerce&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')%20(CWE-22)&color=brighgreen)
+
+### Description
+
+Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to gain access to files and directories that are outside the restricted directory. Exploitation of this issue does not require user interaction and scope is changed.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
@@ -0,0 +1,17 @@
+### [CVE-2024-39407](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39407)
+![](https://img.shields.io/static/v1?label=Product&message=Adobe%20Commerce&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Authorization%20(CWE-285)&color=brighgreen)
+
+### Description
+
+Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
@@ -0,0 +1,17 @@
+### [CVE-2024-39408](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39408)
+![](https://img.shields.io/static/v1?label=Product&message=Adobe%20Commerce&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross-Site%20Request%20Forgery%20(CSRF)%20(CWE-352)&color=brighgreen)
+
+### Description
+
+Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor unauthorised actions on behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue requires user interaction.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
@@ -0,0 +1,17 @@
+### [CVE-2024-39409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39409)
+![](https://img.shields.io/static/v1?label=Product&message=Adobe%20Commerce&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross-Site%20Request%20Forgery%20(CSRF)%20(CWE-352)&color=brighgreen)
+
+### Description
+
+Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor unauthorised actions on behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue requires user interaction.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
@@ -0,0 +1,17 @@
+### [CVE-2024-39410](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39410)
+![](https://img.shields.io/static/v1?label=Product&message=Adobe%20Commerce&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross-Site%20Request%20Forgery%20(CSRF)%20(CWE-352)&color=brighgreen)
+
+### Description
+
+Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor unauthorised actions on behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue requires user interaction.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
@@ -0,0 +1,17 @@
+### [CVE-2024-39411](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39411)
+![](https://img.shields.io/static/v1?label=Product&message=Adobe%20Commerce&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Authorization%20(CWE-285)&color=brighgreen)
+
+### Description
+
+Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
@@ -0,0 +1,17 @@
+### [CVE-2024-39412](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39412)
+![](https://img.shields.io/static/v1?label=Product&message=Adobe%20Commerce&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Authorization%20(CWE-285)&color=brighgreen)
+
+### Description
+
+Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
@@ -0,0 +1,17 @@
+### [CVE-2024-39413](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39413)
+![](https://img.shields.io/static/v1?label=Product&message=Adobe%20Commerce&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Authorization%20(CWE-285)&color=brighgreen)
+
+### Description
+
+Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
--- a/Show More
+++ b/Show More