diff --git a/2005/CVE-2005-1202.md b/2005/CVE-2005-1202.md new file mode 100644 index 0000000000..9c88e86ab9 --- /dev/null +++ b/2005/CVE-2005-1202.md @@ -0,0 +1,17 @@ +### [CVE-2005-1202](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1202) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Multiple cross-site scripting (XSS) vulnerabilities in eGroupware before 1.0.0.007 allow remote attackers to inject arbitrary web script or HTML via the (1) ab_id, (2) page, (3) type, or (4) lang parameter to index.php or (5) category_id parameter. + +### POC + +#### Reference +- http://sourceforge.net/project/shownotes.php?release_id=320768 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2005/CVE-2005-1203.md b/2005/CVE-2005-1203.md new file mode 100644 index 0000000000..a892440924 --- /dev/null +++ b/2005/CVE-2005-1203.md @@ -0,0 +1,17 @@ +### [CVE-2005-1203](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1203) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Multiple SQL injection vulnerabilities in index.php in eGroupware before 1.0.0.007 allow remote attackers to execute arbitrary SQL commands via the (1) filter or (2) cats_app parameter. + +### POC + +#### Reference +- http://sourceforge.net/project/shownotes.php?release_id=320768 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2010/CVE-2010-3275.md b/2010/CVE-2010-3275.md index 870377dd67..2e39f1e5fe 100644 --- a/2010/CVE-2010-3275.md +++ b/2010/CVE-2010-3275.md @@ -14,5 +14,5 @@ libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote at - http://www.coresecurity.com/content/vlc-vulnerabilities-amv-nsv-files #### Github -No PoCs found on GitHub currently. +- https://github.com/JohnSomanza/Qualys-Vulnerability-Management diff --git a/2014/CVE-2014-0160.md b/2014/CVE-2014-0160.md index 5d2d2a27d1..fa670c3230 100644 --- a/2014/CVE-2014-0160.md +++ b/2014/CVE-2014-0160.md @@ -153,6 +153,7 @@ The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not p - https://github.com/Muhammd/Awesome-Payloads - https://github.com/Muhammd/Awesome-Pentest - https://github.com/MyKings/docker-vulnerability-environment +- https://github.com/N3rdyN3xus/CVE-2014-0160_Heartbleed - https://github.com/NCSU-DANCE-Research-Group/CDL - https://github.com/Nicolasbcrrl/h2_Goat - https://github.com/Nieuport/Awesome-Security diff --git a/2014/CVE-2014-2024.md b/2014/CVE-2014-2024.md index 6b76da7629..609bf61297 100644 --- a/2014/CVE-2014-2024.md +++ b/2014/CVE-2014-2024.md @@ -14,5 +14,6 @@ Cross-site scripting (XSS) vulnerability in classes/controller/error.php in Open #### Github - https://github.com/pxcs/CVE-29343-Sysmon-list +- https://github.com/pxcs/CVE-Report - https://github.com/pxcs/CVE_Sysmon_Report diff --git a/2014/CVE-2014-3206.md b/2014/CVE-2014-3206.md index c2b0347aaa..33a1078809 100644 --- a/2014/CVE-2014-3206.md +++ b/2014/CVE-2014-3206.md @@ -14,4 +14,5 @@ Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the #### Github - https://github.com/ARPSyndicate/kenzer-templates +- https://github.com/north-vuln-intel/nuclei-nvi diff --git a/2014/CVE-2014-3704.md b/2014/CVE-2014-3704.md index 0e10389a3c..c38a0ddec4 100644 --- a/2014/CVE-2014-3704.md +++ b/2014/CVE-2014-3704.md @@ -53,6 +53,7 @@ The expandArguments function in the database abstraction API in Drupal core 7.x - https://github.com/smartFlash/pySecurity - https://github.com/superfish9/pt - https://github.com/superlink996/chunqiuyunjingbachang +- https://github.com/t0ffe/CybSec_Course_Project_II - https://github.com/t0m4too/t0m4to - https://github.com/vshaliii/DC-1-Vulnhub-Walkthrough - https://github.com/xinyisleep/pocscan diff --git a/2014/CVE-2014-6271.md b/2014/CVE-2014-6271.md index 54e9258363..a86a780161 100644 --- a/2014/CVE-2014-6271.md +++ b/2014/CVE-2014-6271.md @@ -430,6 +430,7 @@ GNU Bash through 4.3 processes trailing strings after function definitions in th - https://github.com/jeholliday/shellshock - https://github.com/jerryxk/awesome-hacking - https://github.com/jj1bdx/bash-3.2-osx-fix +- https://github.com/jli149/Incident-handling-with-Splunk - https://github.com/jmedeng/suriya73-exploits - https://github.com/jottama/pentesting - https://github.com/justone0127/Red-Hat-Advanced-Cluster-Security-for-Kubernetes-Operator-Installation @@ -445,6 +446,7 @@ GNU Bash through 4.3 processes trailing strings after function definitions in th - https://github.com/kk98kk0/Payloads - https://github.com/kowshik-sundararajan/CVE-2014-6271 - https://github.com/kraloveckey/venom +- https://github.com/krillavilla/CryptoV4ULT-Enterprise-Security-Assessment - https://github.com/ksw9722/PayloadsAllTheThings - https://github.com/kxcode/kbash - https://github.com/lethanhtrung22/Awesome-Hacking @@ -591,6 +593,7 @@ GNU Bash through 4.3 processes trailing strings after function definitions in th - https://github.com/sulsseo/BSY-report - https://github.com/sunnyjiang/shellshocker-android - https://github.com/sv3nbeast/Attack-Notes +- https://github.com/t0ffe/CybSec_Course_Project_II - https://github.com/t0m4too/t0m4to - https://github.com/takuzoo3868/laputa - https://github.com/tanjiti/sec_profile @@ -659,6 +662,7 @@ GNU Bash through 4.3 processes trailing strings after function definitions in th - https://github.com/yojiwatanabe/NetworkAlarm - https://github.com/yukitsukai47/PenetrationTesting_cheatsheet - https://github.com/yumoL/cybersecurity-project2 +- https://github.com/yveeranki5566/LogData-Analysis - https://github.com/zalalov/CVE-2014-6271 - https://github.com/zeroch1ll/CodePathWeek9 - https://github.com/zgimszhd61/awesome-security diff --git a/2015/CVE-2015-1635.md b/2015/CVE-2015-1635.md index 2152b2c776..be62f40cb4 100644 --- a/2015/CVE-2015-1635.md +++ b/2015/CVE-2015-1635.md @@ -22,6 +22,8 @@ HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Wind - https://github.com/Cappricio-Securities/CVE-2015-1635 - https://github.com/H3xL00m/CVE-2015-1635 - https://github.com/H3xL00m/CVE-2015-1635-POC +- https://github.com/N3rdyN3xus/CVE-2015-1635 +- https://github.com/N3rdyN3xus/CVE-2015-1635-POC - https://github.com/Olysyan/MSS - https://github.com/Ostorlab/KEV - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors diff --git a/2015/CVE-2015-6668.md b/2015/CVE-2015-6668.md index 0fa8537e47..2eff63a9fc 100644 --- a/2015/CVE-2015-6668.md +++ b/2015/CVE-2015-6668.md @@ -18,6 +18,7 @@ The Job Manager plugin before 0.7.25 allows remote attackers to read arbitrary C - https://github.com/G01d3nW01f/CVE-2015-6668 - https://github.com/H3xL00m/CVE-2015-6668 - https://github.com/Ki11i0n4ir3/CVE-2015-6668 +- https://github.com/N3rdyN3xus/CVE-2015-6668 - https://github.com/Sp3c73rSh4d0w/CVE-2015-6668 - https://github.com/c0d3cr4f73r/CVE-2015-6668 - https://github.com/crypticdante/CVE-2015-6668 diff --git a/2016/CVE-2016-1555.md b/2016/CVE-2016-1555.md index 6cfd72e128..74f68ae925 100644 --- a/2016/CVE-2016-1555.md +++ b/2016/CVE-2016-1555.md @@ -22,6 +22,7 @@ - https://github.com/faisalfs10x/faisalfs10x - https://github.com/ide0x90/cve-2016-1555 - https://github.com/ker2x/DearDiary +- https://github.com/north-vuln-intel/nuclei-nvi - https://github.com/padresvater/Mobile-Internet-Security - https://github.com/zyw-200/EQUAFL_setup diff --git a/2017/CVE-2017-12629.md b/2017/CVE-2017-12629.md index 363b618c34..70590e666b 100644 --- a/2017/CVE-2017-12629.md +++ b/2017/CVE-2017-12629.md @@ -42,6 +42,7 @@ Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before - https://github.com/huimzjty/vulwiki - https://github.com/ilmila/J2EEScan - https://github.com/jweny/pocassistdb +- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0 - https://github.com/mustblade/solr_hacktool - https://github.com/p4d0rn/Siren - https://github.com/password520/RedTeamer diff --git a/2017/CVE-2017-3506.md b/2017/CVE-2017-3506.md index 537363023d..01ffff03fd 100644 --- a/2017/CVE-2017-3506.md +++ b/2017/CVE-2017-3506.md @@ -76,6 +76,7 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar - https://github.com/lonehand/Oracle-WebLogic-CVE-2017-10271-master - https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet - https://github.com/nihaohello/N-MiddlewareScan +- https://github.com/north-vuln-intel/nuclei-nvi - https://github.com/openx-org/BLEN - https://github.com/password520/RedTeamer - https://github.com/peterpeter228/Oracle-WebLogic-CVE-2017-10271 diff --git a/2017/CVE-2017-7199.md b/2017/CVE-2017-7199.md index 1c8ac16a2c..9b63691e00 100644 --- a/2017/CVE-2017-7199.md +++ b/2017/CVE-2017-7199.md @@ -28,6 +28,7 @@ No PoCs from references. - https://github.com/OFD5/R3d-Teaming-Automation - https://github.com/SamuelYtsejaM/Herramientas-Red-Team - https://github.com/TheJoyOfHacking/rasta-mouse-Sherlock +- https://github.com/errorwiki/AttacksToolkit - https://github.com/garyweller020/Red-Teams-Tools - https://github.com/marklindsey11/OSINT1 - https://github.com/nmvuonginfosec/redteam_tool diff --git a/2017/CVE-2017-9506.md b/2017/CVE-2017-9506.md index d29d2119db..040fa872b4 100644 --- a/2017/CVE-2017-9506.md +++ b/2017/CVE-2017-9506.md @@ -36,6 +36,7 @@ The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before versi - https://github.com/merlinepedra/nuclei-templates - https://github.com/merlinepedra25/nuclei-templates - https://github.com/murksombra/rmap +- https://github.com/north-vuln-intel/nuclei-nvi - https://github.com/pen4uin/awesome-vulnerability-research - https://github.com/pen4uin/vulnerability-research - https://github.com/pen4uin/vulnerability-research-list diff --git a/2018/CVE-2018-16167.md b/2018/CVE-2018-16167.md index 7ec200cd67..058bb47775 100644 --- a/2018/CVE-2018-16167.md +++ b/2018/CVE-2018-16167.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/dnr6419/CVE-2018-16167 +- https://github.com/north-vuln-intel/nuclei-nvi diff --git a/2018/CVE-2018-21177.md b/2018/CVE-2018-21177.md new file mode 100644 index 0000000000..9152b48998 --- /dev/null +++ b/2018/CVE-2018-21177.md @@ -0,0 +1,17 @@ +### [CVE-2018-21177](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21177) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. + +### POC + +#### Reference +- https://kb.netgear.com/000055181/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2622 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2018/CVE-2018-2444.md b/2018/CVE-2018-2444.md new file mode 100644 index 0000000000..0d3736ed2c --- /dev/null +++ b/2018/CVE-2018-2444.md @@ -0,0 +1,17 @@ +### [CVE-2018-2444](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2444) +![](https://img.shields.io/static/v1?label=Product&message=SAP%20BusinessObjects%20Financial%20Consolidation&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=10.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross-Site%20Scripting&color=brighgreen) + +### Description + +SAP BusinessObjects Financial Consolidation, versions 10.0, 10.1, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. + +### POC + +#### Reference +- https://launchpad.support.sap.com/#/notes/2621395 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2018/CVE-2018-25088.md b/2018/CVE-2018-25088.md index a0861966c3..a9ebd58654 100644 --- a/2018/CVE-2018-25088.md +++ b/2018/CVE-2018-25088.md @@ -10,7 +10,7 @@ A vulnerability, which was classified as critical, was found in Blue Yonder post ### POC #### Reference -No PoCs from references. +- https://vuldb.com/?ctiid.234246 #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2019/CVE-2019-1003000.md b/2019/CVE-2019-1003000.md index d247637647..5bfb80c1b0 100644 --- a/2019/CVE-2019-1003000.md +++ b/2019/CVE-2019-1003000.md @@ -46,6 +46,7 @@ A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier - https://github.com/huimzjty/vulwiki - https://github.com/jaychouzzk/- - https://github.com/jbmihoub/all-poc +- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0 - https://github.com/onewinner/VulToolsKit - https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main - https://github.com/purple-WL/Jenkins_CVE-2019-1003000 diff --git a/2019/CVE-2019-10758.md b/2019/CVE-2019-10758.md index 0d711015bd..2f0c013e09 100644 --- a/2019/CVE-2019-10758.md +++ b/2019/CVE-2019-10758.md @@ -51,6 +51,7 @@ mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints - https://github.com/lovechinacoco/https-github.com-mai-lang-chai-Middleware-Vulnerability-detection - https://github.com/lp008/CVE-2019-10758 - https://github.com/masahiro331/CVE-2019-10758 +- https://github.com/north-vuln-intel/nuclei-nvi - https://github.com/ossf-cve-benchmark/CVE-2019-10758 - https://github.com/password520/Penetration_PoC - https://github.com/pentration/gongkaishouji diff --git a/2019/CVE-2019-17506.md b/2019/CVE-2019-17506.md index 20a7e578cb..6a71e5397b 100644 --- a/2019/CVE-2019-17506.md +++ b/2019/CVE-2019-17506.md @@ -27,6 +27,7 @@ No PoCs from references. - https://github.com/amcai/myscan - https://github.com/bigblackhat/oFx - https://github.com/d4n-sec/d4n-sec.github.io +- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0 - https://github.com/openx-org/BLEN - https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main - https://github.com/sobinge/nuclei-templates diff --git a/2019/CVE-2019-17558.md b/2019/CVE-2019-17558.md index e4b74171b2..8f1911652b 100644 --- a/2019/CVE-2019-17558.md +++ b/2019/CVE-2019-17558.md @@ -54,12 +54,14 @@ Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution - https://github.com/hectorgie/PoC-in-GitHub - https://github.com/hktalent/TOP - https://github.com/hktalent/bug-bounty +- https://github.com/huan-cdm/secure_tools_link - https://github.com/huike007/penetration_poc - https://github.com/huimzjty/vulwiki - https://github.com/jbmihoub/all-poc - https://github.com/koala2099/GitHub-Chinese-Top-Charts - https://github.com/lions2012/Penetration_Testing_POC - https://github.com/merlinepedra/nuclei-templates +- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0 - https://github.com/merlinepedra25/nuclei-templates - https://github.com/mustblade/solr_hacktool - https://github.com/neilzhang1/Chinese-Charts diff --git a/2019/CVE-2019-18193.md b/2019/CVE-2019-18193.md new file mode 100644 index 0000000000..93526c9ee9 --- /dev/null +++ b/2019/CVE-2019-18193.md @@ -0,0 +1,17 @@ +### [CVE-2019-18193](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18193) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In Unisys Stealth (core) 3.4.108.0, 3.4.209.x, 4.0.027.x and 4.0.114, key material inadvertently logged under certain conditions. Fixed included in 3.4.109, 4.0.027.13, 4.0.125 and 5.0.013.0. + +### POC + +#### Reference +- https://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=52 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2019/CVE-2019-2616.md b/2019/CVE-2019-2616.md index f931bda144..c7158e3160 100644 --- a/2019/CVE-2019-2616.md +++ b/2019/CVE-2019-2616.md @@ -17,4 +17,5 @@ Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle F - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/Ostorlab/KEV - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors +- https://github.com/north-vuln-intel/nuclei-nvi diff --git a/2019/CVE-2019-6340.md b/2019/CVE-2019-6340.md index 78c517985f..a34c4514bb 100644 --- a/2019/CVE-2019-6340.md +++ b/2019/CVE-2019-6340.md @@ -55,6 +55,7 @@ Some field types do not properly sanitize data from non-form sources in Drupal 8 - https://github.com/hktalent/TOP - https://github.com/hktalent/bug-bounty - https://github.com/honeybot/wtf-plugin-honeybot-cve_2019_6340 +- https://github.com/huan-cdm/secure_tools_link - https://github.com/itsamirac1e/Offensive_Security_CTF_Rekall - https://github.com/jas502n/CVE-2019-6340 - https://github.com/jbmihoub/all-poc diff --git a/2020/CVE-2020-10199.md b/2020/CVE-2020-10199.md index e2a86615f1..29e0a0b244 100644 --- a/2020/CVE-2020-10199.md +++ b/2020/CVE-2020-10199.md @@ -57,6 +57,7 @@ Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2). - https://github.com/hasee2018/Penetration_Testing_POC - https://github.com/hectorgie/PoC-in-GitHub - https://github.com/hktalent/TOP +- https://github.com/huan-cdm/secure_tools_link - https://github.com/hugosg97/CVE-2020-10199-Nexus-3.21.01 - https://github.com/huike007/penetration_poc - https://github.com/huike007/poc diff --git a/2020/CVE-2020-10204.md b/2020/CVE-2020-10204.md index 569a86df74..a1849459d4 100644 --- a/2020/CVE-2020-10204.md +++ b/2020/CVE-2020-10204.md @@ -51,6 +51,7 @@ Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution. - https://github.com/hectorgie/PoC-in-GitHub - https://github.com/hktalent/TOP - https://github.com/hktalent/bug-bounty +- https://github.com/huan-cdm/secure_tools_link - https://github.com/huike007/penetration_poc - https://github.com/huike007/poc - https://github.com/jas502n/CVE-2020-10199 diff --git a/2020/CVE-2020-10560.md b/2020/CVE-2020-10560.md index 0464814200..38623057bc 100644 --- a/2020/CVE-2020-10560.md +++ b/2020/CVE-2020-10560.md @@ -16,6 +16,7 @@ An issue was discovered in Open Source Social Network (OSSN) through 5.3. A user - https://github.com/0xT11/CVE-POC - https://github.com/ARPSyndicate/cvemon - https://github.com/LucidUnicorn/CVE-2020-10560-Key-Recovery +- https://github.com/alex-seymour/CVE-2020-10560-Key-Recovery - https://github.com/developer3000S/PoC-in-GitHub - https://github.com/hectorgie/PoC-in-GitHub - https://github.com/jandersoncampelo/InfosecBookmarks diff --git a/2020/CVE-2020-11444.md b/2020/CVE-2020-11444.md index ad1e1b131e..39414e3d0c 100644 --- a/2020/CVE-2020-11444.md +++ b/2020/CVE-2020-11444.md @@ -36,6 +36,7 @@ Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect A - https://github.com/developer3000S/PoC-in-GitHub - https://github.com/hectorgie/PoC-in-GitHub - https://github.com/hktalent/TOP +- https://github.com/huan-cdm/secure_tools_link - https://github.com/jas502n/CVE-2020-10199 - https://github.com/jbmihoub/all-poc - https://github.com/koala2099/GitHub-Chinese-Top-Charts diff --git a/2020/CVE-2020-14181.md b/2020/CVE-2020-14181.md index 0fbe6ef8da..293986699f 100644 --- a/2020/CVE-2020-14181.md +++ b/2020/CVE-2020-14181.md @@ -42,6 +42,7 @@ Affected versions of Atlassian Jira Server and Data Center allow an unauthentica - https://github.com/imhunterand/JiraCVE - https://github.com/jweny/pocassistdb - https://github.com/merlinepedra/nuclei-templates +- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0 - https://github.com/merlinepedra25/nuclei-templates - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main diff --git a/2020/CVE-2020-1938.md b/2020/CVE-2020-1938.md index 9d14163994..5a233ee44a 100644 --- a/2020/CVE-2020-1938.md +++ b/2020/CVE-2020-1938.md @@ -132,6 +132,7 @@ When using the Apache JServ Protocol (AJP), care must be taken when trusting inc - https://github.com/hectorgie/PoC-in-GitHub - https://github.com/hktalent/TOP - https://github.com/hktalent/bug-bounty +- https://github.com/huan-cdm/secure_tools_link - https://github.com/huike007/penetration_poc - https://github.com/huike007/poc - https://github.com/huimzjty/vulwiki diff --git a/2020/CVE-2020-25078.md b/2020/CVE-2020-25078.md index b93ae98968..d841fc4f96 100644 --- a/2020/CVE-2020-25078.md +++ b/2020/CVE-2020-25078.md @@ -46,6 +46,7 @@ No PoCs from references. - https://github.com/fishykz/2530L-analyze - https://github.com/jorhelp/Ingram - https://github.com/lovechinacoco/https-github.com-mai-lang-chai-Middleware-Vulnerability-detection +- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0 - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main - https://github.com/pen4uin/awesome-vulnerability-research diff --git a/2020/CVE-2020-2555.md b/2020/CVE-2020-2555.md index 935be863b9..340ad94501 100644 --- a/2020/CVE-2020-2555.md +++ b/2020/CVE-2020-2555.md @@ -108,6 +108,7 @@ Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (compo - https://github.com/hktalent/CVE_2020_2546 - https://github.com/hktalent/TOP - https://github.com/hktalent/bug-bounty +- https://github.com/huan-cdm/secure_tools_link - https://github.com/huike007/penetration_poc - https://github.com/huike007/poc - https://github.com/hungslab/awd-tools diff --git a/2020/CVE-2020-2883.md b/2020/CVE-2020-2883.md index 09b70b308a..cebce7b00f 100644 --- a/2020/CVE-2020-2883.md +++ b/2020/CVE-2020-2883.md @@ -80,6 +80,7 @@ Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware - https://github.com/hktalent/CVE_2020_2546 - https://github.com/hktalent/TOP - https://github.com/hktalent/bug-bounty +- https://github.com/huan-cdm/secure_tools_link - https://github.com/huike007/penetration_poc - https://github.com/huike007/poc - https://github.com/hungslab/awd-tools diff --git a/2020/CVE-2020-8515.md b/2020/CVE-2020-8515.md index 2f210071d7..c64a761cf5 100644 --- a/2020/CVE-2020-8515.md +++ b/2020/CVE-2020-8515.md @@ -52,4 +52,5 @@ DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1. - https://github.com/trhacknon/CVE-2020-8515-PoC - https://github.com/trhacknon/nmap_draytek_rce - https://github.com/truerandom/nmap_draytek_rce +- https://github.com/yveeranki5566/LogData-Analysis diff --git a/2020/CVE-2020-8958.md b/2020/CVE-2020-8958.md index aefb78b393..ff05aa9050 100644 --- a/2020/CVE-2020-8958.md +++ b/2020/CVE-2020-8958.md @@ -23,4 +23,5 @@ Guangzhou 1GE ONU V2801RW 1.9.1-181203 through 2.9.0-181024 and V2804RGW 1.9.1-1 - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/qurbat/CVE-2020-8958 - https://github.com/soosmile/POC +- https://github.com/yveeranki5566/LogData-Analysis diff --git a/2020/CVE-2020-9496.md b/2020/CVE-2020-9496.md index 33d6147b67..54d924daa4 100644 --- a/2020/CVE-2020-9496.md +++ b/2020/CVE-2020-9496.md @@ -47,6 +47,7 @@ XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scriptin - https://github.com/g33xter/CVE-2020-9496 - https://github.com/hectorgie/PoC-in-GitHub - https://github.com/merlinepedra/nuclei-templates +- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0 - https://github.com/merlinepedra25/nuclei-templates - https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2021/CVE-2021-21315.md b/2021/CVE-2021-21315.md index c76f4884cf..c3e12b2fe4 100644 --- a/2021/CVE-2021-21315.md +++ b/2021/CVE-2021-21315.md @@ -44,6 +44,7 @@ No PoCs from references. - https://github.com/lions2012/Penetration_Testing_POC - https://github.com/lovechinacoco/https-github.com-mai-lang-chai-Middleware-Vulnerability-detection - https://github.com/manas3c/CVE-POC +- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0 - https://github.com/mintoolkit/mint - https://github.com/mmk-1/kubernetes-poc - https://github.com/n1sh1th/CVE-POC diff --git a/2021/CVE-2021-21972.md b/2021/CVE-2021-21972.md index 5c17d57d08..6548ed5a9a 100644 --- a/2021/CVE-2021-21972.md +++ b/2021/CVE-2021-21972.md @@ -119,6 +119,7 @@ The vSphere Client (HTML5) contains a remote code execution vulnerability in a v - https://github.com/mamba-2021/fscan-POC - https://github.com/manas3c/CVE-POC - https://github.com/mdisec/mdisec-twitch-yayinlari +- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0 - https://github.com/milo2012/CVE-2021-21972 - https://github.com/mstxq17/SecurityArticleLogger - https://github.com/murataydemir/CVE-2021-21972 diff --git a/2021/CVE-2021-22005.md b/2021/CVE-2021-22005.md index 00e46984b2..b541e1de6b 100644 --- a/2021/CVE-2021-22005.md +++ b/2021/CVE-2021-22005.md @@ -66,6 +66,7 @@ The vCenter Server contains an arbitrary file upload vulnerability in the Analyt - https://github.com/mamba-2021/EXP-POC - https://github.com/mamba-2021/fscan-POC - https://github.com/manas3c/CVE-POC +- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0 - https://github.com/nday-ldgz/ZoomEye-dork - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/onewinner/VulToolsKit diff --git a/2021/CVE-2021-22205.md b/2021/CVE-2021-22205.md index 485f8f4f10..2c05d914a5 100644 --- a/2021/CVE-2021-22205.md +++ b/2021/CVE-2021-22205.md @@ -92,6 +92,7 @@ An issue has been discovered in GitLab CE/EE affecting all versions starting fro - https://github.com/kh4sh3i/Gitlab-CVE - https://github.com/lions2012/Penetration_Testing_POC - https://github.com/manas3c/CVE-POC +- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0 - https://github.com/momika233/cve-2021-22205-GitLab-13.10.2---Remote-Code-Execution-RCE-Unauthenticated- - https://github.com/mr-r3bot/Gitlab-CVE-2021-22205 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2021/CVE-2021-22986.md b/2021/CVE-2021-22986.md index fef2c243a3..52aafaef75 100644 --- a/2021/CVE-2021-22986.md +++ b/2021/CVE-2021-22986.md @@ -77,6 +77,7 @@ On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before - https://github.com/lovechinacoco/https-github.com-mai-lang-chai-Middleware-Vulnerability-detection - https://github.com/luck-ying/Library-POC - https://github.com/manas3c/CVE-POC +- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0 - https://github.com/microvorld/CVE-2021-22986 - https://github.com/n1sh1th/CVE-POC - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2021/CVE-2021-26084.md b/2021/CVE-2021-26084.md index 17f212de81..bb75d93c6c 100644 --- a/2021/CVE-2021-26084.md +++ b/2021/CVE-2021-26084.md @@ -138,6 +138,7 @@ In affected versions of Confluence Server and Data Center, an OGNL injection vul - https://github.com/maskerTUI/CVE-2021-26084 - https://github.com/mdisec/mdisec-twitch-yayinlari - https://github.com/merlinepedra/Pentest-Tools +- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0 - https://github.com/merlinepedra25/Pentest-Tools - https://github.com/merlinepedra25/Pentest-Tools-1 - https://github.com/nahcusira/CVE-2021-26084 diff --git a/2021/CVE-2021-26295.md b/2021/CVE-2021-26295.md index 66b746b7ee..6334b2b371 100644 --- a/2021/CVE-2021-26295.md +++ b/2021/CVE-2021-26295.md @@ -57,6 +57,7 @@ Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated at - https://github.com/lovechinacoco/https-github.com-mai-lang-chai-Middleware-Vulnerability-detection - https://github.com/ltfafei/my_POC - https://github.com/manas3c/CVE-POC +- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0 - https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main diff --git a/2021/CVE-2021-30461.md b/2021/CVE-2021-30461.md index 53c673716a..e5daa9954a 100644 --- a/2021/CVE-2021-30461.md +++ b/2021/CVE-2021-30461.md @@ -33,6 +33,7 @@ No PoCs from references. - https://github.com/bigblackhat/oFx - https://github.com/d4n-sec/d4n-sec.github.io - https://github.com/daedalus/CVE-2021-30461 +- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0 - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/openx-org/BLEN - https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main diff --git a/2021/CVE-2021-34429.md b/2021/CVE-2021-34429.md index bd32c96df4..aca98d985c 100644 --- a/2021/CVE-2021-34429.md +++ b/2021/CVE-2021-34429.md @@ -35,5 +35,6 @@ For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs ca - https://github.com/nu1r/yak-module-Nu - https://github.com/openx-org/BLEN - https://github.com/soosmile/POC +- https://github.com/t0ffe/CybSec_Course_Project_II - https://github.com/whoami13apt/files2 diff --git a/2021/CVE-2021-37580.md b/2021/CVE-2021-37580.md index 3b165d9cc0..4d19da2b8f 100644 --- a/2021/CVE-2021-37580.md +++ b/2021/CVE-2021-37580.md @@ -38,6 +38,7 @@ No PoCs from references. - https://github.com/huimzjty/vulwiki - https://github.com/langligelang/langligelang - https://github.com/lions2012/Penetration_Testing_POC +- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0 - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main - https://github.com/pen4uin/awesome-vulnerability-research diff --git a/2021/CVE-2021-41773.md b/2021/CVE-2021-41773.md index bffb4fb4fa..d3049ce350 100644 --- a/2021/CVE-2021-41773.md +++ b/2021/CVE-2021-41773.md @@ -229,6 +229,7 @@ A flaw was found in a change made to path normalization in Apache HTTP Server 2. - https://github.com/mauricelambert/CVE-2021-42013 - https://github.com/mauricelambert/mauricelambert.github.io - https://github.com/merlinepedra/RedTeam_toolkit +- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0 - https://github.com/merlinepedra25/RedTeam_toolkit - https://github.com/mightysai1997/CVE-2021-41773-L- - https://github.com/mightysai1997/CVE-2021-41773-PoC diff --git a/2021/CVE-2021-42013.md b/2021/CVE-2021-42013.md index 213f80f7e1..cbaa57fb9f 100644 --- a/2021/CVE-2021-42013.md +++ b/2021/CVE-2021-42013.md @@ -132,6 +132,7 @@ It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was in - https://github.com/ltfafei/my_POC - https://github.com/mauricelambert/CVE-2021-42013 - https://github.com/mauricelambert/mauricelambert.github.io +- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0 - https://github.com/metecicek/Advent-of-Cyber-3-2021- - https://github.com/mightysai1997/-apache_2.4.50 - https://github.com/mightysai1997/cve-2021-42013 diff --git a/2021/CVE-2021-43798.md b/2021/CVE-2021-43798.md index 23295f5c34..6cf78f308b 100644 --- a/2021/CVE-2021-43798.md +++ b/2021/CVE-2021-43798.md @@ -108,6 +108,7 @@ Grafana is an open-source platform for monitoring and observability. Grafana ver - https://github.com/lfz97/CVE-2021-43798-Grafana-File-Read - https://github.com/light-Life/CVE-2021-43798 - https://github.com/mauricelambert/LabAutomationCVE-2021-43798 +- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0 - https://github.com/n1sh1th/CVE-POC - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/nuker/CVE-2021-43798 diff --git a/2021/CVE-2021-45232.md b/2021/CVE-2021-45232.md index 304d11c090..6a45abcffd 100644 --- a/2021/CVE-2021-45232.md +++ b/2021/CVE-2021-45232.md @@ -50,6 +50,7 @@ No PoCs from references. - https://github.com/jxpsx/CVE-2021-45232-RCE - https://github.com/leveryd/leveryd - https://github.com/lions2012/Penetration_Testing_POC +- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0 - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/openx-org/BLEN - https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main diff --git a/2022/CVE-2022-1101.md b/2022/CVE-2022-1101.md new file mode 100644 index 0000000000..de476e4c18 --- /dev/null +++ b/2022/CVE-2022-1101.md @@ -0,0 +1,17 @@ +### [CVE-2022-1101](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1101) +![](https://img.shields.io/static/v1?label=Product&message=Royale%20Event%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-287%20Improper%20Authentication&color=brighgreen) + +### Description + +A vulnerability was found in SourceCodester Royale Event Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /royal_event/userregister.php. The manipulation leads to improper authentication. The attack may be initiated remotely. The identifier VDB-195785 was assigned to this vulnerability. + +### POC + +#### Reference +- https://vuldb.com/?id.195785 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2022/CVE-2022-1388.md b/2022/CVE-2022-1388.md index 31ec527c1c..f06ca363ec 100644 --- a/2022/CVE-2022-1388.md +++ b/2022/CVE-2022-1388.md @@ -148,6 +148,7 @@ On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5. - https://github.com/luck-ying/Library-POC - https://github.com/manas3c/CVE-POC - https://github.com/merlinepedra/RedTeam_toolkit +- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0 - https://github.com/merlinepedra25/RedTeam_toolkit - https://github.com/mr-vill4in/CVE-2022-1388 - https://github.com/nico989/CVE-2022-1388 diff --git a/2022/CVE-2022-22947.md b/2022/CVE-2022-22947.md index 7d8e512fdc..04fad26fff 100644 --- a/2022/CVE-2022-22947.md +++ b/2022/CVE-2022-22947.md @@ -149,6 +149,7 @@ In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are v - https://github.com/mamba-2021/fscan-POC - https://github.com/manas3c/CVE-POC - https://github.com/march0s1as/CVE-2022-22947 +- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0 - https://github.com/metaStor/SpringScan - https://github.com/michaelklaan/CVE-2022-22947-Spring-Cloud - https://github.com/mieeA/SpringWebflux-MemShell diff --git a/2022/CVE-2022-22954.md b/2022/CVE-2022-22954.md index db8394a4b4..0f8676d6d7 100644 --- a/2022/CVE-2022-22954.md +++ b/2022/CVE-2022-22954.md @@ -97,6 +97,7 @@ VMware Workspace ONE Access and Identity Manager contain a remote code execution - https://github.com/mamba-2021/EXP-POC - https://github.com/mamba-2021/fscan-POC - https://github.com/manas3c/CVE-POC +- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0 - https://github.com/mhurts/CVE-2022-22954-POC - https://github.com/mumu2020629/-CVE-2022-22954-scanner - https://github.com/nguyenv1nK/CVE-2022-22954 diff --git a/2022/CVE-2022-22963.md b/2022/CVE-2022-22963.md index 6d7dea0a87..842be81929 100644 --- a/2022/CVE-2022-22963.md +++ b/2022/CVE-2022-22963.md @@ -131,6 +131,7 @@ In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, w - https://github.com/manas3c/CVE-POC - https://github.com/me2nuk/CVE-2022-22963 - https://github.com/mebibite/springhound +- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0 - https://github.com/metaStor/SpringScan - https://github.com/murchie85/twitterCyberMonitor - https://github.com/nBp1Ng/FrameworkAndComponentVulnerabilities diff --git a/2022/CVE-2022-22965.md b/2022/CVE-2022-22965.md index 6ad3a048c3..2cdb6655b5 100644 --- a/2022/CVE-2022-22965.md +++ b/2022/CVE-2022-22965.md @@ -247,6 +247,7 @@ A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable t - https://github.com/matheuscezar/spring4shell-massive-scan - https://github.com/me2nuk/CVE-2022-22965 - https://github.com/mebibite/springhound +- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0 - https://github.com/metaStor/SpringScan - https://github.com/mikaelkall/Spring4Shell - https://github.com/mirsaes/cyao2pdf diff --git a/2022/CVE-2022-23131.md b/2022/CVE-2022-23131.md index eee2e807c7..6178c3ebf7 100644 --- a/2022/CVE-2022-23131.md +++ b/2022/CVE-2022-23131.md @@ -68,6 +68,7 @@ No PoCs from references. - https://github.com/kh4sh3i/CVE-2022-23131 - https://github.com/lions2012/Penetration_Testing_POC - https://github.com/manas3c/CVE-POC +- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0 - https://github.com/murchie85/twitterCyberMonitor - https://github.com/nirsarkar/Nuclei-Templates-Collection - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2022/CVE-2022-26134.md b/2022/CVE-2022-26134.md index 78c0eee88a..d8ccf9dce3 100644 --- a/2022/CVE-2022-26134.md +++ b/2022/CVE-2022-26134.md @@ -172,6 +172,7 @@ In affected versions of Confluence Server and Data Center, an OGNL injection vul - https://github.com/loobug/stools - https://github.com/mamba-2021/EXP-POC - https://github.com/manas3c/CVE-POC +- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0 - https://github.com/murataydemir/CVE-2022-26134 - https://github.com/nitishbadole/oscp-note-3 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2022/CVE-2022-29464.md b/2022/CVE-2022-29464.md index f6dcb0eb79..29e4ce53bc 100644 --- a/2022/CVE-2022-29464.md +++ b/2022/CVE-2022-29464.md @@ -94,6 +94,7 @@ Certain WSO2 products allow unrestricted file upload with resultant remote code - https://github.com/lonnyzhang423/github-hot-hub - https://github.com/lowkey0808/cve-2022-29464 - https://github.com/manas3c/CVE-POC +- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0 - https://github.com/mr-r3bot/WSO2-CVE-2022-29464 - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/oppsec/WSOB diff --git a/2022/CVE-2022-30525.md b/2022/CVE-2022-30525.md index 5f8e3421a5..9ec6b40d59 100644 --- a/2022/CVE-2022-30525.md +++ b/2022/CVE-2022-30525.md @@ -63,6 +63,7 @@ A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) - https://github.com/lions2012/Penetration_Testing_POC - https://github.com/luck-ying/Library-POC - https://github.com/manas3c/CVE-POC +- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0 - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main - https://github.com/savior-only/CVE-2022-30525 diff --git a/2022/CVE-2022-31814.md b/2022/CVE-2022-31814.md index 61e246dd47..0ba4022ec7 100644 --- a/2022/CVE-2022-31814.md +++ b/2022/CVE-2022-31814.md @@ -22,6 +22,7 @@ pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execute arbitrar - https://github.com/Knownasjohnn/RCE - https://github.com/Madliife0/CVE-2022-31814 - https://github.com/NaInSec/CVE-PoC-in-GitHub +- https://github.com/Ostorlab/KEV - https://github.com/SYRTI/POC_to_review - https://github.com/TheUnknownSoul/CVE-2022-31814 - https://github.com/WhooAmii/POC_to_review diff --git a/2022/CVE-2022-41120.md b/2022/CVE-2022-41120.md index d1816502f1..45bc831e5d 100644 --- a/2022/CVE-2022-41120.md +++ b/2022/CVE-2022-41120.md @@ -16,5 +16,6 @@ No PoCs from references. - https://github.com/ARPSyndicate/cvemon - https://github.com/Wh04m1001/SysmonEoP - https://github.com/pxcs/CVE-29343-Sysmon-list +- https://github.com/pxcs/CVE-Report - https://github.com/pxcs/CVE_Sysmon_Report diff --git a/2022/CVE-2022-44704.md b/2022/CVE-2022-44704.md index f0c8976d0f..854ad2383c 100644 --- a/2022/CVE-2022-44704.md +++ b/2022/CVE-2022-44704.md @@ -16,5 +16,6 @@ No PoCs from references. - https://github.com/ARPSyndicate/cvemon - https://github.com/Wh04m1001/SysmonEoP - https://github.com/pxcs/CVE-29343-Sysmon-list +- https://github.com/pxcs/CVE-Report - https://github.com/pxcs/CVE_Sysmon_Report diff --git a/2023/CVE-2023-1681.md b/2023/CVE-2023-1681.md new file mode 100644 index 0000000000..2f1566f77b --- /dev/null +++ b/2023/CVE-2023-1681.md @@ -0,0 +1,17 @@ +### [CVE-2023-1681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1681) +![](https://img.shields.io/static/v1?label=Product&message=CMS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%204.61%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Information%20Disclosure&color=brighgreen) + +### Description + +A vulnerability, which was classified as problematic, was found in Xunrui CMS 4.61. Affected is an unknown function of the file /config/myfield/test.php. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-224238 is the identifier assigned to this vulnerability. + +### POC + +#### Reference +- https://vuldb.com/?id.224238 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-2039.md b/2023/CVE-2023-2039.md new file mode 100644 index 0000000000..57d66f8d62 --- /dev/null +++ b/2023/CVE-2023-2039.md @@ -0,0 +1,17 @@ +### [CVE-2023-2039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2039) +![](https://img.shields.io/static/v1?label=Product&message=novel-plus&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%203.6.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in novel-plus 3.6.2. It has been rated as critical. This issue affects some unknown processing of the file /author/list?limit=10&offset=0&order=desc. The manipulation of the argument sort leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225917 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://vuldb.com/?id.225917 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-2096.md b/2023/CVE-2023-2096.md index c5757c92cb..6e027190c6 100644 --- a/2023/CVE-2023-2096.md +++ b/2023/CVE-2023-2096.md @@ -10,7 +10,7 @@ A vulnerability was found in SourceCodester Vehicle Service Management System 1. ### POC #### Reference -No PoCs from references. +- https://vuldb.com/?id.226104 #### Github - https://github.com/1-tong/vehicle_cves diff --git a/2023/CVE-2023-2346.md b/2023/CVE-2023-2346.md new file mode 100644 index 0000000000..0b498d8c5a --- /dev/null +++ b/2023/CVE-2023-2346.md @@ -0,0 +1,17 @@ +### [CVE-2023-2346](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2346) +![](https://img.shields.io/static/v1?label=Product&message=Service%20Provider%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in SourceCodester Service Provider Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/inquiries/view_inquiry.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227589 was assigned to this vulnerability. + +### POC + +#### Reference +- https://vuldb.com/?id.227589 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-2862.md b/2023/CVE-2023-2862.md new file mode 100644 index 0000000000..4aedc8ad22 --- /dev/null +++ b/2023/CVE-2023-2862.md @@ -0,0 +1,17 @@ +### [CVE-2023-2862](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2862) +![](https://img.shields.io/static/v1?label=Product&message=CMS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%207.2.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability, which was classified as problematic, was found in SiteServer CMS up to 7.2.1. Affected is an unknown function of the file /api/stl/actions/search. The manipulation of the argument ajaxDivId leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-229818 is the identifier assigned to this vulnerability. + +### POC + +#### Reference +- https://vuldb.com/?id.229818 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-2923.md b/2023/CVE-2023-2923.md index 3a6ce433ee..2c7512efae 100644 --- a/2023/CVE-2023-2923.md +++ b/2023/CVE-2023-2923.md @@ -11,6 +11,7 @@ A vulnerability classified as critical was found in Tenda AC6 US_AC6V1.0BR_V15.0 #### Reference - https://github.com/GleamingEyes/vul/blob/main/1.md +- https://vuldb.com/?id.230077 #### Github No PoCs found on GitHub currently. diff --git a/2023/CVE-2023-50094.md b/2023/CVE-2023-50094.md index cb1498852a..a3a6b0860c 100644 --- a/2023/CVE-2023-50094.md +++ b/2023/CVE-2023-50094.md @@ -5,7 +5,7 @@ ### Description -reNgine through 2.0.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/waf_detector/?url= string. The commands are executed as root via subprocess.check_output. +reNgine before 2.1.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/waf_detector/?url= string. The commands are executed as root via subprocess.check_output. ### POC diff --git a/2024/CVE-2024-21733.md b/2024/CVE-2024-21733.md index 08ddba969e..832ccc7f82 100644 --- a/2024/CVE-2024-21733.md +++ b/2024/CVE-2024-21733.md @@ -17,6 +17,7 @@ Generation of Error Message Containing Sensitive Information vulnerability in Ap - https://github.com/Marco-zcl/POC - https://github.com/Ostorlab/KEV - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/versio-io/product-lifecycle-security-api - https://github.com/wjlin0/poc-doc - https://github.com/wy876/POC diff --git a/2024/CVE-2024-28066.md b/2024/CVE-2024-28066.md index cbfef7cb79..7741471bfe 100644 --- a/2024/CVE-2024-28066.md +++ b/2024/CVE-2024-28066.md @@ -13,5 +13,5 @@ In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a hardcoded r - https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-008.txt #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-28986.md b/2024/CVE-2024-28986.md index 7ca6aae5aa..6715f6bf5a 100644 --- a/2024/CVE-2024-28986.md +++ b/2024/CVE-2024-28986.md @@ -5,7 +5,7 @@ ### Description -SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing.  However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available. +SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing.  However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available. ### POC diff --git a/2024/CVE-2024-3183.md b/2024/CVE-2024-3183.md new file mode 100644 index 0000000000..751e71973b --- /dev/null +++ b/2024/CVE-2024-3183.md @@ -0,0 +1,29 @@ +### [CVE-2024-3183](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3183) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208.2%20Advanced%20Update%20Support&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208.4%20Advanced%20Mission%20Critical%20Update%20Support&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208.4%20Telecommunications%20Update%20Service&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208.4%20Update%20Services%20for%20SAP%20Solutions&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208.6%20Advanced%20Mission%20Critical%20Update%20Support&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208.6%20Telecommunications%20Update%20Service&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208.6%20Update%20Services%20for%20SAP%20Solutions&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208.8%20Extended%20Update%20Support&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209.0%20Extended%20Update%20Support&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209.2%20Extended%20Update%20Support&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Use%20of%20Password%20Hash%20With%20Insufficient%20Computational%20Effort&color=brighgreen) + +### Description + +A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user principals, this key is a hash of a public per-principal randomly-generated salt and the user’s password. If a principal is compromised it means the attacker would be able to retrieve tickets encrypted to any principal, all of them being encrypted by their own key directly. By taking these tickets and salts offline, the attacker could run brute force attacks to find character strings able to decrypt tickets when combined to a principal salt (i.e. find the principal’s password). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-32901.md b/2024/CVE-2024-32901.md new file mode 100644 index 0000000000..8fa362c390 --- /dev/null +++ b/2024/CVE-2024-32901.md @@ -0,0 +1,17 @@ +### [CVE-2024-32901](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32901) +![](https://img.shields.io/static/v1?label=Product&message=Android&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20Android%20kernel%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Elevation%20of%20privilege&color=brighgreen) + +### Description + +In v4l2_smfc_qbuf of smfc-v4l2-ioctls.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-33228.md b/2024/CVE-2024-33228.md new file mode 100644 index 0000000000..920e0914d3 --- /dev/null +++ b/2024/CVE-2024-33228.md @@ -0,0 +1,17 @@ +### [CVE-2024-33228](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33228) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in the component segwindrvx64.sys of Insyde Software Corp SEG Windows Driver v100.00.07.02 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-33960.md b/2024/CVE-2024-33960.md new file mode 100644 index 0000000000..d9896d84a0 --- /dev/null +++ b/2024/CVE-2024-33960.md @@ -0,0 +1,19 @@ +### [CVE-2024-33960](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33960) +![](https://img.shields.io/static/v1?label=Product&message=Janobe%20Credit%20Card&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Janobe%20Debit%20Card%20Payment&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Janobe%20PayPal&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'end' in '/admin/mod_reports/printreport.php' parameter. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-36401.md b/2024/CVE-2024-36401.md index 58deda85aa..8e6bda3f9c 100644 --- a/2024/CVE-2024-36401.md +++ b/2024/CVE-2024-36401.md @@ -23,6 +23,7 @@ GeoServer is an open source server that allows users to share and edit geospatia - https://github.com/TrojanAZhen/Self_Back - https://github.com/Y4tacker/JavaSec - https://github.com/ahisec/nuclei-tps +- https://github.com/bigblackhat/oFx - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/onewinner/POCS - https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main diff --git a/2024/CVE-2024-37273.md b/2024/CVE-2024-37273.md index 06c3b420ad..d5754142ac 100644 --- a/2024/CVE-2024-37273.md +++ b/2024/CVE-2024-37273.md @@ -13,5 +13,5 @@ An arbitrary file upload vulnerability in the /v1/app/appendFileSync interface o - https://github.com/HackAllSec/CVEs/tree/main/Jan%20Arbitrary%20File%20Upload%20vulnerability #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-37849.md b/2024/CVE-2024-37849.md index 2e93bee59f..f816db0fe3 100644 --- a/2024/CVE-2024-37849.md +++ b/2024/CVE-2024-37849.md @@ -13,5 +13,5 @@ A SQL Injection vulnerability in itsourcecode Billing System 1.0 allows a local - https://github.com/ganzhi-qcy/cve/issues/3 #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-38063.md b/2024/CVE-2024-38063.md index 89fb5c988d..4f07d2e4fb 100644 --- a/2024/CVE-2024-38063.md +++ b/2024/CVE-2024-38063.md @@ -52,5 +52,7 @@ Windows TCP/IP Remote Code Execution Vulnerability No PoCs from references. #### Github +- https://github.com/being1943/my_rss_reader - https://github.com/kherrick/hacker-news +- https://github.com/zhaoolee/garss diff --git a/2024/CVE-2024-39397.md b/2024/CVE-2024-39397.md new file mode 100644 index 0000000000..eaee9f39fa --- /dev/null +++ b/2024/CVE-2024-39397.md @@ -0,0 +1,17 @@ +### [CVE-2024-39397](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39397) +![](https://img.shields.io/static/v1?label=Product&message=Adobe%20Commerce&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Unrestricted%20Upload%20of%20File%20with%20Dangerous%20Type%20(CWE-434)&color=brighgreen) + +### Description + +Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution by an attacker. An attacker could exploit this vulnerability by uploading a malicious file which can then be executed on the server. Exploitation of this issue does not require user interaction, but attack complexity is high and scope is changed. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-39398.md b/2024/CVE-2024-39398.md new file mode 100644 index 0000000000..429aa7fa64 --- /dev/null +++ b/2024/CVE-2024-39398.md @@ -0,0 +1,17 @@ +### [CVE-2024-39398](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39398) +![](https://img.shields.io/static/v1?label=Product&message=Adobe%20Commerce&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Restriction%20of%20Excessive%20Authentication%20Attempts%20(CWE-307)&color=brighgreen) + +### Description + +Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Restriction of Excessive Authentication Attempts vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to perform brute force attacks and potentially gain unauthorized access to accounts. Exploitation of this issue does not require user interaction, but attack complexity is high. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-39399.md b/2024/CVE-2024-39399.md new file mode 100644 index 0000000000..2ffdd1172c --- /dev/null +++ b/2024/CVE-2024-39399.md @@ -0,0 +1,17 @@ +### [CVE-2024-39399](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39399) +![](https://img.shields.io/static/v1?label=Product&message=Adobe%20Commerce&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')%20(CWE-22)&color=brighgreen) + +### Description + +Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. A low-privileged attacker could exploit this vulnerability to gain access to files and directories that are outside the restricted directory. Exploitation of this issue does not require user interaction and scope is changed. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-39400.md b/2024/CVE-2024-39400.md new file mode 100644 index 0000000000..2e7ab26ef0 --- /dev/null +++ b/2024/CVE-2024-39400.md @@ -0,0 +1,17 @@ +### [CVE-2024-39400](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39400) +![](https://img.shields.io/static/v1?label=Product&message=Adobe%20Commerce&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross-site%20Scripting%20(DOM-based%20XSS)%20(CWE-79)&color=brighgreen) + +### Description + +Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an admin attacker to inject and execute arbitrary JavaScript code within the context of the user's browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a malicious link. Confidentiality and integrity impact is high as it affects other admin accounts. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-39401.md b/2024/CVE-2024-39401.md new file mode 100644 index 0000000000..b3f3876fed --- /dev/null +++ b/2024/CVE-2024-39401.md @@ -0,0 +1,17 @@ +### [CVE-2024-39401](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39401) +![](https://img.shields.io/static/v1?label=Product&message=Adobe%20Commerce&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20OS%20Command%20('OS%20Command%20Injection')%20(CWE-78)&color=brighgreen) + +### Description + +Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue requires user interaction and scope is changed. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-39402.md b/2024/CVE-2024-39402.md new file mode 100644 index 0000000000..a3580e8df8 --- /dev/null +++ b/2024/CVE-2024-39402.md @@ -0,0 +1,17 @@ +### [CVE-2024-39402](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39402) +![](https://img.shields.io/static/v1?label=Product&message=Adobe%20Commerce&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20OS%20Command%20('OS%20Command%20Injection')%20(CWE-78)&color=brighgreen) + +### Description + +Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue requires user interaction and scope is changed. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-39403.md b/2024/CVE-2024-39403.md new file mode 100644 index 0000000000..6d84121942 --- /dev/null +++ b/2024/CVE-2024-39403.md @@ -0,0 +1,17 @@ +### [CVE-2024-39403](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39403) +![](https://img.shields.io/static/v1?label=Product&message=Adobe%20Commerce&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross-site%20Scripting%20(Stored%20XSS)%20(CWE-79)&color=brighgreen) + +### Description + +Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Confidentiality impact is high due to the attacker being able to exfiltrate sensitive information. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-39404.md b/2024/CVE-2024-39404.md new file mode 100644 index 0000000000..9ce4008ad0 --- /dev/null +++ b/2024/CVE-2024-39404.md @@ -0,0 +1,17 @@ +### [CVE-2024-39404](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39404) +![](https://img.shields.io/static/v1?label=Product&message=Adobe%20Commerce&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Authorization%20(CWE-285)&color=brighgreen) + +### Description + +Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-39405.md b/2024/CVE-2024-39405.md new file mode 100644 index 0000000000..f61c499d30 --- /dev/null +++ b/2024/CVE-2024-39405.md @@ -0,0 +1,17 @@ +### [CVE-2024-39405](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39405) +![](https://img.shields.io/static/v1?label=Product&message=Adobe%20Commerce&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Authorization%20(CWE-285)&color=brighgreen) + +### Description + +Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-39406.md b/2024/CVE-2024-39406.md new file mode 100644 index 0000000000..5109aeba8f --- /dev/null +++ b/2024/CVE-2024-39406.md @@ -0,0 +1,17 @@ +### [CVE-2024-39406](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39406) +![](https://img.shields.io/static/v1?label=Product&message=Adobe%20Commerce&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')%20(CWE-22)&color=brighgreen) + +### Description + +Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to gain access to files and directories that are outside the restricted directory. Exploitation of this issue does not require user interaction and scope is changed. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-39407.md b/2024/CVE-2024-39407.md new file mode 100644 index 0000000000..2503dd7e42 --- /dev/null +++ b/2024/CVE-2024-39407.md @@ -0,0 +1,17 @@ +### [CVE-2024-39407](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39407) +![](https://img.shields.io/static/v1?label=Product&message=Adobe%20Commerce&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Authorization%20(CWE-285)&color=brighgreen) + +### Description + +Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-39408.md b/2024/CVE-2024-39408.md new file mode 100644 index 0000000000..95bd207556 --- /dev/null +++ b/2024/CVE-2024-39408.md @@ -0,0 +1,17 @@ +### [CVE-2024-39408](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39408) +![](https://img.shields.io/static/v1?label=Product&message=Adobe%20Commerce&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross-Site%20Request%20Forgery%20(CSRF)%20(CWE-352)&color=brighgreen) + +### Description + +Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor unauthorised actions on behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue requires user interaction. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-39409.md b/2024/CVE-2024-39409.md new file mode 100644 index 0000000000..0de41ebb3c --- /dev/null +++ b/2024/CVE-2024-39409.md @@ -0,0 +1,17 @@ +### [CVE-2024-39409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39409) +![](https://img.shields.io/static/v1?label=Product&message=Adobe%20Commerce&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross-Site%20Request%20Forgery%20(CSRF)%20(CWE-352)&color=brighgreen) + +### Description + +Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor unauthorised actions on behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue requires user interaction. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-39410.md b/2024/CVE-2024-39410.md new file mode 100644 index 0000000000..32c512080d --- /dev/null +++ b/2024/CVE-2024-39410.md @@ -0,0 +1,17 @@ +### [CVE-2024-39410](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39410) +![](https://img.shields.io/static/v1?label=Product&message=Adobe%20Commerce&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross-Site%20Request%20Forgery%20(CSRF)%20(CWE-352)&color=brighgreen) + +### Description + +Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor unauthorised actions on behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue requires user interaction. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-39411.md b/2024/CVE-2024-39411.md new file mode 100644 index 0000000000..6953ab379f --- /dev/null +++ b/2024/CVE-2024-39411.md @@ -0,0 +1,17 @@ +### [CVE-2024-39411](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39411) +![](https://img.shields.io/static/v1?label=Product&message=Adobe%20Commerce&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Authorization%20(CWE-285)&color=brighgreen) + +### Description + +Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-39412.md b/2024/CVE-2024-39412.md new file mode 100644 index 0000000000..6a4670dafe --- /dev/null +++ b/2024/CVE-2024-39412.md @@ -0,0 +1,17 @@ +### [CVE-2024-39412](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39412) +![](https://img.shields.io/static/v1?label=Product&message=Adobe%20Commerce&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Authorization%20(CWE-285)&color=brighgreen) + +### Description + +Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-39413.md b/2024/CVE-2024-39413.md new file mode 100644 index 0000000000..4622bf7dec --- /dev/null +++ b/2024/CVE-2024-39413.md @@ -0,0 +1,17 @@ +### [CVE-2024-39413](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39413) +![](https://img.shields.io/static/v1?label=Product&message=Adobe%20Commerce&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Authorization%20(CWE-285)&color=brighgreen) + +### Description + +Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-39414.md b/2024/CVE-2024-39414.md new file mode 100644 index 0000000000..9c1e30651b --- /dev/null +++ b/2024/CVE-2024-39414.md @@ -0,0 +1,17 @@ +### [CVE-2024-39414](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39414) +![](https://img.shields.io/static/v1?label=Product&message=Adobe%20Commerce&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Access%20Control%20(CWE-284)&color=brighgreen) + +### Description + +Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-39415.md b/2024/CVE-2024-39415.md new file mode 100644 index 0000000000..5a7fa20122 --- /dev/null +++ b/2024/CVE-2024-39415.md @@ -0,0 +1,17 @@ +### [CVE-2024-39415](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39415) +![](https://img.shields.io/static/v1?label=Product&message=Adobe%20Commerce&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Authorization%20(CWE-285)&color=brighgreen) + +### Description + +Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-39416.md b/2024/CVE-2024-39416.md new file mode 100644 index 0000000000..1a56a4bf5a --- /dev/null +++ b/2024/CVE-2024-39416.md @@ -0,0 +1,17 @@ +### [CVE-2024-39416](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39416) +![](https://img.shields.io/static/v1?label=Product&message=Adobe%20Commerce&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Authorization%20(CWE-285)&color=brighgreen) + +### Description + +Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-39417.md b/2024/CVE-2024-39417.md new file mode 100644 index 0000000000..e104279ef5 --- /dev/null +++ b/2024/CVE-2024-39417.md @@ -0,0 +1,17 @@ +### [CVE-2024-39417](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39417) +![](https://img.shields.io/static/v1?label=Product&message=Adobe%20Commerce&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Authorization%20(CWE-285)&color=brighgreen) + +### Description + +Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-39418.md b/2024/CVE-2024-39418.md new file mode 100644 index 0000000000..219bd0edb1 --- /dev/null +++ b/2024/CVE-2024-39418.md @@ -0,0 +1,17 @@ +### [CVE-2024-39418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39418) +![](https://img.shields.io/static/v1?label=Product&message=Adobe%20Commerce&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Authorization%20(CWE-285)&color=brighgreen) + +### Description + +Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures to view and edit low-sensitivity information. Exploitation of this issue does not require user interaction. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-39419.md b/2024/CVE-2024-39419.md new file mode 100644 index 0000000000..03f6280e6a --- /dev/null +++ b/2024/CVE-2024-39419.md @@ -0,0 +1,17 @@ +### [CVE-2024-39419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39419) +![](https://img.shields.io/static/v1?label=Product&message=Adobe%20Commerce&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Authorization%20(CWE-285)&color=brighgreen) + +### Description + +Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-39472.md b/2024/CVE-2024-39472.md index 208b8814bf..14661bc8ed 100644 --- a/2024/CVE-2024-39472.md +++ b/2024/CVE-2024-39472.md @@ -1,6 +1,6 @@ ### [CVE-2024-39472](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472) ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=0c771b99d6c9%3C%2045cf976008dd%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0c771b99d6c9%3C%2057835c0e7152%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description diff --git a/2024/CVE-2024-39549.md b/2024/CVE-2024-39549.md new file mode 100644 index 0000000000..bf971ca8ea --- /dev/null +++ b/2024/CVE-2024-39549.md @@ -0,0 +1,19 @@ +### [CVE-2024-39549](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39549) +![](https://img.shields.io/static/v1?label=Product&message=Junos%20OS%20Evolved&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Junos%20OS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%2021.2R3-S8%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%2021.2R3-S8-EVO%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-401%3A%20Missing%20Release%20of%20Memory%20after%20Effective%20Lifetime&color=brighgreen) + +### Description + +A Missing Release of Memory after Effective Lifetime vulnerability in the routing process daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP Path attribute update which allocates memory used to log the bad path attribute. This memory is not properly freed in all circumstances, leading to a Denial of Service (DoS).Consumed memory can be freed by manually restarting Routing Protocol Daemon (rpd).Memory utilization could be monitored by: user@host> show system memory or show system monitor memory statusThis issue affects:Junos OS:  * All versions before 21.2R3-S8,  * from 21.4 before 21.4R3-S8, * from 22.2 before 22.2R3-S4,  * from 22.3 before 22.3R3-S3,  * from 22.4 before 22.4R3-S3, * from 23.2 before 23.2R2-S1,  * from 23.4 before 23.4R1-S2, 23.4R2, * from 24.2 before 24.2R2-EVO.Junos OS Evolved: * All versions before 21.2R3-S8-EVO, * from 21.4 before 21.4R3-S8-EVO, * from 22.2 before 22.2R3-S4-EVO, * from 22.3 before 22.3R3-S3-EVO, * from 22.4 before 22.4R3-S3-EVO, * from 23.2 before 23.2R2-S1-EVO, * from 23.4 before 23.4R1-S2, 23.4R2, * from 24.2 before 24.2R2-EVO. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-39778.md b/2024/CVE-2024-39778.md new file mode 100644 index 0000000000..7aa4792870 --- /dev/null +++ b/2024/CVE-2024-39778.md @@ -0,0 +1,17 @@ +### [CVE-2024-39778](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39778) +![](https://img.shields.io/static/v1?label=Product&message=BIG-IP&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=17.1.0%3C%2017.1.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-702%20Weaknesses%20Introduced%20During%20Implementation&color=brighgreen) + +### Description + +When a stateless virtual server is configured on BIG-IP system with a High-Speed Bridge (HSB), undisclosed requests can cause TMM to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-39792.md b/2024/CVE-2024-39792.md new file mode 100644 index 0000000000..22b73abcee --- /dev/null +++ b/2024/CVE-2024-39792.md @@ -0,0 +1,17 @@ +### [CVE-2024-39792](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39792) +![](https://img.shields.io/static/v1?label=Product&message=NGINX%20Plus&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-825%20Expired%20Pointer%20Dereference&color=brighgreen) + +### Description + +When the NGINX Plus is configured to use the MQTT pre-read module, undisclosed requests can cause an increase in memory resource utilization.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-39809.md b/2024/CVE-2024-39809.md new file mode 100644 index 0000000000..1b3e3087be --- /dev/null +++ b/2024/CVE-2024-39809.md @@ -0,0 +1,17 @@ +### [CVE-2024-39809](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39809) +![](https://img.shields.io/static/v1?label=Product&message=BIG-IP%20Next%20Central%20Manager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=20.1.0%3C%2020.2.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-613%20Insufficient%20Session%20Expiration&color=brighgreen) + +### Description + +The Central Manager user session refresh token does not expire when a user logs out.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-41042.md b/2024/CVE-2024-41042.md index baa53df3b0..67ecf11f34 100644 --- a/2024/CVE-2024-41042.md +++ b/2024/CVE-2024-41042.md @@ -1,6 +1,6 @@ ### [CVE-2024-41042](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41042) ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=20a69341f2d0%3C%209df785aeb7dc%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=20a69341f2d0%3C%20b6b6e430470e%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description diff --git a/2024/CVE-2024-41164.md b/2024/CVE-2024-41164.md new file mode 100644 index 0000000000..ed6581c058 --- /dev/null +++ b/2024/CVE-2024-41164.md @@ -0,0 +1,21 @@ +### [CVE-2024-41164](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41164) +![](https://img.shields.io/static/v1?label=Product&message=BIG-IP%20Next%20CNF&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=BIG-IP%20Next%20SPK&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=BIG-IP&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1.1.0%3C%201.2.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=1.5.0%3C%201.9.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=17.1.0%3C%2017.1.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-476%20NULL%20Pointer%20Dereference&color=brighgreen) + +### Description + +When TCP profile with Multipath TCP enabled (MPTCP) is configured on a Virtual Server, undisclosed traffic along with conditions beyond the attackers control can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-41256.md b/2024/CVE-2024-41256.md new file mode 100644 index 0000000000..dcaa27667b --- /dev/null +++ b/2024/CVE-2024-41256.md @@ -0,0 +1,17 @@ +### [CVE-2024-41256](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41256) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Default configurations in the ShareProofVerifier function of filestash v0.4 causes the application to skip the TLS certificate verification process when sending out email verification codes, possibly allowing attackers to access sensitive data via a man-in-the-middle attack. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-41258.md b/2024/CVE-2024-41258.md new file mode 100644 index 0000000000..123dc8c04e --- /dev/null +++ b/2024/CVE-2024-41258.md @@ -0,0 +1,17 @@ +### [CVE-2024-41258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41258) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in filestash v0.4. The usage of the ssh.InsecureIgnoreHostKey() disables host key verification, possibly allowing attackers to obtain sensitive information via a man-in-the-middle attack. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-41719.md b/2024/CVE-2024-41719.md new file mode 100644 index 0000000000..8e331bb208 --- /dev/null +++ b/2024/CVE-2024-41719.md @@ -0,0 +1,17 @@ +### [CVE-2024-41719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41719) +![](https://img.shields.io/static/v1?label=Product&message=BIG-IP%20Next%20Central%20Manager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=20.1.0%3C%2020.2.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-532%20Insertion%20of%20Sensitive%20Information%20into%20Log%20File&color=brighgreen) + +### Description + +When generating QKView of BIG-IP Next instance from the BIG-IP Next Central Manager (CM), F5 iHealth credentials will be logged in the BIG-IP Central Manager logs.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-41723.md b/2024/CVE-2024-41723.md new file mode 100644 index 0000000000..b0e773e2a1 --- /dev/null +++ b/2024/CVE-2024-41723.md @@ -0,0 +1,17 @@ +### [CVE-2024-41723](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41723) +![](https://img.shields.io/static/v1?label=Product&message=BIG-IP&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=17.1.0%3C%2017.1.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen) + +### Description + +Undisclosed requests to BIG-IP iControl REST can lead to information leak of user account names.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-41727.md b/2024/CVE-2024-41727.md new file mode 100644 index 0000000000..28511dc400 --- /dev/null +++ b/2024/CVE-2024-41727.md @@ -0,0 +1,17 @@ +### [CVE-2024-41727](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41727) +![](https://img.shields.io/static/v1?label=Product&message=BIG-IP&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%20Uncontrolled%20Resource%20Consumption&color=brighgreen) + +### Description + +In BIG-IP tenants running on r2000 and r4000 series hardware, or BIG-IP Virtual Edition (VEs) using Intel E810 SR-IOV NIC, undisclosed traffic can cause an increase in memory resource utilization.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-41830.md b/2024/CVE-2024-41830.md new file mode 100644 index 0000000000..39efcd4e75 --- /dev/null +++ b/2024/CVE-2024-41830.md @@ -0,0 +1,17 @@ +### [CVE-2024-41830](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41830) +![](https://img.shields.io/static/v1?label=Product&message=Acrobat%20Reader&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Use%20After%20Free%20(CWE-416)&color=brighgreen) + +### Description + +Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-41831.md b/2024/CVE-2024-41831.md new file mode 100644 index 0000000000..2c38aedc0b --- /dev/null +++ b/2024/CVE-2024-41831.md @@ -0,0 +1,17 @@ +### [CVE-2024-41831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41831) +![](https://img.shields.io/static/v1?label=Product&message=Acrobat%20Reader&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Use%20After%20Free%20(CWE-416)&color=brighgreen) + +### Description + +Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-41832.md b/2024/CVE-2024-41832.md new file mode 100644 index 0000000000..96bfb4ea93 --- /dev/null +++ b/2024/CVE-2024-41832.md @@ -0,0 +1,17 @@ +### [CVE-2024-41832](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41832) +![](https://img.shields.io/static/v1?label=Product&message=Acrobat%20Reader&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Out-of-bounds%20Read%20(CWE-125)&color=brighgreen) + +### Description + +Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-41833.md b/2024/CVE-2024-41833.md new file mode 100644 index 0000000000..2551a230f0 --- /dev/null +++ b/2024/CVE-2024-41833.md @@ -0,0 +1,17 @@ +### [CVE-2024-41833](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41833) +![](https://img.shields.io/static/v1?label=Product&message=Acrobat%20Reader&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Out-of-bounds%20Read%20(CWE-125)&color=brighgreen) + +### Description + +Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-41834.md b/2024/CVE-2024-41834.md new file mode 100644 index 0000000000..55736a0316 --- /dev/null +++ b/2024/CVE-2024-41834.md @@ -0,0 +1,17 @@ +### [CVE-2024-41834](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41834) +![](https://img.shields.io/static/v1?label=Product&message=Acrobat%20Reader&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Out-of-bounds%20Read%20(CWE-125)&color=brighgreen) + +### Description + +Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-41835.md b/2024/CVE-2024-41835.md new file mode 100644 index 0000000000..7e116b16d7 --- /dev/null +++ b/2024/CVE-2024-41835.md @@ -0,0 +1,17 @@ +### [CVE-2024-41835](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41835) +![](https://img.shields.io/static/v1?label=Product&message=Acrobat%20Reader&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Out-of-bounds%20Read%20(CWE-125)&color=brighgreen) + +### Description + +Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-41840.md b/2024/CVE-2024-41840.md new file mode 100644 index 0000000000..64d05120d7 --- /dev/null +++ b/2024/CVE-2024-41840.md @@ -0,0 +1,17 @@ +### [CVE-2024-41840](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41840) +![](https://img.shields.io/static/v1?label=Product&message=Bridge&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Out-of-bounds%20Write%20(CWE-787)&color=brighgreen) + +### Description + +Bridge versions 13.0.8, 14.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-41850.md b/2024/CVE-2024-41850.md new file mode 100644 index 0000000000..3aa0f2bb1e --- /dev/null +++ b/2024/CVE-2024-41850.md @@ -0,0 +1,17 @@ +### [CVE-2024-41850](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41850) +![](https://img.shields.io/static/v1?label=Product&message=InDesign%20Desktop&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Heap-based%20Buffer%20Overflow%20(CWE-122)&color=brighgreen) + +### Description + +InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-41851.md b/2024/CVE-2024-41851.md new file mode 100644 index 0000000000..e8aace01a2 --- /dev/null +++ b/2024/CVE-2024-41851.md @@ -0,0 +1,17 @@ +### [CVE-2024-41851](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41851) +![](https://img.shields.io/static/v1?label=Product&message=InDesign%20Desktop&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Integer%20Overflow%20or%20Wraparound%20(CWE-190)&color=brighgreen) + +### Description + +InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-41852.md b/2024/CVE-2024-41852.md new file mode 100644 index 0000000000..004e21463a --- /dev/null +++ b/2024/CVE-2024-41852.md @@ -0,0 +1,17 @@ +### [CVE-2024-41852](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41852) +![](https://img.shields.io/static/v1?label=Product&message=InDesign%20Desktop&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Stack-based%20Buffer%20Overflow%20(CWE-121)&color=brighgreen) + +### Description + +InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-41853.md b/2024/CVE-2024-41853.md new file mode 100644 index 0000000000..3cf3135573 --- /dev/null +++ b/2024/CVE-2024-41853.md @@ -0,0 +1,17 @@ +### [CVE-2024-41853](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41853) +![](https://img.shields.io/static/v1?label=Product&message=InDesign%20Desktop&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Heap-based%20Buffer%20Overflow%20(CWE-122)&color=brighgreen) + +### Description + +InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-41854.md b/2024/CVE-2024-41854.md new file mode 100644 index 0000000000..077f70e5e5 --- /dev/null +++ b/2024/CVE-2024-41854.md @@ -0,0 +1,17 @@ +### [CVE-2024-41854](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41854) +![](https://img.shields.io/static/v1?label=Product&message=InDesign%20Desktop&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Out-of-bounds%20Read%20(CWE-125)&color=brighgreen) + +### Description + +InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-41856.md b/2024/CVE-2024-41856.md new file mode 100644 index 0000000000..8f49982cff --- /dev/null +++ b/2024/CVE-2024-41856.md @@ -0,0 +1,17 @@ +### [CVE-2024-41856](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41856) +![](https://img.shields.io/static/v1?label=Product&message=Illustrator&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Input%20Validation%20(CWE-20)&color=brighgreen) + +### Description + +Illustrator versions 28.5, 27.9.4 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-41865.md b/2024/CVE-2024-41865.md new file mode 100644 index 0000000000..ee4dbc0be1 --- /dev/null +++ b/2024/CVE-2024-41865.md @@ -0,0 +1,17 @@ +### [CVE-2024-41865](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41865) +![](https://img.shields.io/static/v1?label=Product&message=Dimension&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Untrusted%20Search%20Path%20(CWE-426)&color=brighgreen) + +### Description + +Dimension versions 3.4.11 and earlier are affected by an Untrusted Search Path vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by inserting a malicious file into the search path, which the application might execute instead of the legitimate file. This could occur if the application uses a search path to locate executables or libraries. Exploitation of this issue requires user interaction. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-41866.md b/2024/CVE-2024-41866.md new file mode 100644 index 0000000000..f2e0bfa4e0 --- /dev/null +++ b/2024/CVE-2024-41866.md @@ -0,0 +1,17 @@ +### [CVE-2024-41866](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41866) +![](https://img.shields.io/static/v1?label=Product&message=InDesign%20Desktop&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=NULL%20Pointer%20Dereference%20(CWE-476)&color=brighgreen) + +### Description + +InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS). An attacker could exploit this vulnerability to crash the application, resulting in a denial of service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-4187.md b/2024/CVE-2024-4187.md new file mode 100644 index 0000000000..2868a00ed1 --- /dev/null +++ b/2024/CVE-2024-4187.md @@ -0,0 +1,17 @@ +### [CVE-2024-4187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4187) +![](https://img.shields.io/static/v1?label=Product&message=Filr&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2024.1.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-356%3A%20Product%20UI%20does%20not%20Warn%20User%20of%20Unsafe%20Actions&color=brighgreen) + +### Description + +Stored XSS vulnerability has been discovered in OpenText™ Filr product, affecting versions 24.1.1 and 24.2. The vulnerability could cause users to not be warned when clicking links to external sites. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-41955.md b/2024/CVE-2024-41955.md index 02e71df845..e94773332a 100644 --- a/2024/CVE-2024-41955.md +++ b/2024/CVE-2024-41955.md @@ -13,5 +13,5 @@ Mobile Security Framework (MobSF) is a security research platform for mobile app - https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-8m9j-2f32-2vx4 #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-42258.md b/2024/CVE-2024-42258.md index 10be5c165a..19a991447f 100644 --- a/2024/CVE-2024-42258.md +++ b/2024/CVE-2024-42258.md @@ -1,6 +1,6 @@ ### [CVE-2024-42258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42258) ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=4ef9ad19e176%3C%207e1f4efb8d61%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=87632bc9ecff%3C%2089f2914dd4b4%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description diff --git a/2024/CVE-2024-42259.md b/2024/CVE-2024-42259.md new file mode 100644 index 0000000000..8b424ca71a --- /dev/null +++ b/2024/CVE-2024-42259.md @@ -0,0 +1,17 @@ +### [CVE-2024-42259](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42259) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=c58305af1835%3C%204b09513ce93b%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:drm/i915/gem: Fix Virtual Memory mapping boundaries calculationCalculating the size of the mapped area as the lesser valuebetween the requested size and the actual size does not considerthe partial mapping offset. This can cause page fault access.Fix the calculation of the starting and ending addresses, thetotal size is now deduced from the difference between the end andstart addresses.Additionally, the calculations have been rewritten in a clearerand more understandable form.[Joonas: Add Requires: tag]Requires: 60a2066c5005 ("drm/i915/gem: Adjust vma offset for framebuffer mmap offset")(cherry picked from commit 97b6784753da06d9d40232328efc5c5367e53417) + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42744.md b/2024/CVE-2024-42744.md index 770176326e..5172f89cd3 100644 --- a/2024/CVE-2024-42744.md +++ b/2024/CVE-2024-42744.md @@ -13,5 +13,5 @@ In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contai - https://github.com/HouseFuzz/reports/blob/main/totolink/x5000r/setModifyVpnUser/setModifyVpnUser.md #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-43210.md b/2024/CVE-2024-43210.md new file mode 100644 index 0000000000..125274b578 --- /dev/null +++ b/2024/CVE-2024-43210.md @@ -0,0 +1,17 @@ +### [CVE-2024-43210](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43210) +![](https://img.shields.io/static/v1?label=Product&message=LA-Studio%20Element%20Kit%20for%20Elementor&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.3.9.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LA-Studio LA-Studio Element Kit for Elementor allows Stored XSS.This issue affects LA-Studio Element Kit for Elementor: from n/a through 1.3.9.2. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43213.md b/2024/CVE-2024-43213.md new file mode 100644 index 0000000000..660f36d85f --- /dev/null +++ b/2024/CVE-2024-43213.md @@ -0,0 +1,17 @@ +### [CVE-2024-43213](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43213) +![](https://img.shields.io/static/v1?label=Product&message=WC%20Marketplace&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%204.1.17%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MultiVendorX WC Marketplace allows Reflected XSS.This issue affects WC Marketplace: from n/a through 4.1.17. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43216.md b/2024/CVE-2024-43216.md new file mode 100644 index 0000000000..b815d11dc6 --- /dev/null +++ b/2024/CVE-2024-43216.md @@ -0,0 +1,17 @@ +### [CVE-2024-43216](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43216) +![](https://img.shields.io/static/v1?label=Product&message=Filr%20%E2%80%93%20Secure%20document%20library&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.2.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Patrick Posner Filr – Secure document library allows Stored XSS.This issue affects Filr – Secure document library: from n/a through 1.2.4. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43217.md b/2024/CVE-2024-43217.md new file mode 100644 index 0000000000..4921b9bde3 --- /dev/null +++ b/2024/CVE-2024-43217.md @@ -0,0 +1,17 @@ +### [CVE-2024-43217](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43217) +![](https://img.shields.io/static/v1?label=Product&message=Kodex%20Posts%20likes&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%202.5.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pierre Lebedel Kodex Posts likes allows Reflected XSS.This issue affects Kodex Posts likes: from n/a through 2.5.0. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43218.md b/2024/CVE-2024-43218.md new file mode 100644 index 0000000000..5d65411d9c --- /dev/null +++ b/2024/CVE-2024-43218.md @@ -0,0 +1,17 @@ +### [CVE-2024-43218](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43218) +![](https://img.shields.io/static/v1?label=Product&message=Mediavine%20Control%20Panel&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%202.10.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mediavine Mediavine Control Panel allows Stored XSS.This issue affects Mediavine Control Panel: from n/a through 2.10.4. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43220.md b/2024/CVE-2024-43220.md index 1532daf2b5..678a16f79d 100644 --- a/2024/CVE-2024-43220.md +++ b/2024/CVE-2024-43220.md @@ -13,5 +13,6 @@ Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site No PoCs from references. #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-43224.md b/2024/CVE-2024-43224.md index 34121bb2ea..f95b84487f 100644 --- a/2024/CVE-2024-43224.md +++ b/2024/CVE-2024-43224.md @@ -13,5 +13,6 @@ Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site No PoCs from references. #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-43225.md b/2024/CVE-2024-43225.md index a9f3380b12..f934c4001f 100644 --- a/2024/CVE-2024-43225.md +++ b/2024/CVE-2024-43225.md @@ -13,5 +13,6 @@ Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site No PoCs from references. #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-43226.md b/2024/CVE-2024-43226.md index 51fff3bf8f..27f7c334a8 100644 --- a/2024/CVE-2024-43226.md +++ b/2024/CVE-2024-43226.md @@ -13,5 +13,6 @@ Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site No PoCs from references. #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-43227.md b/2024/CVE-2024-43227.md index c4e94eb1bd..b87dfe366b 100644 --- a/2024/CVE-2024-43227.md +++ b/2024/CVE-2024-43227.md @@ -13,5 +13,6 @@ Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site No PoCs from references. #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-43231.md b/2024/CVE-2024-43231.md index b8283b8f0f..c3a1ee20cc 100644 --- a/2024/CVE-2024-43231.md +++ b/2024/CVE-2024-43231.md @@ -13,5 +13,6 @@ Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site No PoCs from references. #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-43233.md b/2024/CVE-2024-43233.md index bfc4c00a03..a4918b7cb1 100644 --- a/2024/CVE-2024-43233.md +++ b/2024/CVE-2024-43233.md @@ -13,5 +13,6 @@ Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site No PoCs from references. #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-4389.md b/2024/CVE-2024-4389.md index 8e3ffb353e..9b0239bfe4 100644 --- a/2024/CVE-2024-4389.md +++ b/2024/CVE-2024-4389.md @@ -13,5 +13,6 @@ The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to No PoCs from references. #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-6123.md b/2024/CVE-2024-6123.md index f09ada06a9..4b23f6b25e 100644 --- a/2024/CVE-2024-6123.md +++ b/2024/CVE-2024-6123.md @@ -1,11 +1,11 @@ ### [CVE-2024-6123](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6123) ![](https://img.shields.io/static/v1?label=Product&message=Contact%20Form%20by%20Bit%20Form%3A%20Multi%20Step%20Form%2C%20Calculation%20Contact%20Form%2C%20Payment%20Contact%20Form%20%26%20Custom%20Contact%20Form%20builder&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.12.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.13.3%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload%20of%20File%20with%20Dangerous%20Type&color=brighgreen) ### Description -The Bit Form plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'iconUpload' function in all versions up to, and including, 2.12.2. This makes it possible for authenticated attackers, with administrator-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible. +The Bit Form plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'iconUpload' function in all versions up to, and including, 2.13.3. This makes it possible for authenticated attackers, with administrator-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible. ### POC diff --git a/2024/CVE-2024-6392.md b/2024/CVE-2024-6392.md new file mode 100644 index 0000000000..d8e2d568d0 --- /dev/null +++ b/2024/CVE-2024-6392.md @@ -0,0 +1,17 @@ +### [CVE-2024-6392](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6392) +![](https://img.shields.io/static/v1?label=Product&message=Image%20Optimizer%2C%20Resizer%20and%20CDN%20%E2%80%93%20Sirv&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%207.2.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized plugin settings modification due to missing capability checks on the plugin functions in all versions up to, and including, 7.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change the connected Sirv account to an attacker-controlled one. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-6532.md b/2024/CVE-2024-6532.md index 7f6e07336a..d3884a9d3c 100644 --- a/2024/CVE-2024-6532.md +++ b/2024/CVE-2024-6532.md @@ -13,5 +13,6 @@ The Sheet to Table Live Sync for Google Sheet plugin for WordPress is vulnerable No PoCs from references. #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-6533.md b/2024/CVE-2024-6533.md new file mode 100644 index 0000000000..e711814d4d --- /dev/null +++ b/2024/CVE-2024-6533.md @@ -0,0 +1,17 @@ +### [CVE-2024-6533](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6533) +![](https://img.shields.io/static/v1?label=Product&message=Directus&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Directus v10.13.0 allows an authenticated external attacker to execute arbitrary JavaScript on the client. This is possible because the application injects an attacker-controlled parameter that will be stored in the server and used by the client into an unsanitized DOM element. When chained with CVE-2024-6534, it could result in account takeover. + +### POC + +#### Reference +- https://fluidattacks.com/advisories/bocelli + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-6534.md b/2024/CVE-2024-6534.md new file mode 100644 index 0000000000..dc5c85b2c7 --- /dev/null +++ b/2024/CVE-2024-6534.md @@ -0,0 +1,17 @@ +### [CVE-2024-6534](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6534) +![](https://img.shields.io/static/v1?label=Product&message=Directus&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2010.13.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-639%20Authorization%20Bypass%20Through%20User-Controlled%20Key&color=brighgreen) + +### Description + +Directus v10.13.0 allows an authenticated external attacker to modify presets created by the same user to assign them to another user. This is possible because the application only validates the user parameter in the 'POST /presets' request but not in the PATCH request. When chained with CVE-2024-6533, it could result in account takeover. + +### POC + +#### Reference +- https://fluidattacks.com/advisories/capaldi + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7274.md b/2024/CVE-2024-7274.md index 24e8207be7..f137714cb8 100644 --- a/2024/CVE-2024-7274.md +++ b/2024/CVE-2024-7274.md @@ -11,6 +11,7 @@ A vulnerability, which was classified as critical, has been found in itsourcecod #### Reference - https://github.com/DeepMountains/Mirage/blob/main/CVE8-2.md +- https://vuldb.com/?submit.381091 #### Github No PoCs found on GitHub currently. diff --git a/2024/CVE-2024-7347.md b/2024/CVE-2024-7347.md new file mode 100644 index 0000000000..0e04cfbe39 --- /dev/null +++ b/2024/CVE-2024-7347.md @@ -0,0 +1,18 @@ +### [CVE-2024-7347](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7347) +![](https://img.shields.io/static/v1?label=Product&message=NGINX%20Open%20Source&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=NGINX%20Plus&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-126%3A%20Buffer%20Over-read&color=brighgreen) + +### Description + +NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-7588.md b/2024/CVE-2024-7588.md index d6f7af52ba..ee58ab72da 100644 --- a/2024/CVE-2024-7588.md +++ b/2024/CVE-2024-7588.md @@ -13,5 +13,6 @@ The Gutenberg Blocks, Page Builder – ComboBlocks plugin for WordPress is vulne No PoCs from references. #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-7740.md b/2024/CVE-2024-7740.md new file mode 100644 index 0000000000..e334ac6636 --- /dev/null +++ b/2024/CVE-2024-7740.md @@ -0,0 +1,17 @@ +### [CVE-2024-7740](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7740) +![](https://img.shields.io/static/v1?label=Product&message=ltcms&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0.20%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-918%20Server-Side%20Request%20Forgery&color=brighgreen) + +### Description + +A vulnerability has been found in wanglongcn ltcms 1.0.20 and classified as critical. This vulnerability affects the function download of the file /api/test/download of the component API Endpoint. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/DeepMountains/Mirage/blob/main/CVE14-1.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7741.md b/2024/CVE-2024-7741.md new file mode 100644 index 0000000000..1887de56b7 --- /dev/null +++ b/2024/CVE-2024-7741.md @@ -0,0 +1,17 @@ +### [CVE-2024-7741](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7741) +![](https://img.shields.io/static/v1?label=Product&message=ltcms&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0.20%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Path%20Traversal&color=brighgreen) + +### Description + +A vulnerability was found in wanglongcn ltcms 1.0.20 and classified as critical. This issue affects the function downloadFile of the file /api/file/downloadfile of the component API Endpoint. The manipulation of the argument file leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/DeepMountains/Mirage/blob/main/CVE14-2.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7743.md b/2024/CVE-2024-7743.md new file mode 100644 index 0000000000..fa3b468334 --- /dev/null +++ b/2024/CVE-2024-7743.md @@ -0,0 +1,17 @@ +### [CVE-2024-7743](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7743) +![](https://img.shields.io/static/v1?label=Product&message=ltcms&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0.20%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-918%20Server-Side%20Request%20Forgery&color=brighgreen) + +### Description + +A vulnerability was found in wanglongcn ltcms 1.0.20. It has been declared as critical. Affected by this vulnerability is the function downloadUrl of the file /api/file/downloadUrl of the component API Endpoint. The manipulation of the argument file leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/DeepMountains/Mirage/blob/main/CVE14-4.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7748.md b/2024/CVE-2024-7748.md new file mode 100644 index 0000000000..9b40acad94 --- /dev/null +++ b/2024/CVE-2024-7748.md @@ -0,0 +1,17 @@ +### [CVE-2024-7748](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7748) +![](https://img.shields.io/static/v1?label=Product&message=Accounts%20Manager%20App&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, has been found in SourceCodester Accounts Manager App 1.0. This issue affects some unknown processing of the file /endpoint/delete-account.php. The manipulation of the argument account leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/joinia/webray.com.cn/blob/main/Accounts-Manager-App/Accounts-Manager-Appsql.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7749.md b/2024/CVE-2024-7749.md new file mode 100644 index 0000000000..a197f78c07 --- /dev/null +++ b/2024/CVE-2024-7749.md @@ -0,0 +1,17 @@ +### [CVE-2024-7749](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7749) +![](https://img.shields.io/static/v1?label=Product&message=Accounts%20Manager%20App&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability, which was classified as problematic, was found in SourceCodester Accounts Manager App 1.0. Affected is an unknown function of the file /endpoint/add-account.php. The manipulation of the argument account_name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/joinia/webray.com.cn/blob/main/Accounts-Manager-App/Accounts-Manager-Appxss.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7751.md b/2024/CVE-2024-7751.md new file mode 100644 index 0000000000..b683ce55bd --- /dev/null +++ b/2024/CVE-2024-7751.md @@ -0,0 +1,17 @@ +### [CVE-2024-7751](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7751) +![](https://img.shields.io/static/v1?label=Product&message=Clinics%20Patient%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in SourceCodester Clinics Patient Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /update_medicine.php. The manipulation of the argument hidden_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/Wsstiger/cve/blob/main/Clinic's_sql2.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7752.md b/2024/CVE-2024-7752.md new file mode 100644 index 0000000000..7bbbaeb49c --- /dev/null +++ b/2024/CVE-2024-7752.md @@ -0,0 +1,17 @@ +### [CVE-2024-7752](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7752) +![](https://img.shields.io/static/v1?label=Product&message=Clinics%20Patient%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /update_medicine.php. The manipulation of the argument medicine_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/Wsstiger/cve/blob/main/Clinic's_xss.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7792.md b/2024/CVE-2024-7792.md new file mode 100644 index 0000000000..5f1121cf61 --- /dev/null +++ b/2024/CVE-2024-7792.md @@ -0,0 +1,17 @@ +### [CVE-2024-7792](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7792) +![](https://img.shields.io/static/v1?label=Product&message=Task%20Progress%20Tracker&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in SourceCodester Task Progress Tracker 1.0. It has been classified as critical. Affected is an unknown function of the file /endpoint/delete-task.php. The manipulation of the argument task leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/joinia/webray.com.cn/blob/main/Task-Progress-Tracker/Task-Progress-Trackersql.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7794.md b/2024/CVE-2024-7794.md new file mode 100644 index 0000000000..a648da3e4e --- /dev/null +++ b/2024/CVE-2024-7794.md @@ -0,0 +1,17 @@ +### [CVE-2024-7794](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7794) +![](https://img.shields.io/static/v1?label=Product&message=Vehicle%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in itsourcecode Vehicle Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file mybill.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/ppp-src/ha/issues/5 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7810.md b/2024/CVE-2024-7810.md new file mode 100644 index 0000000000..d04e278604 --- /dev/null +++ b/2024/CVE-2024-7810.md @@ -0,0 +1,17 @@ +### [CVE-2024-7810](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7810) +![](https://img.shields.io/static/v1?label=Product&message=Online%20Graduate%20Tracer%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /tracking/admin/view_itprofile.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/Wsstiger/cve/blob/main/Tracer_sql.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7811.md b/2024/CVE-2024-7811.md new file mode 100644 index 0000000000..90abfa9f02 --- /dev/null +++ b/2024/CVE-2024-7811.md @@ -0,0 +1,17 @@ +### [CVE-2024-7811](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7811) +![](https://img.shields.io/static/v1?label=Product&message=Daily%20Expenses%20Monitoring%20App&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability classified as critical has been found in SourceCodester Daily Expenses Monitoring App 1.0. This affects an unknown part of the file /endpoint/delete-expense.php. The manipulation of the argument expense leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/Peanut886/Vulnerability/blob/main/webray.com.cn/2024/daily%20expenses%20monitoring%20app%20-%20delete-expense.php%20sql%20injection%20vulnerability.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7814.md b/2024/CVE-2024-7814.md new file mode 100644 index 0000000000..a019c2540c --- /dev/null +++ b/2024/CVE-2024-7814.md @@ -0,0 +1,17 @@ +### [CVE-2024-7814](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7814) +![](https://img.shields.io/static/v1?label=Product&message=Online%20Railway%20Reservation%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability, which was classified as problematic, was found in CodeAstro Online Railway Reservation System 1.0. Affected is an unknown function of the file /admin/admin-add-employee.php of the component Add Employee Page. The manipulation of the argument emp_fname /emp_lname /emp_nat_idno/emp_addr leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/CYB84/CVE_Writeup/blob/main/Online%20Railway%20Reservation%20System/Stored%20XSS.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7815.md b/2024/CVE-2024-7815.md new file mode 100644 index 0000000000..5fe2c6ba5a --- /dev/null +++ b/2024/CVE-2024-7815.md @@ -0,0 +1,17 @@ +### [CVE-2024-7815](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7815) +![](https://img.shields.io/static/v1?label=Product&message=Online%20Railway%20Reservation%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability has been found in CodeAstro Online Railway Reservation System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/admin-update-employee.php of the component Update Employee Page. The manipulation of the argument emp_fname /emp_lname /emp_nat_idno/emp_addr leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/CYB84/CVE_Writeup/blob/main/Online%20Railway%20Reservation%20System/Stored%20XSS.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/github.txt b/github.txt index 0131737fac..eb8a22b641 100644 --- a/github.txt +++ b/github.txt @@ -5900,6 +5900,7 @@ CVE-2010-3203 - https://github.com/ARPSyndicate/kenzer-templates CVE-2010-3227 - https://github.com/ARPSyndicate/cvemon CVE-2010-3227 - https://github.com/nitishbadole/oscp-note-2 CVE-2010-3227 - https://github.com/rmsbpro/rmsbpro +CVE-2010-3275 - https://github.com/JohnSomanza/Qualys-Vulnerability-Management CVE-2010-3301 - https://github.com/ARPSyndicate/cvemon CVE-2010-3301 - https://github.com/Al1ex/LinuxEelvation CVE-2010-3301 - https://github.com/C0dak/linux-kernel-exploits @@ -11657,6 +11658,7 @@ CVE-2014-0160 - https://github.com/Muhammad-Hammad-Shafqat/awesome-pentest CVE-2014-0160 - https://github.com/Muhammd/Awesome-Payloads CVE-2014-0160 - https://github.com/Muhammd/Awesome-Pentest CVE-2014-0160 - https://github.com/MyKings/docker-vulnerability-environment +CVE-2014-0160 - https://github.com/N3rdyN3xus/CVE-2014-0160_Heartbleed CVE-2014-0160 - https://github.com/NCSU-DANCE-Research-Group/CDL CVE-2014-0160 - https://github.com/Nicolasbcrrl/h2_Goat CVE-2014-0160 - https://github.com/Nieuport/Awesome-Security @@ -12685,6 +12687,7 @@ CVE-2014-1939 - https://github.com/heimashi/CompatWebView CVE-2014-1943 - https://github.com/Live-Hack-CVE/CVE-2014-1943 CVE-2014-1972 - https://github.com/PalindromeLabs/Java-Deserialization-CVEs CVE-2014-2024 - https://github.com/pxcs/CVE-29343-Sysmon-list +CVE-2014-2024 - https://github.com/pxcs/CVE-Report CVE-2014-2024 - https://github.com/pxcs/CVE_Sysmon_Report CVE-2014-2038 - https://github.com/ARPSyndicate/cvemon CVE-2014-2039 - https://github.com/ARPSyndicate/cvemon @@ -13010,6 +13013,7 @@ CVE-2014-3187 - https://github.com/Section9Labs/advisories CVE-2014-3188 - https://github.com/allpaca/chrome-sbx-db CVE-2014-3201 - https://github.com/BushraAloraini/Android-Vulnerabilities CVE-2014-3206 - https://github.com/ARPSyndicate/kenzer-templates +CVE-2014-3206 - https://github.com/north-vuln-intel/nuclei-nvi CVE-2014-3214 - https://github.com/C4ssif3r/nmap-scripts CVE-2014-3214 - https://github.com/stran0s/stran0s CVE-2014-3341 - https://github.com/IOActive/NexusTacos @@ -13334,6 +13338,7 @@ CVE-2014-3704 - https://github.com/q99266/saury-vulnhub CVE-2014-3704 - https://github.com/smartFlash/pySecurity CVE-2014-3704 - https://github.com/superfish9/pt CVE-2014-3704 - https://github.com/superlink996/chunqiuyunjingbachang +CVE-2014-3704 - https://github.com/t0ffe/CybSec_Course_Project_II CVE-2014-3704 - https://github.com/t0m4too/t0m4to CVE-2014-3704 - https://github.com/vshaliii/DC-1-Vulnhub-Walkthrough CVE-2014-3704 - https://github.com/xinyisleep/pocscan @@ -14441,6 +14446,7 @@ CVE-2014-6271 - https://github.com/jdauphant/patch-bash-shellshock CVE-2014-6271 - https://github.com/jeholliday/shellshock CVE-2014-6271 - https://github.com/jerryxk/awesome-hacking CVE-2014-6271 - https://github.com/jj1bdx/bash-3.2-osx-fix +CVE-2014-6271 - https://github.com/jli149/Incident-handling-with-Splunk CVE-2014-6271 - https://github.com/jmedeng/suriya73-exploits CVE-2014-6271 - https://github.com/jottama/pentesting CVE-2014-6271 - https://github.com/justone0127/Red-Hat-Advanced-Cluster-Security-for-Kubernetes-Operator-Installation @@ -14456,6 +14462,7 @@ CVE-2014-6271 - https://github.com/kinourik/hacking-tools CVE-2014-6271 - https://github.com/kk98kk0/Payloads CVE-2014-6271 - https://github.com/kowshik-sundararajan/CVE-2014-6271 CVE-2014-6271 - https://github.com/kraloveckey/venom +CVE-2014-6271 - https://github.com/krillavilla/CryptoV4ULT-Enterprise-Security-Assessment CVE-2014-6271 - https://github.com/ksw9722/PayloadsAllTheThings CVE-2014-6271 - https://github.com/kxcode/kbash CVE-2014-6271 - https://github.com/lethanhtrung22/Awesome-Hacking @@ -14602,6 +14609,7 @@ CVE-2014-6271 - https://github.com/stillHere3000/KnownMalware CVE-2014-6271 - https://github.com/sulsseo/BSY-report CVE-2014-6271 - https://github.com/sunnyjiang/shellshocker-android CVE-2014-6271 - https://github.com/sv3nbeast/Attack-Notes +CVE-2014-6271 - https://github.com/t0ffe/CybSec_Course_Project_II CVE-2014-6271 - https://github.com/t0m4too/t0m4to CVE-2014-6271 - https://github.com/takuzoo3868/laputa CVE-2014-6271 - https://github.com/tanjiti/sec_profile @@ -14670,6 +14678,7 @@ CVE-2014-6271 - https://github.com/yllnelaj/awesome-pentest CVE-2014-6271 - https://github.com/yojiwatanabe/NetworkAlarm CVE-2014-6271 - https://github.com/yukitsukai47/PenetrationTesting_cheatsheet CVE-2014-6271 - https://github.com/yumoL/cybersecurity-project2 +CVE-2014-6271 - https://github.com/yveeranki5566/LogData-Analysis CVE-2014-6271 - https://github.com/zalalov/CVE-2014-6271 CVE-2014-6271 - https://github.com/zeroch1ll/CodePathWeek9 CVE-2014-6271 - https://github.com/zgimszhd61/awesome-security @@ -16478,6 +16487,8 @@ CVE-2015-1635 - https://github.com/Aquilao/Toy-Box CVE-2015-1635 - https://github.com/Cappricio-Securities/CVE-2015-1635 CVE-2015-1635 - https://github.com/H3xL00m/CVE-2015-1635 CVE-2015-1635 - https://github.com/H3xL00m/CVE-2015-1635-POC +CVE-2015-1635 - https://github.com/N3rdyN3xus/CVE-2015-1635 +CVE-2015-1635 - https://github.com/N3rdyN3xus/CVE-2015-1635-POC CVE-2015-1635 - https://github.com/Olysyan/MSS CVE-2015-1635 - https://github.com/Ostorlab/KEV CVE-2015-1635 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors @@ -18926,6 +18937,7 @@ CVE-2015-6668 - https://github.com/ARPSyndicate/cvemon CVE-2015-6668 - https://github.com/G01d3nW01f/CVE-2015-6668 CVE-2015-6668 - https://github.com/H3xL00m/CVE-2015-6668 CVE-2015-6668 - https://github.com/Ki11i0n4ir3/CVE-2015-6668 +CVE-2015-6668 - https://github.com/N3rdyN3xus/CVE-2015-6668 CVE-2015-6668 - https://github.com/Sp3c73rSh4d0w/CVE-2015-6668 CVE-2015-6668 - https://github.com/c0d3cr4f73r/CVE-2015-6668 CVE-2015-6668 - https://github.com/crypticdante/CVE-2015-6668 @@ -22890,6 +22902,7 @@ CVE-2016-1555 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detec CVE-2016-1555 - https://github.com/faisalfs10x/faisalfs10x CVE-2016-1555 - https://github.com/ide0x90/cve-2016-1555 CVE-2016-1555 - https://github.com/ker2x/DearDiary +CVE-2016-1555 - https://github.com/north-vuln-intel/nuclei-nvi CVE-2016-1555 - https://github.com/padresvater/Mobile-Internet-Security CVE-2016-1555 - https://github.com/zyw-200/EQUAFL_setup CVE-2016-1559 - https://github.com/ARPSyndicate/cvemon @@ -34092,6 +34105,7 @@ CVE-2017-12629 - https://github.com/hanbufei/dddd CVE-2017-12629 - https://github.com/huimzjty/vulwiki CVE-2017-12629 - https://github.com/ilmila/J2EEScan CVE-2017-12629 - https://github.com/jweny/pocassistdb +CVE-2017-12629 - https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0 CVE-2017-12629 - https://github.com/mustblade/solr_hacktool CVE-2017-12629 - https://github.com/p4d0rn/Siren CVE-2017-12629 - https://github.com/password520/RedTeamer @@ -37637,6 +37651,7 @@ CVE-2017-3506 - https://github.com/lnick2023/nicenice CVE-2017-3506 - https://github.com/lonehand/Oracle-WebLogic-CVE-2017-10271-master CVE-2017-3506 - https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet CVE-2017-3506 - https://github.com/nihaohello/N-MiddlewareScan +CVE-2017-3506 - https://github.com/north-vuln-intel/nuclei-nvi CVE-2017-3506 - https://github.com/openx-org/BLEN CVE-2017-3506 - https://github.com/password520/RedTeamer CVE-2017-3506 - https://github.com/peterpeter228/Oracle-WebLogic-CVE-2017-10271 @@ -40110,6 +40125,7 @@ CVE-2017-7199 - https://github.com/Nick7012/RedTeam-Tools CVE-2017-7199 - https://github.com/OFD5/R3d-Teaming-Automation CVE-2017-7199 - https://github.com/SamuelYtsejaM/Herramientas-Red-Team CVE-2017-7199 - https://github.com/TheJoyOfHacking/rasta-mouse-Sherlock +CVE-2017-7199 - https://github.com/errorwiki/AttacksToolkit CVE-2017-7199 - https://github.com/garyweller020/Red-Teams-Tools CVE-2017-7199 - https://github.com/marklindsey11/OSINT1 CVE-2017-7199 - https://github.com/nmvuonginfosec/redteam_tool @@ -42938,6 +42954,7 @@ CVE-2017-9506 - https://github.com/labsbots/CVE-2017-9506 CVE-2017-9506 - https://github.com/merlinepedra/nuclei-templates CVE-2017-9506 - https://github.com/merlinepedra25/nuclei-templates CVE-2017-9506 - https://github.com/murksombra/rmap +CVE-2017-9506 - https://github.com/north-vuln-intel/nuclei-nvi CVE-2017-9506 - https://github.com/pen4uin/awesome-vulnerability-research CVE-2017-9506 - https://github.com/pen4uin/vulnerability-research CVE-2017-9506 - https://github.com/pen4uin/vulnerability-research-list @@ -49149,6 +49166,7 @@ CVE-2018-16159 - https://github.com/ARPSyndicate/kenzer-templates CVE-2018-16164 - https://github.com/ARPSyndicate/cvemon CVE-2018-16167 - https://github.com/ARPSyndicate/kenzer-templates CVE-2018-16167 - https://github.com/dnr6419/CVE-2018-16167 +CVE-2018-16167 - https://github.com/north-vuln-intel/nuclei-nvi CVE-2018-16177 - https://github.com/p1ay8y3ar/cve_monitor CVE-2018-16222 - https://github.com/ARPSyndicate/cvemon CVE-2018-16224 - https://github.com/ARPSyndicate/cvemon @@ -59173,6 +59191,7 @@ CVE-2019-1003000 - https://github.com/hktalent/bug-bounty CVE-2019-1003000 - https://github.com/huimzjty/vulwiki CVE-2019-1003000 - https://github.com/jaychouzzk/- CVE-2019-1003000 - https://github.com/jbmihoub/all-poc +CVE-2019-1003000 - https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0 CVE-2019-1003000 - https://github.com/onewinner/VulToolsKit CVE-2019-1003000 - https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main CVE-2019-1003000 - https://github.com/purple-WL/Jenkins_CVE-2019-1003000 @@ -60055,6 +60074,7 @@ CVE-2019-10758 - https://github.com/lions2012/Penetration_Testing_POC CVE-2019-10758 - https://github.com/lovechinacoco/https-github.com-mai-lang-chai-Middleware-Vulnerability-detection CVE-2019-10758 - https://github.com/lp008/CVE-2019-10758 CVE-2019-10758 - https://github.com/masahiro331/CVE-2019-10758 +CVE-2019-10758 - https://github.com/north-vuln-intel/nuclei-nvi CVE-2019-10758 - https://github.com/ossf-cve-benchmark/CVE-2019-10758 CVE-2019-10758 - https://github.com/password520/Penetration_PoC CVE-2019-10758 - https://github.com/pentration/gongkaishouji @@ -69786,6 +69806,7 @@ CVE-2019-17506 - https://github.com/Z0fhack/Goby_POC CVE-2019-17506 - https://github.com/amcai/myscan CVE-2019-17506 - https://github.com/bigblackhat/oFx CVE-2019-17506 - https://github.com/d4n-sec/d4n-sec.github.io +CVE-2019-17506 - https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0 CVE-2019-17506 - https://github.com/openx-org/BLEN CVE-2019-17506 - https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main CVE-2019-17506 - https://github.com/sobinge/nuclei-templates @@ -69897,12 +69918,14 @@ CVE-2019-17558 - https://github.com/hanc00l/some_pocsuite CVE-2019-17558 - https://github.com/hectorgie/PoC-in-GitHub CVE-2019-17558 - https://github.com/hktalent/TOP CVE-2019-17558 - https://github.com/hktalent/bug-bounty +CVE-2019-17558 - https://github.com/huan-cdm/secure_tools_link CVE-2019-17558 - https://github.com/huike007/penetration_poc CVE-2019-17558 - https://github.com/huimzjty/vulwiki CVE-2019-17558 - https://github.com/jbmihoub/all-poc CVE-2019-17558 - https://github.com/koala2099/GitHub-Chinese-Top-Charts CVE-2019-17558 - https://github.com/lions2012/Penetration_Testing_POC CVE-2019-17558 - https://github.com/merlinepedra/nuclei-templates +CVE-2019-17558 - https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0 CVE-2019-17558 - https://github.com/merlinepedra25/nuclei-templates CVE-2019-17558 - https://github.com/mustblade/solr_hacktool CVE-2019-17558 - https://github.com/neilzhang1/Chinese-Charts @@ -72169,6 +72192,7 @@ CVE-2019-2616 - https://github.com/ARPSyndicate/cvemon CVE-2019-2616 - https://github.com/ARPSyndicate/kenzer-templates CVE-2019-2616 - https://github.com/Ostorlab/KEV CVE-2019-2616 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors +CVE-2019-2616 - https://github.com/north-vuln-intel/nuclei-nvi CVE-2019-2618 - https://github.com/0xT11/CVE-POC CVE-2019-2618 - https://github.com/0xn0ne/weblogicScanner CVE-2019-2618 - https://github.com/20142995/sectool @@ -74070,6 +74094,7 @@ CVE-2019-6340 - https://github.com/hectorgie/PoC-in-GitHub CVE-2019-6340 - https://github.com/hktalent/TOP CVE-2019-6340 - https://github.com/hktalent/bug-bounty CVE-2019-6340 - https://github.com/honeybot/wtf-plugin-honeybot-cve_2019_6340 +CVE-2019-6340 - https://github.com/huan-cdm/secure_tools_link CVE-2019-6340 - https://github.com/itsamirac1e/Offensive_Security_CTF_Rekall CVE-2019-6340 - https://github.com/jas502n/CVE-2019-6340 CVE-2019-6340 - https://github.com/jbmihoub/all-poc @@ -78901,6 +78926,7 @@ CVE-2020-10199 - https://github.com/developer3000S/PoC-in-GitHub CVE-2020-10199 - https://github.com/hasee2018/Penetration_Testing_POC CVE-2020-10199 - https://github.com/hectorgie/PoC-in-GitHub CVE-2020-10199 - https://github.com/hktalent/TOP +CVE-2020-10199 - https://github.com/huan-cdm/secure_tools_link CVE-2020-10199 - https://github.com/hugosg97/CVE-2020-10199-Nexus-3.21.01 CVE-2020-10199 - https://github.com/huike007/penetration_poc CVE-2020-10199 - https://github.com/huike007/poc @@ -78981,6 +79007,7 @@ CVE-2020-10204 - https://github.com/hasee2018/Penetration_Testing_POC CVE-2020-10204 - https://github.com/hectorgie/PoC-in-GitHub CVE-2020-10204 - https://github.com/hktalent/TOP CVE-2020-10204 - https://github.com/hktalent/bug-bounty +CVE-2020-10204 - https://github.com/huan-cdm/secure_tools_link CVE-2020-10204 - https://github.com/huike007/penetration_poc CVE-2020-10204 - https://github.com/huike007/poc CVE-2020-10204 - https://github.com/jas502n/CVE-2020-10199 @@ -79568,6 +79595,7 @@ CVE-2020-10558 - https://github.com/soosmile/POC CVE-2020-10560 - https://github.com/0xT11/CVE-POC CVE-2020-10560 - https://github.com/ARPSyndicate/cvemon CVE-2020-10560 - https://github.com/LucidUnicorn/CVE-2020-10560-Key-Recovery +CVE-2020-10560 - https://github.com/alex-seymour/CVE-2020-10560-Key-Recovery CVE-2020-10560 - https://github.com/developer3000S/PoC-in-GitHub CVE-2020-10560 - https://github.com/hectorgie/PoC-in-GitHub CVE-2020-10560 - https://github.com/jandersoncampelo/InfosecBookmarks @@ -80481,6 +80509,7 @@ CVE-2020-11444 - https://github.com/d4n-sec/d4n-sec.github.io CVE-2020-11444 - https://github.com/developer3000S/PoC-in-GitHub CVE-2020-11444 - https://github.com/hectorgie/PoC-in-GitHub CVE-2020-11444 - https://github.com/hktalent/TOP +CVE-2020-11444 - https://github.com/huan-cdm/secure_tools_link CVE-2020-11444 - https://github.com/jas502n/CVE-2020-10199 CVE-2020-11444 - https://github.com/jbmihoub/all-poc CVE-2020-11444 - https://github.com/koala2099/GitHub-Chinese-Top-Charts @@ -83025,6 +83054,7 @@ CVE-2020-14181 - https://github.com/hectorgie/PoC-in-GitHub CVE-2020-14181 - https://github.com/imhunterand/JiraCVE CVE-2020-14181 - https://github.com/jweny/pocassistdb CVE-2020-14181 - https://github.com/merlinepedra/nuclei-templates +CVE-2020-14181 - https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0 CVE-2020-14181 - https://github.com/merlinepedra25/nuclei-templates CVE-2020-14181 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2020-14181 - https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main @@ -86682,6 +86712,7 @@ CVE-2020-1938 - https://github.com/hasee2018/Penetration_Testing_POC CVE-2020-1938 - https://github.com/hectorgie/PoC-in-GitHub CVE-2020-1938 - https://github.com/hktalent/TOP CVE-2020-1938 - https://github.com/hktalent/bug-bounty +CVE-2020-1938 - https://github.com/huan-cdm/secure_tools_link CVE-2020-1938 - https://github.com/huike007/penetration_poc CVE-2020-1938 - https://github.com/huike007/poc CVE-2020-1938 - https://github.com/huimzjty/vulwiki @@ -88141,6 +88172,7 @@ CVE-2020-25078 - https://github.com/d4n-sec/d4n-sec.github.io CVE-2020-25078 - https://github.com/fishykz/2530L-analyze CVE-2020-25078 - https://github.com/jorhelp/Ingram CVE-2020-25078 - https://github.com/lovechinacoco/https-github.com-mai-lang-chai-Middleware-Vulnerability-detection +CVE-2020-25078 - https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0 CVE-2020-25078 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2020-25078 - https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main CVE-2020-25078 - https://github.com/pen4uin/awesome-vulnerability-research @@ -88842,6 +88874,7 @@ CVE-2020-2555 - https://github.com/hectorgie/PoC-in-GitHub CVE-2020-2555 - https://github.com/hktalent/CVE_2020_2546 CVE-2020-2555 - https://github.com/hktalent/TOP CVE-2020-2555 - https://github.com/hktalent/bug-bounty +CVE-2020-2555 - https://github.com/huan-cdm/secure_tools_link CVE-2020-2555 - https://github.com/huike007/penetration_poc CVE-2020-2555 - https://github.com/huike007/poc CVE-2020-2555 - https://github.com/hungslab/awd-tools @@ -90809,6 +90842,7 @@ CVE-2020-2883 - https://github.com/hectorgie/PoC-in-GitHub CVE-2020-2883 - https://github.com/hktalent/CVE_2020_2546 CVE-2020-2883 - https://github.com/hktalent/TOP CVE-2020-2883 - https://github.com/hktalent/bug-bounty +CVE-2020-2883 - https://github.com/huan-cdm/secure_tools_link CVE-2020-2883 - https://github.com/huike007/penetration_poc CVE-2020-2883 - https://github.com/huike007/poc CVE-2020-2883 - https://github.com/hungslab/awd-tools @@ -95545,6 +95579,7 @@ CVE-2020-8515 - https://github.com/trhacknon/CVE-2020-8515 CVE-2020-8515 - https://github.com/trhacknon/CVE-2020-8515-PoC CVE-2020-8515 - https://github.com/trhacknon/nmap_draytek_rce CVE-2020-8515 - https://github.com/truerandom/nmap_draytek_rce +CVE-2020-8515 - https://github.com/yveeranki5566/LogData-Analysis CVE-2020-8518 - https://github.com/ARPSyndicate/cvemon CVE-2020-8539 - https://github.com/ARPSyndicate/cvemon CVE-2020-8547 - https://github.com/ARPSyndicate/cvemon @@ -96268,6 +96303,7 @@ CVE-2020-8958 - https://github.com/ker2x/DearDiary CVE-2020-8958 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2020-8958 - https://github.com/qurbat/CVE-2020-8958 CVE-2020-8958 - https://github.com/soosmile/POC +CVE-2020-8958 - https://github.com/yveeranki5566/LogData-Analysis CVE-2020-8960 - https://github.com/fruh/security-bulletins CVE-2020-8961 - https://github.com/ARPSyndicate/cvemon CVE-2020-8968 - https://github.com/Live-Hack-CVE/CVE-2020-8968 @@ -96862,6 +96898,7 @@ CVE-2020-9496 - https://github.com/dwisiswant0/CVE-2020-9496 CVE-2020-9496 - https://github.com/g33xter/CVE-2020-9496 CVE-2020-9496 - https://github.com/hectorgie/PoC-in-GitHub CVE-2020-9496 - https://github.com/merlinepedra/nuclei-templates +CVE-2020-9496 - https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0 CVE-2020-9496 - https://github.com/merlinepedra25/nuclei-templates CVE-2020-9496 - https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet CVE-2020-9496 - https://github.com/nomi-sec/PoC-in-GitHub @@ -100006,6 +100043,7 @@ CVE-2021-21315 - https://github.com/k0mi-tg/CVE-POC CVE-2021-21315 - https://github.com/lions2012/Penetration_Testing_POC CVE-2021-21315 - https://github.com/lovechinacoco/https-github.com-mai-lang-chai-Middleware-Vulnerability-detection CVE-2021-21315 - https://github.com/manas3c/CVE-POC +CVE-2021-21315 - https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0 CVE-2021-21315 - https://github.com/mintoolkit/mint CVE-2021-21315 - https://github.com/mmk-1/kubernetes-poc CVE-2021-21315 - https://github.com/n1sh1th/CVE-POC @@ -100588,6 +100626,7 @@ CVE-2021-21972 - https://github.com/lovechinacoco/https-github.com-mai-lang-chai CVE-2021-21972 - https://github.com/mamba-2021/fscan-POC CVE-2021-21972 - https://github.com/manas3c/CVE-POC CVE-2021-21972 - https://github.com/mdisec/mdisec-twitch-yayinlari +CVE-2021-21972 - https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0 CVE-2021-21972 - https://github.com/milo2012/CVE-2021-21972 CVE-2021-21972 - https://github.com/mstxq17/SecurityArticleLogger CVE-2021-21972 - https://github.com/murataydemir/CVE-2021-21972 @@ -100964,6 +101003,7 @@ CVE-2021-22005 - https://github.com/lions2012/Penetration_Testing_POC CVE-2021-22005 - https://github.com/mamba-2021/EXP-POC CVE-2021-22005 - https://github.com/mamba-2021/fscan-POC CVE-2021-22005 - https://github.com/manas3c/CVE-POC +CVE-2021-22005 - https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0 CVE-2021-22005 - https://github.com/nday-ldgz/ZoomEye-dork CVE-2021-22005 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2021-22005 - https://github.com/onewinner/VulToolsKit @@ -101372,6 +101412,7 @@ CVE-2021-22205 - https://github.com/keven1z/CVE-2021-22205 CVE-2021-22205 - https://github.com/kh4sh3i/Gitlab-CVE CVE-2021-22205 - https://github.com/lions2012/Penetration_Testing_POC CVE-2021-22205 - https://github.com/manas3c/CVE-POC +CVE-2021-22205 - https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0 CVE-2021-22205 - https://github.com/momika233/cve-2021-22205-GitLab-13.10.2---Remote-Code-Execution-RCE-Unauthenticated- CVE-2021-22205 - https://github.com/mr-r3bot/Gitlab-CVE-2021-22205 CVE-2021-22205 - https://github.com/nomi-sec/PoC-in-GitHub @@ -101817,6 +101858,7 @@ CVE-2021-22986 - https://github.com/lions2012/Penetration_Testing_POC CVE-2021-22986 - https://github.com/lovechinacoco/https-github.com-mai-lang-chai-Middleware-Vulnerability-detection CVE-2021-22986 - https://github.com/luck-ying/Library-POC CVE-2021-22986 - https://github.com/manas3c/CVE-POC +CVE-2021-22986 - https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0 CVE-2021-22986 - https://github.com/microvorld/CVE-2021-22986 CVE-2021-22986 - https://github.com/n1sh1th/CVE-POC CVE-2021-22986 - https://github.com/nomi-sec/PoC-in-GitHub @@ -103670,6 +103712,7 @@ CVE-2021-26084 - https://github.com/march0s1as/CVE-2021-26084 CVE-2021-26084 - https://github.com/maskerTUI/CVE-2021-26084 CVE-2021-26084 - https://github.com/mdisec/mdisec-twitch-yayinlari CVE-2021-26084 - https://github.com/merlinepedra/Pentest-Tools +CVE-2021-26084 - https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0 CVE-2021-26084 - https://github.com/merlinepedra25/Pentest-Tools CVE-2021-26084 - https://github.com/merlinepedra25/Pentest-Tools-1 CVE-2021-26084 - https://github.com/nahcusira/CVE-2021-26084 @@ -103928,6 +103971,7 @@ CVE-2021-26295 - https://github.com/lions2012/Penetration_Testing_POC CVE-2021-26295 - https://github.com/lovechinacoco/https-github.com-mai-lang-chai-Middleware-Vulnerability-detection CVE-2021-26295 - https://github.com/ltfafei/my_POC CVE-2021-26295 - https://github.com/manas3c/CVE-POC +CVE-2021-26295 - https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0 CVE-2021-26295 - https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet CVE-2021-26295 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2021-26295 - https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main @@ -106831,6 +106875,7 @@ CVE-2021-30461 - https://github.com/WhooAmii/POC_to_review CVE-2021-30461 - https://github.com/bigblackhat/oFx CVE-2021-30461 - https://github.com/d4n-sec/d4n-sec.github.io CVE-2021-30461 - https://github.com/daedalus/CVE-2021-30461 +CVE-2021-30461 - https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0 CVE-2021-30461 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2021-30461 - https://github.com/openx-org/BLEN CVE-2021-30461 - https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main @@ -109769,6 +109814,7 @@ CVE-2021-34429 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2021-34429 - https://github.com/nu1r/yak-module-Nu CVE-2021-34429 - https://github.com/openx-org/BLEN CVE-2021-34429 - https://github.com/soosmile/POC +CVE-2021-34429 - https://github.com/t0ffe/CybSec_Course_Project_II CVE-2021-34429 - https://github.com/whoami13apt/files2 CVE-2021-34432 - https://github.com/ARPSyndicate/cvemon CVE-2021-34432 - https://github.com/PBearson/FUME-Fuzzing-MQTT-Brokers @@ -112006,6 +112052,7 @@ CVE-2021-37580 - https://github.com/githublihaha/vul CVE-2021-37580 - https://github.com/huimzjty/vulwiki CVE-2021-37580 - https://github.com/langligelang/langligelang CVE-2021-37580 - https://github.com/lions2012/Penetration_Testing_POC +CVE-2021-37580 - https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0 CVE-2021-37580 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2021-37580 - https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main CVE-2021-37580 - https://github.com/pen4uin/awesome-vulnerability-research @@ -115216,6 +115263,7 @@ CVE-2021-41773 - https://github.com/mauricelambert/CVE-2021-41773 CVE-2021-41773 - https://github.com/mauricelambert/CVE-2021-42013 CVE-2021-41773 - https://github.com/mauricelambert/mauricelambert.github.io CVE-2021-41773 - https://github.com/merlinepedra/RedTeam_toolkit +CVE-2021-41773 - https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0 CVE-2021-41773 - https://github.com/merlinepedra25/RedTeam_toolkit CVE-2021-41773 - https://github.com/mightysai1997/CVE-2021-41773-L- CVE-2021-41773 - https://github.com/mightysai1997/CVE-2021-41773-PoC @@ -115552,6 +115600,7 @@ CVE-2021-42013 - https://github.com/lions2012/Penetration_Testing_POC CVE-2021-42013 - https://github.com/ltfafei/my_POC CVE-2021-42013 - https://github.com/mauricelambert/CVE-2021-42013 CVE-2021-42013 - https://github.com/mauricelambert/mauricelambert.github.io +CVE-2021-42013 - https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0 CVE-2021-42013 - https://github.com/metecicek/Advent-of-Cyber-3-2021- CVE-2021-42013 - https://github.com/mightysai1997/-apache_2.4.50 CVE-2021-42013 - https://github.com/mightysai1997/cve-2021-42013 @@ -117130,6 +117179,7 @@ CVE-2021-43798 - https://github.com/lalkaltest/CVE-2021-43798 CVE-2021-43798 - https://github.com/lfz97/CVE-2021-43798-Grafana-File-Read CVE-2021-43798 - https://github.com/light-Life/CVE-2021-43798 CVE-2021-43798 - https://github.com/mauricelambert/LabAutomationCVE-2021-43798 +CVE-2021-43798 - https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0 CVE-2021-43798 - https://github.com/n1sh1th/CVE-POC CVE-2021-43798 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2021-43798 - https://github.com/nuker/CVE-2021-43798 @@ -120003,6 +120053,7 @@ CVE-2021-45232 - https://github.com/itxfahdi/-cve-2021-45232 CVE-2021-45232 - https://github.com/jxpsx/CVE-2021-45232-RCE CVE-2021-45232 - https://github.com/leveryd/leveryd CVE-2021-45232 - https://github.com/lions2012/Penetration_Testing_POC +CVE-2021-45232 - https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0 CVE-2021-45232 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2021-45232 - https://github.com/openx-org/BLEN CVE-2021-45232 - https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main @@ -123112,6 +123163,7 @@ CVE-2022-1388 - https://github.com/lonnyzhang423/github-hot-hub CVE-2022-1388 - https://github.com/luck-ying/Library-POC CVE-2022-1388 - https://github.com/manas3c/CVE-POC CVE-2022-1388 - https://github.com/merlinepedra/RedTeam_toolkit +CVE-2022-1388 - https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0 CVE-2022-1388 - https://github.com/merlinepedra25/RedTeam_toolkit CVE-2022-1388 - https://github.com/mr-vill4in/CVE-2022-1388 CVE-2022-1388 - https://github.com/nico989/CVE-2022-1388 @@ -126227,6 +126279,7 @@ CVE-2022-22947 - https://github.com/mamba-2021/EXP-POC CVE-2022-22947 - https://github.com/mamba-2021/fscan-POC CVE-2022-22947 - https://github.com/manas3c/CVE-POC CVE-2022-22947 - https://github.com/march0s1as/CVE-2022-22947 +CVE-2022-22947 - https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0 CVE-2022-22947 - https://github.com/metaStor/SpringScan CVE-2022-22947 - https://github.com/michaelklaan/CVE-2022-22947-Spring-Cloud CVE-2022-22947 - https://github.com/mieeA/SpringWebflux-MemShell @@ -126410,6 +126463,7 @@ CVE-2022-22954 - https://github.com/lucksec/VMware-CVE-2022-22954 CVE-2022-22954 - https://github.com/mamba-2021/EXP-POC CVE-2022-22954 - https://github.com/mamba-2021/fscan-POC CVE-2022-22954 - https://github.com/manas3c/CVE-POC +CVE-2022-22954 - https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0 CVE-2022-22954 - https://github.com/mhurts/CVE-2022-22954-POC CVE-2022-22954 - https://github.com/mumu2020629/-CVE-2022-22954-scanner CVE-2022-22954 - https://github.com/nguyenv1nK/CVE-2022-22954 @@ -126576,6 +126630,7 @@ CVE-2022-22963 - https://github.com/mamba-2021/fscan-POC CVE-2022-22963 - https://github.com/manas3c/CVE-POC CVE-2022-22963 - https://github.com/me2nuk/CVE-2022-22963 CVE-2022-22963 - https://github.com/mebibite/springhound +CVE-2022-22963 - https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0 CVE-2022-22963 - https://github.com/metaStor/SpringScan CVE-2022-22963 - https://github.com/murchie85/twitterCyberMonitor CVE-2022-22963 - https://github.com/nBp1Ng/FrameworkAndComponentVulnerabilities @@ -126849,6 +126904,7 @@ CVE-2022-22965 - https://github.com/mariomamo/CVE-2022-22965 CVE-2022-22965 - https://github.com/matheuscezar/spring4shell-massive-scan CVE-2022-22965 - https://github.com/me2nuk/CVE-2022-22965 CVE-2022-22965 - https://github.com/mebibite/springhound +CVE-2022-22965 - https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0 CVE-2022-22965 - https://github.com/metaStor/SpringScan CVE-2022-22965 - https://github.com/mikaelkall/Spring4Shell CVE-2022-22965 - https://github.com/mirsaes/cyao2pdf @@ -127333,6 +127389,7 @@ CVE-2022-23131 - https://github.com/k0mi-tg/CVE-POC CVE-2022-23131 - https://github.com/kh4sh3i/CVE-2022-23131 CVE-2022-23131 - https://github.com/lions2012/Penetration_Testing_POC CVE-2022-23131 - https://github.com/manas3c/CVE-POC +CVE-2022-23131 - https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0 CVE-2022-23131 - https://github.com/murchie85/twitterCyberMonitor CVE-2022-23131 - https://github.com/nirsarkar/Nuclei-Templates-Collection CVE-2022-23131 - https://github.com/nomi-sec/PoC-in-GitHub @@ -130587,6 +130644,7 @@ CVE-2022-26134 - https://github.com/lions2012/Penetration_Testing_POC CVE-2022-26134 - https://github.com/loobug/stools CVE-2022-26134 - https://github.com/mamba-2021/EXP-POC CVE-2022-26134 - https://github.com/manas3c/CVE-POC +CVE-2022-26134 - https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0 CVE-2022-26134 - https://github.com/murataydemir/CVE-2022-26134 CVE-2022-26134 - https://github.com/nitishbadole/oscp-note-3 CVE-2022-26134 - https://github.com/nomi-sec/PoC-in-GitHub @@ -133550,6 +133608,7 @@ CVE-2022-29464 - https://github.com/k4u5h41/CVE-2022-29464 CVE-2022-29464 - https://github.com/lonnyzhang423/github-hot-hub CVE-2022-29464 - https://github.com/lowkey0808/cve-2022-29464 CVE-2022-29464 - https://github.com/manas3c/CVE-POC +CVE-2022-29464 - https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0 CVE-2022-29464 - https://github.com/mr-r3bot/WSO2-CVE-2022-29464 CVE-2022-29464 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2022-29464 - https://github.com/oppsec/WSOB @@ -134529,6 +134588,7 @@ CVE-2022-30525 - https://github.com/kuznyJan1972/CVE-2022-30525-mass CVE-2022-30525 - https://github.com/lions2012/Penetration_Testing_POC CVE-2022-30525 - https://github.com/luck-ying/Library-POC CVE-2022-30525 - https://github.com/manas3c/CVE-POC +CVE-2022-30525 - https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0 CVE-2022-30525 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2022-30525 - https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main CVE-2022-30525 - https://github.com/savior-only/CVE-2022-30525 @@ -135493,6 +135553,7 @@ CVE-2022-31814 - https://github.com/EvergreenCartoons/SenselessViolence CVE-2022-31814 - https://github.com/Knownasjohnn/RCE CVE-2022-31814 - https://github.com/Madliife0/CVE-2022-31814 CVE-2022-31814 - https://github.com/NaInSec/CVE-PoC-in-GitHub +CVE-2022-31814 - https://github.com/Ostorlab/KEV CVE-2022-31814 - https://github.com/SYRTI/POC_to_review CVE-2022-31814 - https://github.com/TheUnknownSoul/CVE-2022-31814 CVE-2022-31814 - https://github.com/WhooAmii/POC_to_review @@ -140094,6 +140155,7 @@ CVE-2022-41114 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2022-41120 - https://github.com/ARPSyndicate/cvemon CVE-2022-41120 - https://github.com/Wh04m1001/SysmonEoP CVE-2022-41120 - https://github.com/pxcs/CVE-29343-Sysmon-list +CVE-2022-41120 - https://github.com/pxcs/CVE-Report CVE-2022-41120 - https://github.com/pxcs/CVE_Sysmon_Report CVE-2022-41123 - https://github.com/k0mi-tg/CVE-POC CVE-2022-41123 - https://github.com/manas3c/CVE-POC @@ -141541,6 +141603,7 @@ CVE-2022-44702 - https://github.com/dgl/houdini-kubectl-poc CVE-2022-44704 - https://github.com/ARPSyndicate/cvemon CVE-2022-44704 - https://github.com/Wh04m1001/SysmonEoP CVE-2022-44704 - https://github.com/pxcs/CVE-29343-Sysmon-list +CVE-2022-44704 - https://github.com/pxcs/CVE-Report CVE-2022-44704 - https://github.com/pxcs/CVE_Sysmon_Report CVE-2022-44721 - https://github.com/ARPSyndicate/cvemon CVE-2022-44721 - https://github.com/gmh5225/CVE-2022-44721-CsFalconUninstaller @@ -163490,6 +163553,7 @@ CVE-2024-21733 - https://github.com/1N3/1N3 CVE-2024-21733 - https://github.com/Marco-zcl/POC CVE-2024-21733 - https://github.com/Ostorlab/KEV CVE-2024-21733 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-21733 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-21733 - https://github.com/versio-io/product-lifecycle-security-api CVE-2024-21733 - https://github.com/wjlin0/poc-doc CVE-2024-21733 - https://github.com/wy876/POC @@ -166895,6 +166959,7 @@ CVE-2024-28054 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-2806 - https://github.com/LaPhilosophie/IoT-vulnerable CVE-2024-2806 - https://github.com/NaInSec/CVE-LIST CVE-2024-2806 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-28066 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-28069 - https://github.com/NaInSec/CVE-LIST CVE-2024-28069 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-2807 - https://github.com/LaPhilosophie/IoT-vulnerable @@ -168713,6 +168778,7 @@ CVE-2024-31819 - https://github.com/Chocapikk/Chocapikk CVE-2024-31819 - https://github.com/Chocapikk/My-CVEs CVE-2024-31819 - https://github.com/Jhonsonwannaa/CVE-2024-31819 CVE-2024-31819 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-3183 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-31839 - https://github.com/chebuya/CVE-2024-30850-chaos-rat-rce-poc CVE-2024-31839 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-31848 - https://github.com/Stuub/CVE-2024-31848-PoC @@ -169075,6 +169141,7 @@ CVE-2024-32888 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-32888 - https://github.com/zgimszhd61/openai-sec-test-cve-quickstart CVE-2024-3289 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3290 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-32901 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3291 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3293 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3293 - https://github.com/nomi-sec/PoC-in-GitHub @@ -169145,6 +169212,7 @@ CVE-2024-33214 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-33215 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-33217 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-33218 - https://github.com/gmh5225/awesome-game-security +CVE-2024-33228 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-33255 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-33258 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-33259 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -169305,6 +169373,7 @@ CVE-2024-33911 - https://github.com/xbz0n/CVE-2024-33911 CVE-2024-33957 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-33958 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-33959 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-33960 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-33975 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-33976 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-33977 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -169804,6 +169873,7 @@ CVE-2024-36401 - https://github.com/Threekiii/CVE CVE-2024-36401 - https://github.com/TrojanAZhen/Self_Back CVE-2024-36401 - https://github.com/Y4tacker/JavaSec CVE-2024-36401 - https://github.com/ahisec/nuclei-tps +CVE-2024-36401 - https://github.com/bigblackhat/oFx CVE-2024-36401 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-36401 - https://github.com/onewinner/POCS CVE-2024-36401 - https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main @@ -169914,6 +169984,7 @@ CVE-2024-3714 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-37147 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-37253 - https://github.com/20142995/nuclei-templates CVE-2024-3727 - https://github.com/EGI-Federation/SVG-advisories +CVE-2024-37273 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-37287 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-37287 - https://github.com/tanjiti/sec_profile CVE-2024-3729 - https://github.com/chnzzh/OpenSSL-CVE-lib @@ -169976,6 +170047,7 @@ CVE-2024-3783 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3784 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-37843 - https://github.com/gsmith257-cyber/CVE-2024-37843-POC CVE-2024-37843 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-37849 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3785 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3786 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-37880 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -169994,7 +170066,9 @@ CVE-2024-38041 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-3806 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-3806 - https://github.com/tanjiti/sec_profile CVE-2024-3806 - https://github.com/truonghuuphuc/CVE-2024-3806-AND-CVE-2024-3807-Poc +CVE-2024-38063 - https://github.com/being1943/my_rss_reader CVE-2024-38063 - https://github.com/kherrick/hacker-news +CVE-2024-38063 - https://github.com/zhaoolee/garss CVE-2024-3807 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-3807 - https://github.com/truonghuuphuc/CVE-2024-3806-AND-CVE-2024-3807-Poc CVE-2024-38077 - https://github.com/0xMarcio/cve @@ -170170,6 +170244,7 @@ CVE-2024-39419 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3942 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-39472 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3951 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-39549 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3957 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3958 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3961 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -170535,6 +170610,8 @@ CVE-2024-4123 - https://github.com/LaPhilosophie/IoT-vulnerable CVE-2024-41238 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4124 - https://github.com/LaPhilosophie/IoT-vulnerable CVE-2024-4125 - https://github.com/LaPhilosophie/IoT-vulnerable +CVE-2024-41256 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-41258 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4126 - https://github.com/LaPhilosophie/IoT-vulnerable CVE-2024-4126 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4127 - https://github.com/LaPhilosophie/IoT-vulnerable @@ -170619,6 +170696,7 @@ CVE-2024-41863 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-41864 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-41865 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-41866 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-4187 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-41910 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-41911 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-41913 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -170626,6 +170704,7 @@ CVE-2024-41942 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-41943 - https://github.com/alessio-romano/Sfoffo-Pentesting-Notes CVE-2024-41943 - https://github.com/alessio-romano/alessio-romano CVE-2024-41946 - https://github.com/lifeparticle/Ruby-Cheatsheet +CVE-2024-41955 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-41957 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-41958 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-41965 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -170720,7 +170799,13 @@ CVE-2024-4257 - https://github.com/wjlin0/poc-doc CVE-2024-4257 - https://github.com/wy876/POC CVE-2024-4257 - https://github.com/wy876/wiki CVE-2024-4265 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42676 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42677 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42678 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42679 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42680 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-42739 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42744 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4286 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4295 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-4295 - https://github.com/truonghuuphuc/CVE-2024-4295-Poc @@ -170751,18 +170836,44 @@ CVE-2024-43165 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4317 - https://github.com/wiltondb/wiltondb CVE-2024-43199 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4320 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-43207 - https://github.com/20142995/nuclei-templates +CVE-2024-43208 - https://github.com/20142995/nuclei-templates +CVE-2024-43209 - https://github.com/20142995/nuclei-templates +CVE-2024-43210 - https://github.com/20142995/nuclei-templates +CVE-2024-43212 - https://github.com/20142995/nuclei-templates +CVE-2024-43213 - https://github.com/20142995/nuclei-templates +CVE-2024-43214 - https://github.com/20142995/nuclei-templates +CVE-2024-43215 - https://github.com/20142995/nuclei-templates +CVE-2024-43216 - https://github.com/20142995/nuclei-templates +CVE-2024-43217 - https://github.com/20142995/nuclei-templates +CVE-2024-43218 - https://github.com/20142995/nuclei-templates +CVE-2024-43219 - https://github.com/20142995/nuclei-templates +CVE-2024-43220 - https://github.com/20142995/nuclei-templates CVE-2024-43220 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-43221 - https://github.com/20142995/nuclei-templates +CVE-2024-43223 - https://github.com/20142995/nuclei-templates +CVE-2024-43224 - https://github.com/20142995/nuclei-templates CVE-2024-43224 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-43225 - https://github.com/20142995/nuclei-templates CVE-2024-43225 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-43226 - https://github.com/20142995/nuclei-templates CVE-2024-43226 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-43227 - https://github.com/20142995/nuclei-templates CVE-2024-43227 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-43229 - https://github.com/20142995/nuclei-templates CVE-2024-4323 - https://github.com/d0rb/CVE-2024-4323 CVE-2024-4323 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-4323 - https://github.com/skilfoy/CVE-2024-4323-Exploit-POC CVE-2024-4323 - https://github.com/yuansec/CVE-2024-4323-dos_poc CVE-2024-4323 - https://github.com/zgimszhd61/openai-sec-test-cve-quickstart +CVE-2024-43230 - https://github.com/20142995/nuclei-templates +CVE-2024-43231 - https://github.com/20142995/nuclei-templates CVE-2024-43231 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-43232 - https://github.com/20142995/nuclei-templates +CVE-2024-43233 - https://github.com/20142995/nuclei-templates CVE-2024-43233 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-43235 - https://github.com/20142995/nuclei-templates +CVE-2024-43236 - https://github.com/20142995/nuclei-templates CVE-2024-4324 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4328 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4331 - https://github.com/angelov-1080/CVE_Checker @@ -170772,6 +170883,7 @@ CVE-2024-4334 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-43358 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-43359 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-43360 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-43373 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4340 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4345 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4346 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -170815,6 +170927,7 @@ CVE-2024-4370 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4373 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4374 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-43770 - https://github.com/netlas-io/netlas-dorks +CVE-2024-4389 - https://github.com/20142995/nuclei-templates CVE-2024-4389 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4392 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4393 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -171335,6 +171448,7 @@ CVE-2024-6315 - https://github.com/20142995/nuclei-templates CVE-2024-6329 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6342 - https://github.com/yikesoftware/yikesoftware CVE-2024-6343 - https://github.com/yikesoftware/yikesoftware +CVE-2024-6347 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6366 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-6385 - https://github.com/Ostorlab/KEV CVE-2024-6387 - https://github.com/0xMarcio/cve @@ -171365,6 +171479,7 @@ CVE-2024-6387 - https://github.com/teamos-hub/regreSSHion CVE-2024-6387 - https://github.com/trailofbits/codeql-queries CVE-2024-6390 - https://github.com/20142995/nuclei-templates CVE-2024-6390 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-6392 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6412 - https://github.com/20142995/nuclei-templates CVE-2024-6420 - https://github.com/20142995/nuclei-templates CVE-2024-6462 - https://github.com/20142995/nuclei-templates @@ -171383,6 +171498,7 @@ CVE-2024-6522 - https://github.com/20142995/nuclei-templates CVE-2024-6522 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-65230 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-6529 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-6532 - https://github.com/20142995/nuclei-templates CVE-2024-6532 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6536 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-6552 - https://github.com/20142995/nuclei-templates @@ -171502,6 +171618,8 @@ CVE-2024-7216 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7246 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7247 - https://github.com/20142995/nuclei-templates CVE-2024-7247 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7262 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7263 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7265 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7266 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7267 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -171613,6 +171731,7 @@ CVE-2024-7580 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7581 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7584 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7585 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7588 - https://github.com/20142995/nuclei-templates CVE-2024-7588 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7589 - https://github.com/tanjiti/sec_profile CVE-2024-7590 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -171631,7 +171750,13 @@ CVE-2024-7728 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7729 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7731 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7732 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7790 - https://github.com/JoshuaMart/JoshuaMart CVE-2024-7790 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7829 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7830 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7831 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7832 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7833 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-87654 - https://github.com/runwuf/clickhouse-test CVE-2024-98765 - https://github.com/runwuf/clickhouse-test CVE-2024-99999 - https://github.com/kolewttd/wtt diff --git a/references.txt b/references.txt index 32a433cc96..36a614ad8e 100644 --- a/references.txt +++ b/references.txt @@ -1748,6 +1748,8 @@ CVE-2005-1192 - https://oval.cisecurity.org/repository/search/definition/oval%3A CVE-2005-1193 - http://www.kb.cert.org/vuls/id/113196 CVE-2005-1194 - http://www.redhat.com/support/errata/RHSA-2005-381.html CVE-2005-1199 - http://marc.info/?l=bugtraq&m=111393619021575&w=2 +CVE-2005-1202 - http://sourceforge.net/project/shownotes.php?release_id=320768 +CVE-2005-1203 - http://sourceforge.net/project/shownotes.php?release_id=320768 CVE-2005-1205 - https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-033 CVE-2005-1206 - https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-027 CVE-2005-1207 - https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-028 @@ -53107,6 +53109,7 @@ CVE-2018-21171 - https://kb.netgear.com/000055187/Security-Advisory-for-Post-Aut CVE-2018-21173 - https://kb.netgear.com/000055185/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-PSV-2017-2627 CVE-2018-21175 - https://kb.netgear.com/000055183/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2624 CVE-2018-21176 - https://kb.netgear.com/000055182/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2623 +CVE-2018-21177 - https://kb.netgear.com/000055181/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2622 CVE-2018-21179 - https://kb.netgear.com/000055179/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2620 CVE-2018-21183 - https://kb.netgear.com/000055175/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-PSV-2017-2616 CVE-2018-21189 - https://kb.netgear.com/000055168/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2606 @@ -53194,6 +53197,7 @@ CVE-2018-2421 - https://blogs.sap.com/2018/05/08/sap-security-patch-day-may-2018 CVE-2018-2421 - https://launchpad.support.sap.com/#/notes/2616599 CVE-2018-2422 - https://blogs.sap.com/2018/05/08/sap-security-patch-day-may-2018/ CVE-2018-2423 - https://blogs.sap.com/2018/05/08/sap-security-patch-day-may-2018/ +CVE-2018-2444 - https://launchpad.support.sap.com/#/notes/2621395 CVE-2018-2452 - https://launchpad.support.sap.com/#/notes/2623846 CVE-2018-2473 - https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832 CVE-2018-2476 - https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832 @@ -53226,6 +53230,7 @@ CVE-2018-25055 - https://github.com/jeffcoughlin/farcrysolrpro/issues/78 CVE-2018-25080 - https://vuldb.com/?id.220061 CVE-2018-25081 - https://flashpoint.io/blog/bitwarden-password-pilfering/ CVE-2018-25083 - https://security.snyk.io/vuln/npm:pullit:20180214 +CVE-2018-25088 - https://vuldb.com/?ctiid.234246 CVE-2018-25095 - https://wpscan.com/vulnerability/16cc47aa-cb31-4114-b014-7ac5fbc1d3ee CVE-2018-2560 - http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html CVE-2018-2561 - http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html @@ -59526,6 +59531,7 @@ CVE-2019-17674 - https://blog.wpscan.org/wordpress/security/release/2019/10/15/w CVE-2019-17675 - https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html CVE-2019-1785 - https://bugzilla.clamav.net/show_bug.cgi?id=12284 CVE-2019-1791 - http://www.securityfocus.com/bid/108390 +CVE-2019-18193 - https://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=52 CVE-2019-18194 - https://www.youtube.com/watch?v=88qeaLq98Gc CVE-2019-18196 - https://safebreach.com/Post/TeamViewer-Windows-Client-v11-to-v14-DLL-Preloading-and-Potential-Abuses-CVE-2019-18196 CVE-2019-18197 - https://www.oracle.com/security-alerts/cpuapr2020.html @@ -80439,6 +80445,7 @@ CVE-2022-1092 - https://wpscan.com/vulnerability/95759d5c-8802-4493-b7e5-7f2bc54 CVE-2022-1093 - https://wpscan.com/vulnerability/57017050-811e-474d-8256-33d19d4c0553 CVE-2022-1094 - https://wpscan.com/vulnerability/3c03816b-e381-481c-b9f5-63d0c24ff329 CVE-2022-1095 - https://wpscan.com/vulnerability/bf476a3e-05ba-4b54-8a65-3d261ad5337b +CVE-2022-1101 - https://vuldb.com/?id.195785 CVE-2022-1102 - https://vuldb.com/?id.195786 CVE-2022-1103 - https://wpscan.com/vulnerability/9ddeef95-7c7f-4296-a55b-fd3304c91c18 CVE-2022-1104 - https://wpscan.com/vulnerability/4d4709f3-ad38-4519-a24a-73bc04b20e52 @@ -89477,6 +89484,7 @@ CVE-2023-1676 - https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2 CVE-2023-1677 - https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-1677 CVE-2023-1678 - https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-1678 CVE-2023-1679 - https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-1679 +CVE-2023-1681 - https://vuldb.com/?id.224238 CVE-2023-1685 - https://vuldb.com/?id.224242 CVE-2023-1687 - https://vuldb.com/?id.224244 CVE-2023-1701 - https://huntr.dev/bounties/64f943c4-68e5-4ef8-82f6-9c4abe928256 @@ -89625,6 +89633,7 @@ CVE-2023-2034 - https://huntr.dev/bounties/aba6beaa-570e-4523-8128-da4d8e374ef6 CVE-2023-2035 - https://vuldb.com/?id.225913 CVE-2023-2036 - https://vuldb.com/?id.225914 CVE-2023-2037 - https://vuldb.com/?id.225915 +CVE-2023-2039 - https://vuldb.com/?id.225917 CVE-2023-2042 - https://vuldb.com/?id.225920 CVE-2023-2050 - https://github.com/E1CHO/cve_hub/blob/main/Advanced%20Online%20Voting%20System/Advanced%20Online%20Voting%20System%20-%20vuln%204.pdf CVE-2023-2051 - https://vuldb.com/?id.225936 @@ -89653,6 +89662,7 @@ CVE-2023-20895 - https://www.talosintelligence.com/vulnerability_reports/TALOS-2 CVE-2023-20902 - https://github.com/goharbor/harbor/security/advisories/GHSA-mq6f-5xh5-hgcf CVE-2023-20928 - http://packetstormsecurity.com/files/170855/Android-Binder-VMA-Management-Security-Issues.html CVE-2023-20937 - http://packetstormsecurity.com/files/171239/Android-GKI-Kernels-Contain-Broken-Non-Upstream-Speculative-Page-Faults-MM-Code.html +CVE-2023-2096 - https://vuldb.com/?id.226104 CVE-2023-2097 - https://github.com/E1CHO/cve_hub/blob/main/Vehicle%20Service%20Management%20System/Vehicle%20Service%20Management%20System%20-%20vuln%206.pdf CVE-2023-2097 - https://vuldb.com/?id.226105 CVE-2023-2102 - https://huntr.dev/bounties/dd7c04a7-a984-4387-9ac4-24596e7ece44 @@ -90157,6 +90167,7 @@ CVE-2023-23454 - https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux. CVE-2023-23455 - https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a2965c7be0522eaa18808684b7b82b248515511b CVE-2023-23456 - https://github.com/upx/upx/issues/632 CVE-2023-23457 - https://github.com/upx/upx/issues/631 +CVE-2023-2346 - https://vuldb.com/?id.227589 CVE-2023-23488 - http://packetstormsecurity.com/files/171661/WordPress-Paid-Memberships-Pro-2.9.8-SQL-Injection.html CVE-2023-23488 - https://www.tenable.com/security/research/tra-2023-2 CVE-2023-23489 - https://www.tenable.com/security/research/tra-2023-2 @@ -91346,6 +91357,7 @@ CVE-2023-28528 - http://packetstormsecurity.com/files/172458/IBM-AIX-7.2-inscout CVE-2023-2859 - https://huntr.dev/bounties/d7b8ea75-c74a-4721-89bb-12e5c80fb0ba CVE-2023-28613 - http://packetstormsecurity.com/files/172177/Shannon-Baseband-Integer-Overflow.html CVE-2023-28616 - https://advisories.stormshield.eu/2023-006 +CVE-2023-2862 - https://vuldb.com/?id.229818 CVE-2023-28627 - https://github.com/pymedusa/Medusa/security/advisories/GHSA-6589-x6f5-cgg9 CVE-2023-28628 - https://github.com/lambdaisland/uri/security/advisories/GHSA-cp4w-6x4w-v2h5 CVE-2023-2863 - https://www.youtube.com/watch?v=V0u9C5RVSic @@ -91456,6 +91468,7 @@ CVE-2023-29211 - https://github.com/xwiki/xwiki-platform/security/advisories/GHS CVE-2023-29212 - https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-c5f4-p5wv-2475 CVE-2023-29214 - https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qx9h-c5v6-ghqh CVE-2023-2923 - https://github.com/GleamingEyes/vul/blob/main/1.md +CVE-2023-2923 - https://vuldb.com/?id.230077 CVE-2023-2924 - https://github.com/RCEraser/cve/blob/main/SimField.md CVE-2023-2925 - https://vuldb.com/?id.230079 CVE-2023-2927 - https://github.com/HuBenLab/HuBenVulList/blob/main/JiZhiCMS%20is%20vulnerable%20to%20Server-side%20request%20forgery%20(SSRF).md @@ -100110,6 +100123,8 @@ CVE-2024-6526 - https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/i CVE-2024-6526 - https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/issues/263#issuecomment-2199387443 CVE-2024-6529 - https://wpscan.com/vulnerability/1a346c9a-cc1a-46b1-b27a-a77a38449933/ CVE-2024-6531 - https://www.herodevs.com/vulnerability-directory/cve-2024-6531 +CVE-2024-6533 - https://fluidattacks.com/advisories/bocelli +CVE-2024-6534 - https://fluidattacks.com/advisories/capaldi CVE-2024-6536 - https://wpscan.com/vulnerability/ee40c1c6-4186-4b97-866c-fb0e76cedeb8/ CVE-2024-6651 - https://wpscan.com/vulnerability/65e2c77d-09bd-4a44-81d9-d7a5db0e0f84/ CVE-2024-6652 - https://github.com/littletree7/cve/issues/1 @@ -100247,6 +100262,7 @@ CVE-2024-7272 - https://github.com/CookedMelon/ReportCVE/tree/main/FFmpeg/poc5 CVE-2024-7272 - https://github.com/CookedMelon/ReportCVE/tree/main/FFmpeg/poc6 CVE-2024-7273 - https://github.com/DeepMountains/Mirage/blob/main/CVE8-1.md CVE-2024-7274 - https://github.com/DeepMountains/Mirage/blob/main/CVE8-2.md +CVE-2024-7274 - https://vuldb.com/?submit.381091 CVE-2024-7275 - https://github.com/DeepMountains/Mirage/blob/main/CVE8-3.md CVE-2024-7275 - https://vuldb.com/?submit.381093 CVE-2024-7276 - https://github.com/DeepMountains/Mirage/blob/main/CVE8-4.md @@ -100385,3 +100401,16 @@ CVE-2024-7705 - https://github.com/DeepMountains/Mirage/blob/main/CVE12-1.md CVE-2024-7706 - https://github.com/DeepMountains/Mirage/blob/main/CVE12-2.md CVE-2024-7707 - https://github.com/VodkaVortex/IoT/blob/main/formSafeEmailFilter.md CVE-2024-7715 - https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_photo_search.md +CVE-2024-7740 - https://github.com/DeepMountains/Mirage/blob/main/CVE14-1.md +CVE-2024-7741 - https://github.com/DeepMountains/Mirage/blob/main/CVE14-2.md +CVE-2024-7743 - https://github.com/DeepMountains/Mirage/blob/main/CVE14-4.md +CVE-2024-7748 - https://github.com/joinia/webray.com.cn/blob/main/Accounts-Manager-App/Accounts-Manager-Appsql.md +CVE-2024-7749 - https://github.com/joinia/webray.com.cn/blob/main/Accounts-Manager-App/Accounts-Manager-Appxss.md +CVE-2024-7751 - https://github.com/Wsstiger/cve/blob/main/Clinic's_sql2.md +CVE-2024-7752 - https://github.com/Wsstiger/cve/blob/main/Clinic's_xss.md +CVE-2024-7792 - https://github.com/joinia/webray.com.cn/blob/main/Task-Progress-Tracker/Task-Progress-Trackersql.md +CVE-2024-7794 - https://github.com/ppp-src/ha/issues/5 +CVE-2024-7810 - https://github.com/Wsstiger/cve/blob/main/Tracer_sql.md +CVE-2024-7811 - https://github.com/Peanut886/Vulnerability/blob/main/webray.com.cn/2024/daily%20expenses%20monitoring%20app%20-%20delete-expense.php%20sql%20injection%20vulnerability.md +CVE-2024-7814 - https://github.com/CYB84/CVE_Writeup/blob/main/Online%20Railway%20Reservation%20System/Stored%20XSS.md +CVE-2024-7815 - https://github.com/CYB84/CVE_Writeup/blob/main/Online%20Railway%20Reservation%20System/Stored%20XSS.md