Update CVE sources 2024-06-10 07:22

2026-05-12 21:42:20 +02:00 · 2024-06-10 07:22:43 +00:00
parent 5b48fda51e
commit d9f6f5801b
172 changed files with 1054 additions and 8 deletions
@@ -14,5 +14,6 @@ No PoCs from references.

 #### Github
 - https://github.com/ARPSyndicate/cvemon
+- https://github.com/CVEDB/awesome-cve-repo
 - https://github.com/cyberdesu/Remote-Buffer-overflow-CVE-2003-0172

@@ -19,6 +19,7 @@ No PoCs from references.
 - https://github.com/Badbug6/EQGRP
 - https://github.com/CKmaenn/EQGRP
 - https://github.com/CVEDB/PoC-List
+- https://github.com/CVEDB/awesome-cve-repo
 - https://github.com/CybernetiX-S3C/EQGRP_Linux
 - https://github.com/Drift-Security/Shadow_Brokers-Vs-NSA
 - https://github.com/IHA114/EQGRP
@@ -15,5 +15,6 @@ No PoCs from references.
 #### Github
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/CVEDB/PoC-List
+- https://github.com/CVEDB/awesome-cve-repo
 - https://github.com/phamthanhsang280477/CVE-2003-0222

@@ -17,6 +17,7 @@ Multiple buffer overflows in SLMail 5.1.0.4420 allows remote attackers to execut
 - https://github.com/0x4D5352/rekall-penetration-test
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/CVEDB/PoC-List
+- https://github.com/CVEDB/awesome-cve-repo
 - https://github.com/SxNade/CVE-2003-0264_EXPLOIT
 - https://github.com/adenkiewicz/CVE-2003-0264
 - https://github.com/cytopia/fuzza
@@ -15,6 +15,7 @@ No PoCs from references.
 #### Github
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/CVEDB/PoC-List
+- https://github.com/CVEDB/awesome-cve-repo
 - https://github.com/ronomon/zip
 - https://github.com/runtimed/cve-2003-0282
 - https://github.com/runtimem/cve-2003-0282
@@ -17,6 +17,7 @@ No PoCs from references.
 - https://github.com/7etsuo/snowcra5h
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/CVEDB/PoC-List
+- https://github.com/CVEDB/awesome-cve-repo
 - https://github.com/fengjixuchui/CVE-2003-0358
 - https://github.com/gmh5225/CVE-2003-0358
 - https://github.com/snowcra5h/CVE-2003-0358
@@ -13,5 +13,6 @@ Open redirect vulnerability in cs.html in the Autonomy (formerly Verity) Ultrase
 No PoCs from references.

 #### Github
+- https://github.com/CVEDB/awesome-cve-repo
 - https://github.com/Cappricio-Securities/CVE-2009-0347

@@ -60,4 +60,5 @@ No PoCs from references.
 - https://github.com/theGreenJedi/Hacker-Guides
 - https://github.com/theykillmeslowly/CVE-2012-1823
 - https://github.com/zhibx/fscan-Intranet
+- https://github.com/zomasec/CVE-2024-4577

@@ -26,6 +26,7 @@ No PoCs from references.
 - https://github.com/SaimSA/Vulnerability-Management-with-Nessus
 - https://github.com/Securenetology/CVE-2013-3900
 - https://github.com/The-Education-and-Skills-Partnership/WinVerifyTrust-Signature-Mitigation
+- https://github.com/ellikt1/STIG-and-SCAP-Compliance-for-Windows-10-11-VMs
 - https://github.com/ellikt1/Vulnerability-Assessment
 - https://github.com/florylsk/SignatureGate
 - https://github.com/hiba-ahmad1/NessusVulnManagement
@@ -118,6 +118,7 @@ The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses
 - https://github.com/pashicop/3.9_1
 - https://github.com/puppetlabs/puppetlabs-compliance_profile
 - https://github.com/r0metheus/poodle-attack
+- https://github.com/r0metheus/poodle-attack-poc
 - https://github.com/r3p3r/1N3-MassBleed
 - https://github.com/rameezts/poodle_check
 - https://github.com/rvaralda/aws_poodle_fix
@@ -48,6 +48,7 @@ Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be seri
 - https://github.com/lnick2023/nicenice
 - https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet
 - https://github.com/openx-org/BLEN
+- https://github.com/orlayneta/JenkinsTests
 - https://github.com/orlayneta/activemq
 - https://github.com/password520/RedTeamer
 - https://github.com/qazbnm456/awesome-cve-poc
@@ -75,6 +75,7 @@ Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG)
 - https://github.com/gredler/aegis4j
 - https://github.com/hellochunqiu/PayloadsAllTheThings
 - https://github.com/hktalent/TOP
+- https://github.com/hungslab/awd-tools
 - https://github.com/ianxtianxt/CVE-2015-7501
 - https://github.com/just0rg/Security-Interview
 - https://github.com/klausware/Java-Deserialization-Cheat-Sheet
@@ -69,6 +69,7 @@ The mailSend function in the isMail transport in PHPMailer before 5.2.18 might a
 - https://github.com/MIrfanShahid/PHPMailer
 - https://github.com/MarcioPeters/PHP
 - https://github.com/MartinDala/Envio-Simples-de-Email-com-PHPMailer-
+- https://github.com/Mona-Mishra/User-Registration-System
 - https://github.com/Mugdho55/Air_Ticket_Management_System
 - https://github.com/NCSU-DANCE-Research-Group/CDL
 - https://github.com/NikhilReddyPuli/thenikhilreddy.github.io
@@ -41,6 +41,7 @@ The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to
 - https://github.com/MIrfanShahid/PHPMailer
 - https://github.com/MarcioPeters/PHP
 - https://github.com/MartinDala/Envio-Simples-de-Email-com-PHPMailer-
+- https://github.com/Mona-Mishra/User-Registration-System
 - https://github.com/Mugdho55/Air_Ticket_Management_System
 - https://github.com/NikhilReddyPuli/thenikhilreddy.github.io
 - https://github.com/PatelMisha/Online-Flight-Booking-Management-System
@@ -29,6 +29,7 @@ The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages bef
 - https://github.com/SexyBeast233/SecBooks
 - https://github.com/TCM-Course-Resources/Linux-Privilege-Escalation-Resources
 - https://github.com/ZeusBanda/Linux_Priv-Esc_Cheatsheet
+- https://github.com/hungslab/awd-tools
 - https://github.com/lukeber4/usn-search
 - https://github.com/notnue/Linux-Privilege-Escalation
 - https://github.com/superfish9/pt
@@ -16,5 +16,6 @@ The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick
 - http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

 #### Github
+- https://github.com/SudoIndividual/CVE-2023-34152
 - https://github.com/superfish9/pt

@@ -249,6 +249,7 @@ Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allo
 - https://github.com/hj-hsu/avar2019_frida
 - https://github.com/hktalent/TOP
 - https://github.com/hktalent/bug-bounty
+- https://github.com/hungslab/awd-tools
 - https://github.com/hxlxmjxbbxs/TheDirtyPipeExploit
 - https://github.com/hyln9/VIKIROOT
 - https://github.com/iakat/stars
@@ -43,6 +43,7 @@ Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allo
 - https://github.com/externalist/exploit_playground
 - https://github.com/fei9747/linux-exploit-suggester
 - https://github.com/go-bi/go-bi-soft
+- https://github.com/hungslab/awd-tools
 - https://github.com/jondonas/linux-exploit-suggester-2
 - https://github.com/kdn111/linux-kernel-exploitation
 - https://github.com/khanhdn111/linux-kernel-exploitation
@@ -51,6 +51,7 @@ Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validati
 - https://github.com/h4x0r-dz/local-root-exploit-
 - https://github.com/hktalent/bug-bounty
 - https://github.com/homjxi0e/CVE-2017-1000367
+- https://github.com/hungslab/awd-tools
 - https://github.com/kumardineshwar/linux-kernel-exploits
 - https://github.com/lnick2023/nicenice
 - https://github.com/m0mkris/linux-kernel-exploits
@@ -83,6 +83,7 @@ In Jboss Application Server as shipped with Red Hat Enterprise Application Platf
 - https://github.com/hktalent/myhktools
 - https://github.com/huike007/penetration_poc
 - https://github.com/huike007/poc
+- https://github.com/hungslab/awd-tools
 - https://github.com/ianxtianxt/CVE-2015-7501
 - https://github.com/ilmila/J2EEScan
 - https://github.com/iqrok/myhktools
@@ -79,6 +79,7 @@ The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4
 - https://github.com/gugronnier/CVE-2017-16995
 - https://github.com/hktalent/bug-bounty
 - https://github.com/holmes-py/King-of-the-hill
+- https://github.com/hungslab/awd-tools
 - https://github.com/integeruser/on-pwning
 - https://github.com/ivilpez/cve-2017-16995.c
 - https://github.com/jackbarbaria/THMskynet
@@ -29,6 +29,7 @@ An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method a
 - https://github.com/MIrfanShahid/PHPMailer
 - https://github.com/MarcioPeters/PHP
 - https://github.com/MartinDala/Envio-Simples-de-Email-com-PHPMailer-
+- https://github.com/Mona-Mishra/User-Registration-System
 - https://github.com/Mugdho55/Air_Ticket_Management_System
 - https://github.com/NikhilReddyPuli/thenikhilreddy.github.io
 - https://github.com/PatelMisha/Online-Flight-Booking-Management-System
@@ -61,6 +61,7 @@ The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel thro
 - https://github.com/ferovap/Tools
 - https://github.com/h4x0r-dz/local-root-exploit-
 - https://github.com/hktalent/bug-bounty
+- https://github.com/hungslab/awd-tools
 - https://github.com/imhunterand/hackerone-publicy-disclosed
 - https://github.com/jiayy/android_vuln_poc-exp
 - https://github.com/kaosagnt/ansible-everyday
@@ -0,0 +1,17 @@
+### [CVE-2017-7440](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7440)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Kerio Connect 8.0.0 through 9.2.2, and Kerio Connect Client desktop application for Windows and Mac 9.2.0 through 9.2.2, when e-mail preview is enabled, allows remote attackers to conduct clickjacking attacks via a crafted e-mail message.
+
+### POC
+
+#### Reference
+- https://www.gfi.com/support/products/Clickjacking-vulnerability-in-Kerio-Connect-8-and-9-CVE-2017-7440
+
+#### Github
+No PoCs found on GitHub currently.
+
@@ -48,6 +48,7 @@ No PoCs from references.
 - https://github.com/fengjixuchui/RedTeamer
 - https://github.com/fupinglee/JavaTools
 - https://github.com/gallopsec/JBossScan
+- https://github.com/hungslab/awd-tools
 - https://github.com/ianxtianxt/CVE-2015-7501
 - https://github.com/joaomatosf/JavaDeserH2HC
 - https://github.com/klausware/Java-Deserialization-Cheat-Sheet
@@ -54,6 +54,7 @@ No PoCs from references.
 - https://github.com/lions2012/Penetration_Testing_POC
 - https://github.com/p4tq/hikvision_CVE-2017-7921_auth_bypass_config_decryptor
 - https://github.com/rmic/hikexpl
+- https://github.com/securitycipher/daily-bugbounty-writeups
 - https://github.com/sponkmonk/Ladon_english_update
 - https://github.com/wafinfo/DecryptTools
 - https://github.com/xuetusummer/Penetration_Testing_POC
@@ -397,6 +397,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
 - https://github.com/Bargain18/7172-Portfolio
 - https://github.com/Bargain18/Power-Play
 - https://github.com/Bargain18/Test
+- https://github.com/BaronClaps/20077_Centerstage_Pedro
 - https://github.com/BaronClaps/PedroBot
 - https://github.com/BaronClaps/TomorrowTeamCode
 - https://github.com/Bartimus03/RoboticsCode
@@ -1058,6 +1059,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
 - https://github.com/FlapJack20221/fuzzy-tribble
 - https://github.com/Floofyer/FtcRobotController
 - https://github.com/FlourishAndBots/PowerPlayReal
+- https://github.com/FluensLuna/Vision
 - https://github.com/ForceCEITI/SDK-FTC
 - https://github.com/FreehandBlock51/FTCRobot2023
 - https://github.com/FreehandBlock51/XDriveChallenge
@@ -1480,6 +1482,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
 - https://github.com/LumenChristiRobotics/Techno-Titans-2023
 - https://github.com/Lunerwalker2/FreightFrenzy1002
 - https://github.com/Lunerwalker2/SwerveDriveTesting
+- https://github.com/LuyangC/shooter
 - https://github.com/Lydia356/Sensors
 - https://github.com/LynixPlayz/FtcRobotController
 - https://github.com/Lynx-Robotics/LynxRobotics2020-2021
@@ -1610,6 +1613,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
 - https://github.com/Multiplyster/WOAHBots-2023-2024
 - https://github.com/Murray-Bridge-Bunyips/BunyipsFTC
 - https://github.com/MushiTea/21438_CenterStage_REPO
+- https://github.com/MushiTea/OLD_21438_CenterStage_Repo
 - https://github.com/Mythical84/Amongusasj-dfji-eajiauoipvoupvwpvtwhuvrhugvvty
 - https://github.com/Mythical84/Roboit
 - https://github.com/N-3-Robotics/FTC_POWER_PLAY
@@ -1897,6 +1901,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
 - https://github.com/RepublicOfDanube/RODRobotController
 - https://github.com/ReverendRhyme/FTCTutorial
 - https://github.com/ReversM/ATAA-Robotics
+- https://github.com/RhinyG/BezierSTTPSR
 - https://github.com/RickyWang101/FTC10615_CenterstageRC
 - https://github.com/RikelmeMartins/FTC-PowePlay
 - https://github.com/RikelmeMartins/FTC-PowerPlay
@@ -2380,6 +2385,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
 - https://github.com/Vision1nil/SolversFTC-2022-23-code
 - https://github.com/VivenPuthenpurayil/2020UltimateGoal
 - https://github.com/VivenPuthenpurayil/UltimateGoalStates
+- https://github.com/Viverino1/DevelopmentCode
 - https://github.com/Viverino1/TestFork
 - https://github.com/Vlad20405/Cod_Robotica_2021-22
 - https://github.com/VladimirKaznacheiev/2020-FTC-UltimateGoal-6.0
@@ -3365,6 +3371,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
 - https://github.com/kronbot/powerplayv2
 - https://github.com/krusche-sensetence/jquery-2.2.4-patched
 - https://github.com/kuek64/20077_Centerstage_Pedro
+- https://github.com/kuek64/20077_Centerstage_Pedro_Bot
 - https://github.com/kuek64/TheTomorrowTeam
 - https://github.com/kuek64/TomorrowTeamMeep
 - https://github.com/kunhantsai/FtcRobotController
@@ -3563,6 +3570,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
 - https://github.com/pgdev1729/FTC-Robot-Controller-Centerstage
 - https://github.com/pheitman/FreightFrenzy
 - https://github.com/pheitman/FreightFrenzy1
+- https://github.com/phm-tuyenn/fgcvn-bootcamp-team4
 - https://github.com/pingryrobotics/FTC-2021-Offseason
 - https://github.com/pingryrobotics/FTC-6069-2021
 - https://github.com/pingryrobotics/FTC-6069-2021-2022
@@ -3599,6 +3607,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
 - https://github.com/ramalhow/ftc-ultimategoal
 - https://github.com/raresNagy/Bobitza
 - https://github.com/raresNagy/mecanum
+- https://github.com/raspiduino/Bootcamp2024
 - https://github.com/ray710mond/2022-2023_Regis_FTC_code
 - https://github.com/rayannm/5467FTCCENTERSTAGE
 - https://github.com/raymar8361/Autonomous
@@ -3847,6 +3856,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
 - https://github.com/tacotuesrobotics/2021-freight-frenzy
 - https://github.com/taigabots/UltimateGoal
 - https://github.com/tardis5356/Centerstage
+- https://github.com/tardis5356/Centerstage-Offseason
 - https://github.com/tardis5356/FreightFrenzy
 - https://github.com/tardis5356/PowerPlay
 - https://github.com/tcrfrobotics/FTC_RobotController_TCRF_Titan
@@ -51,6 +51,7 @@ An elevation of privilege vulnerability exists when Windows improperly handles a
 - https://github.com/hktalent/TOP
 - https://github.com/huike007/penetration_poc
 - https://github.com/huike007/poc
+- https://github.com/hungslab/awd-tools
 - https://github.com/jbmihoub/all-poc
 - https://github.com/k0imet/CVE-POCs
 - https://github.com/lions2012/Penetration_Testing_POC
@@ -57,6 +57,7 @@ An elevation of privilege vulnerability exists when the Windows Universal Plug a
 - https://github.com/hlldz/dazzleUP
 - https://github.com/huike007/penetration_poc
 - https://github.com/huike007/poc
+- https://github.com/hungslab/awd-tools
 - https://github.com/jbmihoub/all-poc
 - https://github.com/k0imet/CVE-POCs
 - https://github.com/lawrenceamer/0xsp-Mongoose
@@ -24,6 +24,7 @@ A remote code execution vulnerability exists in Windows Domain Name System serve
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/Ascotbe/Kernelhub
 - https://github.com/CVEDB/PoC-List
+- https://github.com/CVEDB/awesome-cve-repo
 - https://github.com/CVEmaster/CVE-2020-1350
 - https://github.com/CnHack3r/Penetration_PoC
 - https://github.com/Cruxer8Mech/Idk
@@ -109,6 +109,7 @@ Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware
 - https://github.com/hktalent/bug-bounty
 - https://github.com/huike007/penetration_poc
 - https://github.com/huike007/poc
+- https://github.com/hungslab/awd-tools
 - https://github.com/jared1981/More-Pentest-Tools
 - https://github.com/jas502n/CVE-2020-2551
 - https://github.com/jbmihoub/all-poc
@@ -116,6 +116,7 @@ Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (compo
 - https://github.com/hktalent/bug-bounty
 - https://github.com/huike007/penetration_poc
 - https://github.com/huike007/poc
+- https://github.com/hungslab/awd-tools
 - https://github.com/iceberg-N/WL_Scan_GO
 - https://github.com/jbmihoub/all-poc
 - https://github.com/kenyon-wong/JNDIExploit
@@ -18,4 +18,5 @@ No PoCs from references.
 - https://github.com/nanopathi/linux-4.19.72_CVE-2020-25705
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/tdwyer/CVE-2020-25705
+- https://github.com/tnishiox/kernelcare-playground

@@ -83,6 +83,7 @@ Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware
 - https://github.com/hktalent/bug-bounty
 - https://github.com/huike007/penetration_poc
 - https://github.com/huike007/poc
+- https://github.com/hungslab/awd-tools
 - https://github.com/iceberg-N/WL_Scan_GO
 - https://github.com/jbmihoub/all-poc
 - https://github.com/kenyon-wong/JNDIExploit
@@ -0,0 +1,17 @@
+### [CVE-2020-6801](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6801)
+![](https://img.shields.io/static/v1?label=Product&message=Firefox&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3C%2073%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Memory%20safety%20bugs%20fixed%20in%20Firefox%2073&color=brighgreen)
+
+### Description
+
+Mozilla developers reported memory safety bugs present in Firefox 72. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 73.
+
+### POC
+
+#### Reference
+- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1601024%2C1601712%2C1604836%2C1606492
+
+#### Github
+No PoCs found on GitHub currently.
+
@@ -0,0 +1,21 @@
+### [CVE-2020-6825](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6825)
+![](https://img.shields.io/static/v1?label=Product&message=Firefox%20ESR&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Firefox&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Thunderbird&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3C%2068.7%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Version&message=%3C%2068.7.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Version&message=%3C%2075%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Memory%20safety%20bugs%20fixed%20in%20Firefox%2075%20and%20Firefox%20ESR%2068.7&color=brighgreen)
+
+### Description
+
+Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR 68.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75.
+
+### POC
+
+#### Reference
+- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1572541%2C1620193%2C1620203
+
+#### Github
+No PoCs found on GitHub currently.
+
@@ -17,6 +17,7 @@ No PoCs from references.
 - https://github.com/ARPSyndicate/kenzer-templates
 - https://github.com/AdamCrosser/awesome-vuln-writeups
 - https://github.com/CVEDB/PoC-List
+- https://github.com/CVEDB/awesome-cve-repo
 - https://github.com/ExploitPwner/CVE-2021-20038-Mass-RCE-SonicWall
 - https://github.com/NaInSec/CVE-PoC-in-GitHub
 - https://github.com/Ostorlab/KEV
@@ -38,6 +38,7 @@ In affected versions of Confluence Server and Data Center, an OGNL injection vul
 - https://github.com/AnonymouID/POC
 - https://github.com/ArrestX/--POC
 - https://github.com/Awrrays/FrameVul
+- https://github.com/BBD-YZZ/Confluence-RCE
 - https://github.com/BLACKHAT-SSG/MindMaps2
 - https://github.com/BeRserKerSec/CVE-2021-26084-Nuclei-template
 - https://github.com/CLincat/vulcat
@@ -0,0 +1,17 @@
+### [CVE-2021-29082](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29082)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBW30 before 2.6.1.4, RBS40V before 2.6.1.4, RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBK754 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBK854 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.
+
+### POC
+
+#### Reference
+- https://kb.netgear.com/000063005/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-WiFi-Systems-PSV-2020-0037
+
+#### Github
+No PoCs found on GitHub currently.
+
@@ -0,0 +1,17 @@
+### [CVE-2021-37617](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37617)
+![](https://img.shields.io/static/v1?label=Product&message=security-advisories&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-426%3A%20Untrusted%20Search%20Path&color=brighgreen)
+
+### Description
+
+The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. The Nextcloud Desktop Client invokes its uninstaller script when being installed to make sure there are no remnants of previous installations. In versions 3.0.3 through 3.2.4, the Client searches the `Uninstall.exe` file in a folder that can be written by regular users. This could lead to a case where a malicious user creates a malicious `Uninstall.exe`, which would be executed with administrative privileges on the Nextcloud Desktop Client installation. This issue is fixed in Nextcloud Desktop Client version 3.3.0. As a workaround, do not allow untrusted users to create content in the `C:\` system folder and verify that there is no malicious `C:\Uninstall.exe` file on the system.
+
+### POC
+
+#### Reference
+- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6q2w-v879-q24v
+
+#### Github
+No PoCs found on GitHub currently.
+
@@ -263,6 +263,7 @@ A local privilege escalation vulnerability was found on polkit's pkexec utility.
 - https://github.com/hohn/codeql-sample-polkit
 - https://github.com/hugefiver/mystars
 - https://github.com/hugs42/infosec
+- https://github.com/hungslab/awd-tools
 - https://github.com/hxysaury/saury-vulnhub
 - https://github.com/iandrade87br/OSCP
 - https://github.com/insurrectus/cyber-security-university
@@ -320,6 +320,7 @@ A flaw was found in the way the "flags" member of the new pipe buffer structure
 - https://github.com/thesakibrahman/THM-Free-Room
 - https://github.com/tiann/DirtyPipeRoot
 - https://github.com/tmoneypenny/CVE-2022-0847
+- https://github.com/tnishiox/kernelcare-playground
 - https://github.com/trhacknon/CVE-2022-0847-DirtyPipe-Exploit
 - https://github.com/trhacknon/Pocingit
 - https://github.com/trhacknon/dirtypipez-exploit
@@ -332,6 +333,7 @@ A flaw was found in the way the "flags" member of the new pipe buffer structure
 - https://github.com/veritas501/pipe-primitive
 - https://github.com/versatilexec/CVE_2022_0847
 - https://github.com/vknc/vknc.github.io
+- https://github.com/wechicken456/Linux-kernel
 - https://github.com/weeka10/-hktalent-TOP
 - https://github.com/whoami-chmod777/Hacking-Articles-Linux-Privilege-Escalation-
 - https://github.com/whoforget/CVE-POC
@@ -61,6 +61,7 @@ A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of t
 - https://github.com/shuttterman/bob_kern_exp1
 - https://github.com/ssr-111/linux-kernel-exploitation
 - https://github.com/trhacknon/Pocingit
+- https://github.com/wechicken456/Linux-kernel
 - https://github.com/whoforget/CVE-POC
 - https://github.com/wlswotmd/CVE-2022-1015
 - https://github.com/xairy/linux-kernel-exploitation
@@ -25,6 +25,7 @@ A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_ch
 - https://github.com/knd06/linux-kernel-exploitation
 - https://github.com/ndk191/linux-kernel-exploitation
 - https://github.com/ssr-111/linux-kernel-exploitation
+- https://github.com/wechicken456/Linux-kernel
 - https://github.com/xairy/linux-kernel-exploitation
 - https://github.com/yaobinwen/robin_on_rails
 - https://github.com/zanezhub/CVE-2022-1015-1016
@@ -56,6 +56,7 @@ No PoCs from references.
 - https://github.com/Ostorlab/KEV
 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
 - https://github.com/fr4nkxixi/CVE-2022-24481-POC
+- https://github.com/hungslab/awd-tools
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/robotMD5/CVE-2022-24481-POC

@@ -39,6 +39,7 @@ io_uring UAF, Unix SCM garbage collection
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/ssr-111/linux-kernel-exploitation
 - https://github.com/th3-5had0w/CVE-2022-2602-Study
+- https://github.com/wechicken456/Linux-kernel
 - https://github.com/whoforget/CVE-POC
 - https://github.com/xairy/linux-kernel-exploitation
 - https://github.com/youwizard/CVE-POC
@@ -45,6 +45,7 @@ In affected versions of Confluence Server and Data Center, an OGNL injection vul
 - https://github.com/ARPSyndicate/kenzer-templates
 - https://github.com/AmoloHT/CVE-2022-26134
 - https://github.com/Awrrays/FrameVul
+- https://github.com/BBD-YZZ/Confluence-RCE
 - https://github.com/BeichenDream/CVE-2022-26134-Godzilla-MEMSHELL
 - https://github.com/Brucetg/CVE-2022-26134
 - https://github.com/CJ-0107/cve-2022-26134
@@ -12,6 +12,7 @@ A vulnerability was found in SourceCodester Human Resource Management System. It
 #### Reference
 - https://github.com/Hanfu-l/POC-Exp/blob/main/The%20Human%20Resource%20Management%20System%20sc%20parameter%20is%20injected.pdf
 - https://github.com/Hanfu-l/POC-Exp/blob/main/The%20Human%20Resource%20Management%20System%20sc%20parameter%20is%20injected.pdf
+- https://vuldb.com/?id.210714

 #### Github
 No PoCs found on GitHub currently.
@@ -56,6 +56,7 @@ An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug
 - https://github.com/khanhnd123/linux-kernel-exploitation
 - https://github.com/klemakle/audit-pentest-BOX
 - https://github.com/knd06/linux-kernel-exploitation
+- https://github.com/lanleft/CVE-2023-1829
 - https://github.com/lanleft/CVE2023-1829
 - https://github.com/linulinu/CVE-2022-34918
 - https://github.com/lions2012/Penetration_Testing_POC
@@ -0,0 +1,17 @@
+### [CVE-2022-3497](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3497)
+![](https://img.shields.io/static/v1?label=Product&message=Human%20Resource%20Management%20System&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-707%20Improper%20Neutralization%20-%3E%20CWE-74%20Injection%20-%3E%20CWE-79%20Cross%20Site%20Scripting&color=brighgreen)
+
+### Description
+
+A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been classified as problematic. Affected is an unknown function of the component Master List. The manipulation of the argument city/state/country/position leads to cross site scripting. It is possible to launch the attack remotely. VDB-210786 is the identifier assigned to this vulnerability.
+
+### POC
+
+#### Reference
+- https://vuldb.com/?id.210786
+
+#### Github
+No PoCs found on GitHub currently.
+
@@ -12,6 +12,7 @@ A vulnerability has been found in SourceCodester Simple Cold Storage Management
 #### Reference
 - https://github.com/jusstSahil/CSRF-/blob/main/POC
 - https://github.com/jusstSahil/CSRF-/blob/main/POC
+- https://vuldb.com/?id.211189

 #### Github
 No PoCs found on GitHub currently.
@@ -14,6 +14,7 @@ A vulnerability was found in Axiomatic Bento4. It has been classified as critica
 - https://github.com/axiomatic-systems/Bento4/files/9675049/Bug_3_POC.zip
 - https://github.com/axiomatic-systems/Bento4/issues/776
 - https://github.com/axiomatic-systems/Bento4/issues/776
+- https://vuldb.com/?id.212010

 #### Github
 No PoCs found on GitHub currently.
@@ -16,6 +16,7 @@ No PoCs from references.
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/NoSpaceAvailable/CVE-2022-39227
 - https://github.com/davedoesdev/python-jwt
+- https://github.com/hackthebox/cyber-apocalypse-2024
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/user0x1337/CVE-2022-39227

@@ -12,6 +12,7 @@ A vulnerability was found in jerryhanjj ERP. It has been declared as critical. A
 #### Reference
 - https://github.com/jerryhanjj/ERP/issues/3
 - https://github.com/jerryhanjj/ERP/issues/3
+- https://vuldb.com/?id.213451

 #### Github
 No PoCs found on GitHub currently.
@@ -36,6 +36,7 @@ A buffer overflow vulnerability was found in the Netfilter subsystem in the Linu
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/taielab/awesome-hacking-lists
 - https://github.com/tanjiti/sec_profile
+- https://github.com/wechicken456/Linux-kernel
 - https://github.com/whoforget/CVE-POC
 - https://github.com/xairy/linux-kernel-exploitation
 - https://github.com/youwizard/CVE-POC
@@ -42,6 +42,7 @@ A flaw was found in the Linux kernel, where unauthorized access to the execution
 - https://github.com/djytmdj/Tool_Summary
 - https://github.com/hktalent/TOP
 - https://github.com/hshivhare67/kernel_v4.19.72_CVE-2023-0386
+- https://github.com/hungslab/awd-tools
 - https://github.com/izj007/wechat
 - https://github.com/johe123qwe/github-trending
 - https://github.com/letsr00t/CVE-2023-0386
@@ -19,6 +19,7 @@ A privilege escalation attack was found in apport-cli 2.26.0 and earlier which i
 - https://github.com/Archan6el/Devvortex-Writeup
 - https://github.com/Archan6el/Devvortex-Writeup-HackTheBox
 - https://github.com/Pol-Ruiz/CVE-2023-1326
+- https://github.com/c0d3cr4f73r/CVE-2023-1326
 - https://github.com/diego-tella/CVE-2023-1326-PoC
 - https://github.com/jbiniek/cyberpoligon23
 - https://github.com/nomi-sec/PoC-in-GitHub
@@ -17,6 +17,7 @@ A use-after-free vulnerability in the Linux Kernel traffic control index filter
 - https://github.com/EGI-Federation/SVG-advisories
 - https://github.com/N1ghtu/RWCTF6th-RIPTC
 - https://github.com/Threekiii/CVE
+- https://github.com/lanleft/CVE-2023-1829
 - https://github.com/lanleft/CVE2023-1829
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/star-sg/CVE
@@ -14,6 +14,7 @@ No PoCs from references.

 #### Github
 - https://github.com/0zer0d4y/FuegoTest
+- https://github.com/absholi7ly/Cisco-Firepower-Management-Center-Exploit
 - https://github.com/absholi7ly/absholi7ly
 - https://github.com/nomi-sec/PoC-in-GitHub

@@ -17,4 +17,5 @@ No PoCs from references.
 - https://github.com/RegularITCat/CVE-2023-20073
 - https://github.com/codeb0ss/CVE-2023-20073-
 - https://github.com/nomi-sec/PoC-in-GitHub
+- https://github.com/winmt/winmt

@@ -0,0 +1,17 @@
+### [CVE-2023-20117](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20117)
+![](https://img.shields.io/static/v1?label=Product&message=Cisco%20Small%20Business%20RV%20Series%20Router%20Firmware%20&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-146&color=brighgreen)
+
+### Description
+
+Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by sending malicious input to an affected device. A successful exploit could allow the attacker to execute arbitrary commands as the root user on the underlying Linux operating system of the affected device. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates to address these vulnerabilities.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/winmt/winmt
+
@@ -14,5 +14,5 @@ A vulnerability in the web-based management interface of Cisco Small Business Ro
 - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5

 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/winmt/winmt

@@ -0,0 +1,17 @@
+### [CVE-2023-20128](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20128)
+![](https://img.shields.io/static/v1?label=Product&message=Cisco%20Small%20Business%20RV%20Series%20Router%20Firmware%20&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-146&color=brighgreen)
+
+### Description
+
+Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by sending malicious input to an affected device. A successful exploit could allow the attacker to execute arbitrary commands as the root user on the underlying Linux operating system of the affected device. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates to address these vulnerabilities.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/winmt/winmt
+
@@ -60,6 +60,7 @@ Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerabili
 - https://github.com/taielab/awesome-hacking-lists
 - https://github.com/timeisflowing/recon2023-resources
 - https://github.com/txuswashere/OSCP
+- https://github.com/xboxoneresearch/CVE-2023-21768-dotnet
 - https://github.com/xhref/OSCP
 - https://github.com/ycdxsb/WindowsPrivilegeEscalation
 - https://github.com/zoemurmure/CVE-2023-21768-AFD-for-WinSock-EoP-exploit
@@ -65,10 +65,12 @@ Atlassian has been made aware of an issue reported by a handful of customers whe
 - https://github.com/joaoviictorti/CVE-2023-22515
 - https://github.com/kh4sh3i/CVE-2023-22515
 - https://github.com/mayur-esh/vuln-liners
+- https://github.com/mumble99/rvision_task
 - https://github.com/netlas-io/netlas-dorks
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/rxerium/CVE-2023-22515
 - https://github.com/rxerium/stars
+- https://github.com/s1d6point7bugcrowd/CVE-2023-22515-check
 - https://github.com/securitycipher/daily-bugbounty-writeups
 - https://github.com/seyrenus/release_notification
 - https://github.com/sincere9/CVE-2023-22515
@@ -18,6 +18,7 @@ A template injection vulnerability on older versions of Confluence Data Center a
 - https://github.com/20142995/pocsuite3
 - https://github.com/20142995/sectool
 - https://github.com/Avento/CVE-2023-22527_Confluence_RCE
+- https://github.com/BBD-YZZ/Confluence-RCE
 - https://github.com/Boogipop/CVE-2023-22527-Godzilla-MEMSHELL
 - https://github.com/C1ph3rX13/CVE-2023-22527
 - https://github.com/Chocapikk/CVE-2023-22527
@@ -16,5 +16,6 @@ act is a project which allows for local running of github actions. The artifact
 - https://securitylab.github.com/advisories/GHSL-2023-004_act/

 #### Github
+- https://github.com/ProxyPog/POC-CVE-2023-22726
 - https://github.com/nomi-sec/PoC-in-GitHub

@@ -13,6 +13,7 @@ A deserialization vulnerability existed when dubbo generic invoke, which could l
 No PoCs from references.

 #### Github
+- https://github.com/3yujw7njai/CVE-2023-23638-Tools
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/Armandhe-China/ApacheDubboSerialVuln
 - https://github.com/Awrrays/FrameVul
@@ -19,6 +19,7 @@ No PoCs from references.
 - https://github.com/0xWhoami35/CVE-2023-23752
 - https://github.com/0xWhoami35/Devvorte-Writeup
 - https://github.com/0xsyr0/OSCP
+- https://github.com/0xx01/CVE-2023-23752
 - https://github.com/20142995/Goby
 - https://github.com/20142995/pocsuite3
 - https://github.com/ARPSyndicate/cvemon
@@ -101,6 +102,7 @@ No PoCs from references.
 - https://github.com/luck-ying/Library-POC
 - https://github.com/malionnn/-Joomla-v4.2.8---Divulgation-d-informations-non-authentifi-es
 - https://github.com/mariovata/CVE-2023-23752-Python
+- https://github.com/mil4ne/CVE-2023-23752-Joomla-v4.2.8
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/nu0y4/HScan
 - https://github.com/r3dston3/CVE-2023-23752
@@ -13,5 +13,6 @@ Cross Site Scripting vulnerability in SourceCodester Simple Customer Relationshi
 No PoCs from references.

 #### Github
+- https://github.com/momo1239/CVE-2023-24203-and-CVE-2023-24204
 - https://github.com/nomi-sec/PoC-in-GitHub

@@ -13,5 +13,6 @@ SQL injection vulnerability in SourceCodester Simple Customer Relationship Manag
 No PoCs from references.

 #### Github
+- https://github.com/momo1239/CVE-2023-24203-and-CVE-2023-24204
 - https://github.com/nomi-sec/PoC-in-GitHub

@@ -15,4 +15,5 @@ CoreDial sipXcom up to and including 21.04 is vulnerable to Insecure Permissions

 #### Github
 - https://github.com/ARPSyndicate/cvemon
+- https://github.com/AlexLinov/sipXcom-RCE

@@ -14,5 +14,5 @@ CoreDial sipXcom up to and including 21.04 is vulnerable to Improper Neutralizat
 - https://seclists.org/fulldisclosure/2023/Mar/5

 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/AlexLinov/sipXcom-RCE

@@ -15,5 +15,6 @@ Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to

 #### Github
 - https://github.com/nomi-sec/PoC-in-GitHub
+- https://github.com/tadhglewis/apollo-koa-minimal
 - https://github.com/tadhglewis/tadhglewis

@@ -16,6 +16,7 @@ No PoCs from references.
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/Ostorlab/KEV
 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
+- https://github.com/jakabakos/CVE-2023-26360-adobe-coldfusion-rce-exploit
 - https://github.com/netlas-io/netlas-cookbook
 - https://github.com/netlas-io/netlas-dorks

@@ -20,6 +20,7 @@ Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and ea
 - https://github.com/Threekiii/Vulhub-Reproduce
 - https://github.com/getdrive/PoC
 - https://github.com/iluaster/getdrive_PoC
+- https://github.com/jakabakos/CVE-2023-26360-adobe-coldfusion-rce-exploit
 - https://github.com/karimhabush/cyberowl
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/yosef0x01/CVE-2023-26360
@@ -0,0 +1,17 @@
+### [CVE-2023-26361](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26361)
+![](https://img.shields.io/static/v1?label=Product&message=ColdFusion&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3C%3D%20CF2018U15%2C%20CF2021U5%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')%20(CWE-22)&color=brighgreen)
+
+### Description
+
+Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in Arbitrary file system read. Exploitation of this issue does not require user interaction, but does require administrator privileges.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/jakabakos/CVE-2023-26360-adobe-coldfusion-rce-exploit
+
@@ -16,6 +16,7 @@ No PoCs from references.
 - https://github.com/0xWhoami35/root-kernel
 - https://github.com/0xsyr0/OSCP
 - https://github.com/Ev3rPalestine/Analytics-HTB-Walkthrough
+- https://github.com/K5LK/CVE-2023-2640-32629
 - https://github.com/Kiosec/Linux-Exploitation
 - https://github.com/Nkipohcs/CVE-2023-2640-CVE-2023-32629
 - https://github.com/OllaPapito/gameoverlay
@@ -20,6 +20,7 @@ systemd before 247 does not adequately block local privilege escalation for some
 - https://github.com/Pol-Ruiz/CVE-2023-1326
 - https://github.com/Wetrel/HackTheBox_Sau
 - https://github.com/Zenmovie/CVE-2023-26604
+- https://github.com/c0d3cr4f73r/CVE-2023-1326
 - https://github.com/denis-jdsouza/wazuh-vulnerability-report-maker
 - https://github.com/diego-tella/CVE-2023-1326-PoC
 - https://github.com/fkie-cad/nvd-json-data-feeds
@@ -46,6 +46,8 @@ Session Validation attacks in Apache Superset versions up to and including 2.0.1
 - https://github.com/hktalent/TOP
 - https://github.com/horizon3ai/CVE-2023-27524
 - https://github.com/jakabakos/CVE-2023-27524-Apache-Superset-Auth-Bypass-and-RCE
+- https://github.com/karthi-the-hacker/CVE-2023-27524
+- https://github.com/kovatechy/Cappricio
 - https://github.com/lions2012/Penetration_Testing_POC
 - https://github.com/machevalia/ButProxied
 - https://github.com/necroteddy/CVE-2023-27524
@@ -19,8 +19,10 @@ vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in mo

 #### Github
 - https://github.com/ARPSyndicate/cvemon
+- https://github.com/Aduda-Shem/Semgrep_Rules
 - https://github.com/Kaneki-hash/CVE-2023-29017-reverse-shell
 - https://github.com/Threekiii/CVE
+- https://github.com/jakabakos/vm2-sandbox-escape-exploits
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/passwa11/CVE-2023-29017-reverse-shell
 - https://github.com/seal-community/patches
@@ -17,6 +17,7 @@ There exists a vulnerability in source code transformer (exception sanitization

 #### Github
 - https://github.com/3mpir3Albert/HTB_Codify
+- https://github.com/jakabakos/vm2-sandbox-escape-exploits
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/u-crew/vm2-test

@@ -36,7 +36,9 @@ An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the c
 - https://github.com/htrgouvea/spellbook
 - https://github.com/ipk1/CVE-2023-29489.py
 - https://github.com/jaiguptanick/100daysofcyber
+- https://github.com/kovatechy/Cappricio
 - https://github.com/learnerboy88/CVE-2023-29489
+- https://github.com/md-thalal/CVE-2023-29489
 - https://github.com/mdaseem03/cpanel_xss_2023
 - https://github.com/mr-sami-x/XSS_1915
 - https://github.com/nomi-sec/PoC-in-GitHub
@@ -47,6 +49,7 @@ An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the c
 - https://github.com/tucommenceapousser/CVE-2023-29489
 - https://github.com/tucommenceapousser/CVE-2023-29489.py
 - https://github.com/tucommenceapousser/Oneliner-Bugbounty2
+- https://github.com/tucommenceapousser/XSS_1312
 - https://github.com/tucommenceapousser/XSS_1915
 - https://github.com/whalebone7/EagleEye
 - https://github.com/xKore123/cPanel-CVE-2023-29489
@@ -14,5 +14,8 @@ Dolibarr before 17.0.1 allows remote code execution by an authenticated user via
 - https://www.swascan.com/security-advisory-dolibarr-17-0-0/

 #### Github
+- https://github.com/04Shivam/CVE-2023-30253-Exploit
+- https://github.com/Rubikcuv5/cve-2023-30253
+- https://github.com/nikn0laty/Exploit-for-Dolibarr-17.0.0-CVE-2023-30253
 - https://github.com/nomi-sec/PoC-in-GitHub

@@ -19,6 +19,7 @@ vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in mo
 - https://github.com/Af7eR9l0W/HTB-Codify
 - https://github.com/Cur1iosity/CVE-2023-30547
 - https://github.com/Maladra/Write-Up-Codify
+- https://github.com/jakabakos/vm2-sandbox-escape-exploits
 - https://github.com/karimhabush/cyberowl
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/rvizx/CVE-2023-30547
@@ -16,5 +16,5 @@ vm2 is a sandbox that can run untrusted code with Node's built-in modules. In ve
 - https://github.com/patriksimek/vm2/security/advisories/GHSA-p5gc-c584-jj6v

 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/jakabakos/vm2-sandbox-escape-exploits

@@ -18,5 +18,6 @@ vm2 is a sandbox that can run untrusted code with Node's built-in modules. A san
 #### Github
 - https://github.com/AdarkSt/Honeypot_Smart_Infrastructure
 - https://github.com/giovanni-iannaccone/vm2_3.9.17
+- https://github.com/jakabakos/vm2-sandbox-escape-exploits
 - https://github.com/nomi-sec/PoC-in-GitHub

@@ -17,6 +17,7 @@ Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up
 - https://github.com/0xWhoami35/root-kernel
 - https://github.com/0xsyr0/OSCP
 - https://github.com/Ev3rPalestine/Analytics-HTB-Walkthrough
+- https://github.com/K5LK/CVE-2023-2640-32629
 - https://github.com/Kiosec/Linux-Exploitation
 - https://github.com/Nkipohcs/CVE-2023-2640-CVE-2023-32629
 - https://github.com/OllaPapito/gameoverlay
@@ -21,4 +21,5 @@ Pydio Cells allows users by default to create so-called external users in order

 #### Github
 - https://github.com/nomi-sec/PoC-in-GitHub
+- https://github.com/xcr-19/CVE-2023-32749

@@ -0,0 +1,17 @@
+### [CVE-2023-33013](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33013)
+![](https://img.shields.io/static/v1?label=Product&message=NBG6604%20firmware&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20V1.01(ABIR.1)C0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20OS%20Command%20('OS%20Command%20Injection')&color=brighgreen)
+
+### Description
+
+A post-authentication command injection vulnerability in the NTP feature of Zyxel NBG6604 firmware version V1.01(ABIR.1)C0 could allow an authenticated attacker to execute some OS commands remotely by sending a crafted HTTP request.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/winmt/winmt
+
@@ -17,6 +17,7 @@ For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk
 - https://github.com/0day404/vulnerability-poc
 - https://github.com/0xKayala/CVE-2023-33246
 - https://github.com/20142995/sectool
+- https://github.com/3yujw7njai/CVE-2023-33246
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/CKevens/CVE-2023-33246
 - https://github.com/CVEDB/awesome-cve-repo
@@ -14,6 +14,7 @@ Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying
 - https://github.com/c53elyas/CVE-2023-33733

 #### Github
+- https://github.com/L41KAA/CVE-2023-33733-Exploit-PoC
 - https://github.com/buiduchoang24/CVE-2023-33733
 - https://github.com/c53elyas/CVE-2023-33733
 - https://github.com/nomi-sec/PoC-in-GitHub
@@ -16,6 +16,7 @@ A stored cross-site scripting (XSS) vulnerability in Cloudogu GmbH SCM Manager v
 - https://github.com/n3gox/Stored-XSS-on-SCM-Manager-1.60

 #### Github
+- https://github.com/3yujw7njai/CVE-2023-33829-POC
 - https://github.com/CKevens/CVE-2023-33829-POC
 - https://github.com/n3gox/CVE-2023-33829
 - https://github.com/nomi-sec/PoC-in-GitHub
@@ -14,6 +14,7 @@ A vulnerability was found in ImageMagick. This security flaw cause a remote code
 - https://github.com/ImageMagick/ImageMagick/issues/6339

 #### Github
+- https://github.com/SudoIndividual/CVE-2023-34152
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/overgrowncarrot1/ImageTragick_CVE-2023-34152

@@ -15,4 +15,5 @@ Remote code execution vulnerability in Ruijie Networks Product: RG-EW series hom

 #### Github
 - https://github.com/tanjiti/sec_profile
+- https://github.com/winmt/winmt

@@ -13,5 +13,6 @@ A improper neutralization of special elements used in an os command ('os command
 No PoCs from references.

 #### Github
+- https://github.com/horizon3ai/CVE-2023-34992
 - https://github.com/nomi-sec/PoC-in-GitHub

@@ -50,4 +50,5 @@ Windows Kernel Elevation of Privilege Vulnerability
 - https://github.com/Karmaz95/Karmaz95
 - https://github.com/Threekiii/CVE
 - https://github.com/afine-com/research
+- https://github.com/hungslab/awd-tools

@@ -17,4 +17,5 @@ The sisqualWFM 7.1.319.103 thru 7.1.319.111 for Android, has a host header injec

 #### Github
 - https://github.com/nomi-sec/PoC-in-GitHub
+- https://github.com/omershaik0/CVE-2023-36085_SISQUALWFM-Host-Header-Injection

@@ -21,5 +21,6 @@ No PoCs from references.
 - https://github.com/NaInSec/CVE-LIST
 - https://github.com/fkie-cad/nvd-json-data-feeds
 - https://github.com/jgamblin/cvelint-action
+- https://github.com/khulnasoft-lab/cvelint-action
 - https://github.com/mprpic/cvelint

@@ -19,6 +19,7 @@ A PHP External Variable Modification vulnerability in J-Web of Juniper Networks

 #### Github
 - https://github.com/0xNehru/CVE-2023-36845-Juniper-Vulnerability
+- https://github.com/3yujw7njai/ansible-cve-2023-36845
 - https://github.com/Asbawy/Automation-for-Juniper-cve-2023-36845
 - https://github.com/CKevens/ansible-cve-2023-36845
 - https://github.com/CharonDefalt/Juniper-exploit-CVE-2023-36845
--- a/Show More
+++ b/Show More