Update CVE sources 2024-08-06 19:19

2026-05-12 13:31:34 +02:00 · 2024-08-06 19:19:10 +00:00
parent 8b6c25690b
commit dd6a10065d
276 changed files with 2784 additions and 30 deletions
@@ -0,0 +1,17 @@
+### [CVE-2005-1517](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1517)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Unknown vulnerability in Cisco Firewall Services Module (FWSM) 2.3.1 and earlier, when using URL, FTP, or HTTPS filtering exceptions, allows certain TCP packets to bypass access control lists (ACLs).
+
+### POC
+
+#### Reference
+- http://www.cisco.com/warp/public/707/cisco-sa-20050511-url.shtml
+
+#### Github
+No PoCs found on GitHub currently.
+
@@ -15,4 +15,5 @@ No PoCs from references.
 #### Github
 - https://github.com/CVEDB/awesome-cve-repo
 - https://github.com/Snoopy-Sec/Localroot-ALL-CVE
+- https://github.com/test-one9/ps4-11.50.github.io

@@ -19,6 +19,7 @@ The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Micros
 - https://github.com/CVEDB/PoC-List
 - https://github.com/CVEDB/awesome-cve-repo
 - https://github.com/Live-Hack-CVE/CVE-2008-4609
+- https://github.com/comeillfoo/netverif
 - https://github.com/marcelki/sockstress
 - https://github.com/mrclki/sockstress

@@ -67,6 +67,7 @@ vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which
 - https://github.com/giusepperuggiero96/Network-Security-2021
 - https://github.com/gwyomarch/CVE-Collection
 - https://github.com/hack-parthsharma/Vision
+- https://github.com/jaykerzb/Metasploitable
 - https://github.com/jaytiwari05/vsftpd_2.3.4_Exploit
 - https://github.com/k8gege/Ladon
 - https://github.com/nobodyatall648/CVE-2011-2523
@@ -0,0 +1,17 @@
+### [CVE-2014-1607](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1607)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+** DISPUTED ** Cross-site scripting (XSS) vulnerability in the EventCalendar module for Drupal 7.14 allows remote attackers to inject arbitrary web script or HTML via the year parameter to eventcalander/. NOTE: this issue has been disputed by the Drupal Security Team; it may be site-specific.  If so, then this CVE will be REJECTed in the future.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
@@ -21,5 +21,6 @@
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/adrienthebo/cve-2014-2734
 - https://github.com/chnzzh/OpenSSL-CVE-lib
+- https://github.com/fkie-cad/nvd-json-data-feeds
 - https://github.com/gdisneyleugers/CVE-2014-2734

@@ -15,5 +15,6 @@

 #### Github
 - https://github.com/bootc/nrpe-ng
+- https://github.com/fkie-cad/nvd-json-data-feeds
 - https://github.com/ohsawa0515/ec2-vuls-config

@@ -13,5 +13,5 @@
 - http://www.kb.cert.org/vuls/id/269991

 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/fkie-cad/nvd-json-data-feeds

@@ -0,0 +1,17 @@
+### [CVE-2014-3180](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3180)
+![](https://img.shields.io/static/v1?label=Product&message=kernel&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=out-of-bounds%20read&color=brighgreen)
+
+### Description
+
+** DISPUTED ** In kernel/compat.c in the Linux kernel before 3.17, as used in Google Chrome OS and other products, there is a possible out-of-bounds read. restart_syscall uses uninitialized data when restarting compat_sys_nanosleep. NOTE: this is disputed because the code path is unreachable.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
@@ -14,4 +14,5 @@

 #### Github
 - https://github.com/Live-Hack-CVE/CVE-2015-10007
+- https://github.com/fkie-cad/nvd-json-data-feeds

@@ -14,4 +14,5 @@

 #### Github
 - https://github.com/Live-Hack-CVE/CVE-2015-10008
+- https://github.com/fkie-cad/nvd-json-data-feeds

@@ -14,4 +14,5 @@ No PoCs from references.

 #### Github
 - https://github.com/Live-Hack-CVE/CVE-2015-10012
+- https://github.com/fkie-cad/nvd-json-data-feeds

@@ -14,4 +14,5 @@

 #### Github
 - https://github.com/Live-Hack-CVE/CVE-2015-10041
+- https://github.com/fkie-cad/nvd-json-data-feeds

@@ -14,4 +14,5 @@ No PoCs from references.

 #### Github
 - https://github.com/Live-Hack-CVE/CVE-2015-10042
+- https://github.com/fkie-cad/nvd-json-data-feeds

@@ -14,4 +14,5 @@ No PoCs from references.

 #### Github
 - https://github.com/Live-Hack-CVE/CVE-2015-10052
+- https://github.com/fkie-cad/nvd-json-data-feeds

@@ -14,5 +14,5 @@
 - https://www.exploit-db.com/exploits/36372

 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/fkie-cad/nvd-json-data-feeds

@@ -0,0 +1,17 @@
+### [CVE-2015-10106](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-10106)
+![](https://img.shields.io/static/v1?label=Product&message=mh_httpbl%20Extension&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%201.1.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen)
+
+### Description
+
+** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in mback2k mh_httpbl Extension up to 1.1.7 on TYPO3. This vulnerability affects the function moduleContent of the file mod1/index.php. The manipulation leads to sql injection. The attack can be initiated remotely. Upgrading to version 1.1.8 is able to address this issue. The patch is identified as 429f50f4e4795b20dae06735b41fb94f010722bf. It is recommended to upgrade the affected component. VDB-230086 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
@@ -13,5 +13,6 @@ IBM Systems Director 5.2.x, 6.1.x, 6.2.0.x, 6.2.1.x, 6.3.0.0, 6.3.1.x, 6.3.2.x,
 No PoCs from references.

 #### Github
+- https://github.com/jjljyn/Cve-with-their-PoC-s
 - https://github.com/kaRaGODDD/Cve-with-their-PoC-s

@@ -13,5 +13,5 @@
 - http://www.openwall.com/lists/oss-security/2015/12/17/12

 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/fkie-cad/nvd-json-data-feeds

@@ -27,6 +27,7 @@ No PoCs from references.
 - https://github.com/fokypoky/places-list
 - https://github.com/pexip/os-bind9
 - https://github.com/pexip/os-bind9-libs
+- https://github.com/psmedley/bind-os2
 - https://github.com/smabramov/Vulnerabilities-and-attacks-on-information-systems
 - https://github.com/zzzWTF/db-13-01

@@ -20,6 +20,7 @@ Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/AdeliaNitzsche/Java-Deserialization-Cheat-Sheet
 - https://github.com/BrittanyKuhn/javascript-tutorial
+- https://github.com/Drun1baby/CVE-Reproduction-And-Analysis
 - https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet
 - https://github.com/Ostorlab/KEV
 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
@@ -29,6 +29,7 @@ No PoCs from references.
 - https://github.com/fir3storm/Vision2
 - https://github.com/pexip/os-bind9
 - https://github.com/pexip/os-bind9-libs
+- https://github.com/psmedley/bind-os2
 - https://github.com/smabramov/Vulnerabilities-and-attacks-on-information-systems
 - https://github.com/zzzWTF/db-13-01

@@ -28,6 +28,7 @@ No PoCs from references.
 - https://github.com/muryo13/USNParser
 - https://github.com/pexip/os-bind9
 - https://github.com/pexip/os-bind9-libs
+- https://github.com/psmedley/bind-os2
 - https://github.com/smabramov/Vulnerabilities-and-attacks-on-information-systems
 - https://github.com/zzzWTF/db-13-01

@@ -22,4 +22,5 @@ No PoCs from references.
 - https://github.com/muryo13/USNParser
 - https://github.com/pexip/os-bind9
 - https://github.com/pexip/os-bind9-libs
+- https://github.com/psmedley/bind-os2

@@ -27,6 +27,7 @@ No PoCs from references.
 - https://github.com/muryo13/USNParser
 - https://github.com/pexip/os-bind9
 - https://github.com/pexip/os-bind9-libs
+- https://github.com/psmedley/bind-os2
 - https://github.com/smabramov/Vulnerabilities-and-attacks-on-information-systems
 - https://github.com/zzzWTF/db-13-01

@@ -21,4 +21,5 @@ No PoCs from references.
 - https://github.com/balabit-deps/balabit-os-9-bind9-libs
 - https://github.com/pexip/os-bind9
 - https://github.com/pexip/os-bind9-libs
+- https://github.com/psmedley/bind-os2

@@ -22,4 +22,5 @@ No PoCs from references.
 - https://github.com/balabit-deps/balabit-os-9-bind9-libs
 - https://github.com/pexip/os-bind9
 - https://github.com/pexip/os-bind9-libs
+- https://github.com/psmedley/bind-os2

@@ -21,4 +21,5 @@ No PoCs from references.
 - https://github.com/balabit-deps/balabit-os-9-bind9-libs
 - https://github.com/pexip/os-bind9
 - https://github.com/pexip/os-bind9-libs
+- https://github.com/psmedley/bind-os2

@@ -21,4 +21,5 @@ No PoCs from references.
 - https://github.com/balabit-deps/balabit-os-9-bind9-libs
 - https://github.com/pexip/os-bind9
 - https://github.com/pexip/os-bind9-libs
+- https://github.com/psmedley/bind-os2

@@ -21,4 +21,5 @@ No PoCs from references.
 - https://github.com/balabit-deps/balabit-os-9-bind9-libs
 - https://github.com/pexip/os-bind9
 - https://github.com/pexip/os-bind9-libs
+- https://github.com/psmedley/bind-os2

@@ -21,4 +21,5 @@ No PoCs from references.
 - https://github.com/balabit-deps/balabit-os-9-bind9-libs
 - https://github.com/pexip/os-bind9
 - https://github.com/pexip/os-bind9-libs
+- https://github.com/psmedley/bind-os2

@@ -27,6 +27,7 @@ The BIND installer on Windows uses an unquoted service path which can enable a l
 - https://github.com/balabit-deps/balabit-os-9-bind9-libs
 - https://github.com/pexip/os-bind9
 - https://github.com/pexip/os-bind9-libs
+- https://github.com/psmedley/bind-os2
 - https://github.com/smabramov/Vulnerabilities-and-attacks-on-information-systems
 - https://github.com/zzzWTF/db-13-01

@@ -27,6 +27,7 @@ No PoCs from references.
 - https://github.com/dkiser/vulners-yum-scanner
 - https://github.com/pexip/os-bind9
 - https://github.com/pexip/os-bind9-libs
+- https://github.com/psmedley/bind-os2
 - https://github.com/smabramov/Vulnerabilities-and-attacks-on-information-systems
 - https://github.com/zparnold/deb-checker
 - https://github.com/zzzWTF/db-13-01
@@ -30,6 +30,7 @@ No PoCs from references.
 - https://github.com/gladiopeace/awesome-stars
 - https://github.com/pexip/os-bind9
 - https://github.com/pexip/os-bind9-libs
+- https://github.com/psmedley/bind-os2
 - https://github.com/saaph/CVE-2017-3143
 - https://github.com/securitychampions/Awesome-Vulnerability-Research
 - https://github.com/sergey-pronin/Awesome-Vulnerability-Research
@@ -26,6 +26,7 @@ No PoCs from references.
 - https://github.com/balabit-deps/balabit-os-9-bind9-libs
 - https://github.com/pexip/os-bind9
 - https://github.com/pexip/os-bind9-libs
+- https://github.com/psmedley/bind-os2
 - https://github.com/smabramov/Vulnerabilities-and-attacks-on-information-systems
 - https://github.com/tomoyamachi/gocarts
 - https://github.com/zzzWTF/db-13-01
@@ -40,6 +40,7 @@ Systems with microprocessors utilizing speculative execution and indirect branch
 - https://github.com/3th1c4l-t0n1/awesome-csirt
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/Aakaashzz/Meltdown-Spectre
+- https://github.com/BlessedRebuS/RISCV-Attacks
 - https://github.com/CVEDB/PoC-List
 - https://github.com/CVEDB/awesome-cve-repo
 - https://github.com/CVEDB/top
@@ -33,6 +33,7 @@ Systems with microprocessors utilizing speculative execution and branch predicti
 - https://github.com/20142995/sectool
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/Aakaashzz/Meltdown-Spectre
+- https://github.com/BlessedRebuS/RISCV-Attacks
 - https://github.com/C0dak/linux-exploit
 - https://github.com/CVEDB/PoC-List
 - https://github.com/CVEDB/awesome-cve-repo
@@ -31,6 +31,7 @@ Systems with microprocessors utilizing speculative execution and indirect branch
 - https://github.com/5l1v3r1/update_kernel
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/Aakaashzz/Meltdown-Spectre
+- https://github.com/BlessedRebuS/RISCV-Attacks
 - https://github.com/Bogdantkachenkots/Windows10GamingFocus
 - https://github.com/CyVerse-Ansible/ansible-prometheus-node-exporter
 - https://github.com/Fineas/meltdown_vulnerability
@@ -16,6 +16,7 @@ Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows rem
 #### Github
 - https://github.com/0day404/vulnerability-poc
 - https://github.com/20142995/Goby
+- https://github.com/20142995/nuclei-templates
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/ARPSyndicate/kenzer-templates
 - https://github.com/ArrestX/--POC
@@ -14,6 +14,7 @@ No PoCs from references.

 #### Github
 - https://github.com/ARPSyndicate/cvemon
+- https://github.com/HuzaifaPatel/houdini
 - https://github.com/Metarget/cloud-native-security-book
 - https://github.com/Metarget/metarget
 - https://github.com/adavarski/HomeLab-Proxmox-k8s-DevSecOps-playground
@@ -0,0 +1,17 @@
+### [CVE-2018-15891](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15891)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+An issue was discovered in FreePBX core before 3.0.122.43, 14.0.18.34, and 5.0.1beta4. By crafting a request for adding Asterisk modules, an attacker is able to store JavaScript commands in a module name.
+
+### POC
+
+#### Reference
+- https://wiki.freepbx.org/display/FOP/2018-09-11+Core+Stored+XSS?src=contextnavpagetreemode
+
+#### Github
+No PoCs found on GitHub currently.
+
@@ -19,6 +19,7 @@ FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter
 #### Github
 - https://github.com/0xT11/CVE-POC
 - https://github.com/1337kid/Exploits
+- https://github.com/20142995/nuclei-templates
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/ARPSyndicate/kenzer-templates
 - https://github.com/BhattJayD/IgniteCTF
@@ -19,4 +19,5 @@ No PoCs from references.
 - https://github.com/balabit-deps/balabit-os-9-bind9-libs
 - https://github.com/pexip/os-bind9
 - https://github.com/pexip/os-bind9-libs
+- https://github.com/psmedley/bind-os2

@@ -19,4 +19,5 @@ No PoCs from references.
 - https://github.com/balabit-deps/balabit-os-9-bind9-libs
 - https://github.com/pexip/os-bind9
 - https://github.com/pexip/os-bind9-libs
+- https://github.com/psmedley/bind-os2

@@ -19,5 +19,6 @@ No PoCs from references.
 - https://github.com/balabit-deps/balabit-os-9-bind9-libs
 - https://github.com/bg6cq/bind9
 - https://github.com/pexip/os-bind9-libs
+- https://github.com/psmedley/bind-os2
 - https://github.com/sischkg/dnsonsen_advent_calendar

@@ -19,5 +19,6 @@ No PoCs from references.
 - https://github.com/balabit-deps/balabit-os-9-bind9-libs
 - https://github.com/pexip/os-bind9
 - https://github.com/pexip/os-bind9-libs
+- https://github.com/psmedley/bind-os2
 - https://github.com/sischkg/dnsonsen_advent_calendar

@@ -20,4 +20,5 @@ No PoCs from references.
 - https://github.com/fokypoky/places-list
 - https://github.com/pexip/os-bind9
 - https://github.com/pexip/os-bind9-libs
+- https://github.com/psmedley/bind-os2

@@ -136,6 +136,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
 - https://github.com/4H-Botsmiths/FTC-18693-Freight-Frenzy
 - https://github.com/4hscream14204/CenterStage
 - https://github.com/5015BuffaloWings-FTC/road-runner-quickstart
+- https://github.com/5040NutsAndBolts/24-25-Season
 - https://github.com/5040NutsAndBolts/PowerPlay_22-23
 - https://github.com/5070NUTS/center-stage1
 - https://github.com/5070NUTS/power-play
@@ -293,6 +294,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
 - https://github.com/AravNeroth/2023-2024-Robolobos-FTC-14363
 - https://github.com/AravNeroth/FTC-14361-CENTERSTAGE-V3
 - https://github.com/Arch-it-12/FTCTestProject
+- https://github.com/Architekt13/Official-Incognito-FTC-Code
 - https://github.com/Archytas19412/Archytas2023-master
 - https://github.com/Archytas19412/FTC-Centerstage-19412
 - https://github.com/ArcticCrusade/18996-FTC
@@ -613,6 +615,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
 - https://github.com/Daiigr/FTC21148-RobotController
 - https://github.com/Daiigr/MakerFaireRobotController
 - https://github.com/Dairy-Foundation/Dairy
+- https://github.com/Daniel1833434/RoadRunnerQuickstart15031-mainQuack
 - https://github.com/DanielRuf/snyk-js-jquery-174006
 - https://github.com/DanielRuf/snyk-js-jquery-565129
 - https://github.com/Danube-Robotics/FTC-Training
@@ -927,6 +930,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
 - https://github.com/FTC-ORBIT/2023-ftc-14028
 - https://github.com/FTC-ORBIT/2023-ftc-14872
 - https://github.com/FTC-ORBIT/FGC-2023
+- https://github.com/FTC-ORBIT/Template
 - https://github.com/FTC-ORBIT/orbit14872-2024
 - https://github.com/FTC-ORBIT/preparation-14029
 - https://github.com/FTC-Pathfinder-2020/FtcRobotController-master
@@ -1145,6 +1149,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
 - https://github.com/HSE-Robotics/15221-Centerstage
 - https://github.com/HackerGuy1000/Nebula-23-24
 - https://github.com/Hackercats/Ultimate-Goal
+- https://github.com/Hal-9k1/FTC-Fall-2023
 - https://github.com/HamzaEbeida/MarvelsOfVRIC
 - https://github.com/HamzaEbeida/offseason-ftc
 - https://github.com/Harsha23871/HarshaPractieBot_5_24_24
@@ -1427,6 +1432,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
 - https://github.com/LancerRobotics/FTC-Powerplay
 - https://github.com/LaneStanley/Garnet-Squadron-Freight-Frenzy
 - https://github.com/Lara-Martins/5898PowerplayCode
+- https://github.com/LarryHiller/2021-FTC-UltimateGoal-Wembley
 - https://github.com/LauraE4/LauraE
 - https://github.com/Lawson-Woodward/RR9527-v1-2024
 - https://github.com/Lawson-Woodward/RR9527-v2-2024
@@ -1469,6 +1475,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
 - https://github.com/LouisaHuston/NaturalSelection_2324_Final
 - https://github.com/LucasFeldsien/UltimateGoal
 - https://github.com/LucyHarrison/FTC2021-girlboss
+- https://github.com/Luk012/Ro2D2_Centerstage
 - https://github.com/LumenChristiRobotics/Techno-Titans-2023
 - https://github.com/Lunerwalker2/FreightFrenzy1002
 - https://github.com/Lunerwalker2/SwerveDriveTesting
@@ -2361,6 +2368,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
 - https://github.com/Vasil789/ftc
 - https://github.com/VasuBanga12/FTCTest
 - https://github.com/Vault-FTC/FTC-Command-System
+- https://github.com/Vault-FTC/Fe2O3-2023-2024
 - https://github.com/Vault-FTC/Mg-2023-2024
 - https://github.com/Vault-FTC/MgCode2
 - https://github.com/Vault-FTC/MoleMotion
@@ -2830,6 +2838,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
 - https://github.com/cyborg48/UltimateGoal
 - https://github.com/dandominicstaicu/SoftHoardersUG
 - https://github.com/dandominicstaicu/SoftHoardersUG2
+- https://github.com/danielgrbacbravo/MakerFaireRobotController
 - https://github.com/daria-lzr/RoboAs-CenterStage
 - https://github.com/darkhanakh/BalgaMenShege_Program
 - https://github.com/darmthealarm/FtcRobotController-master
@@ -2877,6 +2886,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
 - https://github.com/dorinon/ftc-14782-orbit
 - https://github.com/doxulo/FtcRobotController-master
 - https://github.com/dpeachpeach/WPCPRobogrizzlies
+- https://github.com/dr-hextanium/into_the_deep
 - https://github.com/drxxgn/MECH24testing
 - https://github.com/dschleuning-github/2023_Halloween
 - https://github.com/dschleuning-github/DUCKS_2023-24_v9_0_1
@@ -3035,6 +3045,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
 - https://github.com/ftc16072/2021preseason
 - https://github.com/ftc16072/2022Preseason
 - https://github.com/ftc16072/2023Preseason
+- https://github.com/ftc16072/2024Preseason
 - https://github.com/ftc16072/AscendAviators-PowerPlay
 - https://github.com/ftc16072/CenterStage23-24
 - https://github.com/ftc16072/FreightFrenzy21-22
@@ -3236,6 +3247,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
 - https://github.com/importTahsinZaman/Robotics_PowerPlay2022-2023_Bot2
 - https://github.com/importly/FtcRobotController
 - https://github.com/imsa-ftc-robotics/UltimateGoalMeet1
+- https://github.com/info1robotics/CenterStage-Diff
 - https://github.com/info1robotics/FtcRobotController
 - https://github.com/inkineers/Team-Inkineers21982-Power-Play
 - https://github.com/invjar/FTCtesting
@@ -3924,6 +3936,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
 - https://github.com/the-winsor-school/Wildbots-2021-2022
 - https://github.com/the-winsor-school/wildbots_13620_2024
 - https://github.com/the-winsor-school/wirecats_20409_2024
+- https://github.com/theQubitBot/2024-25-IntoTheDeep
 - https://github.com/theSentinelsFTC/sentinels-teamcode
 - https://github.com/theawesomew/RefactoredFtcRobotController
 - https://github.com/thecatinthehatcomesback/CenterStage2023
@@ -14,6 +14,7 @@ No PoCs from references.

 #### Github
 - https://github.com/ARPSyndicate/cvemon
+- https://github.com/HuzaifaPatel/houdini
 - https://github.com/Metarget/cloud-native-security-book
 - https://github.com/Metarget/metarget
 - https://github.com/PercussiveElbow/docker-escape-tool
@@ -13,6 +13,7 @@ Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulnerability in
 - http://packetstormsecurity.com/files/153985/Aptana-Jaxer-1.0.3.4547-Local-File-Inclusion.html

 #### Github
+- https://github.com/20142995/nuclei-templates
 - https://github.com/ARPSyndicate/kenzer-templates
 - https://github.com/d4n-sec/d4n-sec.github.io

@@ -46,6 +46,7 @@ runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allow
 - https://github.com/GhostTroops/TOP
 - https://github.com/GiverOfGifts/CVE-2019-5736-Custom-Runtime
 - https://github.com/H3xL00m/CVE-2019-5736
+- https://github.com/HuzaifaPatel/houdini
 - https://github.com/InesMartins31/iot-cves
 - https://github.com/JERRY123S/all-poc
 - https://github.com/JlSakuya/CVE-2022-0847-container-escape
@@ -20,4 +20,5 @@ No PoCs from references.
 - https://github.com/fokypoky/places-list
 - https://github.com/pexip/os-bind9
 - https://github.com/pexip/os-bind9-libs
+- https://github.com/psmedley/bind-os2

@@ -19,4 +19,5 @@ No PoCs from references.
 - https://github.com/balabit-deps/balabit-os-9-bind9-libs
 - https://github.com/bg6cq/bind9
 - https://github.com/pexip/os-bind9-libs
+- https://github.com/psmedley/bind-os2

@@ -19,4 +19,5 @@ No PoCs from references.
 - https://github.com/bg6cq/bind9
 - https://github.com/fokypoky/places-list
 - https://github.com/pexip/os-bind9-libs
+- https://github.com/psmedley/bind-os2

@@ -19,5 +19,6 @@ No PoCs from references.
 - https://github.com/k1LoW/oshka
 - https://github.com/laojianzi/laojianzi
 - https://github.com/naveensrinivasan/stunning-tribble
+- https://github.com/nics-tw/sbom2vans
 - https://github.com/novalagung/mypullrequests

@@ -21,6 +21,7 @@ No PoCs from references.
 - https://github.com/Zhivarev/13-01-hw
 - https://github.com/balabit-deps/balabit-os-9-bind9-libs
 - https://github.com/pexip/os-bind9-libs
+- https://github.com/psmedley/bind-os2
 - https://github.com/smabramov/Vulnerabilities-and-attacks-on-information-systems
 - https://github.com/zzzWTF/db-13-01

@@ -30,6 +30,7 @@ Using a specially-crafted message, an attacker may potentially cause a BIND serv
 - https://github.com/knqyf263/CVE-2020-8617
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/pexip/os-bind9-libs
+- https://github.com/psmedley/bind-os2
 - https://github.com/rmkn/cve-2020-8617
 - https://github.com/smabramov/Vulnerabilities-and-attacks-on-information-systems
 - https://github.com/soosmile/POC
@@ -14,4 +14,5 @@ No PoCs from references.

 #### Github
 - https://github.com/Live-Hack-CVE/CVE-2020-8619
+- https://github.com/psmedley/bind-os2

@@ -20,6 +20,7 @@ In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3
 - https://github.com/NikulinMS/13-01-hw
 - https://github.com/Zhivarev/13-01-hw
 - https://github.com/fokypoky/places-list
+- https://github.com/psmedley/bind-os2
 - https://github.com/smabramov/Vulnerabilities-and-attacks-on-information-systems
 - https://github.com/zzzWTF/db-13-01

@@ -15,4 +15,5 @@ No PoCs from references.
 #### Github
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/fokypoky/places-list
+- https://github.com/psmedley/bind-os2

@@ -15,4 +15,5 @@ No PoCs from references.
 #### Github
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/fokypoky/places-list
+- https://github.com/psmedley/bind-os2

@@ -14,4 +14,5 @@ No PoCs from references.

 #### Github
 - https://github.com/ARPSyndicate/cvemon
+- https://github.com/psmedley/bind-os2

@@ -14,4 +14,5 @@ No PoCs from references.

 #### Github
 - https://github.com/fokypoky/places-list
+- https://github.com/psmedley/bind-os2

@@ -19,6 +19,7 @@ In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.
 - https://github.com/Iknowmyname/Nmap-Scans-M2
 - https://github.com/NikulinMS/13-01-hw
 - https://github.com/Zhivarev/13-01-hw
+- https://github.com/psmedley/bind-os2
 - https://github.com/smabramov/Vulnerabilities-and-attacks-on-information-systems
 - https://github.com/zzzWTF/db-13-01

@@ -19,6 +19,7 @@ No PoCs from references.
 - https://github.com/Iknowmyname/Nmap-Scans-M2
 - https://github.com/NikulinMS/13-01-hw
 - https://github.com/Zhivarev/13-01-hw
+- https://github.com/psmedley/bind-os2
 - https://github.com/qwerty1q2w/cvescan_handler
 - https://github.com/smabramov/Vulnerabilities-and-attacks-on-information-systems
 - https://github.com/zzzWTF/db-13-01
@@ -20,6 +20,7 @@ In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1
 - https://github.com/NikulinMS/13-01-hw
 - https://github.com/Zhivarev/13-01-hw
 - https://github.com/fokypoky/places-list
+- https://github.com/psmedley/bind-os2
 - https://github.com/smabramov/Vulnerabilities-and-attacks-on-information-systems
 - https://github.com/zzzWTF/db-13-01

@@ -15,4 +15,5 @@ No PoCs from references.
 #### Github
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/fokypoky/places-list
+- https://github.com/psmedley/bind-os2

@@ -14,4 +14,5 @@ No PoCs from references.

 #### Github
 - https://github.com/ARPSyndicate/cvemon
+- https://github.com/KuanKuanQAQ/llvm-pass

@@ -16,6 +16,7 @@ jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0
 - https://www.oracle.com/security-alerts/cpujul2022.html

 #### Github
+- https://github.com/20142995/nuclei-templates
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/cve-sandbox/jquery-ui
 - https://github.com/marksowell/retire-html-parser
@@ -751,6 +751,7 @@ Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12
 - https://github.com/djytmdj/Tool_Summary
 - https://github.com/dkd/elasticsearch
 - https://github.com/dmitsuo/log4shell-war-fixer
+- https://github.com/dnaherna/log4shell-poc
 - https://github.com/docker-solr/docker-solr
 - https://github.com/doris0213/assignments
 - https://github.com/dotPY-hax/log4py
@@ -17,6 +17,7 @@ A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in

 #### Github
 - https://github.com/ARPSyndicate/cvemon
+- https://github.com/HuzaifaPatel/houdini
 - https://github.com/JadenQ/Cloud-Computing-Security-ProjectPage
 - https://github.com/LeoPer02/IDS-Dataset
 - https://github.com/Metarget/metarget
@@ -43,6 +44,7 @@ A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in
 - https://github.com/josebeo2016/eBPF_Hotpatch
 - https://github.com/k0mi-tg/CVE-POC
 - https://github.com/kvesta/vesta
+- https://github.com/libera-programming/bayaz
 - https://github.com/manas3c/CVE-POC
 - https://github.com/marksowell/my-stars
 - https://github.com/marksowell/starred
@@ -0,0 +1,17 @@
+### [CVE-2022-1102](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1102)
+![](https://img.shields.io/static/v1?label=Product&message=Royale%20Event%20Management%20System&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen)
+
+### Description
+
+A vulnerability classified as problematic has been found in SourceCodester Royale Event Management System 1.0. Affected is an unknown function of the file /royal_event/companyprofile.php. The manipulation of the argument companyname/regno/companyaddress/companyemail leads to cross site scripting. It is possible to launch the attack remotely. VDB-195786 is the identifier assigned to this vulnerability.
+
+### POC
+
+#### Reference
+- https://vuldb.com/?id.195786
+
+#### Github
+No PoCs found on GitHub currently.
+
@@ -0,0 +1,17 @@
+### [CVE-2022-31159](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31159)
+![](https://img.shields.io/static/v1?label=Product&message=aws-sdk-java&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%3A%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen)
+
+### Description
+
+The AWS SDK for Java enables Java developers to work with Amazon Web Services. A partial-path traversal issue exists within the `downloadDirectory` method in the AWS S3 TransferManager component of the AWS SDK for Java v1 prior to version 1.12.261. Applications using the SDK control the `destinationDirectory` argument, but S3 object keys are determined by the application that uploaded the objects. The `downloadDirectory` method allows the caller to pass a filesystem object in the object key but contained an issue in the validation logic for the key name. A knowledgeable actor could bypass the validation logic by including a UNIX double-dot in the bucket key. Under certain conditions, this could permit them to retrieve a directory from their S3 bucket that is one level up in the filesystem from their working directory. This issue’s scope is limited to directories whose name prefix matches the destinationDirectory. E.g. for destination directory`/tmp/foo`, the actor can cause a download to `/tmp/foo-bar`, but not `/tmp/bar`. If `com.amazonaws.services.s3.transfer.TransferManager::downloadDirectory` is used to download an untrusted buckets contents, the contents of that bucket can be written outside of the intended destination directory. Version 1.12.261 contains a patch for this issue. As a workaround, when calling `com.amazonaws.services.s3.transfer.TransferManager::downloadDirectory`, pass a `KeyFilter` that forbids `S3ObjectSummary` objects that `getKey` method return a string containing the substring `..` .
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/IHTSDO/snomed-parent-owasp
+
@@ -14,4 +14,5 @@ No PoCs from references.

 #### Github
 - https://github.com/ARPSyndicate/cvemon
+- https://github.com/leesh3288/leesh3288

@@ -14,5 +14,6 @@ No PoCs from references.

 #### Github
 - https://github.com/ARPSyndicate/cvemon
+- https://github.com/leesh3288/leesh3288
 - https://github.com/redis-windows/redis-windows

@@ -13,5 +13,6 @@ A null pointer dereference issue was discovered in functions op_get_data and op_
 No PoCs from references.

 #### Github
+- https://github.com/DiRaltvein/memory-corruption-examples
 - https://github.com/fusion-scan/fusion-scan.github.io

@@ -13,5 +13,5 @@ GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Null pointer dereference
 - https://github.com/gpac/gpac/issues/2345

 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/DiRaltvein/memory-corruption-examples

@@ -13,5 +13,5 @@ GPAC MP4box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to Buffer Overflow in gf_bs_
 - https://github.com/gpac/gpac/issues/2354

 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/DiRaltvein/memory-corruption-examples

@@ -13,5 +13,5 @@ A stack buffer overflow exists in the ec_glob function of editorconfig-core-c be
 - https://litios.github.io/2023/01/14/CVE-2023-0341.html

 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/DiRaltvein/memory-corruption-examples

@@ -0,0 +1,17 @@
+### [CVE-2023-21616](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21616)
+![](https://img.shields.io/static/v1?label=Product&message=Experience%20Manager&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3C%3D%206.5.15.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross-site%20Scripting%20(Reflected%20XSS)%20(CWE-79)&color=brighgreen)
+
+### Description
+
+Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/HuzaifaPatel/houdini
+
@@ -16,6 +16,7 @@ WordPress through 6.1.1 depends on unpredictable client visits to cause wp-cron.
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/alopresto/epss_api_demo
 - https://github.com/alopresto6m/epss_api_demo
+- https://github.com/michael-david-fry/CVE-2023-22622
 - https://github.com/michael-david-fry/wp-cron-smash
 - https://github.com/nomi-sec/PoC-in-GitHub

@@ -13,5 +13,5 @@ Libde265 v1.0.10 was discovered to contain a heap-buffer-overflow vulnerability
 - https://github.com/strukturag/libde265/issues/388

 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/DiRaltvein/memory-corruption-examples

@@ -16,6 +16,7 @@ There exists a vulnerability in source code transformer (exception sanitization
 #### Github
 - https://github.com/3mpir3Albert/HTB_Codify
 - https://github.com/jakabakos/vm2-sandbox-escape-exploits
+- https://github.com/leesh3288/leesh3288
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/u-crew/vm2-test

@@ -13,5 +13,5 @@ NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2.
 - https://huntr.dev/bounties/916b787a-c603-409d-afc6-25bb02070e69

 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/DiRaltvein/memory-corruption-examples

@@ -15,6 +15,7 @@ A use-after-free vulnerability was found in the Linux kernel's netfilter subsyst
 #### Github
 - https://github.com/c0m0r1/c0m0r1
 - https://github.com/fkie-cad/nvd-json-data-feeds
+- https://github.com/leesh3288/leesh3288
 - https://github.com/tanjiti/sec_profile
 - https://github.com/xairy/linux-kernel-exploitation

@@ -0,0 +1,17 @@
+### [CVE-2023-34411](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34411)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service (panic) via an invalid <! token (such as <!DOCTYPEs/%<!A nesting) in an XML document. The earliest affected version is 0.8.9.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/IHTSDO/snomed-parent-owasp
+
@@ -0,0 +1,17 @@
+### [CVE-2023-35926](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35926)
+![](https://img.shields.io/static/v1?label=Product&message=backstage&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%201.15.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%3A%20Improper%20Control%20of%20Generation%20of%20Code%20('Code%20Injection')&color=brighgreen)
+
+### Description
+
+Backstage is an open platform for building developer portals. The Backstage scaffolder-backend plugin uses a templating library that requires sandbox, as it by design allows for code injection. The library used for this sandbox so far has been `vm2`, but in light of several past vulnerabilities and existing vulnerabilities  that may not have a fix, the plugin has switched to using a different sandbox library. A malicious actor with write access to a registered scaffolder template could manipulate the template in a way that allows for remote code execution on the scaffolder-backend instance. This was only exploitable in the template YAML definition itself and not by user input data. This is vulnerability is fixed in version 1.15.0 of `@backstage/plugin-scaffolder-backend`.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/leesh3288/leesh3288
+
@@ -18,6 +18,7 @@ In PHP version 8.0.* before 8.0.30,  8.1.* before 8.1.22, and 8.2.* before 8.2.
 - https://github.com/NewLockBit/CVE-2023-3824-PHP-to-RCE-LockBit-LEAK
 - https://github.com/NewLockBit/CVE-2023-3824-PHP-to-RCE-National-Crime-AgencyLEAK
 - https://github.com/NewLockBit/Research-of-CVE-2023-3824-NCA-Lockbit
+- https://github.com/Nfttkcauzy/CVE-2023-3824-PHP-to-RCE-LockBit-LEAK
 - https://github.com/Nuki2u/CVE-2023-3824-PHP-to-RCE-LockBit-LEAK
 - https://github.com/StayBeautiful-collab/CVE-2023-3824-PHP-to-RCE-LockBit-LEAK
 - https://github.com/fkie-cad/nvd-json-data-feeds
@@ -0,0 +1,17 @@
+### [CVE-2023-38506](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38506)
+![](https://img.shields.io/static/v1?label=Product&message=joplin&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%202.12.10%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+Joplin is a free, open source note taking and to-do application. A Cross-site Scripting (XSS) vulnerability allows pasting untrusted data into the rich text editor to execute arbitrary code. HTML pasted into the rich text editor is not sanitized (or not sanitized properly). As such, the `onload` attribute of pasted images can execute arbitrary code. Because the TinyMCE editor frame does not use the `sandbox` attribute, such scripts can access NodeJS's `require` through the `top` variable. From this, an attacker can run arbitrary commands. This issue has been addressed in version 2.12.10 and users are advised to upgrade. There are no known workarounds for this vulnerability.
+
+### POC
+
+#### Reference
+- https://github.com/laurent22/joplin/security/advisories/GHSA-m59c-9rrj-c399
+
+#### Github
+No PoCs found on GitHub currently.
+
@@ -67,6 +67,7 @@ Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 all
 - https://github.com/hktalent/bug-bounty
 - https://github.com/ibaiw/2023Hvv
 - https://github.com/iluaster/getdrive_PoC
+- https://github.com/int3x/ctf-writeups
 - https://github.com/j0yb0y0h/CVE-2023-38646
 - https://github.com/joaoviictorti/CVE-2023-38646
 - https://github.com/junnythemarksman/CVE-2023-38646
@@ -10,6 +10,7 @@ Buffer Overflow vulnerability in Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC6 v.2.0 an
 ### POC

 #### Reference
+- https://github.com/johnathanhuutri/CVE_report/blob/master/CVE-2023-38823/README.md
 - https://github.com/nhtri2003gmail/CVE_report/blob/master/CVE-2023-38823.md

 #### Github
@@ -0,0 +1,17 @@
+### [CVE-2023-38875](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38875)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+A reflected cross-site scripting (XSS) vulnerability in msaad1999's PHP-Login-System 2.0.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'validator' parameter in '/reset-password'.
+
+### POC
+
+#### Reference
+- https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38875
+
+#### Github
+No PoCs found on GitHub currently.
+
@@ -11,6 +11,7 @@ An arbitrary file upload vulnerability in the /languages/install.php component o

 #### Reference
 - https://gitee.com/CTF-hacker/pwn/issues/I7LH2N
+- https://github.com/capture0x/WBCE_CMS
 - https://packetstormsecurity.com/files/176018/WBCE-CMS-1.6.1-Shell-Upload.html

 #### Github
@@ -0,0 +1,17 @@
+### [CVE-2023-38974](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38974)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+A stored cross-site scripting (XSS) vulnerability in the Edit Category function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter.
+
+### POC
+
+#### Reference
+- https://github.com/anh91/uasoft-indonesia--badaso/blob/main/XSS4.md
+
+#### Github
+No PoCs found on GitHub currently.
+
@@ -19,5 +19,6 @@ A malicious HTTP/2 client which rapidly creates requests and immediately resets
 - https://github.com/fkie-cad/nvd-json-data-feeds
 - https://github.com/knabben/dos-poc
 - https://github.com/latchset/tang-operator
+- https://github.com/nics-tw/sbom2vans
 - https://github.com/testing-felickz/docker-scout-demo

@@ -14,4 +14,5 @@ No PoCs from references.

 #### Github
 - https://github.com/knabben/dos-poc
+- https://github.com/nics-tw/sbom2vans

@@ -47,6 +47,7 @@ No PoCs from references.
 - https://github.com/ShrutikaNakhale/DVWA2
 - https://github.com/Slon12jr/DVWA
 - https://github.com/StepsOnes/dvwa
+- https://github.com/Swapnodeep/dvwa-vulnerable-code
 - https://github.com/TINNI-Lal/DVWA
 - https://github.com/VasuAz400/DVWA
 - https://github.com/Yahyazaizi/application-test-security
@@ -79,6 +80,7 @@ No PoCs from references.
 - https://github.com/jlcmux/DWVA-Desafio3
 - https://github.com/jmsanderscybersec/DVWA
 - https://github.com/johdgft/digininja
+- https://github.com/kabulshowcase/dvwa
 - https://github.com/kaushik-qp/DVWA-2
 - https://github.com/kowan7/DVWA
 - https://github.com/krrajesh-git/DVWA
@@ -0,0 +1,17 @@
+### [CVE-2023-42943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42943)
+![](https://img.shields.io/static/v1?label=Product&message=macOS&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2014%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=An%20app%20may%20be%20able%20to%20read%20sensitive%20location%20information&color=brighgreen)
+
+### Description
+
+A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14. An app may be able to read sensitive location information.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/iCMDdev/iCMDdev
+
@@ -54,6 +54,7 @@ The HTTP/2 protocol allows a denial of service (server resource consumption) bec
 - https://github.com/CVEDB/top
 - https://github.com/Dzmitry-Basiachenka/dist-foreign-aliakh
 - https://github.com/GhostTroops/TOP
+- https://github.com/Green-Ace/test
 - https://github.com/Millen93/HTTP-2.0-Rapid-Reset-Attack-Laboratory
 - https://github.com/Ostorlab/KEV
 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
@@ -88,6 +89,7 @@ The HTTP/2 protocol allows a denial of service (server resource consumption) bec
 - https://github.com/malinkamedok/devops_sandbox
 - https://github.com/micrictor/http2-rst-stream
 - https://github.com/ndrscodes/http2-rst-stream-attacker
+- https://github.com/nics-tw/sbom2vans
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/nvdg2/http2RapidReset
 - https://github.com/nxenon/cve-2023-44487
@@ -23,6 +23,7 @@ No PoCs from references.
 - https://github.com/blackmagic2023/http-2-DOS-PoC
 - https://github.com/hex0punk/cont-flood-poc
 - https://github.com/mkloubert/go-package-manager
+- https://github.com/nics-tw/sbom2vans
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/testing-felickz/docker-scout-demo

--- a/Show More
+++ b/Show More